Avoid calling cmnd_matches() in list/verify mode if we already have

author Todd C. Miller <Todd.Miller@courtesan.com>

Wed, 15 Nov 2017 22:09:25 +0000 (15:09 -0700)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Wed, 15 Nov 2017 22:09:25 +0000 (15:09 -0700)
author Todd C. Miller <Todd.Miller@courtesan.com>
Wed, 15 Nov 2017 22:09:25 +0000 (15:09 -0700)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Wed, 15 Nov 2017 22:09:25 +0000 (15:09 -0700)
diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c

index 1f5149bb739388a0096089647e95cce58dee4dd3..a12e88c5abe0385a59f4f29532baccf4e13295cc 100644 (file)
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -182,14 +182,16 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
                 if (hostlist_matches(sudo_user.pw, &priv->hostlist) != ALLOW)
                     continue;
                 TAILQ_FOREACH(cs, &priv->cmndlist, entries) {
+                   if ((pwcheck == any && cs->tags.nopasswd == true) ||
+                       (pwcheck == all && cs->tags.nopasswd != true))
+                       nopass = cs->tags.nopasswd;
+                   if (match == ALLOW)
+                       continue;
                     /* Only check the command when listing another user. */
                     if (user_uid == 0 || list_pw == NULL ||
                         user_uid == list_pw->pw_uid ||
                         cmnd_matches(cs->cmnd) == ALLOW)
                             match = ALLOW;
-                   if ((pwcheck == any && cs->tags.nopasswd == true) ||
-                       (pwcheck == all && cs->tags.nopasswd != true))
-                       nopass = cs->tags.nopasswd;
                 }
             }
         }
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Wed, 15 Nov 2017 22:09:25 +0000 (15:09 -0700)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Wed, 15 Nov 2017 22:09:25 +0000 (15:09 -0700)