[sudo-workers] listpw/verifypw processing in LDAP/SSSD
Todd C. Miller
Todd.Miller at courtesan.com
Mon Mar 2 13:12:07 MST 2015
The following might be easier to read/understand.
- todd
--- plugins/sudoers/ldap.c Mon Feb 9 11:53:53 2015
+++ plugins/sudoers/ldap.c Mon Mar 2 11:54:35 2015
@@ -2996,17 +2999,21 @@
* password is required, so the order of the entries doesn't matter.
*/
if (pwflag) {
- int doauth = UNSPEC;
- int matched = UNSPEC;
- enum def_tuple pwcheck =
- (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+ enum def_tuple pwcheck;
+ int doauth, matched = UNSPEC;
+ pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+ doauth = (pwcheck == all) ? false : true;
+
DPRINTF1("perform search for pwflag %d", pwflag);
for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry;
- if ((pwcheck == any && doauth != false) ||
- (pwcheck == all && doauth == false)) {
- doauth = sudo_ldap_check_bool(ld, entry, "authenticate");
+ if (pwcheck == any && doauth == true) {
+ if (sudo_ldap_check_bool(ld, entry, "authenticate") == false)
+ doauth = false;
+ } else if (pwcheck == all && doauth == false) {
+ if (sudo_ldap_check_bool(ld, entry, "authenticate") != false)
+ doauth = true;
}
/* Only check the command when listing another user. */
if (user_uid == 0 || list_pw == NULL ||
More information about the sudo-workers
mailing list