isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

In sudo_ldap_lookup(), always do the initial sudoers check as the

Browse Source 
invoking user.  If we are listing another user's privs we will
do a separate lookup using list_pw later.
This commit is contained in:
Todd C. Miller
2011-01-21 08:10:26 -05:00
parent dbb830c794
commit be034d5e7e
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/sudoers/ldap.c
View File

@@ -2043,7 +2043,6 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
LDAP *ld; LDAP *ld;
LDAPMessage *entry; LDAPMessage *entry;
int i, rc, setenv_implied, matched = UNSPEC; int i, rc, setenv_implied, matched = UNSPEC;
struct passwd *pw = list_pw ? list_pw : sudo_user.pw;
struct ldap_result *lres = NULL; struct ldap_result *lres = NULL;
if (handle == NULL || handle->ld == NULL) if (handle == NULL || handle->ld == NULL)
@@ -2051,7 +2050,7 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
ld = handle->ld; ld = handle->ld;
/* Fetch list of sudoRole entries that match user and host. */ /* Fetch list of sudoRole entries that match user and host. */
lres = sudo_ldap_result_get(nss, pw); lres = sudo_ldap_result_get(nss, sudo_user.pw);
/* /*
* The following queries are only determine whether or not a * The following queries are only determine whether or not a