Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd

if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.

sudo.c

@@ -163,7 +163,7 @@ main(argc, argv)
     int fd;
     int cmnd_status;
     int sudo_mode;
-    int check_cmnd;
+    int sudoers_flags;
 #ifdef POSIX_SIGNALS
     sigset_t set, oset;
 #else
@@ -218,7 +218,7 @@ main(argc, argv)
     /* Setup defaults data structures. */
     init_defaults();
 
-    check_cmnd = 1;
+    sudoers_flags = 0;
     if (sudo_mode & MODE_SHELL)
 	user_cmnd = "shell";
     else
@@ -237,12 +237,12 @@ main(argc, argv)
 		break;
 	    case MODE_VALIDATE:
 		user_cmnd = "validate";
-		check_cmnd = 0;
+		sudoers_flags = PWCHECK_ALL | PWCHECK_RUNAS;
 		break;
 	    case MODE_KILL:
 	    case MODE_INVALIDATE:
 		user_cmnd = "kill";
-		check_cmnd = 0;
+		sudoers_flags = PWCHECK_NEVER;
 		break;
 	    case MODE_LISTDEFS:
 		list_options();
@@ -251,7 +251,7 @@ main(argc, argv)
 	    case MODE_LIST:
 		user_cmnd = "list";
 		printmatches = 1;
-		check_cmnd = 0;
+		sudoers_flags = PWCHECK_ANY;
 		break;
 	}
 
@@ -270,7 +270,7 @@ main(argc, argv)
     add_env(!(sudo_mode & MODE_SHELL));	/* add in SUDO_* envariables */
 
     /* Validate the user but don't search for pseudo-commands. */
-    validated = sudoers_lookup(check_cmnd);
+    validated = sudoers_lookup(sudoers_flags);
 
     /* This goes after the sudoers parse since we honor sudoers options. */
     if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {