diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index e0292d634..821286dcf 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -60,6 +60,10 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) static struct bsdauth_state state; debug_decl(bsdauth_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + /* Get login class based on auth user, which may not be invoking user. */ if (pw->pw_class && *pw->pw_class) state.lc = login_getclass(pw->pw_class); diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c index 7f3385d0f..3afe4b225 100644 --- a/plugins/sudoers/auth/fwtk.c +++ b/plugins/sudoers/auth/fwtk.c @@ -50,6 +50,10 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth) char resp[128]; /* Response from the server */ debug_decl(sudo_fwtk_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + if ((confp = cfg_read("sudo")) == (Cfg *)-1) { sudo_warnx("%s", U_("unable to read fwtk config")); debug_return_int(AUTH_FATAL); @@ -69,6 +73,7 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth) sudo_warnx(U_("authentication server error:\n%s"), resp); debug_return_int(AUTH_FATAL); } + auth->data = (void *) confp; debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/kerb5.c b/plugins/sudoers/auth/kerb5.c index a6072269f..6bb00a804 100644 --- a/plugins/sudoers/auth/kerb5.c +++ b/plugins/sudoers/auth/kerb5.c @@ -135,7 +135,9 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) char cache_name[64], *pname = pw->pw_name; debug_decl(sudo_krb5_init, SUDOERS_DEBUG_AUTH); - auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); if (sudo_krb5_instance != NULL) { int len = asprintf(&pname, "%s%s%s", pw->pw_name, @@ -171,6 +173,8 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) goto done; } + auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ + done: if (sudo_krb5_instance != NULL) free(pname); diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index 566881f68..b2046eca2 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -45,6 +45,10 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) { debug_decl(sudo_passwd_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + #ifdef HAVE_SKEYACCESS if (skeyaccess(pw, user_tty, NULL, NULL) == 0) debug_return_int(AUTH_FAILURE); diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c index dd7aa42eb..6980b75dc 100644 --- a/plugins/sudoers/auth/secureware.c +++ b/plugins/sudoers/auth/secureware.c @@ -55,6 +55,10 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth) { debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + #ifdef __alpha if (crypt_type == INT_MAX) debug_return_int(AUTH_FAILURE); /* no shadow */ diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c index 698953fc2..628ba1cfa 100644 --- a/plugins/sudoers/auth/securid5.c +++ b/plugins/sudoers/auth/securid5.c @@ -63,14 +63,19 @@ sudo_securid_init(struct passwd *pw, sudo_auth *auth) static SDI_HANDLE sd_dat; /* SecurID handle */ debug_decl(sudo_securid_init, SUDOERS_DEBUG_AUTH); - auth->data = (void *) &sd_dat; /* For method-specific data */ - - /* Start communications */ - if (AceInitialize() != SD_FALSE) + /* Only initialize once. */ + if (auth->data != NULL) debug_return_int(AUTH_SUCCESS); - sudo_warnx("%s", U_("failed to initialise the ACE API library")); - debug_return_int(AUTH_FATAL); + /* Start communications */ + if (AceInitialize() == SD_FALSE) { + sudo_warnx("%s", U_("failed to initialise the ACE API library")); + debug_return_int(AUTH_FATAL); + } + + auth->data = (void *) &sd_dat; /* For method-specific data */ + + debug_return_int(AUTH_SUCCESS); } /*