From 5fbf7a3625cc199e8f350af88c1120e45fa17bf4 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 19 Dec 2023 20:16:35 -0700 Subject: [PATCH] Disable netgroup_query when netgroup_base is not set. The logic was inverted when support for netgroup_query was added. This supercedes PR #341. --- plugins/sudoers/ldap_conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c index 8c772ade4..10e237335 100644 --- a/plugins/sudoers/ldap_conf.c +++ b/plugins/sudoers/ldap_conf.c @@ -599,8 +599,10 @@ sudo_ldap_read_config(const struct sudoers_context *ctx) debug_return_bool(false); } } - if (!STAILQ_EMPTY(&ldap_conf.netgroup_base)) + if (STAILQ_EMPTY(&ldap_conf.netgroup_base)) { + /* netgroup_query is only valid in conjunction with netgroup_base */ ldap_conf.netgroup_query = false; + } DPRINTF1("LDAP Config Summary"); DPRINTF1("===================");