proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-05-25 20:08:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2223 from ppmathis/fix/no-password-warnings

Browse Source 
lib: Improved warnings for 'no (enable) password'
This commit is contained in:
Quentin Young 2018-05-14 11:01:19 -04:00 committed by GitHub
commit 62362d70aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/command.c
View File

@ -1960,19 +1960,17 @@ DEFUN (no_config_password,
bool warned = false; bool warned = false;
if (host.password) { if (host.password) {
vty_out(vty, if (!vty_shell_serv(vty)) {
"Please be aware that removing the password is a security risk and " vty_out(vty, NO_PASSWD_CMD_WARNING);
"you should think twice about this command\n");
warned = true; warned = true;
}
XFREE(MTYPE_HOST, host.password); XFREE(MTYPE_HOST, host.password);
} }
host.password = NULL; host.password = NULL;
if (host.password_encrypt) { if (host.password_encrypt) {
if (!warned) if (!warned && !vty_shell_serv(vty))
vty_out(vty, vty_out(vty, NO_PASSWD_CMD_WARNING);
"Please be aware that removing the password is a security risk "
"and you should think twice about this command\n");
XFREE(MTYPE_HOST, host.password_encrypt); XFREE(MTYPE_HOST, host.password_encrypt);
} }
host.password_encrypt = NULL; host.password_encrypt = NULL;
@ -2044,19 +2042,17 @@ DEFUN (no_config_enable_password,
bool warned = false; bool warned = false;
if (host.enable) { if (host.enable) {
vty_out(vty, if (!vty_shell_serv(vty)) {
"Please be aware that removing the password is a security risk and " vty_out(vty, NO_PASSWD_CMD_WARNING);
"you should think twice about this command\n");
warned = true; warned = true;
}
XFREE(MTYPE_HOST, host.enable); XFREE(MTYPE_HOST, host.enable);
} }
host.enable = NULL; host.enable = NULL;
if (host.enable_encrypt) { if (host.enable_encrypt) {
if (!warned) if (!warned && !vty_shell_serv(vty))
vty_out(vty, vty_out(vty, NO_PASSWD_CMD_WARNING);
"Please be aware that removing the password is a security risk "
"and you should think twice about this command\n");
XFREE(MTYPE_HOST, host.enable_encrypt); XFREE(MTYPE_HOST, host.enable_encrypt);
} }
host.enable_encrypt = NULL; host.enable_encrypt = NULL;

4
lib/command.h
View File

@ -376,6 +376,10 @@ struct cmd_node {
#define CONF_BACKUP_EXT ".sav" #define CONF_BACKUP_EXT ".sav"
/* Command warnings. */
#define NO_PASSWD_CMD_WARNING \
"Please be aware that removing the password is a security risk and you should think twice about this command.\n"
/* IPv4 only machine should not accept IPv6 address for peer's IP /* IPv4 only machine should not accept IPv6 address for peer's IP
address. So we replace VTY command string like below. */ address. So we replace VTY command string like below. */
#define NEIGHBOR_ADDR_STR "Neighbor address\nIPv6 address\n" #define NEIGHBOR_ADDR_STR "Neighbor address\nIPv6 address\n"

4
vtysh/vtysh.c
View File

@ -2372,6 +2372,8 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd,
"no password", NO_STR "no password", NO_STR
"Modify the terminal connection password\n") "Modify the terminal connection password\n")
{ {
vty_out(vty, NO_PASSWD_CMD_WARNING);
return CMD_SUCCESS; return CMD_SUCCESS;
} }
@ -2390,6 +2392,8 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password,
"Modify enable password parameters\n" "Modify enable password parameters\n"
"Assign the privileged level password\n") "Assign the privileged level password\n")
{ {
vty_out(vty, NO_PASSWD_CMD_WARNING);
return CMD_SUCCESS; return CMD_SUCCESS;
} }