diff options
| author | Pascal Mathis <mail@pascalmathis.com> | 2018-05-12 20:19:49 +0200 |
|---|---|---|
| committer | Pascal Mathis <mail@pascalmathis.com> | 2018-05-12 22:22:09 +0200 |
| commit | eb83f7ce842944518bac726c19eb071257a2ed56 (patch) | |
| tree | 5dafb412282441bb3eb53b143cce5d6e48758468 /lib/command.c | |
| parent | 05859298a3979eaa1a802174128b3342be47c7b1 (diff) | |
lib: Improved warnings for 'no (enable) password'
When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.
While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.
This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
Diffstat (limited to 'lib/command.c')
| -rw-r--r-- | lib/command.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/lib/command.c b/lib/command.c index 69e301fcfa..3761f444bc 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1960,19 +1960,23 @@ DEFUN (no_config_password, bool warned = false; if (host.password) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); + warned = true; + } XFREE(MTYPE_HOST, host.password); } host.password = NULL; if (host.password_encrypt) { - if (!warned) + if (!warned && !vty_shell_serv(vty)) vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); XFREE(MTYPE_HOST, host.password_encrypt); } host.password_encrypt = NULL; @@ -2044,19 +2048,23 @@ DEFUN (no_config_enable_password, bool warned = false; if (host.enable) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); + warned = true; + } XFREE(MTYPE_HOST, host.enable); } host.enable = NULL; if (host.enable_encrypt) { - if (!warned) + if (!warned && !vty_shell_serv(vty)) vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + "Please be aware that removing the password is " + "a security risk and you should think twice " + "about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); } host.enable_encrypt = NULL; |