From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 21 Jan 2011 14:44:22 +0000 (-0500)
Subject: In sudo_ldap_lookup(), always do the initial sudoers check as the
X-Git-Tag: SUDO_1_7_5~59
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9b53bb6af0c1ed4a7abb661d2628a074e8d39cb5;p=sudo

In sudo_ldap_lookup(), always do the initial sudoers check as the
invoking user.  If we are listing another user's privs we will
do a separate lookup using list_pw later.

--HG--
branch : 1.7
---

diff --git a/ldap.c b/ldap.c
index 580285cb3..8adb43568 100644
--- a/ldap.c
+++ b/ldap.c
@@ -2120,7 +2120,6 @@ sudo_ldap_lookup(nss, ret, pwflag)
     LDAP *ld;
     LDAPMessage *entry;
     int i, rc, setenv_implied, matched = UNSPEC;
-    struct passwd *pw = list_pw ? list_pw : sudo_user.pw;
     struct ldap_result *lres = NULL;
 
     if (handle == NULL || handle->ld == NULL)
@@ -2128,7 +2127,7 @@ sudo_ldap_lookup(nss, ret, pwflag)
     ld = handle->ld;
 
     /* Fetch list of sudoRole entries that match user and host. */
-    lres = sudo_ldap_result_get(nss, pw);
+    lres = sudo_ldap_result_get(nss, sudo_user.pw);
 
     /*
      * The following queries are only determine whether or not a