From 93e963584279a4e068ce9619cee1b0be1e5edffb Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" <Todd.Miller@courtesan.com> Date: Mon, 20 Dec 2010 16:37:44 -0500 Subject: [PATCH] Pick last match in LDAP sudoers too --- doc/sudoers.ldap.pod | 5 +++-- plugins/sudoers/ldap.c | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/sudoers.ldap.pod b/doc/sudoers.ldap.pod index ee0c5a147..6341b16a9 100644 --- a/doc/sudoers.ldap.pod +++ b/doc/sudoers.ldap.pod @@ -158,8 +158,9 @@ floating point value for LDAP servers that support it) that is used to sort the matching entries. This allows LDAP-based sudoers entries to more closely mimic the behaviour of the sudoers file, where the of the entries influences the result. If multiple entries match, -the entry with the lowest B<sudoOrder> attribute is chosen. If the -B<sudoOrder> attribute is not present, a value of 0 is assumed. +the entry with the highest B<sudoOrder> attribute is chosen. This +corresponds to the "last match" behavior of the sudoers file. If +the B<sudoOrder> attribute is not present, a value of 0 is assumed. =back diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 89d4fda99..a1091c756 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -2112,7 +2112,7 @@ done: } /* - * Sort comparison function for ldap_entry_wrapper structures. + * Comparison function for ldap_entry_wrapper structures, descending order. */ static int ldap_entry_compare(const void *a, const void *b) @@ -2120,8 +2120,8 @@ ldap_entry_compare(const void *a, const void *b) const struct ldap_entry_wrapper *aw = a; const struct ldap_entry_wrapper *bw = b; - return(aw->order < bw->order ? -1 : - (aw->order > bw->order ? 1 : 0)); + return(bw->order < aw->order ? -1 : + (bw->order > aw->order ? 1 : 0)); } /* -- 2.40.0