diff options
| -rw-r--r-- | debianpkg/backports/ubuntu14.04/debian/frr.postinst | 2 | ||||
| -rw-r--r-- | debianpkg/frr.postinst | 2 | ||||
| -rw-r--r-- | doc/user/basic.rst | 19 | ||||
| -rw-r--r-- | lib/command.c | 49 | ||||
| -rw-r--r-- | vtysh/vtysh.c | 10 |
5 files changed, 69 insertions, 13 deletions
diff --git a/debianpkg/backports/ubuntu14.04/debian/frr.postinst b/debianpkg/backports/ubuntu14.04/debian/frr.postinst index b1d463a33d..5a14e510cd 100644 --- a/debianpkg/backports/ubuntu14.04/debian/frr.postinst +++ b/debianpkg/backports/ubuntu14.04/debian/frr.postinst @@ -18,7 +18,7 @@ chgrp ${frrvtygid} /etc/frr/vtysh* chmod 644 /etc/frr/* ENVIRONMENTFILE=/etc/environment -if ! grep --quiet VTYSH_PAGER=/bin/cat ${ENVIRONMENTFILE}; then +if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE} fi ################################################## diff --git a/debianpkg/frr.postinst b/debianpkg/frr.postinst index 972f8c0500..32af741c98 100644 --- a/debianpkg/frr.postinst +++ b/debianpkg/frr.postinst @@ -19,7 +19,7 @@ chgrp ${frrvtygid} /etc/frr/vtysh* chmod 644 /etc/frr/* ENVIRONMENTFILE=/etc/environment -if ! grep --quiet VTYSH_PAGER=/bin/cat ${ENVIRONMENTFILE}; then +if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE} fi ################################################## diff --git a/doc/user/basic.rst b/doc/user/basic.rst index f134133da4..b861444e88 100644 --- a/doc/user/basic.rst +++ b/doc/user/basic.rst @@ -55,18 +55,23 @@ Basic Config Commands Set hostname of the router. -.. index:: password PASSWORD +.. index:: + single: no password PASSWORD + single: password PASSWORD -.. clicmd:: password PASSWORD +.. clicmd:: [no] password PASSWORD - Set password for vty interface. If there is no password, a vty won't - accept connections. + Set password for vty interface. The ``no`` form of the command deletes the + password. If there is no password, a vty won't accept connections. -.. index:: enable password PASSWORD +.. index:: + single: no enable password PASSWORD + single: enable password PASSWORD -.. clicmd:: enable password PASSWORD +.. clicmd:: [no] enable password PASSWORD - Set enable password. + Set enable password. The ``no`` form of the command deletes the enable + password. .. index:: single: no log trap [LEVEL] diff --git a/lib/command.c b/lib/command.c index 2744061b5a..6250c7b6eb 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1895,7 +1895,7 @@ DEFUN (config_no_hostname, DEFUN (config_password, password_cmd, "password [(8-8)] WORD", - "Assign the terminal connection password\n" + "Modify the terminal connection password\n" "Specifies a HIDDEN password will follow\n" "The password string\n") { @@ -1934,6 +1934,36 @@ DEFUN (config_password, return CMD_SUCCESS; } +/* VTY interface password delete. */ +DEFUN (no_config_password, + no_password_cmd, + "no password", + NO_STR + "Modify the terminal connection password\n") +{ + bool warned = false; + + if (host.password) { + vty_out(vty, + "Please be aware that removing the password is a security risk and " + "you should think twice about this command\n"); + warned = true; + XFREE(MTYPE_HOST, host.password); + } + host.password = NULL; + + if (host.password_encrypt) { + if (!warned) + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); + XFREE(MTYPE_HOST, host.password_encrypt); + } + host.password_encrypt = NULL; + + return CMD_SUCCESS; +} + /* VTY enable password set. */ DEFUN (config_enable_password, enable_password_cmd, @@ -1995,12 +2025,24 @@ DEFUN (no_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { - if (host.enable) + bool warned = false; + + if (host.enable) { + vty_out(vty, + "Please be aware that removing the password is a security risk and " + "you should think twice about this command\n"); + warned = true; XFREE(MTYPE_HOST, host.enable); + } host.enable = NULL; - if (host.enable_encrypt) + if (host.enable_encrypt) { + if (!warned) + vty_out(vty, + "Please be aware that removing the password is a security risk " + "and you should think twice about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); + } host.enable_encrypt = NULL; return CMD_SUCCESS; @@ -2710,6 +2752,7 @@ void cmd_init(int terminal) if (terminal > 0) { install_element(CONFIG_NODE, &password_cmd); + install_element(CONFIG_NODE, &no_password_cmd); install_element(CONFIG_NODE, &enable_password_cmd); install_element(CONFIG_NODE, &no_enable_password_cmd); diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index 867dc9cd15..7397089a79 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -2361,13 +2361,20 @@ DEFUNSH(VTYSH_ALL, no_vtysh_service_password_encrypt, DEFUNSH(VTYSH_ALL, vtysh_config_password, vtysh_password_cmd, "password [(8-8)] LINE", - "Assign the terminal connection password\n" + "Modify the terminal connection password\n" "Specifies a HIDDEN password will follow\n" "The password string\n") { return CMD_SUCCESS; } +DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd, + "no password", NO_STR + "Modify the terminal connection password\n") +{ + return CMD_SUCCESS; +} + DEFUNSH(VTYSH_ALL, vtysh_config_enable_password, vtysh_enable_password_cmd, "enable password [(8-8)] LINE", "Modify enable password parameters\n" @@ -3605,6 +3612,7 @@ void vtysh_init_vty(void) install_element(CONFIG_NODE, &no_vtysh_service_password_encrypt_cmd); install_element(CONFIG_NODE, &vtysh_password_cmd); + install_element(CONFIG_NODE, &no_vtysh_password_cmd); install_element(CONFIG_NODE, &vtysh_enable_password_cmd); install_element(CONFIG_NODE, &no_vtysh_enable_password_cmd); } |