lib: Improved warnings for 'no (enable) password'

When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.

While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.

This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.

Signed-off-by: Pascal Mathis <mail@pascalmathis.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
index 01ba00776..8403912ea 100644
--- a/vtysh/vtysh.c
+++ b/vtysh/vtysh.c
@@ -2372,6 +2372,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd,
 	"no password", NO_STR
 	"Modify the terminal connection password\n")
 {
+	vty_out(vty,
+		"Please be aware that removing the password is a security risk "
+		"and you should think twice about this command\n");
+
 	return CMD_SUCCESS;
 }
 
@@ -2390,6 +2394,10 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password,
 	"Modify enable password parameters\n"
 	"Assign the privileged level password\n")
 {
+	vty_out(vty,
+		"Please be aware that removing the password is a security risk "
+		"and you should think twice about this command\n");
+
 	return CMD_SUCCESS;
 }