Fix "sudo -l command" in the LDAP and SSS backends when the command

is not allowed.
2016-08-29 10:04:24 -06:00
parent 7918f7e7eb
commit 5b51b7f11a
2 changed files with 6 additions and 4 deletions
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1380,8 +1380,9 @@ sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw)

    for (i = 0; i < sss_result->num_rules; i++) {
 	rule = sss_result->rules + i;
-	if (sudo_sss_check_command(handle, rule, NULL) &&
-	    sudo_sss_check_runas(handle, rule)) {
+	if (!sudo_sss_check_runas(handle, rule))
+	    continue;
+	if (sudo_sss_check_command(handle, rule, NULL) == true) {
 	    found = true;
 	    goto done;
 	}