diff options
| author | Quentin Young <qlyoung@users.noreply.github.com> | 2018-05-14 11:01:19 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-14 11:01:19 -0400 |
| commit | 62362d70aac9f70a2563ae7e5d4448b05c38d2da (patch) | |
| tree | f4347321beabd402c87f4c6bd0558d4277a1a871 | |
| parent | c02bcc728b9ffde5b23a484399e4e64d86fdb32f (diff) | |
| parent | 4911ca9cab5d75b5031edb83b52423ed47798324 (diff) | |
Merge pull request #2223 from ppmathis/fix/no-password-warnings
lib: Improved warnings for 'no (enable) password'
| -rw-r--r-- | lib/command.c | 28 | ||||
| -rw-r--r-- | lib/command.h | 4 | ||||
| -rw-r--r-- | vtysh/vtysh.c | 4 |
3 files changed, 20 insertions, 16 deletions
diff --git a/lib/command.c b/lib/command.c index 69e301fcfa..0fa6bde334 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1960,19 +1960,17 @@ DEFUN (no_config_password, bool warned = false; if (host.password) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, NO_PASSWD_CMD_WARNING); + warned = true; + } XFREE(MTYPE_HOST, host.password); } host.password = NULL; if (host.password_encrypt) { - if (!warned) - vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + if (!warned && !vty_shell_serv(vty)) + vty_out(vty, NO_PASSWD_CMD_WARNING); XFREE(MTYPE_HOST, host.password_encrypt); } host.password_encrypt = NULL; @@ -2044,19 +2042,17 @@ DEFUN (no_config_enable_password, bool warned = false; if (host.enable) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, NO_PASSWD_CMD_WARNING); + warned = true; + } XFREE(MTYPE_HOST, host.enable); } host.enable = NULL; if (host.enable_encrypt) { - if (!warned) - vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + if (!warned && !vty_shell_serv(vty)) + vty_out(vty, NO_PASSWD_CMD_WARNING); XFREE(MTYPE_HOST, host.enable_encrypt); } host.enable_encrypt = NULL; diff --git a/lib/command.h b/lib/command.h index 9ba53e0907..8d9c39b0ea 100644 --- a/lib/command.h +++ b/lib/command.h @@ -376,6 +376,10 @@ struct cmd_node { #define CONF_BACKUP_EXT ".sav" +/* Command warnings. */ +#define NO_PASSWD_CMD_WARNING \ + "Please be aware that removing the password is a security risk and you should think twice about this command.\n" + /* IPv4 only machine should not accept IPv6 address for peer's IP address. So we replace VTY command string like below. */ #define NEIGHBOR_ADDR_STR "Neighbor address\nIPv6 address\n" diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index 01ba007767..9fff2ee58c 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -2372,6 +2372,8 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd, "no password", NO_STR "Modify the terminal connection password\n") { + vty_out(vty, NO_PASSWD_CMD_WARNING); + return CMD_SUCCESS; } @@ -2390,6 +2392,8 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { + vty_out(vty, NO_PASSWD_CMD_WARNING); + return CMD_SUCCESS; } |