Fix logic for verifypw/listpw all in sudoers LDAP and sssd.

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index ee912c86982cd0a8a8950262b2b1e52395c3a1e1..921449bf9d40b5222a5ed4350543da9e1e126a2e 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -3008,8 +3008,8 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
        for (i = 0; i < lres->nentries; i++) {
            entry = lres->entries[i].entry;
            if ((pwcheck == any && doauth != false) ||
-               (pwcheck == all && doauth == false)) {
-               doauth = sudo_ldap_check_bool(ld, entry, "authenticate");
+               (pwcheck == all && doauth != true)) {
+               doauth = !!sudo_ldap_check_bool(ld, entry, "authenticate");
            }
            /* Only check the command when listing another user. */
            if (user_uid == 0 || list_pw == NULL ||

diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index 6f57504b12f68100ab6860a0844f6ea2d18439c6..a0ea804b225bf979bad22b2ae69f9994fa36e1d2 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1002,8 +1002,8 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
            for (i = 0; i < sss_result->num_rules; i++) {
                rule = sss_result->rules + i;
                if ((pwcheck == any && doauth != false) ||
-                   (pwcheck == all && doauth == false)) {
-                   doauth = sudo_sss_check_bool(handle, rule, "authenticate");
+                   (pwcheck == all && doauth != true)) {
+                   doauth = !!sudo_sss_check_bool(handle, rule, "authenticate");
                }
                /* Only check the command when listing another user. */
                if (user_uid == 0 || list_pw == NULL ||