Add support for [SUCCESS=return] in nsswitch.conf; from Daniel Kopecek

diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c
index 5a1b3e1247ea7fcfdd36f074516eaf7f67909533..ceccc7b32a10b3cf7c0bc6ed23604ec86b40e2cc 100644 (file)
--- a/plugins/sudoers/sudo_nss.c
+++ b/plugins/sudoers/sudo_nss.c
@@ -99,6 +99,10 @@ sudo_read_nss(void)
                /* NOTFOUND affects the most recent entry */
                tq_last(&snl)->ret_if_notfound = true;
                got_match = false;
+           } else if (strcasecmp(cp, "[SUCCESS=return]") == 0 && got_match) {
+               /* SUCCESS affects the most recent entry */
+               tq_last(&snl)->ret_if_found = true;
+               got_match = false;
            } else
                got_match = false;
        }

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 6998797deb5c3d6b8b7d551941924aabac0d7876..fc2a51c687b66e5d3bcf9d0326a8ffca7e413873 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -393,7 +393,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
        validated = nss->lookup(nss, validated, pwflag);
 
        if (ISSET(validated, VALIDATE_OK)) {
-           /* Handle "= auth" in netsvc.conf */
+           /* Handle [SUCCESS=return] */
            if (nss->ret_if_found)
                break;
        } else {