Fix visiblepw sudoers option; the plugin API portion still needs documenting

include/sudo_plugin.h

@@ -34,11 +34,12 @@
 
 /* Conversation function types and defines */
 struct sudo_conv_message {
-#define SUDO_CONV_PROMPT_ECHO_OFF	1	/* do not echo user input */
+#define SUDO_CONV_PROMPT_ECHO_OFF   0x0001  /* do not echo user input */
-#define SUDO_CONV_PROMPT_ECHO_ON	2	/* echo user input */
+#define SUDO_CONV_PROMPT_ECHO_ON    0x0002  /* echo user input */
-#define SUDO_CONV_ERROR_MSG		3	/* error message */
+#define SUDO_CONV_ERROR_MSG	    0x0003  /* error message */
-#define SUDO_CONV_INFO_MSG		4	/* informational message */
+#define SUDO_CONV_INFO_MSG	    0x0004  /* informational message */
-#define SUDO_CONV_PROMPT_MASK		5	/* mask user input */
+#define SUDO_CONV_PROMPT_MASK	    0x0005  /* mask user input */
+#define SUDO_CONV_PROMPT_ECHO_OK    0x1000  /* flag: allow echo if no tty */
     int msg_type;
     int timeout;
     const char *msg;

plugins/sudoers/auth/sudo_auth.c

@@ -312,6 +312,10 @@ auth_getpass(const char *prompt, int timeout, int type)
     if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback)
 	type = SUDO_CONV_PROMPT_MASK;
 
+    /* If visiblepw set, do not error out if there is no tty. */
+    if (def_visiblepw)
+	type |= SUDO_CONV_PROMPT_ECHO_OK;
+
     /* Call conversation function */
     memset(&msg, 0, sizeof(msg));
     msg.msg_type = type;

src/conversation.c

@@ -66,7 +66,7 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
     for (n = 0; n < num_msgs; n++) {
 	msg = &msgs[n];
 	repl = &replies[n];
-	switch (msg->msg_type) {
+	switch (msg->msg_type & 0xff) {
 	    case SUDO_CONV_PROMPT_ECHO_ON:
 	    case SUDO_CONV_PROMPT_MASK:
 		if (msg->msg_type == SUDO_CONV_PROMPT_ECHO_ON)
@@ -75,6 +75,8 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
 		    SET(flags, TGP_MASK);
 		/* FALLTHROUGH */
 	    case SUDO_CONV_PROMPT_ECHO_OFF:
+		if (ISSET(msg->msg_type, SUDO_CONV_PROMPT_ECHO_OK))
+		    SET(flags, TGP_NOECHO_TRY);
 		/* Read the password unless interrupted. */
 		pass = tgetpass(msg->msg, msg->timeout, flags);
 		if (pass == NULL)

src/sudo.h

@@ -85,10 +85,12 @@
 /*
  * Flags for tgetpass()
  */
+#define TGP_NOECHO	0x00		/* turn echo off reading pw (default) */
 #define TGP_ECHO	0x01		/* leave echo on when reading passwd */
 #define TGP_STDIN	0x02		/* read from stdin, not /dev/tty */
 #define TGP_ASKPASS	0x04		/* read from askpass helper program */
 #define TGP_MASK	0x08		/* mask user input when reading */
+#define TGP_NOECHO_TRY	0x10		/* turn off echo if possible */
 
 struct user_details {
     uid_t uid;

src/tgetpass.c

@@ -92,7 +92,8 @@ tgetpass(const char *prompt, int timeout, int flags)
     }
 
     /* If no tty present and we need to disable echo, try askpass. */
-    if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS) && !tty_present()) {
+    if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
+	!tty_present()) {
 	if (askpass == NULL || getenv("DISPLAY") == NULL) {
 	    warningx("no tty present and no askpass program specified");
 	    return(NULL);