From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 9 Dec 2008 13:49:55 +0000 (+0000)
Subject: Use tq_foreach_fwd when checking pseudo-commands to make it clear that
X-Git-Tag: SUDO_1_7_0~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a93344d2b6e4a2be8a4906b28d6fa85ec63e8b0a;p=sudo

Use tq_foreach_fwd when checking pseudo-commands to make it clear that
we are not short-circuiting on last match.  When pwcheck is 'all',
initialize nopass to TRUE and override it with the first non-TRUE entry.
---

diff --git a/parse.c b/parse.c
index 49c8f04f0..1e2f21c3a 100644
--- a/parse.c
+++ b/parse.c
@@ -167,30 +167,31 @@ sudo_file_lookup(nss, validated, pwflag)
      * Always check the host and user.
      */
     if (pwflag) {
-	int nopass = UNSPEC;
+	int nopass;
 	enum def_tupple pwcheck;
 
 	pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+	nopass = (pwcheck == all) ? TRUE : FALSE;
 
 	if (list_pw == NULL)
 	    SET(validated, FLAG_NO_CHECK);
 	CLR(validated, FLAG_NO_USER);
 	CLR(validated, FLAG_NO_HOST);
 	match = DENY;
-	tq_foreach_rev(&userspecs, us) {
+	tq_foreach_fwd(&userspecs, us) {
 	    if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
 		continue;
-	    tq_foreach_rev(&us->privileges, priv) {
+	    tq_foreach_fwd(&us->privileges, priv) {
 		if (hostlist_matches(&priv->hostlist) != ALLOW)
 		    continue;
-		tq_foreach_rev(&priv->cmndlist, cs) {
+		tq_foreach_fwd(&priv->cmndlist, cs) {
 		    /* Only check the command when listing another user. */
 		    if (user_uid == 0 || list_pw == NULL ||
 			user_uid == list_pw->pw_uid ||
 			cmnd_matches(cs->cmnd) == ALLOW)
 			    match = ALLOW;
-		    if ((pwcheck == any && nopass != TRUE) ||
-			(pwcheck == all && nopass != FALSE))
+		    if ((pwcheck == any && cs->tags.nopasswd == TRUE) ||
+			(pwcheck == all && cs->tags.nopasswd != TRUE))
 			nopass = cs->tags.nopasswd;
 		}
 	    }