diff options
| author | Paul Jakma <paul.jakma@sun.com> | 2008-08-23 14:27:06 +0100 |
|---|---|---|
| committer | Paul Jakma <paul@quagga.net> | 2008-08-23 14:27:06 +0100 |
| commit | 62687ff1cd3d4460cdbd4b0fbf1e3298fe277ad2 (patch) | |
| tree | 6bea5c1cf07d9d702c95fabe356fcec418b91398 /lib/command.c | |
| parent | b38309a4ee831a440ef78f8a27db584f2f8e8276 (diff) | |
[vty] Add support for a 'restricted mode' with anonymous vty connections
* lib/command.h: Add a RESTRICTED_NODE, intended for use with
anonymous, 'no login' vtys, to provide a subset of 'view' mode
commands.
* lib/command.c: Add RESTRICTED_NODE bits, nothing special, just
following VIEW_NODE.
* lib/vty.c: (vty_auth) enable authentication should fall back to
restricted/view node as appropriate.
(vty_create) init vty's to restricted/view node as appropriate,
for the 'no login' case.
(vty_{no_,}restricted_mode_cmd) config commands to enable
'anonymous restricted' in vty configuration.
(vty_config_write) 'anonymous restricted' config.
(vty_init) Install some commands to restricted mode, and the
'anonymous restricted' config commands into VTY_NODE.
* bgpd/*.c: Install some of the safe(r) BGP commands into
'restricted mode', i.e. lookup commands of non-sensitive data.
Useful with looking-glass route-servers.
Diffstat (limited to 'lib/command.c')
| -rw-r--r-- | lib/command.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/command.c b/lib/command.c index f3d96ede..4887f94f 100644 --- a/lib/command.c +++ b/lib/command.c @@ -53,6 +53,12 @@ struct cmd_node view_node = "%s> ", }; +struct cmd_node restricted_node = +{ + RESTRICTED_NODE, + "%s$ ", +}; + struct cmd_node auth_enable_node = { AUTH_ENABLE_NODE, @@ -1563,6 +1569,7 @@ cmd_try_do_shortcut (enum node_type node, char* first_word) { node != VIEW_NODE && node != AUTH_ENABLE_NODE && node != ENABLE_NODE && + node != RESTRICTED_NODE && 0 == strcmp( "do", first_word ) ) return 1; return 0; @@ -2376,6 +2383,7 @@ DEFUN (config_exit, { case VIEW_NODE: case ENABLE_NODE: + case RESTRICTED_NODE: if (vty_shell (vty)) exit (0); else @@ -2431,6 +2439,7 @@ DEFUN (config_end, { case VIEW_NODE: case ENABLE_NODE: + case RESTRICTED_NODE: /* Nothing to do. */ break; case CONFIG_NODE: @@ -3538,6 +3547,7 @@ cmd_init (int terminal) install_node (&enable_node, NULL); install_node (&auth_node, NULL); install_node (&auth_enable_node, NULL); + install_node (&restricted_node, NULL); install_node (&config_node, config_write_host); /* Each node's basic commands. */ @@ -3553,6 +3563,15 @@ cmd_init (int terminal) install_element (VIEW_NODE, &config_terminal_no_length_cmd); install_element (VIEW_NODE, &show_logging_cmd); install_element (VIEW_NODE, &echo_cmd); + + install_element (RESTRICTED_NODE, &config_list_cmd); + install_element (RESTRICTED_NODE, &config_exit_cmd); + install_element (RESTRICTED_NODE, &config_quit_cmd); + install_element (RESTRICTED_NODE, &config_help_cmd); + install_element (RESTRICTED_NODE, &config_enable_cmd); + install_element (RESTRICTED_NODE, &config_terminal_length_cmd); + install_element (RESTRICTED_NODE, &config_terminal_no_length_cmd); + install_element (RESTRICTED_NODE, &echo_cmd); } if (terminal) @@ -3620,6 +3639,7 @@ cmd_init (int terminal) install_element (VIEW_NODE, &show_thread_cpu_cmd); install_element (ENABLE_NODE, &show_thread_cpu_cmd); + install_element (RESTRICTED_NODE, &show_thread_cpu_cmd); install_element (VIEW_NODE, &show_work_queues_cmd); install_element (ENABLE_NODE, &show_work_queues_cmd); } |