Annotation of embedaddon/quagga/vtysh/vtysh_user.c, revision 1.1
1.1 ! misho 1: /* User authentication for vtysh.
! 2: * Copyright (C) 2000 Kunihiro Ishiguro
! 3: *
! 4: * This file is part of GNU Zebra.
! 5: *
! 6: * GNU Zebra is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2, or (at your option) any
! 9: * later version.
! 10: *
! 11: * GNU Zebra is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of
! 13: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
! 14: * General Public License for more details.
! 15: *
! 16: * You should have received a copy of the GNU General Public License
! 17: * along with GNU Zebra; see the file COPYING. If not, write to the Free
! 18: * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
! 19: * 02111-1307, USA.
! 20: */
! 21:
! 22: #include <zebra.h>
! 23: #include <lib/version.h>
! 24:
! 25: #include <pwd.h>
! 26:
! 27: #ifdef USE_PAM
! 28: #include <security/pam_appl.h>
! 29: #ifdef HAVE_PAM_MISC_H
! 30: #include <security/pam_misc.h>
! 31: #endif
! 32: #ifdef HAVE_OPENPAM_H
! 33: #include <security/openpam.h>
! 34: #endif
! 35: #endif /* USE_PAM */
! 36:
! 37: #include "memory.h"
! 38: #include "linklist.h"
! 39: #include "command.h"
! 40:
! 41: #ifdef USE_PAM
! 42: static struct pam_conv conv =
! 43: {
! 44: PAM_CONV_FUNC,
! 45: NULL
! 46: };
! 47:
! 48: int
! 49: vtysh_pam (const char *user)
! 50: {
! 51: int ret;
! 52: pam_handle_t *pamh = NULL;
! 53:
! 54: /* Start PAM. */
! 55: ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
! 56: /* printf ("ret %d\n", ret); */
! 57:
! 58: /* Is user really user? */
! 59: if (ret == PAM_SUCCESS)
! 60: ret = pam_authenticate (pamh, 0);
! 61: /* printf ("ret %d\n", ret); */
! 62:
! 63: #if 0
! 64: /* Permitted access? */
! 65: if (ret == PAM_SUCCESS)
! 66: ret = pam_acct_mgmt (pamh, 0);
! 67: printf ("ret %d\n", ret);
! 68:
! 69: if (ret == PAM_AUTHINFO_UNAVAIL)
! 70: ret = PAM_SUCCESS;
! 71: #endif /* 0 */
! 72:
! 73: /* This is where we have been authorized or not. */
! 74: #ifdef DEBUG
! 75: if (ret == PAM_SUCCESS)
! 76: printf("Authenticated\n");
! 77: else
! 78: printf("Not Authenticated\n");
! 79: #endif /* DEBUG */
! 80:
! 81: /* close Linux-PAM */
! 82: if (pam_end (pamh, ret) != PAM_SUCCESS)
! 83: {
! 84: pamh = NULL;
! 85: fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
! 86: exit(1);
! 87: }
! 88:
! 89: return ret == PAM_SUCCESS ? 0 : 1;
! 90: }
! 91: #endif /* USE_PAM */
! 92:
! 93: struct vtysh_user
! 94: {
! 95: char *name;
! 96: u_char nopassword;
! 97: };
! 98:
! 99: struct list *userlist;
! 100:
! 101: struct vtysh_user *
! 102: user_new ()
! 103: {
! 104: return XCALLOC (0, sizeof (struct vtysh_user));
! 105: }
! 106:
! 107: void
! 108: user_free (struct vtysh_user *user)
! 109: {
! 110: XFREE (0, user);
! 111: }
! 112:
! 113: struct vtysh_user *
! 114: user_lookup (const char *name)
! 115: {
! 116: struct listnode *node, *nnode;
! 117: struct vtysh_user *user;
! 118:
! 119: for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
! 120: {
! 121: if (strcmp (user->name, name) == 0)
! 122: return user;
! 123: }
! 124: return NULL;
! 125: }
! 126:
! 127: void
! 128: user_config_write ()
! 129: {
! 130: struct listnode *node, *nnode;
! 131: struct vtysh_user *user;
! 132:
! 133: for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
! 134: {
! 135: if (user->nopassword)
! 136: printf (" username %s nopassword\n", user->name);
! 137: }
! 138: }
! 139:
! 140: struct vtysh_user *
! 141: user_get (const char *name)
! 142: {
! 143: struct vtysh_user *user;
! 144: user = user_lookup (name);
! 145: if (user)
! 146: return user;
! 147:
! 148: user = user_new ();
! 149: user->name = strdup (name);
! 150: listnode_add (userlist, user);
! 151:
! 152: return user;
! 153: }
! 154:
! 155: DEFUN (username_nopassword,
! 156: username_nopassword_cmd,
! 157: "username WORD nopassword",
! 158: "\n"
! 159: "\n"
! 160: "\n")
! 161: {
! 162: struct vtysh_user *user;
! 163: user = user_get (argv[0]);
! 164: user->nopassword = 1;
! 165: return CMD_SUCCESS;
! 166: }
! 167:
! 168: int
! 169: vtysh_auth ()
! 170: {
! 171: struct vtysh_user *user;
! 172: struct passwd *passwd;
! 173:
! 174: passwd = getpwuid (geteuid ());
! 175:
! 176: user = user_lookup (passwd->pw_name);
! 177: if (user && user->nopassword)
! 178: /* Pass through */;
! 179: else
! 180: {
! 181: #ifdef USE_PAM
! 182: if (vtysh_pam (passwd->pw_name))
! 183: exit (0);
! 184: #endif /* USE_PAM */
! 185: }
! 186: return 0;
! 187: }
! 188:
! 189: void
! 190: vtysh_user_init ()
! 191: {
! 192: userlist = list_new ();
! 193: install_element (CONFIG_NODE, &username_nopassword_cmd);
! 194: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to vtysh_user.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / quagga / vtysh