Update check for whether or not the runas user was set in the ldap

and sssd backends to match the sudoers file backend.  Introduces
the runas_user_set() macro to improve readability.  Previously,
runas_pw was set late, now it is set before checking sudoers.

plugins/sudoers/ldap.c

@@ -764,7 +764,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry)
     bool ret = false;
     debug_decl(sudo_ldap_check_runas_user, SUDOERS_DEBUG_LDAP)
 
-    if (!runas_pw)
+    if (!runas_user_set())
 	debug_return_int(UNSPEC);
 
     /* get the runas user from the entry */

plugins/sudoers/match.c

@@ -158,7 +158,7 @@ runaslist_matches(const struct member_list *user_list,
      * and a runas group was specified.
      * This logic assumes that we cache and refcount passwd structs.
      */
-    if (!(runas_pw == sudo_user.pw && runas_gr != NULL)) {
+    if (runas_user_set()) {
 	/* If no runas user or runas group listed in sudoers, use default. */
 	if (user_list == NULL && group_list == NULL) {
 	    debug_return_int(userpw_matches(def_runas_default,

plugins/sudoers/parse.h

@@ -27,6 +27,11 @@
 #undef IMPLIED
 #define IMPLIED	 2
 
+/*
+ * Returns true if a runas user was specified on the command line.
+ */
+#define runas_user_set()	(runas_pw != sudo_user.pw || runas_gr == NULL)
+
 /*
  * Initialize all tags to UNSPEC.
  */

plugins/sudoers/sssd.c

@@ -568,7 +568,7 @@ sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *
     int ret = false, i;
     debug_decl(sudo_sss_check_runas_user, SUDOERS_DEBUG_SSSD);
 
-    if (!runas_pw)
+    if (!runas_user_set())
 	debug_return_int(UNSPEC);
 
     /* get the runas user from the entry */