From: Todd C. Miller Date: Thu, 12 Jan 2012 20:23:16 +0000 (-0500) Subject: Allow "visudo -c" to work when we only have read-only access to the X-Git-Tag: SUDO_1_7_9~31 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=36acde71acc91129c989609f003e306b63bdb6b0;p=sudo Allow "visudo -c" to work when we only have read-only access to the sudoers include files. --HG-- branch : 1.7 --- diff --git a/visudo.c b/visudo.c index e3f9b8cfd..f79b9ff11 100644 --- a/visudo.c +++ b/visudo.c @@ -136,6 +136,7 @@ struct sudo_user sudo_user; struct passwd *list_pw; static struct sudoersfile_list sudoerslist; static struct rbtree *alias_freelist; +static int checkonly; int main(argc, argv) @@ -144,7 +145,7 @@ main(argc, argv) { struct sudoersfile *sp; char *args, *editor, *sudoers_path; - int ch, checkonly, quiet, strict, oldperms; + int ch, quiet, strict, oldperms; #if defined(SUDO_DEVEL) && defined(__OpenBSD__) extern char *malloc_options; malloc_options = "AFGJPR"; @@ -828,6 +829,12 @@ open_sudoers(path, doedit, keepopen) { struct sudoersfile *entry; FILE *fp; + int open_flags; + + if (checkonly) + open_flags = O_RDONLY; + else + open_flags = O_RDWR | O_CREAT; /* Check for existing entry */ tq_foreach_fwd(&sudoerslist, entry) { @@ -840,7 +847,7 @@ open_sudoers(path, doedit, keepopen) entry->modified = 0; entry->prev = entry; entry->next = NULL; - entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE); + entry->fd = open(entry->path, open_flags, SUDOERS_MODE); entry->tpath = NULL; entry->doedit = doedit; if (entry->fd == -1) { @@ -848,7 +855,7 @@ open_sudoers(path, doedit, keepopen) efree(entry); return NULL; } - if (!lock_file(entry->fd, SUDO_TLOCK)) + if (!checkonly && !lock_file(entry->fd, SUDO_TLOCK)) errorx(1, "%s busy, try again later", entry->path); if ((fp = fdopen(entry->fd, "r")) == NULL) error(1, "%s", entry->path);