isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

No need to look up shadow password unless we are doing password-style

Browse Source 
authentication.  This moves the shadow password lookup to the auth
functions that need it.
This commit is contained in:
Todd C. Miller
2010-08-06 13:55:33 -04:00
parent cb1848fab1
commit 96cb890d53
8 changed files with 60 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
plugins/sudoers/pwutil.c
View File

@@ -206,17 +206,9 @@ static void
pw_delref_item(void *v)
{
struct cache_item *item = v;
struct passwd *pw = item->d.pw;
if (--item->refcnt == 0) {
if (pw != NULL && pw->pw_passwd != NULL) {
zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
if ((char *)pw->pw_passwd < (char *)pw ||
(char *)pw->pw_passwd > (char *)pw->pw_gecos)
efree(pw->pw_passwd); /* free if separate allocation */
}
if (--item->refcnt == 0)
efree(item);
}
}
void
@@ -234,7 +226,6 @@ sudo_getpwuid(uid_t uid)
{
struct cache_item key, *item;
struct rbnode *node;
char *cp;
key.k.uid = uid;
if ((node = rbfind(pwcache_byuid, &key)) != NULL) {
@@ -249,10 +240,6 @@ sudo_getpwuid(uid_t uid)
#endif
if ((key.d.pw = getpwuid(uid)) != NULL) {
item = make_pwitem(key.d.pw, NULL);
cp = sudo_getepw(item->d.pw); /* get shadow password */
if (item->d.pw->pw_passwd != NULL)
zero_bytes(item->d.pw->pw_passwd, strlen(item->d.pw->pw_passwd));
item->d.pw->pw_passwd = cp;
if (rbinsert(pwcache_byuid, item) != NULL)
errorx(1, "unable to cache uid %lu (%s), already exists",
uid, item->d.pw->pw_name);
@@ -282,7 +269,6 @@ sudo_getpwnam(const char *name)
struct cache_item key, *item;
struct rbnode *node;
size_t len;
char *cp;
key.k.name = (char *) name;
if ((node = rbfind(pwcache_byname, &key)) != NULL) {
@@ -297,10 +283,6 @@ sudo_getpwnam(const char *name)
#endif
if ((key.d.pw = getpwnam(name)) != NULL) {
item = make_pwitem(key.d.pw, name);
cp = sudo_getepw(key.d.pw); /* get shadow password */
if (key.d.pw->pw_passwd != NULL)
zero_bytes(key.d.pw->pw_passwd, strlen(key.d.pw->pw_passwd));
key.d.pw->pw_passwd = cp;
if (rbinsert(pwcache_byname, item) != NULL)
errorx(1, "unable to cache user %s, already exists", name);
} else {
@@ -381,7 +363,6 @@ void
sudo_setpwent(void)
{
setpwent();
sudo_setspent();
if (pwcache_byuid == NULL)
pwcache_byuid = rbcreate(cmp_pwuid);
if (pwcache_byname == NULL)
@@ -405,7 +386,6 @@ void
sudo_endpwent(void)
{
endpwent();
sudo_endspent();
sudo_freepwcache();
}