Use userpw_matches() for username matching so #uid works for

sudoRunAsUser.

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 7b3e1c100454574b84bb93bb4442c76fab83d79c..167aa5858c185671c769151866507dee07933733 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * This code is derived from software contributed by Aaron Spangler.
  *
@@ -746,7 +746,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry)
            }
            /* FALLTHROUGH */
        default:
-           if (strcasecmp(val, runas_pw->pw_name) == 0)
+           if (userpw_matches(val, runas_pw->pw_name, runas_pw))
                ret = true;
            break;
        }

diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index cd9eb58f80122c194b1de0505daf9a48f79921fc..b5cbd21b3af821eb1820355444690c1b0f0ed4de 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -471,7 +471,7 @@ sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *
            /* FALLTHROUGH */
            sudo_debug_printf(SUDO_DEBUG_DEBUG, "FALLTHROUGH");
        default:
-           if (strcasecmp(val, runas_pw->pw_name) == 0) {
+           if (userpw_matches(val, runas_pw->pw_name, runas_pw)) {
                sudo_debug_printf(SUDO_DEBUG_DEBUG,
                    "%s == %s (pw_name) => match", val, runas_pw->pw_name);
                ret = true;