vtysh_user.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216
  1. /* User authentication for vtysh.
  2. * Copyright (C) 2000 Kunihiro Ishiguro
  3. *
  4. * This file is part of GNU Zebra.
  5. *
  6. * GNU Zebra is free software; you can redistribute it and/or modify it
  7. * under the terms of the GNU General Public License as published by the
  8. * Free Software Foundation; either version 2, or (at your option) any
  9. * later version.
  10. *
  11. * GNU Zebra is distributed in the hope that it will be useful, but
  12. * WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14. * General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with GNU Zebra; see the file COPYING. If not, write to the Free
  18. * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  19. * 02111-1307, USA.
  20. */
  21. #include <zebra.h>
  22. #include <lib/version.h>
  23. #include <pwd.h>
  24. #ifdef USE_PAM
  25. #include <security/pam_appl.h>
  26. #ifdef HAVE_PAM_MISC_H
  27. #include <security/pam_misc.h>
  28. #endif
  29. #ifdef HAVE_OPENPAM_H
  30. #include <security/openpam.h>
  31. #endif
  32. #endif /* USE_PAM */
  33. #include "memory.h"
  34. #include "linklist.h"
  35. #include "command.h"
  36. #include "vtysh_user.h"
  37. #ifdef USE_PAM
  38. static struct pam_conv conv =
  39. {
  40. PAM_CONV_FUNC,
  41. NULL
  42. };
  43. static int
  44. vtysh_pam (const char *user)
  45. {
  46. int ret;
  47. pam_handle_t *pamh = NULL;
  48. /* Start PAM. */
  49. ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
  50. /* printf ("ret %d\n", ret); */
  51. /* Is user really user? */
  52. if (ret == PAM_SUCCESS)
  53. ret = pam_authenticate (pamh, 0);
  54. if (ret != PAM_SUCCESS)
  55. printf("Not authenticated. Check /etc/pam.d/quagga.\n");
  56. /* printf ("ret %d\n", ret); */
  57. #if 0
  58. /* Permitted access? */
  59. if (ret == PAM_SUCCESS)
  60. ret = pam_acct_mgmt (pamh, 0);
  61. printf ("ret %d\n", ret);
  62. if (ret == PAM_AUTHINFO_UNAVAIL)
  63. ret = PAM_SUCCESS;
  64. #endif /* 0 */
  65. /* This is where we have been authorized or not. */
  66. #ifdef DEBUG
  67. if (ret == PAM_SUCCESS)
  68. printf("Authenticated\n");
  69. else
  70. printf("Not Authenticated\n");
  71. #endif /* DEBUG */
  72. /* close Linux-PAM */
  73. if (pam_end (pamh, ret) != PAM_SUCCESS)
  74. {
  75. pamh = NULL;
  76. fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
  77. exit(1);
  78. }
  79. return ret == PAM_SUCCESS ? 0 : 1;
  80. }
  81. #endif /* USE_PAM */
  82. struct vtysh_user
  83. {
  84. char *name;
  85. u_char nopassword;
  86. };
  87. struct list *userlist;
  88. static struct vtysh_user *
  89. user_new ()
  90. {
  91. return XCALLOC (MTYPE_TMP, sizeof (struct vtysh_user));
  92. }
  93. #if 0
  94. static void
  95. user_free (struct vtysh_user *user)
  96. {
  97. XFREE (0, user);
  98. }
  99. #endif
  100. static struct vtysh_user *
  101. user_lookup (const char *name)
  102. {
  103. struct listnode *node, *nnode;
  104. struct vtysh_user *user;
  105. for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
  106. {
  107. if (strcmp (user->name, name) == 0)
  108. return user;
  109. }
  110. return NULL;
  111. }
  112. #if 0
  113. static void
  114. user_config_write ()
  115. {
  116. struct listnode *node, *nnode;
  117. struct vtysh_user *user;
  118. for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
  119. {
  120. if (user->nopassword)
  121. printf (" username %s nopassword\n", user->name);
  122. }
  123. }
  124. #endif
  125. static struct vtysh_user *
  126. user_get (const char *name)
  127. {
  128. struct vtysh_user *user;
  129. user = user_lookup (name);
  130. if (user)
  131. return user;
  132. user = user_new ();
  133. user->name = strdup (name);
  134. listnode_add (userlist, user);
  135. return user;
  136. }
  137. DEFUN (username_nopassword,
  138. username_nopassword_cmd,
  139. "username WORD nopassword",
  140. "\n"
  141. "\n"
  142. "\n")
  143. {
  144. struct vtysh_user *user;
  145. user = user_get (argv[0]);
  146. user->nopassword = 1;
  147. return CMD_SUCCESS;
  148. }
  149. int
  150. vtysh_auth (void)
  151. {
  152. struct vtysh_user *user;
  153. struct passwd *passwd;
  154. if ((passwd = getpwuid (geteuid ())) == NULL)
  155. {
  156. fprintf (stderr, "could not lookup user ID %d\n", (int) geteuid());
  157. exit (1);
  158. }
  159. user = user_lookup (passwd->pw_name);
  160. if (user && user->nopassword)
  161. /* Pass through */;
  162. else
  163. {
  164. #ifdef USE_PAM
  165. if (vtysh_pam (passwd->pw_name))
  166. exit (0);
  167. #endif /* USE_PAM */
  168. }
  169. return 0;
  170. }
  171. char *
  172. vtysh_get_home (void)
  173. {
  174. struct passwd *passwd;
  175. passwd = getpwuid (getuid ());
  176. return passwd ? passwd->pw_dir : NULL;
  177. }
  178. void
  179. vtysh_user_init (void)
  180. {
  181. userlist = list_new ();
  182. install_element (CONFIG_NODE, &username_nopassword_cmd);
  183. }