From cbcb60b1844bef473304413ba331d378246d6cf7 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Wed, 29 Sep 2004 18:36:33 +0000
Subject: [PATCH] Add keepopen arg to open_sudoers that open_sudoers can use to
 indicate to the caller that the fd should not be closed when it is done with
 it.  To be used by visudo to keep locked fds from being closed prematurely
 (and thus losing the lock).

---
 parse.lex     | 7 +++++--
 sudo.c        | 7 ++++---
 sudo.h        | 2 +-
 testsudoers.c | 3 ++-
 visudo.c      | 3 ++-
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/parse.lex b/parse.lex
index 5c91b0d9e..502597383 100644
--- a/parse.lex
+++ b/parse.lex
@@ -523,6 +523,7 @@ buffer_frob(path)
 {
     static size_t stacksize, depth;
     static struct sudoers_state *state;
+    static int keepopen;
     FILE *fp;
 
     if (path != NULL) {
@@ -542,7 +543,7 @@ buffer_frob(path)
 		return(FALSE);
 	    }
 	}
-	if ((fp = open_sudoers(path)) == NULL) {
+	if ((fp = open_sudoers(path, &keepopen)) == NULL) {
 	    yyerror(path);
 	    return(FALSE);
 	}
@@ -558,12 +559,14 @@ buffer_frob(path)
 	if (depth == 0)
 	    return(FALSE);
 	depth--;
-	fclose(YY_CURRENT_BUFFER->yy_input_file);
+	if (!keepopen)
+	    fclose(YY_CURRENT_BUFFER->yy_input_file);
 	yy_delete_buffer(YY_CURRENT_BUFFER);
 	yy_switch_to_buffer(state[depth].bs);
 	free(sudoers);
 	sudoers = state[depth].path;
 	sudolineno = state[depth].lineno;
+	keepopen = FALSE;
     }
     return(TRUE);
 }
diff --git a/sudo.c b/sudo.c
index 81a62f270..e43144238 100644
--- a/sudo.c
+++ b/sudo.c
@@ -259,7 +259,7 @@ main(argc, argv, envp)
     else if (ISSET(validated, VALIDATE_OK) && !printmatches); /* skips */
     else if (ISSET(validated, VALIDATE_OK) && printmatches)
     {
-	sudoers_fp = open_sudoers(_PATH_SUDOERS);
+	sudoers_fp = open_sudoers(_PATH_SUDOERS, NULL);
 
 	/* User is found in LDAP and we want a list of all sudo commands the
 	 * user can do, so consult sudoers but throw away result.
@@ -269,7 +269,7 @@ main(argc, argv, envp)
     else
 #endif
     {
-	sudoers_fp = open_sudoers(_PATH_SUDOERS);
+	sudoers_fp = open_sudoers(_PATH_SUDOERS, NULL);
 
 	/* Validate the user but don't search for pseudo-commands. */
 	validated = sudoers_lookup(pwflag);
@@ -852,8 +852,9 @@ parse_args(argc, argv)
  * Returns a handle to the sudoers file.
  */
 FILE *
-open_sudoers(sudoers)
+open_sudoers(sudoers, keepopen)
     const char *sudoers;
+    int *keepopen;
 {
     struct stat statbuf;
     FILE *fp = NULL;
diff --git a/sudo.h b/sudo.h
index 68a4311c0..8fe84dc08 100644
--- a/sudo.h
+++ b/sudo.h
@@ -238,7 +238,7 @@ char *sudo_getepw	__P((const struct passwd *));
 int pam_prep_user	__P((struct passwd *));
 void zero_bytes		__P((volatile VOID *, size_t));
 int gettime		__P((struct timespec *));
-FILE *open_sudoers	__P((const char *));
+FILE *open_sudoers	__P((const char *, int *));
 YY_DECL;
 #ifdef HAVE_SYSTRACE
 void systrace_attach	__P((pid_t));
diff --git a/testsudoers.c b/testsudoers.c
index ca137823e..0f779edbb 100644
--- a/testsudoers.c
+++ b/testsudoers.c
@@ -336,8 +336,9 @@ set_runaspw(user)
 }
 
 FILE *
-open_sudoers(path)
+open_sudoers(path, keepopen)
     const char *path;
+    int *keepopen;
 {
     return(fopen(path, "r"));
 }
diff --git a/visudo.c b/visudo.c
index f4c2c9844..790d02e42 100644
--- a/visudo.c
+++ b/visudo.c
@@ -722,8 +722,9 @@ check_syntax(sudoers_path)
 }
 
 FILE *
-open_sudoers(path)
+open_sudoers(path, keepopen)
     const char *path;
+    int *keepopen;
 {
     FILE *fp;
     struct sudoersfile *newfile;