This prevents the password and PAM prompts from being redirected.
Bug #895
if (result != 0) {
/* Display error message, if any. */
if (sudo_aix_valid_message(message))
- sudo_printf(SUDO_CONV_ERROR_MSG, "%s", message);
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
+ "%s", message);
ret = pass ? AUTH_FAILURE : AUTH_INTR;
}
free(message);
if (ret == AUTH_SUCCESS) {
result = passwdexpired(pw->pw_name, &message);
if (message != NULL && message[0] != '\0') {
- sudo_printf(result ? SUDO_CONV_ERROR_MSG : SUDO_CONV_INFO_MSG,
- "%s", message);
+ int msg_type = SUDO_CONV_PREFER_TTY;
+ msg_type |= result ? SUDO_CONV_ERROR_MSG : SUDO_CONV_INFO_MSG,
+ sudo_printf(msg_type, "%s", message);
free(message);
message = NULL;
}
* sure that we didn't get spoofed by another DCE server.
*/
if (!sec_login_certify_identity(login_context, &status)) {
- sudo_printf(SUDO_CONV_ERROR_MSG,
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Whoa! Bogus authentication server!\n");
(void) check_dce_status(status,"sec_login_certify_identity(1):");
debug_return_int(AUTH_FAILURE);
* DCE client and DCE security server...
*/
if (auth_src != sec_login_auth_src_network) {
- sudo_printf(SUDO_CONV_ERROR_MSG,
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"You have no network credentials.\n");
debug_return_int(AUTH_FAILURE);
}
/* Check if the password has aged and is thus no good */
if (reset_passwd) {
- sudo_printf(SUDO_CONV_ERROR_MSG,
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Your DCE password needs resetting.\n");
debug_return_int(AUTH_FAILURE);
}
if (input_status == rpc_s_ok)
debug_return_int(0);
dce_error_inq_text(input_status, error_string, &error_stat);
- sudo_printf(SUDO_CONV_ERROR_MSG, "%s %s\n", comment, error_string);
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
+ "%s %s\n", comment, error_string);
debug_return_int(1);
}
} else if (strncmp(resp, "password", 8) == 0) {
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
} else if (strncmp(resp, "display ", 8) == 0) {
- sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]);
+ sudo_printf(SUDO_CONV_INFO_MSG|SUDO_CONV_PREFER_TTY, "%s\n", &resp[8]);
strlcpy(buf, "response dummy", sizeof(buf));
goto restart;
} else {
break;
case PAM_TEXT_INFO:
if (pm->msg != NULL && !is_filtered(pm->msg))
- sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", pm->msg);
+ sudo_printf(SUDO_CONV_INFO_MSG|SUDO_CONV_PREFER_TTY,
+ "%s\n", pm->msg);
break;
case PAM_ERROR_MSG:
if (pm->msg != NULL)
- sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", pm->msg);
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
+ "%s\n", pm->msg);
break;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
*/
/* XXX - Is setting up a new PIN within sudo's scope? */
SD_Pin(*sd, "");
- sudo_printf(SUDO_CONV_ERROR_MSG,
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Your SecurID access has not yet been set up.\n");
- sudo_printf(SUDO_CONV_ERROR_MSG,
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY,
"Please set up a PIN before you try to authenticate.\n");
ret = AUTH_FATAL;
break;
if (def_insults)
warning = INSULT;
#endif
- sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", warning);
+ sudo_printf(SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY, "%s\n", warning);
debug_return;
}
if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
while ((nread = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) != 0) {
buf[nread] = '\0';
- msg.msg_type = SUDO_CONV_ERROR_MSG;
+ msg.msg_type = SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY;
msg.msg = buf;
sudo_conv(1, &msg, &repl, NULL);
}
fclose(fp);
} else {
- msg.msg_type = SUDO_CONV_ERROR_MSG;
+ msg.msg_type = SUDO_CONV_ERROR_MSG|SUDO_CONV_PREFER_TTY;
msg.msg = _("\n"
"We trust you have received the usual lecture from the local System\n"
"Administrator. It usually boils down to these three things:\n\n"
#include "sudo_compat.h"
#include "sudo_plugin.h"
#include "sudo_debug.h"
+#include "pathnames.h"
static int
sudo_printf_int(int msg_type, const char *fmt, ...)
{
+ FILE *fp = stdout;
+ FILE *ttyfp = NULL;
va_list ap;
int len;
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- va_start(ap, fmt);
- len = vfprintf(stdout, fmt, ap);
- va_end(ap);
- break;
+ if (ISSET(msg_type, SUDO_CONV_PREFER_TTY)) {
+ /* Try writing to /dev/tty first. */
+ ttyfp = fopen(_PATH_TTY, "w");
+ }
+
+ switch (msg_type & 0xff) {
case SUDO_CONV_ERROR_MSG:
+ fp = stderr;
+ /* FALLTHROUGH */
+ case SUDO_CONV_INFO_MSG:
va_start(ap, fmt);
- len = vfprintf(stderr, fmt, ap);
+ len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
va_end(ap);
break;
default:
break;
}
+ if (ttyfp != NULL)
+ fclose(ttyfp);
+
return len;
}
int
sudo_conversation_printf(int msg_type, const char *fmt, ...)
{
+ FILE *fp = stdout;
+ FILE *ttyfp = NULL;
va_list ap;
int len;
const int conv_debug_instance = sudo_debug_get_active_instance();
sudo_debug_set_active_instance(sudo_debug_instance);
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- va_start(ap, fmt);
- len = vfprintf(stdout, fmt, ap);
- va_end(ap);
- break;
+ if (ISSET(msg_type, SUDO_CONV_PREFER_TTY)) {
+ /* Try writing to /dev/tty first. */
+ ttyfp = fopen(_PATH_TTY, "w");
+ }
+
+ switch (msg_type & 0xff) {
case SUDO_CONV_ERROR_MSG:
+ fp = stderr;
+ /* FALLTHROUGH */
+ case SUDO_CONV_INFO_MSG:
va_start(ap, fmt);
- len = vfprintf(stderr, fmt, ap);
+ len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
va_end(ap);
break;
default:
break;
}
+ if (ttyfp != NULL)
+ fclose(ttyfp);
+
sudo_debug_set_active_instance(conv_debug_instance);
return len;
}