vtysh/vtysh_user.c

   1 /* User authentication for vtysh.
   2  * Copyright (C) 2000 Kunihiro Ishiguro
   3  *
   4  * This file is part of GNU Zebra.
   5  *
   6  * GNU Zebra is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2, or (at your option) any
   9  * later version.
  10  *
  11  * GNU Zebra is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with GNU Zebra; see the file COPYING.  If not, write to the Free
  18  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  19  * 02111-1307, USA.
  20  */
  21
  22 #include <zebra.h>
  23 #include <lib/version.h>
  24
  25 #include <pwd.h>
  26
  27 #ifdef USE_PAM
  28 #include <security/pam_appl.h>
  29 #ifdef HAVE_PAM_MISC_H
  30 #include <security/pam_misc.h>
  31 #endif
  32 #ifdef HAVE_OPENPAM_H
  33 #include <security/openpam.h>
  34 #endif
  35 #endif /* USE_PAM */
  36
  37 #include "memory.h"
  38 #include "linklist.h"
  39 #include "command.h"
  40 #include "vtysh/vtysh_user.h"
  41
  42 /*
  43  * Compiler is warning about prototypes not being declared.
  44  * The DEFUNSH and DEFUN macro's are messing with the
  45  * compiler I believe.  This is just to make it happy.
  46  */
  47 int vtysh_pam(const char *);
  48 struct vtysh_user *user_new(void);
  49 void user_free(struct vtysh_user *);
  50 struct vtysh_user *user_lookup(const char *);
  51 struct vtysh_user *user_get(const char *);
  52 int vtysh_auth(void);
  53 void vtysh_user_init(void);
  54
  55 extern struct list *config_top;
  56 extern void config_add_line(struct list *config, const char *line);
  57
  58 #ifdef USE_PAM
  59 static struct pam_conv conv =
  60 {
  61   PAM_CONV_FUNC,
  62   NULL
  63 };
  64
  65 int
  66 vtysh_pam (const char *user)
  67 {
  68   int ret;
  69   pam_handle_t *pamh = NULL;
  70
  71   /* Start PAM. */
  72   ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
  73   /* printf ("ret %d\n", ret); */
  74
  75   /* Is user really user? */
  76   if (ret == PAM_SUCCESS)
  77     ret = pam_authenticate (pamh, 0);
  78   /* printf ("ret %d\n", ret); */
  79
  80 #if 0
  81   /* Permitted access? */
  82   if (ret == PAM_SUCCESS)
  83     ret = pam_acct_mgmt (pamh, 0);
  84   printf ("ret %d\n", ret);
  85
  86   if (ret == PAM_AUTHINFO_UNAVAIL)
  87     ret = PAM_SUCCESS;
  88 #endif /* 0 */
  89
  90   /* This is where we have been authorized or not. */
  91 #ifdef DEBUG
  92   if (ret == PAM_SUCCESS)
  93     printf("Authenticated\n");
  94   else
  95     printf("Not Authenticated\n");
  96 #endif /* DEBUG */
  97
  98   /* close Linux-PAM */
  99   if (pam_end (pamh, ret) != PAM_SUCCESS)
 100     {
 101       pamh = NULL;
 102       fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
 103       exit(1);
 104     }
 105
 106   return ret == PAM_SUCCESS ? 0 : 1;
 107 }
 108 #endif /* USE_PAM */
 109
 110 struct vtysh_user
 111 {
 112   char *name;
 113   u_char nopassword;
 114 };
 115
 116 struct list *userlist;
 117
 118 struct vtysh_user *
 119 user_new (void)
 120 {
 121   return XCALLOC (0, sizeof (struct vtysh_user));
 122 }
 123
 124 void
 125 user_free (struct vtysh_user *user)
 126 {
 127   XFREE (0, user);
 128 }
 129
 130 struct vtysh_user *
 131 user_lookup (const char *name)
 132 {
 133   struct listnode *node, *nnode;
 134   struct vtysh_user *user;
 135
 136   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
 137     {
 138       if (strcmp (user->name, name) == 0)
 139         return user;
 140     }
 141   return NULL;
 142 }
 143
 144 void
 145 user_config_write ()
 146 {
 147   struct listnode *node, *nnode;
 148   struct vtysh_user *user;
 149   char line[128];
 150
 151   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
 152     {
 153       if (user->nopassword)
 154         {
 155           sprintf(line, "username %s nopassword", user->name);
 156           config_add_line (config_top, line);
 157         }
 158     }
 159 }
 160
 161 struct vtysh_user *
 162 user_get (const char *name)
 163 {
 164   struct vtysh_user *user;
 165   user = user_lookup (name);
 166   if (user)
 167     return user;
 168
 169   user = user_new ();
 170   user->name = strdup (name);
 171   listnode_add (userlist, user);
 172
 173   return user;
 174 }
 175
 176 DEFUN (username_nopassword,
 177        username_nopassword_cmd,
 178        "username WORD nopassword",
 179        "\n"
 180        "\n"
 181        "\n")
 182 {
 183   struct vtysh_user *user;
 184   user = user_get (argv[0]);
 185   user->nopassword = 1;
 186   return CMD_SUCCESS;
 187 }
 188
 189 int
 190 vtysh_auth ()
 191 {
 192   struct vtysh_user *user;
 193   struct passwd *passwd;
 194
 195   passwd = getpwuid (geteuid ());
 196
 197   user = user_lookup (passwd->pw_name);
 198   if (user && user->nopassword)
 199     /* Pass through */;
 200   else
 201     {
 202 #ifdef USE_PAM
 203       if (vtysh_pam (passwd->pw_name))
 204         exit (0);
 205 #endif /* USE_PAM */
 206     }
 207   return 0;
 208 }
 209
 210 void
 211 vtysh_user_init ()
 212 {
 213   userlist = list_new ();
 214   install_element (CONFIG_NODE, &username_nopassword_cmd);
 215 }