Update check for whether or not the runas user was set in the ldap

author Todd C. Miller <Todd.Miller@courtesan.com>

Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)
author Todd C. Miller <Todd.Miller@courtesan.com>
Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c

index fa65368d27cda8b7545c8f7ade12c640ae162811..ce633c3385b162c33e9ed3b97be6ec301fd95c9a 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -764,7 +764,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry)
      bool ret = false;
      debug_decl(sudo_ldap_check_runas_user, SUDOERS_DEBUG_LDAP)
  
-    if (!runas_pw)
+    if (!runas_user_set())
         debug_return_int(UNSPEC);
  
      /* get the runas user from the entry */
diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c

index 769fe8519f94d585952bc4e7c0bd98c90393488c..982a3ff96305e4ca05d3f33e44e3eb12b03fbc19 100644 (file)
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -158,7 +158,7 @@ runaslist_matches(const struct member_list *user_list,
       * and a runas group was specified.
       * This logic assumes that we cache and refcount passwd structs.
       */
-    if (!(runas_pw == sudo_user.pw && runas_gr != NULL)) {
+    if (runas_user_set()) {
         /* If no runas user or runas group listed in sudoers, use default. */
         if (user_list == NULL && group_list == NULL) {
             debug_return_int(userpw_matches(def_runas_default,
diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h

index 973d0ac60e3e6448730ca94e680192b340dc532d..8398d5234b6d8b3aaca5c7e562018d5616ea94c9 100644 (file)
--- a/plugins/sudoers/parse.h
+++ b/plugins/sudoers/parse.h
@@ -27,6 +27,11 @@
  #undef IMPLIED
  #define IMPLIED         2
  
+/*
+ * Returns true if a runas user was specified on the command line.
+ */
+#define runas_user_set()       (runas_pw != sudo_user.pw || runas_gr == NULL)
+
  /*
   * Initialize all tags to UNSPEC.
   */
diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c

index ffb8e0f2da1ad9fe84c39dde23d5bfb8893d4bfb..e40c297b8e82625ec8db97e54d90527153cc3285 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -568,7 +568,7 @@ sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *
      int ret = false, i;
      debug_decl(sudo_sss_check_runas_user, SUDOERS_DEBUG_SSSD);
  
-    if (!runas_pw)
+    if (!runas_user_set())
         debug_return_int(UNSPEC);
  
      /* get the runas user from the entry */
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)
plugins/sudoers/ldap.c		patch \| blob \| history
plugins/sudoers/match.c		patch \| blob \| history
plugins/sudoers/parse.h		patch \| blob \| history
plugins/sudoers/sssd.c		patch \| blob \| history