diff options
| author | Pascal Mathis <mail@pascalmathis.com> | 2018-05-11 02:54:30 +0200 |
|---|---|---|
| committer | Pascal Mathis <mail@pascalmathis.com> | 2018-05-11 02:54:30 +0200 |
| commit | 322e2d5c694449ee604c339abb0e9fc14babdc45 (patch) | |
| tree | e01e1593b288d4d2f6b9d2304f8465e243cd9793 /lib/command.c | |
| parent | 3dc755e492093c42d0983620da810893c413c533 (diff) | |
lib: Ported 'no (enable) password' from stable/3.0
The pull request #1545 from @donaldsharp introduced the command 'no
password' to remove an existing terminal connection password.
Additionally, warnings have been added to both 'no password' and 'no
enable password' to make the user aware of any security implications.
It seems that this specific pull request was never merged against master
and got lost. This commit is a cherry-pick of d4961273cb with fixed
conflicts and updated documentation.
Thanks to @donaldsharp and @pogojotz for the original PR.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
Diffstat (limited to 'lib/command.c')
| -rw-r--r-- | lib/command.c | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/lib/command.c b/lib/command.c index 2744061b5a..6250c7b6eb 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1895,7 +1895,7 @@ DEFUN (config_no_hostname, DEFUN (config_password, password_cmd, "password [(8-8)] WORD", - "Assign the terminal connection password\n" + "Modify the terminal connection password\n" "Specifies a HIDDEN password will follow\n" "The password string\n") { @@ -1934,6 +1934,36 @@ DEFUN (config_password, return CMD_SUCCESS; } +/* VTY interface password delete. */ +DEFUN (no_config_password, + no_password_cmd, + "no password", + NO_STR + "Modify the terminal connection password\n") +{ + bool warned = false; + + if (host.password) { + vty_out(vty, + "Please be aware that removing the password is a security risk and " + "you should think twice about this command\n"); + warned = true; + XFREE(MTYPE_HOST, host.password); + } + host.password = NULL; + + if (host.password_encrypt) { + if (!warned) + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); + XFREE(MTYPE_HOST, host.password_encrypt); + } + host.password_encrypt = NULL; + + return CMD_SUCCESS; +} + /* VTY enable password set. */ DEFUN (config_enable_password, enable_password_cmd, @@ -1995,12 +2025,24 @@ DEFUN (no_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { - if (host.enable) + bool warned = false; + + if (host.enable) { + vty_out(vty, + "Please be aware that removing the password is a security risk and " + "you should think twice about this command\n"); + warned = true; XFREE(MTYPE_HOST, host.enable); + } host.enable = NULL; - if (host.enable_encrypt) + if (host.enable_encrypt) { + if (!warned) + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); + } host.enable_encrypt = NULL; return CMD_SUCCESS; @@ -2710,6 +2752,7 @@ void cmd_init(int terminal) if (terminal > 0) { install_element(CONFIG_NODE, &password_cmd); + install_element(CONFIG_NODE, &no_password_cmd); install_element(CONFIG_NODE, &enable_password_cmd); install_element(CONFIG_NODE, &no_enable_password_cmd); |