From 6f1a9c0bc9b6bf6728b0c7b5524b5b9e008c822a Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 6 Jul 2007 18:51:43 +0000 Subject: [PATCH] Do not update timestamp if user not validated by sudoers. --- check.c | 9 +++++---- sudo.c | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/check.c b/check.c index 30b36d891..a0e410957 100644 --- a/check.c +++ b/check.c @@ -83,8 +83,8 @@ static void update_timestamp __P((char *, char *)); * verify who he/she is. */ void -check_user(override) - int override; +check_user(validated) + int validated; { char *timestampdir = NULL; char *timestampfile = NULL; @@ -97,7 +97,7 @@ check_user(override) build_timestamp(×tampdir, ×tampfile); status = timestamp_status(timestampdir, timestampfile, user_name, TS_MAKE_DIRS); - if (override || status != TS_CURRENT) { + if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { lecture(status); /* Expand any escapes in the prompt. */ @@ -106,7 +106,8 @@ check_user(override) verify_user(auth_pw, prompt); } - if (status != TS_ERROR) + /* Only update timestamp if user was validated. */ + if (status != TS_ERROR && ISSET(validated, VALIDATE_OK)) update_timestamp(timestampdir, timestampfile); efree(timestampdir); efree(timestampfile); diff --git a/sudo.c b/sudo.c index 4beeaef7b..e5a13210a 100644 --- a/sudo.c +++ b/sudo.c @@ -355,7 +355,7 @@ main(argc, argv) /* Require a password if sudoers says so. */ if (def_authenticate) - check_user(ISSET(validated, FLAG_CHECK_USER)); + check_user(validated); /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ -- 2.40.0