Add passprompt_override flag to sudoers that will cause the prompt

to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.

diff --git a/auth/pam.c b/auth/pam.c
index c284770614e8ad6d07db5f3b87502ea28431275c..b539b1ff25a9c1fc7081e62079b3a4da56f12d30 100644 (file)
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -271,14 +271,14 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
                prompt = def_prompt;
                /* Only override PAM prompt if it matches /^Password: ?/ */
 #if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
-               if (std_prompt ||
+               if (!def_passprompt_override && (std_prompt ||
                    (strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
-                   strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:"))))
+                   strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:")))))
                    prompt = pm->msg;
 #else
-               if (std_prompt ||
+               if (!def_passprompt_override && (std_prompt ||
                    strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
-                   && (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
+                   && (pm->msg[9] != ' ' || pm->msg[10] != '\0'))))
                    prompt = pm->msg;
 #endif
                /* Read the password. */

diff --git a/def_data.c b/def_data.c
index ce7c424fb5815fdbba786850e19b4df7c78428ff..a491266e1a78ed365df1f129c4dd4a5e046dcc52 100644 (file)
--- a/def_data.c
+++ b/def_data.c
@@ -210,11 +210,14 @@ struct sudo_defs_types sudo_defs_table[] = {
        "passprompt", T_STR,
        "Default password prompt: %s",
        NULL,
+    }, {
+       "passprompt_override", T_FLAG,
+       "If set, passprompt will override system prompt in all cases.",
+       NULL,
     }, {
        "runas_default", T_STR,
        "Default user to run commands as: %s",
        NULL,
-       set_runaspw,
     }, {
        "secure_path", T_STR|T_BOOL,
        "Value to override user's $PATH with: %s",

diff --git a/def_data.h b/def_data.h
index 9848437cbef02f20f69b43ee261df802704481f6..6d636360e7d5969c9395993d65c5458e9102015d 100644 (file)
--- a/def_data.h
+++ b/def_data.h
@@ -92,36 +92,38 @@
 #define I_EXEMPT_GROUP          45
 #define def_passprompt          (sudo_defs_table[46].sd_un.str)
 #define I_PASSPROMPT            46
-#define def_runas_default       (sudo_defs_table[47].sd_un.str)
-#define I_RUNAS_DEFAULT         47
-#define def_secure_path         (sudo_defs_table[48].sd_un.str)
-#define I_SECURE_PATH           48
-#define def_editor              (sudo_defs_table[49].sd_un.str)
-#define I_EDITOR                49
-#define def_listpw              (sudo_defs_table[50].sd_un.tuple)
-#define I_LISTPW                50
-#define def_verifypw            (sudo_defs_table[51].sd_un.tuple)
-#define I_VERIFYPW              51
-#define def_noexec              (sudo_defs_table[52].sd_un.flag)
-#define I_NOEXEC                52
-#define def_noexec_file         (sudo_defs_table[53].sd_un.str)
-#define I_NOEXEC_FILE           53
-#define def_ignore_local_sudoers (sudo_defs_table[54].sd_un.flag)
-#define I_IGNORE_LOCAL_SUDOERS  54
-#define def_closefrom           (sudo_defs_table[55].sd_un.ival)
-#define I_CLOSEFROM             55
-#define def_closefrom_override  (sudo_defs_table[56].sd_un.flag)
-#define I_CLOSEFROM_OVERRIDE    56
-#define def_setenv              (sudo_defs_table[57].sd_un.flag)
-#define I_SETENV                57
-#define def_env_reset           (sudo_defs_table[58].sd_un.flag)
-#define I_ENV_RESET             58
-#define def_env_check           (sudo_defs_table[59].sd_un.list)
-#define I_ENV_CHECK             59
-#define def_env_delete          (sudo_defs_table[60].sd_un.list)
-#define I_ENV_DELETE            60
-#define def_env_keep            (sudo_defs_table[61].sd_un.list)
-#define I_ENV_KEEP              61
+#define def_passprompt_override (sudo_defs_table[47].sd_un.flag)
+#define I_PASSPROMPT_OVERRIDE   47
+#define def_runas_default       (sudo_defs_table[48].sd_un.str)
+#define I_RUNAS_DEFAULT         48
+#define def_secure_path         (sudo_defs_table[49].sd_un.str)
+#define I_SECURE_PATH           49
+#define def_editor              (sudo_defs_table[50].sd_un.str)
+#define I_EDITOR                50
+#define def_listpw              (sudo_defs_table[51].sd_un.tuple)
+#define I_LISTPW                51
+#define def_verifypw            (sudo_defs_table[52].sd_un.tuple)
+#define I_VERIFYPW              52
+#define def_noexec              (sudo_defs_table[53].sd_un.flag)
+#define I_NOEXEC                53
+#define def_noexec_file         (sudo_defs_table[54].sd_un.str)
+#define I_NOEXEC_FILE           54
+#define def_ignore_local_sudoers (sudo_defs_table[55].sd_un.flag)
+#define I_IGNORE_LOCAL_SUDOERS  55
+#define def_closefrom           (sudo_defs_table[56].sd_un.ival)
+#define I_CLOSEFROM             56
+#define def_closefrom_override  (sudo_defs_table[57].sd_un.flag)
+#define I_CLOSEFROM_OVERRIDE    57
+#define def_setenv              (sudo_defs_table[58].sd_un.flag)
+#define I_SETENV                58
+#define def_env_reset           (sudo_defs_table[59].sd_un.flag)
+#define I_ENV_RESET             59
+#define def_env_check           (sudo_defs_table[60].sd_un.list)
+#define I_ENV_CHECK             60
+#define def_env_delete          (sudo_defs_table[61].sd_un.list)
+#define I_ENV_DELETE            61
+#define def_env_keep            (sudo_defs_table[62].sd_un.list)
+#define I_ENV_KEEP              62
 
 enum def_tupple {
        never,

diff --git a/def_data.in b/def_data.in
index c03a0f03488d5ac991737d5e856d9e76cb4a55b9..83b6433713d5bf8650b1bff0a4590f942e573982 100644 (file)
--- a/def_data.in
+++ b/def_data.in
@@ -152,6 +152,9 @@ exempt_group
 passprompt
        T_STR
        "Default password prompt: %s"
+passprompt_override
+       T_FLAG
+       "If set, passprompt will override system prompt in all cases."
 runas_default
        T_STR
        "Default user to run commands as: %s"

diff --git a/sudo.c b/sudo.c
index 8a89ca8c32c22c1837491a0b32801cb51ead3252..e174ff8d3fbb96322b95d153261eeab1ce304a4d 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -789,6 +789,7 @@ parse_args(argc, argv)
                        usage(1);
 
                    user_prompt = NewArgv[1];
+                   def_passprompt_override = TRUE;
 
                    NewArgc--;
                    NewArgv++;

diff --git a/sudo.pod b/sudo.pod
index e8636b09c9d780228e717249f4f94bc8f2fb6575..b6e060266c325c64a461f4474c00549924d40871 100644 (file)
--- a/sudo.pod
+++ b/sudo.pod
@@ -280,6 +280,10 @@ two consecutive C<%> characters are collapsed into a single C<%> character
 
 =back
 
+The prompt specified by the B<-p> option will override the system
+password prompt on systems that support PAM unless the
+I<passprompt_override> flag is disabled in I<sudoers>.
+
 =item -S
 
 The B<-S> (I<stdin>) option causes B<sudo> to read the password from

diff --git a/sudoers.pod b/sudoers.pod
index 918fde1b530af3cbcaf8f479a3b8211392319b23..09f51c6ba56a5271fca2a90136604dff1299331f 100644 (file)
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -632,6 +632,13 @@ the user's C<PATH>, B<sudo> will tell the user that they are not
 allowed to run it, which can be confusing.  This flag is I<@path_info@>
 by default.
 
+=item passprompt_override
+
+The password prompt specified by I<passprompt> will normally only
+be used if the passwod prompt provided by systems such as PAM matches
+the string "Password:".  If I<passprompt_override> is set, I<passprompt>
+will always be used.  This flag is I<off> by default.
+
 =item preserve_groups
 
 By default B<sudo> will initialize the group vector to the list of