]> granicus.if.org Git - sudo/commitdiff
Don't check the username when matching a host netgroup unless
authorTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 13 Sep 2016 15:12:42 +0000 (09:12 -0600)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 13 Sep 2016 15:12:42 +0000 (09:12 -0600)
def_netgroup_tuple is enabled.

plugins/sudoers/match.c

index 3fb36f5e4e5c1202f2433697b0ff4901070cd3ba..769fe8519f94d585952bc4e7c0bd98c90393488c 100644 (file)
@@ -279,7 +279,7 @@ hostlist_matches(const struct passwd *pw, const struct member_list *list)
                break;
            case NETGROUP:
                if (netgr_matches(m->name, user_runhost, user_srunhost,
-                   pw->pw_name))
+                   def_netgroup_tuple ? pw->pw_name : NULL))
                    matched = !m->negated;
                break;
            case NTWKADDR: