From d6cab81175ec6afe5708ade7557d35330c0cb973 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Thu, 21 May 2009 07:31:48 +0000 Subject: vty: disable password encryption, remove dependency to lcrypt --- src/Makefile.am | 4 ++-- src/vty/command.c | 8 ++++++++ src/vty/vty.c | 6 ++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index bda3fd107..afa63cc51 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,7 +14,7 @@ libbsc_a_SOURCES = abis_rsl.c abis_nm.c gsm_04_08.c gsm_data.c \ libvty_a_SOURCES = vty/buffer.c vty/command.c vty/vector.c vty/vty.c bsc_hack_SOURCES = bsc_hack.c vty_interface.c -bsc_hack_LDADD = libbsc.a libvty.a -ldl -ldbi -lcrypt +bsc_hack_LDADD = libbsc.a libvty.a -ldl -ldbi bs11_config_SOURCES = bs11_config.c abis_nm.c gsm_data.c msgb.c debug.c \ select.c timer.c rs232.c tlv_parser.c signal.c @@ -22,4 +22,4 @@ bs11_config_SOURCES = bs11_config.c abis_nm.c gsm_data.c msgb.c debug.c \ ipaccess_find_SOURCES = ipaccess-find.c select.c timer.c ipaccess_config_SOURCES = ipaccess-config.c -ipaccess_config_LDADD = libbsc.a libvty.a -ldl -ldbi -lcrypt +ipaccess_config_LDADD = libbsc.a libvty.a -ldl -ldbi diff --git a/src/vty/command.c b/src/vty/command.c index b6fd2ad92..f4242626b 100644 --- a/src/vty/command.c +++ b/src/vty/command.c @@ -2705,11 +2705,13 @@ DEFUN(config_password, password_cmd, free(host.password); host.password = NULL; +#ifdef VTY_CRYPT_PW if (host.encrypt) { if (host.password_encrypt) free(host.password_encrypt); host.password_encrypt = strdup(zencrypt(argv[0])); } else +#endif host.password = strdup(argv[0]); return CMD_SUCCESS; @@ -2764,11 +2766,13 @@ ALIAS(config_password, password_text_cmd, host.enable = NULL; /* Plain password input. */ +#ifdef VTY_CRYPT_PW if (host.encrypt) { if (host.enable_encrypt) free(host.enable_encrypt); host.enable_encrypt = strdup(zencrypt(argv[0])); } else +#endif host.enable = strdup(argv[0]); return CMD_SUCCESS; @@ -2799,6 +2803,7 @@ ALIAS(config_enable_password, return CMD_SUCCESS; } +#ifdef VTY_CRYPT_PW DEFUN(service_password_encrypt, service_password_encrypt_cmd, "service password-encryption", @@ -2843,6 +2848,7 @@ DEFUN(no_service_password_encrypt, return CMD_SUCCESS; } +#endif DEFUN(config_terminal_length, config_terminal_length_cmd, "terminal length <0-512>", @@ -3390,8 +3396,10 @@ void cmd_init(int terminal) install_element(CONFIG_NODE, &enable_password_text_cmd); install_element(CONFIG_NODE, &no_enable_password_cmd); +#ifdef VTY_CRYPT_PW install_element(CONFIG_NODE, &service_password_encrypt_cmd); install_element(CONFIG_NODE, &no_service_password_encrypt_cmd); +#endif install_element(CONFIG_NODE, &banner_motd_default_cmd); install_element(CONFIG_NODE, &banner_motd_file_cmd); install_element(CONFIG_NODE, &no_banner_motd_cmd); diff --git a/src/vty/vty.c b/src/vty/vty.c index 370d1f7a9..ca6fff73c 100644 --- a/src/vty/vty.c +++ b/src/vty/vty.c @@ -75,9 +75,11 @@ static void vty_auth(struct vty *vty, char *buf) switch (vty->node) { case AUTH_NODE: +#ifdef VTY_CRYPT_PW if (host.encrypt) passwd = host.password_encrypt; else +#endif passwd = host.password; if (host.advanced) next_node = host.enable ? VIEW_NODE : ENABLE_NODE; @@ -85,18 +87,22 @@ static void vty_auth(struct vty *vty, char *buf) next_node = VIEW_NODE; break; case AUTH_ENABLE_NODE: +#ifdef VTY_CRYPT_PW if (host.encrypt) passwd = host.enable_encrypt; else +#endif passwd = host.enable; next_node = ENABLE_NODE; break; } if (passwd) { +#ifdef VTY_CRYPT_PW if (host.encrypt) fail = strcmp(crypt(buf, passwd), passwd); else +#endif fail = strcmp(buf, passwd); } else fail = 1; -- cgit v1.2.3