Only check group vector in usergr_matches() if we are matching the

author Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 1 Jan 2005 17:41:21 +0000 (17:41 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 1 Jan 2005 17:41:21 +0000 (17:41 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 1 Jan 2005 17:41:21 +0000 (17:41 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 1 Jan 2005 17:41:21 +0000 (17:41 +0000)
diff --git a/match.c b/match.c

index 940491642ff87003212f2340f6f957b919f73162..80860a0cad31dcd923a286acf33672f0c5dc7773 100644 (file)
--- a/match.c
+++ b/match.c
@@ -518,7 +518,6 @@ usergr_matches(group, user, pw)
      struct passwd *pw;
  {
      struct group *grp;
-    gid_t pw_gid;
      char **cur;
      int n;
  
@@ -529,28 +528,26 @@ usergr_matches(group, user, pw)
      /* look up user's primary gid in the passwd file */
      if (pw == NULL && (pw = sudo_getpwnam(user)) == NULL)
         return(FALSE);
-    pw_gid = pw->pw_gid;
  
      if ((grp = sudo_getgrnam(group)) == NULL)
         return(FALSE);
  
      /* check against user's primary (passwd file) gid */
-    if (grp->gr_gid == pw_gid)
+    if (grp->gr_gid == pw->pw_gid)
         return(TRUE);
  
      /*
-     * If the user has a supplementary group vector, check it.
-     * Otherwise, check the member list in struct group for the user name.
+     * If we are matching the invoking or list user and that user has a
+     * supplementary group vector, check it first.
       */
-    if ((n = user_ngroups) > 0) {
-       while (n--)
+    if (strcmp(user, list_pw ? list_pw->pw_name : user_name) == 0) {
+       for (n = user_ngroups; n != 0; n--)
             if (grp->gr_gid == user_groups[n])
                 return(TRUE);
-    } else {
-       for (cur = grp->gr_mem; *cur; cur++)
-           if (strcmp(*cur, user) == 0)
-               return(TRUE);
      }
+    for (cur = grp->gr_mem; *cur; cur++)
+       if (strcmp(*cur, user) == 0)
+           return(TRUE);
  
      return(FALSE);
  }
diff --git a/testsudoers.c b/testsudoers.c

index 2ae467aaa8bd4ab342a356583dd4433484029fb3..a16e9707036f4ac8cb06b05335bd8ab9e148773e 100644 (file)
--- a/testsudoers.c
+++ b/testsudoers.c
@@ -82,6 +82,7 @@ char **Argv, **NewArgv;
  int num_interfaces;
  struct interface *interfaces;
  struct sudo_user sudo_user;
+struct passwd *list_pw;
  extern int parse_error;
  
  /* For getopt(3) */
diff --git a/visudo.c b/visudo.c

index 58cc1fab4d2005c90871a99cc07205253ee8195e..78cdbd5803fbfbb87524340db059843f60affb2a 100644 (file)
--- a/visudo.c
+++ b/visudo.c
@@ -136,6 +136,7 @@ char **Argv;
  int num_interfaces;
  struct interface *interfaces;
  struct sudo_user sudo_user;
+struct passwd *list_pw;
  static struct sudoerslist {
      struct sudoersfile *first, *last;
  } sudoerslist;
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 1 Jan 2005 17:41:21 +0000 (17:41 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 1 Jan 2005 17:41:21 +0000 (17:41 +0000)
match.c		patch \| blob \| history
testsudoers.c		patch \| blob \| history
visudo.c		patch \| blob \| history