]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* User authentication for vtysh. |
2 | * Copyright (C) 2000 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free | |
18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
19 | * 02111-1307, USA. | |
20 | */ | |
21 | ||
22 | #include <zebra.h> | |
23 | ||
24 | #include <pwd.h> | |
25 | ||
26 | #ifdef USE_PAM | |
27 | #include <security/pam_appl.h> | |
24cd435b | 28 | #ifdef HAVE_PAM_MISC_H |
718e3744 | 29 | #include <security/pam_misc.h> |
24cd435b | 30 | #endif |
31 | #ifdef HAVE_OPENPAM_H | |
32 | #include <security/openpam.h> | |
33 | #endif | |
718e3744 | 34 | #endif /* USE_PAM */ |
35 | ||
36 | #include "memory.h" | |
37 | #include "linklist.h" | |
38 | #include "command.h" | |
39 | ||
40 | #ifdef USE_PAM | |
41 | static struct pam_conv conv = | |
42 | { | |
24cd435b | 43 | PAM_CONV_FUNC, |
718e3744 | 44 | NULL |
45 | }; | |
46 | ||
47 | int | |
48 | vtysh_pam (char *user) | |
49 | { | |
50 | int ret; | |
51 | pam_handle_t *pamh = NULL; | |
52 | ||
53 | /* Start PAM. */ | |
54 | ret = pam_start("zebra", user, &conv, &pamh); | |
55 | /* printf ("ret %d\n", ret); */ | |
56 | ||
57 | /* Is user really user? */ | |
58 | if (ret == PAM_SUCCESS) | |
59 | ret = pam_authenticate (pamh, 0); | |
60 | /* printf ("ret %d\n", ret); */ | |
61 | ||
62 | #if 0 | |
63 | /* Permitted access? */ | |
64 | if (ret == PAM_SUCCESS) | |
65 | ret = pam_acct_mgmt (pamh, 0); | |
66 | printf ("ret %d\n", ret); | |
67 | ||
68 | if (ret == PAM_AUTHINFO_UNAVAIL) | |
69 | ret = PAM_SUCCESS; | |
70 | #endif /* 0 */ | |
71 | ||
72 | /* This is where we have been authorized or not. */ | |
73 | #ifdef DEBUG | |
74 | if (ret == PAM_SUCCESS) | |
75 | printf("Authenticated\n"); | |
76 | else | |
77 | printf("Not Authenticated\n"); | |
78 | #endif /* DEBUG */ | |
79 | ||
80 | /* close Linux-PAM */ | |
81 | if (pam_end (pamh, ret) != PAM_SUCCESS) | |
82 | { | |
83 | pamh = NULL; | |
84 | fprintf(stderr, "vtysh_pam: failed to release authenticator\n"); | |
85 | exit(1); | |
86 | } | |
87 | ||
88 | return ret == PAM_SUCCESS ? 0 : 1; | |
89 | } | |
90 | #endif /* USE_PAM */ | |
91 | ||
92 | struct user | |
93 | { | |
94 | char *name; | |
95 | u_char nopassword; | |
96 | }; | |
97 | ||
98 | struct list *userlist; | |
99 | ||
100 | struct user * | |
101 | user_new () | |
102 | { | |
103 | struct user *user; | |
104 | user = XMALLOC (0, sizeof (struct user)); | |
105 | memset (user, 0, sizeof (struct user)); | |
106 | return user; | |
107 | } | |
108 | ||
109 | void | |
110 | user_free (struct user *user) | |
111 | { | |
112 | XFREE (0, user); | |
113 | } | |
114 | ||
115 | struct user * | |
116 | user_lookup (char *name) | |
117 | { | |
118 | struct listnode *nn; | |
119 | struct user *user; | |
120 | ||
121 | LIST_LOOP (userlist, user, nn) | |
122 | { | |
123 | if (strcmp (user->name, name) == 0) | |
124 | return user; | |
125 | } | |
126 | return NULL; | |
127 | } | |
128 | ||
129 | void | |
130 | user_config_write () | |
131 | { | |
132 | struct listnode *nn; | |
133 | struct user *user; | |
134 | ||
135 | LIST_LOOP (userlist, user, nn) | |
136 | { | |
137 | if (user->nopassword) | |
138 | printf (" username %s nopassword\n", user->name); | |
139 | } | |
140 | } | |
141 | ||
142 | struct user * | |
143 | user_get (char *name) | |
144 | { | |
145 | struct user *user; | |
146 | user = user_lookup (name); | |
147 | if (user) | |
148 | return user; | |
149 | ||
150 | user = user_new (); | |
151 | user->name = strdup (name); | |
152 | listnode_add (userlist, user); | |
153 | ||
154 | return user; | |
155 | } | |
156 | ||
157 | DEFUN (username_nopassword, | |
158 | username_nopassword_cmd, | |
159 | "username WORD nopassword", | |
160 | "\n" | |
161 | "\n" | |
162 | "\n") | |
163 | { | |
164 | struct user *user; | |
165 | user = user_get (argv[0]); | |
166 | user->nopassword = 1; | |
167 | return CMD_SUCCESS; | |
168 | } | |
169 | ||
170 | int | |
171 | vtysh_auth () | |
172 | { | |
173 | struct user *user; | |
174 | struct passwd *passwd; | |
175 | ||
176 | passwd = getpwuid (geteuid ()); | |
177 | ||
178 | user = user_lookup (passwd->pw_name); | |
179 | if (user && user->nopassword) | |
180 | /* Pass through */; | |
181 | else | |
182 | { | |
183 | #ifdef USE_PAM | |
184 | if (vtysh_pam (passwd->pw_name)) | |
185 | exit (0); | |
186 | #endif /* USE_PAM */ | |
187 | } | |
188 | return 0; | |
189 | } | |
190 | ||
191 | void | |
192 | vtysh_user_init () | |
193 | { | |
194 | userlist = list_new (); | |
195 | install_element (CONFIG_NODE, &username_nopassword_cmd); | |
196 | } |