In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST

regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 751044ed1ebe72bd3deaf595900c8235af2b7be2..9549dc9324f8ab6b97d815fa4f735830a56e53e0 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -3227,9 +3227,9 @@ done:
        if (pwflag && list_pw == NULL)
            SET(ret, FLAG_NO_CHECK);
     }
-    if (lres->user_matches)
+    if (pwflag || lres->user_matches)
        CLR(ret, FLAG_NO_USER);
-    if (lres->host_matches)
+    if (pwflag || lres->host_matches)
        CLR(ret, FLAG_NO_HOST);
     DPRINTF1("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret);
 

diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index f297192e8d25c425468a50ae417d8bac6573882d..5bdc4d5af951cd75f37171bfd772aedd8d334880 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1202,13 +1202,13 @@ done:
            SET(ret, FLAG_NO_CHECK);
     }
 
-    if (state & SUDO_SSS_STATE_USERMATCH)
+    if (pwflag || ISSET(state, SUDO_SSS_STATE_USERMATCH))
        CLR(ret, FLAG_NO_USER);
-    if (state & SUDO_SSS_STATE_HOSTMATCH)
+    if (pwflag || ISSET(state, SUDO_SSS_STATE_HOSTMATCH))
        CLR(ret, FLAG_NO_HOST);
 
     sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_sss_lookup(%d)=0x%02x",
-     pwflag, ret);
+       pwflag, ret);
 
     debug_return_int(ret);
 }