Annotation of embedaddon/quagga/vtysh/vtysh_user.c, revision 1.1.1.1
1.1 misho 1: /* User authentication for vtysh.
2: * Copyright (C) 2000 Kunihiro Ishiguro
3: *
4: * This file is part of GNU Zebra.
5: *
6: * GNU Zebra is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2, or (at your option) any
9: * later version.
10: *
11: * GNU Zebra is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of
13: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14: * General Public License for more details.
15: *
16: * You should have received a copy of the GNU General Public License
17: * along with GNU Zebra; see the file COPYING. If not, write to the Free
18: * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19: * 02111-1307, USA.
20: */
21:
22: #include <zebra.h>
23: #include <lib/version.h>
24:
25: #include <pwd.h>
26:
27: #ifdef USE_PAM
28: #include <security/pam_appl.h>
29: #ifdef HAVE_PAM_MISC_H
30: #include <security/pam_misc.h>
31: #endif
32: #ifdef HAVE_OPENPAM_H
33: #include <security/openpam.h>
34: #endif
35: #endif /* USE_PAM */
36:
37: #include "memory.h"
38: #include "linklist.h"
39: #include "command.h"
40:
41: #ifdef USE_PAM
42: static struct pam_conv conv =
43: {
44: PAM_CONV_FUNC,
45: NULL
46: };
47:
48: int
49: vtysh_pam (const char *user)
50: {
51: int ret;
52: pam_handle_t *pamh = NULL;
53:
54: /* Start PAM. */
55: ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
56: /* printf ("ret %d\n", ret); */
57:
58: /* Is user really user? */
59: if (ret == PAM_SUCCESS)
60: ret = pam_authenticate (pamh, 0);
61: /* printf ("ret %d\n", ret); */
62:
63: #if 0
64: /* Permitted access? */
65: if (ret == PAM_SUCCESS)
66: ret = pam_acct_mgmt (pamh, 0);
67: printf ("ret %d\n", ret);
68:
69: if (ret == PAM_AUTHINFO_UNAVAIL)
70: ret = PAM_SUCCESS;
71: #endif /* 0 */
72:
73: /* This is where we have been authorized or not. */
74: #ifdef DEBUG
75: if (ret == PAM_SUCCESS)
76: printf("Authenticated\n");
77: else
78: printf("Not Authenticated\n");
79: #endif /* DEBUG */
80:
81: /* close Linux-PAM */
82: if (pam_end (pamh, ret) != PAM_SUCCESS)
83: {
84: pamh = NULL;
85: fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
86: exit(1);
87: }
88:
89: return ret == PAM_SUCCESS ? 0 : 1;
90: }
91: #endif /* USE_PAM */
92:
93: struct vtysh_user
94: {
95: char *name;
96: u_char nopassword;
97: };
98:
99: struct list *userlist;
100:
101: struct vtysh_user *
102: user_new ()
103: {
104: return XCALLOC (0, sizeof (struct vtysh_user));
105: }
106:
107: void
108: user_free (struct vtysh_user *user)
109: {
110: XFREE (0, user);
111: }
112:
113: struct vtysh_user *
114: user_lookup (const char *name)
115: {
116: struct listnode *node, *nnode;
117: struct vtysh_user *user;
118:
119: for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
120: {
121: if (strcmp (user->name, name) == 0)
122: return user;
123: }
124: return NULL;
125: }
126:
127: void
128: user_config_write ()
129: {
130: struct listnode *node, *nnode;
131: struct vtysh_user *user;
132:
133: for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
134: {
135: if (user->nopassword)
136: printf (" username %s nopassword\n", user->name);
137: }
138: }
139:
140: struct vtysh_user *
141: user_get (const char *name)
142: {
143: struct vtysh_user *user;
144: user = user_lookup (name);
145: if (user)
146: return user;
147:
148: user = user_new ();
149: user->name = strdup (name);
150: listnode_add (userlist, user);
151:
152: return user;
153: }
154:
155: DEFUN (username_nopassword,
156: username_nopassword_cmd,
157: "username WORD nopassword",
158: "\n"
159: "\n"
160: "\n")
161: {
162: struct vtysh_user *user;
163: user = user_get (argv[0]);
164: user->nopassword = 1;
165: return CMD_SUCCESS;
166: }
167:
168: int
169: vtysh_auth ()
170: {
171: struct vtysh_user *user;
172: struct passwd *passwd;
173:
174: passwd = getpwuid (geteuid ());
175:
176: user = user_lookup (passwd->pw_name);
177: if (user && user->nopassword)
178: /* Pass through */;
179: else
180: {
181: #ifdef USE_PAM
182: if (vtysh_pam (passwd->pw_name))
183: exit (0);
184: #endif /* USE_PAM */
185: }
186: return 0;
187: }
188:
189: void
190: vtysh_user_init ()
191: {
192: userlist = list_new ();
193: install_element (CONFIG_NODE, &username_nopassword_cmd);
194: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>