When checking the results for "sudo -l" and "sudo -v", keep checking

even after we get a match since the value of doauth may depend on evaluating all the results. From Radovan Sroka of RedHat.
2025-08-31 06:15:37 +00:00 · 2017-11-15 12:27:39 -07:00
parent a62cd4b4fe
commit 2cbdc26540
2 changed files with 4 additions and 2 deletions
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1321,12 +1321,13 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
 		    (pwcheck == all && doauth != true)) {
 		    doauth = !!sudo_sss_check_bool(handle, rule, "authenticate");
 		}
+		if (matched == true)
+		    continue;
 		/* Only check the command when listing another user. */
 		if (user_uid == 0 || list_pw == NULL ||
 		    user_uid == list_pw->pw_uid ||
 		    sudo_sss_check_command(handle, rule, NULL) == true) {
 		    matched = true;
-		    break;
 		}
 	    }
 	}