Bug 126

Summary: Linux support for FWTK and SECURID prompts
Product: Sudo Reporter: James Ault <aultj>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: aultj
Priority: normal    
Version: 1.6.7   
Hardware: PC   
OS: Linux   

Description James Ault 2004-01-15 09:31:20 MST 
When building sudo 1.6.7p5 on redhat 9 to talk over
FWTK protocol to a FWTK server that will eventually prompt for a SECURID
passcode, there is a small fix that needs to be made:

Behavior of unpatched sudo 1.6.7p5 from source:
bash$ /usr/local/bin/sudo-fwtk bash
/usr/local/bin/sudo-fwtk: chalnecho Enter PASSCODE: 
bash$ 

This does not even prompt the user for a passcode or allow the user to type
anything. 

Here is a patch that solves the problem for us:

-----
diff -rc sudo-1.6.7p5/auth/fwtk.c sudo-1.6.7p5.ORIG/auth/fwtk.c
*** sudo-1.6.7p5/auth/fwtk.c    2004-01-14 13:15:49.000000000 -0500
--- sudo-1.6.7p5.ORIG/auth/fwtk.c       2004-01-14 12:59:28.000000000 -0500
***************
*** 136,142 ****
        }
      } else if (strncmp(resp, "chalnecho ",10) == 0) {
          (void) snprintf(buf, sizeof(buf), "%s ", &resp[10]);
!         pass = tgetpass(buf, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
      } else if (strncmp(resp, "password", 8) == 0) {
        pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60,
            tgetpass_flags);
--- 136,142 ----
        }
      } else if (strncmp(resp, "chalnecho ",10) == 0) {
          (void) snprintf(buf, sizeof(buf), "%s ", &resp[10]);
!         pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags);
      } else if (strncmp(resp, "password", 8) == 0) {
        pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60,
            tgetpass_flags);
----------

We are not sure if this needs to be surrounded with ifdef linux, but we would 
greatly appreciate it if this small change could be incorporated into the 
base source code.  Thanks. 

-Jim Ault   aultj@despammed.com
Comment 1 Todd C. Miller 2004-01-15 13:11:59 MST 
The output you quote is due to the fact that auth/fwtk.c only suports fwtk 1.2 
and below.  As such, the "chalnecho" response is not dealt with.  I'll update 
sudo to accept the new responses introduced with fwtk 2.0 in the next sudo 
release.