diff options
| -rw-r--r-- | doc/basic.texi | 3 | ||||
| -rw-r--r-- | ldpd/l2vpn.c | 18 | ||||
| -rw-r--r-- | ldpd/lde.c | 9 | ||||
| -rw-r--r-- | ldpd/ldpd.h | 1 | ||||
| -rw-r--r-- | lib/command.c | 40 | ||||
| -rw-r--r-- | vtysh/vtysh.c | 12 | ||||
| -rw-r--r-- | zebra/zebra_pw.c | 2 |
7 files changed, 72 insertions, 13 deletions
diff --git a/doc/basic.texi b/doc/basic.texi index 05d72bc80f..54cad2555f 100644 --- a/doc/basic.texi +++ b/doc/basic.texi @@ -72,7 +72,8 @@ Set hostname of the router. @end deffn @deffn Command {password @var{password}} {} -Set password for vty interface. If there is no password, a vty won't +@deffnx Command {no password} {} +Set/delete password for vty interface. If there is no password, a vty won't accept connections. @end deffn diff --git a/ldpd/l2vpn.c b/ldpd/l2vpn.c index 9bb378a11c..2a3a5d97c1 100644 --- a/ldpd/l2vpn.c +++ b/ldpd/l2vpn.c @@ -294,17 +294,26 @@ int l2vpn_pw_ok(struct l2vpn_pw *pw, struct fec_nh *fnh) { /* check for a remote label */ - if (fnh->remote_label == NO_LABEL) + if (fnh->remote_label == NO_LABEL) { + log_warnx("%s: pseudowire %s: no remote label", __func__, + pw->ifname); return (0); + } /* MTUs must match */ - if (pw->l2vpn->mtu != pw->remote_mtu) + if (pw->l2vpn->mtu != pw->remote_mtu) { + log_warnx("%s: pseudowire %s: MTU mismatch detected", __func__, + pw->ifname); return (0); + } /* check pw status if applicable */ if ((pw->flags & F_PW_STATUSTLV) && - pw->remote_status != PW_FORWARDING) + pw->remote_status != PW_FORWARDING) { + log_warnx("%s: pseudowire %s: remote end is down", __func__, + pw->ifname); return (0); + } return (1); } @@ -549,7 +558,8 @@ l2vpn_pw_ctl(pid_t pid) sizeof(pwctl.ifname)); pwctl.pwid = pw->pwid; pwctl.lsr_id = pw->lsr_id; - if (pw->local_status == PW_FORWARDING && + if (pw->enabled && + pw->local_status == PW_FORWARDING && pw->remote_status == PW_FORWARDING) pwctl.status = 1; diff --git a/ldpd/lde.c b/ldpd/lde.c index 519fcd9d11..e68b7bc22a 100644 --- a/ldpd/lde.c +++ b/ldpd/lde.c @@ -773,11 +773,12 @@ lde_send_change_klabel(struct fec_node *fn, struct fec_nh *fnh) sizeof(kr)); break; case FEC_TYPE_PWID: - if (fn->local_label == NO_LABEL || + pw = (struct l2vpn_pw *) fn->data; + if (!pw || fn->local_label == NO_LABEL || fnh->remote_label == NO_LABEL) return; - pw = (struct l2vpn_pw *) fn->data; + pw->enabled = true; pw2zpw(pw, &zpw); zpw.local_label = fn->local_label; zpw.remote_label = fnh->remote_label; @@ -824,6 +825,10 @@ lde_send_delete_klabel(struct fec_node *fn, struct fec_nh *fnh) break; case FEC_TYPE_PWID: pw = (struct l2vpn_pw *) fn->data; + if (!pw) + return; + + pw->enabled = false; pw2zpw(pw, &zpw); zpw.local_label = fn->local_label; zpw.remote_label = fnh->remote_label; diff --git a/ldpd/ldpd.h b/ldpd/ldpd.h index fd7d5c5729..0c3b271f83 100644 --- a/ldpd/ldpd.h +++ b/ldpd/ldpd.h @@ -410,6 +410,7 @@ struct l2vpn_pw { uint32_t pwid; char ifname[IF_NAMESIZE]; unsigned int ifindex; + bool enabled; uint32_t remote_group; uint16_t remote_mtu; uint32_t local_status; diff --git a/lib/command.c b/lib/command.c index 686795c10a..39502d6121 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1876,7 +1876,7 @@ DEFUN (config_no_hostname, DEFUN (config_password, password_cmd, "password [(8-8)] WORD", - "Assign the terminal connection password\n" + "Modify the terminal connection password\n" "Specifies a HIDDEN password will follow\n" "The password string\n") { @@ -1916,6 +1916,31 @@ DEFUN (config_password, return CMD_SUCCESS; } +/* VTY interface password delete. */ +DEFUN (no_config_password, + no_password_cmd, + "no password", + NO_STR + "Modify the terminal connection password\n") +{ + bool warned = false; + + if (host.password) { + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); + warned = true; + XFREE(MTYPE_HOST, host.password); + } + host.password = NULL; + if (host.password_encrypt) { + if (!warned) + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); + XFREE(MTYPE_HOST, host.password_encrypt); + } + host.password_encrypt = NULL; + + return CMD_SUCCESS; +} + /* VTY enable password set. */ DEFUN (config_enable_password, enable_password_cmd, @@ -1978,12 +2003,20 @@ DEFUN (no_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { - if (host.enable) + bool warned = false; + + if (host.enable) { + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); + warned = true; XFREE(MTYPE_HOST, host.enable); + } host.enable = NULL; - if (host.enable_encrypt) + if (host.enable_encrypt) { + if (!warned) + vty_out(vty, "Please be aware that removing the password is a security risk and you should think twice about this command\n"); XFREE(MTYPE_HOST, host.enable_encrypt); + } host.enable_encrypt = NULL; return CMD_SUCCESS; @@ -2647,6 +2680,7 @@ void cmd_init(int terminal) if (terminal > 0) { install_element(CONFIG_NODE, &password_cmd); + install_element(CONFIG_NODE, &no_password_cmd); install_element(CONFIG_NODE, &enable_password_cmd); install_element(CONFIG_NODE, &no_enable_password_cmd); diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index d849d30e72..e1af6fde9a 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -1905,7 +1905,7 @@ DEFUNSH(VTYSH_ALL, no_vtysh_service_password_encrypt, DEFUNSH(VTYSH_ALL, vtysh_config_password, vtysh_password_cmd, "password (8-8) WORD", - "Assign the terminal connection password\n" + "Modify the terminal connection password\n" "Specifies a HIDDEN password will follow\n" "dummy string \n" "The HIDDEN line password string\n") @@ -1915,12 +1915,19 @@ DEFUNSH(VTYSH_ALL, vtysh_config_password, vtysh_password_cmd, DEFUNSH(VTYSH_ALL, vtysh_password_text, vtysh_password_text_cmd, "password LINE", - "Assign the terminal connection password\n" + "Modify the terminal connection password\n" "The UNENCRYPTED (cleartext) line password\n") { return CMD_SUCCESS; } +DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd, + "no password", NO_STR + "Modify the terminal connection password\n") +{ + return CMD_SUCCESS; +} + DEFUNSH(VTYSH_ALL, vtysh_config_enable_password, vtysh_enable_password_cmd, "enable password (8-8) WORD", "Modify enable password parameters\n" @@ -2987,6 +2994,7 @@ void vtysh_init_vty(void) install_element(CONFIG_NODE, &no_vtysh_service_password_encrypt_cmd); install_element(CONFIG_NODE, &vtysh_password_cmd); + install_element(CONFIG_NODE, &no_vtysh_password_cmd); install_element(CONFIG_NODE, &vtysh_password_text_cmd); install_element(CONFIG_NODE, &vtysh_enable_password_cmd); install_element(CONFIG_NODE, &vtysh_enable_password_text_cmd); diff --git a/zebra/zebra_pw.c b/zebra/zebra_pw.c index 6e221ec486..39c4e3b1a0 100644 --- a/zebra/zebra_pw.c +++ b/zebra/zebra_pw.c @@ -71,7 +71,7 @@ struct zebra_pw *zebra_pw_add(struct zebra_vrf *zvrf, const char *ifname, pw->protocol = protocol; pw->vrf_id = zvrf_id(zvrf); pw->client = client; - pw->status = PW_STATUS_UP; + pw->status = PW_STATUS_DOWN; pw->local_label = MPLS_NO_LABEL; pw->remote_label = MPLS_NO_LABEL; pw->flags = F_PSEUDOWIRE_CWORD; |