]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 165dcfa)
Stash pointer to user group vector in LDAP handle and only reuse
authorTodd C. Miller <Todd.Miller@courtesan.com>
Thu, 20 Jan 2011 21:16:08 +0000 (16:16 -0500)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Thu, 20 Jan 2011 21:16:08 +0000 (16:16 -0500)
the query if it has not changed.  We always allocate a new buffer
when we reset the group vector so a simple pointer check is sufficient.

plugins/sudoers/ldap.c patch | blob | history

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 04a66eeffcf4ddc122e7cc21852df3c902912be4..7d71f735d8c94b10d974d7a263cf8a88cfff1b1b 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -326,6 +326,7 @@ struct sudo_ldap_handle {
     LDAP *ld;
     struct ldap_result *result;
     char *username;
+    GETGROUPS_T *groups;
 };
 
 struct sudo_nss sudo_nss_ldap = {
@@ -1467,7 +1468,6 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf)
                    "NOSETENV: " : "SETENV: ";
            if (tag != NULL)
                lbuf_append(lbuf, tag, NULL);
-           /* XXX - ignores other options */
        }
        ldap_value_free_len(bv);
     }
@@ -1991,6 +1991,7 @@ sudo_ldap_open(struct sudo_nss *nss)
     handle->ld = ld;
     handle->result = NULL;
     handle->username = NULL;
+    handle->groups = NULL;
     nss->handle = handle;
 
     return(0);
@@ -2244,6 +2245,7 @@ sudo_ldap_result_free_nss(struct sudo_nss *nss)
            efree(handle->username);
            handle->username = NULL;
        }
+       handle->groups = NULL;
        handle->result = NULL;
     }
 }
@@ -2269,7 +2271,8 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw)
      * have to contact the LDAP server again.
      */
     if (handle->result) {
-       if (strcmp(pw->pw_name, handle->username) == 0) {
+       if (handle->groups == user_groups &&
+           strcmp(pw->pw_name, handle->username) == 0) {
            DPRINTF(("reusing previous result (user %s) with %d entries",
                handle->username, handle->result->nentries), 1);
            return(handle->result);
@@ -2342,6 +2345,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw)
     /* Store everything in the sudo_nss handle. */
     handle->result = lres;
     handle->username = estrdup(pw->pw_name);
+    handle->groups = user_groups;
 
     return(lres);
 }
Unnamed repository; edit this file 'description' to name the repository.