/* Assume the worst. */
validated = VALIDATE_NOT_OK | FLAG_NO_HOST | FLAG_NO_USER;
- if (pwflag)
+ if (pwflag && list_pw == NULL)
SET(validated, FLAG_NO_CHECK);
else if (!def_authenticate)
validated |= FLAG_NOPASS;
if (user_matches(sudo_user.pw, us->user) == TRUE) {
priv = us->privileges;
if (host_matches(user_shost, user_host, priv->hostlist) == TRUE) {
- matched = TRUE;
for (cs = priv->cmndlist; cs != NULL; cs = cs->next) {
+ /* Only check the command when listing another user. */
+ if (user_uid == 0 || list_pw == NULL ||
+ cmnd_matches(user_cmnd, user_args, cs->cmnd) == TRUE)
+ matched = TRUE;
if ((pwcheck == any && nopass != TRUE) ||
(pwcheck == all && nopass == TRUE))
nopass = cs->tags.nopasswd;
char **Argv, **NewArgv;
char *prev_user;
struct sudo_user sudo_user;
-struct passwd *auth_pw;
-static struct passwd *list_pw;
+struct passwd *auth_pw, *list_pw;
struct interface *interfaces;
int num_interfaces;
int tgetpass_flags;
if (excl && excl != 'l')
usage_excl(1);
excl = 'l';
- if (NewArgv[1] != NULL && *NewArgv[1] != '-') {
- if ((list_pw = sudo_getpwnam(NewArgv[1])) != NULL) {
- if (getuid() != 0 && list_pw->pw_uid != getuid())
- errx(1, "only root may list other user's entries");
- } else
- errx(1, "unknown user %s", NewArgv[1]);
- NewArgc--;
- NewArgv++;
- }
break;
case 'V':
rval = MODE_VERSION;
NewArgv++;
}
+ if (user_runas != NULL) {
+ if (rval == MODE_LIST) {
+ if ((list_pw = sudo_getpwnam(*user_runas)) == NULL)
+ errx(1, "unknown user %s", *user_runas);
+ user_runas = NULL;
+ } else if (!ISSET(rval, (MODE_EDIT|MODE_RUN))) {
+ warnx("the `-u' and '-%c' options may not be used together", excl);
+ usage(1);
+ }
+ }
if ((NewArgc == 0 && (rval & MODE_EDIT)) ||
(NewArgc > 0 && !(rval & (MODE_RUN | MODE_EDIT))))
usage(1);
continue;
*p = " file [...]";
} else {
- fprintf(stderr, "usage: %s -K | -L | -V | -h | -k | -l [user] | -v\n",
+ fprintf(stderr, "usage: %s -K | -L | -V | -h | -k | -l | -v\n",
getprogname());
}
/* Only provide extern declarations outside of sudo.c. */
#ifndef _SUDO_MAIN
extern struct sudo_user sudo_user;
-extern struct passwd *auth_pw;
+extern struct passwd *auth_pw, *list_pw;
extern int tgetpass_flags;
extern uid_t timestamp_uid;
projects / sudo / commitdiff