Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd
if there is *any* entry for the user on the host with a NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for the user on the host w/ the specified runas user have the NOPASSWD flag set.
This commit is contained in:
Todd C. Miller
12
sudo.h
12
sudo.h
@@ -144,6 +144,18 @@ struct sudo_user {
|
||||
#define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
|
||||
#define SUDO_UNLOCK 4 /* unlock a file */
|
||||
|
||||
/*
|
||||
* Flags for sudoers_lookup:
|
||||
* PASSWD_NEVER: user never has to give a passwd
|
||||
* PASSWD_ALL: no passwd needed if all entries for host have NOPASSWD flag
|
||||
* PASSWD_ANY: no passwd needed if any entry for host has a NOPASSWD flag
|
||||
* PWCHECK_RUNAS: require that runas_matches be TRUE
|
||||
*/
|
||||
#define PWCHECK_NEVER 001
|
||||
#define PWCHECK_ALL 002
|
||||
#define PWCHECK_ANY 004
|
||||
#define PWCHECK_RUNAS 010
|
||||
|
||||
/*
|
||||
* Function prototypes
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user