Use setpassent() and setgroupent() on systems that support it to
keep the passwd and group database open. Sudo does a lot of passwd and group lookups so it can be beneficial to just leave the file open.
This commit is contained in:
Todd C. Miller
@@ -603,9 +603,15 @@
|
||||
/* Define to 1 if you have the `seteuid' function. */
|
||||
#undef HAVE_SETEUID
|
||||
|
||||
/* Define to 1 if you have the `setgroupent' function. */
|
||||
#undef HAVE_SETGROUPENT
|
||||
|
||||
/* Define to 1 if you have the `setkeycreatecon' function. */
|
||||
#undef HAVE_SETKEYCREATECON
|
||||
|
||||
/* Define to 1 if you have the `setpassent' function. */
|
||||
#undef HAVE_SETPASSENT
|
||||
|
||||
/* Define to 1 if you have the `setprogname' function. */
|
||||
#undef HAVE_SETPROGNAME
|
||||
|
||||
|
||||
12
configure
vendored
12
configure
vendored
@@ -20915,6 +20915,18 @@ esac
|
||||
fi
|
||||
done
|
||||
|
||||
for ac_func in setpassent setgroupent
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
done
|
||||
|
||||
if test X"$with_noexec" != X"no"; then
|
||||
# Check for non-standard exec functions
|
||||
for ac_func in exect execvP execvpe
|
||||
|
||||
@@ -2776,6 +2776,10 @@ AC_CHECK_FUNCS([vsyslog], [], [
|
||||
COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }vsyslog_test"
|
||||
])
|
||||
dnl
|
||||
dnl 4.4BSD-based systems can force the password or group file to be held open
|
||||
dnl
|
||||
AC_CHECK_FUNCS([setpassent setgroupent])
|
||||
dnl
|
||||
dnl Function checks for sudo_noexec
|
||||
dnl
|
||||
if test X"$with_noexec" != X"no"; then
|
||||
|
||||
13
src/sudo.c
13
src/sudo.c
@@ -508,6 +508,19 @@ get_user_info(struct user_details *ud)
|
||||
int fd;
|
||||
debug_decl(get_user_info, SUDO_DEBUG_UTIL)
|
||||
|
||||
/*
|
||||
* On BSD systems you can set a hint to keep the password and
|
||||
* group databases open instead of having to open and close
|
||||
* them all the time. Since sudo does a lot of password and
|
||||
* group lookups, keeping the file open can speed things up.
|
||||
*/
|
||||
#ifdef HAVE_SETPASSENT
|
||||
setpassent(1);
|
||||
#endif /* HAVE_SETPASSENT */
|
||||
#ifdef HAVE_SETGROUPENT
|
||||
setgroupent(1);
|
||||
#endif /* HAVE_SETGROUPENT */
|
||||
|
||||
memset(ud, 0, sizeof(*ud));
|
||||
|
||||
/* XXX - bound check number of entries */
|
||||
|
||||
Reference in New Issue
Block a user