From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Tue, 20 Feb 2018 20:22:59 +0000 (-0700)
Subject: Use setpassent() and setgroupent() on systems that support it to
X-Git-Tag: SUDO_1_8_23^2~127
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=faa5baac9b0a228ece99969812aebe8d44f584b2;p=sudo

Use setpassent() and setgroupent() on systems that support it to
keep the passwd and group database open.  Sudo does a lot of passwd
and group lookups so it can be beneficial to just leave the file
open.
---

diff --git a/config.h.in b/config.h.in
index 2e4b877f6..3bbd6ee27 100644
--- a/config.h.in
+++ b/config.h.in
@@ -603,9 +603,15 @@
 /* Define to 1 if you have the `seteuid' function. */
 #undef HAVE_SETEUID
 
+/* Define to 1 if you have the `setgroupent' function. */
+#undef HAVE_SETGROUPENT
+
 /* Define to 1 if you have the `setkeycreatecon' function. */
 #undef HAVE_SETKEYCREATECON
 
+/* Define to 1 if you have the `setpassent' function. */
+#undef HAVE_SETPASSENT
+
 /* Define to 1 if you have the `setprogname' function. */
 #undef HAVE_SETPROGNAME
 
diff --git a/configure b/configure
index 1fda42b11..2a5a54b88 100755
--- a/configure
+++ b/configure
@@ -20915,6 +20915,18 @@ esac
 fi
 done
 
+for ac_func in setpassent setgroupent
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
 if test X"$with_noexec" != X"no"; then
     # Check for non-standard exec functions
     for ac_func in exect execvP execvpe
diff --git a/configure.ac b/configure.ac
index 52a5963ea..96191841e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2776,6 +2776,10 @@ AC_CHECK_FUNCS([vsyslog], [], [
     COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }vsyslog_test"
 ])
 dnl
+dnl 4.4BSD-based systems can force the password or group file to be held open
+dnl
+AC_CHECK_FUNCS([setpassent setgroupent])
+dnl
 dnl Function checks for sudo_noexec
 dnl
 if test X"$with_noexec" != X"no"; then
diff --git a/src/sudo.c b/src/sudo.c
index b205b8a52..ead838215 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -508,6 +508,19 @@ get_user_info(struct user_details *ud)
     int fd;
     debug_decl(get_user_info, SUDO_DEBUG_UTIL)
 
+    /*
+     * On BSD systems you can set a hint to keep the password and
+     * group databases open instead of having to open and close
+     * them all the time.  Since sudo does a lot of password and
+     * group lookups, keeping the file open can speed things up.
+     */
+#ifdef HAVE_SETPASSENT
+    setpassent(1);
+#endif /* HAVE_SETPASSENT */
+#ifdef HAVE_SETGROUPENT
+    setgroupent(1);
+#endif /* HAVE_SETGROUPENT */
+
     memset(ud, 0, sizeof(*ud));
 
     /* XXX - bound check number of entries */