Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled.

This was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which
resulted in a masked password instead of an echoed one.

src/conversation.c

@@ -45,28 +45,28 @@ int
 sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
     struct sudo_conv_reply replies[], struct sudo_conv_callback *callback)
 {
-    struct sudo_conv_reply *repl;
-    const struct sudo_conv_message *msg;
     char *pass;
-    int n, flags = tgetpass_flags;
+    int n;
     const int conv_debug_instance = sudo_debug_get_active_instance();
 
     sudo_debug_set_active_instance(sudo_debug_instance);
 
     for (n = 0; n < num_msgs; n++) {
-	msg = &msgs[n];
-	repl = &replies[n];
+	const struct sudo_conv_message *msg = &msgs[n];
+	struct sudo_conv_reply *repl = &replies[n];
+	int flags = tgetpass_flags;
+
 	switch (msg->msg_type & 0xff) {
 	    case SUDO_CONV_PROMPT_ECHO_ON:
-	    case SUDO_CONV_PROMPT_MASK:
-		if (msg->msg_type == SUDO_CONV_PROMPT_ECHO_ON)
 		SET(flags, TGP_ECHO);
-		else
+		goto read_pass;
+	    case SUDO_CONV_PROMPT_MASK:
 		SET(flags, TGP_MASK);
 		/* FALLTHROUGH */
 	    case SUDO_CONV_PROMPT_ECHO_OFF:
 		if (ISSET(msg->msg_type, SUDO_CONV_PROMPT_ECHO_OK))
 		    SET(flags, TGP_NOECHO_TRY);
+	    read_pass:
 		/* Read the password unless interrupted. */
 		pass = tgetpass(msg->msg, msg->timeout, flags, callback);
 		if (pass == NULL)
@@ -96,7 +96,7 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
 err:
     /* Zero and free allocated memory and return an error. */
     do {
-	repl = &replies[n];
+	struct sudo_conv_reply *repl = &replies[n];
 	if (repl->reply != NULL) {
 	    memset_s(repl->reply, SUDO_CONV_REPL_MAX, 0, strlen(repl->reply));
 	    free(repl->reply);