Mercurial > repos > sudo

changeset 10496:2eab4070dcf7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
When matching host, short-circuit the loop when we get a match. Only check username as part of the netgroup when netgroup_tuple is enabled.
author Todd C. Miller <Todd.Miller@courtesan.com>
date Fri, 03 Jun 2016 14:07:40 -0600
parents f976b3d973e0
children 3f5cffcd8432
files plugins/sudoers/sssd.c
diffstat 1 files changed, 4 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/sudoers/sssd.c	Fri Jun 03 13:58:12 2016 -0600
+++ b/plugins/sudoers/sssd.c	Fri Jun 03 14:07:40 2016 -0600
@@ -668,13 +668,14 @@
     }
 
     /* walk through values */
-    for (i = 0; val_array[i] != NULL; ++i) {
+    for (i = 0; val_array[i] != NULL && !ret; ++i) {
 	val = val_array[i];
 	sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val);
 
 	/* match any or address or netgroup or hostname */
-	if (strcmp(val, "ALL") == 0 || addr_matches(val) || netgr_matches(val,
-	    user_runhost, user_srunhost, handle->pw->pw_name) ||
+	if (strcmp(val, "ALL") == 0 || addr_matches(val) ||
+	    netgr_matches(val, user_runhost, user_srunhost,
+	    def_netgroup_tuple ? handle->pw->pw_name : NULL) ||
 	    hostname_matches(user_srunhost, user_runhost, val))
 	    ret = true;