blob: ecbe0f4c1a3fb3048e9241c18f9ca49f388c0ac1 [file] [log] [blame]
paul718e3742002-12-13 20:15:29 +00001/* User authentication for vtysh.
2 * Copyright (C) 2000 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the Free
18 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 * 02111-1307, USA.
20 */
21
22#include <zebra.h>
23
24#include <pwd.h>
25
26#ifdef USE_PAM
27#include <security/pam_appl.h>
paul24cd4352003-05-06 12:16:27 +000028#ifdef HAVE_PAM_MISC_H
paul718e3742002-12-13 20:15:29 +000029#include <security/pam_misc.h>
paul24cd4352003-05-06 12:16:27 +000030#endif
31#ifdef HAVE_OPENPAM_H
32#include <security/openpam.h>
33#endif
paul718e3742002-12-13 20:15:29 +000034#endif /* USE_PAM */
35
36#include "memory.h"
37#include "linklist.h"
38#include "command.h"
39
40#ifdef USE_PAM
41static struct pam_conv conv =
42{
paul24cd4352003-05-06 12:16:27 +000043 PAM_CONV_FUNC,
paul718e3742002-12-13 20:15:29 +000044 NULL
45};
46
47int
48vtysh_pam (char *user)
49{
50 int ret;
51 pam_handle_t *pamh = NULL;
52
53 /* Start PAM. */
54 ret = pam_start("zebra", user, &conv, &pamh);
55 /* printf ("ret %d\n", ret); */
56
57 /* Is user really user? */
58 if (ret == PAM_SUCCESS)
59 ret = pam_authenticate (pamh, 0);
60 /* printf ("ret %d\n", ret); */
61
62#if 0
63 /* Permitted access? */
64 if (ret == PAM_SUCCESS)
65 ret = pam_acct_mgmt (pamh, 0);
66 printf ("ret %d\n", ret);
67
68 if (ret == PAM_AUTHINFO_UNAVAIL)
69 ret = PAM_SUCCESS;
70#endif /* 0 */
71
72 /* This is where we have been authorized or not. */
73#ifdef DEBUG
74 if (ret == PAM_SUCCESS)
75 printf("Authenticated\n");
76 else
77 printf("Not Authenticated\n");
78#endif /* DEBUG */
79
80 /* close Linux-PAM */
81 if (pam_end (pamh, ret) != PAM_SUCCESS)
82 {
83 pamh = NULL;
84 fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
85 exit(1);
86 }
87
88 return ret == PAM_SUCCESS ? 0 : 1;
89}
90#endif /* USE_PAM */
91
92struct user
93{
94 char *name;
95 u_char nopassword;
96};
97
98struct list *userlist;
99
100struct user *
101user_new ()
102{
103 struct user *user;
104 user = XMALLOC (0, sizeof (struct user));
105 memset (user, 0, sizeof (struct user));
106 return user;
107}
108
109void
110user_free (struct user *user)
111{
112 XFREE (0, user);
113}
114
115struct user *
116user_lookup (char *name)
117{
118 struct listnode *nn;
119 struct user *user;
120
121 LIST_LOOP (userlist, user, nn)
122 {
123 if (strcmp (user->name, name) == 0)
124 return user;
125 }
126 return NULL;
127}
128
129void
130user_config_write ()
131{
132 struct listnode *nn;
133 struct user *user;
134
135 LIST_LOOP (userlist, user, nn)
136 {
137 if (user->nopassword)
138 printf (" username %s nopassword\n", user->name);
139 }
140}
141
142struct user *
143user_get (char *name)
144{
145 struct user *user;
146 user = user_lookup (name);
147 if (user)
148 return user;
149
150 user = user_new ();
151 user->name = strdup (name);
152 listnode_add (userlist, user);
153
154 return user;
155}
156
157DEFUN (username_nopassword,
158 username_nopassword_cmd,
159 "username WORD nopassword",
160 "\n"
161 "\n"
162 "\n")
163{
164 struct user *user;
165 user = user_get (argv[0]);
166 user->nopassword = 1;
167 return CMD_SUCCESS;
168}
169
170int
171vtysh_auth ()
172{
173 struct user *user;
174 struct passwd *passwd;
175
176 passwd = getpwuid (geteuid ());
177
178 user = user_lookup (passwd->pw_name);
179 if (user && user->nopassword)
180 /* Pass through */;
181 else
182 {
183#ifdef USE_PAM
184 if (vtysh_pam (passwd->pw_name))
185 exit (0);
186#endif /* USE_PAM */
187 }
188 return 0;
189}
190
191void
192vtysh_user_init ()
193{
194 userlist = list_new ();
195 install_element (CONFIG_NODE, &username_nopassword_cmd);
196}