Honor NOPASSWD tag for denied commands too.
authorTodd C. Miller <Todd.Miller@courtesan.com>
Fri, 9 Sep 2011 13:57:39 +0000 (09:57 -0400)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Fri, 9 Sep 2011 13:57:39 +0000 (09:57 -0400)
plugins/sudoers/parse.c

index 303d13500ab736f15fe8d8e76fc34f5ab8ae4b32..8ce68584bf19f1c4cf586179608f7154e73209f5 100644 (file)
@@ -250,6 +250,8 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
     } else if (match == DENY) {
        SET(validated, VALIDATE_NOT_OK);
        CLR(validated, VALIDATE_OK);
+       if (tags != NULL && tags->nopasswd != UNSPEC)
+           def_authenticate = !tags->nopasswd;
     }
     restore_perms();
     return validated;