]>
Commit | Line | Data |
---|---|---|
acddc0ed | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
718e3744 | 2 | /* User authentication for vtysh. |
3 | * Copyright (C) 2000 Kunihiro Ishiguro | |
718e3744 | 4 | */ |
5 | ||
6 | #include <zebra.h> | |
bb6065a5 | 7 | #include <lib/version.h> |
718e3744 | 8 | |
9 | #include <pwd.h> | |
10 | ||
11 | #ifdef USE_PAM | |
12 | #include <security/pam_appl.h> | |
24cd435b | 13 | #ifdef HAVE_PAM_MISC_H |
718e3744 | 14 | #include <security/pam_misc.h> |
24cd435b | 15 | #endif |
16 | #ifdef HAVE_OPENPAM_H | |
17 | #include <security/openpam.h> | |
18 | #endif | |
718e3744 | 19 | #endif /* USE_PAM */ |
20 | ||
21 | #include "memory.h" | |
22 | #include "linklist.h" | |
23 | #include "command.h" | |
88177fe3 | 24 | #include "vtysh/vtysh_user.h" |
718e3744 | 25 | |
d62a17ae | 26 | /* |
c0e8c16f DS |
27 | * Compiler is warning about prototypes not being declared. |
28 | * The DEFUNSH and DEFUN macro's are messing with the | |
29 | * compiler I believe. This is just to make it happy. | |
30 | */ | |
21c830a4 | 31 | #ifdef USE_PAM |
ec4ab9f3 | 32 | static int vtysh_pam(const char *); |
21c830a4 | 33 | #endif |
c0e8c16f DS |
34 | int vtysh_auth(void); |
35 | void vtysh_user_init(void); | |
36 | ||
e4421165 DS |
37 | extern struct list *config_top; |
38 | extern void config_add_line(struct list *config, const char *line); | |
39 | ||
718e3744 | 40 | #ifdef USE_PAM |
d62a17ae | 41 | static struct pam_conv conv = {PAM_CONV_FUNC, NULL}; |
718e3744 | 42 | |
d62a17ae | 43 | static int vtysh_pam(const char *user) |
718e3744 | 44 | { |
d62a17ae | 45 | int ret; |
46 | pam_handle_t *pamh = NULL; | |
718e3744 | 47 | |
d62a17ae | 48 | /* Start PAM. */ |
49 | ret = pam_start(FRR_PAM_NAME, user, &conv, &pamh); | |
d62a17ae | 50 | |
51 | /* Is user really user? */ | |
52 | if (ret == PAM_SUCCESS) | |
53 | ret = pam_authenticate(pamh, 0); | |
718e3744 | 54 | |
60bc8d61 DS |
55 | if (ret != PAM_SUCCESS) |
56 | fprintf(stderr, "vtysh_pam: Failure to initialize pam: %s(%d)", | |
57 | pam_strerror(pamh, ret), ret); | |
718e3744 | 58 | |
264a2a27 | 59 | if (pam_acct_mgmt(pamh, 0) != PAM_SUCCESS) |
60 | fprintf(stderr, "%s: Failed in account validation: %s(%d)", | |
61 | __func__, pam_strerror(pamh, ret), ret); | |
62 | ||
d62a17ae | 63 | /* close Linux-PAM */ |
64 | if (pam_end(pamh, ret) != PAM_SUCCESS) { | |
65 | pamh = NULL; | |
60bc8d61 DS |
66 | fprintf(stderr, "vtysh_pam: failed to release authenticator: %s(%d)\n", |
67 | pam_strerror(pamh, ret), ret); | |
d62a17ae | 68 | exit(1); |
69 | } | |
718e3744 | 70 | |
d62a17ae | 71 | return ret == PAM_SUCCESS ? 0 : 1; |
718e3744 | 72 | } |
73 | #endif /* USE_PAM */ | |
74 | ||
d62a17ae | 75 | struct vtysh_user { |
76 | char *name; | |
d7c0a89a | 77 | uint8_t nopassword; |
718e3744 | 78 | }; |
79 | ||
80 | struct list *userlist; | |
81 | ||
d62a17ae | 82 | static struct vtysh_user *user_new(void) |
718e3744 | 83 | { |
d62a17ae | 84 | return XCALLOC(MTYPE_TMP, sizeof(struct vtysh_user)); |
718e3744 | 85 | } |
86 | ||
d62a17ae | 87 | static struct vtysh_user *user_lookup(const char *name) |
718e3744 | 88 | { |
d62a17ae | 89 | struct listnode *node, *nnode; |
90 | struct vtysh_user *user; | |
718e3744 | 91 | |
d62a17ae | 92 | for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) { |
93 | if (strcmp(user->name, name) == 0) | |
94 | return user; | |
95 | } | |
96 | return NULL; | |
718e3744 | 97 | } |
98 | ||
4d762f26 | 99 | void user_config_write(void) |
718e3744 | 100 | { |
d62a17ae | 101 | struct listnode *node, *nnode; |
102 | struct vtysh_user *user; | |
103 | char line[128]; | |
104 | ||
105 | for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) { | |
106 | if (user->nopassword) { | |
772270f3 QY |
107 | snprintf(line, sizeof(line), "username %s nopassword", |
108 | user->name); | |
d62a17ae | 109 | config_add_line(config_top, line); |
110 | } | |
a7222276 | 111 | } |
718e3744 | 112 | } |
113 | ||
d62a17ae | 114 | static struct vtysh_user *user_get(const char *name) |
718e3744 | 115 | { |
d62a17ae | 116 | struct vtysh_user *user; |
117 | user = user_lookup(name); | |
118 | if (user) | |
119 | return user; | |
718e3744 | 120 | |
d62a17ae | 121 | user = user_new(); |
122 | user->name = strdup(name); | |
123 | listnode_add(userlist, user); | |
718e3744 | 124 | |
d62a17ae | 125 | return user; |
718e3744 | 126 | } |
127 | ||
dd2ecded DS |
128 | DEFUN (vtysh_banner_motd_file, |
129 | vtysh_banner_motd_file_cmd, | |
4d833e55 DS |
130 | "banner motd file FILE", |
131 | "Set banner\n" | |
132 | "Banner for motd\n" | |
133 | "Banner from a file\n" | |
134 | "Filename\n") | |
7cfc61d3 | 135 | { |
d62a17ae | 136 | int idx_file = 3; |
137 | return cmd_banner_motd_file(argv[idx_file]->arg); | |
7cfc61d3 DS |
138 | } |
139 | ||
19d61463 DA |
140 | DEFUN (vtysh_banner_motd_line, |
141 | vtysh_banner_motd_line_cmd, | |
142 | "banner motd line LINE...", | |
143 | "Set banner\n" | |
144 | "Banner for motd\n" | |
145 | "Banner from an input\n" | |
146 | "Text\n") | |
147 | { | |
148 | int idx = 0; | |
149 | char *motd; | |
150 | ||
151 | argv_find(argv, argc, "LINE", &idx); | |
152 | motd = argv_concat(argv, argc, idx); | |
153 | ||
154 | cmd_banner_motd_line(motd); | |
155 | XFREE(MTYPE_TMP, motd); | |
156 | ||
157 | return CMD_SUCCESS; | |
158 | } | |
159 | ||
718e3744 | 160 | DEFUN (username_nopassword, |
161 | username_nopassword_cmd, | |
162 | "username WORD nopassword", | |
163 | "\n" | |
164 | "\n" | |
165 | "\n") | |
166 | { | |
d62a17ae | 167 | int idx_word = 1; |
168 | struct vtysh_user *user; | |
169 | user = user_get(argv[idx_word]->arg); | |
170 | user->nopassword = 1; | |
171 | return CMD_SUCCESS; | |
718e3744 | 172 | } |
173 | ||
d62a17ae | 174 | int vtysh_auth(void) |
718e3744 | 175 | { |
d62a17ae | 176 | struct vtysh_user *user; |
177 | struct passwd *passwd; | |
178 | ||
179 | if ((passwd = getpwuid(geteuid())) == NULL) { | |
180 | fprintf(stderr, "could not lookup user ID %d\n", | |
181 | (int)geteuid()); | |
182 | exit(1); | |
183 | } | |
184 | ||
185 | user = user_lookup(passwd->pw_name); | |
186 | if (user && user->nopassword) | |
187 | /* Pass through */; | |
188 | else { | |
718e3744 | 189 | #ifdef USE_PAM |
d62a17ae | 190 | if (vtysh_pam(passwd->pw_name)) |
191 | exit(0); | |
718e3744 | 192 | #endif /* USE_PAM */ |
d62a17ae | 193 | } |
194 | return 0; | |
718e3744 | 195 | } |
196 | ||
d62a17ae | 197 | char *vtysh_get_home(void) |
fba55c8a | 198 | { |
d62a17ae | 199 | struct passwd *passwd; |
200 | char *homedir; | |
fba55c8a | 201 | |
831600c3 | 202 | if ((homedir = getenv("HOME")) != NULL) |
d62a17ae | 203 | return homedir; |
f38e9e49 | 204 | |
d62a17ae | 205 | /* Fallback if HOME is undefined */ |
206 | passwd = getpwuid(getuid()); | |
fba55c8a | 207 | |
d62a17ae | 208 | return passwd ? passwd->pw_dir : NULL; |
fba55c8a DS |
209 | } |
210 | ||
d62a17ae | 211 | void vtysh_user_init(void) |
718e3744 | 212 | { |
d62a17ae | 213 | userlist = list_new(); |
214 | install_element(CONFIG_NODE, &username_nopassword_cmd); | |
215 | install_element(CONFIG_NODE, &vtysh_banner_motd_file_cmd); | |
19d61463 | 216 | install_element(CONFIG_NODE, &vtysh_banner_motd_line_cmd); |
718e3744 | 217 | } |