From 3c8ab49fd1edd6c3f6f83abd9d4b8ae97c11ecde Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Fri, 11 Mar 2016 14:27:11 -0500
Subject: [PATCH] bgpd, lib: Remove RESTRICTED_NODE from code base

The RESTRICTED_NODE command is not used, introduces code
complexity and provides no additional levels of security.

The only way to get into RESTRICTED_NODE is to add, under
vty configuration the command 'anonymous restricted', and
then telnet to a daemon, provide a password, then type
'enable' and fail to enter the password three times.
Then the user can enter a very limited set of commands to
monitor bgp and only bgp behavior.

This commit removes both the RESTRICTED_NODE usage as well
as the lib/* usage of the code

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 bgpd/bgp_route.c |  83 -----------------------------------------------
 bgpd/bgp_vty.c   |  52 -----------------------------
 confdefs.h       |  73 +++++++++++++++++++++++++++++++++++++++++
 conftest         | Bin 0 -> 9680 bytes
 conftest.err     |   0
 lib/command.c    |  20 ------------
 lib/command.h    |   1 -
 lib/memory_vty.c |   2 --
 lib/vty.c        |  44 ++-----------------------
 9 files changed, 75 insertions(+), 200 deletions(-)
 create mode 100644 confdefs.h
 create mode 100755 conftest
 create mode 100644 conftest.err

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 923acfda67..096718c982 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -14970,49 +14970,6 @@ bgp_route_init (void)
   install_element (VIEW_NODE, &show_ip_bgp_damp_flap_route_map_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_neighbor_flap_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_neighbor_damp_cmd);
-  
-  /* Restricted node: VIEW_NODE - (set of dangerous commands) */
-  install_element (RESTRICTED_NODE, &show_ip_bgp_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community_all_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community4_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community4_exact_cmd);
 
   install_element (ENABLE_NODE, &show_ip_bgp_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_instance_cmd);
@@ -15272,46 +15229,6 @@ bgp_route_init (void)
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbor_flap_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_neighbor_damp_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbor_damp_cmd);
-  
-  /* Restricted:
-   * VIEW_NODE - (set of dangerous commands) - (commands dependent on prev) 
-   */
-  install_element (RESTRICTED_NODE, &show_bgp_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community4_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community4_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_neighbor_received_prefix_filter_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_neighbor_received_prefix_filter_cmd);
 
   install_element (ENABLE_NODE, &show_bgp_cmd);
   install_element (ENABLE_NODE, &show_bgp_ipv6_cmd);
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index c605e186d6..44388bea34 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -15964,46 +15964,6 @@ bgp_vty_init (void)
   install_element (VIEW_NODE, &show_bgp_ipv6_safi_summary_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_summary_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_safi_summary_cmd);
-#endif /* HAVE_IPV6 */
-  install_element (RESTRICTED_NODE, &show_ip_bgp_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_all_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_all_ipv6_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_afi_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_afi_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_all_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_ipv4_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv4_safi_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_summary_cmd);
-#ifdef HAVE_IPV6
-  install_element (RESTRICTED_NODE, &show_bgp_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_all_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_safi_summary_cmd);
 #endif /* HAVE_IPV6 */
   install_element (ENABLE_NODE, &show_ip_bgp_summary_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_updgrps_cmd);
@@ -16064,11 +16024,6 @@ bgp_vty_init (void)
   install_element (VIEW_NODE, &show_ip_bgp_instance_neighbors_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_instance_all_neighbors_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_instance_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_neighbors_peer_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_neighbors_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_ipv4_neighbors_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_neighbors_peer_cmd);
@@ -16090,10 +16045,6 @@ bgp_vty_init (void)
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbors_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_neighbors_peer_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_neighbors_peer_cmd);
   install_element (ENABLE_NODE, &show_bgp_neighbors_cmd);
   install_element (ENABLE_NODE, &show_bgp_ipv6_neighbors_cmd);
   install_element (ENABLE_NODE, &show_bgp_neighbors_peer_cmd);
@@ -16194,17 +16145,14 @@ bgp_vty_init (void)
 
   /* "show bgp memory" commands. */
   install_element (VIEW_NODE, &show_bgp_memory_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_memory_cmd);
   install_element (ENABLE_NODE, &show_bgp_memory_cmd);
   
   /* "show bgp views" commands. */
   install_element (VIEW_NODE, &show_bgp_views_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_views_cmd);
   install_element (ENABLE_NODE, &show_bgp_views_cmd);
   
   /* "show bgp vrfs" commands. */
   install_element (VIEW_NODE, &show_bgp_vrfs_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_vrfs_cmd);
   install_element (ENABLE_NODE, &show_bgp_vrfs_cmd);
   
   /* Community-list. */
diff --git a/confdefs.h b/confdefs.h
new file mode 100644
index 0000000000..0787a51477
--- /dev/null
+++ b/confdefs.h
@@ -0,0 +1,73 @@
+/* confdefs.h */
+#define PACKAGE_NAME "Quagga"
+#define PACKAGE_TARNAME "quagga"
+#define PACKAGE_VERSION "0.99.24+cl3u4"
+#define PACKAGE_STRING "Quagga 0.99.24+cl3u4"
+#define PACKAGE_BUGREPORT "https://bugzilla.quagga.net"
+#define PACKAGE_URL ""
+#define PACKAGE "quagga"
+#define VERSION "0.99.24+cl3u4"
+#define STDC_HEADERS 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_SYS_STAT_H 1
+#define HAVE_STDLIB_H 1
+#define HAVE_STRING_H 1
+#define HAVE_MEMORY_H 1
+#define HAVE_STRINGS_H 1
+#define HAVE_INTTYPES_H 1
+#define HAVE_STDINT_H 1
+#define HAVE_UNISTD_H 1
+#define __EXTENSIONS__ 1
+#define _ALL_SOURCE 1
+#define _GNU_SOURCE 1
+#define _POSIX_PTHREAD_SEMANTICS 1
+#define _TANDEM_SOURCE 1
+#define HAVE_DLFCN_H 1
+#define LT_OBJDIR ".libs/"
+#define HAVE_JSON_C_JSON_H 1
+#define CONSUMED_TIME_CHECK 5000000
+#define HAVE_V6_RR_SEMANTICS /**/
+#define HAVE_RTADV /**/
+#define QUAGGA_USER "quagga"
+#define QUAGGA_GROUP "quagga"
+#define CONFIGFILE_MASK 0600
+#define LOGFILE_MASK 0600
+#define MULTIPATH_NUM 4
+#define restrict __restrict
+#define STDC_HEADERS 1
+#define TIME_WITH_SYS_TIME 1
+#define HAVE_SYS_WAIT_H 1
+#define HAVE__BOOL 1
+#define HAVE_STDBOOL_H 1
+#define HAVE_STROPTS_H 1
+#define HAVE_SYS_TIMES_H 1
+#define HAVE_SYS_SELECT_H 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_LINUX_VERSION_H 1
+#define HAVE_NETDB_H 1
+#define HAVE_ASM_TYPES_H 1
+#define HAVE_SYS_CDEFS_H 1
+#define HAVE_SYS_PARAM_H 1
+#define HAVE_LIMITS_H 1
+#define HAVE_SIGNAL_H 1
+#define HAVE_SYS_SOCKET_H 1
+#define HAVE_NETINET_IN_H 1
+#define HAVE_TIME_H 1
+#define HAVE_SYS_TIME_H 1
+#define HAVE_NET_IF_H 1
+#define HAVE_SYS_UN_H 1
+#define HAVE_NETINET_IN_SYSTM_H 1
+#define HAVE_NET_ROUTE_H 1
+#define HAVE_ARPA_INET_H 1
+#define HAVE_NETINET_IP_ICMP_H 1
+#define HAVE_FCNTL_H 1
+#define HAVE_STDDEF_H 1
+#define HAVE_SYS_IOCTL_H 1
+#define HAVE_SYSLOG_H 1
+#define HAVE_WCHAR_H 1
+#define HAVE_WCTYPE_H 1
+#define HAVE_SYS_SYSCTL_H 1
+#define HAVE_UCONTEXT_H 1
+#define HAVE_UCONTEXT_T_UC_MCONTEXT_GREGS 1
+#define GNU_LINUX /**/
+#define VTYSH /**/
diff --git a/conftest b/conftest
new file mode 100755
index 0000000000000000000000000000000000000000..04df7b19b5cd8ac7858e7c8175862774123b5a21
GIT binary patch
literal 9680
zcmeHNYiu0V6~43USK?&6PN1;~O@@+40kIp~B&mTqne`(XBj-U_Ln>;9@$PuN%|62J
zY)GQ0buo`vG!)SX54BQ$w3Jr;fmD@(sDjf_s6>$xwMdcLO6dcX5TKz@nii4mId{(4
zot@on>5r;^a+8^J&$;J2_c`~Td)8kb8QUCC6u~JVHVWiUH0x62zJb3|vLx#l3xqCK
ziK|2lNSfi%WeHL@$Mgc3X4*!2L7+|W^aor)e?XTRrd%CUZXr^vuab1iy7VAbz*GoL
zmLm?^Dpbh=z01uI)u|l@QN|&QxGutVkv`MY)G(&pKkOSmF|rp6=)fVbBN4;$U7@Ip
zX~!E*LgHFoKGv$s4AXV4STJSWEr65#qw@bmLZq;h>T5JEg2#g>byuuSrzSV7TboXV
z)2VE6UwB{thVX`UkwPxgC;N@|QFqI>aaj|OqXrzd`7(HL4Pg25WizklfB4fai#Oi$
z)<?fQ`_~^o`s4~M!y({#J2bB;qDfzXvIX$8!!tPY`r9x3>CuCy?%s9f^M~J4&;9x@
zJiAa@ot6NrRf{BdH@vaTpB@82J$VG=nqL|Cfd=wh8pwYD@{s5fdgw05RnpHO8xq~Z
z@X4PcxnF-b$d|xq?4s|LEj=jZsu-sA!*T)hmba}0%$kj}wLzGpv8`sp&fCdU!LjqP
ztwZTt){a?|X<L|PGLy@i1;@%erYX#u_nJFNZzydQ3U<MT*9WJvDM#efW;~bKleV1{
zSjt#Vd>T<xP>5}bQzJ~wQ$-mol@+F)upA3oFj*+Lau8(`V$0a*;E>rD>5HuAKJgM&
zV70jaaNQ{4FevakFJ6&?WfKs`2y~(2E}6q`hQA>cbkVruI%B&i*F17uo1E5o<X$_*
z?AvX|L(Sh@s0ri#d8hfz5Fm`%m)edq(xs*K_kv1k^?mT}SgAt}`DrXXd%6T^^#SDZ
zGdO!f@_FR3X=mqwAMc$v=H58-3&>7%9GySj`_Aax$vcg?KN_=tKEES2`pUcxE5LZ=
z*ohV-ugt?bIrDwc{$Q$O<**RXZGjGq8(~~m#_R<ZjO|_i99ECb?woiL3reR!`92hi
ziR0MHsR;8&v3%V4%Dd9Qv5P@4V9cF2j-A<LC@&i)FFKc(t+lhYj+J1?t$$|V`30H~
z#m;f;Mi#sAa`RIlQr?#}y%>TG*O=WTip}S~4!E+h_YhDzF>&?)U@Gm2-X6UzI#-I0
zM`L4$SFdQ*pmB%8NN*jT`*3vb_1@o(UGs*Vons#d&x~Izm5lq}aaM4D#^&A{oBMDW
zER-($oiTe{F>W|ld<!S;j)~|Oq7%_Oqvr8PD)qe&^C_*-)GDxQl;y#jdSI;ZoVpGw
zI0!Ti^t(V00v$sNt$qpU+dvn=?BafiNjb1nDEmUn@<pv}k0`Anl;at=25{G+0;T%;
z0?uSt|LKoQB^`Cu&}Oyk=8pDz+GfP2D{i{>`c<DnG1?r4XCCzAHxgAt4+KUQw`_)r
zsVo8X8K~C=DhAci*8+oT*TcaPRXf}?sIK{Hv!V7p&|;|lv#r}zeUI87RePf9nn6_q
zJ<uOi+ho6f1n^T}$NN2@$xG?d2wWP0OCxY;1pa>`aHK_-mCq36mY~Cd$xqRz!nDXG
zWxsPV@$7GQ6VLao<;3IJg6RsEh&DLhG2wZHiOc_Xv6Msp@qmt`eCInKba}q(oCvu5
zLeRnVnoH#U0JB}hUrv-s*@px71rwi5hU6;eG5Ud+mbpZPz<<KT@(WEa&+X>=@Q#9s
zc{u)Le@>A;9Q%^z@jXxcQ7U)Q|NA%JWBoOKi~9K#(PxSJ^|lNR-Keb@pDbpbqP8Bq
z^4@S?Us1As*SG?$ucvo?Z%=QJxDL?nK)b_*&L}2!(k0`0B_ZD=`8GLDi(UZcOCANz
z2404o659oDzfI-aC=I?!RhbBBYHChp9nt(f$m64c&(*1{R+qL1)#d8=vQ8xg^BssN
zo4SMQjqNwJk1p+0mbB_!j}3M!OTpUQy^82mdLi4iO0>6cY!5<*nj>OU_vgB^s*3@;
zo8SpRkOXQ_K2jIMTSi)-FN%ogvQv&-a3XOihO{8SEf4-iC|89C?g%sk0Pe@y&<!{E
zMp6rBoMP4<NZMIDpNa!(<>S)>?j>9cC*}X`eOh>XK?@h0#6U7z1S8?8Y%ZM3q@3_n
z-pbhFJvkT#I}dWW;l+1{_vCYq9d~khz~pn;q*$BDI&1TG)^c)dlPPCyyqGDbiv>_j
z?X?`+yt`;6lU9Q}o~MWMM#uf*(30D4&pT4spK+{75rNuWI?XxR&OIWMg$72VgQH=`
zN)iWMi%b?%5Q#`7L<G5Mt1vAhiTzoy=Tax{mh83j1-OP*F(#Dd?X-me%I!%zA|h|E
z5y##Kd3jrn<a6>$8nLHMIezAJ0<g@v2-C{vt^F>7^IwdE8d$e7sW?=f1B392$XZ;B
zaK{x9xF%<8SeB85Jy}cw*vcm1s!VJuJC)<SH3@h4z0BcNp7StXoF%wtd>dthupIjX
zdQEW<7H_PsJSd#H@}}~B?KKvJ-JAF6YI%#`{k&S<D(dZnK{y?F|E$(uAb20HmM<*t
z*VXdccnOvV;Z&Qcv(E*^;_|jqZKqCrMcU~QJ6d(Gs>}yrqvJT9w=gI=#i6?T5P_oe
zv08s=`P{6QUncOn>`y^)Im9pP$v-7H4&ucG@wB6Jv0C0Gdg{u%YvNdl3zkoLuN9QD
zH{h4E7vPtFx>`V7P^@SmU)eye)yVN&X%g?1`~~RWC~$lAk0<&y0ay>h=PzMg5aqg0
z9wqsVPky_!Ul})S2c{`_6j3|Bhe3|^kNE67A@yt5$#WpD*RMwX#jq5dX<}cS4!KG?
z3E6t%fExAe|6W3u)U3~UrJdS!_;=Fxuk(e_P^Hc~)Ih!j$C<tt_S<?uu1Q<fuQ4gF
zUAMPOJJq_#Wk6mpF6&7B+VA~913OQU9sl?86v(yOYQ;}L-Wli;{l4$(=O`DI{iKPo
zCqa(mfMGpMwtNfm2awl`AHT`^w7+pI=^fI?@SQjPgY@~(W*6-u$ThDb<(I%jVEg@c
zR)D;oKK|}gFK#X3d8gnMr>4L!GR>QZcA8_Ox5gm$T!~PdPR5L5jJhB=?(7knW+G=M
z)4542Z6?5#DVSDqA9!0b1Z^iGpIyJ9A1v2Vk}+xb%!Wv_lix4gQ$A75WcCBZ!<pzD
zRH=HL9n;*rGrD!e9N9LEF>~1o&R5|Q!W{nmw&>Q;A<*)a$Z)$bw~TEcjE<SxH*dam
zBxc5<gJUCTP6o>3g`yim|98=Q^erfK-XIE3F?Q+RkYzX4j}Duzdt>b|WEFG%-v!J>
zA!klo*#!P(FuENoO{B7Bv0y_ND-D(&l?>u@K;IMGcZ2@*eqb=+CkY-*{H=l~z5165
zX}r$D{4Yg#GQkpuz1B_a7xC|u{u2syz3FOTTH#?l`%nBkpypMEJb%wD?uCpO&wiFe
z23N5nQ9phd<R8LalIwpwpi9liNzgC3%6*#ett1xPAkz*H<JoUJK?03B+yXk7WqcRp
zG2I3a-mMwW{@r;LLVC?5<+p$Q?t~J&8#A8$z@yYruBVwSupZOhAji8l^XxC4BD_X8
zfBQ)+4nPJ~8P9&@g$DKe`+pzd2gxAE3qsUjgXGAfkKxBZ3^E)OY#%26U2hlRId0;X
z)~=s9DDdLhpPeDR&OoBPuQUCI56}DmJmKNuTa_5c!Y6%rjt33nqK3qA5tplN{}Cv_
zD)_fo_M>+Yo~D7}<?n~(PZOT!kNxc!;n$UsZiaCze%6O)zx)v4KVU_oJbx^nhl~mj
zE%%E5jzUO&eLw#z(CL7O@f;s(`-J#YfW`4+Jo~SqPl!kV4c8vy`QE^P|8Sb-pVue1
zpVz^gzWVuoaREC8iS=Es!n6Dw6nNWTzK2i+Jq#quIHov1UOf9>J%s0WvKhuP|4+!E
zjQh|2j7~tmJ`D%M1zsdj=5HtC!(~l3!+53`=;FLrHAD6L?fP|>HNby|@VGyElOKO|
z1AJSji*o;(qhi62?`?peApB4TDsz7P0O9@pJVN+a8{pZF(V+g_w4rDX@GQn^c<xz-
y^dZ9E#uZVakCk)Bdyf}?W~s|PO&`wHz+MjzuO~j&aDS{<|0A^VZ}b`W*Z(g=Ztzb4

literal 0
HcmV?d00001

diff --git a/conftest.err b/conftest.err
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/lib/command.c b/lib/command.c
index 9d8bd46580..5ebab1450d 100644
--- a/lib/command.c
+++ b/lib/command.c
@@ -97,12 +97,6 @@ static struct cmd_node view_node =
   "%s> ",
 };
 
-static struct cmd_node restricted_node =
-{
-  RESTRICTED_NODE,
-  "%s$ ",
-};
-
 static struct cmd_node auth_enable_node =
 {
   AUTH_ENABLE_NODE,
@@ -2019,7 +2013,6 @@ cmd_try_do_shortcut (enum node_type node, char* first_word) {
        node != VIEW_NODE &&
        node != AUTH_ENABLE_NODE &&
        node != ENABLE_NODE &&
-       node != RESTRICTED_NODE &&
        0 == strcmp( "do", first_word ) )
     return 1;
   return 0;
@@ -2918,7 +2911,6 @@ DEFUN (config_exit,
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       if (vty_shell (vty))
 	exit (0);
       else
@@ -3001,7 +2993,6 @@ DEFUN (config_end,
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       /* Nothing to do. */
       break;
     case CONFIG_NODE:
@@ -4206,7 +4197,6 @@ cmd_init (int terminal)
   install_node (&enable_node, NULL);
   install_node (&auth_node, NULL);
   install_node (&auth_enable_node, NULL);
-  install_node (&restricted_node, NULL);
   install_node (&config_node, config_write_host);
 
   /* Each node's basic commands. */
@@ -4223,15 +4213,6 @@ cmd_init (int terminal)
       install_element (VIEW_NODE, &show_logging_cmd);
       install_element (VIEW_NODE, &show_commandtree_cmd);
       install_element (VIEW_NODE, &echo_cmd);
-
-      install_element (RESTRICTED_NODE, &config_list_cmd);
-      install_element (RESTRICTED_NODE, &config_exit_cmd);
-      install_element (RESTRICTED_NODE, &config_quit_cmd);
-      install_element (RESTRICTED_NODE, &config_help_cmd);
-      install_element (RESTRICTED_NODE, &config_enable_cmd);
-      install_element (RESTRICTED_NODE, &config_terminal_length_cmd);
-      install_element (RESTRICTED_NODE, &config_terminal_no_length_cmd);
-      install_element (RESTRICTED_NODE, &echo_cmd);
     }
 
   if (terminal)
@@ -4300,7 +4281,6 @@ cmd_init (int terminal)
 
       install_element (VIEW_NODE, &show_thread_cpu_cmd);
       install_element (ENABLE_NODE, &show_thread_cpu_cmd);
-      install_element (RESTRICTED_NODE, &show_thread_cpu_cmd);
       
       install_element (ENABLE_NODE, &clear_thread_cpu_cmd);
       install_element (VIEW_NODE, &show_work_queues_cmd);
diff --git a/lib/command.h b/lib/command.h
index 5932743115..fd0918f118 100644
--- a/lib/command.h
+++ b/lib/command.h
@@ -69,7 +69,6 @@ struct host
 enum node_type 
 {
   AUTH_NODE,			/* Authentication mode of vty interface. */
-  RESTRICTED_NODE,		/* Restricted view mode */ 
   VIEW_NODE,			/* View node. Default mode of vty interface. */
   AUTH_ENABLE_NODE,		/* Authentication mode for change enable. */
   ENABLE_NODE,			/* Enable node. */
diff --git a/lib/memory_vty.c b/lib/memory_vty.c
index 73acafe23b..be8735dfc4 100644
--- a/lib/memory_vty.c
+++ b/lib/memory_vty.c
@@ -113,8 +113,6 @@ DEFUN (show_memory,
 void
 memory_init (void)
 {
-  install_element (RESTRICTED_NODE, &show_memory_cmd);
-
   install_element (VIEW_NODE, &show_memory_cmd);
 
   install_element (ENABLE_NODE, &show_memory_cmd);
diff --git a/lib/vty.c b/lib/vty.c
index cc30def303..15bc683c14 100644
--- a/lib/vty.c
+++ b/lib/vty.c
@@ -88,10 +88,6 @@ static int vty_config_is_lockless = 0;
 /* Login password check. */
 static int no_password_check = 0;
 
-/* Restrict unauthenticated logins? */
-static const u_char restricted_mode_default = 0;
-static u_char restricted_mode = 0;
-
 /* Integrated configuration file path */
 char integrate_default[] = SYSCONFDIR INTEGRATE_DEFAULT_CONFIG;
 
@@ -395,7 +391,7 @@ vty_auth (struct vty *vty, char *buf)
 	      /* AUTH_ENABLE_NODE */
 	      vty->fail = 0;
 	      vty_out (vty, "%% Bad enable passwords, too many failures!%s", VTY_NEWLINE);
-	      vty->node = restricted_mode ? RESTRICTED_NODE : VIEW_NODE;
+	      vty->status = VTY_CLOSE;
 	    }
 	}
     }
@@ -735,7 +731,6 @@ vty_end_config (struct vty *vty)
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       /* Nothing to do. */
       break;
     case CONFIG_NODE:
@@ -1157,7 +1152,6 @@ vty_stop_input (struct vty *vty)
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       /* Nothing to do. */
       break;
     case CONFIG_NODE:
@@ -1717,9 +1711,7 @@ vty_create (int vty_sock, union sockunion *su)
   strcpy (vty->address, buf);
   if (no_password_check)
     {
-      if (restricted_mode)
-        vty->node = RESTRICTED_NODE;
-      else if (host.advanced)
+      if (host.advanced)
 	vty->node = ENABLE_NODE;
       else
 	vty->node = VIEW_NODE;
@@ -2899,26 +2891,6 @@ DEFUN (no_vty_login,
   return CMD_SUCCESS;
 }
 
-/* initial mode. */
-DEFUN (vty_restricted_mode,
-       vty_restricted_mode_cmd,
-       "anonymous restricted",
-       "Restrict view commands available in anonymous, unauthenticated vty\n")
-{
-  restricted_mode = 1;
-  return CMD_SUCCESS;
-}
-
-DEFUN (vty_no_restricted_mode,
-       vty_no_restricted_mode_cmd,
-       "no anonymous restricted",
-       NO_STR
-       "Enable password checking\n")
-{
-  restricted_mode = 0;
-  return CMD_SUCCESS;
-}
-
 DEFUN (service_advanced_vty,
        service_advanced_vty_cmd,
        "service advanced-vty",
@@ -3027,14 +2999,6 @@ vty_config_write (struct vty *vty)
   /* login */
   if (no_password_check)
     vty_out (vty, " no login%s", VTY_NEWLINE);
-    
-  if (restricted_mode != restricted_mode_default)
-    {
-      if (restricted_mode_default)
-        vty_out (vty, " no anonymous restricted%s", VTY_NEWLINE);
-      else
-        vty_out (vty, " anonymous restricted%s", VTY_NEWLINE);
-    }
 
   if (do_log_commands)
     vty_out (vty, "log commands%s", VTY_NEWLINE);
@@ -3164,8 +3128,6 @@ vty_init (struct thread_master *master_thread)
   /* Install bgp top node. */
   install_node (&vty_node, vty_config_write);
 
-  install_element (RESTRICTED_NODE, &config_who_cmd);
-  install_element (RESTRICTED_NODE, &show_history_cmd);
   install_element (VIEW_NODE, &config_who_cmd);
   install_element (VIEW_NODE, &show_history_cmd);
   install_element (ENABLE_NODE, &config_who_cmd);
@@ -3187,8 +3149,6 @@ vty_init (struct thread_master *master_thread)
   install_element (VTY_NODE, &no_vty_access_class_cmd);
   install_element (VTY_NODE, &vty_login_cmd);
   install_element (VTY_NODE, &no_vty_login_cmd);
-  install_element (VTY_NODE, &vty_restricted_mode_cmd);
-  install_element (VTY_NODE, &vty_no_restricted_mode_cmd);
 #ifdef HAVE_IPV6
   install_element (VTY_NODE, &vty_ipv6_access_class_cmd);
   install_element (VTY_NODE, &no_vty_ipv6_access_class_cmd);
-- 
2.39.5