Bug 180

Summary: sudo does not respect -p or $SUDO_PROMPT if PAM prompt is non-standard
Product: Sudo Reporter: Jeff Layton <jtlayton>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: martin.pitt, michael.vogt
Priority: normal    
Version: 1.6.8   
Hardware: PC   
OS: Linux   
Attachments: patch -- don't use PAM prompt if user_prompt is set.
pach that implements a append-prompt mode

Description Jeff Layton 2005-05-15 07:55:34 MDT 
sudo does not respect the -p or $SUDO_PROMPT options if the PAM prompt does not
match 'Password :'. This does not seem to be correct behavior -- you ought to be
able to override it regardless of whether it's standard or not.

This also breaks certain tools such as gksudo when sudo is configured to use
(for example) pam_krb5. This tool depends on being able to set the prompt to a
specified string.
Comment 1 Jeff Layton 2005-05-15 07:59:34 MDT 
Created attachment 37 [details]
patch -- don't use PAM prompt if user_prompt is set.


The attached patch fixes this behavior. This changes sudo to override the PAM
prompt if user_prompt is set. If it's not set, then it will have the existing
behavior.
Comment 2 Todd C. Miller 2005-05-17 11:59:38 MDT 
This is going to cause serious problems if you use authentcation types such a skey or other challenge/
response systems.
Comment 3 Jeff Layton 2005-05-17 15:30:52 MDT 
Hmm...good point. Though I suppose if you're using '-p' or $SUDO_PROMPT then you
should be expected to know what you're doing.

Another idea might be to introduce an 'append to prompt' option. Then gksudo
could do something like:

--ap GNOME_SUDO_PROMPT

Then it would present something like:

'Password: GNOME_SUDO_PROMPT'

The calling program could then strip off the last part and present the former to
the user. This would allow gksudo to work even with stuff like skey as the user
could see the info from the PAM prompt.
Comment 4 Michael Vogt 2005-06-28 08:26:59 MDT 
Created attachment 38 [details]
pach that implements a append-prompt mode

I attached a patch that adds a simple "append-promtp" flag to sudo. If sudo is
called with -x (in addition to -p) it will append the PROMPT at the end of the
prompt it gets from PAM. This should help tools like gksudo to find out what it
should prompt to the user. I have not a lot of knowledge about the sudo code
internals, I hope the patch is not too bad. What do you think?

Cheers,
 Michael
Comment 5 Michael Vogt 2005-08-04 08:08:28 MDT 
Sorry if I look impatient, but did someone from the sudo team had a chance to
look at the append-prompt patch? It would make it possible to implement support
for pam_krb5 in gksudo cleanly.

Thanks,
 Michael
Comment 6 Martin Pitt 2007-11-14 08:21:30 MST 
*** Bug 270 has been marked as a duplicate of this bug. ***
Comment 7 Martin Pitt 2007-11-14 08:27:29 MST 
This has become much more pressing in 1.6.9, since this enables setlocale() by default and thus PAM uses localized password prompts. See http://www.gratisoft.us/bugzilla/show_bug.cgi?id=270#c2 for details.
Comment 8 Todd C. Miller 2007-11-14 09:35:29 MST 
For the locale issue this is probably best solved by sudo using gettext() and looking up "Password: " in the current locale and using that to do the comparison.
Comment 9 Martin Pitt 2007-11-14 09:41:38 MST 
Indeed, using something like

  dgettext("Linux-PAM", "Password: ")

should do the trick.
Comment 10 Todd C. Miller 2007-12-03 05:59:17 MST 
Sudo 1.6.9p9 now localizes "Password: " before checking against the PAM prompt.  Furthermore, a new sudoers option, passprompt_override exists to force the sudo prompt to be used regardless.  This option is now set by default if the -p flag is specified.