[sudo-users] Solaris 9 sudo and roles not playing together

[Todd C. Miller]

In message <33df27e70807090105j362d086cx2841ab0e04e4644b at mail.gmail.com>
	so spake "Ruchi Verma" (ver.ruchi):

> I am using 1.6.9p8 . That means if I install 1.6.9p15 the issue canbe
> resolved?

I believe so.

> Is there anything(configuration change or something)  which I can do in sudo
> 1.6.9p8 which can fix this issue.

To get the fix you'll need to rebuild sudo.  Below is a patch you
can apply to 1.6.9p8 if you'd rather not upgrade.

 - todd

Index: pam.c
===================================================================
RCS file: /home/cvs/courtesan/sudo/auth/pam.c,v
retrieving revision 1.43.2.9
retrieving revision 1.43.2.10
diff -u -p -u -r1.43.2.9 -r1.43.2.10
--- pam.c	2 Dec 2007 17:13:52 -0000	1.43.2.9
+++ pam.c	22 Feb 2008 20:19:45 -0000	1.43.2.10
@@ -257,11 +257,6 @@ sudo_conv(num_msg, msg, response, appdat
 	return(PAM_CONV_ERR);
     zero_bytes(*response, num_msg * sizeof(struct pam_response));
 
-    /* Is the sudo prompt standard? (If so, we'l just use PAM's) */
-    std_prompt =  strncmp(def_prompt, "Password:", 9) == 0 &&
-	(def_prompt[9] == '\0' ||
-	(def_prompt[9] == ' ' && def_prompt[10] == '\0'));
-
     for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
 	flags = tgetpass_flags;
 	switch (pm->msg_style) {
@@ -269,6 +264,12 @@ sudo_conv(num_msg, msg, response, appdat
 		SET(flags, TGP_ECHO);
 	    case PAM_PROMPT_ECHO_OFF:
 		prompt = def_prompt;
+
+		/* Is the sudo prompt standard? (If so, we'l just use PAM's) */
+		std_prompt = strncmp(def_prompt, "Password:", 9) == 0 &&
+		    (def_prompt[9] == '\0' ||
+		    (def_prompt[9] == ' ' && def_prompt[10] == '\0'));
+
 		/* Only override PAM prompt if it matches /^Password: ?/ */
 #if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
 		if (!def_passprompt_override && (std_prompt ||