From: Todd C. Miller Date: Fri, 6 Jan 2012 15:54:30 +0000 (-0500) Subject: Allow "visudo -c" to work when we only have read-only access to the X-Git-Tag: SUDO_1_8_4~85^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=baa9273dd54d5fe7e0c38216f3e1def498c1fc0e;p=sudo Allow "visudo -c" to work when we only have read-only access to the sudoers include files. --- diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 2fb0601a4..d3bae7c2f 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -143,6 +143,7 @@ struct passwd *list_pw; sudo_printf_t sudo_printf = visudo_printf; static struct sudoersfile_list sudoerslist; static struct rbtree *alias_freelist; +static bool checkonly; int main(int argc, char *argv[]) @@ -150,7 +151,7 @@ main(int argc, char *argv[]) struct sudoersfile *sp; char *args, *editor, *sudoers_path; int ch; - bool checkonly, quiet, strict, oldperms; + bool quiet, strict, oldperms; #if defined(SUDO_DEVEL) && defined(__OpenBSD__) extern char *malloc_options; malloc_options = "AFGJPR"; @@ -815,6 +816,12 @@ open_sudoers(const char *path, bool doedit, bool *keepopen) { struct sudoersfile *entry; FILE *fp; + int open_flags; + + if (checkonly) + open_flags = O_RDONLY; + else + open_flags = O_RDWR | O_CREAT; /* Check for existing entry */ tq_foreach_fwd(&sudoerslist, entry) { @@ -827,7 +834,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen) entry->modified = 0; entry->prev = entry; entry->next = NULL; - entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE); + entry->fd = open(entry->path, open_flags, SUDOERS_MODE); entry->tpath = NULL; entry->doedit = doedit; if (entry->fd == -1) { @@ -835,7 +842,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen) efree(entry); return NULL; } - if (!lock_file(entry->fd, SUDO_TLOCK)) + if (!checkonly && !lock_file(entry->fd, SUDO_TLOCK)) errorx(1, _("%s busy, try again later"), entry->path); if ((fp = fdopen(entry->fd, "r")) == NULL) error(1, "%s", entry->path);