if (!entry)
debug_return_bool(false);
- if (runas_user_set())
+ if (ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) || !ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED))
user_matched = sudo_ldap_check_runas_user(ld, entry);
- if (runas_gr != NULL)
+ if (ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED))
group_matched = sudo_ldap_check_runas_group(ld, entry);
/*
int group_matched = UNSPEC;
debug_decl(runaslist_matches, SUDOERS_DEBUG_MATCH)
- /*
- * Skip checking runas user if it is the same as the invoking user
- * and a runas group was specified.
- * This logic assumes that we cache and refcount passwd structs.
- */
- if (runas_user_set()) {
+ if (ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) || !ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) {
/* If no runas user or runas group listed in sudoers, use default. */
if (user_list == NULL && group_list == NULL) {
debug_return_int(userpw_matches(def_runas_default,
/*
* Skip checking runas group if none was specified.
*/
- if (runas_gr != NULL) {
+ if (ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) {
if (user_matched == UNSPEC) {
if (strcmp(runas_pw->pw_name, user_name) == 0)
user_matched = ALLOW; /* only changing group */
#undef IMPLIED
#define IMPLIED 2
-/*
- * Returns true if a runas user was specified on the command line.
- */
-#define runas_user_set() (runas_pw != sudo_user.pw || runas_gr == NULL)
-
/*
* Initialize all tags to UNSPEC.
*/
if (rule == NULL)
debug_return_bool(false);
- if (runas_user_set())
+ if (ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) || !ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED))
user_matched = sudo_sss_check_runas_user(handle, rule);
- if (runas_gr != NULL)
+ if (ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED))
group_matched = sudo_sss_check_runas_group(handle, rule);
/*
projects / sudo / commitdiff