| 718e3744 |
1 | /* User authentication for vtysh. |
| 2 | * Copyright (C) 2000 Kunihiro Ishiguro |
| 3 | * |
| 4 | * This file is part of GNU Zebra. |
| 5 | * |
| 6 | * GNU Zebra is free software; you can redistribute it and/or modify it |
| 7 | * under the terms of the GNU General Public License as published by the |
| 8 | * Free Software Foundation; either version 2, or (at your option) any |
| 9 | * later version. |
| 10 | * |
| 11 | * GNU Zebra is distributed in the hope that it will be useful, but |
| 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | * General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License |
| 17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free |
| 18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
| 19 | * 02111-1307, USA. |
| 20 | */ |
| 21 | |
| 22 | #include <zebra.h> |
| bb6065a5 |
23 | #include <lib/version.h> |
| 718e3744 |
24 | |
| 25 | #include <pwd.h> |
| 26 | |
| 27 | #ifdef USE_PAM |
| 28 | #include <security/pam_appl.h> |
| 24cd435b |
29 | #ifdef HAVE_PAM_MISC_H |
| 718e3744 |
30 | #include <security/pam_misc.h> |
| 24cd435b |
31 | #endif |
| 32 | #ifdef HAVE_OPENPAM_H |
| 33 | #include <security/openpam.h> |
| 34 | #endif |
| 718e3744 |
35 | #endif /* USE_PAM */ |
| 36 | |
| 37 | #include "memory.h" |
| 38 | #include "linklist.h" |
| 39 | #include "command.h" |
| 40 | |
| 41 | #ifdef USE_PAM |
| 42 | static struct pam_conv conv = |
| 43 | { |
| 24cd435b |
44 | PAM_CONV_FUNC, |
| 718e3744 |
45 | NULL |
| 46 | }; |
| 47 | |
| 48 | int |
| 5862ff52 |
49 | vtysh_pam (const char *user) |
| 718e3744 |
50 | { |
| 51 | int ret; |
| 52 | pam_handle_t *pamh = NULL; |
| 53 | |
| 54 | /* Start PAM. */ |
| 42053f4e |
55 | ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh); |
| 718e3744 |
56 | /* printf ("ret %d\n", ret); */ |
| 57 | |
| 58 | /* Is user really user? */ |
| 59 | if (ret == PAM_SUCCESS) |
| 60 | ret = pam_authenticate (pamh, 0); |
| 61 | /* printf ("ret %d\n", ret); */ |
| 62 | |
| 63 | #if 0 |
| 64 | /* Permitted access? */ |
| 65 | if (ret == PAM_SUCCESS) |
| 66 | ret = pam_acct_mgmt (pamh, 0); |
| 67 | printf ("ret %d\n", ret); |
| 68 | |
| 69 | if (ret == PAM_AUTHINFO_UNAVAIL) |
| 70 | ret = PAM_SUCCESS; |
| 71 | #endif /* 0 */ |
| 72 | |
| 73 | /* This is where we have been authorized or not. */ |
| 74 | #ifdef DEBUG |
| 75 | if (ret == PAM_SUCCESS) |
| 76 | printf("Authenticated\n"); |
| 77 | else |
| 78 | printf("Not Authenticated\n"); |
| 79 | #endif /* DEBUG */ |
| 80 | |
| 81 | /* close Linux-PAM */ |
| 82 | if (pam_end (pamh, ret) != PAM_SUCCESS) |
| 83 | { |
| 84 | pamh = NULL; |
| 85 | fprintf(stderr, "vtysh_pam: failed to release authenticator\n"); |
| 86 | exit(1); |
| 87 | } |
| 88 | |
| 89 | return ret == PAM_SUCCESS ? 0 : 1; |
| 90 | } |
| 91 | #endif /* USE_PAM */ |
| 92 | |
| 93 | struct user |
| 94 | { |
| 95 | char *name; |
| 96 | u_char nopassword; |
| 97 | }; |
| 98 | |
| 99 | struct list *userlist; |
| 100 | |
| 101 | struct user * |
| 102 | user_new () |
| 103 | { |
| 104 | struct user *user; |
| 105 | user = XMALLOC (0, sizeof (struct user)); |
| 106 | memset (user, 0, sizeof (struct user)); |
| 107 | return user; |
| 108 | } |
| 109 | |
| 110 | void |
| 111 | user_free (struct user *user) |
| 112 | { |
| 113 | XFREE (0, user); |
| 114 | } |
| 115 | |
| 116 | struct user * |
| 5862ff52 |
117 | user_lookup (const char *name) |
| 718e3744 |
118 | { |
| 1eb8ef25 |
119 | struct listnode *node, *nnode; |
| 718e3744 |
120 | struct user *user; |
| 121 | |
| 1eb8ef25 |
122 | for (ALL_LIST_ELEMENTS (userlist, node, nnode, user)) |
| 718e3744 |
123 | { |
| 124 | if (strcmp (user->name, name) == 0) |
| 125 | return user; |
| 126 | } |
| 127 | return NULL; |
| 128 | } |
| 129 | |
| 130 | void |
| 131 | user_config_write () |
| 132 | { |
| 1eb8ef25 |
133 | struct listnode *node, *nnode; |
| 718e3744 |
134 | struct user *user; |
| 135 | |
| 1eb8ef25 |
136 | for (ALL_LIST_ELEMENTS (userlist, node, nnode, user)) |
| 718e3744 |
137 | { |
| 138 | if (user->nopassword) |
| 139 | printf (" username %s nopassword\n", user->name); |
| 140 | } |
| 141 | } |
| 142 | |
| 143 | struct user * |
| 5862ff52 |
144 | user_get (const char *name) |
| 718e3744 |
145 | { |
| 146 | struct user *user; |
| 147 | user = user_lookup (name); |
| 148 | if (user) |
| 149 | return user; |
| 150 | |
| 151 | user = user_new (); |
| 152 | user->name = strdup (name); |
| 153 | listnode_add (userlist, user); |
| 154 | |
| 155 | return user; |
| 156 | } |
| 157 | |
| 158 | DEFUN (username_nopassword, |
| 159 | username_nopassword_cmd, |
| 160 | "username WORD nopassword", |
| 161 | "\n" |
| 162 | "\n" |
| 163 | "\n") |
| 164 | { |
| 165 | struct user *user; |
| 166 | user = user_get (argv[0]); |
| 167 | user->nopassword = 1; |
| 168 | return CMD_SUCCESS; |
| 169 | } |
| 170 | |
| 171 | int |
| 172 | vtysh_auth () |
| 173 | { |
| 174 | struct user *user; |
| 175 | struct passwd *passwd; |
| 176 | |
| 177 | passwd = getpwuid (geteuid ()); |
| 178 | |
| 179 | user = user_lookup (passwd->pw_name); |
| 180 | if (user && user->nopassword) |
| 181 | /* Pass through */; |
| 182 | else |
| 183 | { |
| 184 | #ifdef USE_PAM |
| 185 | if (vtysh_pam (passwd->pw_name)) |
| 186 | exit (0); |
| 187 | #endif /* USE_PAM */ |
| 188 | } |
| 189 | return 0; |
| 190 | } |
| 191 | |
| 192 | void |
| 193 | vtysh_user_init () |
| 194 | { |
| 195 | userlist = list_new (); |
| 196 | install_element (CONFIG_NODE, &username_nopassword_cmd); |
| 197 | } |
projects / mirror_frr.git / blame