Bugzilla – Bug 126
Linux support for FWTK and SECURID prompts
Last modified: 2004-01-15 17:11:59 MST
When building sudo 1.6.7p5 on redhat 9 to talk over FWTK protocol to a FWTK server that will eventually prompt for a SECURID passcode, there is a small fix that needs to be made: Behavior of unpatched sudo 1.6.7p5 from source: bash$ /usr/local/bin/sudo-fwtk bash /usr/local/bin/sudo-fwtk: chalnecho Enter PASSCODE: bash$ This does not even prompt the user for a passcode or allow the user to type anything. Here is a patch that solves the problem for us: ----- diff -rc sudo-1.6.7p5/auth/fwtk.c sudo-1.6.7p5.ORIG/auth/fwtk.c *** sudo-1.6.7p5/auth/fwtk.c 2004-01-14 13:15:49.000000000 -0500 --- sudo-1.6.7p5.ORIG/auth/fwtk.c 2004-01-14 12:59:28.000000000 -0500 *************** *** 136,142 **** } } else if (strncmp(resp, "chalnecho ",10) == 0) { (void) snprintf(buf, sizeof(buf), "%s ", &resp[10]); ! pass = tgetpass(buf, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); } else if (strncmp(resp, "password", 8) == 0) { pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); --- 136,142 ---- } } else if (strncmp(resp, "chalnecho ",10) == 0) { (void) snprintf(buf, sizeof(buf), "%s ", &resp[10]); ! pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); } else if (strncmp(resp, "password", 8) == 0) { pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); ---------- We are not sure if this needs to be surrounded with ifdef linux, but we would greatly appreciate it if this small change could be incorporated into the base source code. Thanks. -Jim Ault aultj@despammed.com
The output you quote is due to the fact that auth/fwtk.c only suports fwtk 1.2 and below. As such, the "chalnecho" response is not dealt with. I'll update sudo to accept the new responses introduced with fwtk 2.0 in the next sudo release.