summaryrefslogtreecommitdiffstats
path: root/vtysh/vtysh_user.c
diff options
context:
space:
mode:
Diffstat (limited to 'vtysh/vtysh_user.c')
-rw-r--r--vtysh/vtysh_user.c191
1 files changed, 191 insertions, 0 deletions
diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c
new file mode 100644
index 000000000..b84da2ebe
--- /dev/null
+++ b/vtysh/vtysh_user.c
@@ -0,0 +1,191 @@
+/* User authentication for vtysh.
+ * Copyright (C) 2000 Kunihiro Ishiguro
+ *
+ * This file is part of GNU Zebra.
+ *
+ * GNU Zebra is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2, or (at your option) any
+ * later version.
+ *
+ * GNU Zebra is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNU Zebra; see the file COPYING. If not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include <zebra.h>
+
+#include <pwd.h>
+
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#endif /* USE_PAM */
+
+#include "memory.h"
+#include "linklist.h"
+#include "command.h"
+
+#ifdef USE_PAM
+static struct pam_conv conv =
+{
+ misc_conv,
+ NULL
+};
+
+int
+vtysh_pam (char *user)
+{
+ int ret;
+ pam_handle_t *pamh = NULL;
+
+ /* Start PAM. */
+ ret = pam_start("zebra", user, &conv, &pamh);
+ /* printf ("ret %d\n", ret); */
+
+ /* Is user really user? */
+ if (ret == PAM_SUCCESS)
+ ret = pam_authenticate (pamh, 0);
+ /* printf ("ret %d\n", ret); */
+
+#if 0
+ /* Permitted access? */
+ if (ret == PAM_SUCCESS)
+ ret = pam_acct_mgmt (pamh, 0);
+ printf ("ret %d\n", ret);
+
+ if (ret == PAM_AUTHINFO_UNAVAIL)
+ ret = PAM_SUCCESS;
+#endif /* 0 */
+
+ /* This is where we have been authorized or not. */
+#ifdef DEBUG
+ if (ret == PAM_SUCCESS)
+ printf("Authenticated\n");
+ else
+ printf("Not Authenticated\n");
+#endif /* DEBUG */
+
+ /* close Linux-PAM */
+ if (pam_end (pamh, ret) != PAM_SUCCESS)
+ {
+ pamh = NULL;
+ fprintf(stderr, "vtysh_pam: failed to release authenticator\n");
+ exit(1);
+ }
+
+ return ret == PAM_SUCCESS ? 0 : 1;
+}
+#endif /* USE_PAM */
+
+struct user
+{
+ char *name;
+ u_char nopassword;
+};
+
+struct list *userlist;
+
+struct user *
+user_new ()
+{
+ struct user *user;
+ user = XMALLOC (0, sizeof (struct user));
+ memset (user, 0, sizeof (struct user));
+ return user;
+}
+
+void
+user_free (struct user *user)
+{
+ XFREE (0, user);
+}
+
+struct user *
+user_lookup (char *name)
+{
+ struct listnode *nn;
+ struct user *user;
+
+ LIST_LOOP (userlist, user, nn)
+ {
+ if (strcmp (user->name, name) == 0)
+ return user;
+ }
+ return NULL;
+}
+
+void
+user_config_write ()
+{
+ struct listnode *nn;
+ struct user *user;
+
+ LIST_LOOP (userlist, user, nn)
+ {
+ if (user->nopassword)
+ printf (" username %s nopassword\n", user->name);
+ }
+}
+
+struct user *
+user_get (char *name)
+{
+ struct user *user;
+ user = user_lookup (name);
+ if (user)
+ return user;
+
+ user = user_new ();
+ user->name = strdup (name);
+ listnode_add (userlist, user);
+
+ return user;
+}
+
+DEFUN (username_nopassword,
+ username_nopassword_cmd,
+ "username WORD nopassword",
+ "\n"
+ "\n"
+ "\n")
+{
+ struct user *user;
+ user = user_get (argv[0]);
+ user->nopassword = 1;
+ return CMD_SUCCESS;
+}
+
+int
+vtysh_auth ()
+{
+ struct user *user;
+ struct passwd *passwd;
+
+ passwd = getpwuid (geteuid ());
+
+ user = user_lookup (passwd->pw_name);
+ if (user && user->nopassword)
+ /* Pass through */;
+ else
+ {
+#ifdef USE_PAM
+ if (vtysh_pam (passwd->pw_name))
+ exit (0);
+#endif /* USE_PAM */
+ }
+ return 0;
+}
+
+void
+vtysh_user_init ()
+{
+ userlist = list_new ();
+ install_element (CONFIG_NODE, &username_nopassword_cmd);
+}