From 2c1731d7f4787b54671d4ee64fc95342081cb41d Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 13 Dec 2017 07:43:05 -0500 Subject: [PATCH] lib: Add warning to no forms of password command Allow the end-user to remove the password commands that may have been in their config, but warn them that what they are doing might be a dangerous thing. Signed-off-by: Donald Sharp --- lib/command.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/lib/command.c b/lib/command.c index b857bb0e62..39502d6121 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1923,11 +1923,19 @@ DEFUN (no_config_password, NO_STR "Modify the terminal connection password\n") { - if (host.password) + bool warned = false; + + if (host.password) { + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); + warned = true; XFREE(MTYPE_HOST, host.password); + } host.password = NULL; - if (host.password_encrypt) + if (host.password_encrypt) { + if (!warned) + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); XFREE(MTYPE_HOST, host.password_encrypt); + } host.password_encrypt = NULL; return CMD_SUCCESS; @@ -1995,12 +2003,20 @@ DEFUN (no_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { - if (host.enable) + bool warned = false; + + if (host.enable) { + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); + warned = true; XFREE(MTYPE_HOST, host.enable); + } host.enable = NULL; - if (host.enable_encrypt) + if (host.enable_encrypt) { + if (!warned) + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); + } host.enable_encrypt = NULL; return CMD_SUCCESS; -- 2.39.5