proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-05 11:48:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lib: Improved warnings for 'no (enable) password'

Browse Source 
When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.

While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.

This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.

Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
This commit is contained in:
Pascal Mathis 2018-05-12 20:19:49 +02:00
parent 05859298a3
commit eb83f7ce84
No known key found for this signature in database
GPG Key ID: E208DBA7BFC9B28C
2 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/command.c
View File

@ -1960,19 +1960,23 @@ DEFUN (no_config_password,
bool warned = false;
if (host.password) {
vty_out(vty,
"Please be aware that removing the password is a security risk and "
"you should think twice about this command\n");
warned = true;
if (!vty_shell_serv(vty)) {
vty_out(vty,
"Please be aware that removing the password is "
"a security risk and you should think twice "
"about this command\n");
warned = true;
}
XFREE(MTYPE_HOST, host.password);
}
host.password = NULL;
if (host.password_encrypt) {
if (!warned)
if (!warned && !vty_shell_serv(vty))
vty_out(vty,
"Please be aware that removing the password is a security risk "
"and you should think twice about this command\n");
"Please be aware that removing the password is "
"a security risk and you should think twice "
"about this command\n");
XFREE(MTYPE_HOST, host.password_encrypt);
}
host.password_encrypt = NULL;
@ -2044,19 +2048,23 @@ DEFUN (no_config_enable_password,
bool warned = false;
if (host.enable) {
vty_out(vty,
"Please be aware that removing the password is a security risk and "
"you should think twice about this command\n");
warned = true;
if (!vty_shell_serv(vty)) {
vty_out(vty,
"Please be aware that removing the password is "
"a security risk and you should think twice "
"about this command\n");
warned = true;
}
XFREE(MTYPE_HOST, host.enable);
}
host.enable = NULL;
if (host.enable_encrypt) {
if (!warned)
if (!warned && !vty_shell_serv(vty))
vty_out(vty,
"Please be aware that removing the password is a security risk "
"and you should think twice about this command\n");
"Please be aware that removing the password is "
"a security risk and you should think twice "
"about this command\n");
XFREE(MTYPE_HOST, host.enable_encrypt);
}
host.enable_encrypt = NULL;

8
vtysh/vtysh.c
View File

@ -2372,6 +2372,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd,
"no password", NO_STR
"Modify the terminal connection password\n")
{
vty_out(vty,
"Please be aware that removing the password is a security risk "
"and you should think twice about this command\n");
return CMD_SUCCESS;
}
@ -2390,6 +2394,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password,
"Modify enable password parameters\n"
"Assign the privileged level password\n")
{
vty_out(vty,
"Please be aware that removing the password is a security risk "
"and you should think twice about this command\n");
return CMD_SUCCESS;
}