isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SUDO_CONV_PROMPT_MASK define which corresponds to the "pwfeedback"

Browse Source 
sudoers option.  Do not disable echo if TGP_ECHO is set.
This commit is contained in:
Todd C. Miller
2010-06-09 10:31:05 -04:00
parent 51f70f2040
commit a4a6620b24
8 changed files with 55 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
doc/sudo_plugin.cat
View File

@@ -61,7 +61,7 @@ SSuuddoo PPlluuggiinn AAPPII
1.8.0a1 May 27, 2010 1 1.8.0a2 June 9, 2010 1
@@ -127,7 +127,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 2 1.8.0a2 June 9, 2010 2
@@ -193,7 +193,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 3 1.8.0a2 June 9, 2010 3
@@ -259,7 +259,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 4 1.8.0a2 June 9, 2010 4
@@ -325,7 +325,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 5 1.8.0a2 June 9, 2010 5
@@ -391,7 +391,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 6 1.8.0a2 June 9, 2010 6
@@ -457,7 +457,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 7 1.8.0a2 June 9, 2010 7
@@ -523,7 +523,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 8 1.8.0a2 June 9, 2010 8
@@ -589,7 +589,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 9 1.8.0a2 June 9, 2010 9
@@ -641,21 +641,21 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
convenient for simple messages where no use input is required. convenient for simple messages where no use input is required.
struct sudo_conv_message { struct sudo_conv_message {
#define SUDO_CONV_PROMPT_ECHO_OFF 1 #define SUDO_CONV_PROMPT_ECHO_OFF 1 /* do not echo user input */
#define SUDO_CONV_PROMPT_ECHO_ON 2 #define SUDO_CONV_PROMPT_ECHO_ON 2 /* echo user input */
#define SUDO_CONV_ERROR_MSG 3 #define SUDO_CONV_ERROR_MSG 3 /* error message */
#define SUDO_CONV_INFO_MSG 4 #define SUDO_CONV_INFO_MSG 4 /* informational message */
#define SUDO_CONV_PROMPT_MASK 5 /* mask user input */
int msg_type; int msg_type;
int timeout; int timeout;
const char *msg; const char *msg;
}; };
struct sudo_conv_reply { struct sudo_conv_reply {
char *reply;
1.8.0a1 May 27, 2010 10 1.8.0a2 June 9, 2010 10
@@ -664,6 +664,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
char *reply;
}; };
typedef int (*sudo_conv_t)(int num_msgs, typedef int (*sudo_conv_t)(int num_msgs,
@@ -717,11 +718,10 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
The log_ttyin function receives the raw user input from the terminal The log_ttyin function receives the raw user input from the terminal
device (note that this will include input even when echo is disabled, device (note that this will include input even when echo is disabled,
such as when a password is read). The log_ttyout function receives such as when a password is read). The log_ttyout function receives
output from the pseudo-tty that is suitable for replaying the user's
1.8.0a1 May 27, 2010 11 1.8.0a2 June 9, 2010 11
@@ -730,6 +730,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
output from the pseudo-tty that is suitable for replaying the user's
session at a later time. The log_stdin, log_stdout and log_stderr session at a later time. The log_stdin, log_stdout and log_stderr
functions are only called if the standard input, standard output or functions are only called if the standard input, standard output or
standard error respectively correspond to something other than a tty. standard error respectively correspond to something other than a tty.
@@ -786,8 +787,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a2 June 9, 2010 12
1.8.0a1 May 27, 2010 12
@@ -853,7 +853,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 13 1.8.0a2 June 9, 2010 13
@@ -919,7 +919,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 14 1.8.0a2 June 9, 2010 14
@@ -985,7 +985,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 15 1.8.0a2 June 9, 2010 15
@@ -1051,6 +1051,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a1 May 27, 2010 16 1.8.0a2 June 9, 2010 16

13
doc/sudo_plugin.man.in
View File

@@ -139,7 +139,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO_PLUGIN @mansectsu@" .IX Title "SUDO_PLUGIN @mansectsu@"
.TH SUDO_PLUGIN @mansectsu@ "May 27, 2010" "1.8.0a1" "MAINTENANCE COMMANDS" .TH SUDO_PLUGIN @mansectsu@ "June 9, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -711,12 +711,13 @@ A printf-style function is also available that can be used to display
informational or error messages to the user, which is usually more informational or error messages to the user, which is usually more
convenient for simple messages where no use input is required. convenient for simple messages where no use input is required.
.PP .PP
.Vb 9 .Vb 10
\& struct sudo_conv_message { \& struct sudo_conv_message {
\& #define SUDO_CONV_PROMPT_ECHO_OFF 1 \& #define SUDO_CONV_PROMPT_ECHO_OFF 1 /* do not echo user input */
\& #define SUDO_CONV_PROMPT_ECHO_ON 2 \& #define SUDO_CONV_PROMPT_ECHO_ON 2 /* echo user input */
\& #define SUDO_CONV_ERROR_MSG 3 \& #define SUDO_CONV_ERROR_MSG 3 /* error message */
\& #define SUDO_CONV_INFO_MSG 4 \& #define SUDO_CONV_INFO_MSG 4 /* informational message */
\& #define SUDO_CONV_PROMPT_MASK 5 /* mask user input */
\& int msg_type; \& int msg_type;
\& int timeout; \& int timeout;
\& const char *msg; \& const char *msg;

9
doc/sudo_plugin.pod
View File

@@ -641,10 +641,11 @@ informational or error messages to the user, which is usually more
convenient for simple messages where no use input is required. convenient for simple messages where no use input is required.
struct sudo_conv_message { struct sudo_conv_message {
#define SUDO_CONV_PROMPT_ECHO_OFF 1 #define SUDO_CONV_PROMPT_ECHO_OFF 1 /* do not echo user input */
#define SUDO_CONV_PROMPT_ECHO_ON 2 #define SUDO_CONV_PROMPT_ECHO_ON 2 /* echo user input */
#define SUDO_CONV_ERROR_MSG 3 #define SUDO_CONV_ERROR_MSG 3 /* error message */
#define SUDO_CONV_INFO_MSG 4 #define SUDO_CONV_INFO_MSG 4 /* informational message */
#define SUDO_CONV_PROMPT_MASK 5 /* mask user input */
int msg_type; int msg_type;
int timeout; int timeout;
const char *msg; const char *msg;

9
include/sudo_plugin.h
View File

@@ -34,10 +34,11 @@
/* Conversation function types and defines */ /* Conversation function types and defines */
struct sudo_conv_message { struct sudo_conv_message {
#define SUDO_CONV_PROMPT_ECHO_OFF 1 #define SUDO_CONV_PROMPT_ECHO_OFF 1 /* do not echo user input */
#define SUDO_CONV_PROMPT_ECHO_ON 2 #define SUDO_CONV_PROMPT_ECHO_ON 2 /* echo user input */
#define SUDO_CONV_ERROR_MSG 3 #define SUDO_CONV_ERROR_MSG 3 /* error message */
#define SUDO_CONV_INFO_MSG 4 #define SUDO_CONV_INFO_MSG 4 /* informational message */
#define SUDO_CONV_PROMPT_MASK 5 /* mask user input */
int msg_type; int msg_type;
int timeout; int timeout;
const char *msg; const char *msg;

6
plugins/sudoers/auth/sudo_auth.c
View File

@@ -308,9 +308,13 @@ auth_getpass(const char *prompt, int timeout, int type)
struct sudo_conv_message msg; struct sudo_conv_message msg;
struct sudo_conv_reply repl; struct sudo_conv_reply repl;
/* Mask user input if pwfeedback set and echo is off. */
if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback)
type = SUDO_CONV_PROMPT_MASK;
/* Call conversation function */ /* Call conversation function */
memset(&msg, 0, sizeof(msg)); memset(&msg, 0, sizeof(msg));
msg.msg_type = SUDO_CONV_PROMPT_ECHO_OFF; msg.msg_type = type;
msg.timeout = def_passwd_timeout * 60; msg.timeout = def_passwd_timeout * 60;
msg.msg = prompt; msg.msg = prompt;
memset(&repl, 0, sizeof(repl)); memset(&repl, 0, sizeof(repl));

5
src/conversation.c
View File

@@ -68,7 +68,12 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
repl = &replies[n]; repl = &replies[n];
switch (msg->msg_type) { switch (msg->msg_type) {
case SUDO_CONV_PROMPT_ECHO_ON: case SUDO_CONV_PROMPT_ECHO_ON:
case SUDO_CONV_PROMPT_MASK:
if (msg->msg_type == SUDO_CONV_PROMPT_ECHO_ON)
SET(flags, TGP_ECHO); SET(flags, TGP_ECHO);
else
SET(flags, TGP_MASK);
/* FALLTHROUGH */
case SUDO_CONV_PROMPT_ECHO_OFF: case SUDO_CONV_PROMPT_ECHO_OFF:
/* Read the password unless interrupted. */ /* Read the password unless interrupted. */
pass = tgetpass(msg->msg, msg->timeout, flags); pass = tgetpass(msg->msg, msg->timeout, flags);

2
src/sudo.h
View File

@@ -88,7 +88,7 @@
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ #define TGP_ECHO 0x01 /* leave echo on when reading passwd */
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
#define TGP_ASKPASS 0x04 /* read from askpass helper program */ #define TGP_ASKPASS 0x04 /* read from askpass helper program */
#define TGP_FEEDBACK 0x08 /* visual feedback during input */ #define TGP_MASK 0x08 /* mask user input when reading */
struct user_details { struct user_details {
uid_t uid; uid_t uid;

6
src/tgetpass.c
View File

@@ -120,9 +120,9 @@ restart:
* If we are using a tty but are not the foreground pgrp this will * If we are using a tty but are not the foreground pgrp this will
* generate SIGTTOU, so do it *before* installing the signal handlers. * generate SIGTTOU, so do it *before* installing the signal handlers.
*/ */
if (ISSET(flags, TGP_FEEDBACK)) if (ISSET(flags, TGP_MASK))
neednl = term_cbreak(input); neednl = term_cbreak(input);
else else if (!ISSET(flags, TGP_ECHO))
neednl = term_noecho(input); neednl = term_noecho(input);
/* /*
@@ -147,7 +147,7 @@ restart:
if (timeout > 0) if (timeout > 0)
alarm(timeout); alarm(timeout);
pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_FEEDBACK)); pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK));
alarm(0); alarm(0);
save_errno = errno; save_errno = errno;