From: Todd C. Miller Date: Sun, 24 Feb 2013 10:54:57 +0000 (-0500) Subject: Dummy out close function if there is no end_session for the auth X-Git-Tag: SUDO_1_8_7~1^2~203 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d3ff0f31ee4130349827460d158eb9e90da703d3;p=sudo Dummy out close function if there is no end_session for the auth method and the front-end can handle a NULL close function. Avoids the extra sudo process when we don't actually need it. --- diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index 3cd510b6d..dc98c25d1 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller + * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -302,6 +302,22 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[]) debug_return_int(status == AUTH_FATAL ? -1 : 1); } +bool +sudo_auth_needs_end_session(void) +{ + sudo_auth *auth; + bool needed = false; + debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH) + + for (auth = auth_switch; auth->name; auth++) { + if (auth->end_session && !IS_DISABLED(auth)) { + needed = true; + break; + } + } + debug_return_bool(needed); +} + /* * Call authentication method end session hooks. * Returns 1 on success and -1 on error. diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 667fae808..f63e62ed7 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2012 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -68,6 +68,8 @@ struct sudoers_exec_args { static int sudo_version; static const char *interfaces_string; +extern __dso_public struct policy_plugin sudoers_policy; + #ifdef HAVE_BSD_AUTH_H extern char *login_style; #endif /* HAVE_BSD_AUTH_H */ @@ -561,6 +563,7 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], char **command_infop[], char **argv_out[], char **user_env_out[]) { struct sudoers_exec_args exec_args; + int rval; debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN) if (!ISSET(sudo_mode, MODE_EDIT)) @@ -570,7 +573,14 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], exec_args.envp = user_env_out; exec_args.info = command_infop; - debug_return_bool(sudoers_policy_main(argc, argv, 0, env_add, &exec_args)); + rval = sudoers_policy_main(argc, argv, 0, env_add, &exec_args); + if (rval == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) { + /* Unset close function if we don't need it to avoid extra process. */ + if (!def_log_input && !def_log_output && !def_use_pty && + !sudo_auth_needs_end_session()) + sudoers_policy.close = NULL; + } + debug_return_bool(rval); } static int diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 03d6460d7..49c1f1efc 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2005, 2007-2012 + * Copyright (c) 1993-1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -242,6 +242,7 @@ void remove_timestamp(bool); bool set_lectured(void); /* sudo_auth.c */ +bool sudo_auth_needs_end_session(void); int verify_user(struct passwd *pw, char *prompt, int validated); int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); int sudo_auth_end_session(struct passwd *pw);