Allow "visudo -c" to work when we only have read-only access to the

sudoers include files.

diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 2fb0601a467da7ae13d7fa9c1d6e9e0cd18452e6..d3bae7c2f59648a990334be5d712b50f98e0e156 100644 (file)
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -143,6 +143,7 @@ struct passwd *list_pw;
 sudo_printf_t sudo_printf = visudo_printf;
 static struct sudoersfile_list sudoerslist;
 static struct rbtree *alias_freelist;
+static bool checkonly;
 
 int
 main(int argc, char *argv[])
@@ -150,7 +151,7 @@ main(int argc, char *argv[])
     struct sudoersfile *sp;
     char *args, *editor, *sudoers_path;
     int ch;
-    bool checkonly, quiet, strict, oldperms;
+    bool quiet, strict, oldperms;
 #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
     extern char *malloc_options;
     malloc_options = "AFGJPR";
@@ -815,6 +816,12 @@ open_sudoers(const char *path, bool doedit, bool *keepopen)
 {
     struct sudoersfile *entry;
     FILE *fp;
+    int open_flags;
+
+    if (checkonly)
+       open_flags = O_RDONLY;
+    else
+       open_flags = O_RDWR | O_CREAT;
 
     /* Check for existing entry */
     tq_foreach_fwd(&sudoerslist, entry) {
@@ -827,7 +834,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen)
        entry->modified = 0;
        entry->prev = entry;
        entry->next = NULL;
-       entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE);
+       entry->fd = open(entry->path, open_flags, SUDOERS_MODE);
        entry->tpath = NULL;
        entry->doedit = doedit;
        if (entry->fd == -1) {
@@ -835,7 +842,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen)
            efree(entry);
            return NULL;
        }
-       if (!lock_file(entry->fd, SUDO_TLOCK))
+       if (!checkonly && !lock_file(entry->fd, SUDO_TLOCK))
            errorx(1, _("%s busy, try again later"), entry->path);
        if ((fp = fdopen(entry->fd, "r")) == NULL)
            error(1, "%s", entry->path);