Honor NOPASSWD tag for denied commands too.

author Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 17 Sep 2011 00:03:45 +0000 (20:03 -0400)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 17 Sep 2011 00:03:45 +0000 (20:03 -0400)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 17 Sep 2011 00:03:45 +0000 (20:03 -0400)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 17 Sep 2011 00:03:45 +0000 (20:03 -0400)
diff --git a/parse.c b/parse.c

index be719d4d1fdeb807072b14c2e935313d399bc65b..30eb7f4d3cd5291853df49153b248ddac6cd676e 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -257,6 +257,8 @@ sudo_file_lookup(nss, validated, pwflag)
      } else if (match == DENY) {
         SET(validated, VALIDATE_NOT_OK);
         CLR(validated, VALIDATE_OK);
+       if (tags != NULL && tags->nopasswd != UNSPEC)
+           def_authenticate = !tags->nopasswd;
      }
      set_perms(PERM_ROOT);
      return validated;
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 17 Sep 2011 00:03:45 +0000 (20:03 -0400)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 17 Sep 2011 00:03:45 +0000 (20:03 -0400)