===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/parse.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- src/usr.bin/sudo/Attic/parse.c	2000/03/27 03:44:38	1.4
+++ src/usr.bin/sudo/Attic/parse.c	2000/08/13 21:58:52	1.5
@@ -112,10 +112,11 @@
  * allowed to run the specified command on this host as the target user.
  */
 int
-sudoers_lookup(pwflags)
-    int pwflags;
+sudoers_lookup(sudo_mode)
+    int sudo_mode;
 {
     int error;
+    int pwcheck;
 
     /* Become sudoers file owner */
     set_perms(PERM_SUDOERS, 0);
@@ -128,8 +129,9 @@
     /* Allocate space for data structures in the parser. */
     init_parser();
 
-    /* For most pwflags to be useful we need to keep more state around. */
-    if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS)
+    /* If pwcheck *could* be PWCHECK_ALL or PWCHECK_ANY, keep more state. */
+    if (!(sudo_mode & MODE_RUN) && sudo_mode != MODE_KILL &&
+	sudo_mode != MODE_INVALIDATE)
 	keepall = TRUE;
 
     /* Need to be root while stat'ing things in the parser. */
@@ -144,6 +146,26 @@
 	return(VALIDATE_ERROR);
 
     /*
+     * The pw options may have changed during sudoers parse so we
+     * wait until now to set this.
+     */
+    switch (sudo_mode) {
+	case MODE_VALIDATE:
+	    pwcheck = def_ival(I_VERIFYPW);
+	    break;
+	case MODE_LIST:
+	    pwcheck = def_ival(I_LISTPW);
+	    break;
+	case MODE_KILL:
+	case MODE_INVALIDATE:
+	    pwcheck = PWCHECK_NEVER;
+	    break;
+	default:
+	    pwcheck = 0;
+	    break;
+}
+
+    /*
      * Assume the worst.  If the stack is empty the user was
      * not mentioned at all.
      */
@@ -151,7 +173,7 @@
 	error = VALIDATE_NOT_OK;
     else
 	error = VALIDATE_NOT_OK | FLAG_NOPASS;
-    if (pwflags) {
+    if (pwcheck) {
 	error |= FLAG_NO_CHECK;
     } else {
 	error |= FLAG_NO_HOST;
@@ -160,14 +182,14 @@
     }
 
     /*
-     * Only check the actual command if pwflags flag is not set.
+     * Only check the actual command if pwcheck flag is not set.
      * It is set for the "validate", "list" and "kill" pseudo-commands.
      * Always check the host and user.
      */
-    if (pwflags) {
+    if (pwcheck) {
 	int nopass, found;
 
-	if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
+	if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
 	    nopass = FLAG_NOPASS;
 	else
 	    nopass = -1;
@@ -175,9 +197,9 @@
 	while (top) {
 	    if (host_matches == TRUE) {
 		found = 1;
-		if (pwflags == PWCHECK_ANY && no_passwd == TRUE)
+		if (pwcheck == PWCHECK_ANY && no_passwd == TRUE)
 		    nopass = FLAG_NOPASS;
-		else if (pwflags == PWCHECK_ALL && nopass != 0)
+		else if (pwcheck == PWCHECK_ALL && nopass != 0)
 		    nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
 	    }
 	    top--;