| paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 1 | /* User authentication for vtysh. |
| 2 | * Copyright (C) 2000 Kunihiro Ishiguro |
| 3 | * |
| 4 | * This file is part of GNU Zebra. |
| 5 | * |
| 6 | * GNU Zebra is free software; you can redistribute it and/or modify it |
| 7 | * under the terms of the GNU General Public License as published by the |
| 8 | * Free Software Foundation; either version 2, or (at your option) any |
| 9 | * later version. |
| 10 | * |
| 11 | * GNU Zebra is distributed in the hope that it will be useful, but |
| 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | * General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License |
| 17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free |
| 18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
| 19 | * 02111-1307, USA. |
| 20 | */ |
| 21 | |
| 22 | #include <zebra.h> |
| 23 | |
| 24 | #include <pwd.h> |
| 25 | |
| 26 | #ifdef USE_PAM |
| 27 | #include <security/pam_appl.h> |
| paul | 24cd435 | 2003-05-06 12:16:27 +0000 | [diff] [blame^] | 28 | #ifdef HAVE_PAM_MISC_H |
| paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 29 | #include <security/pam_misc.h> |
| paul | 24cd435 | 2003-05-06 12:16:27 +0000 | [diff] [blame^] | 30 | #endif |
| 31 | #ifdef HAVE_OPENPAM_H |
| 32 | #include <security/openpam.h> |
| 33 | #endif |
| paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 34 | #endif /* USE_PAM */ |
| 35 | |
| 36 | #include "memory.h" |
| 37 | #include "linklist.h" |
| 38 | #include "command.h" |
| 39 | |
| 40 | #ifdef USE_PAM |
| 41 | static struct pam_conv conv = |
| 42 | { |
| paul | 24cd435 | 2003-05-06 12:16:27 +0000 | [diff] [blame^] | 43 | PAM_CONV_FUNC, |
| paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 44 | NULL |
| 45 | }; |
| 46 | |
| 47 | int |
| 48 | vtysh_pam (char *user) |
| 49 | { |
| 50 | int ret; |
| 51 | pam_handle_t *pamh = NULL; |
| 52 | |
| 53 | /* Start PAM. */ |
| 54 | ret = pam_start("zebra", user, &conv, &pamh); |
| 55 | /* printf ("ret %d\n", ret); */ |
| 56 | |
| 57 | /* Is user really user? */ |
| 58 | if (ret == PAM_SUCCESS) |
| 59 | ret = pam_authenticate (pamh, 0); |
| 60 | /* printf ("ret %d\n", ret); */ |
| 61 | |
| 62 | #if 0 |
| 63 | /* Permitted access? */ |
| 64 | if (ret == PAM_SUCCESS) |
| 65 | ret = pam_acct_mgmt (pamh, 0); |
| 66 | printf ("ret %d\n", ret); |
| 67 | |
| 68 | if (ret == PAM_AUTHINFO_UNAVAIL) |
| 69 | ret = PAM_SUCCESS; |
| 70 | #endif /* 0 */ |
| 71 | |
| 72 | /* This is where we have been authorized or not. */ |
| 73 | #ifdef DEBUG |
| 74 | if (ret == PAM_SUCCESS) |
| 75 | printf("Authenticated\n"); |
| 76 | else |
| 77 | printf("Not Authenticated\n"); |
| 78 | #endif /* DEBUG */ |
| 79 | |
| 80 | /* close Linux-PAM */ |
| 81 | if (pam_end (pamh, ret) != PAM_SUCCESS) |
| 82 | { |
| 83 | pamh = NULL; |
| 84 | fprintf(stderr, "vtysh_pam: failed to release authenticator\n"); |
| 85 | exit(1); |
| 86 | } |
| 87 | |
| 88 | return ret == PAM_SUCCESS ? 0 : 1; |
| 89 | } |
| 90 | #endif /* USE_PAM */ |
| 91 | |
| 92 | struct user |
| 93 | { |
| 94 | char *name; |
| 95 | u_char nopassword; |
| 96 | }; |
| 97 | |
| 98 | struct list *userlist; |
| 99 | |
| 100 | struct user * |
| 101 | user_new () |
| 102 | { |
| 103 | struct user *user; |
| 104 | user = XMALLOC (0, sizeof (struct user)); |
| 105 | memset (user, 0, sizeof (struct user)); |
| 106 | return user; |
| 107 | } |
| 108 | |
| 109 | void |
| 110 | user_free (struct user *user) |
| 111 | { |
| 112 | XFREE (0, user); |
| 113 | } |
| 114 | |
| 115 | struct user * |
| 116 | user_lookup (char *name) |
| 117 | { |
| 118 | struct listnode *nn; |
| 119 | struct user *user; |
| 120 | |
| 121 | LIST_LOOP (userlist, user, nn) |
| 122 | { |
| 123 | if (strcmp (user->name, name) == 0) |
| 124 | return user; |
| 125 | } |
| 126 | return NULL; |
| 127 | } |
| 128 | |
| 129 | void |
| 130 | user_config_write () |
| 131 | { |
| 132 | struct listnode *nn; |
| 133 | struct user *user; |
| 134 | |
| 135 | LIST_LOOP (userlist, user, nn) |
| 136 | { |
| 137 | if (user->nopassword) |
| 138 | printf (" username %s nopassword\n", user->name); |
| 139 | } |
| 140 | } |
| 141 | |
| 142 | struct user * |
| 143 | user_get (char *name) |
| 144 | { |
| 145 | struct user *user; |
| 146 | user = user_lookup (name); |
| 147 | if (user) |
| 148 | return user; |
| 149 | |
| 150 | user = user_new (); |
| 151 | user->name = strdup (name); |
| 152 | listnode_add (userlist, user); |
| 153 | |
| 154 | return user; |
| 155 | } |
| 156 | |
| 157 | DEFUN (username_nopassword, |
| 158 | username_nopassword_cmd, |
| 159 | "username WORD nopassword", |
| 160 | "\n" |
| 161 | "\n" |
| 162 | "\n") |
| 163 | { |
| 164 | struct user *user; |
| 165 | user = user_get (argv[0]); |
| 166 | user->nopassword = 1; |
| 167 | return CMD_SUCCESS; |
| 168 | } |
| 169 | |
| 170 | int |
| 171 | vtysh_auth () |
| 172 | { |
| 173 | struct user *user; |
| 174 | struct passwd *passwd; |
| 175 | |
| 176 | passwd = getpwuid (geteuid ()); |
| 177 | |
| 178 | user = user_lookup (passwd->pw_name); |
| 179 | if (user && user->nopassword) |
| 180 | /* Pass through */; |
| 181 | else |
| 182 | { |
| 183 | #ifdef USE_PAM |
| 184 | if (vtysh_pam (passwd->pw_name)) |
| 185 | exit (0); |
| 186 | #endif /* USE_PAM */ |
| 187 | } |
| 188 | return 0; |
| 189 | } |
| 190 | |
| 191 | void |
| 192 | vtysh_user_init () |
| 193 | { |
| 194 | userlist = list_new (); |
| 195 | install_element (CONFIG_NODE, &username_nopassword_cmd); |
| 196 | } |