isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid calling cmnd_matches() in list/verify mode if we already have

Browse Source 
a match.
This commit is contained in:
Todd C. Miller
2017-11-15 15:09:25 -07:00
parent 88faa58735
commit bcc0eeb575
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/parse.c
View File

@@ -182,14 +182,16 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
if (hostlist_matches(sudo_user.pw, &priv->hostlist) != ALLOW) if (hostlist_matches(sudo_user.pw, &priv->hostlist) != ALLOW)
continue; continue;
TAILQ_FOREACH(cs, &priv->cmndlist, entries) { TAILQ_FOREACH(cs, &priv->cmndlist, entries) {
if ((pwcheck == any && cs->tags.nopasswd == true) ||
(pwcheck == all && cs->tags.nopasswd != true))
nopass = cs->tags.nopasswd;
if (match == ALLOW)
continue;
/* Only check the command when listing another user. */ /* Only check the command when listing another user. */
if (user_uid == 0 || list_pw == NULL || if (user_uid == 0 || list_pw == NULL ||
user_uid == list_pw->pw_uid || user_uid == list_pw->pw_uid ||
cmnd_matches(cs->cmnd) == ALLOW) cmnd_matches(cs->cmnd) == ALLOW)
match = ALLOW; match = ALLOW;
if ((pwcheck == any && cs->tags.nopasswd == true) ||
(pwcheck == all && cs->tags.nopasswd != true))
nopass = cs->tags.nopasswd;
} }
} }
} }