]>
Commit | Line | Data |
---|---|---|
1 | /* User authentication for vtysh. | |
2 | * Copyright (C) 2000 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License along | |
17 | * with this program; see the file COPYING; if not, write to the Free Software | |
18 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
19 | */ | |
20 | ||
21 | #include <zebra.h> | |
22 | #include <lib/version.h> | |
23 | ||
24 | #include <pwd.h> | |
25 | ||
26 | #ifdef USE_PAM | |
27 | #include <security/pam_appl.h> | |
28 | #ifdef HAVE_PAM_MISC_H | |
29 | #include <security/pam_misc.h> | |
30 | #endif | |
31 | #ifdef HAVE_OPENPAM_H | |
32 | #include <security/openpam.h> | |
33 | #endif | |
34 | #endif /* USE_PAM */ | |
35 | ||
36 | #include "memory.h" | |
37 | #include "linklist.h" | |
38 | #include "command.h" | |
39 | #include "vtysh/vtysh_user.h" | |
40 | ||
41 | /* | |
42 | * Compiler is warning about prototypes not being declared. | |
43 | * The DEFUNSH and DEFUN macro's are messing with the | |
44 | * compiler I believe. This is just to make it happy. | |
45 | */ | |
46 | #ifdef USE_PAM | |
47 | static int vtysh_pam(const char *); | |
48 | #endif | |
49 | int vtysh_auth(void); | |
50 | void vtysh_user_init(void); | |
51 | ||
52 | extern struct list *config_top; | |
53 | extern void config_add_line(struct list *config, const char *line); | |
54 | ||
55 | #ifdef USE_PAM | |
56 | static struct pam_conv conv = {PAM_CONV_FUNC, NULL}; | |
57 | ||
58 | static int vtysh_pam(const char *user) | |
59 | { | |
60 | int ret; | |
61 | pam_handle_t *pamh = NULL; | |
62 | ||
63 | /* Start PAM. */ | |
64 | ret = pam_start(FRR_PAM_NAME, user, &conv, &pamh); | |
65 | ||
66 | /* Is user really user? */ | |
67 | if (ret == PAM_SUCCESS) | |
68 | ret = pam_authenticate(pamh, 0); | |
69 | ||
70 | if (ret != PAM_SUCCESS) | |
71 | fprintf(stderr, "vtysh_pam: Failure to initialize pam: %s(%d)", | |
72 | pam_strerror(pamh, ret), ret); | |
73 | ||
74 | /* close Linux-PAM */ | |
75 | if (pam_end(pamh, ret) != PAM_SUCCESS) { | |
76 | pamh = NULL; | |
77 | fprintf(stderr, "vtysh_pam: failed to release authenticator: %s(%d)\n", | |
78 | pam_strerror(pamh, ret), ret); | |
79 | exit(1); | |
80 | } | |
81 | ||
82 | return ret == PAM_SUCCESS ? 0 : 1; | |
83 | } | |
84 | #endif /* USE_PAM */ | |
85 | ||
86 | struct vtysh_user { | |
87 | char *name; | |
88 | uint8_t nopassword; | |
89 | }; | |
90 | ||
91 | struct list *userlist; | |
92 | ||
93 | static struct vtysh_user *user_new(void) | |
94 | { | |
95 | return XCALLOC(MTYPE_TMP, sizeof(struct vtysh_user)); | |
96 | } | |
97 | ||
98 | static struct vtysh_user *user_lookup(const char *name) | |
99 | { | |
100 | struct listnode *node, *nnode; | |
101 | struct vtysh_user *user; | |
102 | ||
103 | for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) { | |
104 | if (strcmp(user->name, name) == 0) | |
105 | return user; | |
106 | } | |
107 | return NULL; | |
108 | } | |
109 | ||
110 | void user_config_write(void) | |
111 | { | |
112 | struct listnode *node, *nnode; | |
113 | struct vtysh_user *user; | |
114 | char line[128]; | |
115 | ||
116 | for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) { | |
117 | if (user->nopassword) { | |
118 | sprintf(line, "username %s nopassword", user->name); | |
119 | config_add_line(config_top, line); | |
120 | } | |
121 | } | |
122 | } | |
123 | ||
124 | static struct vtysh_user *user_get(const char *name) | |
125 | { | |
126 | struct vtysh_user *user; | |
127 | user = user_lookup(name); | |
128 | if (user) | |
129 | return user; | |
130 | ||
131 | user = user_new(); | |
132 | user->name = strdup(name); | |
133 | listnode_add(userlist, user); | |
134 | ||
135 | return user; | |
136 | } | |
137 | ||
138 | DEFUN (vtysh_banner_motd_file, | |
139 | vtysh_banner_motd_file_cmd, | |
140 | "banner motd file FILE", | |
141 | "Set banner\n" | |
142 | "Banner for motd\n" | |
143 | "Banner from a file\n" | |
144 | "Filename\n") | |
145 | { | |
146 | int idx_file = 3; | |
147 | return cmd_banner_motd_file(argv[idx_file]->arg); | |
148 | } | |
149 | ||
150 | DEFUN (vtysh_banner_motd_line, | |
151 | vtysh_banner_motd_line_cmd, | |
152 | "banner motd line LINE...", | |
153 | "Set banner\n" | |
154 | "Banner for motd\n" | |
155 | "Banner from an input\n" | |
156 | "Text\n") | |
157 | { | |
158 | int idx = 0; | |
159 | char *motd; | |
160 | ||
161 | argv_find(argv, argc, "LINE", &idx); | |
162 | motd = argv_concat(argv, argc, idx); | |
163 | ||
164 | cmd_banner_motd_line(motd); | |
165 | XFREE(MTYPE_TMP, motd); | |
166 | ||
167 | return CMD_SUCCESS; | |
168 | } | |
169 | ||
170 | DEFUN (username_nopassword, | |
171 | username_nopassword_cmd, | |
172 | "username WORD nopassword", | |
173 | "\n" | |
174 | "\n" | |
175 | "\n") | |
176 | { | |
177 | int idx_word = 1; | |
178 | struct vtysh_user *user; | |
179 | user = user_get(argv[idx_word]->arg); | |
180 | user->nopassword = 1; | |
181 | return CMD_SUCCESS; | |
182 | } | |
183 | ||
184 | int vtysh_auth(void) | |
185 | { | |
186 | struct vtysh_user *user; | |
187 | struct passwd *passwd; | |
188 | ||
189 | if ((passwd = getpwuid(geteuid())) == NULL) { | |
190 | fprintf(stderr, "could not lookup user ID %d\n", | |
191 | (int)geteuid()); | |
192 | exit(1); | |
193 | } | |
194 | ||
195 | user = user_lookup(passwd->pw_name); | |
196 | if (user && user->nopassword) | |
197 | /* Pass through */; | |
198 | else { | |
199 | #ifdef USE_PAM | |
200 | if (vtysh_pam(passwd->pw_name)) | |
201 | exit(0); | |
202 | #endif /* USE_PAM */ | |
203 | } | |
204 | return 0; | |
205 | } | |
206 | ||
207 | char *vtysh_get_home(void) | |
208 | { | |
209 | struct passwd *passwd; | |
210 | char *homedir; | |
211 | ||
212 | if ((homedir = getenv("HOME")) != NULL) | |
213 | return homedir; | |
214 | ||
215 | /* Fallback if HOME is undefined */ | |
216 | passwd = getpwuid(getuid()); | |
217 | ||
218 | return passwd ? passwd->pw_dir : NULL; | |
219 | } | |
220 | ||
221 | void vtysh_user_init(void) | |
222 | { | |
223 | userlist = list_new(); | |
224 | install_element(CONFIG_NODE, &username_nopassword_cmd); | |
225 | install_element(CONFIG_NODE, &vtysh_banner_motd_file_cmd); | |
226 | install_element(CONFIG_NODE, &vtysh_banner_motd_line_cmd); | |
227 | } |