From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 16 Nov 2004 23:40:58 +0000 (+0000)
Subject: Only do string comparisons on the group members if there is no
X-Git-Tag: SUDO_1_7_0~815
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=596d1ef5a4d74ea04936d0eccde94e7c59d71d09;p=sudo

Only do string comparisons on the group members if there is no
supplemental group list.
---

diff --git a/match.c b/match.c
index 4550b5fd8..59dbd82c9 100644
--- a/match.c
+++ b/match.c
@@ -539,17 +539,18 @@ usergr_matches(group, user, pw)
     if (grp->gr_gid == pw_gid)
 	return(TRUE);
 
-    /* check the user's group vector */
-    n = user_ngroups;
-    while (n--)
-	if (grp->gr_gid == user_groups[n])
-	    return(TRUE);
-
-    /* check to see if user is explicitly listed in the group */
-    /* XXX - skip if group vector is set? */
-    for (cur = grp->gr_mem; *cur; cur++) {
-	if (strcmp(*cur, user) == 0)
-	    return(TRUE);
+    /*
+     * If the user has a supplementary group vector, check it.
+     * Otherwise, check the member list in struct group for the user name.
+     */
+    if ((n = user_ngroups) > 0) {
+	while (n--)
+	    if (grp->gr_gid == user_groups[n])
+		return(TRUE);
+    } else {
+	for (cur = grp->gr_mem; *cur; cur++)
+	    if (strcmp(*cur, user) == 0)
+		return(TRUE);
     }
 
     return(FALSE);