From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Fri, 2 Mar 2018 18:27:01 +0000 (-0700)
Subject: Add missing sudoOrder support to parse_ldif().
X-Git-Tag: SUDO_1_8_23^2~95
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=72dd971ee185aec631b94df1f2449b1a43b77184;p=sudo

Add missing sudoOrder support to parse_ldif().
---

diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c
index 33a865438..92015235f 100644
--- a/plugins/sudoers/cvtsudoers_ldif.c
+++ b/plugins/sudoers/cvtsudoers_ldif.c
@@ -714,8 +714,8 @@ role_order_cmp(const void *va, const void *vb)
     const struct sudo_role *b = *(const struct sudo_role **)vb;
     debug_decl(role_order_cmp, SUDOERS_DEBUG_LDAP)
 
-    debug_return_int(b->order < a->order ? -1 :
-        (b->order > a->order ? 1 : 0));
+    debug_return_int(a->order < b->order ? -1 :
+        (a->order > b->order ? 1 : 0));
 }
 
 /*
@@ -1151,6 +1151,11 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf)
 	    ldif_store_string(line + 12, role->cmnds, false);
 	} else if (strncmp(line, "sudoOption:", 11) == 0) {
 	    ldif_store_string(line + 11, role->options, false);
+	} else if (strncmp(line, "sudoOrder:", 10) == 0) {
+	    char *ep, *cp = line + 10;
+	    role->order = strtod(cp, &ep);
+	    if (ep == cp || *ep != '\0')
+		sudo_warnx(U_("invalid sudoOrder attribute: %s"), cp);
 	} else if (strncmp(line, "sudoNotBefore:", 14) == 0) {
 	    char *cp = line + 14;
 	    while (isblank((unsigned char)*cp))