if (ISSET(mode, MODE_INVALIDATE)) {
SET(validated, FLAG_CHECK_USER);
} else {
- if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+ /*
+ * Don't prompt for the root passwd or if the user is exempt.
+ * If the user is not changing uid/gid, no need for a password.
+ */
+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+ user_is_exempt())
return;
}
char *timestampfile;
{
/* If using tty timestamps but we have no tty there is nothing to do. */
- if (timestampfile && !user_ttypath)
+ if (def_tty_tickets && !user_ttypath)
return;
if (timestamp_uid != 0)
if (timestampfile && status != TS_ERROR) {
if (status != TS_MISSING)
status = TS_NOFILE; /* dir there, file missing */
- if (!user_ttypath)
+ if (def_tty_tickets && !user_ttypath)
goto done; /* no tty, always prompt */
if (lstat(timestampfile, &sb) == 0) {
if (!S_ISREG(sb.st_mode)) {
/*
* Check for stored tty info. If the file is zero-sized
* it is an old-style timestamp with no tty info in it.
+ * If removing, we don't care about the contents.
* The actual mtime check is done later.
*/
- if (sb.st_size != 0) {
+ if (ISSET(flags, TS_REMOVE)) {
+ status = TS_OLD;
+ } else if (sb.st_size != 0) {
struct tty_info info;
int fd = open(timestampfile, O_RDONLY, 0644);
if (fd != -1) {
}
} else {
timevalclear(&tv);
- if (touch(-1, path, &tv) == -1)
+ if (touch(-1, path, &tv) == -1 && errno != ENOENT)
error(1, "can't reset %s to Epoch", path);
}
}