proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-08 05:22:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

vtysh: Add --config_dir option to override compiled in location for vtysh.conf and Quagga.conf

Browse Source 
Only allow the override if vtysh is not run with setuid()

Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
This commit is contained in:
Martin Winter 2016-12-10 19:06:54 -08:00
parent 372b8bd381
commit ce2e9ec3ad
1 changed files with 58 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
vtysh/vtysh_main.c
View File

@ -45,8 +45,8 @@
char *progname; char *progname;
/* Configuration file name and directory. */ /* Configuration file name and directory. */
static char vtysh_config_always[] = SYSCONFDIR VTYSH_DEFAULT_CONFIG; static char vtysh_config_always[MAXPATHLEN] = SYSCONFDIR VTYSH_DEFAULT_CONFIG;
static char quagga_config_default[] = SYSCONFDIR QUAGGA_DEFAULT_CONFIG; static char quagga_config_default[MAXPATHLEN] = SYSCONFDIR QUAGGA_DEFAULT_CONFIG;
char *quagga_config = quagga_config_default; char *quagga_config = quagga_config_default;
char history_file[MAXPATHLEN]; char history_file[MAXPATHLEN];
@ -148,8 +148,10 @@ usage (int status)
"-E, --echo Echo prompt and command in -c mode\n" \ "-E, --echo Echo prompt and command in -c mode\n" \
"-C, --dryrun Check configuration for validity and exit\n" \ "-C, --dryrun Check configuration for validity and exit\n" \
" --vty_socket Override vty socket path\n" \ " --vty_socket Override vty socket path\n" \
"-m, --markfile Mark input file with context end\n" "-m, --markfile Mark input file with context end\n" \
"-w, --writeconfig Write integrated config (Quagga.conf) and exit\n" " --vty_socket Override vty socket path\n" \
" --config_dir Override config directory path\n" \
"-w, --writeconfig Write integrated config (Quagga.conf) and exit\n" \
"-h, --help Display this help and exit\n\n" \ "-h, --help Display this help and exit\n\n" \
"Note that multiple commands may be executed from the command\n" \ "Note that multiple commands may be executed from the command\n" \
"line by passing multiple -c args, or by embedding linefeed\n" \ "line by passing multiple -c args, or by embedding linefeed\n" \
@ -161,6 +163,7 @@ usage (int status)
/* VTY shell options, we use GNU getopt library. */ /* VTY shell options, we use GNU getopt library. */
#define OPTION_VTYSOCK 1000 #define OPTION_VTYSOCK 1000
#define OPTION_CONFDIR 1001
struct option longopts[] = struct option longopts[] =
{ {
{ "boot", no_argument, NULL, 'b'}, { "boot", no_argument, NULL, 'b'},
@ -169,6 +172,7 @@ struct option longopts[] =
{ "command", required_argument, NULL, 'c'}, { "command", required_argument, NULL, 'c'},
{ "daemon", required_argument, NULL, 'd'}, { "daemon", required_argument, NULL, 'd'},
{ "vty_socket", required_argument, NULL, OPTION_VTYSOCK}, { "vty_socket", required_argument, NULL, OPTION_VTYSOCK},
{ "config_dir", required_argument, NULL, OPTION_CONFDIR},
{ "inputfile", required_argument, NULL, 'f'}, { "inputfile", required_argument, NULL, 'f'},
{ "echo", no_argument, NULL, 'E'}, { "echo", no_argument, NULL, 'E'},
{ "dryrun", no_argument, NULL, 'C'}, { "dryrun", no_argument, NULL, 'C'},
@ -268,6 +272,7 @@ main (int argc, char **argv, char **env)
int boot_flag = 0; int boot_flag = 0;
const char *daemon_name = NULL; const char *daemon_name = NULL;
const char *inputfile = NULL; const char *inputfile = NULL;
char *vtysh_configfile_name;
struct cmd_rec { struct cmd_rec {
const char *line; const char *line;
struct cmd_rec *next; struct cmd_rec *next;
@ -280,6 +285,9 @@ main (int argc, char **argv, char **env)
int ret = 0; int ret = 0;
char *homedir = NULL; char *homedir = NULL;
/* check for restricted functionality if vtysh is run setuid */
int restricted = (getuid() != geteuid()) || (getgid() != getegid());
/* Preserve name of myself. */ /* Preserve name of myself. */
progname = ((p = strrchr (argv[0], '/')) ? ++p : argv[0]); progname = ((p = strrchr (argv[0], '/')) ? ++p : argv[0]);
@ -319,6 +327,52 @@ main (int argc, char **argv, char **env)
case OPTION_VTYSOCK: case OPTION_VTYSOCK:
vty_sock_path = optarg; vty_sock_path = optarg;
break; break;
case OPTION_CONFDIR:
/*
* Skip option for Config Directory if setuid
*/
if (restricted)
{
fprintf (stderr, "Overriding of Config Directory blocked for vtysh with setuid");
return 1;
}
/*
* Overwrite location for vtysh.conf
*/
vtysh_configfile_name = strrchr(VTYSH_DEFAULT_CONFIG, '/');
if (vtysh_configfile_name)
/* skip '/' */
vtysh_configfile_name++;
else
/*
* VTYSH_DEFAULT_CONFIG configured with relative path
* during config? Should really never happen for
* sensible config
*/
vtysh_configfile_name = (char *) VTYSH_DEFAULT_CONFIG;
strlcpy(vtysh_config_always, optarg, sizeof(vtysh_config_always));
strlcat(vtysh_config_always, "/", sizeof(vtysh_config_always));
strlcat(vtysh_config_always, vtysh_configfile_name,
sizeof(vtysh_config_always));
/*
* Overwrite location for Quagga.conf
*/
vtysh_configfile_name = strrchr(QUAGGA_DEFAULT_CONFIG, '/');
if (vtysh_configfile_name)
/* skip '/' */
vtysh_configfile_name++;
else
/*
* QUAGGA_DEFAULT_CONFIG configured with relative path
* during config? Should really never happen for
* sensible config
*/
vtysh_configfile_name = (char *) QUAGGA_DEFAULT_CONFIG;
strlcpy(quagga_config_default, optarg, sizeof(vtysh_config_always));
strlcat(quagga_config_default, "/", sizeof(vtysh_config_always));
strlcat(quagga_config_default, vtysh_configfile_name,
sizeof(quagga_config_default));
break;
case 'd': case 'd':
daemon_name = optarg; daemon_name = optarg;
break; break;