bgpd, lib: Remove RESTRICTED_NODE from code base

The RESTRICTED_NODE command is not used, introduces code
complexity and provides no additional levels of security.

The only way to get into RESTRICTED_NODE is to add, under
vty configuration the command 'anonymous restricted', and
then telnet to a daemon, provide a password, then type
'enable' and fail to enter the password three times.
Then the user can enter a very limited set of commands to
monitor bgp and only bgp behavior.

This commit removes both the RESTRICTED_NODE usage as well
as the lib/* usage of the code

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>

bgpd/bgp_route.c

@@ -14971,49 +14971,6 @@ bgp_route_init (void)
   install_element (VIEW_NODE, &show_ip_bgp_neighbor_flap_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_neighbor_damp_cmd);
 
-  /* Restricted node: VIEW_NODE - (set of dangerous commands) */
-  install_element (RESTRICTED_NODE, &show_ip_bgp_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_route_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community_all_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_afi_safi_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_community4_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community4_exact_cmd);
-
   install_element (ENABLE_NODE, &show_ip_bgp_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_instance_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_instance_all_cmd);
@@ -15273,46 +15230,6 @@ bgp_route_init (void)
   install_element (VIEW_NODE, &show_bgp_instance_neighbor_damp_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbor_damp_cmd);
 
-  /* Restricted:
-   * VIEW_NODE - (set of dangerous commands) - (commands dependent on prev) 
-   */
-  install_element (RESTRICTED_NODE, &show_bgp_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_prefix_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community2_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community3_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community4_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community2_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community3_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_community4_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_community4_exact_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_route_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_route_pathtype_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_prefix_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_neighbor_received_prefix_filter_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_neighbor_received_prefix_filter_cmd);
-
   install_element (ENABLE_NODE, &show_bgp_cmd);
   install_element (ENABLE_NODE, &show_bgp_ipv6_cmd);
   install_element (ENABLE_NODE, &show_bgp_ipv6_safi_cmd);

bgpd/bgp_vty.c

@@ -15964,46 +15964,6 @@ bgp_vty_init (void)
   install_element (VIEW_NODE, &show_bgp_ipv6_safi_summary_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_summary_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_safi_summary_cmd);
-#endif /* HAVE_IPV6 */
-  install_element (RESTRICTED_NODE, &show_ip_bgp_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_all_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_all_ipv6_updgrps_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_updgrps_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_updgrps_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_afi_adj_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_updgrps_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_updgrps_afi_adj_s_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_all_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv4_safi_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_ipv4_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv4_safi_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_summary_cmd);
-#ifdef HAVE_IPV6
-  install_element (RESTRICTED_NODE, &show_bgp_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_all_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_safi_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_summary_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_safi_summary_cmd);
 #endif /* HAVE_IPV6 */
   install_element (ENABLE_NODE, &show_ip_bgp_summary_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_updgrps_cmd);
@@ -16064,11 +16024,6 @@ bgp_vty_init (void)
   install_element (VIEW_NODE, &show_ip_bgp_instance_neighbors_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_instance_all_neighbors_cmd);
   install_element (VIEW_NODE, &show_ip_bgp_instance_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_ip_bgp_instance_neighbors_peer_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_neighbors_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_ipv4_neighbors_cmd);
   install_element (ENABLE_NODE, &show_ip_bgp_neighbors_peer_cmd);
@@ -16090,10 +16045,6 @@ bgp_vty_init (void)
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbors_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_neighbors_peer_cmd);
   install_element (VIEW_NODE, &show_bgp_instance_ipv6_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_ipv6_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_neighbors_peer_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_instance_ipv6_neighbors_peer_cmd);
   install_element (ENABLE_NODE, &show_bgp_neighbors_cmd);
   install_element (ENABLE_NODE, &show_bgp_ipv6_neighbors_cmd);
   install_element (ENABLE_NODE, &show_bgp_neighbors_peer_cmd);
@@ -16194,17 +16145,14 @@ bgp_vty_init (void)
 
   /* "show bgp memory" commands. */
   install_element (VIEW_NODE, &show_bgp_memory_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_memory_cmd);
   install_element (ENABLE_NODE, &show_bgp_memory_cmd);
   
   /* "show bgp views" commands. */
   install_element (VIEW_NODE, &show_bgp_views_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_views_cmd);
   install_element (ENABLE_NODE, &show_bgp_views_cmd);
   
   /* "show bgp vrfs" commands. */
   install_element (VIEW_NODE, &show_bgp_vrfs_cmd);
-  install_element (RESTRICTED_NODE, &show_bgp_vrfs_cmd);
   install_element (ENABLE_NODE, &show_bgp_vrfs_cmd);
   
   /* Community-list. */

confdefs.h

@@ -0,0 +1,73 @@
+/* confdefs.h */
+#define PACKAGE_NAME "Quagga"
+#define PACKAGE_TARNAME "quagga"
+#define PACKAGE_VERSION "0.99.24+cl3u4"
+#define PACKAGE_STRING "Quagga 0.99.24+cl3u4"
+#define PACKAGE_BUGREPORT "https://bugzilla.quagga.net"
+#define PACKAGE_URL ""
+#define PACKAGE "quagga"
+#define VERSION "0.99.24+cl3u4"
+#define STDC_HEADERS 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_SYS_STAT_H 1
+#define HAVE_STDLIB_H 1
+#define HAVE_STRING_H 1
+#define HAVE_MEMORY_H 1
+#define HAVE_STRINGS_H 1
+#define HAVE_INTTYPES_H 1
+#define HAVE_STDINT_H 1
+#define HAVE_UNISTD_H 1
+#define __EXTENSIONS__ 1
+#define _ALL_SOURCE 1
+#define _GNU_SOURCE 1
+#define _POSIX_PTHREAD_SEMANTICS 1
+#define _TANDEM_SOURCE 1
+#define HAVE_DLFCN_H 1
+#define LT_OBJDIR ".libs/"
+#define HAVE_JSON_C_JSON_H 1
+#define CONSUMED_TIME_CHECK 5000000
+#define HAVE_V6_RR_SEMANTICS /**/
+#define HAVE_RTADV /**/
+#define QUAGGA_USER "quagga"
+#define QUAGGA_GROUP "quagga"
+#define CONFIGFILE_MASK 0600
+#define LOGFILE_MASK 0600
+#define MULTIPATH_NUM 4
+#define restrict __restrict
+#define STDC_HEADERS 1
+#define TIME_WITH_SYS_TIME 1
+#define HAVE_SYS_WAIT_H 1
+#define HAVE__BOOL 1
+#define HAVE_STDBOOL_H 1
+#define HAVE_STROPTS_H 1
+#define HAVE_SYS_TIMES_H 1
+#define HAVE_SYS_SELECT_H 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_LINUX_VERSION_H 1
+#define HAVE_NETDB_H 1
+#define HAVE_ASM_TYPES_H 1
+#define HAVE_SYS_CDEFS_H 1
+#define HAVE_SYS_PARAM_H 1
+#define HAVE_LIMITS_H 1
+#define HAVE_SIGNAL_H 1
+#define HAVE_SYS_SOCKET_H 1
+#define HAVE_NETINET_IN_H 1
+#define HAVE_TIME_H 1
+#define HAVE_SYS_TIME_H 1
+#define HAVE_NET_IF_H 1
+#define HAVE_SYS_UN_H 1
+#define HAVE_NETINET_IN_SYSTM_H 1
+#define HAVE_NET_ROUTE_H 1
+#define HAVE_ARPA_INET_H 1
+#define HAVE_NETINET_IP_ICMP_H 1
+#define HAVE_FCNTL_H 1
+#define HAVE_STDDEF_H 1
+#define HAVE_SYS_IOCTL_H 1
+#define HAVE_SYSLOG_H 1
+#define HAVE_WCHAR_H 1
+#define HAVE_WCTYPE_H 1
+#define HAVE_SYS_SYSCTL_H 1
+#define HAVE_UCONTEXT_H 1
+#define HAVE_UCONTEXT_T_UC_MCONTEXT_GREGS 1
+#define GNU_LINUX /**/
+#define VTYSH /**/

lib/command.c

@@ -97,12 +97,6 @@ static struct cmd_node view_node =
   "%s> ",
 };
 
-static struct cmd_node restricted_node =
-{
-  RESTRICTED_NODE,
-  "%s$ ",
-};
-
 static struct cmd_node auth_enable_node =
 {
   AUTH_ENABLE_NODE,
@@ -2019,7 +2013,6 @@ cmd_try_do_shortcut (enum node_type node, char* first_word) {
        node != VIEW_NODE &&
        node != AUTH_ENABLE_NODE &&
        node != ENABLE_NODE &&
-       node != RESTRICTED_NODE &&
        0 == strcmp( "do", first_word ) )
     return 1;
   return 0;
@@ -2918,7 +2911,6 @@ DEFUN (config_exit,
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       if (vty_shell (vty))
 	exit (0);
       else
@@ -3001,7 +2993,6 @@ DEFUN (config_end,
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       /* Nothing to do. */
       break;
     case CONFIG_NODE:
@@ -4206,7 +4197,6 @@ cmd_init (int terminal)
   install_node (&enable_node, NULL);
   install_node (&auth_node, NULL);
   install_node (&auth_enable_node, NULL);
-  install_node (&restricted_node, NULL);
   install_node (&config_node, config_write_host);
 
   /* Each node's basic commands. */
@@ -4223,15 +4213,6 @@ cmd_init (int terminal)
       install_element (VIEW_NODE, &show_logging_cmd);
       install_element (VIEW_NODE, &show_commandtree_cmd);
       install_element (VIEW_NODE, &echo_cmd);
-
-      install_element (RESTRICTED_NODE, &config_list_cmd);
-      install_element (RESTRICTED_NODE, &config_exit_cmd);
-      install_element (RESTRICTED_NODE, &config_quit_cmd);
-      install_element (RESTRICTED_NODE, &config_help_cmd);
-      install_element (RESTRICTED_NODE, &config_enable_cmd);
-      install_element (RESTRICTED_NODE, &config_terminal_length_cmd);
-      install_element (RESTRICTED_NODE, &config_terminal_no_length_cmd);
-      install_element (RESTRICTED_NODE, &echo_cmd);
     }
 
   if (terminal)
@@ -4300,7 +4281,6 @@ cmd_init (int terminal)
 
       install_element (VIEW_NODE, &show_thread_cpu_cmd);
       install_element (ENABLE_NODE, &show_thread_cpu_cmd);
-      install_element (RESTRICTED_NODE, &show_thread_cpu_cmd);
       
       install_element (ENABLE_NODE, &clear_thread_cpu_cmd);
       install_element (VIEW_NODE, &show_work_queues_cmd);

lib/command.h

@@ -69,7 +69,6 @@ struct host
 enum node_type 
 {
   AUTH_NODE,			/* Authentication mode of vty interface. */
-  RESTRICTED_NODE,		/* Restricted view mode */ 
   VIEW_NODE,			/* View node. Default mode of vty interface. */
   AUTH_ENABLE_NODE,		/* Authentication mode for change enable. */
   ENABLE_NODE,			/* Enable node. */

lib/memory_vty.c

@@ -113,8 +113,6 @@ DEFUN (show_memory,
 void
 memory_init (void)
 {
-  install_element (RESTRICTED_NODE, &show_memory_cmd);
-
   install_element (VIEW_NODE, &show_memory_cmd);
 
   install_element (ENABLE_NODE, &show_memory_cmd);

lib/vty.c

@@ -88,10 +88,6 @@ static int vty_config_is_lockless = 0;
 /* Login password check. */
 static int no_password_check = 0;
 
-/* Restrict unauthenticated logins? */
-static const u_char restricted_mode_default = 0;
-static u_char restricted_mode = 0;
-
 /* Integrated configuration file path */
 char integrate_default[] = SYSCONFDIR INTEGRATE_DEFAULT_CONFIG;
 
@@ -395,7 +391,7 @@ vty_auth (struct vty *vty, char *buf)
 	      /* AUTH_ENABLE_NODE */
 	      vty->fail = 0;
 	      vty_out (vty, "%% Bad enable passwords, too many failures!%s", VTY_NEWLINE);
-	      vty->node = restricted_mode ? RESTRICTED_NODE : VIEW_NODE;
+	      vty->status = VTY_CLOSE;
 	    }
 	}
     }
@@ -735,7 +731,6 @@ vty_end_config (struct vty *vty)
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       /* Nothing to do. */
       break;
     case CONFIG_NODE:
@@ -1157,7 +1152,6 @@ vty_stop_input (struct vty *vty)
     {
     case VIEW_NODE:
     case ENABLE_NODE:
-    case RESTRICTED_NODE:
       /* Nothing to do. */
       break;
     case CONFIG_NODE:
@@ -1717,9 +1711,7 @@ vty_create (int vty_sock, union sockunion *su)
   strcpy (vty->address, buf);
   if (no_password_check)
     {
-      if (restricted_mode)
+      if (host.advanced)
-        vty->node = RESTRICTED_NODE;
-      else if (host.advanced)
 	vty->node = ENABLE_NODE;
       else
 	vty->node = VIEW_NODE;
@@ -2899,26 +2891,6 @@ DEFUN (no_vty_login,
   return CMD_SUCCESS;
 }
 
-/* initial mode. */
-DEFUN (vty_restricted_mode,
-       vty_restricted_mode_cmd,
-       "anonymous restricted",
-       "Restrict view commands available in anonymous, unauthenticated vty\n")
-{
-  restricted_mode = 1;
-  return CMD_SUCCESS;
-}
-
-DEFUN (vty_no_restricted_mode,
-       vty_no_restricted_mode_cmd,
-       "no anonymous restricted",
-       NO_STR
-       "Enable password checking\n")
-{
-  restricted_mode = 0;
-  return CMD_SUCCESS;
-}
-
 DEFUN (service_advanced_vty,
        service_advanced_vty_cmd,
        "service advanced-vty",
@@ -3028,14 +3000,6 @@ vty_config_write (struct vty *vty)
   if (no_password_check)
     vty_out (vty, " no login%s", VTY_NEWLINE);
 
-  if (restricted_mode != restricted_mode_default)
-    {
-      if (restricted_mode_default)
-        vty_out (vty, " no anonymous restricted%s", VTY_NEWLINE);
-      else
-        vty_out (vty, " anonymous restricted%s", VTY_NEWLINE);
-    }
-
   if (do_log_commands)
     vty_out (vty, "log commands%s", VTY_NEWLINE);
     
@@ -3164,8 +3128,6 @@ vty_init (struct thread_master *master_thread)
   /* Install bgp top node. */
   install_node (&vty_node, vty_config_write);
 
-  install_element (RESTRICTED_NODE, &config_who_cmd);
-  install_element (RESTRICTED_NODE, &show_history_cmd);
   install_element (VIEW_NODE, &config_who_cmd);
   install_element (VIEW_NODE, &show_history_cmd);
   install_element (ENABLE_NODE, &config_who_cmd);
@@ -3187,8 +3149,6 @@ vty_init (struct thread_master *master_thread)
   install_element (VTY_NODE, &no_vty_access_class_cmd);
   install_element (VTY_NODE, &vty_login_cmd);
   install_element (VTY_NODE, &no_vty_login_cmd);
-  install_element (VTY_NODE, &vty_restricted_mode_cmd);
-  install_element (VTY_NODE, &vty_no_restricted_mode_cmd);
 #ifdef HAVE_IPV6
   install_element (VTY_NODE, &vty_ipv6_access_class_cmd);
   install_element (VTY_NODE, &no_vty_ipv6_access_class_cmd);