Don't allow the user to specify the default runas user if their

author Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 11 May 2009 16:47:10 +0000 (16:47 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 11 May 2009 16:47:10 +0000 (16:47 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 11 May 2009 16:47:10 +0000 (16:47 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 11 May 2009 16:47:10 +0000 (16:47 +0000)
diff --git a/match.c b/match.c

index 3f6a4d966f49d03c714879faac9b842b24d705d7..32f674e324bdb68d52cbac03901f5c4b0971e830 100644 (file)
--- a/match.c
+++ b/match.c
@@ -174,9 +174,13 @@ _runaslist_matches(user_list, group_list)
      struct alias *a;
      int rval, matched = UNSPEC;
  
-    /* Deny if user specified a group but there is no group in sudoers */
-    if (runas_gr != NULL && tq_empty(group_list))
-       return(DENY);
+    if (runas_gr != NULL) {
+       if (tq_empty(group_list))
+           return(DENY); /* group was specified but none in sudoers */
+       if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) &&
+           tq_empty(user_list))
+           return(DENY); /* user was specified but none in sudoers */
+    }
  
      if (tq_empty(user_list) && tq_empty(group_list))
         return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 11 May 2009 16:47:10 +0000 (16:47 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 11 May 2009 16:47:10 +0000 (16:47 +0000)