Fix the check for whether a user is allowed to lists another user's

privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 2cd2d63357d0dd28a36141018cc5d45208e4965e..ffb5e7f25177aff826e3139d49c7b899eb898b18 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -3170,12 +3170,12 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
            /* Only check the command when listing another user. */
            if (user_uid == 0 || list_pw == NULL ||
                user_uid == list_pw->pw_uid ||
-               sudo_ldap_check_command(ld, entry, NULL)) {
+               sudo_ldap_check_command(ld, entry, NULL) == true) {
                matched = true;
                break;
            }
        }
-       if (matched || user_uid == 0) {
+       if (matched == true || user_uid == 0) {
            SET(ret, VALIDATE_SUCCESS);
            CLR(ret, VALIDATE_FAILURE);
            if (def_authenticate) {

diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index 316ee38a58ef0f534b2e0bae876423c2bea226cd..a6b48b499087a106ea459b21734142204c407a6e 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1137,13 +1137,13 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
                /* Only check the command when listing another user. */
                if (user_uid == 0 || list_pw == NULL ||
                    user_uid == list_pw->pw_uid ||
-                   sudo_sss_check_command(handle, rule, NULL)) {
+                   sudo_sss_check_command(handle, rule, NULL) == true) {
                    matched = true;
                    break;
                }
            }
        }
-       if (matched || user_uid == 0) {
+       if (matched == true || user_uid == 0) {
            SET(ret, VALIDATE_SUCCESS);
            CLR(ret, VALIDATE_FAILURE);
            if (def_authenticate) {