vtysh: add -u/--user flag to run commands without enable

Signed-off-by: Lou Berger <lberger@labn.net>

diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
index 96a5ea9e36652bf645be283076e8ed20ad982c2f..dca5dafa84687d89d49dccdfa0a4b975b9f01800 100644 (file)
--- a/vtysh/vtysh.c
+++ b/vtysh/vtysh.c
@@ -305,6 +305,7 @@ static int vtysh_execute_func(const char *line, int pager)
        int closepager = 0;
        int tried = 0;
        int saved_ret, saved_node;
+       extern int user_mode;
 
        /* Split readline string up into the vector. */
        vline = cmd_make_strvec(line);
@@ -312,6 +313,13 @@ static int vtysh_execute_func(const char *line, int pager)
        if (vline == NULL)
                return CMD_SUCCESS;
 
+       if (user_mode) {
+               if (strncmp("en", vector_slot(vline, 0), 2) == 0) {
+                       fprintf(stdout, "%% Command not allowed: enable\n");
+                       return CMD_WARNING;
+               }
+       }
+
        saved_ret = ret = cmd_execute_command(vline, vty, &cmd, 1);
        saved_node = vty->node;
 
@@ -385,13 +393,13 @@ static int vtysh_execute_func(const char *line, int pager)
                        fprintf(stdout, "Warning...\n");
                break;
        case CMD_ERR_AMBIGUOUS:
-               fprintf(stdout, "%% Ambiguous command.\n");
+               fprintf(stdout, "%% Ambiguous command: %s\n", line);
                break;
        case CMD_ERR_NO_MATCH:
-               fprintf(stdout, "%% Unknown command.\n");
+               fprintf(stdout, "%% Unknown command: %s\n", line);
                break;
        case CMD_ERR_INCOMPLETE:
-               fprintf(stdout, "%% Command incomplete.\n");
+               fprintf(stdout, "%% Command incomplete: %s\n", line);
                break;
        case CMD_SUCCESS_DAEMON: {
                /*

diff --git a/vtysh/vtysh_main.c b/vtysh/vtysh_main.c
index a3d2f95ec149e0f6ee04d9a780d81b8584449f47..b5cc1d21d1e89e577018941dc5a3b51ea33c8aaf 100644 (file)
--- a/vtysh/vtysh_main.c
+++ b/vtysh/vtysh_main.c
@@ -60,6 +60,9 @@ static char history_file[MAXPATHLEN];
 /* Flag for indicate executing child command. */
 int execute_flag = 0;
 
+/* Flag to indicate if in user/unprivileged mode. */
+int user_mode = 0;
+
 /* For sigsetjmp() & siglongjmp(). */
 static sigjmp_buf jmpbuf;
 
@@ -150,6 +153,7 @@ static void usage(int status)
                       "    --vty_socket         Override vty socket path\n"
                       "    --config_dir         Override config directory path\n"
                       "-N  --pathspace          Insert prefix into config & socket paths\n"
+                      "-u  --user               Run as an unprivileged user\n"
                       "-w, --writeconfig        Write integrated config (frr.conf) and exit\n"
                       "-h, --help               Display this help and exit\n\n"
                       "Note that multiple commands may be executed from the command\n"
@@ -180,6 +184,7 @@ struct option longopts[] = {
        {"mark", no_argument, NULL, 'm'},
        {"writeconfig", no_argument, NULL, 'w'},
        {"pathspace", required_argument, NULL, 'N'},
+       {"user", no_argument, NULL, 'u'},
        {0}};
 
 /* Read a string, and return a pointer to it.  Returns NULL on EOF. */
@@ -318,7 +323,7 @@ int main(int argc, char **argv, char **env)
 
        /* Option handling. */
        while (1) {
-               opt = getopt_long(argc, argv, "be:c:d:nf:mEhCwN:", longopts, 0);
+               opt = getopt_long(argc, argv, "be:c:d:nf:mEhCwN:u", longopts, 0);
 
                if (opt == EOF)
                        break;
@@ -375,6 +380,9 @@ int main(int argc, char **argv, char **env)
                case 'C':
                        dryrun = 1;
                        break;
+               case 'u':
+                       user_mode = 1;
+                       break;
                case 'w':
                        writeconfig = 1;
                        break;
@@ -425,11 +433,13 @@ int main(int argc, char **argv, char **env)
 
        vty_init_vtysh();
 
-       /* Read vtysh configuration file before connecting to daemons.
-        * (file may not be readable to calling user in SUID mode) */
-       suid_on();
-       vtysh_read_config(vtysh_config);
-       suid_off();
+       if (!user_mode) {
+               /* Read vtysh configuration file before connecting to daemons.
+                * (file may not be readable to calling user in SUID mode) */
+               suid_on();
+               vtysh_read_config(vtysh_config);
+               suid_off();
+       }
 
        if (markfile) {
                if (!inputfile) {