More verbose error message when a password is required and no terminal

is present.  Bug #828.

NEWS

@@ -17,7 +17,7 @@ What's new in Sudo 1.8.28
 
  * On AIX, when the user's password has expired and PAM is not in use,
    sudo will now allow the user to change their password.
-   Bug #883
+   Bug #883.
 
  * Sudo has a new -B command line option that will ring the terminal
    bell when prompting for a password.
@@ -36,6 +36,12 @@ What's new in Sudo 1.8.28
    nroff utility.  There are now multiple Open Source nroff replacements
    so this should no longer be an issue.
 
+ * Fixed a bad interaction with configure's --prefix and
+   --disable-shared options.  Bug #886.
+
+ * More verbose error message when a password is required and no terminal
+   is present.  Bug #828.
+
 What's new in Sudo 1.8.27
 
  * On HP-UX, sudo will now update the utmps file when running a command

doc/TROUBLESHOOTING

@@ -211,20 +211,21 @@ A) The default user sudo tries to run things as is always root, even if
    would achieve the desired result for the preceding sudoers fragment.
 
 Q) When I try to run sudo via ssh, I get the error:
-    sudo: no tty present and no askpass program specified
-A) If sudo needs to authenticate a user, it needs access to the
-   user's terminal to disable echo and to perform per-terminal
-   access control (for cached credentials).  The above message
-   indicates that sudo was unable to determine the user's terminal.
+    sudo: a terminal is required to read the password; either use the -S
+	  option to read from standard input or configure an askpass helper
+A) If sudo needs to authenticate a user, it requires access to the user's
+   terminal to disable echo so the password is not displayed to the screen.
+   The above message indicates that no terminal was present.
 
    When running a command via ssh, a terminal is not allocated by default
    which can cause this message.  The "-t" option to ssh will force it to
    allocate a tty.  Alternately, you may be able to use the ssh-askpass
    utility to prompt for the password if X11 forwarding is enabled and an
-   askpass program is configured in the sudo.conf file.  If you do not
-   mind your password being echoed to the screen, the "visiblepw" sudoers
-   option will allow the password to be entered even when echo cannot be
-   disabled, though this is not recommended.
+   askpass helper is configured in the sudo.conf file.  If you do not mind
+   your password being echoed to the screen, you may use sudo's -S option
+   to read the password from the standard input.  Alternately, you may set
+   the "visiblepw" sudoers option which will allow the password to be entered
+   even when echo cannot be disabled, though this is not recommended.
 
 Q) When I try to use SSL-enabled LDAP with sudo I get an error:
     unable to initialize SSL cert and key db: security library: bad database.

po/sudo.pot

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: sudo 1.8.28\n"
 "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n"
-"POT-Creation-Date: 2019-07-19 10:39-0600\n"
+"POT-Creation-Date: 2019-07-19 11:51-0600\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -893,7 +893,9 @@ msgid "unable to read password"
 msgstr ""
 
 #: src/tgetpass.c:147
-msgid "no tty present and no askpass program specified"
+msgid ""
+"a terminal is required to read the password; either use the -S option to "
+"read from standard input or configure an askpass helper"
 msgstr ""
 
 #: src/tgetpass.c:157

src/tgetpass.c

@@ -144,7 +144,7 @@ restart:
 	/* If no tty present and we need to disable echo, try askpass. */
 	if (ttyfd == -1 && !ISSET(flags, TGP_ECHO|TGP_NOECHO_TRY)) {
 	    if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) {
-		sudo_warnx(U_("no tty present and no askpass program specified"));
+		sudo_warnx(U_("a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper"));
 		debug_return_str(NULL);
 	    }
 	    SET(flags, TGP_ASKPASS);