isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix "sudo -l command" in the LDAP and SSS backends when the command

Browse Source 
is not allowed.
This commit is contained in:
Todd C. Miller
2016-08-29 10:04:24 -06:00
parent 7918f7e7eb
commit 5b51b7f11a
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/sudoers/ldap.c
View File

@@ -2568,8 +2568,9 @@ sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
goto done; goto done;
for (i = 0; i < lres->nentries; i++) { for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry; entry = lres->entries[i].entry;
if (sudo_ldap_check_command(ld, entry, NULL) && if (!sudo_ldap_check_runas(ld, entry))
sudo_ldap_check_runas(ld, entry)) { continue;
if (sudo_ldap_check_command(ld, entry, NULL) == true) {
found = true; found = true;
goto done; goto done;
} }

5
plugins/sudoers/sssd.c
View File

@@ -1380,8 +1380,9 @@ sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
for (i = 0; i < sss_result->num_rules; i++) { for (i = 0; i < sss_result->num_rules; i++) {
rule = sss_result->rules + i; rule = sss_result->rules + i;
if (sudo_sss_check_command(handle, rule, NULL) && if (!sudo_sss_check_runas(handle, rule))
sudo_sss_check_runas(handle, rule)) { continue;
if (sudo_sss_check_command(handle, rule, NULL) == true) {
found = true; found = true;
goto done; goto done;
} }