X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=check.c;h=badf3e4007735df5ec8ad5e454bd3cefc811cf9b;hb=e52e358fe62bf35950dc2bee3c9d45f159fb4420;hp=8b7834a03b0f3a240f62396f29f9100cea2fa7a5;hpb=e8c052b72a5847683684a87315540fdf1f525d9c;p=debian%2Fsudo

diff --git a/check.c b/check.c
index 8b7834a..badf3e4 100644
--- a/check.c
+++ b/check.c
@@ -119,7 +119,13 @@ check_user(validated, mode)
     if (ISSET(mode, MODE_INVALIDATE)) {
 	SET(validated, FLAG_CHECK_USER);
     } else {
-	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+	/*
+	 * Don't prompt for the root passwd or if the user is exempt.
+	 * If the user is not changing uid/gid, no need for a password.
+	 */
+	if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+	    (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+	    user_is_exempt())
 	    return;
     }
 
@@ -205,7 +211,7 @@ update_timestamp(timestampdir, timestampfile)
     char *timestampfile;
 {
     /* If using tty timestamps but we have no tty there is nothing to do. */
-    if (timestampfile && !user_ttypath)
+    if (def_tty_tickets && !user_ttypath)
 	return;
 
     if (timestamp_uid != 0)
@@ -528,7 +534,7 @@ timestamp_status(timestampdir, timestampfile, user, flags)
     if (timestampfile && status != TS_ERROR) {
 	if (status != TS_MISSING)
 	    status = TS_NOFILE;			/* dir there, file missing */
-	if (!user_ttypath)
+	if (def_tty_tickets && !user_ttypath)
 	    goto done;				/* no tty, always prompt */
 	if (lstat(timestampfile, &sb) == 0) {
 	    if (!S_ISREG(sb.st_mode)) {
@@ -556,9 +562,12 @@ timestamp_status(timestampdir, timestampfile, user, flags)
 		    /*
 		     * Check for stored tty info.  If the file is zero-sized
 		     * it is an old-style timestamp with no tty info in it.
+		     * If removing, we don't care about the contents.
 		     * The actual mtime check is done later.
 		     */
-		    if (sb.st_size != 0) {
+		    if (ISSET(flags, TS_REMOVE)) {
+			status = TS_OLD;
+		    } else if (sb.st_size != 0) {
 			struct tty_info info;
 			int fd = open(timestampfile, O_RDONLY, 0644);
 			if (fd != -1) {
@@ -646,7 +655,7 @@ remove_timestamp(remove)
 	    }
 	} else {
 	    timevalclear(&tv);
-	    if (touch(-1, path, &tv) == -1)
+	    if (touch(-1, path, &tv) == -1 && errno != ENOENT)
 		error(1, "can't reset %s to Epoch", path);
 	}
     }