Skip to content

Commit 85e3d50

Browse files
committed
plugins/sudoers/lookup.c: fix NOTBEFORE to be able to deny
If someone specifies both a NOTBEFORE and a NOTAFTER rule, the NOTAFTER rule always overrided the result of the NOTBEFORE. Let each of them be able to deny.
1 parent 2495425 commit 85e3d50

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

plugins/sudoers/lookup.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -269,7 +269,7 @@ sudoers_lookup_check(struct sudo_nss *nss, struct sudoers_context *ctx,
269269
if (cs->notbefore != UNSPEC) {
270270
date_match = now < cs->notbefore ? DENY : ALLOW;
271271
}
272-
if (cs->notafter != UNSPEC) {
272+
if (date_match != DENY && cs->notafter != UNSPEC) {
273273
date_match = now > cs->notafter ? DENY : ALLOW;
274274
}
275275
if (date_match != DENY) {

0 commit comments

Comments
 (0)