if (ISSET(mode, MODE_INVALIDATE)) {
SET(validated, FLAG_CHECK_USER);
} else {
- if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+ /*
+ * Don't prompt for the root passwd or if the user is exempt.
+ * If the user is not changing uid/gid, no need for a password.
+ */
+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+ user_is_exempt())
return;
}
char *timestampfile;
{
/* If using tty timestamps but we have no tty there is nothing to do. */
- if (timestampfile && !user_ttypath)
+ if (def_tty_tickets && !user_ttypath)
return;
if (timestamp_uid != 0)
if (timestampfile && status != TS_ERROR) {
if (status != TS_MISSING)
status = TS_NOFILE; /* dir there, file missing */
- if (!user_ttypath)
+ if (def_tty_tickets && !user_ttypath)
goto done; /* no tty, always prompt */
if (lstat(timestampfile, &sb) == 0) {
if (!S_ISREG(sb.st_mode)) {