From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 23 Jun 2010 22:56:44 +0000 (-0400)
Subject: Bracket initgroups with calls to aix_setauthdb() and aix_restoreauthdb()
X-Git-Tag: SUDO_1_7_3~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c86e7b65840d0fe50ce2cfc6b94895c976b0a4e5;p=sudo

Bracket initgroups with calls to aix_setauthdb() and aix_restoreauthdb()

--HG--
branch : 1.7
---

diff --git a/pwutil.c b/pwutil.c
index fae59652c..a20a849f7 100644
--- a/pwutil.c
+++ b/pwutil.c
@@ -228,7 +228,7 @@ sudo_getpwnam(name)
      * Cache passwd db entry if it exists or a negative response if not.
      */
 #ifdef HAVE_SETAUTHDB
-    aix_setauthdb(name);
+    aix_setauthdb((char *) name);
 #endif
     if ((pw = getpwnam(name)) != NULL) {
 	pw = sudo_pwdup(pw);
diff --git a/set_perms.c b/set_perms.c
index cb0838561..41dd9a44e 100644
--- a/set_perms.c
+++ b/set_perms.c
@@ -490,9 +490,9 @@ static void
 runas_setgroups()
 {
     static int ngroups = -1;
-#ifdef HAVE_GETGROUPS
+# ifdef HAVE_GETGROUPS
     static GETGROUPS_T *groups;
-#endif
+# endif
     struct passwd *pw;
 
     if (def_preserve_groups)
@@ -503,18 +503,24 @@ runas_setgroups()
      */
     if (ngroups == -1) {
 	pw = runas_pw ? runas_pw : sudo_user.pw;
+# ifdef HAVE_SETAUTHDB
+	aix_setauthdb(pw->pw_name);
+# endif
 	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
-#ifdef HAVE_GETGROUPS
+# ifdef HAVE_GETGROUPS
 	if ((ngroups = getgroups(0, NULL)) > 0) {
 	    groups = emalloc2(ngroups, sizeof(GETGROUPS_T));
 	    if (getgroups(ngroups, groups) < 0)
 		log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");
 	}
+#  ifdef HAVE_SETAUTHDB
+	aix_restoreauthdb();
+#  endif
     } else {
 	if (setgroups(ngroups, groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
-#endif /* HAVE_GETGROUPS */
+# endif /* HAVE_GETGROUPS */
     }
 }
 
diff --git a/sudo_nss.c b/sudo_nss.c
index 2ba6b704e..ae8b9623f 100644
--- a/sudo_nss.c
+++ b/sudo_nss.c
@@ -212,6 +212,9 @@ reset_groups(pw)
 {
 #if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
     if (pw != sudo_user.pw) {
+# ifdef HAVE_SETAUTHDB
+        aix_setauthdb(pw->pw_name);
+# endif
 	(void) initgroups(pw->pw_name, pw->pw_gid);
 	efree(user_groups);
 	user_groups = NULL;
@@ -220,8 +223,11 @@ reset_groups(pw)
 	    if (getgroups(user_ngroups, user_groups) < 0)
 		log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
 	}
+# ifdef HAVE_SETAUTHDB
+        aix_restoreauthdb();
+# endif
     }
-#endif
+#endif /* HAVE_INITGROUPS && HAVE_GETGROUPS */
 }
 
 static int