From: Todd C. Miller Date: Wed, 11 May 2016 13:06:45 +0000 (-0600) Subject: Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). X-Git-Tag: SUDO_1_8_17^2~72 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=23d288563ec1f3812ff0a30e9bf6b87918b022c2;p=sudo Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). Sudo never iterates over the passwd or group file. Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent(). --- diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index f08b7a5b0..1989fe969 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2015 Todd C. Miller + * Copyright (c) 2009-2016 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -601,7 +601,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, bindtextdomain("sudoers", LOCALEDIR); - if (sudo_setpwent() == -1 || sudo_setgrent() == -1) { + if (sudo_mkpwcache() == -1 || sudo_mkgrcache() == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } @@ -687,10 +687,10 @@ done: free(tofree); if (details.runas_pw) sudo_pw_delref(details.runas_pw); - sudo_endpwent(); if (details.runas_gr) sudo_gr_delref(details.runas_gr); - sudo_endgrent(); + sudo_freepwcache(); + sudo_freegrcache(); debug_return_int(rval); } diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index ca82e49b3..8d4de9911 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -623,9 +623,7 @@ send_mail(const char *fmt, ...) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL); - /* Close password, group and other fds so we don't leak. */ - sudo_endpwent(); - sudo_endgrent(); + /* Close fds so we don't leak anything. */ closefrom(STDERR_FILENO + 1); if (pipe(pfd) == -1) { diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index 5c3ba4bfb..23398c335 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -359,9 +359,9 @@ sudo_fakepwnam(const char *user, gid_t gid) } int -sudo_setpwent(void) +sudo_mkpwcache(void) { - debug_decl(sudo_setpwent, SUDOERS_DEBUG_NSS) + debug_decl(sudo_mkpwcache, SUDOERS_DEBUG_NSS) if (pwcache_byuid == NULL) pwcache_byuid = rbcreate(cmp_pwuid); @@ -370,8 +370,6 @@ sudo_setpwent(void) if (pwcache_byuid == NULL || pwcache_byname == NULL) debug_return_int(-1); - setpwent(); - debug_return_int(0); } @@ -392,17 +390,6 @@ sudo_freepwcache(void) debug_return; } -void -sudo_endpwent(void) -{ - debug_decl(sudo_endpwent, SUDOERS_DEBUG_NSS) - - endpwent(); - sudo_freepwcache(); - - debug_return; -} - /* * Compare by gid. */ @@ -659,9 +646,9 @@ sudo_grlist_delref(struct group_list *grlist) } int -sudo_setgrent(void) +sudo_mkgrcache(void) { - debug_decl(sudo_setgrent, SUDOERS_DEBUG_NSS) + debug_decl(sudo_mkgrcache, SUDOERS_DEBUG_NSS) if (grcache_bygid == NULL) grcache_bygid = rbcreate(cmp_grgid); @@ -672,8 +659,6 @@ sudo_setgrent(void) if (grcache_bygid == NULL || grcache_byname == NULL || grlist_cache == NULL) debug_return_int(-1); - setgrent(); - debug_return_int(0); } @@ -698,17 +683,6 @@ sudo_freegrcache(void) debug_return; } -void -sudo_endgrent(void) -{ - debug_decl(sudo_endgrent, SUDOERS_DEBUG_NSS) - - endgrent(); - sudo_freegrcache(); - - debug_return; -} - struct group_list * sudo_get_grlist(const struct passwd *pw) { diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 2e3137682..6a69bc2bb 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -155,7 +155,7 @@ sudoers_policy_init(void *info, char * const envp[]) bindtextdomain("sudoers", LOCALEDIR); - if (sudo_setpwent() == -1 || sudo_setgrent() == -1) { + if (sudo_mkpwcache() == -1 || sudo_mkgrcache() == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } @@ -670,9 +670,9 @@ done: restore_nproc(); - /* Close the password and group files and free up memory. */ - sudo_endpwent(); - sudo_endgrent(); + /* Destroy the password and group caches and free the contents. */ + sudo_freepwcache(); + sudo_freegrcache(); sudo_warn_set_locale_func(NULL); @@ -1202,8 +1202,8 @@ sudoers_cleanup(void) } if (def_group_plugin) group_plugin_unload(); - sudo_endpwent(); - sudo_endgrent(); + sudo_freepwcache(); + sudo_freegrcache(); debug_return; } diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index da2698c53..362b97181 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -299,16 +299,16 @@ struct passwd *sudo_fakepwnam(const char *, gid_t); struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell); struct passwd *sudo_getpwnam(const char *); struct passwd *sudo_getpwuid(uid_t); -void sudo_endgrent(void); -void sudo_endpwent(void); void sudo_endspent(void); +void sudo_freegrcache(void); +void sudo_freepwcache(void); void sudo_grlist_addref(struct group_list *); void sudo_grlist_delref(struct group_list *); +int sudo_mkgrcache(void); +int sudo_mkpwcache(void); void sudo_pw_addref(struct passwd *); void sudo_pw_delref(struct passwd *); int sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids); -int sudo_setgrent(void); -int sudo_setpwent(void); void sudo_setspent(void); /* timestr.c */ diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 28f514709..bfa97edae 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2015 + * Copyright (c) 1996, 1998-2005, 2007-2016 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -184,7 +184,7 @@ main(int argc, char *argv[]) setgrfile(grfile); if (pwfile) setpwfile(pwfile); - if (sudo_setpwent() == -1 || sudo_setgrent() == -1) + if (sudo_mkpwcache() == -1 || sudo_mkgrcache() == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (argc < 2) { @@ -336,8 +336,8 @@ main(int argc, char *argv[]) */ exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); done: - sudo_endpwent(); - sudo_endgrent(); + sudo_freepwcache(); + sudo_freegrcache(); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 1e594589a..fef973904 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2015 + * Copyright (c) 1996, 1998-2005, 2007-2016 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -209,7 +209,7 @@ main(int argc, char *argv[]) if (argc - optind != 0) usage(1); - if (sudo_setpwent() == -1 || sudo_setgrent() == -1) + if (sudo_mkpwcache() == -1 || sudo_mkgrcache() == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); /* Mock up a fake sudo_user struct. */ @@ -842,8 +842,8 @@ run_command(char *path, char **argv) sudo_fatal(U_("unable to execute %s"), path); break; /* NOTREACHED */ case 0: - sudo_endpwent(); - sudo_endgrent(); + sudo_freepwcache(); + sudo_freegrcache(); closefrom(STDERR_FILENO + 1); execv(path, argv); sudo_warn(U_("unable to run %s"), path); @@ -1304,8 +1304,8 @@ visudo_cleanup(void) if (sp->tpath != NULL) (void) unlink(sp->tpath); } - sudo_endpwent(); - sudo_endgrent(); + sudo_freepwcache(); + sudo_freegrcache(); } /*