Skip to content

Commit 5f6e0a4

Browse files
committed
sudoers_lookup_pseudo: init match to UNSPEC for sudo_nss_can_continue().
Otherwise, processing will stop after the first sudoers nsswitch service specification where [SUCCESS=return] is present. --HG-- branch : 1.9
1 parent 319ada9 commit 5f6e0a4

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

plugins/sudoers/lookup.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct sudoers_context *ctx,
6565
struct privilege *priv;
6666
struct userspec *us;
6767
struct defaults *def;
68-
int nopass, match = DENY;
68+
int nopass, match = UNSPEC;
6969
unsigned int validated = 0;
7070
enum def_tuple pwcheck;
7171
debug_decl(sudoers_lookup_pseudo, SUDOERS_DEBUG_PARSER);
@@ -207,8 +207,10 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct sudoers_context *ctx,
207207
if (match == ALLOW || ctx->user.uid == 0) {
208208
/* User has an entry for this host. */
209209
SET(validated, VALIDATE_SUCCESS);
210-
} else if (match == DENY)
210+
} else {
211+
/* No entry or user is not allowed to list other users. */
211212
SET(validated, VALIDATE_FAILURE);
213+
}
212214
if (pwcheck == always && def_authenticate)
213215
SET(validated, FLAG_CHECK_USER);
214216
else if (nopass == true)

0 commit comments

Comments
 (0)