Do not update timestamp if user not validated by sudoers.

diff --git a/check.c b/check.c
index 30b36d89150f1d14711f9fcc506a4b89762c8373..a0e410957722fa03c561d2f9bf493785be2522b4 100644 (file)
--- a/check.c
+++ b/check.c
@@ -83,8 +83,8 @@ static void  update_timestamp __P((char *, char *));
  * verify who he/she is.
  */
 void
-check_user(override)
-    int override;
+check_user(validated)
+    int validated;
 {
     char *timestampdir = NULL;
     char *timestampfile = NULL;
@@ -97,7 +97,7 @@ check_user(override)
     build_timestamp(&timestampdir, &timestampfile);
     status = timestamp_status(timestampdir, timestampfile, user_name,
        TS_MAKE_DIRS);
-    if (override || status != TS_CURRENT) {
+    if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
        lecture(status);
 
        /* Expand any escapes in the prompt. */
@@ -106,7 +106,8 @@ check_user(override)
 
        verify_user(auth_pw, prompt);
     }
-    if (status != TS_ERROR)
+    /* Only update timestamp if user was validated. */
+    if (status != TS_ERROR && ISSET(validated, VALIDATE_OK))
        update_timestamp(timestampdir, timestampfile);
     efree(timestampdir);
     efree(timestampfile);

diff --git a/sudo.c b/sudo.c
index 4beeaef7b59b998def11f2f85af348be13a988a8..e5a13210a58e30694241dc81c801ecbac3911d42 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -355,7 +355,7 @@ main(argc, argv)
 
     /* Require a password if sudoers says so.  */
     if (def_authenticate)
-       check_user(ISSET(validated, FLAG_CHECK_USER));
+       check_user(validated);
 
     /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
     /* XXX - causes confusion when root is not listed in sudoers */