From 2c3cff17044b06c69c02722c1a5174b6727b67d4 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 19 Nov 2004 19:46:55 +0000 Subject: [PATCH] Check def_authenticate, def_noexec and def_monitor when setting return flags. XXX May be better to just set the defaults directly and get rid of those flags. --- parse.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/parse.c b/parse.c index 97a512f1e..ca17f7973 100644 --- a/parse.c +++ b/parse.c @@ -173,11 +173,14 @@ sudoers_lookup(pwflag) CLR(validated, VALIDATE_NOT_OK); SET(validated, VALIDATE_OK); if (tags != NULL) { - if (tags->nopasswd == TRUE) + if (tags->nopasswd == TRUE || + (tags->nopasswd == UNSPEC && !def_authenticate)) SET(validated, FLAG_NOPASS); - if (tags->noexec == TRUE) + if (tags->noexec == TRUE || + (tags->noexec == UNSPEC && def_noexec)) SET(validated, FLAG_NOEXEC); - if (tags->monitor == TRUE) + if (tags->monitor == TRUE || + (tags->monitor == UNSPEC && def_monitor)) SET(validated, FLAG_MONITOR); } } -- 2.50.1