| Age | Commit message (Collapse) | Author |
|---|
|
Code was was written where the pam error message put out
was the result from a previous call to the pam modules
instead of the current call to the pam module.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 8495b425bd056d405704df9e756560942d6815c1)
|
|
Description:
SonarQube detects the following behaviour as a vulanarability.
When authenticating users using PAM, it is strongly recommended to
check the validity of the account (not locked, not expired ...),
otherwise it leads to unauthorized access to resources.
pam_acct_mgmt() should be called for account validity after
calling pam_authenticate().
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
|
|
Replace sprintf with snprintf where straightforward to do so.
- sprintf's into local scope buffers of known size are replaced with the
equivalent snprintf call
- snprintf's into local scope buffers of known size that use the buffer
size expression now use sizeof(buffer)
- sprintf(buf + strlen(buf), ...) replaced with snprintf() into temp
buffer followed by strlcat
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
This allows to set motd from an input instead of creating a file.
Example:
root@exit2-debian-9:~/frr# telnet 127.0.0.1 2605
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Hello, this is bgpd
User Access Verification
Password:
exit2-debian-9> enable
exit2-debian-9# sh run
Current configuration:
!
frr version 7.3-dev-MyOwnFRRVersion
frr defaults traditional
!
hostname exit2-debian-9
password belekas
log file /var/log/frr/labas.log
log syslog informational
banner motd line Hello, this is bgpd
!
!
!
line vty
!
end
exit2-debian-9#
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
When using pam for authentication, the code just silently
fails and gives no indication to the end user what has gone
wrong. Try to increase messaging about what has gone wrong
by outputting some more data.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
|
|
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
indent.py `git ls-files | pcregrep '\.[ch]$' | pcregrep -v '^(ldpd|babeld|nhrpd)/'`
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
|
|
passed entry if no HOME is defined
Snap packages have a local HOME defined inside the SNAP container, but don't get access to passwd entry.
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
|
|
|
|
This replaces Quagga -> FRR in most configure.ac settings as well as
a handful of preprocessor macros in the source code.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
When compiling vtysh with --enable-static and --disasble-shared
we get linker errors with duplicate function names.
This commit addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit dd2ecdedf88eb612759617ba044e4c29353088de)
|
|
When compiling vtysh with --enable-static and --disasble-shared
we get linker errors with duplicate function names.
This commit addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
|
|
getpwuid() may fail returning a null value leaving subsequent
code vulnerable to a null pointer dereference.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>
|
|
A few places are using 0 in place of the MTYPE_* argument. The
following rewrite of the alloc tracking won't deal with that, so let's
use MTYPE_TMP instead.
Acked-by: Vincent JARDIN <vincent.jardin@6wind.com>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
[DL: v2: fix XFREE(0, foo) calls too]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
This makes a whole bunch of vtysh functions static, fixes prototypes for
a few more, and masks user_free() and user_write_config() (both unused.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit a9eb9063071437f5cde3b78adf273b428c49d378)
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
Fix a compile failure from a cherry-pick of a
commit from upstream
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
The function vtysh_pam fails the build with --enable-werror enabled
because it is a static function not declared as such
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
(cherry picked from commit 8965be4baaa1a4c619cbb4a8a10d15a72d80b60d)
|
|
the File to specify was inadvertently a optional parameter.
Dissallow this.
Ticket: CM-9431
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
|
|
Code was already in place to read and display a motd, but
no cli was present to make it happen. Add the cli
back to vtysh.conf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
|
|
This fix does two things:
1) If the ${HOME}/.history_quagga file does not exist, create it
for history storing.
2) Allow vtysh -c "..." commands to be stored in history file
as well
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
Fixup compile warnings for when you turn on --enable-gcc-ultra-verbose=yes
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
Ticket: None
Reviewed by: Trivial
Testing:
A bunch of warnings have crept in to the code base. This
fixes the issue
|
|
|
|
Lost config when switching back and forth between 'service integrated-vtysh-config'.
Also it was possible to have config files not be read in if they were not generated.
Ticket: CM-6011, CM-6033
Reviewed By: Daniel Walton <dwalton@cumulusnetworks.com>
Testing Done: See bugs
|
|
Fixup to allow 'no service-integrated-vtysh' to work properly and vice versa
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by:
|
|
Remove compile warnings for the vtysh directory
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by:
|
|
Simple conversion of XMALLOC/memset to XCALLOC
|
|
* vtysh_user.c: rename struct user to struct vtysh_user to avoid
clashes with sys/user.h on ARM.
|
|
* (global): Fix up list loops to match changes in lib/linklist,
and some basic auditing of usage.
* configure.ac: define QUAGGA_NO_DEPRECATED_INTERFACES
* HACKING: Add notes about deprecating interfaces and commands.
* lib/linklist.h: Add usage comments.
Rename getdata macro to listgetdata.
Rename nextnode to listnextnode and fix its odd behaviour to be
less dangerous.
Make listgetdata macro assert node is not null, NULL list entries
should be bug condition.
ALL_LIST_ELEMENTS, new macro, forward-referencing macro for use
with for loop, Suggested by Jim Carlson of Sun.
Add ALL_LIST_ELEMENTS_RO for cases which obviously do not need the
"safety" of previous macro.
LISTNODE_ADD and DELETE macros renamed to ATTACH, DETACH, to
distinguish from the similarly named functions, and reflect their
effect better.
Add a QUAGGA_NO_DEPRECATED_INTERFACES define guarded section
with the old defines which were modified above,
for backwards compatibility - guarded to prevent Quagga using it..
* lib/linklist.c: fix up for linklist.h changes.
* ospf6d/ospf6_abr.c: (ospf6_abr_examin_brouter) change to a single
scan of the area list, rather than scanning all areas first for
INTER_ROUTER and then again for INTER_NETWORK. According to
16.2, the scan should be area specific anyway, and further
ospf6d does not seem to implement 16.3 anyway.
|
|
|
|
* vtysh/vtysh_user.c: include lib/version.h, for QUAGGA_PROGNAME.
|
|
* lib/version.h: Add QUAGGA_PROGNAME
* lib/smux.c: hardcoded zebra/quagga -> QUAGGA_PROGNAME
* lib/command.c: ditto
* vtysh/vtysh_user.c: ditto
|
|
Subject: [zebra 18947] [PATCH] openpam patch
configure support for openpam (freebsd5.0)
|
|
|
