[sudo-workers] listpw/verifypw processing in LDAP/SSSD
Todd C. Miller
Todd.Miller at courtesan.com
Mon Mar 2 11:13:57 MST 2015
I think the following fixes the logic for listpw/verifypw all. If
there are any entries for which !authenticate is not present, doauth
should be !false.
- todd
diff -r df192fe8897c plugins/sudoers/ldap.c
--- a/plugins/sudoers/ldap.c Mon Mar 02 10:32:28 2015 -0700
+++ b/plugins/sudoers/ldap.c Mon Mar 02 11:11:35 2015 -0700
@@ -3008,8 +3008,8 @@
for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry;
if ((pwcheck == any && doauth != false) ||
- (pwcheck == all && doauth == false)) {
- doauth = sudo_ldap_check_bool(ld, entry, "authenticate");
+ (pwcheck == all && doauth != true)) {
+ doauth = !!sudo_ldap_check_bool(ld, entry, "authenticate");
}
/* Only check the command when listing another user. */
if (user_uid == 0 || list_pw == NULL ||
More information about the sudo-workers
mailing list