Add a space after "Password:" in default password prompt so it is

easier to read when pwfeedback is enabled.

diff --git a/Makefile.in b/Makefile.in
index e6c2bd1582a9ad3b3cfede2bb087f4e2b10517a1..2fc590b4f83f4c37608731a0fc0076e7633f1c4a 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -192,7 +192,9 @@ update-pot:
                case "$$domain" in \
                    sudo) tmpfiles=; cfiles="src/*c lib/*/*c";; \
                    sudoers) \
-                       echo "syntax error" > confstr.sh; \
+                       echo "gettext \"syntax error\"" > confstr.sh; \
+                       echo "gettext \"[sudo] password for %p: \"" >> confstr.sh; \
+                       echo "gettext \"%p's password: \"" >> confstr.sh; \
                        $(SED) -n -e 's/^badpass_message="/gettext "/p' \
                            -e 's/^passprompt="/gettext "/p' \
                            -e 's/^mailsub="/gettext "/p' configure.ac \

diff --git a/configure.ac b/configure.ac
index 784591fa027003ab5b37acc213a212e1c397fd3b..026636969f504cb8378356d6156c175b629ea786 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -144,7 +144,7 @@ timeout=5
 password_timeout=5
 sudo_umask=0022
 umask_override=off
-passprompt="Password:"
+passprompt="Password: "
 long_otp_prompt=off
 lecture=once
 logfac=auth

diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index bef48738c5bfc521d5dcd7f3a7f0aa9fe2b80960..fac9fb9c8bc873d14225929c57e36a1d4875ee8b 100644 (file)
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -78,7 +78,7 @@
 
 static int converse(int, PAM_CONST struct pam_message **,
                    struct pam_response **, void *);
-static char *def_prompt = "Password:";
+static char *def_prompt = PASSPROMPT;
 static int getpass_error;
 static pam_handle_t *pamh;
 
@@ -300,6 +300,18 @@ sudo_pam_end_session(struct passwd *pw, sudo_auth *auth)
     debug_return_int(status);
 }
 
+#define PROMPT_IS_PASSWORD(_p) \
+    (strncmp((_p), "Password:", 9) == 0 && \
+       ((_p)[9] == '\0' || ((_p)[9] == ' ' && (_p)[10] == '\0')))
+
+#ifdef PAM_TEXT_DOMAIN
+# define PAM_PROMPT_IS_PASSWORD(_p) \
+    (strcmp((_p), dgt(PAM_TEXT_DOMAIN, "Password: ")) == 0 || \
+       strcmp((_p), dgt(PAM_TEXT_DOMAIN, "Password:")) == 0)
+#else
+# define PAM_PROMPT_IS_PASSWORD(_p)    PROMPT_IS_PASSWORD(_p)
+#endif /* PAM_TEXT_DOMAIN */
+
 /*
  * ``Conversation function'' for PAM.
  * XXX - does not handle PAM_BINARY_PROMPT
@@ -312,7 +324,7 @@ converse(int num_msg, PAM_CONST struct pam_message **msg,
     PAM_CONST struct pam_message *pm;
     const char *prompt;
     char *pass;
-    int n, type, std_prompt;
+    int n, type;
     int ret = PAM_AUTH_ERR;
     debug_decl(converse, SUDO_DEBUG_AUTH)
 
@@ -326,29 +338,29 @@ converse(int num_msg, PAM_CONST struct pam_message **msg,
                type = SUDO_CONV_PROMPT_ECHO_ON;
                /* FALLTHROUGH */
            case PAM_PROMPT_ECHO_OFF:
-               prompt = def_prompt;
-
                /* Error out if the last password read was interrupted. */
                if (getpass_error)
                    goto done;
 
-               /* Is the sudo prompt standard? (If so, we'll just use PAM's) */
-               std_prompt =  strncmp(def_prompt, "Password:", 9) == 0 &&
-                   (def_prompt[9] == '\0' ||
-                   (def_prompt[9] == ' ' && def_prompt[10] == '\0'));
-
-               /* Only override PAM prompt if it matches /^Password: ?/ */
-#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_LIBINTL_H)
-               if (!def_passprompt_override && (std_prompt ||
-                   (strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password: ")) &&
-                   strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password:")))))
-                   prompt = pm->msg;
-#else
-               if (!def_passprompt_override && (std_prompt ||
-                   strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
-                   && (pm->msg[9] != ' ' || pm->msg[10] != '\0'))))
-                   prompt = pm->msg;
-#endif
+               /*
+                * We use the PAM prompt in preference to sudo's as long
+                * as passprompt_override is not set and:
+                *  a) the (translated) sudo prompt matches /^Password: ?/
+                * or:
+                *  b) the PAM prompt itself *doesn't* match /^Password: ?/
+                *
+                * The intent is to use the PAM prompt for things like
+                * challenge-response, otherwise use sudo's prompt.
+                * There may also be cases where a localized translation
+                * of "Password: " exists for PAM but not for sudo.
+                */
+               prompt = def_prompt;
+               if (!def_passprompt_override) {
+                   if (PROMPT_IS_PASSWORD(def_prompt))
+                       prompt = pm->msg;
+                   else if (!PAM_PROMPT_IS_PASSWORD(pm->msg))
+                       prompt = pm->msg;
+               }
                /* Read the password unless interrupted. */
                pass = auth_getpass(prompt, def_passwd_timeout * 60, type);
                if (pass == NULL) {

diff --git a/plugins/sudoers/auth/sia.c b/plugins/sudoers/auth/sia.c
index 7df9c09ae9a72296c3d0e4849ca5159799a6cf4d..3223f7429ebcbed1d4aff2b049ce79ae46ec2762 100644 (file)
--- a/plugins/sudoers/auth/sia.c
+++ b/plugins/sudoers/auth/sia.c
@@ -55,6 +55,10 @@ static char *def_prompt;
 static char **sudo_argv;
 static int sudo_argc;
 
+#define PROMPT_IS_PASSWORD(_p) \
+    (strncmp((_p), "Password:", 9) == 0 && \
+       ((_p)[9] == '\0' || ((_p)[9] == ' ' && (_p)[10] == '\0')))
+
 /*
  * Collection routine (callback) for limiting the timeouts in SIA
  * prompts and (possibly) setting a custom prompt.
@@ -77,8 +81,8 @@ sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts,
             * and b) the SIA prompt is "Password:" (so we know it is safe).
             * This keeps us from overwriting things like S/Key challenges.
             */
-           if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
-               strcmp(def_prompt, "Password:") != 0)
+           if (!PROMPT_IS_PASSWORD(def_prompt) &&
+               PROMPT_IS_PASSWORD((char *)prompts[0].prompt))
                prompts[0].prompt = (unsigned char *)def_prompt;
            break;
        default:

diff --git a/plugins/sudoers/po/sudoers.pot b/plugins/sudoers/po/sudoers.pot
index 006c817c3b21b063d1748e5602718670e194a184..8516eaab1ceba3c3de34d9a047db1dc5c3d96303 100644 (file)
--- a/plugins/sudoers/po/sudoers.pot
+++ b/plugins/sudoers/po/sudoers.pot
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sudo 1.8.11\n"
 "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2014-07-30 09:37-0600\n"
+"POT-Creation-Date: 2014-09-25 21:16-0600\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,15 +17,27 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
 
+#: confstr.sh:1
+msgid "syntax error"
+msgstr ""
+
 #: confstr.sh:2
-msgid "Password:"
+msgid "[sudo] password for %p: "
 msgstr ""
 
 #: confstr.sh:3
-msgid "*** SECURITY information for %h ***"
+msgid "%p's password: "
 msgstr ""
 
 #: confstr.sh:4
+msgid "Password: "
+msgstr ""
+
+#: confstr.sh:5
+msgid "*** SECURITY information for %h ***"
+msgstr ""
+
+#: confstr.sh:6
 msgid "Sorry, try again."
 msgstr ""
 
@@ -239,7 +251,7 @@ msgstr ""
 msgid "unknown uid: %u"
 msgstr ""
 
-#: plugins/sudoers/check.c:245 plugins/sudoers/policy.c:671
+#: plugins/sudoers/check.c:245 plugins/sudoers/policy.c:663
 #: plugins/sudoers/sudoers.c:918 plugins/sudoers/testsudoers.c:211
 #: plugins/sudoers/testsudoers.c:363
 #, c-format
@@ -680,8 +692,8 @@ msgstr ""
 
 #: plugins/sudoers/env.c:274 plugins/sudoers/env.c:281
 #: plugins/sudoers/env.c:384 plugins/sudoers/linux_audit.c:89
-#: plugins/sudoers/logging.c:918 plugins/sudoers/policy.c:468
-#: plugins/sudoers/policy.c:477 plugins/sudoers/prompt.c:161
+#: plugins/sudoers/logging.c:918 plugins/sudoers/policy.c:460
+#: plugins/sudoers/policy.c:469 plugins/sudoers/prompt.c:161
 #: plugins/sudoers/sudoers.c:708 plugins/sudoers/testsudoers.c:241
 #: plugins/sudoers/toke_util.c:174
 #, c-format
@@ -692,7 +704,7 @@ msgstr ""
 msgid "sudo_putenv: corrupted envp, length mismatch"
 msgstr ""
 
-#: plugins/sudoers/env.c:1051
+#: plugins/sudoers/env.c:1052
 #, c-format
 msgid ""
 "sorry, you are not allowed to set the following environment variables: %s"
@@ -841,7 +853,7 @@ msgstr ""
 msgid "    Order: %s\n"
 msgstr ""
 
-#: plugins/sudoers/ldap.c:2020 plugins/sudoers/parse.c:506
+#: plugins/sudoers/ldap.c:2020 plugins/sudoers/parse.c:513
 #: plugins/sudoers/sssd.c:1298
 #, c-format
 msgid "    Commands:\n"
@@ -1000,43 +1012,43 @@ msgstr ""
 msgid "digest for %s (%s) is not in %s form"
 msgstr ""
 
-#: plugins/sudoers/parse.c:116
+#: plugins/sudoers/parse.c:123
 #, c-format
 msgid "parse error in %s near line %d"
 msgstr ""
 
-#: plugins/sudoers/parse.c:119
+#: plugins/sudoers/parse.c:126
 #, c-format
 msgid "parse error in %s"
 msgstr ""
 
-#: plugins/sudoers/parse.c:453
+#: plugins/sudoers/parse.c:460
 #, c-format
 msgid ""
 "\n"
 "Sudoers entry:\n"
 msgstr ""
 
-#: plugins/sudoers/parse.c:454
+#: plugins/sudoers/parse.c:461
 #, c-format
 msgid "    RunAsUsers: "
 msgstr ""
 
-#: plugins/sudoers/parse.c:468
+#: plugins/sudoers/parse.c:475
 #, c-format
 msgid "    RunAsGroups: "
 msgstr ""
 
-#: plugins/sudoers/parse.c:477
+#: plugins/sudoers/parse.c:484
 #, c-format
 msgid "    Options: "
 msgstr ""
 
-#: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:118
-#: plugins/sudoers/policy.c:127 plugins/sudoers/policy.c:151
-#: plugins/sudoers/policy.c:267 plugins/sudoers/policy.c:287
-#: plugins/sudoers/policy.c:296 plugins/sudoers/policy.c:326
-#: plugins/sudoers/policy.c:336 plugins/sudoers/policy.c:345
+#: plugins/sudoers/policy.c:108 plugins/sudoers/policy.c:117
+#: plugins/sudoers/policy.c:126 plugins/sudoers/policy.c:150
+#: plugins/sudoers/policy.c:262 plugins/sudoers/policy.c:282
+#: plugins/sudoers/policy.c:291 plugins/sudoers/policy.c:321
+#: plugins/sudoers/policy.c:331 plugins/sudoers/policy.c:340
 #: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704
 #: plugins/sudoers/set_perms.c:1063 plugins/sudoers/set_perms.c:1359
 #: plugins/sudoers/set_perms.c:1523
@@ -1044,39 +1056,39 @@ msgstr ""
 msgid "%s: %s"
 msgstr ""
 
-#: plugins/sudoers/policy.c:559 plugins/sudoers/visudo.c:767
+#: plugins/sudoers/policy.c:551 plugins/sudoers/visudo.c:767
 #, c-format
 msgid "unable to execute %s"
 msgstr ""
 
-#: plugins/sudoers/policy.c:689
+#: plugins/sudoers/policy.c:681
 #, c-format
 msgid "Sudoers policy plugin version %s\n"
 msgstr ""
 
-#: plugins/sudoers/policy.c:691
+#: plugins/sudoers/policy.c:683
 #, c-format
 msgid "Sudoers file grammar version %d\n"
 msgstr ""
 
-#: plugins/sudoers/policy.c:695
+#: plugins/sudoers/policy.c:687
 #, c-format
 msgid ""
 "\n"
 "Sudoers path: %s\n"
 msgstr ""
 
-#: plugins/sudoers/policy.c:698
+#: plugins/sudoers/policy.c:690
 #, c-format
 msgid "nsswitch path: %s\n"
 msgstr ""
 
-#: plugins/sudoers/policy.c:700
+#: plugins/sudoers/policy.c:692
 #, c-format
 msgid "ldap.conf path: %s\n"
 msgstr ""
 
-#: plugins/sudoers/policy.c:701
+#: plugins/sudoers/policy.c:693
 #, c-format
 msgid "ldap.secret path: %s\n"
 msgstr ""
@@ -1185,22 +1197,22 @@ msgstr ""
 msgid "unable to find symbol \"%s\" in %s"
 msgstr ""
 
-#: plugins/sudoers/sudo_nss.c:285
+#: plugins/sudoers/sudo_nss.c:296
 #, c-format
 msgid "Matching Defaults entries for %s on %s:\n"
 msgstr ""
 
-#: plugins/sudoers/sudo_nss.c:298
+#: plugins/sudoers/sudo_nss.c:309
 #, c-format
 msgid "Runas and Command-specific defaults for %s:\n"
 msgstr ""
 
-#: plugins/sudoers/sudo_nss.c:311
+#: plugins/sudoers/sudo_nss.c:322
 #, c-format
 msgid "User %s may run the following commands on %s:\n"
 msgstr ""
 
-#: plugins/sudoers/sudo_nss.c:320
+#: plugins/sudoers/sudo_nss.c:331
 #, c-format
 msgid "User %s is not allowed to run sudo on %s.\n"
 msgstr ""