From 215500bb55c4e56be1d155b875d2440177790e30 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 20 Jan 2011 16:16:08 -0500 Subject: [PATCH] Stash pointer to user group vector in LDAP handle and only reuse the query if it has not changed. We always allocate a new buffer when we reset the group vector so a simple pointer check is sufficient. --- plugins/sudoers/ldap.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 04a66eeff..7d71f735d 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -326,6 +326,7 @@ struct sudo_ldap_handle { LDAP *ld; struct ldap_result *result; char *username; + GETGROUPS_T *groups; }; struct sudo_nss sudo_nss_ldap = { @@ -1467,7 +1468,6 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) "NOSETENV: " : "SETENV: "; if (tag != NULL) lbuf_append(lbuf, tag, NULL); - /* XXX - ignores other options */ } ldap_value_free_len(bv); } @@ -1991,6 +1991,7 @@ sudo_ldap_open(struct sudo_nss *nss) handle->ld = ld; handle->result = NULL; handle->username = NULL; + handle->groups = NULL; nss->handle = handle; return(0); @@ -2244,6 +2245,7 @@ sudo_ldap_result_free_nss(struct sudo_nss *nss) efree(handle->username); handle->username = NULL; } + handle->groups = NULL; handle->result = NULL; } } @@ -2269,7 +2271,8 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) * have to contact the LDAP server again. */ if (handle->result) { - if (strcmp(pw->pw_name, handle->username) == 0) { + if (handle->groups == user_groups && + strcmp(pw->pw_name, handle->username) == 0) { DPRINTF(("reusing previous result (user %s) with %d entries", handle->username, handle->result->nentries), 1); return(handle->result); @@ -2342,6 +2345,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) /* Store everything in the sudo_nss handle. */ handle->result = lres; handle->username = estrdup(pw->pw_name); + handle->groups = user_groups; return(lres); } -- 2.40.0