Skip to content

Commit 9118115

Browse files
committed
Restore last match logic in runas user/group list maching
This was mistakenly removed in eb778da when the obsolete "matching_user" and "match_group" logic was removed. No released version of sudo has that commit. Thanks to Ax of Nozomi Networks Labs for reporting this.
1 parent 4b5afb6 commit 9118115

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

plugins/sudoers/match.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -207,6 +207,8 @@ runas_userlist_matches(const struct sudoers_parse_tree *parse_tree,
207207
user_matched = m->negated ? DENY : ALLOW;
208208
break;
209209
}
210+
if (SPECIFIED(user_matched))
211+
break;
210212
}
211213
debug_return_int(user_matched);
212214
}
@@ -253,6 +255,8 @@ runas_grouplist_matches(const struct sudoers_parse_tree *parse_tree,
253255
group_matched = m->negated ? DENY : ALLOW;
254256
break;
255257
}
258+
if (SPECIFIED(group_matched))
259+
break;
256260
}
257261
}
258262
if (!SPECIFIED(group_matched) && user_matched == ALLOW) {

0 commit comments

Comments
 (0)