diff --git a/NEWS b/NEWS index 361fcdeae..264b904a6 100644 --- a/NEWS +++ b/NEWS @@ -17,7 +17,7 @@ What's new in Sudo 1.8.28 * On AIX, when the user's password has expired and PAM is not in use, sudo will now allow the user to change their password. - Bug #883 + Bug #883. * Sudo has a new -B command line option that will ring the terminal bell when prompting for a password. @@ -36,6 +36,12 @@ What's new in Sudo 1.8.28 nroff utility. There are now multiple Open Source nroff replacements so this should no longer be an issue. + * Fixed a bad interaction with configure's --prefix and + --disable-shared options. Bug #886. + + * More verbose error message when a password is required and no terminal + is present. Bug #828. + What's new in Sudo 1.8.27 * On HP-UX, sudo will now update the utmps file when running a command diff --git a/doc/TROUBLESHOOTING b/doc/TROUBLESHOOTING index 817f7deeb..bc7f1a6e0 100644 --- a/doc/TROUBLESHOOTING +++ b/doc/TROUBLESHOOTING @@ -211,20 +211,21 @@ A) The default user sudo tries to run things as is always root, even if would achieve the desired result for the preceding sudoers fragment. Q) When I try to run sudo via ssh, I get the error: - sudo: no tty present and no askpass program specified -A) If sudo needs to authenticate a user, it needs access to the - user's terminal to disable echo and to perform per-terminal - access control (for cached credentials). The above message - indicates that sudo was unable to determine the user's terminal. + sudo: a terminal is required to read the password; either use the -S + option to read from standard input or configure an askpass helper +A) If sudo needs to authenticate a user, it requires access to the user's + terminal to disable echo so the password is not displayed to the screen. + The above message indicates that no terminal was present. When running a command via ssh, a terminal is not allocated by default which can cause this message. The "-t" option to ssh will force it to allocate a tty. Alternately, you may be able to use the ssh-askpass utility to prompt for the password if X11 forwarding is enabled and an - askpass program is configured in the sudo.conf file. If you do not - mind your password being echoed to the screen, the "visiblepw" sudoers - option will allow the password to be entered even when echo cannot be - disabled, though this is not recommended. + askpass helper is configured in the sudo.conf file. If you do not mind + your password being echoed to the screen, you may use sudo's -S option + to read the password from the standard input. Alternately, you may set + the "visiblepw" sudoers option which will allow the password to be entered + even when echo cannot be disabled, though this is not recommended. Q) When I try to use SSL-enabled LDAP with sudo I get an error: unable to initialize SSL cert and key db: security library: bad database. diff --git a/po/sudo.pot b/po/sudo.pot index 637c90b84..34a558341 100644 --- a/po/sudo.pot +++ b/po/sudo.pot @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sudo 1.8.28\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-07-19 10:39-0600\n" +"POT-Creation-Date: 2019-07-19 11:51-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -893,7 +893,9 @@ msgid "unable to read password" msgstr "" #: src/tgetpass.c:147 -msgid "no tty present and no askpass program specified" +msgid "" +"a terminal is required to read the password; either use the -S option to " +"read from standard input or configure an askpass helper" msgstr "" #: src/tgetpass.c:157 diff --git a/src/tgetpass.c b/src/tgetpass.c index c954ea849..bf76f788f 100644 --- a/src/tgetpass.c +++ b/src/tgetpass.c @@ -144,7 +144,7 @@ restart: /* If no tty present and we need to disable echo, try askpass. */ if (ttyfd == -1 && !ISSET(flags, TGP_ECHO|TGP_NOECHO_TRY)) { if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) { - sudo_warnx(U_("no tty present and no askpass program specified")); + sudo_warnx(U_("a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper")); debug_return_str(NULL); } SET(flags, TGP_ASKPASS);