/* Extern host structure from command.c */
extern struct host host;
-\f
+
/* Vector which store each vty structure. */
static vector vtyvec;
static char *vty_ipv6_accesslist_name = NULL;
/* VTY server thread. */
-vector Vvty_serv_thread;
+static vector Vvty_serv_thread;
/* Current directory. */
char *vty_cwd = NULL;
/* Login password check. */
static int no_password_check = 0;
+/* Restrict unauthenticated logins? */
+static const u_char restricted_mode_default = 0;
+static u_char restricted_mode = 0;
+
/* Integrated configuration file path */
char integrate_default[] = SYSCONFDIR INTEGRATE_DEFAULT_CONFIG;
-\f
+
/* VTY standard output function. */
int
vty_out (struct vty *vty, const char *format, ...)
static int
vty_log_out (struct vty *vty, const char *level, const char *proto_str,
- const char *format, va_list va)
+ const char *format, struct timestamp_control *ctl, va_list va)
{
int ret;
int len;
char buf[1024];
- struct tm *tm;
- if ((tm = localtime(&recent_time.tv_sec)) != NULL)
- len = strftime(buf, sizeof(buf), "%Y/%m/%d %H:%M:%S ", tm);
- else
- len = 0;
+ if (!ctl->already_rendered)
+ {
+ ctl->len = quagga_timestamp(ctl->precision, ctl->buf, sizeof(ctl->buf));
+ ctl->already_rendered = 1;
+ }
+ if (ctl->len+1 >= sizeof(buf))
+ return -1;
+ memcpy(buf, ctl->buf, len = ctl->len);
+ buf[len++] = ' ';
+ buf[len] = '\0';
if (level)
ret = snprintf(buf+len, sizeof(buf)-len, "%s: %s: ", level, proto_str);
zlog_warn("%s: write failed to vty client fd %d, closing: %s",
__func__, vty->fd, safe_strerror(errno));
buffer_reset(vty->obuf);
- vty_close(vty);
+ /* cannot call vty_close, because a parent routine may still try
+ to access the vty struct */
+ vty->status = VTY_CLOSE;
+ shutdown(vty->fd, SHUT_RDWR);
return -1;
}
return 0;
void
vty_time_print (struct vty *vty, int cr)
{
- time_t clock;
- struct tm *tm;
-#define TIME_BUF 25
- char buf [TIME_BUF];
- int ret;
+ char buf [25];
- time (&clock);
- tm = localtime (&clock);
-
- ret = strftime (buf, TIME_BUF, "%Y/%m/%d %H:%M:%S", tm);
- if (ret == 0)
+ if (quagga_timestamp(0, buf, sizeof(buf)) == 0)
{
- zlog (NULL, LOG_INFO, "strftime error");
+ zlog (NULL, LOG_INFO, "quagga_timestamp error");
return;
}
if (cr)
vty_out (vty, "MOTD file not found%s", VTY_NEWLINE);
}
else if (host.motd)
- vty_out (vty, host.motd);
+ vty_out (vty, "%s", host.motd);
}
/* Put out prompt and wait input from user. */
new->obuf = buffer_new(0); /* Use default buffer size. */
new->buf = XCALLOC (MTYPE_VTY, VTY_BUFSIZ);
+ new->error_buf = XCALLOC (MTYPE_VTY, VTY_BUFSIZ);
new->max = VTY_BUFSIZ;
return new;
/* AUTH_ENABLE_NODE */
vty->fail = 0;
vty_out (vty, "%% Bad enable passwords, too many failures!%s", VTY_NEWLINE);
- vty->node = VIEW_NODE;
+ vty->node = restricted_mode ? RESTRICTED_NODE : VIEW_NODE;
}
}
}
return ret;
}
-\f
+
static const char telnet_backward_char = 0x08;
static const char telnet_space_char = ' ';
{
vty->max *= 2;
vty->buf = XREALLOC (MTYPE_VTY, vty->buf, vty->max);
+ vty->error_buf = XREALLOC (MTYPE_VTY, vty->error_buf, vty->max);
}
}
{
case VIEW_NODE:
case ENABLE_NODE:
+ case RESTRICTED_NODE:
/* Nothing to do. */
break;
case CONFIG_NODE:
int i;
int size;
- if (vty->node == AUTH_NODE || vty->node == AUTH_ENABLE_NODE)
- return;
-
if (vty->length == 0)
{
vty_down_level (vty);
vty->length--;
memmove (&vty->buf[vty->cp], &vty->buf[vty->cp + 1], size - 1);
vty->buf[vty->length] = '\0';
+
+ if (vty->node == AUTH_NODE || vty->node == AUTH_ENABLE_NODE)
+ return;
vty_write (vty, &vty->buf[vty->cp], size - 1);
vty_write (vty, &telnet_space_char, 1);
static void
vty_describe_fold (struct vty *vty, int cmd_width,
- unsigned int desc_width, struct desc *desc)
+ unsigned int desc_width, struct cmd_token *token)
{
char *buf;
const char *cmd, *p;
int pos;
- cmd = desc->cmd[0] == '.' ? desc->cmd + 1 : desc->cmd;
+ cmd = token->cmd[0] == '.' ? token->cmd + 1 : token->cmd;
if (desc_width <= 0)
{
- vty_out (vty, " %-*s %s%s", cmd_width, cmd, desc->str, VTY_NEWLINE);
+ vty_out (vty, " %-*s %s%s", cmd_width, cmd, token->desc, VTY_NEWLINE);
return;
}
- buf = XCALLOC (MTYPE_TMP, strlen (desc->str) + 1);
+ buf = XCALLOC (MTYPE_TMP, strlen (token->desc) + 1);
- for (p = desc->str; strlen (p) > desc_width; p += pos + 1)
+ for (p = token->desc; strlen (p) > desc_width; p += pos + 1)
{
for (pos = desc_width; pos > 0; pos--)
if (*(p + pos) == ' ')
vector vline;
vector describe;
unsigned int i, width, desc_width;
- struct desc *desc, *desc_cr = NULL;
+ struct cmd_token *token, *token_cr = NULL;
vline = cmd_make_strvec (vty->buf);
/* Get width of command string. */
width = 0;
for (i = 0; i < vector_active (describe); i++)
- if ((desc = vector_slot (describe, i)) != NULL)
+ if ((token = vector_slot (describe, i)) != NULL)
{
unsigned int len;
- if (desc->cmd[0] == '\0')
+ if (token->cmd[0] == '\0')
continue;
- len = strlen (desc->cmd);
- if (desc->cmd[0] == '.')
+ len = strlen (token->cmd);
+ if (token->cmd[0] == '.')
len--;
if (width < len)
/* Print out description. */
for (i = 0; i < vector_active (describe); i++)
- if ((desc = vector_slot (describe, i)) != NULL)
+ if ((token = vector_slot (describe, i)) != NULL)
{
- if (desc->cmd[0] == '\0')
+ if (token->cmd[0] == '\0')
continue;
- if (strcmp (desc->cmd, "<cr>") == 0)
+ if (strcmp (token->cmd, command_cr) == 0)
{
- desc_cr = desc;
+ token_cr = token;
continue;
}
- if (!desc->str)
+ if (!token->desc)
vty_out (vty, " %-s%s",
- desc->cmd[0] == '.' ? desc->cmd + 1 : desc->cmd,
+ token->cmd[0] == '.' ? token->cmd + 1 : token->cmd,
VTY_NEWLINE);
- else if (desc_width >= strlen (desc->str))
+ else if (desc_width >= strlen (token->desc))
vty_out (vty, " %-*s %s%s", width,
- desc->cmd[0] == '.' ? desc->cmd + 1 : desc->cmd,
- desc->str, VTY_NEWLINE);
+ token->cmd[0] == '.' ? token->cmd + 1 : token->cmd,
+ token->desc, VTY_NEWLINE);
else
- vty_describe_fold (vty, width, desc_width, desc);
+ vty_describe_fold (vty, width, desc_width, token);
#if 0
vty_out (vty, " %-*s %s%s", width
#endif /* 0 */
}
- if ((desc = desc_cr))
+ if ((token = token_cr))
{
- if (!desc->str)
+ if (!token->desc)
vty_out (vty, " %-s%s",
- desc->cmd[0] == '.' ? desc->cmd + 1 : desc->cmd,
+ token->cmd[0] == '.' ? token->cmd + 1 : token->cmd,
VTY_NEWLINE);
- else if (desc_width >= strlen (desc->str))
+ else if (desc_width >= strlen (token->desc))
vty_out (vty, " %-*s %s%s", width,
- desc->cmd[0] == '.' ? desc->cmd + 1 : desc->cmd,
- desc->str, VTY_NEWLINE);
+ token->cmd[0] == '.' ? token->cmd + 1 : token->cmd,
+ token->desc, VTY_NEWLINE);
else
- vty_describe_fold (vty, width, desc_width, desc);
+ vty_describe_fold (vty, width, desc_width, token);
}
out:
{
case VIEW_NODE:
case ENABLE_NODE:
+ case RESTRICTED_NODE:
/* Nothing to do. */
break;
case CONFIG_NODE:
static struct vty *
vty_create (int vty_sock, union sockunion *su)
{
+ char buf[SU_ADDRSTRLEN];
struct vty *vty;
+ sockunion2str(su, buf, SU_ADDRSTRLEN);
+
/* Allocate new vty structure and set up default values. */
vty = vty_new ();
vty->fd = vty_sock;
vty->type = VTY_TERM;
- vty->address = sockunion_su2str (su);
+ strcpy (vty->address, buf);
if (no_password_check)
{
- if (host.advanced)
+ if (restricted_mode)
+ vty->node = RESTRICTED_NODE;
+ else if (host.advanced)
vty->node = ENABLE_NODE;
else
vty->node = VIEW_NODE;
vty_accept (struct thread *thread)
{
int vty_sock;
- struct vty *vty;
union sockunion su;
int ret;
unsigned int on;
int accept_sock;
struct prefix *p = NULL;
struct access_list *acl = NULL;
+ char buf[SU_ADDRSTRLEN];
accept_sock = THREAD_FD (thread);
if ((acl = access_list_lookup (AFI_IP, vty_accesslist_name)) &&
(access_list_apply (acl, p) == FILTER_DENY))
{
- char *buf;
zlog (NULL, LOG_INFO, "Vty connection refused from %s",
- (buf = sockunion_su2str (&su)));
- free (buf);
+ sockunion2str (&su, buf, SU_ADDRSTRLEN));
close (vty_sock);
/* continue accepting connections */
if ((acl = access_list_lookup (AFI_IP6, vty_ipv6_accesslist_name)) &&
(access_list_apply (acl, p) == FILTER_DENY))
{
- char *buf;
zlog (NULL, LOG_INFO, "Vty connection refused from %s",
- (buf = sockunion_su2str (&su)));
- free (buf);
+ sockunion2str (&su, buf, SU_ADDRSTRLEN));
close (vty_sock);
/* continue accepting connections */
zlog (NULL, LOG_INFO, "can't set sockopt to vty_sock : %s",
safe_strerror (errno));
- vty = vty_create (vty_sock, &su);
+ zlog (NULL, LOG_INFO, "Vty connection from %s",
+ sockunion2str (&su, buf, SU_ADDRSTRLEN));
+
+ vty_create (vty_sock, &su);
return 0;
}
if (sock < 0)
continue;
+ sockopt_v6only (ainfo->ai_family, sock);
sockopt_reuseaddr (sock);
sockopt_reuseport (sock);
freeaddrinfo (ainfo_save);
}
-#endif /* HAVE_IPV6 && ! NRL */
+#else /* HAVE_IPV6 && ! NRL */
/* Make vty server socket. */
static void
{
case AF_INET:
naddr=&su.sin.sin_addr;
+ break;
#ifdef HAVE_IPV6
case AF_INET6:
naddr=&su.sin6.sin6_addr;
+ break;
#endif
}
/* Add vty server event. */
vty_event (VTY_SERV, accept_sock, NULL);
}
+#endif /* HAVE_IPV6 && ! NRL */
#ifdef VTYSH
/* For sockaddr_un. */
memset (&serv, 0, sizeof (struct sockaddr_un));
serv.sun_family = AF_UNIX;
strncpy (serv.sun_path, path, strlen (path));
-#ifdef HAVE_SUN_LEN
+#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
len = serv.sun_len = SUN_LEN(&serv);
#else
len = sizeof (serv.sun_family) + strlen (serv.sun_path);
-#endif /* HAVE_SUN_LEN */
+#endif /* HAVE_STRUCT_SOCKADDR_UN_SUN_LEN */
ret = bind (sock, (struct sockaddr *) &serv, len);
if (ret < 0)
#endif /* VTYSH */
}
-/* Close vty interface. */
+/* Close vty interface. Warning: call this only from functions that
+ will be careful not to access the vty afterwards (since it has
+ now been freed). This is safest from top-level functions (called
+ directly by the thread dispatcher). */
void
vty_close (struct vty *vty)
{
if (vty->fd > 0)
close (vty->fd);
- if (vty->address)
- XFREE (MTYPE_TMP, vty->address);
if (vty->buf)
XFREE (MTYPE_VTY, vty->buf);
+ if (vty->error_buf)
+ XFREE (MTYPE_VTY, vty->error_buf);
+
/* Check configure. */
vty_config_unlock (vty);
{
int ret;
struct vty *vty;
+ unsigned int line_num = 0;
vty = vty_new ();
- vty->fd = 0; /* stdout */
- vty->type = VTY_TERM;
+ vty->fd = dup(STDERR_FILENO); /* vty_close() will close this */
+ if (vty->fd < 0)
+ {
+ /* Fine, we couldn't make a new fd. vty_close doesn't close stdout. */
+ vty->fd = STDOUT_FILENO;
+ }
+ vty->type = VTY_FILE;
vty->node = CONFIG_NODE;
/* Execute configuration file */
- ret = config_from_file (vty, confp);
+ ret = config_from_file (vty, confp, &line_num);
+
+ /* Flush any previous errors before printing messages below */
+ buffer_flush_all (vty->obuf, vty->fd);
if ( !((ret == CMD_SUCCESS) || (ret == CMD_ERR_NOTHING_TODO)) )
{
switch (ret)
{
case CMD_ERR_AMBIGUOUS:
- fprintf (stderr, "Ambiguous command.\n");
+ fprintf (stderr, "*** Error reading config: Ambiguous command.\n");
break;
case CMD_ERR_NO_MATCH:
- fprintf (stderr, "There is no such command.\n");
+ fprintf (stderr, "*** Error reading config: There is no such command.\n");
break;
}
- fprintf (stderr, "Error occured during reading below line.\n%s\n",
- vty->buf);
- vty_close (vty);
- exit (1);
+ fprintf (stderr, "*** Error occured processing line %u, below:\n%s\n",
+ line_num, vty->error_buf);
}
vty_close (vty);
}
while((c = read (sav, buffer, 512)) > 0)
- write (tmp, buffer, c);
-
+ {
+ if (write (tmp, buffer, c) <= 0)
+ {
+ free (fullpath_sav);
+ free (fullpath_tmp);
+ close (sav);
+ close (tmp);
+ return NULL;
+ }
+ }
close (sav);
close (tmp);
{
if (! IS_DIRECTORY_SEP (config_file[0]))
{
- getcwd (cwd, MAXPATHLEN);
+ if (getcwd (cwd, MAXPATHLEN) == NULL)
+ {
+ fprintf (stderr, "Failure to determine Current Working Directory %d!\n", errno);
+ exit (1);
+ }
tmp = XMALLOC (MTYPE_TMP,
strlen (cwd) + strlen (config_file) + 2);
sprintf (tmp, "%s/%s", cwd, config_file);
}
else
{
+
+ host_config_set (config_default_dir);
+
#ifdef VTYSH
int ret;
struct stat conf_stat;
{
ret = stat (integrate_default, &conf_stat);
if (ret >= 0)
- return;
+ goto tmp_free_and_out;
}
#endif /* VTYSH */
-
confp = fopen (config_default_dir, "r");
if (confp == NULL)
{
else
{
fprintf (stderr, "can't open configuration file [%s]\n",
- config_default_dir);
- exit (1);
+ config_default_dir);
+ goto tmp_free_and_out;
}
}
else
fclose (confp);
host_config_set (fullpath);
-
+
+tmp_free_and_out:
if (tmp)
XFREE (MTYPE_TMP, fullpath);
}
/* Small utility function which output log to the VTY. */
void
vty_log (const char *level, const char *proto_str,
- const char *format, va_list va)
+ const char *format, struct timestamp_control *ctl, va_list va)
{
unsigned int i;
struct vty *vty;
{
va_list ac;
va_copy(ac, va);
- vty_log_out (vty, level, proto_str, format, ac);
+ vty_log_out (vty, level, proto_str, format, ctl, ac);
va_end(ac);
}
}
/* Async-signal-safe version of vty_log for fixed strings. */
void
-vty_log_fixed (const char *buf, size_t len)
+vty_log_fixed (char *buf, size_t len)
{
unsigned int i;
struct iovec iov[2];
+ char crlf[4] = "\r\n";
/* vty may not have been initialised */
if (!vtyvec)
iov[0].iov_base = (void *)buf;
iov[0].iov_len = len;
- iov[1].iov_base = (void *)"\r\n";
+ iov[1].iov_base = crlf;
iov[1].iov_len = 2;
for (i = 0; i < vector_active (vtyvec); i++)
if (((vty = vector_slot (vtyvec, i)) != NULL) && vty->monitor)
/* N.B. We don't care about the return code, since process is
most likely just about to die anyway. */
- writev(vty->fd, iov, 2);
+ if (writev(vty->fd, iov, 2) == -1)
+ {
+ fprintf(stderr, "Failure to writev: %d\n", errno);
+ exit(-1);
+ }
}
}
}
return vty->config;
}
-\f
+
/* Master of the threads. */
-static struct thread_master *master;
+static struct thread_master *vty_master;
static void
vty_event (enum event event, int sock, struct vty *vty)
switch (event)
{
case VTY_SERV:
- vty_serv_thread = thread_add_read (master, vty_accept, vty, sock);
+ vty_serv_thread = thread_add_read (vty_master, vty_accept, vty, sock);
vector_set_index (Vvty_serv_thread, sock, vty_serv_thread);
break;
#ifdef VTYSH
case VTYSH_SERV:
- thread_add_read (master, vtysh_accept, vty, sock);
+ vty_serv_thread = thread_add_read (vty_master, vtysh_accept, vty, sock);
+ vector_set_index (Vvty_serv_thread, sock, vty_serv_thread);
break;
case VTYSH_READ:
- vty->t_read = thread_add_read (master, vtysh_read, vty, sock);
+ vty->t_read = thread_add_read (vty_master, vtysh_read, vty, sock);
break;
case VTYSH_WRITE:
- vty->t_write = thread_add_write (master, vtysh_write, vty, sock);
+ vty->t_write = thread_add_write (vty_master, vtysh_write, vty, sock);
break;
#endif /* VTYSH */
case VTY_READ:
- vty->t_read = thread_add_read (master, vty_read, vty, sock);
+ vty->t_read = thread_add_read (vty_master, vty_read, vty, sock);
/* Time out treatment. */
if (vty->v_timeout)
if (vty->t_timeout)
thread_cancel (vty->t_timeout);
vty->t_timeout =
- thread_add_timer (master, vty_timeout, vty, vty->v_timeout);
+ thread_add_timer (vty_master, vty_timeout, vty, vty->v_timeout);
}
break;
case VTY_WRITE:
if (! vty->t_write)
- vty->t_write = thread_add_write (master, vty_flush, vty, sock);
+ vty->t_write = thread_add_write (vty_master, vty_flush, vty, sock);
break;
case VTY_TIMEOUT_RESET:
if (vty->t_timeout)
if (vty->v_timeout)
{
vty->t_timeout =
- thread_add_timer (master, vty_timeout, vty, vty->v_timeout);
+ thread_add_timer (vty_master, vty_timeout, vty, vty->v_timeout);
}
break;
}
}
-\f
+
DEFUN (config_who,
config_who_cmd,
"who",
return CMD_SUCCESS;
}
+/* initial mode. */
+DEFUN (vty_restricted_mode,
+ vty_restricted_mode_cmd,
+ "anonymous restricted",
+ "Restrict view commands available in anonymous, unauthenticated vty\n")
+{
+ restricted_mode = 1;
+ return CMD_SUCCESS;
+}
+
+DEFUN (vty_no_restricted_mode,
+ vty_no_restricted_mode_cmd,
+ "no anonymous restricted",
+ NO_STR
+ "Enable password checking\n")
+{
+ restricted_mode = 0;
+ return CMD_SUCCESS;
+}
+
DEFUN (service_advanced_vty,
service_advanced_vty_cmd,
"service advanced-vty",
/* login */
if (no_password_check)
vty_out (vty, " no login%s", VTY_NEWLINE);
-
+
+ if (restricted_mode != restricted_mode_default)
+ {
+ if (restricted_mode_default)
+ vty_out (vty, " no anonymous restricted%s", VTY_NEWLINE);
+ else
+ vty_out (vty, " anonymous restricted%s", VTY_NEWLINE);
+ }
+
vty_out (vty, "!%s", VTY_NEWLINE);
return CMD_SUCCESS;
if (!c)
{
- chdir (SYSCONFDIR);
- getcwd (cwd, MAXPATHLEN);
+ /*
+ * At this point if these go wrong, more than likely
+ * the whole world is coming down around us
+ * Hence not worrying about it too much.
+ */
+ if (!chdir (SYSCONFDIR))
+ {
+ fprintf(stderr, "Failure to chdir to %s, errno: %d\n", SYSCONFDIR, errno);
+ exit(-1);
+ }
+ if (getcwd (cwd, MAXPATHLEN) == NULL)
+ {
+ fprintf(stderr, "Failure to getcwd, errno: %d\n", errno);
+ exit(-1);
+ }
}
vty_cwd = XMALLOC (MTYPE_TMP, strlen (cwd) + 1);
vtyvec = vector_init (VECTOR_MIN_SIZE);
- master = master_thread;
+ vty_master = master_thread;
/* Initilize server thread vector. */
Vvty_serv_thread = vector_init (VECTOR_MIN_SIZE);
/* Install bgp top node. */
install_node (&vty_node, vty_config_write);
+ install_element (RESTRICTED_NODE, &config_who_cmd);
+ install_element (RESTRICTED_NODE, &show_history_cmd);
install_element (VIEW_NODE, &config_who_cmd);
install_element (VIEW_NODE, &show_history_cmd);
install_element (ENABLE_NODE, &config_who_cmd);
install_element (VTY_NODE, &no_vty_access_class_cmd);
install_element (VTY_NODE, &vty_login_cmd);
install_element (VTY_NODE, &no_vty_login_cmd);
+ install_element (VTY_NODE, &vty_restricted_mode_cmd);
+ install_element (VTY_NODE, &vty_no_restricted_mode_cmd);
#ifdef HAVE_IPV6
install_element (VTY_NODE, &vty_ipv6_access_class_cmd);
install_element (VTY_NODE, &no_vty_ipv6_access_class_cmd);
#endif /* HAVE_IPV6 */
}
+
+void
+vty_terminate (void)
+{
+ if (vty_cwd)
+ XFREE (MTYPE_TMP, vty_cwd);
+
+ if (vtyvec && Vvty_serv_thread)
+ {
+ vty_reset ();
+ vector_free (vtyvec);
+ vector_free (Vvty_serv_thread);
+ }
+}