In list (-l) or verify (-v) mode, if we have a match but authentication

is required, clear FLAG_NOPASSWD so that when listpw/verifypw is set to "all" and there are multiple sudoers sources a password will be required unless none of the entries in all sources require authentication. From Radovan Sroka of RedHat
2017-11-15 15:06:45 -07:00
parent 2cbdc26540
commit 88faa58735
3 changed files with 6 additions and 0 deletions
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1342,6 +1342,8 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
 		case any:
 		    if (doauth == false)
 			SET(ret, FLAG_NOPASSWD);
+		    else
+			CLR(ret, FLAG_NOPASSWD);
 		    break;
 		default:
 		    break;