Dummy out close function if there is no end_session for the auth

method and the front-end can handle a NULL close function.  Avoids
the extra sudo process when we don't actually need it.

diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 3cd510b6d45f14dbe22f5f74e943b7e293625618..dc98c25d18518f782c75fb33841c47889693ecc2 100644 (file)
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -302,6 +302,22 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[])
     debug_return_int(status == AUTH_FATAL ? -1 : 1);
 }
 
+bool
+sudo_auth_needs_end_session(void)
+{
+    sudo_auth *auth;
+    bool needed = false;
+    debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH)
+
+    for (auth = auth_switch; auth->name; auth++) {
+       if (auth->end_session && !IS_DISABLED(auth)) {
+           needed = true;
+           break;
+       }
+    }
+    debug_return_bool(needed);
+}
+
 /*
  * Call authentication method end session hooks.
  * Returns 1 on success and -1 on error.

diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
index 667fae808bb0dac5714b7f6178bdc4ad040bfc92..f63e62ed7dc5e24533dcdefd80633ff27b13e1c7 100644 (file)
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -68,6 +68,8 @@ struct sudoers_exec_args {
 static int sudo_version;
 static const char *interfaces_string;
 
+extern __dso_public struct policy_plugin sudoers_policy;
+
 #ifdef HAVE_BSD_AUTH_H
 extern char *login_style;
 #endif /* HAVE_BSD_AUTH_H */
@@ -561,6 +563,7 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[],
     char **command_infop[], char **argv_out[], char **user_env_out[])
 {
     struct sudoers_exec_args exec_args;
+    int rval;
     debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN)
 
     if (!ISSET(sudo_mode, MODE_EDIT))
@@ -570,7 +573,14 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[],
     exec_args.envp = user_env_out;
     exec_args.info = command_infop;
 
-    debug_return_bool(sudoers_policy_main(argc, argv, 0, env_add, &exec_args));
+    rval = sudoers_policy_main(argc, argv, 0, env_add, &exec_args);
+    if (rval == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) {
+       /* Unset close function if we don't need it to avoid extra process. */
+       if (!def_log_input && !def_log_output && !def_use_pty &&
+           !sudo_auth_needs_end_session())
+           sudoers_policy.close = NULL;
+    }
+    debug_return_bool(rval);
 }
 
 static int

diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 03d6460d7bbf33266177f08e355445db8cb42264..49c1f1efc271bb9fc02864a37f548c0784cc4ace 100644 (file)
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1993-1996, 1998-2005, 2007-2012
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2013
  *     Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -242,6 +242,7 @@ void remove_timestamp(bool);
 bool set_lectured(void);
 
 /* sudo_auth.c */
+bool sudo_auth_needs_end_session(void);
 int verify_user(struct passwd *pw, char *prompt, int validated);
 int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
 int sudo_auth_end_session(struct passwd *pw);