Don't ask the user for a password if the user is not allowed to run

author Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 6 Dec 1999 00:14:54 +0000 (00:14 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 6 Dec 1999 00:14:54 +0000 (00:14 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 6 Dec 1999 00:14:54 +0000 (00:14 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 6 Dec 1999 00:14:54 +0000 (00:14 +0000)
diff --git a/CHANGES b/CHANGES

index ae3a849b9d914edef693a8035201a0d0d3b572ad..5dd835cb52bde1344a076027e8645b33cb551b04 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1204,3 +1204,6 @@ Sudo 1.6 released.
       runas specs, the latter ones may not be applied.
  
  379) #uid now works in a RunasAlias
+
+380) Don't ask the user for a password if the user is not allowed to run
+     the command and the authenticate flag (in sudoers) is false.
diff --git a/parse.c b/parse.c

index ab9f461c912c2ebeeaae8eba3ae72ee6346c2a14..0f3b7b6468dbc4af3afaa7254301c073811de510 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -142,7 +142,10 @@ sudoers_lookup(check_cmnd)
       * Assume the worst.  If the stack is empty the user was
       * not mentioned at all.
       */
-    error = VALIDATE_NOT_OK;
+    if (def_flag(I_AUTHENTICATE))
+       error = VALIDATE_NOT_OK;
+    else
+       error = VALIDATE_NOT_OK | FLAG_NOPASS;
      if (check_cmnd == TRUE) {
         error |= FLAG_NO_HOST;
         if (!top)
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 6 Dec 1999 00:14:54 +0000 (00:14 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 6 Dec 1999 00:14:54 +0000 (00:14 +0000)