From: Todd C. Miller Date: Mon, 15 Nov 2004 04:06:16 +0000 (+0000) Subject: Create and use private versions of setpwent() and endpwent() that X-Git-Tag: SUDO_1_7_0~837 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0b34123a8b904756fe63ea00e1a63a710a54cc63;p=sudo Create and use private versions of setpwent() and endpwent() that set/end the shadow password file too. --- diff --git a/getspwuid.c b/getspwuid.c index 55afb3123..1bfed0ff3 100644 --- a/getspwuid.c +++ b/getspwuid.c @@ -80,7 +80,6 @@ static const char rcsid[] = "$Sudo$"; int crypt_type = INT_MAX; #endif /* HAVE_GETPRPWNAM && __alpha */ - /* * Return a copy of the encrypted password for the user described by pw. * If shadow passwords are in use, look in the shadow file. @@ -106,14 +105,12 @@ sudo_getepw(pw) { struct pr_passwd *spw; - setprpwent(); if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { # ifdef __alpha crypt_type = spw->ufld.fd_oldcrypt; # endif /* __alpha */ epw = estrdup(spw->ufld.fd_encrypt); } - endprpwent(); if (epw) return(epw); } @@ -122,10 +119,8 @@ sudo_getepw(pw) { struct spwd *spw; - setspent(); if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp) epw = estrdup(spw->sp_pwdp); - endspent(); if (epw) return(epw); } @@ -134,10 +129,8 @@ sudo_getepw(pw) { struct s_passwd *spw; - setspwent(); if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd) epw = estrdup(spw->pw_passwd); - endspwent(); if (epw) return(epw); } @@ -146,10 +139,8 @@ sudo_getepw(pw) { struct passwd_adjunct *spw; - setpwaent(); if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd) epw = estrdup(spw->pwa_passwd); - endpwaent(); if (epw) return(epw); } @@ -158,10 +149,8 @@ sudo_getepw(pw) { AUTHORIZATION *spw; - setauthent(); if ((spw = getauthuid(pw->pw_uid)) && spw->a_password) epw = estrdup(spw->a_password); - endauthent(); if (epw) return(epw); } @@ -298,3 +287,45 @@ sudo_getpwnam(name) else return(sudo_pwdup(pw, 1)); } + +void +sudo_setpwent() +{ + setpwent(); +#ifdef HAVE_GETPRPWNAM + setprpwent(); +#endif +#ifdef HAVE_GETSPNAM + setspent(); +#endif +#ifdef HAVE_GETSPWUID + setspwent(); +#endif +#ifdef HAVE_GETPWANAM + setpwaent(); +#endif +#ifdef HAVE_GETAUTHUID + setauthent(); +#endif +} + +void +sudo_endpwent() +{ + endpwent(); +#ifdef HAVE_GETPRPWNAM + endprpwent(); +#endif +#ifdef HAVE_GETSPNAM + endspent(); +#endif +#ifdef HAVE_GETSPWUID + endspwent(); +#endif +#ifdef HAVE_GETPWANAM + endpwaent(); +#endif +#ifdef HAVE_GETAUTHUID + endauthent(); +#endif +} diff --git a/logging.c b/logging.c index 4f6f53f3e..b99c95eea 100644 --- a/logging.c +++ b/logging.c @@ -53,6 +53,7 @@ # include "emul/err.h" #endif /* HAVE_ERR_H */ #include +#include #include #include #include @@ -494,8 +495,9 @@ send_mail(line) } argv[i] = NULL; - /* Close password file so we don't leak the fd. */ - endpwent(); + /* Close password and group files so we don't leak fds. */ + sudo_endpwent(); + endgrent(); /* * Depending on the config, either run the mailer as root diff --git a/sudo.c b/sudo.c index f9fcddd82..d9b835760 100644 --- a/sudo.c +++ b/sudo.c @@ -197,7 +197,7 @@ main(argc, argv, envp) * Turn off core dumps and close open files. */ initial_setup(); - setpwent(); + sudo_setpwent(); /* Parse our arguments. */ sudo_mode = parse_args(Argc, Argv); @@ -402,7 +402,7 @@ main(argc, argv, envp) set_perms(PERM_FULL_RUNAS); /* Close the password and group files */ - endpwent(); + sudo_endpwent(); endgrent(); /* Install the real environment. */ diff --git a/sudo.h b/sudo.h index d579ac1f8..d06c42f39 100644 --- a/sudo.h +++ b/sudo.h @@ -237,6 +237,8 @@ void zero_bytes __P((volatile VOID *, size_t)); int gettime __P((struct timespec *)); FILE *open_sudoers __P((const char *, int *)); void display_privs __P((struct passwd *)); +void sudo_setpwent __P((void)); +void sudo_endpwent __P((void)); #ifdef HAVE_SYSTRACE void systrace_attach __P((pid_t)); #endif