vtysh: in user mode, don't show 'enable not allowed', also block writeconfig

Signed-off-by: Lou Berger <lberger@labn.net>

diff --git a/vtysh/vtysh_main.c b/vtysh/vtysh_main.c
index ad7d072d3daa7430983aac4de233a9a0dd82bd6a..7d882620e8d62a336ebaea5847b6a444c2fda91b 100644 (file)
--- a/vtysh/vtysh_main.c
+++ b/vtysh/vtysh_main.c
@@ -471,7 +471,8 @@ int main(int argc, char **argv, char **env)
        }
 
        if (dryrun && cmd && cmd->line) {
-               vtysh_execute("enable");
+               if (!user_mode)
+                       vtysh_execute("enable");
                while (cmd) {
                        struct cmd_rec *cr;
                        char *cmdnow = cmd->line, *next;
@@ -527,6 +528,14 @@ int main(int argc, char **argv, char **env)
        suid_off();
 
        if (writeconfig) {
+               if (user_mode) {
+                       fprintf(stderr,
+                               "writeconfig cannot be used when running as an unprivileged user.\n");
+                       if (no_error)
+                               exit(0);
+                       else
+                               exit(1);
+               }
                vtysh_execute("enable");
                return vtysh_write_config_integrated();
        }
@@ -573,7 +582,8 @@ int main(int argc, char **argv, char **env)
        /* If eval mode. */
        if (cmd && cmd->line) {
                /* Enter into enable node. */
-               vtysh_execute("enable");
+               if (!user_mode)
+                       vtysh_execute("enable");
 
                while (cmd != NULL) {
                        int ret;
@@ -663,7 +673,8 @@ int main(int argc, char **argv, char **env)
        vty_hello(vty);
 
        /* Enter into enable node. */
-       vtysh_execute("enable");
+       if (!user_mode)
+               vtysh_execute("enable");
 
        /* Preparation for longjmp() in sigtstp(). */
        sigsetjmp(jmpbuf, 1);