char *timestampfile = NULL;
char *prompt;
struct stat sb;
- int status;
+ int status, need_pass = def_authenticate;
+
+ /* Init authentication system regardless of whether we need a password. */
+ auth_pw = get_authpw();
+ sudo_auth_init(auth_pw);
+
+ if (need_pass) {
+ /* Always need a password when -k was specified with the command. */
+ if (ISSET(mode, MODE_INVALIDATE)) {
+ SET(validated, FLAG_CHECK_USER);
+ } else {
+ /*
+ * Don't prompt for the root passwd or if the user is exempt.
+ * If the user is not changing uid/gid, no need for a password.
+ */
+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name)))
+ || user_is_exempt())
+ need_pass = FALSE;
+ }
+ }
+ if (!need_pass)
+ goto done;
/* Stash the tty's ctime for tty ticket comparison. */
if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
ctim_get(&sb, &tty_info.ctime);
}
- /* Init authentication system regardless of whether we need a password. */
- auth_pw = get_authpw();
- sudo_auth_init(auth_pw);
-
- /* Always prompt for a password when -k was specified with the command. */
- if (ISSET(mode, MODE_INVALIDATE)) {
- SET(validated, FLAG_CHECK_USER);
- } else {
- /*
- * Don't prompt for the root passwd or if the user is exempt.
- * If the user is not changing uid/gid, no need for a password.
- */
- if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
- (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
- user_is_exempt())
- goto done;
- }
-
build_timestamp(×tampdir, ×tampfile);
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_MAKE_DIRS);
rebuild_env(def_noexec);
/* Require a password if sudoers says so. */
- if (def_authenticate)
- check_user(validated, sudo_mode);
+ check_user(validated, sudo_mode);
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
/* XXX - causes confusion when root is not listed in sudoers */
projects / sudo / commitdiff