Use the SUDO_CONV_PREFER_TTY flag during authentication.

This prevents the password and PAM prompts from being redirected.
Bug #895

src/conversation.c

@@ -140,21 +140,26 @@ sudo_conversation_1_7(int num_msgs, const struct sudo_conv_message msgs[],
 int
 sudo_conversation_printf(int msg_type, const char *fmt, ...)
 {
+    FILE *fp = stdout;
+    FILE *ttyfp = NULL;
     va_list ap;
     int len;
     const int conv_debug_instance = sudo_debug_get_active_instance();
 
     sudo_debug_set_active_instance(sudo_debug_instance);
 
-    switch (msg_type) {
+    if (ISSET(msg_type, SUDO_CONV_PREFER_TTY)) {
+	/* Try writing to /dev/tty first. */
+	ttyfp = fopen(_PATH_TTY, "w");
+    }
+
+    switch (msg_type & 0xff) {
+    case SUDO_CONV_ERROR_MSG:
+	fp = stderr;
+	/* FALLTHROUGH */
     case SUDO_CONV_INFO_MSG:
 	va_start(ap, fmt);
-	len = vfprintf(stdout, fmt, ap);
-	va_end(ap);
-	break;
-    case SUDO_CONV_ERROR_MSG:
-	va_start(ap, fmt);
-	len = vfprintf(stderr, fmt, ap);
+	len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
 	va_end(ap);
 	break;
     default:
@@ -163,6 +168,9 @@ sudo_conversation_printf(int msg_type, const char *fmt, ...)
 	break;
     }
 
+    if (ttyfp != NULL)
+	fclose(ttyfp);
+
     sudo_debug_set_active_instance(conv_debug_instance);
     return len;
 }