[mirror_frr.git] / vtysh / vtysh_user.c

/* User authentication for vtysh.
 * Copyright (C) 2000 Kunihiro Ishiguro
 *
 * This file is part of GNU Zebra.
 *
 * GNU Zebra is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * GNU Zebra is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GNU Zebra; see the file COPYING.  If not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.  
 */

#include <zebra.h>
#include <lib/version.h>

#include <pwd.h>

#ifdef USE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM_MISC_H
#include <security/pam_misc.h>
#endif
#ifdef HAVE_OPENPAM_H
#include <security/openpam.h>
#endif
#endif /* USE_PAM */

#include "memory.h"
#include "linklist.h"
#include "command.h"

/* 
 * Compiler is warning about prototypes not being declared.
 * The DEFUNSH and DEFUN macro's are messing with the
 * compiler I believe.  This is just to make it happy.
 */
int vtysh_pam(const char *);
struct vtysh_user *user_new(void);
void user_free(struct vtysh_user *);
struct vtysh_user *user_lookup(const char *);
void user_config_write(void);
struct vtysh_user *user_get(const char *);
int vtysh_auth(void);
void vtysh_user_init(void);

#ifdef USE_PAM
static struct pam_conv conv = 
{
  PAM_CONV_FUNC,
  NULL
};

int
vtysh_pam (const char *user)
{
  int ret;
  pam_handle_t *pamh = NULL;

  /* Start PAM. */
  ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
  /* printf ("ret %d\n", ret); */

  /* Is user really user? */
  if (ret == PAM_SUCCESS)
    ret = pam_authenticate (pamh, 0);
  /* printf ("ret %d\n", ret); */
  
#if 0
  /* Permitted access? */
  if (ret == PAM_SUCCESS)
    ret = pam_acct_mgmt (pamh, 0);
  printf ("ret %d\n", ret);

  if (ret == PAM_AUTHINFO_UNAVAIL)
    ret = PAM_SUCCESS;
#endif /* 0 */
  
  /* This is where we have been authorized or not. */
#ifdef DEBUG
  if (ret == PAM_SUCCESS)
    printf("Authenticated\n");
  else
    printf("Not Authenticated\n");
#endif /* DEBUG */

  /* close Linux-PAM */
  if (pam_end (pamh, ret) != PAM_SUCCESS) 
    {
      pamh = NULL;
      fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
      exit(1);
    }

  return ret == PAM_SUCCESS ? 0 : 1;
}
#endif /* USE_PAM */

struct vtysh_user
{
  char *name;
  u_char nopassword;
};

struct list *userlist;

struct vtysh_user *
user_new ()
{
  return XCALLOC (0, sizeof (struct vtysh_user));
}

void
user_free (struct vtysh_user *user)
{
  XFREE (0, user);
}

struct vtysh_user *
user_lookup (const char *name)
{
  struct listnode *node, *nnode;
  struct vtysh_user *user;

  for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
    {
      if (strcmp (user->name, name) == 0)
	return user;
    }
  return NULL;
}

void
user_config_write ()
{
  struct listnode *node, *nnode;
  struct vtysh_user *user;

  for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
    {
      if (user->nopassword)
	printf (" username %s nopassword\n", user->name);
    }
}

struct vtysh_user *
user_get (const char *name)
{
  struct vtysh_user *user;
  user = user_lookup (name);
  if (user)
    return user;

  user = user_new ();
  user->name = strdup (name);
  listnode_add (userlist, user);

  return user;
}

DEFUN (username_nopassword,
       username_nopassword_cmd,
       "username WORD nopassword",
       "\n"
       "\n"
       "\n")
{
  struct vtysh_user *user;
  user = user_get (argv[0]);
  user->nopassword = 1;
  return CMD_SUCCESS;
}

int
vtysh_auth ()
{
  struct vtysh_user *user;
  struct passwd *passwd;

  passwd = getpwuid (geteuid ());

  user = user_lookup (passwd->pw_name);
  if (user && user->nopassword)
    /* Pass through */;
  else
    {
#ifdef USE_PAM
      if (vtysh_pam (passwd->pw_name))
	exit (0);
#endif /* USE_PAM */
    }
  return 0;
}

void
vtysh_user_init ()
{
  userlist = list_new ();
  install_element (CONFIG_NODE, &username_nopassword_cmd);
}
Commit	Line	Data
718e3744	1	/* User authentication for vtysh.
	2	* Copyright (C) 2000 Kunihiro Ishiguro
	3	*
	4	* This file is part of GNU Zebra.
	5	*
	6	* GNU Zebra is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2, or (at your option) any
	9	* later version.
	10	*
	11	* GNU Zebra is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with GNU Zebra; see the file COPYING. If not, write to the Free
	18	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
	19	* 02111-1307, USA.
	20	*/
	21
	22	#include <zebra.h>
bb6065a5	23	#include <lib/version.h>
718e3744	24
	25	#include <pwd.h>
	26
	27	#ifdef USE_PAM
	28	#include <security/pam_appl.h>
24cd435b	29	#ifdef HAVE_PAM_MISC_H
718e3744	30	#include <security/pam_misc.h>
24cd435b	31	#endif
	32	#ifdef HAVE_OPENPAM_H
	33	#include <security/openpam.h>
	34	#endif
718e3744	35	#endif /* USE_PAM */
	36
	37	#include "memory.h"
	38	#include "linklist.h"
	39	#include "command.h"
	40
c0e8c16f DS	41	/*
	42	* Compiler is warning about prototypes not being declared.
	43	* The DEFUNSH and DEFUN macro's are messing with the
	44	* compiler I believe. This is just to make it happy.
	45	*/
	46	int vtysh_pam(const char *);
	47	struct vtysh_user *user_new(void);
	48	void user_free(struct vtysh_user *);
	49	struct vtysh_user user_lookup(const char );
	50	void user_config_write(void);
	51	struct vtysh_user user_get(const char );
	52	int vtysh_auth(void);
	53	void vtysh_user_init(void);
	54
718e3744	55	#ifdef USE_PAM
	56	static struct pam_conv conv =
	57	{
24cd435b	58	PAM_CONV_FUNC,
718e3744	59	NULL
	60	};
	61
	62	int
5862ff52	63	vtysh_pam (const char *user)
718e3744	64	{
	65	int ret;
	66	pam_handle_t *pamh = NULL;
	67
	68	/* Start PAM. */
42053f4e	69	ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
718e3744	70	/* printf ("ret %d\n", ret); */
	71
	72	/* Is user really user? */
	73	if (ret == PAM_SUCCESS)
	74	ret = pam_authenticate (pamh, 0);
	75	/* printf ("ret %d\n", ret); */
	76
	77	#if 0
	78	/* Permitted access? */
	79	if (ret == PAM_SUCCESS)
	80	ret = pam_acct_mgmt (pamh, 0);
	81	printf ("ret %d\n", ret);
	82
	83	if (ret == PAM_AUTHINFO_UNAVAIL)
	84	ret = PAM_SUCCESS;
	85	#endif /* 0 */
	86
	87	/* This is where we have been authorized or not. */
	88	#ifdef DEBUG
	89	if (ret == PAM_SUCCESS)
	90	printf("Authenticated\n");
	91	else
	92	printf("Not Authenticated\n");
	93	#endif /* DEBUG */
	94
	95	/* close Linux-PAM */
	96	if (pam_end (pamh, ret) != PAM_SUCCESS)
	97	{
	98	pamh = NULL;
	99	fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
	100	exit(1);
	101	}
	102
	103	return ret == PAM_SUCCESS ? 0 : 1;
	104	}
	105	#endif /* USE_PAM */
	106
b8994085	107	struct vtysh_user
718e3744	108	{
	109	char *name;
	110	u_char nopassword;
	111	};
	112
	113	struct list *userlist;
	114
b8994085	115	struct vtysh_user *
718e3744	116	user_new ()
718e3744	117	{
393deb9b	118	return XCALLOC (0, sizeof (struct vtysh_user));
718e3744	119	}
	120
	121	void
b8994085	122	user_free (struct vtysh_user *user)
718e3744	123	{
	124	XFREE (0, user);
	125	}
	126
b8994085	127	struct vtysh_user *
5862ff52	128	user_lookup (const char *name)
718e3744	129	{
1eb8ef25	130	struct listnode node, nnode;
b8994085	131	struct vtysh_user *user;
718e3744	132
1eb8ef25	133	for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
718e3744	134	{
	135	if (strcmp (user->name, name) == 0)
	136	return user;
	137	}
	138	return NULL;
	139	}
	140
	141	void
	142	user_config_write ()
	143	{
1eb8ef25	144	struct listnode node, nnode;
b8994085	145	struct vtysh_user *user;
718e3744	146
1eb8ef25	147	for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
718e3744	148	{
	149	if (user->nopassword)
	150	printf (" username %s nopassword\n", user->name);
	151	}
	152	}
	153
b8994085	154	struct vtysh_user *
5862ff52	155	user_get (const char *name)
718e3744	156	{
b8994085	157	struct vtysh_user *user;
718e3744	158	user = user_lookup (name);
	159	if (user)
	160	return user;
	161
	162	user = user_new ();
	163	user->name = strdup (name);
	164	listnode_add (userlist, user);
	165
	166	return user;
	167	}
	168
	169	DEFUN (username_nopassword,
	170	username_nopassword_cmd,
	171	"username WORD nopassword",
	172	"\n"
	173	"\n"
	174	"\n")
	175	{
b8994085	176	struct vtysh_user *user;
718e3744	177	user = user_get (argv[0]);
	178	user->nopassword = 1;
	179	return CMD_SUCCESS;
	180	}
	181
	182	int
	183	vtysh_auth ()
	184	{
b8994085	185	struct vtysh_user *user;
718e3744	186	struct passwd *passwd;
	187
	188	passwd = getpwuid (geteuid ());
	189
	190	user = user_lookup (passwd->pw_name);
	191	if (user && user->nopassword)
	192	/* Pass through */;
	193	else
	194	{
	195	#ifdef USE_PAM
	196	if (vtysh_pam (passwd->pw_name))
	197	exit (0);
	198	#endif /* USE_PAM */
	199	}
	200	return 0;
	201	}
	202
	203	void
	204	vtysh_user_init ()
	205	{
	206	userlist = list_new ();
	207	install_element (CONFIG_NODE, &username_nopassword_cmd);
	208	}