diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-27 14:25:29 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-27 14:25:29 -0700 |
| commit | ea01b56bc3f43b268d32d175095a2a930d3b2967 (patch) | |
| tree | e3e11bc827541bc983105a731636a78bc30bb5fa /lib/vty.c | |
| parent | 0eb78a78cffc4a5c13e2b5daff5fa257b3f1d8d6 (diff) | |
| parent | d3e384e4f00aa90db4310f82f3cbe6528e256334 (diff) | |
| download | quagga-ea01b56bc3f43b268d32d175095a2a930d3b2967.tar.bz2 quagga-ea01b56bc3f43b268d32d175095a2a930d3b2967.tar.xz | |
Merge in latest quagga (0.99.11)
Merge in current upstream version of quagga.
Diffstat (limited to 'lib/vty.c')
| -rw-r--r-- | lib/vty.c | 52 |
1 files changed, 46 insertions, 6 deletions
@@ -82,6 +82,10 @@ static int vty_config; /* Login password check. */ static int no_password_check = 0; +/* Restrict unauthenticated logins? */ +static const u_char restricted_mode_default = 0; +static u_char restricted_mode = 0; + /* Integrated configuration file path */ char integrate_default[] = SYSCONFDIR INTEGRATE_DEFAULT_CONFIG; @@ -383,7 +387,7 @@ vty_auth (struct vty *vty, char *buf) /* AUTH_ENABLE_NODE */ vty->fail = 0; vty_out (vty, "%% Bad enable passwords, too many failures!%s", VTY_NEWLINE); - vty->node = VIEW_NODE; + vty->node = restricted_mode ? RESTRICTED_NODE : VIEW_NODE; } } } @@ -687,6 +691,7 @@ vty_end_config (struct vty *vty) { case VIEW_NODE: case ENABLE_NODE: + case RESTRICTED_NODE: /* Nothing to do. */ break; case CONFIG_NODE: @@ -727,9 +732,6 @@ vty_delete_char (struct vty *vty) int i; int size; - if (vty->node == AUTH_NODE || vty->node == AUTH_ENABLE_NODE) - return; - if (vty->length == 0) { vty_down_level (vty); @@ -744,6 +746,9 @@ vty_delete_char (struct vty *vty) vty->length--; memmove (&vty->buf[vty->cp], &vty->buf[vty->cp + 1], size - 1); vty->buf[vty->length] = '\0'; + + if (vty->node == AUTH_NODE || vty->node == AUTH_ENABLE_NODE) + return; vty_write (vty, &vty->buf[vty->cp], size - 1); vty_write (vty, &telnet_space_char, 1); @@ -1094,6 +1099,7 @@ vty_stop_input (struct vty *vty) { case VIEW_NODE: case ENABLE_NODE: + case RESTRICTED_NODE: /* Nothing to do. */ break; case CONFIG_NODE: @@ -1613,7 +1619,9 @@ vty_create (int vty_sock, union sockunion *su) vty->address = sockunion_su2str (su); if (no_password_check) { - if (host.advanced) + if (restricted_mode) + vty->node = RESTRICTED_NODE; + else if (host.advanced) vty->node = ENABLE_NODE; else vty->node = VIEW_NODE; @@ -2717,6 +2725,26 @@ DEFUN (no_vty_login, return CMD_SUCCESS; } +/* initial mode. */ +DEFUN (vty_restricted_mode, + vty_restricted_mode_cmd, + "anonymous restricted", + "Restrict view commands available in anonymous, unauthenticated vty\n") +{ + restricted_mode = 1; + return CMD_SUCCESS; +} + +DEFUN (vty_no_restricted_mode, + vty_no_restricted_mode_cmd, + "no anonymous restricted", + NO_STR + "Enable password checking\n") +{ + restricted_mode = 0; + return CMD_SUCCESS; +} + DEFUN (service_advanced_vty, service_advanced_vty_cmd, "service advanced-vty", @@ -2814,7 +2842,15 @@ vty_config_write (struct vty *vty) /* login */ if (no_password_check) vty_out (vty, " no login%s", VTY_NEWLINE); - + + if (restricted_mode != restricted_mode_default) + { + if (restricted_mode_default) + vty_out (vty, " no anonymous restricted%s", VTY_NEWLINE); + else + vty_out (vty, " anonymous restricted%s", VTY_NEWLINE); + } + vty_out (vty, "!%s", VTY_NEWLINE); return CMD_SUCCESS; @@ -2925,6 +2961,8 @@ vty_init (struct thread_master *master_thread) /* Install bgp top node. */ install_node (&vty_node, vty_config_write); + install_element (RESTRICTED_NODE, &config_who_cmd); + install_element (RESTRICTED_NODE, &show_history_cmd); install_element (VIEW_NODE, &config_who_cmd); install_element (VIEW_NODE, &show_history_cmd); install_element (ENABLE_NODE, &config_who_cmd); @@ -2945,6 +2983,8 @@ vty_init (struct thread_master *master_thread) install_element (VTY_NODE, &no_vty_access_class_cmd); install_element (VTY_NODE, &vty_login_cmd); install_element (VTY_NODE, &no_vty_login_cmd); + install_element (VTY_NODE, &vty_restricted_mode_cmd); + install_element (VTY_NODE, &vty_no_restricted_mode_cmd); #ifdef HAVE_IPV6 install_element (VTY_NODE, &vty_ipv6_access_class_cmd); install_element (VTY_NODE, &no_vty_ipv6_access_class_cmd); |