]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* User authentication for vtysh. |
2 | * Copyright (C) 2000 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
896014f4 DL |
16 | * You should have received a copy of the GNU General Public License along |
17 | * with this program; see the file COPYING; if not, write to the Free Software | |
18 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
718e3744 | 19 | */ |
20 | ||
21 | #include <zebra.h> | |
bb6065a5 | 22 | #include <lib/version.h> |
718e3744 | 23 | |
24 | #include <pwd.h> | |
25 | ||
26 | #ifdef USE_PAM | |
27 | #include <security/pam_appl.h> | |
24cd435b | 28 | #ifdef HAVE_PAM_MISC_H |
718e3744 | 29 | #include <security/pam_misc.h> |
24cd435b | 30 | #endif |
31 | #ifdef HAVE_OPENPAM_H | |
32 | #include <security/openpam.h> | |
33 | #endif | |
718e3744 | 34 | #endif /* USE_PAM */ |
35 | ||
36 | #include "memory.h" | |
37 | #include "linklist.h" | |
38 | #include "command.h" | |
88177fe3 | 39 | #include "vtysh/vtysh_user.h" |
718e3744 | 40 | |
d62a17ae | 41 | /* |
c0e8c16f DS |
42 | * Compiler is warning about prototypes not being declared. |
43 | * The DEFUNSH and DEFUN macro's are messing with the | |
44 | * compiler I believe. This is just to make it happy. | |
45 | */ | |
21c830a4 | 46 | #ifdef USE_PAM |
ec4ab9f3 | 47 | static int vtysh_pam(const char *); |
21c830a4 | 48 | #endif |
c0e8c16f DS |
49 | int vtysh_auth(void); |
50 | void vtysh_user_init(void); | |
51 | ||
e4421165 DS |
52 | extern struct list *config_top; |
53 | extern void config_add_line(struct list *config, const char *line); | |
54 | ||
718e3744 | 55 | #ifdef USE_PAM |
d62a17ae | 56 | static struct pam_conv conv = {PAM_CONV_FUNC, NULL}; |
718e3744 | 57 | |
d62a17ae | 58 | static int vtysh_pam(const char *user) |
718e3744 | 59 | { |
d62a17ae | 60 | int ret; |
61 | pam_handle_t *pamh = NULL; | |
718e3744 | 62 | |
d62a17ae | 63 | /* Start PAM. */ |
64 | ret = pam_start(FRR_PAM_NAME, user, &conv, &pamh); | |
d62a17ae | 65 | |
66 | /* Is user really user? */ | |
67 | if (ret == PAM_SUCCESS) | |
68 | ret = pam_authenticate(pamh, 0); | |
718e3744 | 69 | |
60bc8d61 DS |
70 | if (ret != PAM_SUCCESS) |
71 | fprintf(stderr, "vtysh_pam: Failure to initialize pam: %s(%d)", | |
72 | pam_strerror(pamh, ret), ret); | |
718e3744 | 73 | |
d62a17ae | 74 | /* close Linux-PAM */ |
75 | if (pam_end(pamh, ret) != PAM_SUCCESS) { | |
76 | pamh = NULL; | |
60bc8d61 DS |
77 | fprintf(stderr, "vtysh_pam: failed to release authenticator: %s(%d)\n", |
78 | pam_strerror(pamh, ret), ret); | |
d62a17ae | 79 | exit(1); |
80 | } | |
718e3744 | 81 | |
d62a17ae | 82 | return ret == PAM_SUCCESS ? 0 : 1; |
718e3744 | 83 | } |
84 | #endif /* USE_PAM */ | |
85 | ||
d62a17ae | 86 | struct vtysh_user { |
87 | char *name; | |
d7c0a89a | 88 | uint8_t nopassword; |
718e3744 | 89 | }; |
90 | ||
91 | struct list *userlist; | |
92 | ||
d62a17ae | 93 | static struct vtysh_user *user_new(void) |
718e3744 | 94 | { |
d62a17ae | 95 | return XCALLOC(MTYPE_TMP, sizeof(struct vtysh_user)); |
718e3744 | 96 | } |
97 | ||
d62a17ae | 98 | static struct vtysh_user *user_lookup(const char *name) |
718e3744 | 99 | { |
d62a17ae | 100 | struct listnode *node, *nnode; |
101 | struct vtysh_user *user; | |
718e3744 | 102 | |
d62a17ae | 103 | for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) { |
104 | if (strcmp(user->name, name) == 0) | |
105 | return user; | |
106 | } | |
107 | return NULL; | |
718e3744 | 108 | } |
109 | ||
4d762f26 | 110 | void user_config_write(void) |
718e3744 | 111 | { |
d62a17ae | 112 | struct listnode *node, *nnode; |
113 | struct vtysh_user *user; | |
114 | char line[128]; | |
115 | ||
116 | for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) { | |
117 | if (user->nopassword) { | |
772270f3 QY |
118 | snprintf(line, sizeof(line), "username %s nopassword", |
119 | user->name); | |
d62a17ae | 120 | config_add_line(config_top, line); |
121 | } | |
a7222276 | 122 | } |
718e3744 | 123 | } |
124 | ||
d62a17ae | 125 | static struct vtysh_user *user_get(const char *name) |
718e3744 | 126 | { |
d62a17ae | 127 | struct vtysh_user *user; |
128 | user = user_lookup(name); | |
129 | if (user) | |
130 | return user; | |
718e3744 | 131 | |
d62a17ae | 132 | user = user_new(); |
133 | user->name = strdup(name); | |
134 | listnode_add(userlist, user); | |
718e3744 | 135 | |
d62a17ae | 136 | return user; |
718e3744 | 137 | } |
138 | ||
dd2ecded DS |
139 | DEFUN (vtysh_banner_motd_file, |
140 | vtysh_banner_motd_file_cmd, | |
4d833e55 DS |
141 | "banner motd file FILE", |
142 | "Set banner\n" | |
143 | "Banner for motd\n" | |
144 | "Banner from a file\n" | |
145 | "Filename\n") | |
7cfc61d3 | 146 | { |
d62a17ae | 147 | int idx_file = 3; |
148 | return cmd_banner_motd_file(argv[idx_file]->arg); | |
7cfc61d3 DS |
149 | } |
150 | ||
19d61463 DA |
151 | DEFUN (vtysh_banner_motd_line, |
152 | vtysh_banner_motd_line_cmd, | |
153 | "banner motd line LINE...", | |
154 | "Set banner\n" | |
155 | "Banner for motd\n" | |
156 | "Banner from an input\n" | |
157 | "Text\n") | |
158 | { | |
159 | int idx = 0; | |
160 | char *motd; | |
161 | ||
162 | argv_find(argv, argc, "LINE", &idx); | |
163 | motd = argv_concat(argv, argc, idx); | |
164 | ||
165 | cmd_banner_motd_line(motd); | |
166 | XFREE(MTYPE_TMP, motd); | |
167 | ||
168 | return CMD_SUCCESS; | |
169 | } | |
170 | ||
718e3744 | 171 | DEFUN (username_nopassword, |
172 | username_nopassword_cmd, | |
173 | "username WORD nopassword", | |
174 | "\n" | |
175 | "\n" | |
176 | "\n") | |
177 | { | |
d62a17ae | 178 | int idx_word = 1; |
179 | struct vtysh_user *user; | |
180 | user = user_get(argv[idx_word]->arg); | |
181 | user->nopassword = 1; | |
182 | return CMD_SUCCESS; | |
718e3744 | 183 | } |
184 | ||
d62a17ae | 185 | int vtysh_auth(void) |
718e3744 | 186 | { |
d62a17ae | 187 | struct vtysh_user *user; |
188 | struct passwd *passwd; | |
189 | ||
190 | if ((passwd = getpwuid(geteuid())) == NULL) { | |
191 | fprintf(stderr, "could not lookup user ID %d\n", | |
192 | (int)geteuid()); | |
193 | exit(1); | |
194 | } | |
195 | ||
196 | user = user_lookup(passwd->pw_name); | |
197 | if (user && user->nopassword) | |
198 | /* Pass through */; | |
199 | else { | |
718e3744 | 200 | #ifdef USE_PAM |
d62a17ae | 201 | if (vtysh_pam(passwd->pw_name)) |
202 | exit(0); | |
718e3744 | 203 | #endif /* USE_PAM */ |
d62a17ae | 204 | } |
205 | return 0; | |
718e3744 | 206 | } |
207 | ||
d62a17ae | 208 | char *vtysh_get_home(void) |
fba55c8a | 209 | { |
d62a17ae | 210 | struct passwd *passwd; |
211 | char *homedir; | |
fba55c8a | 212 | |
831600c3 | 213 | if ((homedir = getenv("HOME")) != NULL) |
d62a17ae | 214 | return homedir; |
f38e9e49 | 215 | |
d62a17ae | 216 | /* Fallback if HOME is undefined */ |
217 | passwd = getpwuid(getuid()); | |
fba55c8a | 218 | |
d62a17ae | 219 | return passwd ? passwd->pw_dir : NULL; |
fba55c8a DS |
220 | } |
221 | ||
d62a17ae | 222 | void vtysh_user_init(void) |
718e3744 | 223 | { |
d62a17ae | 224 | userlist = list_new(); |
225 | install_element(CONFIG_NODE, &username_nopassword_cmd); | |
226 | install_element(CONFIG_NODE, &vtysh_banner_motd_file_cmd); | |
19d61463 | 227 | install_element(CONFIG_NODE, &vtysh_banner_motd_line_cmd); |
718e3744 | 228 | } |