[BACK]Return to vtysh_user.c CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / quagga / vtysh
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / quagga / vtysh / vtysh_user.c
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Nov 2 10:09:10 2016 UTC (7 years, 8 months ago) by misho
Branches: quagga, MAIN
CVS tags: v1_0_20160315, HEAD
quagga 1.0.20160315

    1: /* User authentication for vtysh.
    2:  * Copyright (C) 2000 Kunihiro Ishiguro
    3:  *
    4:  * This file is part of GNU Zebra.
    5:  *
    6:  * GNU Zebra is free software; you can redistribute it and/or modify it
    7:  * under the terms of the GNU General Public License as published by the
    8:  * Free Software Foundation; either version 2, or (at your option) any
    9:  * later version.
   10:  *
   11:  * GNU Zebra is distributed in the hope that it will be useful, but
   12:  * WITHOUT ANY WARRANTY; without even the implied warranty of
   13:  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   14:  * General Public License for more details.
   15:  *
   16:  * You should have received a copy of the GNU General Public License
   17:  * along with GNU Zebra; see the file COPYING.  If not, write to the Free
   18:  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
   19:  * 02111-1307, USA.  
   20:  */
   21: 
   22: #include <zebra.h>
   23: #include <lib/version.h>
   24: 
   25: #include <pwd.h>
   26: 
   27: #ifdef USE_PAM
   28: #include <security/pam_appl.h>
   29: #ifdef HAVE_PAM_MISC_H
   30: #include <security/pam_misc.h>
   31: #endif
   32: #ifdef HAVE_OPENPAM_H
   33: #include <security/openpam.h>
   34: #endif
   35: #endif /* USE_PAM */
   36: 
   37: #include "memory.h"
   38: #include "linklist.h"
   39: #include "command.h"
   40: #include "vtysh_user.h"
   41: 
   42: #ifdef USE_PAM
   43: static struct pam_conv conv = 
   44: {
   45:   PAM_CONV_FUNC,
   46:   NULL
   47: };
   48: 
   49: static int
   50: vtysh_pam (const char *user)
   51: {
   52:   int ret;
   53:   pam_handle_t *pamh = NULL;
   54: 
   55:   /* Start PAM. */
   56:   ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
   57:   /* printf ("ret %d\n", ret); */
   58: 
   59:   /* Is user really user? */
   60:   if (ret == PAM_SUCCESS)
   61:     ret = pam_authenticate (pamh, 0);
   62:   /* printf ("ret %d\n", ret); */
   63:   
   64: #if 0
   65:   /* Permitted access? */
   66:   if (ret == PAM_SUCCESS)
   67:     ret = pam_acct_mgmt (pamh, 0);
   68:   printf ("ret %d\n", ret);
   69: 
   70:   if (ret == PAM_AUTHINFO_UNAVAIL)
   71:     ret = PAM_SUCCESS;
   72: #endif /* 0 */
   73:   
   74:   /* This is where we have been authorized or not. */
   75: #ifdef DEBUG
   76:   if (ret == PAM_SUCCESS)
   77:     printf("Authenticated\n");
   78:   else
   79:     printf("Not Authenticated\n");
   80: #endif /* DEBUG */
   81: 
   82:   /* close Linux-PAM */
   83:   if (pam_end (pamh, ret) != PAM_SUCCESS) 
   84:     {
   85:       pamh = NULL;
   86:       fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
   87:       exit(1);
   88:     }
   89: 
   90:   return ret == PAM_SUCCESS ? 0 : 1;
   91: }
   92: #endif /* USE_PAM */
   93: 
   94: struct vtysh_user
   95: {
   96:   char *name;
   97:   u_char nopassword;
   98: };
   99: 
  100: struct list *userlist;
  101: 
  102: static struct vtysh_user *
  103: user_new ()
  104: {
  105:   return XCALLOC (0, sizeof (struct vtysh_user));
  106: }
  107: 
  108: #if 0
  109: static void
  110: user_free (struct vtysh_user *user)
  111: {
  112:   XFREE (0, user);
  113: }
  114: #endif
  115: 
  116: static struct vtysh_user *
  117: user_lookup (const char *name)
  118: {
  119:   struct listnode *node, *nnode;
  120:   struct vtysh_user *user;
  121: 
  122:   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
  123:     {
  124:       if (strcmp (user->name, name) == 0)
  125: 	return user;
  126:     }
  127:   return NULL;
  128: }
  129: 
  130: #if 0
  131: static void
  132: user_config_write ()
  133: {
  134:   struct listnode *node, *nnode;
  135:   struct vtysh_user *user;
  136: 
  137:   for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
  138:     {
  139:       if (user->nopassword)
  140: 	printf (" username %s nopassword\n", user->name);
  141:     }
  142: }
  143: #endif
  144: 
  145: static struct vtysh_user *
  146: user_get (const char *name)
  147: {
  148:   struct vtysh_user *user;
  149:   user = user_lookup (name);
  150:   if (user)
  151:     return user;
  152: 
  153:   user = user_new ();
  154:   user->name = strdup (name);
  155:   listnode_add (userlist, user);
  156: 
  157:   return user;
  158: }
  159: 
  160: DEFUN (username_nopassword,
  161:        username_nopassword_cmd,
  162:        "username WORD nopassword",
  163:        "\n"
  164:        "\n"
  165:        "\n")
  166: {
  167:   struct vtysh_user *user;
  168:   user = user_get (argv[0]);
  169:   user->nopassword = 1;
  170:   return CMD_SUCCESS;
  171: }
  172: 
  173: int
  174: vtysh_auth (void)
  175: {
  176:   struct vtysh_user *user;
  177:   struct passwd *passwd;
  178: 
  179:   passwd = getpwuid (geteuid ());
  180: 
  181:   user = user_lookup (passwd->pw_name);
  182:   if (user && user->nopassword)
  183:     /* Pass through */;
  184:   else
  185:     {
  186: #ifdef USE_PAM
  187:       if (vtysh_pam (passwd->pw_name))
  188: 	exit (0);
  189: #endif /* USE_PAM */
  190:     }
  191:   return 0;
  192: }
  193: 
  194: char *
  195: vtysh_get_home (void)
  196: {
  197:   struct passwd *passwd;
  198: 
  199:   passwd = getpwuid (getuid ());
  200: 
  201:   return passwd ? passwd->pw_dir : NULL;
  202: }
  203: 
  204: void
  205: vtysh_user_init (void)
  206: {
  207:   userlist = list_new ();
  208:   install_element (CONFIG_NODE, &username_nopassword_cmd);
  209: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>