Use tq_foreach_fwd when checking pseudo-commands to make it clear that

we are not short-circuiting on last match.  When pwcheck is 'all',
initialize nopass to TRUE and override it with the first non-TRUE entry.

diff --git a/parse.c b/parse.c
index 49c8f04f0e103430ce6dc1090db4ac8a19810ead..1e2f21c3a7f94b8a40848b8406a3e8d0bea5e543 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -167,30 +167,31 @@ sudo_file_lookup(nss, validated, pwflag)
      * Always check the host and user.
      */
     if (pwflag) {
-       int nopass = UNSPEC;
+       int nopass;
        enum def_tupple pwcheck;
 
        pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+       nopass = (pwcheck == all) ? TRUE : FALSE;
 
        if (list_pw == NULL)
            SET(validated, FLAG_NO_CHECK);
        CLR(validated, FLAG_NO_USER);
        CLR(validated, FLAG_NO_HOST);
        match = DENY;
-       tq_foreach_rev(&userspecs, us) {
+       tq_foreach_fwd(&userspecs, us) {
            if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
                continue;
-           tq_foreach_rev(&us->privileges, priv) {
+           tq_foreach_fwd(&us->privileges, priv) {
                if (hostlist_matches(&priv->hostlist) != ALLOW)
                    continue;
-               tq_foreach_rev(&priv->cmndlist, cs) {
+               tq_foreach_fwd(&priv->cmndlist, cs) {
                    /* Only check the command when listing another user. */
                    if (user_uid == 0 || list_pw == NULL ||
                        user_uid == list_pw->pw_uid ||
                        cmnd_matches(cs->cmnd) == ALLOW)
                            match = ALLOW;
-                   if ((pwcheck == any && nopass != TRUE) ||
-                       (pwcheck == all && nopass != FALSE))
+                   if ((pwcheck == any && cs->tags.nopasswd == TRUE) ||
+                       (pwcheck == all && cs->tags.nopasswd != TRUE))
                        nopass = cs->tags.nopasswd;
                }
            }