From 958037cf32ea156dfdde426a45ac1d972fe46618 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Wed, 4 Jun 2014 18:24:08 +0100
Subject: simple-access-provider: break matching allowed users
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Stop matching username with names in simple_allow_users after positive
match.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/providers/simple/simple_access_check.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/providers/simple/simple_access_check.c b/src/providers/simple/simple_access_check.c
index d66628719..c8217f6d4 100644
--- a/src/providers/simple/simple_access_check.c
+++ b/src/providers/simple/simple_access_check.c
@@ -73,9 +73,11 @@ simple_check_users(struct simple_ctx *ctx, const char *username,
 
                 /* Do not return immediately on explicit allow
                  * We need to make sure none of the user's groups
-                 * are denied.
+                 * are denied. But there's no need to check username
+                 * matches any more.
                  */
                 *access_granted = true;
+                break;
             }
         }
     } else if (!ctx->allow_groups) {
-- 
cgit