isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When matching host, short-circuit the loop when we get a match.

Browse Source 
Only check username as part of the netgroup when netgroup_tuple is
enabled.
This commit is contained in:
Todd C. Miller
2016-06-03 14:07:40 -06:00
parent a71cac91f2
commit ccf88d3bb2
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/sudoers/sssd.c
View File

@@ -668,13 +668,14 @@ sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
}
/* walk through values */
for (i = 0; val_array[i] != NULL; ++i) {
for (i = 0; val_array[i] != NULL && !ret; ++i) {
val = val_array[i];
sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val);
/* match any or address or netgroup or hostname */
if (strcmp(val, "ALL") == 0 || addr_matches(val) || netgr_matches(val,
user_runhost, user_srunhost, handle->pw->pw_name) ||
if (strcmp(val, "ALL") == 0 || addr_matches(val) ||
netgr_matches(val, user_runhost, user_srunhost,
def_netgroup_tuple ? handle->pw->pw_name : NULL) ||
hostname_matches(user_srunhost, user_runhost, val))
ret = true;