[vty] Add support for a 'restricted mode' with anonymous vty connections
* lib/command.h: Add a RESTRICTED_NODE, intended for use with
anonymous, 'no login' vtys, to provide a subset of 'view' mode
commands.
* lib/command.c: Add RESTRICTED_NODE bits, nothing special, just
following VIEW_NODE.
* lib/vty.c: (vty_auth) enable authentication should fall back to
restricted/view node as appropriate.
(vty_create) init vty's to restricted/view node as appropriate,
for the 'no login' case.
(vty_{no_,}restricted_mode_cmd) config commands to enable
'anonymous restricted' in vty configuration.
(vty_config_write) 'anonymous restricted' config.
(vty_init) Install some commands to restricted mode, and the
'anonymous restricted' config commands into VTY_NODE.
* bgpd/*.c: Install some of the safe(r) BGP commands into
'restricted mode', i.e. lookup commands of non-sensitive data.
Useful with looking-glass route-servers.
diff --git a/lib/command.h b/lib/command.h
index a725378..d093df3 100644
--- a/lib/command.h
+++ b/lib/command.h
@@ -63,6 +63,7 @@
enum node_type
{
AUTH_NODE, /* Authentication mode of vty interface. */
+ RESTRICTED_NODE, /* Restricted view mode */
VIEW_NODE, /* View node. Default mode of vty interface. */
AUTH_ENABLE_NODE, /* Authentication mode for change enable. */
ENABLE_NODE, /* Enable node. */
@@ -100,7 +101,7 @@
DUMP_NODE, /* Packet dump node. */
FORWARDING_NODE, /* IP forwarding node. */
PROTOCOL_NODE, /* protocol filtering node */
- VTY_NODE /* Vty node. */
+ VTY_NODE, /* Vty node. */
};
/* Node which has some commands and prompt string and configuration