]> granicus.if.org Git - sudo/commitdiff
If the user is running sudo as himself but as a different group we
authorTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)
need to prompt for a password.

--HG--
branch : 1.7

check.c

diff --git a/check.c b/check.c
index b324c06bde8979651d3c7199c945660cba0ac8c5..e2f237b69e64188351a232e9c123f00f371b24de 100644 (file)
--- a/check.c
+++ b/check.c
@@ -120,7 +120,13 @@ check_user(validated, mode)
     if (ISSET(mode, MODE_INVALIDATE)) {
        SET(validated, FLAG_CHECK_USER);
     } else {
-       if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+       /*
+        * Don't prompt for the root passwd or if the user is exempt.
+        * If the user is not changing uid/gid, no need for a password.
+        */
+       if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+           (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+           user_is_exempt())
            return;
     }