If the user is running sudo as himself but as a different group we

need to prompt for a password.
2011-01-11 10:35:20 -05:00
parent 49409b7c5d
commit 2d74e9567f
1 changed files with 8 additions and 2 deletions
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -117,8 +117,14 @@ check_user(int validated, int mode)
    if (ISSET(mode, MODE_IGNORE_TICKET)) {
 	SET(validated, FLAG_CHECK_USER);
    } else {
-	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
-	    return TRUE;
+    /*
+     * Don't prompt for the root passwd or if the user is exempt.
+     * If the user is not changing uid/gid, no need for a password.
+     */
+    if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+	(!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+	user_is_exempt())
+	return TRUE;
    }

    if (build_timestamp(&timestampdir, &timestampfile) == -1)