proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-07 17:18:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lib: change command logging to be off by default, and add 'log_commands' to enable it.

Browse Source
This commit is contained in:
Lou Berger 2016-05-17 12:19:51 -04:00 committed by Donald Sharp
parent 1035065f2a
commit da688ecdde
2 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/basic.texi
View File

@ -185,6 +185,13 @@ In this example, the precision is set to provide timestamps with
millisecond accuracy. millisecond accuracy.
@end deffn @end deffn
@deffn Command {log commands} {}
This command enables the logging of all commands typed by a user to
all enabled log destinations. The note that logging includes full
command lines, including passwords. Once set, command logging can only
be turned off by restarting the daemon.
@end deffn
@deffn Command {service password-encryption} {} @deffn Command {service password-encryption} {}
Encrypt password. Encrypt password.
@end deffn @end deffn

25
lib/vty.c
View File

@ -90,6 +90,7 @@ static u_char restricted_mode = 0;
/* Integrated configuration file path */ /* Integrated configuration file path */
char integrate_default[] = SYSCONFDIR INTEGRATE_DEFAULT_CONFIG; char integrate_default[] = SYSCONFDIR INTEGRATE_DEFAULT_CONFIG;
static int do_log_commands = 0;
/* VTY standard output function. */ /* VTY standard output function. */
int int
@ -402,12 +403,13 @@ vty_command (struct vty *vty, char *buf)
int ret; int ret;
vector vline; vector vline;
const char *protocolname; const char *protocolname;
char *cp; char *cp = NULL;
/* /*
* Log non empty command lines * Log non empty command lines
*/ */
cp = buf; if (do_log_commands)
cp = buf;
if (cp != NULL) if (cp != NULL)
{ {
/* Skip white spaces. */ /* Skip white spaces. */
@ -435,7 +437,7 @@ vty_command (struct vty *vty, char *buf)
snprintf(prompt_str, sizeof(prompt_str), cmd_prompt (vty->node), vty_str); snprintf(prompt_str, sizeof(prompt_str), cmd_prompt (vty->node), vty_str);
/* now log the command */ /* now log the command */
zlog(NULL, LOG_NOTICE, "%s%s", prompt_str, buf); zlog(NULL, LOG_ERR, "%s%s", prompt_str, buf);
} }
/* Split readline string up into the vector */ /* Split readline string up into the vector */
vline = cmd_make_strvec (buf); vline = cmd_make_strvec (buf);
@ -2957,6 +2959,17 @@ DEFUN (show_history,
return CMD_SUCCESS; return CMD_SUCCESS;
} }
/* vty login. */
DEFUN (log_commands,
log_commands_cmd,
"log commands",
"Logging control\n"
"Log all commands (can't be unset without restart)\n")
{
do_log_commands = 1;
return CMD_SUCCESS;
}
/* Display current configuration. */ /* Display current configuration. */
static int static int
vty_config_write (struct vty *vty) vty_config_write (struct vty *vty)
@ -2988,7 +3001,10 @@ vty_config_write (struct vty *vty)
else else
vty_out (vty, " anonymous restricted%s", VTY_NEWLINE); vty_out (vty, " anonymous restricted%s", VTY_NEWLINE);
} }
if (do_log_commands)
vty_out (vty, "log commands%s", VTY_NEWLINE);
vty_out (vty, "!%s", VTY_NEWLINE); vty_out (vty, "!%s", VTY_NEWLINE);
return CMD_SUCCESS; return CMD_SUCCESS;
@ -3123,6 +3139,7 @@ vty_init (struct thread_master *master_thread)
install_element (CONFIG_NODE, &service_advanced_vty_cmd); install_element (CONFIG_NODE, &service_advanced_vty_cmd);
install_element (CONFIG_NODE, &no_service_advanced_vty_cmd); install_element (CONFIG_NODE, &no_service_advanced_vty_cmd);
install_element (CONFIG_NODE, &show_history_cmd); install_element (CONFIG_NODE, &show_history_cmd);
install_element (CONFIG_NODE, &log_commands_cmd);
install_element (ENABLE_NODE, &terminal_monitor_cmd); install_element (ENABLE_NODE, &terminal_monitor_cmd);
install_element (ENABLE_NODE, &terminal_no_monitor_cmd); install_element (ENABLE_NODE, &terminal_no_monitor_cmd);
install_element (ENABLE_NODE, &no_terminal_monitor_cmd); install_element (ENABLE_NODE, &no_terminal_monitor_cmd);