[mirror_frr.git] / vtysh / vtysh_user.c

/* User authentication for vtysh.
 * Copyright (C) 2000 Kunihiro Ishiguro
 *
 * This file is part of GNU Zebra.
 *
 * GNU Zebra is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * GNU Zebra is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GNU Zebra; see the file COPYING.  If not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.  
 */

#include <zebra.h>
#include <lib/version.h>

#include <pwd.h>

#ifdef USE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM_MISC_H
#include <security/pam_misc.h>
#endif
#ifdef HAVE_OPENPAM_H
#include <security/openpam.h>
#endif
#endif /* USE_PAM */

#include "memory.h"
#include "linklist.h"
#include "command.h"
#include "vtysh/vtysh_user.h"

/* 
 * Compiler is warning about prototypes not being declared.
 * The DEFUNSH and DEFUN macro's are messing with the
 * compiler I believe.  This is just to make it happy.
 */
int vtysh_pam(const char *);
struct vtysh_user *user_new(void);
void user_free(struct vtysh_user *);
struct vtysh_user *user_lookup(const char *);
struct vtysh_user *user_get(const char *);
int vtysh_auth(void);
void vtysh_user_init(void);

extern struct list *config_top;
extern void config_add_line(struct list *config, const char *line);

#ifdef USE_PAM
static struct pam_conv conv = 
{
  PAM_CONV_FUNC,
  NULL
};

int
vtysh_pam (const char *user)
{
  int ret;
  pam_handle_t *pamh = NULL;

  /* Start PAM. */
  ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
  /* printf ("ret %d\n", ret); */

  /* Is user really user? */
  if (ret == PAM_SUCCESS)
    ret = pam_authenticate (pamh, 0);
  /* printf ("ret %d\n", ret); */
  
#if 0
  /* Permitted access? */
  if (ret == PAM_SUCCESS)
    ret = pam_acct_mgmt (pamh, 0);
  printf ("ret %d\n", ret);

  if (ret == PAM_AUTHINFO_UNAVAIL)
    ret = PAM_SUCCESS;
#endif /* 0 */
  
  /* This is where we have been authorized or not. */
#ifdef DEBUG
  if (ret == PAM_SUCCESS)
    printf("Authenticated\n");
  else
    printf("Not Authenticated\n");
#endif /* DEBUG */

  /* close Linux-PAM */
  if (pam_end (pamh, ret) != PAM_SUCCESS) 
    {
      pamh = NULL;
      fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
      exit(1);
    }

  return ret == PAM_SUCCESS ? 0 : 1;
}
#endif /* USE_PAM */

struct vtysh_user
{
  char *name;
  u_char nopassword;
};

struct list *userlist;

struct vtysh_user *
user_new (void)
{
  return XCALLOC (0, sizeof (struct vtysh_user));
}

void
user_free (struct vtysh_user *user)
{
  XFREE (0, user);
}

struct vtysh_user *
user_lookup (const char *name)
{
  struct listnode *node, *nnode;
  struct vtysh_user *user;

  for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
    {
      if (strcmp (user->name, name) == 0)
	return user;
    }
  return NULL;
}

void
user_config_write ()
{
  struct listnode *node, *nnode;
  struct vtysh_user *user;
  char line[128];

  for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
    {
      if (user->nopassword)
	{
	  sprintf(line, "username %s nopassword", user->name);
	  config_add_line (config_top, line);
	}
    }
}

struct vtysh_user *
user_get (const char *name)
{
  struct vtysh_user *user;
  user = user_lookup (name);
  if (user)
    return user;

  user = user_new ();
  user->name = strdup (name);
  listnode_add (userlist, user);

  return user;
}

DEFUN (banner_motd_file,
       banner_motd_file_cmd,
       "banner motd file [FILE]",
       "\n\n\n\n")
{
  return cmd_banner_motd_file (argv[0]);
}

DEFUN (username_nopassword,
       username_nopassword_cmd,
       "username WORD nopassword",
       "\n"
       "\n"
       "\n")
{
  struct vtysh_user *user;
  user = user_get (argv[0]);
  user->nopassword = 1;
  return CMD_SUCCESS;
}

int
vtysh_auth ()
{
  struct vtysh_user *user;
  struct passwd *passwd;

  passwd = getpwuid (geteuid ());

  user = user_lookup (passwd->pw_name);
  if (user && user->nopassword)
    /* Pass through */;
  else
    {
#ifdef USE_PAM
      if (vtysh_pam (passwd->pw_name))
	exit (0);
#endif /* USE_PAM */
    }
  return 0;
}

char *
vtysh_get_home (void)
{
  struct passwd *passwd;

  passwd = getpwuid (getuid ());

  return passwd ? passwd->pw_dir : NULL;
}

void
vtysh_user_init (void)
{
  userlist = list_new ();
  install_element (CONFIG_NODE, &username_nopassword_cmd);
  install_element (CONFIG_NODE, &banner_motd_file_cmd);
}
Commit	Line	Data
	1	/* User authentication for vtysh.
	2	* Copyright (C) 2000 Kunihiro Ishiguro
	3	*
	4	* This file is part of GNU Zebra.
	5	*
	6	* GNU Zebra is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2, or (at your option) any
	9	* later version.
	10	*
	11	* GNU Zebra is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with GNU Zebra; see the file COPYING. If not, write to the Free
	18	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
	19	* 02111-1307, USA.
	20	*/
	21
	22	#include <zebra.h>
	23	#include <lib/version.h>
	24
	25	#include <pwd.h>
	26
	27	#ifdef USE_PAM
	28	#include <security/pam_appl.h>
	29	#ifdef HAVE_PAM_MISC_H
	30	#include <security/pam_misc.h>
	31	#endif
	32	#ifdef HAVE_OPENPAM_H
	33	#include <security/openpam.h>
	34	#endif
	35	#endif /* USE_PAM */
	36
	37	#include "memory.h"
	38	#include "linklist.h"
	39	#include "command.h"
	40	#include "vtysh/vtysh_user.h"
	41
	42	/*
	43	* Compiler is warning about prototypes not being declared.
	44	* The DEFUNSH and DEFUN macro's are messing with the
	45	* compiler I believe. This is just to make it happy.
	46	*/
	47	int vtysh_pam(const char *);
	48	struct vtysh_user *user_new(void);
	49	void user_free(struct vtysh_user *);
	50	struct vtysh_user user_lookup(const char );
	51	struct vtysh_user user_get(const char );
	52	int vtysh_auth(void);
	53	void vtysh_user_init(void);
	54
	55	extern struct list *config_top;
	56	extern void config_add_line(struct list config, const char line);
	57
	58	#ifdef USE_PAM
	59	static struct pam_conv conv =
	60	{
	61	PAM_CONV_FUNC,
	62	NULL
	63	};
	64
	65	int
	66	vtysh_pam (const char *user)
	67	{
	68	int ret;
	69	pam_handle_t *pamh = NULL;
	70
	71	/* Start PAM. */
	72	ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
	73	/* printf ("ret %d\n", ret); */
	74
	75	/* Is user really user? */
	76	if (ret == PAM_SUCCESS)
	77	ret = pam_authenticate (pamh, 0);
	78	/* printf ("ret %d\n", ret); */
	79
	80	#if 0
	81	/* Permitted access? */
	82	if (ret == PAM_SUCCESS)
	83	ret = pam_acct_mgmt (pamh, 0);
	84	printf ("ret %d\n", ret);
	85
	86	if (ret == PAM_AUTHINFO_UNAVAIL)
	87	ret = PAM_SUCCESS;
	88	#endif /* 0 */
	89
	90	/* This is where we have been authorized or not. */
	91	#ifdef DEBUG
	92	if (ret == PAM_SUCCESS)
	93	printf("Authenticated\n");
	94	else
	95	printf("Not Authenticated\n");
	96	#endif /* DEBUG */
	97
	98	/* close Linux-PAM */
	99	if (pam_end (pamh, ret) != PAM_SUCCESS)
	100	{
	101	pamh = NULL;
	102	fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
	103	exit(1);
	104	}
	105
	106	return ret == PAM_SUCCESS ? 0 : 1;
	107	}
	108	#endif /* USE_PAM */
	109
	110	struct vtysh_user
	111	{
	112	char *name;
	113	u_char nopassword;
	114	};
	115
	116	struct list *userlist;
	117
	118	struct vtysh_user *
	119	user_new (void)
	120	{
	121	return XCALLOC (0, sizeof (struct vtysh_user));
	122	}
	123
	124	void
	125	user_free (struct vtysh_user *user)
	126	{
	127	XFREE (0, user);
	128	}
	129
	130	struct vtysh_user *
	131	user_lookup (const char *name)
	132	{
	133	struct listnode node, nnode;
	134	struct vtysh_user *user;
	135
	136	for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
	137	{
	138	if (strcmp (user->name, name) == 0)
	139	return user;
	140	}
	141	return NULL;
	142	}
	143
	144	void
	145	user_config_write ()
	146	{
	147	struct listnode node, nnode;
	148	struct vtysh_user *user;
	149	char line[128];
	150
	151	for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
	152	{
	153	if (user->nopassword)
	154	{
	155	sprintf(line, "username %s nopassword", user->name);
	156	config_add_line (config_top, line);
	157	}
	158	}
	159	}
	160
	161	struct vtysh_user *
	162	user_get (const char *name)
	163	{
	164	struct vtysh_user *user;
	165	user = user_lookup (name);
	166	if (user)
	167	return user;
	168
	169	user = user_new ();
	170	user->name = strdup (name);
	171	listnode_add (userlist, user);
	172
	173	return user;
	174	}
	175
	176	DEFUN (banner_motd_file,
	177	banner_motd_file_cmd,
	178	"banner motd file [FILE]",
	179	"\n\n\n\n")
	180	{
	181	return cmd_banner_motd_file (argv[0]);
	182	}
	183
	184	DEFUN (username_nopassword,
	185	username_nopassword_cmd,
	186	"username WORD nopassword",
	187	"\n"
	188	"\n"
	189	"\n")
	190	{
	191	struct vtysh_user *user;
	192	user = user_get (argv[0]);
	193	user->nopassword = 1;
	194	return CMD_SUCCESS;
	195	}
	196
	197	int
	198	vtysh_auth ()
	199	{
	200	struct vtysh_user *user;
	201	struct passwd *passwd;
	202
	203	passwd = getpwuid (geteuid ());
	204
	205	user = user_lookup (passwd->pw_name);
	206	if (user && user->nopassword)
	207	/* Pass through */;
	208	else
	209	{
	210	#ifdef USE_PAM
	211	if (vtysh_pam (passwd->pw_name))
	212	exit (0);
	213	#endif /* USE_PAM */
	214	}
	215	return 0;
	216	}
	217
	218	char *
	219	vtysh_get_home (void)
	220	{
	221	struct passwd *passwd;
	222
	223	passwd = getpwuid (getuid ());
	224
	225	return passwd ? passwd->pw_dir : NULL;
	226	}
	227
	228	void
	229	vtysh_user_init (void)
	230	{
	231	userlist = list_new ();
	232	install_element (CONFIG_NODE, &username_nopassword_cmd);
	233	install_element (CONFIG_NODE, &banner_motd_file_cmd);
	234	}