From eb83f7ce842944518bac726c19eb071257a2ed56 Mon Sep 17 00:00:00 2001 From: Pascal Mathis Date: Sat, 12 May 2018 20:19:49 +0200 Subject: [PATCH] lib: Improved warnings for 'no (enable) password' When the user executes one of the commands 'no password' or 'no enable password', a warning message gets shown to inform the user of the security implications. While the current implementation works, a warning message gets printed once for each daemon, which can lead to seeing the same message many times. This does not affect functionality, but looks like an error to the user as it can be seen within issue #1432. This commit only prints the warning message inside lib when vtysh dispatch is not being used. Additionally, the warning message was copied into the vtysh command handlers, so that they get printed exactly once. Signed-off-by: Pascal Mathis --- lib/command.c | 36 ++++++++++++++++++++++-------------- vtysh/vtysh.c | 8 ++++++++ 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/lib/command.c b/lib/command.c index 69e301fcfa..3761f444bc 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1960,19 +1960,23 @@ DEFUN (no_config_password, bool warned = false; if (host.password) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); + warned = true; + } XFREE(MTYPE_HOST, host.password); } host.password = NULL; if (host.password_encrypt) { - if (!warned) + if (!warned && !vty_shell_serv(vty)) vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); XFREE(MTYPE_HOST, host.password_encrypt); } host.password_encrypt = NULL; @@ -2044,19 +2048,23 @@ DEFUN (no_config_enable_password, bool warned = false; if (host.enable) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); + warned = true; + } XFREE(MTYPE_HOST, host.enable); } host.enable = NULL; if (host.enable_encrypt) { - if (!warned) + if (!warned && !vty_shell_serv(vty)) vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); } host.enable_encrypt = NULL; diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index 01ba007767..8403912ea3 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -2372,6 +2372,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd, "no password", NO_STR "Modify the terminal connection password\n") { + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); + return CMD_SUCCESS; } @@ -2390,6 +2394,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); + return CMD_SUCCESS; }