1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
|
/* User authentication for vtysh.
* Copyright (C) 2000 Kunihiro Ishiguro
*
* This file is part of GNU Zebra.
*
* GNU Zebra is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* GNU Zebra is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GNU Zebra; see the file COPYING. If not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*/
#include <zebra.h>
#include <lib/version.h>
#include <pwd.h>
#ifdef USE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM_MISC_H
#include <security/pam_misc.h>
#endif
#ifdef HAVE_OPENPAM_H
#include <security/openpam.h>
#endif
#endif /* USE_PAM */
#include "memory.h"
#include "linklist.h"
#include "command.h"
#ifdef USE_PAM
static struct pam_conv conv =
{
PAM_CONV_FUNC,
NULL
};
int
vtysh_pam (const char *user)
{
int ret;
pam_handle_t *pamh = NULL;
/* Start PAM. */
ret = pam_start(QUAGGA_PROGNAME, user, &conv, &pamh);
/* printf ("ret %d\n", ret); */
/* Is user really user? */
if (ret == PAM_SUCCESS)
ret = pam_authenticate (pamh, 0);
/* printf ("ret %d\n", ret); */
#if 0
/* Permitted access? */
if (ret == PAM_SUCCESS)
ret = pam_acct_mgmt (pamh, 0);
printf ("ret %d\n", ret);
if (ret == PAM_AUTHINFO_UNAVAIL)
ret = PAM_SUCCESS;
#endif /* 0 */
/* This is where we have been authorized or not. */
#ifdef DEBUG
if (ret == PAM_SUCCESS)
printf("Authenticated\n");
else
printf("Not Authenticated\n");
#endif /* DEBUG */
/* close Linux-PAM */
if (pam_end (pamh, ret) != PAM_SUCCESS)
{
pamh = NULL;
fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
exit(1);
}
return ret == PAM_SUCCESS ? 0 : 1;
}
#endif /* USE_PAM */
struct vtysh_user
{
char *name;
u_char nopassword;
};
struct list *userlist;
struct vtysh_user *
user_new ()
{
struct vtysh_user *user;
user = XMALLOC (0, sizeof (struct vtysh_user));
memset (user, 0, sizeof (struct vtysh_user));
return user;
}
void
user_free (struct vtysh_user *user)
{
XFREE (0, user);
}
struct vtysh_user *
user_lookup (const char *name)
{
struct listnode *node, *nnode;
struct vtysh_user *user;
for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
{
if (strcmp (user->name, name) == 0)
return user;
}
return NULL;
}
void
user_config_write ()
{
struct listnode *node, *nnode;
struct vtysh_user *user;
for (ALL_LIST_ELEMENTS (userlist, node, nnode, user))
{
if (user->nopassword)
printf (" username %s nopassword\n", user->name);
}
}
struct vtysh_user *
user_get (const char *name)
{
struct vtysh_user *user;
user = user_lookup (name);
if (user)
return user;
user = user_new ();
user->name = strdup (name);
listnode_add (userlist, user);
return user;
}
DEFUN (username_nopassword,
username_nopassword_cmd,
"username WORD nopassword",
"\n"
"\n"
"\n")
{
struct vtysh_user *user;
user = user_get (argv[0]);
user->nopassword = 1;
return CMD_SUCCESS;
}
int
vtysh_auth ()
{
struct vtysh_user *user;
struct passwd *passwd;
passwd = getpwuid (geteuid ());
user = user_lookup (passwd->pw_name);
if (user && user->nopassword)
/* Pass through */;
else
{
#ifdef USE_PAM
if (vtysh_pam (passwd->pw_name))
exit (0);
#endif /* USE_PAM */
}
return 0;
}
void
vtysh_user_init ()
{
userlist = list_new ();
install_element (CONFIG_NODE, &username_nopassword_cmd);
}
|