isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More verbose error message when a password is required and no terminal

Browse Source 
is present.  Bug #828.
This commit is contained in:
Todd C. Miller
2019-07-19 11:51:20 -06:00
parent 3c825e298d
commit 15db0c3f82
4 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
NEWS
View File

@@ -17,7 +17,7 @@ What's new in Sudo 1.8.28
* On AIX, when the user's password has expired and PAM is not in use, * On AIX, when the user's password has expired and PAM is not in use,
sudo will now allow the user to change their password. sudo will now allow the user to change their password.
Bug #883 Bug #883.
* Sudo has a new -B command line option that will ring the terminal * Sudo has a new -B command line option that will ring the terminal
bell when prompting for a password. bell when prompting for a password.
@@ -36,6 +36,12 @@ What's new in Sudo 1.8.28
nroff utility. There are now multiple Open Source nroff replacements nroff utility. There are now multiple Open Source nroff replacements
so this should no longer be an issue. so this should no longer be an issue.
* Fixed a bad interaction with configure's --prefix and
--disable-shared options. Bug #886.
* More verbose error message when a password is required and no terminal
is present. Bug #828.
What's new in Sudo 1.8.27 What's new in Sudo 1.8.27
* On HP-UX, sudo will now update the utmps file when running a command * On HP-UX, sudo will now update the utmps file when running a command

19
doc/TROUBLESHOOTING
View File

@@ -211,20 +211,21 @@ A) The default user sudo tries to run things as is always root, even if
would achieve the desired result for the preceding sudoers fragment. would achieve the desired result for the preceding sudoers fragment.
Q) When I try to run sudo via ssh, I get the error: Q) When I try to run sudo via ssh, I get the error:
sudo: no tty present and no askpass program specified sudo: a terminal is required to read the password; either use the -S
A) If sudo needs to authenticate a user, it needs access to the option to read from standard input or configure an askpass helper
user's terminal to disable echo and to perform per-terminal A) If sudo needs to authenticate a user, it requires access to the user's
access control (for cached credentials). The above message terminal to disable echo so the password is not displayed to the screen.
indicates that sudo was unable to determine the user's terminal. The above message indicates that no terminal was present.
When running a command via ssh, a terminal is not allocated by default When running a command via ssh, a terminal is not allocated by default
which can cause this message. The "-t" option to ssh will force it to which can cause this message. The "-t" option to ssh will force it to
allocate a tty. Alternately, you may be able to use the ssh-askpass allocate a tty. Alternately, you may be able to use the ssh-askpass
utility to prompt for the password if X11 forwarding is enabled and an utility to prompt for the password if X11 forwarding is enabled and an
askpass program is configured in the sudo.conf file. If you do not askpass helper is configured in the sudo.conf file. If you do not mind
mind your password being echoed to the screen, the "visiblepw" sudoers your password being echoed to the screen, you may use sudo's -S option
option will allow the password to be entered even when echo cannot be to read the password from the standard input. Alternately, you may set
disabled, though this is not recommended. the "visiblepw" sudoers option which will allow the password to be entered
even when echo cannot be disabled, though this is not recommended.
Q) When I try to use SSL-enabled LDAP with sudo I get an error: Q) When I try to use SSL-enabled LDAP with sudo I get an error:
unable to initialize SSL cert and key db: security library: bad database. unable to initialize SSL cert and key db: security library: bad database.

6
po/sudo.pot
View File

@@ -7,7 +7,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: sudo 1.8.28\n" "Project-Id-Version: sudo 1.8.28\n"
"Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n"
"POT-Creation-Date: 2019-07-19 10:39-0600\n" "POT-Creation-Date: 2019-07-19 11:51-0600\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -893,7 +893,9 @@ msgid "unable to read password"
msgstr "" msgstr ""
#: src/tgetpass.c:147 #: src/tgetpass.c:147
msgid "no tty present and no askpass program specified" msgid ""
"a terminal is required to read the password; either use the -S option to "
"read from standard input or configure an askpass helper"
msgstr "" msgstr ""
#: src/tgetpass.c:157 #: src/tgetpass.c:157

2
src/tgetpass.c
View File

@@ -144,7 +144,7 @@ restart:
/* If no tty present and we need to disable echo, try askpass. */ /* If no tty present and we need to disable echo, try askpass. */
if (ttyfd == -1 && !ISSET(flags, TGP_ECHO|TGP_NOECHO_TRY)) { if (ttyfd == -1 && !ISSET(flags, TGP_ECHO|TGP_NOECHO_TRY)) {
if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) { if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) {
sudo_warnx(U_("no tty present and no askpass program specified")); sudo_warnx(U_("a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper"));
debug_return_str(NULL); debug_return_str(NULL);
} }
SET(flags, TGP_ASKPASS); SET(flags, TGP_ASKPASS);