Stash pointer to user group vector in LDAP handle and only reuse

the query if it has not changed.  We always allocate a new buffer
when we reset the group vector so a simple pointer check is sufficient.

--HG--
branch : 1.7

diff --git a/ldap.c b/ldap.c
index 58e8cabde8ac57d98e9927f84a934296949294b2..5719ab3fd66e918f0faa00241efddd06cef88675 100644 (file)
--- a/ldap.c
+++ b/ldap.c
@@ -327,6 +327,7 @@ struct sudo_ldap_handle {
     LDAP *ld;
     struct ldap_result *result;
     char *username;
+    GETGROUPS_T *groups;
 };
 
 struct sudo_nss sudo_nss_ldap = {
@@ -1524,7 +1525,6 @@ sudo_ldap_display_entry_short(ld, entry, lbuf)
                    "NOSETENV: " : "SETENV: ";
            if (tag != NULL)
                lbuf_append(lbuf, tag, NULL);
-           /* XXX - ignores other options */
        }
        ldap_value_free_len(bv);
     }
@@ -2064,6 +2064,7 @@ sudo_ldap_open(nss)
     handle->ld = ld;
     handle->result = NULL;
     handle->username = NULL;
+    handle->groups = NULL;
     nss->handle = handle;
 
     return(0);
@@ -2327,6 +2328,7 @@ sudo_ldap_result_free_nss(nss)
            efree(handle->username);
            handle->username = NULL;
        }
+       handle->groups = NULL;
        handle->result = NULL;
     }
 }
@@ -2354,7 +2356,8 @@ sudo_ldap_result_get(nss, pw)
      * have to contact the LDAP server again.
      */
     if (handle->result) {
-       if (strcmp(pw->pw_name, handle->username) == 0) {
+       if (handle->groups == user_groups &&
+           strcmp(pw->pw_name, handle->username) == 0) {
            DPRINTF(("reusing previous result (user %s) with %d entries",
                handle->username, handle->result->nentries), 1);
            return(handle->result);
@@ -2427,6 +2430,7 @@ sudo_ldap_result_get(nss, pw)
     /* Store everything in the sudo_nss handle. */
     handle->result = lres;
     handle->username = estrdup(pw->pw_name);
+    handle->groups = user_groups;
 
     return(lres);
 }