mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

Remove fallback to per-group lookup when matching groups in sudoers.

Browse Source 
The sudo front-end will now use getgrouplist() to get the user's
list of groups if getgroups() fails or returns zero groups so we
always have a list of the user's groups.  For systems with
mbr_check_membership() which support more that NGROUPS_MAX groups
(Mac OS X), skip the call to getgroups() and use getgrouplist() so
we get all the groups.
This commit is contained in:
Todd C. Miller
2011-07-25 09:17:18 -04:00
parent cb63967bfd
commit 80138c88ba
4 changed files with 94 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/sudoers/sudoers.c
View File

@@ -74,9 +74,6 @@
#ifdef HAVE_SELINUX
# include <selinux/selinux.h>
#endif
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
# include <membership.h>
#endif
#include <ctype.h>
#include <setjmp.h>
@@ -455,9 +452,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
if (sudo_user.pw != NULL)
pw_delref(sudo_user.pw);
sudo_user.pw = pw;
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
mbr_uid_to_uuid(user_uid, user_uuid);
#endif
}
}
}
@@ -827,10 +821,6 @@ init_vars(char * const envp[])
if (user_group_list == NULL)
user_group_list = get_group_list(sudo_user.pw);
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
mbr_uid_to_uuid(user_uid, user_uuid);
#endif
/* It is now safe to use log_error() and set_perms() */
}