Dummy out close function if there is no end_session for the auth

method and the front-end can handle a NULL close function.  Avoids
the extra sudo process when we don't actually need it.

plugins/sudoers/auth/sudo_auth.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -302,6 +302,22 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[])
     debug_return_int(status == AUTH_FATAL ? -1 : 1);
 }
 
+bool
+sudo_auth_needs_end_session(void)
+{
+    sudo_auth *auth;
+    bool needed = false;
+    debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH)
+
+    for (auth = auth_switch; auth->name; auth++) {
+	if (auth->end_session && !IS_DISABLED(auth)) {
+	    needed = true;
+	    break;
+	}
+    }
+    debug_return_bool(needed);
+}
+
 /*
  * Call authentication method end session hooks.
  * Returns 1 on success and -1 on error.

plugins/sudoers/policy.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -68,6 +68,8 @@ struct sudoers_exec_args {
 static int sudo_version;
 static const char *interfaces_string;
 
+extern __dso_public struct policy_plugin sudoers_policy;
+
 #ifdef HAVE_BSD_AUTH_H
 extern char *login_style;
 #endif /* HAVE_BSD_AUTH_H */
@@ -561,6 +563,7 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[],
     char **command_infop[], char **argv_out[], char **user_env_out[])
 {
     struct sudoers_exec_args exec_args;
+    int rval;
     debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN)
 
     if (!ISSET(sudo_mode, MODE_EDIT))
@@ -570,7 +573,14 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[],
     exec_args.envp = user_env_out;
     exec_args.info = command_infop;
 
-    debug_return_bool(sudoers_policy_main(argc, argv, 0, env_add, &exec_args));
+    rval = sudoers_policy_main(argc, argv, 0, env_add, &exec_args);
+    if (rval == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) {
+	/* Unset close function if we don't need it to avoid extra process. */
+	if (!def_log_input && !def_log_output && !def_use_pty &&
+	    !sudo_auth_needs_end_session())
+	    sudoers_policy.close = NULL;
+    }
+    debug_return_bool(rval);
 }
 
 static int

plugins/sudoers/sudoers.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1993-1996, 1998-2005, 2007-2012
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2013
  *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -242,6 +242,7 @@ void remove_timestamp(bool);
 bool set_lectured(void);
 
 /* sudo_auth.c */
+bool sudo_auth_needs_end_session(void);
 int verify_user(struct passwd *pw, char *prompt, int validated);
 int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
 int sudo_auth_end_session(struct passwd *pw);