[mirror_frr.git] / vtysh / vtysh_user.c

/* User authentication for vtysh.
 * Copyright (C) 2000 Kunihiro Ishiguro
 *
 * This file is part of GNU Zebra.
 *
 * GNU Zebra is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * GNU Zebra is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GNU Zebra; see the file COPYING.  If not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.  
 */

#include <zebra.h>

#include <pwd.h>

#ifdef USE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM_MISC_H
#include <security/pam_misc.h>
#endif
#ifdef HAVE_OPENPAM_H
#include <security/openpam.h>
#endif
#endif /* USE_PAM */

#include "memory.h"
#include "linklist.h"
#include "command.h"

#ifdef USE_PAM
static struct pam_conv conv = 
{
  PAM_CONV_FUNC,
  NULL
};

int
vtysh_pam (char *user)
{
  int ret;
  pam_handle_t *pamh = NULL;

  /* Start PAM. */
  ret = pam_start("zebra", user, &conv, &pamh);
  /* printf ("ret %d\n", ret); */

  /* Is user really user? */
  if (ret == PAM_SUCCESS)
    ret = pam_authenticate (pamh, 0);
  /* printf ("ret %d\n", ret); */
  
#if 0
  /* Permitted access? */
  if (ret == PAM_SUCCESS)
    ret = pam_acct_mgmt (pamh, 0);
  printf ("ret %d\n", ret);

  if (ret == PAM_AUTHINFO_UNAVAIL)
    ret = PAM_SUCCESS;
#endif /* 0 */
  
  /* This is where we have been authorized or not. */
#ifdef DEBUG
  if (ret == PAM_SUCCESS)
    printf("Authenticated\n");
  else
    printf("Not Authenticated\n");
#endif /* DEBUG */

  /* close Linux-PAM */
  if (pam_end (pamh, ret) != PAM_SUCCESS) 
    {
      pamh = NULL;
      fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
      exit(1);
    }

  return ret == PAM_SUCCESS ? 0 : 1;
}
#endif /* USE_PAM */

struct user
{
  char *name;
  u_char nopassword;
};

struct list *userlist;

struct user *
user_new ()
{
  struct user *user;
  user = XMALLOC (0, sizeof (struct user));
  memset (user, 0, sizeof (struct user));
  return user;
}

void
user_free (struct user *user)
{
  XFREE (0, user);
}

struct user *
user_lookup (char *name)
{
  struct listnode *nn;
  struct user *user;

  LIST_LOOP (userlist, user, nn)
    {
      if (strcmp (user->name, name) == 0)
	return user;
    }
  return NULL;
}

void
user_config_write ()
{
  struct listnode *nn;
  struct user *user;

  LIST_LOOP (userlist, user, nn)
    {
      if (user->nopassword)
	printf (" username %s nopassword\n", user->name);
    }
}

struct user *
user_get (char *name)
{
  struct user *user;
  user = user_lookup (name);
  if (user)
    return user;

  user = user_new ();
  user->name = strdup (name);
  listnode_add (userlist, user);

  return user;
}

DEFUN (username_nopassword,
       username_nopassword_cmd,
       "username WORD nopassword",
       "\n"
       "\n"
       "\n")
{
  struct user *user;
  user = user_get (argv[0]);
  user->nopassword = 1;
  return CMD_SUCCESS;
}

int
vtysh_auth ()
{
  struct user *user;
  struct passwd *passwd;

  passwd = getpwuid (geteuid ());

  user = user_lookup (passwd->pw_name);
  if (user && user->nopassword)
    /* Pass through */;
  else
    {
#ifdef USE_PAM
      if (vtysh_pam (passwd->pw_name))
	exit (0);
#endif /* USE_PAM */
    }
  return 0;
}

void
vtysh_user_init ()
{
  userlist = list_new ();
  install_element (CONFIG_NODE, &username_nopassword_cmd);
}
Commit	Line	Data
718e3744	1	/* User authentication for vtysh.
	2	* Copyright (C) 2000 Kunihiro Ishiguro
	3	*
	4	* This file is part of GNU Zebra.
	5	*
	6	* GNU Zebra is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2, or (at your option) any
	9	* later version.
	10	*
	11	* GNU Zebra is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with GNU Zebra; see the file COPYING. If not, write to the Free
	18	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
	19	* 02111-1307, USA.
	20	*/
	21
	22	#include <zebra.h>
	23
	24	#include <pwd.h>
	25
	26	#ifdef USE_PAM
	27	#include <security/pam_appl.h>
24cd435b	28	#ifdef HAVE_PAM_MISC_H
718e3744	29	#include <security/pam_misc.h>
24cd435b	30	#endif
	31	#ifdef HAVE_OPENPAM_H
	32	#include <security/openpam.h>
	33	#endif
718e3744	34	#endif /* USE_PAM */
	35
	36	#include "memory.h"
	37	#include "linklist.h"
	38	#include "command.h"
	39
	40	#ifdef USE_PAM
	41	static struct pam_conv conv =
	42	{
24cd435b	43	PAM_CONV_FUNC,
718e3744	44	NULL
	45	};
	46
	47	int
	48	vtysh_pam (char *user)
	49	{
	50	int ret;
	51	pam_handle_t *pamh = NULL;
	52
	53	/* Start PAM. */
	54	ret = pam_start("zebra", user, &conv, &pamh);
	55	/* printf ("ret %d\n", ret); */
	56
	57	/* Is user really user? */
	58	if (ret == PAM_SUCCESS)
	59	ret = pam_authenticate (pamh, 0);
	60	/* printf ("ret %d\n", ret); */
	61
	62	#if 0
	63	/* Permitted access? */
	64	if (ret == PAM_SUCCESS)
	65	ret = pam_acct_mgmt (pamh, 0);
	66	printf ("ret %d\n", ret);
	67
	68	if (ret == PAM_AUTHINFO_UNAVAIL)
	69	ret = PAM_SUCCESS;
	70	#endif /* 0 */
	71
	72	/* This is where we have been authorized or not. */
	73	#ifdef DEBUG
	74	if (ret == PAM_SUCCESS)
	75	printf("Authenticated\n");
	76	else
	77	printf("Not Authenticated\n");
	78	#endif /* DEBUG */
	79
	80	/* close Linux-PAM */
	81	if (pam_end (pamh, ret) != PAM_SUCCESS)
	82	{
	83	pamh = NULL;
	84	fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
	85	exit(1);
	86	}
	87
	88	return ret == PAM_SUCCESS ? 0 : 1;
	89	}
	90	#endif /* USE_PAM */
	91
	92	struct user
	93	{
	94	char *name;
	95	u_char nopassword;
	96	};
	97
	98	struct list *userlist;
	99
	100	struct user *
	101	user_new ()
	102	{
	103	struct user *user;
	104	user = XMALLOC (0, sizeof (struct user));
	105	memset (user, 0, sizeof (struct user));
	106	return user;
	107	}
108
109	void
110	user_free (struct user *user)
111	{
112	XFREE (0, user);
113	}
114
115	struct user *
116	user_lookup (char *name)
117	{
118	struct listnode *nn;
119	struct user *user;
120
121	LIST_LOOP (userlist, user, nn)
122	{
123	if (strcmp (user->name, name) == 0)
124	return user;
125	}
126	return NULL;
127	}
128
129	void
130	user_config_write ()
131	{
132	struct listnode *nn;
133	struct user *user;
134
135	LIST_LOOP (userlist, user, nn)
136	{
137	if (user->nopassword)
138	printf (" username %s nopassword\n", user->name);
139	}
140	}
141
142	struct user *
143	user_get (char *name)
144	{
145	struct user *user;
146	user = user_lookup (name);
147	if (user)
148	return user;
149
150	user = user_new ();
151	user->name = strdup (name);
152	listnode_add (userlist, user);
153
154	return user;
155	}
156
157	DEFUN (username_nopassword,
158	username_nopassword_cmd,
159	"username WORD nopassword",
160	"\n"
161	"\n"
162	"\n")
163	{
164	struct user *user;
165	user = user_get (argv[0]);
166	user->nopassword = 1;
167	return CMD_SUCCESS;
168	}
169
170	int
171	vtysh_auth ()
172	{
173	struct user *user;
174	struct passwd *passwd;
175
176	passwd = getpwuid (geteuid ());
177
178	user = user_lookup (passwd->pw_name);
179	if (user && user->nopassword)
180	/* Pass through */;
181	else
182	{
183	#ifdef USE_PAM
184	if (vtysh_pam (passwd->pw_name))
185	exit (0);
186	#endif /* USE_PAM */
187	}
188	return 0;
189	}
190
191	void
192	vtysh_user_init ()
193	{
194	userlist = list_new ();
195	install_element (CONFIG_NODE, &username_nopassword_cmd);
196	}