Annotation of embedaddon/quagga/vtysh/vtysh_user.c, revision 1.1.1.1

1.1       misho       1: /* User authentication for vtysh.
                      2:  * Copyright (C) 2000 Kunihiro Ishiguro
                      3:  *
                      4:  * This file is part of GNU Zebra.
                      5:  *
                      6:  * GNU Zebra is free software; you can redistribute it and/or modify it
                      7:  * under the terms of the GNU General Public License as published by the
                      8:  * Free Software Foundation; either version 2, or (at your option) any
                      9:  * later version.
                     10:  *
                     11:  * GNU Zebra is distributed in the hope that it will be useful, but
                     12:  * WITHOUT ANY WARRANTY; without even the implied warranty of
                     13:  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
                     14:  * General Public License for more details.
                     15:  *
                     16:  * You should have received a copy of the GNU General Public License
                     17:  * along with GNU Zebra; see the file COPYING.  If not, write to the Free
                     18:  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
                     19:  * 02111-1307, USA.  
                     20:  */
                     21: 
                     22: #include <zebra.h>
                     23: #include <lib/version.h>
                     24: 
                     25: #include <pwd.h>
                     26: 
                     27: #ifdef USE_PAM
                     28: #include <security/pam_appl.h>
                     29: #ifdef HAVE_PAM_MISC_H
                     30: #include <security/pam_misc.h>
                     31: #endif
                     32: #ifdef HAVE_OPENPAM_H
                     33: #include <security/openpam.h>
                     34: #endif
                     35: #endif /* USE_PAM */
                     36: 
                     37: #include "memory.h"
                     38: #include "linklist.h"
                     39: #include "command.h"
                     40: 
                     41: #ifdef USE_PAM
                     42: static struct pam_conv conv = 
                     43: {
                     44:   PAM_CONV_FUNC,
                     45:   NULL
                     46: };
                     47: 
                     48: int
                     49: vtysh_pam (const char *user)
                     50: {
                     51:   int ret;
                     52:   pam_handle_t *pamh = NULL;
                     53: 
                     54:   /* Start PAM. */
                     55:   ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
                     56:   /* printf ("ret %d\n", ret); */
                     57: 
                     58:   /* Is user really user? */
                     59:   if (ret == PAM_SUCCESS)
                     60:     ret = pam_authenticate (pamh, 0);
                     61:   /* printf ("ret %d\n", ret); */
                     62:   
                     63: #if 0
                     64:   /* Permitted access? */
                     65:   if (ret == PAM_SUCCESS)
                     66:     ret = pam_acct_mgmt (pamh, 0);
                     67:   printf ("ret %d\n", ret);
                     68: 
                     69:   if (ret == PAM_AUTHINFO_UNAVAIL)
                     70:     ret = PAM_SUCCESS;
                     71: #endif /* 0 */
                     72:   
                     73:   /* This is where we have been authorized or not. */
                     74: #ifdef DEBUG
                     75:   if (ret == PAM_SUCCESS)
                     76:     printf("Authenticated\n");
                     77:   else
                     78:     printf("Not Authenticated\n");
                     79: #endif /* DEBUG */
                     80: 
                     81:   /* close Linux-PAM */
                     82:   if (pam_end (pamh, ret) != PAM_SUCCESS) 
                     83:     {
                     84:       pamh = NULL;
                     85:       fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
                     86:       exit(1);
                     87:     }
                     88: 
                     89:   return ret == PAM_SUCCESS ? 0 : 1;
                     90: }
                     91: #endif /* USE_PAM */
                     92: 
                     93: struct vtysh_user
                     94: {
                     95:   char *name;
                     96:   u_char nopassword;
                     97: };
                     98: 
                     99: struct list *userlist;
                    100: 
                    101: struct vtysh_user *
                    102: user_new ()
                    103: {
                    104:   return XCALLOC (0, sizeof (struct vtysh_user));
                    105: }
                    106: 
                    107: void
                    108: user_free (struct vtysh_user *user)
                    109: {
                    110:   XFREE (0, user);
                    111: }
                    112: 
                    113: struct vtysh_user *
                    114: user_lookup (const char *name)
                    115: {
                    116:   struct listnode *node, *nnode;
                    117:   struct vtysh_user *user;
                    118: 
                    119:   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
                    120:     {
                    121:       if (strcmp (user->name, name) == 0)
                    122:        return user;
                    123:     }
                    124:   return NULL;
                    125: }
                    126: 
                    127: void
                    128: user_config_write ()
                    129: {
                    130:   struct listnode *node, *nnode;
                    131:   struct vtysh_user *user;
                    132: 
                    133:   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
                    134:     {
                    135:       if (user->nopassword)
                    136:        printf (" username %s nopassword\n", user->name);
                    137:     }
                    138: }
                    139: 
                    140: struct vtysh_user *
                    141: user_get (const char *name)
                    142: {
                    143:   struct vtysh_user *user;
                    144:   user = user_lookup (name);
                    145:   if (user)
                    146:     return user;
                    147: 
                    148:   user = user_new ();
                    149:   user->name = strdup (name);
                    150:   listnode_add (userlist, user);
                    151: 
                    152:   return user;
                    153: }
                    154: 
                    155: DEFUN (username_nopassword,
                    156:        username_nopassword_cmd,
                    157:        "username WORD nopassword",
                    158:        "\n"
                    159:        "\n"
                    160:        "\n")
                    161: {
                    162:   struct vtysh_user *user;
                    163:   user = user_get (argv[0]);
                    164:   user->nopassword = 1;
                    165:   return CMD_SUCCESS;
                    166: }
                    167: 
                    168: int
                    169: vtysh_auth ()
                    170: {
                    171:   struct vtysh_user *user;
                    172:   struct passwd *passwd;
                    173: 
                    174:   passwd = getpwuid (geteuid ());
                    175: 
                    176:   user = user_lookup (passwd->pw_name);
                    177:   if (user && user->nopassword)
                    178:     /* Pass through */;
                    179:   else
                    180:     {
                    181: #ifdef USE_PAM
                    182:       if (vtysh_pam (passwd->pw_name))
                    183:        exit (0);
                    184: #endif /* USE_PAM */
                    185:     }
                    186:   return 0;
                    187: }
                    188: 
                    189: void
                    190: vtysh_user_init ()
                    191: {
                    192:   userlist = list_new ();
                    193:   install_element (CONFIG_NODE, &username_nopassword_cmd);
                    194: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>