Annotation of embedaddon/quagga/vtysh/vtysh_user.c, revision 1.1.1.2

1.1       misho       1: /* User authentication for vtysh.
                      2:  * Copyright (C) 2000 Kunihiro Ishiguro
                      3:  *
                      4:  * This file is part of GNU Zebra.
                      5:  *
                      6:  * GNU Zebra is free software; you can redistribute it and/or modify it
                      7:  * under the terms of the GNU General Public License as published by the
                      8:  * Free Software Foundation; either version 2, or (at your option) any
                      9:  * later version.
                     10:  *
                     11:  * GNU Zebra is distributed in the hope that it will be useful, but
                     12:  * WITHOUT ANY WARRANTY; without even the implied warranty of
                     13:  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
                     14:  * General Public License for more details.
                     15:  *
                     16:  * You should have received a copy of the GNU General Public License
                     17:  * along with GNU Zebra; see the file COPYING.  If not, write to the Free
                     18:  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
                     19:  * 02111-1307, USA.  
                     20:  */
                     21: 
                     22: #include <zebra.h>
                     23: #include <lib/version.h>
                     24: 
                     25: #include <pwd.h>
                     26: 
                     27: #ifdef USE_PAM
                     28: #include <security/pam_appl.h>
                     29: #ifdef HAVE_PAM_MISC_H
                     30: #include <security/pam_misc.h>
                     31: #endif
                     32: #ifdef HAVE_OPENPAM_H
                     33: #include <security/openpam.h>
                     34: #endif
                     35: #endif /* USE_PAM */
                     36: 
                     37: #include "memory.h"
                     38: #include "linklist.h"
                     39: #include "command.h"
1.1.1.2 ! misho      40: #include "vtysh_user.h"
1.1       misho      41: 
                     42: #ifdef USE_PAM
                     43: static struct pam_conv conv = 
                     44: {
                     45:   PAM_CONV_FUNC,
                     46:   NULL
                     47: };
                     48: 
1.1.1.2 ! misho      49: static int
1.1       misho      50: vtysh_pam (const char *user)
                     51: {
                     52:   int ret;
                     53:   pam_handle_t *pamh = NULL;
                     54: 
                     55:   /* Start PAM. */
                     56:   ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
                     57:   /* printf ("ret %d\n", ret); */
                     58: 
                     59:   /* Is user really user? */
                     60:   if (ret == PAM_SUCCESS)
                     61:     ret = pam_authenticate (pamh, 0);
                     62:   /* printf ("ret %d\n", ret); */
                     63:   
                     64: #if 0
                     65:   /* Permitted access? */
                     66:   if (ret == PAM_SUCCESS)
                     67:     ret = pam_acct_mgmt (pamh, 0);
                     68:   printf ("ret %d\n", ret);
                     69: 
                     70:   if (ret == PAM_AUTHINFO_UNAVAIL)
                     71:     ret = PAM_SUCCESS;
                     72: #endif /* 0 */
                     73:   
                     74:   /* This is where we have been authorized or not. */
                     75: #ifdef DEBUG
                     76:   if (ret == PAM_SUCCESS)
                     77:     printf("Authenticated\n");
                     78:   else
                     79:     printf("Not Authenticated\n");
                     80: #endif /* DEBUG */
                     81: 
                     82:   /* close Linux-PAM */
                     83:   if (pam_end (pamh, ret) != PAM_SUCCESS) 
                     84:     {
                     85:       pamh = NULL;
                     86:       fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
                     87:       exit(1);
                     88:     }
                     89: 
                     90:   return ret == PAM_SUCCESS ? 0 : 1;
                     91: }
                     92: #endif /* USE_PAM */
                     93: 
                     94: struct vtysh_user
                     95: {
                     96:   char *name;
                     97:   u_char nopassword;
                     98: };
                     99: 
                    100: struct list *userlist;
                    101: 
1.1.1.2 ! misho     102: static struct vtysh_user *
1.1       misho     103: user_new ()
                    104: {
                    105:   return XCALLOC (0, sizeof (struct vtysh_user));
                    106: }
                    107: 
1.1.1.2 ! misho     108: #if 0
        !           109: static void
1.1       misho     110: user_free (struct vtysh_user *user)
                    111: {
                    112:   XFREE (0, user);
                    113: }
1.1.1.2 ! misho     114: #endif
1.1       misho     115: 
1.1.1.2 ! misho     116: static struct vtysh_user *
1.1       misho     117: user_lookup (const char *name)
                    118: {
                    119:   struct listnode *node, *nnode;
                    120:   struct vtysh_user *user;
                    121: 
                    122:   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
                    123:     {
                    124:       if (strcmp (user->name, name) == 0)
                    125:        return user;
                    126:     }
                    127:   return NULL;
                    128: }
                    129: 
1.1.1.2 ! misho     130: #if 0
        !           131: static void
1.1       misho     132: user_config_write ()
                    133: {
                    134:   struct listnode *node, *nnode;
                    135:   struct vtysh_user *user;
                    136: 
                    137:   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
                    138:     {
                    139:       if (user->nopassword)
                    140:        printf (" username %s nopassword\n", user->name);
                    141:     }
                    142: }
1.1.1.2 ! misho     143: #endif
1.1       misho     144: 
1.1.1.2 ! misho     145: static struct vtysh_user *
1.1       misho     146: user_get (const char *name)
                    147: {
                    148:   struct vtysh_user *user;
                    149:   user = user_lookup (name);
                    150:   if (user)
                    151:     return user;
                    152: 
                    153:   user = user_new ();
                    154:   user->name = strdup (name);
                    155:   listnode_add (userlist, user);
                    156: 
                    157:   return user;
                    158: }
                    159: 
                    160: DEFUN (username_nopassword,
                    161:        username_nopassword_cmd,
                    162:        "username WORD nopassword",
                    163:        "\n"
                    164:        "\n"
                    165:        "\n")
                    166: {
                    167:   struct vtysh_user *user;
                    168:   user = user_get (argv[0]);
                    169:   user->nopassword = 1;
                    170:   return CMD_SUCCESS;
                    171: }
                    172: 
                    173: int
1.1.1.2 ! misho     174: vtysh_auth (void)
1.1       misho     175: {
                    176:   struct vtysh_user *user;
                    177:   struct passwd *passwd;
                    178: 
                    179:   passwd = getpwuid (geteuid ());
                    180: 
                    181:   user = user_lookup (passwd->pw_name);
                    182:   if (user && user->nopassword)
                    183:     /* Pass through */;
                    184:   else
                    185:     {
                    186: #ifdef USE_PAM
                    187:       if (vtysh_pam (passwd->pw_name))
                    188:        exit (0);
                    189: #endif /* USE_PAM */
                    190:     }
                    191:   return 0;
                    192: }
                    193: 
1.1.1.2 ! misho     194: char *
        !           195: vtysh_get_home (void)
        !           196: {
        !           197:   struct passwd *passwd;
        !           198: 
        !           199:   passwd = getpwuid (getuid ());
        !           200: 
        !           201:   return passwd ? passwd->pw_dir : NULL;
        !           202: }
        !           203: 
1.1       misho     204: void
1.1.1.2 ! misho     205: vtysh_user_init (void)
1.1       misho     206: {
                    207:   userlist = list_new ();
                    208:   install_element (CONFIG_NODE, &username_nopassword_cmd);
                    209: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>