From: Todd C. Miller Date: Thu, 26 Jan 2012 21:34:49 +0000 (-0500) Subject: We need to init the auth system regardless of whether we need a X-Git-Tag: SUDO_1_7_9~17 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7e0c76017e36e6323260fbbc12f30a9729c7b9f6;p=sudo We need to init the auth system regardless of whether we need a password since we will be closing the PAM session in the monitor process. Fixes a crash in the monitor on Solaris; bugzilla #533 --HG-- branch : 1.7 --- diff --git a/check.c b/check.c index c2cfa3252..466e7fe31 100644 --- a/check.c +++ b/check.c @@ -106,7 +106,29 @@ check_user(validated, mode) char *timestampfile = NULL; char *prompt; struct stat sb; - int status; + int status, need_pass = def_authenticate; + + /* Init authentication system regardless of whether we need a password. */ + auth_pw = get_authpw(); + sudo_auth_init(auth_pw); + + if (need_pass) { + /* Always need a password when -k was specified with the command. */ + if (ISSET(mode, MODE_INVALIDATE)) { + SET(validated, FLAG_CHECK_USER); + } else { + /* + * Don't prompt for the root passwd or if the user is exempt. + * If the user is not changing uid/gid, no need for a password. + */ + if (user_uid == 0 || (user_uid == runas_pw->pw_uid && + (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) + || user_is_exempt()) + need_pass = FALSE; + } + } + if (!need_pass) + goto done; /* Stash the tty's ctime for tty ticket comparison. */ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { @@ -117,24 +139,6 @@ check_user(validated, mode) ctim_get(&sb, &tty_info.ctime); } - /* Init authentication system regardless of whether we need a password. */ - auth_pw = get_authpw(); - sudo_auth_init(auth_pw); - - /* Always prompt for a password when -k was specified with the command. */ - if (ISSET(mode, MODE_INVALIDATE)) { - SET(validated, FLAG_CHECK_USER); - } else { - /* - * Don't prompt for the root passwd or if the user is exempt. - * If the user is not changing uid/gid, no need for a password. - */ - if (user_uid == 0 || (user_uid == runas_pw->pw_uid && - (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) || - user_is_exempt()) - goto done; - } - build_timestamp(×tampdir, ×tampfile); status = timestamp_status(timestampdir, timestampfile, user_name, TS_MAKE_DIRS); diff --git a/sudo.c b/sudo.c index e5235ecf6..67bd67ef0 100644 --- a/sudo.c +++ b/sudo.c @@ -432,8 +432,7 @@ main(argc, argv, envp) rebuild_env(def_noexec); /* Require a password if sudoers says so. */ - if (def_authenticate) - check_user(validated, sudo_mode); + check_user(validated, sudo_mode); /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */