From 5e73768bfac4baae1b562976eeca91beb34c67f4 Mon Sep 17 00:00:00 2001 From: Pascal Mathis Date: Sat, 12 May 2018 20:19:49 +0200 Subject: [PATCH] lib: Improved warnings for 'no (enable) password' When the user executes one of the commands 'no password' or 'no enable password', a warning message gets shown to inform the user of the security implications. While the current implementation works, a warning message gets printed once for each daemon, which can lead to seeing the same message many times. This does not affect functionality, but looks like an error to the user as it can be seen within issue #1432. This commit only prints the warning message inside lib when vtysh dispatch is not being used. Additionally, the warning message was copied into the vtysh command handlers, so that they get printed exactly once. Signed-off-by: Pascal Mathis (cherry picked from commit eb83f7ce842944518bac726c19eb071257a2ed56) --- lib/command.c | 36 ++++++++++++++++++++++-------------- vtysh/vtysh.c | 8 ++++++++ 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/lib/command.c b/lib/command.c index 9e63d58239..e06db4deee 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1944,19 +1944,23 @@ DEFUN (no_config_password, bool warned = false; if (host.password) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); + warned = true; + } XFREE(MTYPE_HOST, host.password); } host.password = NULL; if (host.password_encrypt) { - if (!warned) + if (!warned && !vty_shell_serv(vty)) vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); XFREE(MTYPE_HOST, host.password_encrypt); } host.password_encrypt = NULL; @@ -2028,19 +2032,23 @@ DEFUN (no_config_enable_password, bool warned = false; if (host.enable) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); + warned = true; + } XFREE(MTYPE_HOST, host.enable); } host.enable = NULL; if (host.enable_encrypt) { - if (!warned) + if (!warned && !vty_shell_serv(vty)) vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); } host.enable_encrypt = NULL; diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index 7397089a79..84b28b18b5 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -2372,6 +2372,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd, "no password", NO_STR "Modify the terminal connection password\n") { + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); + return CMD_SUCCESS; } @@ -2390,6 +2394,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); + return CMD_SUCCESS; } -- 2.39.5