Bug#442094: displays entered password

[Jack Bates]

Awesome, thanks Simon. I'm generally impressed by your free software,
and particularly the speed you addressed these issues, thanks!

First, I had trouble locating the Git repository. After Googling, I
pulled from git://repo.or.cz/shishi.git

When that didn't include the fixes you describe, I went to the list
archive and pulled from git://git.josefsson.org/shishi.git

If http://josefsson.org/shishi/#development could be updated with info
on getting Shishi source from Git, that'd help.

Next, I dusted off the GNU autotools book and tried building the Shishi
source distribution from the Git source:

ket% aclocal
ket% autoconf 
ket% automake --add-missing
configure.ac:48: installing `build-aux/config.sub'
configure.ac:33: installing `build-aux/missing'
configure.ac:33: installing `build-aux/install-sh'
configure.ac:48: installing `build-aux/config.guess'
asn1/Makefile.am: installing `build-aux/depcomp'
doc/Makefile.am:21: ENABLE_GTK_DOC does not appear in AM_CONDITIONAL
doc/Makefile.am:30: installing `build-aux/mdate-sh'
doc/Makefile.am:30: installing `build-aux/texinfo.tex'
automake: cannot open < gtk-doc.make: No such file or directory
ket% 

I think I'm missing the gtk-doc-tools Debian package? If there's some
documentation on building Shishi from Git I should have RTFMed, please
let me know...

Finally, the source I pulled from git://git.josefsson.org/shishi.git didn't
include the fixes you describe either. Are they in a different
repository, or a different branch?

At this point, I apt-get sourced shishi, manually applied the fixes from
your messages, built the package and voila, both issues are fixed: My
password is not echoed as I login, and pam_unix succeeds when pam_shishi
fails, without asking for my password again.

Much thanks, Jack

On Thu, Sep 13, 2007 at 05:08:04PM +0200, Simon Josefsson wrote:
> Jack Bates <address@hidden> writes:
> 
> > Sorry I've not had time until now to test and provide feedback on
> > libpam-shishi. Thank you for developing this software.
> >
> > Using libpam-shishi, my password is displayed as I enter it. For
> > instance, when logging into a console, most PAM plugins don't display
> > the password as it's entered. However when using libpam-shishi, the
> > password is displayed.
> 
> Hi Jack!  Thanks for the report.  I was quite surprised to hear that,
> but looking at the source, I suspect some debug code was still present.
> I probably mostly used this under X11 and didn't see this.
> 
> I have committed the patch below which looks like the right thing, but I
> have not tested it.  If you can easily build Shishi from GIT yourself
> and test whether the problem is fixed, that would help.
> 
> Thanks,
> Simon
> 
> commit 64ba04853d9d3cdb949ec789ae6e33bbfe06049e
> Author: Simon Josefsson <address@hidden>
> Date:   Thu Sep 13 17:05:25 2007 +0200
> 
>     Add.
> 
> diff --git a/NEWS b/NEWS
> index 2f50b10..ab2f635 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -4,6 +4,9 @@ See the end for copying conditions.
>  
>  * Version 0.0.33 (unreleased)
>  
> +** libpam_shishi: Don't echo password when reading it from console.
> +Reported by Jack Bates <address@hidden>.
> +
>  ** Update translations.
>  
>  * Version 0.0.32 (released 2007-06-29)
> 
> commit 077dd5363b17cdd5565eeff68c0573205e4f7675
> Author: Simon Josefsson <address@hidden>
> Date:   Thu Sep 13 17:05:00 2007 +0200
> 
>     Don't echo password to console (untested patch).
>     Reported by Jack Bates <address@hidden>.
> 
> diff --git a/extra/pam_shishi/pam_shishi.c b/extra/pam_shishi/pam_shishi.c
> index 22641f4..cd92bad 100644
> --- a/extra/pam_shishi/pam_shishi.c
> +++ b/extra/pam_shishi/pam_shishi.c
> @@ -126,7 +126,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
>        pmsg[0] = &msg[0];
>        asprintf ((char **) &msg[0].msg, "Password for address@hidden': ",
>               shishi_principal_default (h), shishi_realm_default (h));
> -      msg[0].msg_style = PAM_PROMPT_ECHO_ON;
> +      msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
>        resp = NULL;
>  
>        retval = conv->conv (nargs, (const struct pam_message **) pmsg,
> 
>

signature.asc
Description: Digital signature