vtysh/vtysh_user.c

   1 /* User authentication for vtysh.
   2  * Copyright (C) 2000 Kunihiro Ishiguro
   3  *
   4  * This file is part of GNU Zebra.
   5  *
   6  * GNU Zebra is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2, or (at your option) any
   9  * later version.
  10  *
  11  * GNU Zebra is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with GNU Zebra; see the file COPYING.  If not, write to the Free
  18  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  19  * 02111-1307, USA.
  20  */
  21
  22 #include <zebra.h>
  23 #include <lib/version.h>
  24
  25 #include <pwd.h>
  26
  27 #ifdef USE_PAM
  28 #include <security/pam_appl.h>
  29 #ifdef HAVE_PAM_MISC_H
  30 #include <security/pam_misc.h>
  31 #endif
  32 #ifdef HAVE_OPENPAM_H
  33 #include <security/openpam.h>
  34 #endif
  35 #endif /* USE_PAM */
  36
  37 #include "memory.h"
  38 #include "linklist.h"
  39 #include "command.h"
  40
  41 #ifdef USE_PAM
  42 static struct pam_conv conv =
  43 {
  44   PAM_CONV_FUNC,
  45   NULL
  46 };
  47
  48 int
  49 vtysh_pam (const char *user)
  50 {
  51   int ret;
  52   pam_handle_t *pamh = NULL;
  53
  54   /* Start PAM. */
  55   ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
  56   /* printf ("ret %d\n", ret); */
  57
  58   /* Is user really user? */
  59   if (ret == PAM_SUCCESS)
  60     ret = pam_authenticate (pamh, 0);
  61   /* printf ("ret %d\n", ret); */
  62
  63 #if 0
  64   /* Permitted access? */
  65   if (ret == PAM_SUCCESS)
  66     ret = pam_acct_mgmt (pamh, 0);
  67   printf ("ret %d\n", ret);
  68
  69   if (ret == PAM_AUTHINFO_UNAVAIL)
  70     ret = PAM_SUCCESS;
  71 #endif /* 0 */
  72
  73   /* This is where we have been authorized or not. */
  74 #ifdef DEBUG
  75   if (ret == PAM_SUCCESS)
  76     printf("Authenticated\n");
  77   else
  78     printf("Not Authenticated\n");
  79 #endif /* DEBUG */
  80
  81   /* close Linux-PAM */
  82   if (pam_end (pamh, ret) != PAM_SUCCESS)
  83     {
  84       pamh = NULL;
  85       fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
  86       exit(1);
  87     }
  88
  89   return ret == PAM_SUCCESS ? 0 : 1;
  90 }
  91 #endif /* USE_PAM */
  92
  93 struct vtysh_user
  94 {
  95   char *name;
  96   u_char nopassword;
  97 };
  98
  99 struct list *userlist;
 100
 101 struct vtysh_user *
 102 user_new ()
 103 {
 104   return XCALLOC (0, sizeof (struct vtysh_user));
 105 }
 106
 107 void
 108 user_free (struct vtysh_user *user)
 109 {
 110   XFREE (0, user);
 111 }
 112
 113 struct vtysh_user *
 114 user_lookup (const char *name)
 115 {
 116   struct listnode *node, *nnode;
 117   struct vtysh_user *user;
 118
 119   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
 120     {
 121       if (strcmp (user->name, name) == 0)
 122         return user;
 123     }
 124   return NULL;
 125 }
 126
 127 void
 128 user_config_write ()
 129 {
 130   struct listnode *node, *nnode;
 131   struct vtysh_user *user;
 132
 133   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
 134     {
 135       if (user->nopassword)
 136         printf (" username %s nopassword\n", user->name);
 137     }
 138 }
 139
 140 struct vtysh_user *
 141 user_get (const char *name)
 142 {
 143   struct vtysh_user *user;
 144   user = user_lookup (name);
 145   if (user)
 146     return user;
 147
 148   user = user_new ();
 149   user->name = strdup (name);
 150   listnode_add (userlist, user);
 151
 152   return user;
 153 }
 154
 155 DEFUN (username_nopassword,
 156        username_nopassword_cmd,
 157        "username WORD nopassword",
 158        "\n"
 159        "\n"
 160        "\n")
 161 {
 162   struct vtysh_user *user;
 163   user = user_get (argv[0]);
 164   user->nopassword = 1;
 165   return CMD_SUCCESS;
 166 }
 167
 168 int
 169 vtysh_auth ()
 170 {
 171   struct vtysh_user *user;
 172   struct passwd *passwd;
 173
 174   passwd = getpwuid (geteuid ());
 175
 176   user = user_lookup (passwd->pw_name);
 177   if (user && user->nopassword)
 178     /* Pass through */;
 179   else
 180     {
 181 #ifdef USE_PAM
 182       if (vtysh_pam (passwd->pw_name))
 183         exit (0);
 184 #endif /* USE_PAM */
 185     }
 186   return 0;
 187 }
 188
 189 void
 190 vtysh_user_init ()
 191 {
 192   userlist = list_new ();
 193   install_element (CONFIG_NODE, &username_nopassword_cmd);
 194 }