mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 06:45:10 +00:00
Code Issues Releases Wiki Activity

When checking the query results, don't set user_matches in the

Browse Source 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
This commit is contained in:
Todd C. Miller
2015-12-02 14:06:37 -07:00
parent 9c9b487b0c
commit 29e9273a40
1 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
plugins/sudoers/ldap.c
View File

@@ -3132,8 +3132,8 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
debug_return_int(ret); debug_return_int(ret);
/* /*
* The following queries are only determine whether or not a * The following queries only determine whether or not a password
* password is required, so the order of the entries doesn't matter. * is required, so the order of the entries doesn't matter.
*/ */
if (pwflag) { if (pwflag) {
int doauth = UNSPEC; int doauth = UNSPEC;
@@ -3408,27 +3408,31 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw)
ldap_err2string(rc)); ldap_err2string(rc));
continue; continue;
} }
lres->user_matches = true;
/* Add the seach result to list of search results. */ /* Add the search result to list of search results. */
DPRINTF1("adding search result"); DPRINTF1("adding search result");
if (sudo_ldap_result_add_search(lres, ld, result) == NULL) { if (sudo_ldap_result_add_search(lres, ld, result) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
free(filt); free(filt);
sudo_ldap_result_free(lres); sudo_ldap_result_free(lres);
debug_return_ptr(NULL); debug_return_ptr(NULL);
} }
LDAP_FOREACH(entry, ld, result) { LDAP_FOREACH(entry, ld, result) {
if ((!pass || /* Check user or non-unix group. */
sudo_ldap_check_non_unix_group(ld, entry, pw)) && if (pass && !sudo_ldap_check_non_unix_group(ld, entry, pw))
sudo_ldap_check_host(ld, entry)) { continue;
lres->host_matches = true; lres->user_matches = true;
if (sudo_ldap_result_add_entry(lres, entry) == NULL) { /* Check host. */
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (!sudo_ldap_check_host(ld, entry))
free(filt); continue;
sudo_ldap_result_free(lres); lres->host_matches = true;
debug_return_ptr(NULL); if (sudo_ldap_result_add_entry(lres, entry) == NULL) {
} sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
free(filt);
sudo_ldap_result_free(lres);
debug_return_ptr(NULL);
} }
} }
DPRINTF1("result now has %d entries", lres->nentries); DPRINTF1("result now has %d entries", lres->nentries);