doas prints pam conversation to stdout

[gcb]

Same as was described on #95. I believe this have to do with the pam interface, not with things doas itself print. maybe doas is somehow hiding the tty from pam?

$ doas ls 1>1.txt 2>2.txt
$ tail 1.txt 2.txt
==> 1.txt <==
list of files
Place your right index finger on the fingerprint reader

==> 2.txt <==
(nothing)

reference from previous issue https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/17

opendoas 6.8.2-3

[gcb]

showing the fix on 95, which was only for doas printed errors:

$ doas ls 1>1.txt 2>2.txt
(press a few wrong fingers)

$ tail 1.txt 2.txt 
==> 1.txt <==
(list of files)
Place your right index finger on the fingerprint reader
Place your right index finger on the fingerprint reader
Place your right index finger on the fingerprint reader

==> 2.txt <==
Failed to match fingerprint
Failed to match fingerprint

[gcb]

not familiar with pam interfaces, but tried to simply force ECHO_ON on https://github.com/Duncaen/OpenDoas/blob/master/pam.c#L64

and that only moved the pam messages to stderr:

$ git log ...
commit b96106b7e34ac591ae78b1684e9be3a265122463
$ git diff
diff --git pam.c pam.c
index fa483b8..1e36bb9 100644
--- pam.c
+++ pam.c
@@ -61,7 +61,8 @@ pamprompt(const char *msg, int echo_on, int *ret)
 {
    const char *prompt;
    char *pass, buf[PAM_MAX_RESP_SIZE];
-   int flags = RPP_REQUIRE_TTY | (echo_on ? RPP_ECHO_ON : RPP_ECHO_OFF);
+   //#int flags = RPP_REQUIRE_TTY | (echo_on ? RPP_ECHO_ON : RPP_ECHO_OFF);
+   int flags = RPP_REQUIRE_TTY | RPP_ECHO_ON;
 
    /* overwrite default prompt if it matches "Password:[ ]" */
    if (strncmp(msg,"Password:", 9) == 0 &&

$  ./doas ls 1>1.txt 2>2.txt

$  $ tail 1.txt 2.txt 
==> 1.txt <==
doas.o
env.c
env.o
libopenbsd
pam.c
pam.o
parse.o
parse.y
shadow.c
timestamp.c

==> 2.txt <==
Place your right index finger on the fingerprint reader

[gcb]

pam/fprintd says it's "fixed" on their end. Anyone can validate the implementation here? I'm not familiar with pam.