projects / mirror_frr.git / blame
| Commit | Line | Data |
|---|---|---|
| 718e3744 | 1 | /* User authentication for vtysh. |
| 2 | * Copyright (C) 2000 Kunihiro Ishiguro | |
| 3 | * | |
| 4 | * This file is part of GNU Zebra. | |
| 5 | * | |
| 6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
| 7 | * under the terms of the GNU General Public License as published by the | |
| 8 | * Free Software Foundation; either version 2, or (at your option) any | |
| 9 | * later version. | |
| 10 | * | |
| 11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
| 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 14 | * General Public License for more details. | |
| 15 | * | |
| 16 | * You should have received a copy of the GNU General Public License | |
| 17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free | |
| 18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
| 19 | * 02111-1307, USA. | |
| 20 | */ | |
| 21 | ||
| 22 | #include <zebra.h> | |
| bb6065a5 | 23 | #include <lib/version.h> |
| 718e3744 | 24 | |
| 25 | #include <pwd.h> | |
| 26 | ||
| 27 | #ifdef USE_PAM | |
| 28 | #include <security/pam_appl.h> | |
| 24cd435b | 29 | #ifdef HAVE_PAM_MISC_H |
| 718e3744 | 30 | #include <security/pam_misc.h> |
| 24cd435b | 31 | #endif |
| 32 | #ifdef HAVE_OPENPAM_H | |
| 33 | #include <security/openpam.h> | |
| 34 | #endif | |
| 718e3744 | 35 | #endif /* USE_PAM */ |
| 36 | ||
| 37 | #include "memory.h" | |
| 38 | #include "linklist.h" | |
| 39 | #include "command.h" | |
| 88177fe3 | 40 | #include "vtysh/vtysh_user.h" |
| 718e3744 | 41 | |
| c0e8c16f DS |
42 | /* |
| 43 | * Compiler is warning about prototypes not being declared. | |
| 44 | * The DEFUNSH and DEFUN macro's are messing with the | |
| 45 | * compiler I believe. This is just to make it happy. | |
| 46 | */ | |
| 21c830a4 | 47 | #ifdef USE_PAM |
| ec4ab9f3 | 48 | static int vtysh_pam(const char *); |
| 21c830a4 | 49 | #endif |
| c0e8c16f DS |
50 | struct vtysh_user *user_new(void); |
| 51 | void user_free(struct vtysh_user *); | |
| 52 | struct vtysh_user *user_lookup(const char *); | |
| c0e8c16f DS |
53 | struct vtysh_user *user_get(const char *); |
| 54 | int vtysh_auth(void); | |
| 55 | void vtysh_user_init(void); | |
| 56 | ||
| e4421165 DS |
57 | extern struct list *config_top; |
| 58 | extern void config_add_line(struct list *config, const char *line); | |
| 59 | ||
| 718e3744 | 60 | #ifdef USE_PAM |
| 61 | static struct pam_conv conv = | |
| 62 | { | |
| 24cd435b | 63 | PAM_CONV_FUNC, |
| 718e3744 | 64 | NULL |
| 65 | }; | |
| 66 | ||
| 4e6a0534 | 67 | static int |
| 5862ff52 | 68 | vtysh_pam (const char *user) |
| 718e3744 | 69 | { |
| 70 | int ret; | |
| 71 | pam_handle_t *pamh = NULL; | |
| 72 | ||
| 73 | /* Start PAM. */ | |
| 42053f4e | 74 | ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh); |
| 718e3744 | 75 | /* printf ("ret %d\n", ret); */ |
| 76 | ||
| 77 | /* Is user really user? */ | |
| 78 | if (ret == PAM_SUCCESS) | |
| 79 | ret = pam_authenticate (pamh, 0); | |
| 80 | /* printf ("ret %d\n", ret); */ | |
| 81 | ||
| 82 | #if 0 | |
| 83 | /* Permitted access? */ | |
| 84 | if (ret == PAM_SUCCESS) | |
| 85 | ret = pam_acct_mgmt (pamh, 0); | |
| 86 | printf ("ret %d\n", ret); | |
| 87 | ||
| 88 | if (ret == PAM_AUTHINFO_UNAVAIL) | |
| 89 | ret = PAM_SUCCESS; | |
| 90 | #endif /* 0 */ | |
| 91 | ||
| 92 | /* This is where we have been authorized or not. */ | |
| 93 | #ifdef DEBUG | |
| 94 | if (ret == PAM_SUCCESS) | |
| 95 | printf("Authenticated\n"); | |
| 96 | else | |
| 97 | printf("Not Authenticated\n"); | |
| 98 | #endif /* DEBUG */ | |
| 99 | ||
| 100 | /* close Linux-PAM */ | |
| 101 | if (pam_end (pamh, ret) != PAM_SUCCESS) | |
| 102 | { | |
| 103 | pamh = NULL; | |
| 104 | fprintf(stderr, "vtysh_pam: failed to release authenticator\n"); | |
| 105 | exit(1); | |
| 106 | } | |
| 107 | ||
| 108 | return ret == PAM_SUCCESS ? 0 : 1; | |
| 109 | } | |
| 110 | #endif /* USE_PAM */ | |
| 111 | ||
| b8994085 | 112 | struct vtysh_user |
| 718e3744 | 113 | { |
| 114 | char *name; | |
| 115 | u_char nopassword; | |
| 116 | }; | |
| 117 | ||
| 118 | struct list *userlist; | |
| 119 | ||
| b8994085 | 120 | struct vtysh_user * |
| 35dece84 | 121 | user_new (void) |
| 718e3744 | 122 | { |
| 393deb9b | 123 | return XCALLOC (0, sizeof (struct vtysh_user)); |
| 718e3744 | 124 | } |
| 125 | ||
| 126 | void | |
| b8994085 | 127 | user_free (struct vtysh_user *user) |
| 718e3744 | 128 | { |
| 129 | XFREE (0, user); | |
| 130 | } | |
| 131 | ||
| b8994085 | 132 | struct vtysh_user * |
| 5862ff52 | 133 | user_lookup (const char *name) |
| 718e3744 | 134 | { |
| 1eb8ef25 | 135 | struct listnode *node, *nnode; |
| b8994085 | 136 | struct vtysh_user *user; |
| 718e3744 | 137 | |
| 1eb8ef25 | 138 | for (ALL_LIST_ELEMENTS (userlist, node, nnode, user)) |
| 718e3744 | 139 | { |
| 140 | if (strcmp (user->name, name) == 0) | |
| 141 | return user; | |
| 142 | } | |
| 143 | return NULL; | |
| 144 | } | |
| 145 | ||
| 146 | void | |
| 147 | user_config_write () | |
| 148 | { | |
| 1eb8ef25 | 149 | struct listnode *node, *nnode; |
| b8994085 | 150 | struct vtysh_user *user; |
| a7222276 | 151 | char line[128]; |
| 718e3744 | 152 | |
| 1eb8ef25 | 153 | for (ALL_LIST_ELEMENTS (userlist, node, nnode, user)) |
| 718e3744 | 154 | { |
| 155 | if (user->nopassword) | |
| a7222276 DS |
156 | { |
| 157 | sprintf(line, "username %s nopassword", user->name); | |
| 158 | config_add_line (config_top, line); | |
| 159 | } | |
| 718e3744 | 160 | } |
| 161 | } | |
| 162 | ||
| b8994085 | 163 | struct vtysh_user * |
| 5862ff52 | 164 | user_get (const char *name) |
| 718e3744 | 165 | { |
| b8994085 | 166 | struct vtysh_user *user; |
| 718e3744 | 167 | user = user_lookup (name); |
| 168 | if (user) | |
| 169 | return user; | |
| 170 | ||
| 171 | user = user_new (); | |
| 172 | user->name = strdup (name); | |
| 173 | listnode_add (userlist, user); | |
| 174 | ||
| 175 | return user; | |
| 176 | } | |
| 177 | ||
| 7cfc61d3 DS |
178 | DEFUN (banner_motd_file, |
| 179 | banner_motd_file_cmd, | |
| 4d833e55 DS |
180 | "banner motd file FILE", |
| 181 | "Set banner\n" | |
| 182 | "Banner for motd\n" | |
| 183 | "Banner from a file\n" | |
| 184 | "Filename\n") | |
| 7cfc61d3 DS |
185 | { |
| 186 | return cmd_banner_motd_file (argv[0]); | |
| 187 | } | |
| 188 | ||
| 718e3744 | 189 | DEFUN (username_nopassword, |
| 190 | username_nopassword_cmd, | |
| 191 | "username WORD nopassword", | |
| 192 | "\n" | |
| 193 | "\n" | |
| 194 | "\n") | |
| 195 | { | |
| b8994085 | 196 | struct vtysh_user *user; |
| 718e3744 | 197 | user = user_get (argv[0]); |
| 198 | user->nopassword = 1; | |
| 199 | return CMD_SUCCESS; | |
| 200 | } | |
| 201 | ||
| 202 | int | |
| 203 | vtysh_auth () | |
| 204 | { | |
| b8994085 | 205 | struct vtysh_user *user; |
| 718e3744 | 206 | struct passwd *passwd; |
| 207 | ||
| 208 | passwd = getpwuid (geteuid ()); | |
| 209 | ||
| 210 | user = user_lookup (passwd->pw_name); | |
| 211 | if (user && user->nopassword) | |
| 212 | /* Pass through */; | |
| 213 | else | |
| 214 | { | |
| 215 | #ifdef USE_PAM | |
| 216 | if (vtysh_pam (passwd->pw_name)) | |
| 217 | exit (0); | |
| 218 | #endif /* USE_PAM */ | |
| 219 | } | |
| 220 | return 0; | |
| 221 | } | |
| 222 | ||
| fba55c8a DS |
223 | char * |
| 224 | vtysh_get_home (void) | |
| 225 | { | |
| 226 | struct passwd *passwd; | |
| 227 | ||
| 228 | passwd = getpwuid (getuid ()); | |
| 229 | ||
| 230 | return passwd ? passwd->pw_dir : NULL; | |
| 231 | } | |
| 232 | ||
| 718e3744 | 233 | void |
| fba55c8a | 234 | vtysh_user_init (void) |
| 718e3744 | 235 | { |
| 236 | userlist = list_new (); | |
| 237 | install_element (CONFIG_NODE, &username_nopassword_cmd); | |
| 7cfc61d3 | 238 | install_element (CONFIG_NODE, &banner_motd_file_cmd); |
| 718e3744 | 239 | } |