2
0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00

When checking the results for "sudo -l" and "sudo -v", keep checking

even after we get a match since the value of doauth may depend on
evaluating all the results.  From Radovan Sroka of RedHat.
This commit is contained in:
Todd C. Miller
2017-11-15 12:27:39 -07:00
parent a62cd4b4fe
commit 2cbdc26540
2 changed files with 4 additions and 2 deletions

View File

@@ -1321,12 +1321,13 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
(pwcheck == all && doauth != true)) {
doauth = !!sudo_sss_check_bool(handle, rule, "authenticate");
}
if (matched == true)
continue;
/* Only check the command when listing another user. */
if (user_uid == 0 || list_pw == NULL ||
user_uid == list_pw->pw_uid ||
sudo_sss_check_command(handle, rule, NULL) == true) {
matched = true;
break;
}
}
}