Push non-interactive mode checking down into the auth methods.

For "sudo -n" we only want to reject a command if user input is actually required. In the case of PAM at least, we may not need to interact with the user. Bug #956, GitHub issue #83
2025-08-31 22:35:10 +00:00 · 2022-01-04 18:57:36 -07:00
parent 296d876b76
commit 521ef37aea
14 changed files with 72 additions and 21 deletions
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -435,7 +435,7 @@ log_auth_failure(int status, unsigned int tries)
    audit_failure(NewArgv, "%s", N_("authentication failure"));

    /* If sudoers denied the command we'll log that separately. */
-    if (!ISSET(status, FLAG_BAD_PASSWORD|FLAG_NON_INTERACTIVE))
+    if (!ISSET(status, FLAG_BAD_PASSWORD|FLAG_NO_USER_INPUT))
 	logit = false;

    /*