isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Instead of keeping separate groups and gids arrays, create struct

Browse Source 
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups.  We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
This commit is contained in:
Todd C. Miller
2011-07-20 11:58:45 -04:00
parent 906cede7ae
commit b124635b04
15 changed files with 517 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
plugins/sudoers/sudo_nss.c
View File

@@ -204,47 +204,6 @@ sudo_read_nss(void)
#endif /* HAVE_LDAP && _PATH_NSSWITCH_CONF */
/* Reset user_gids and user_groups based on passwd entry. */
static void
reset_groups(struct passwd *pw)
{
#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
if (pw != sudo_user.pw) {
struct group *grp;
int i;
# ifdef HAVE_SETAUTHDB
aix_setauthdb(pw->pw_name);
# endif
if (initgroups(pw->pw_name, pw->pw_gid) == -1)
log_error(USE_ERRNO|MSG_ONLY, _("unable to reset group vector"));
efree(user_gids);
user_gids = NULL;
efree(user_groups);
user_groups = NULL;
if ((user_ngroups = getgroups(0, NULL)) > 0) {
user_gids = emalloc2(user_ngroups, sizeof(GETGROUPS_T));
if (getgroups(user_ngroups, user_gids) < 0)
log_error(USE_ERRNO|MSG_ONLY, _("unable to get group vector"));
user_groups = emalloc2(user_ngroups, sizeof(char *));
for (i = 0; i < user_ngroups; i++) {
grp = sudo_getgrgid(user_gids[i]);
if (grp != NULL) {
user_groups[i] = estrdup(grp->gr_name);
gr_delref(grp);
} else {
easprintf(&user_groups[i], "#%u",
(unsigned int) user_gids[i]);
}
}
}
# ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
# endif
}
#endif
}
static int
output(const char *buf)
{
@@ -272,9 +231,6 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw)
struct lbuf defs, privs;
int count, olen;
/* Reset group vector so group matching works correctly. */
reset_groups(pw);
lbuf_init(&defs, output, 4, NULL, sudo_user.cols);
lbuf_init(&privs, output, 4, NULL, sudo_user.cols);
@@ -333,9 +289,6 @@ display_cmnd(struct sudo_nss_list *snl, struct passwd *pw)
{
struct sudo_nss *nss;
/* Reset group vector so group matching works correctly. */
reset_groups(pw);
tq_foreach_fwd(snl, nss) {
if (nss->display_cmnd(nss, pw) == 0)
return TRUE;