Use AIX-style shared libraries on AIX by default instead of SVR4-style.

This removes the need to use the -brtl linker flag which can cause
problems when there are both a .so and .a version of the same library
but with different versions.  This was particularly problematic
when using the AIX freeware version of OpenSSL.  The --with-aix-soname=svr4
option can be used to build SVR4-style shared libs instead.

configure

@@ -721,6 +721,7 @@ OBJEXT
 EXEEXT
 ac_ct_CC
 CC
+sudoers_plugin
 plugindir
 pam_login_service
 pam_session
@@ -3590,6 +3591,7 @@ ac_config_headers="$ac_config_headers config.h pathnames.h"
 
 
 
+
 
 
 #
@@ -3640,6 +3642,7 @@ secure_path="not set"
 pam_session=on
 pam_login_service=sudo
 plugindir="$libexecdir/sudo"
+sudoers_plugin="sudoers.so"
 DIGEST=digest.lo
 devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev"
 #
@@ -8802,45 +8805,6 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
     fi
 
 
-case "$host_os" in
-aix4.[23]|aix4.[23].*|aix[5-9]*)
-
-if test ${LDFLAGS+y}
-then :
-
-  case " $LDFLAGS " in #(
-  *" -Wl,-brtl "*) :
-    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-brtl"; } >&5
-  (: LDFLAGS already contains -Wl,-brtl) 2>&5
-  ac_status=$?
-  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } ;; #(
-  *) :
-
-     as_fn_append LDFLAGS " -Wl,-brtl"
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5
-  (: LDFLAGS="$LDFLAGS") 2>&5
-  ac_status=$?
-  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }
-     ;;
-esac
-
-else case e in #(
-  e)
-  LDFLAGS=-Wl,-brtl
-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5
-  (: LDFLAGS="$LDFLAGS") 2>&5
-  ac_status=$?
-  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }
-   ;;
-esac
-fi
-
-    ;;
-esac
-
 case "$host_os" in
 hpux11.1[1-9]|hpux11.[2-9][0-9]|hpux1[2-9].*)
     # Prefer dlopen() over shl_load()
@@ -17176,6 +17140,21 @@ CC=$lt_save_CC
 
 
 
+case "$host_os" in
+aix*)
+    if test X"$aix_use_runtimelinking" != X"yes"; then
+	# Using traditional AIX dynamic shared objects in an archive file.
+	noexec_file="$libexecdir/sudo/sudo_noexec.a(sudo_noexec.so)"
+	intercept_file="$libexecdir/sudo/sudo_intercept.a(sudo_intercept.so)"
+	sudoers_plugin="sudoers.a(sudoers.so)"
+    fi
+    ;;
+esac
+cat >>confdefs.h <<EOF
+#define _PATH_SUDOERS_PLUGIN "$sudoers_plugin"
+EOF
+
+
 
 # Check whether --with-libtool was given.
 if test ${with_libtool+y}
@@ -34505,28 +34484,28 @@ fi
 _intercept_file=
 while test X"$intercept_file" != X"$_intercept_file"; do
     _intercept_file="$intercept_file"
-    eval intercept_file="$_intercept_file"
+    eval "intercept_file=\"$_intercept_file\""
 done
 
 # Update exec_prefix in noexec_file
 _noexec_file=
 while test X"$noexec_file" != X"$_noexec_file"; do
     _noexec_file="$noexec_file"
-    eval noexec_file="$_noexec_file"
+    eval "noexec_file=\"$_noexec_file\""
 done
 
 # Update exec_prefix in sesh_file
 _sesh_file=
 while test X"$sesh_file" != X"$_sesh_file"; do
     _sesh_file="$sesh_file"
-    eval sesh_file="$_sesh_file"
+    eval "sesh_file=\"$_sesh_file\""
 done
 
 # Update exec_prefix in plugindir
 _plugindir=
 while test X"$plugindir" != X"$_plugindir"; do
     _plugindir="$plugindir"
-    eval plugindir="$_plugindir"
+    eval "plugindir=\"$_plugindir\""
 done
 exec_prefix="$oexec_prefix"
 
@@ -36931,6 +36910,7 @@ echo "  mail if command not allowed	: ${mail_no_perms}" >&6
 echo " Pathnames:" >&6
 echo "  log directory			: ${log_dir}" >&6
 echo "  plugin directory		: ${plugindir}" >&6
+echo "  sudoers plugin			: ${sudoers_plugin}" >&6
 echo "  run directory			: ${rundir}" >&6
 echo "  var directory			: ${vardir}" >&6
 echo "  I/O log directory		: ${iolog_dir}" >&6
@@ -36945,6 +36925,7 @@ if test ${with_netsvc-"no"} != "no"; then
 elif test ${with_nsswitch-"yes"} != "no"; then
     echo "  nsswitch file			: ${nsswitch_conf}" >&6
 fi
+echo "  intercept file			: ${intercept_file}" >&6
 echo "  noexec file			: ${noexec_file}" >&6
 echo "  secure path			: ${with_secure_path-no}" >&6
 echo "  askpass helper file		: ${with_askpass-no}" >&6

configure.ac

@@ -178,6 +178,7 @@ AC_SUBST([editor])
 AC_SUBST([pam_session])
 AC_SUBST([pam_login_service])
 AC_SUBST([plugindir])
+AC_SUBST([sudoers_plugin])
 #
 # Begin initial values for man page substitution
 #
@@ -226,6 +227,7 @@ secure_path="not set"
 pam_session=on
 pam_login_service=sudo
 plugindir="$libexecdir/sudo"
+sudoers_plugin="sudoers.so"
 DIGEST=digest.lo
 devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev"
 #
@@ -1650,18 +1652,6 @@ dnl Relies on CC host being set
 dnl
 SUDO_PVS_STUDIO_CFG
 
-dnl
-dnl On AIX we need to force libtool to install .so files for the plugins
-dnl instead of a .a file that contains the .so.  We do this by enabling
-dnl runtime linking (where the .so file is installed).  This must happen
-dnl before the call to LT_INIT
-dnl
-case "$host_os" in
-aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-    AX_APPEND_FLAG([-Wl,-brtl], [LDFLAGS])
-    ;;
-esac
-
 dnl
 dnl On HP-UX 11.11 and higher we prefer dlopen() over shl_load().
 dnl Libtool defaults to shl_load() so we need to prime the cache
@@ -1681,6 +1671,25 @@ dnl
 LT_PREREQ([2.2.6b])
 LT_INIT([dlopen])
 
+dnl
+dnl AIX supports two distinct flavors of shared libraries.
+dnl Traditional AIX shared libs are .a files with a .so inside.
+dnl AIX SVR4-style shared libs are plain .so files.  The --with-aix-soname
+dnl option can be used to select the type.  We need to set the default
+dnl values to match.  This must come after the LT_INIT() call.
+dnl
+case "$host_os" in
+aix*)
+    if test X"$aix_use_runtimelinking" != X"yes"; then
+	# Using traditional AIX dynamic shared objects in an archive file.
+	noexec_file="$libexecdir/sudo/sudo_noexec.a(sudo_noexec.so)"
+	intercept_file="$libexecdir/sudo/sudo_intercept.a(sudo_intercept.so)"
+	sudoers_plugin="sudoers.a(sudoers.so)"
+    fi
+    ;;
+esac
+SUDO_DEFINE_UNQUOTED([_PATH_SUDOERS_PLUGIN], ["$sudoers_plugin"])
+
 dnl
 dnl Allow the user to specify an alternate libtool.
 dnl XXX - should be able to skip LT_INIT if we are using a different libtool
@@ -4156,28 +4165,28 @@ fi
 _intercept_file=
 while test X"$intercept_file" != X"$_intercept_file"; do
     _intercept_file="$intercept_file"
-    eval intercept_file="$_intercept_file"
+    eval "intercept_file=\"$_intercept_file\""
 done
 
 # Update exec_prefix in noexec_file
 _noexec_file=
 while test X"$noexec_file" != X"$_noexec_file"; do
     _noexec_file="$noexec_file"
-    eval noexec_file="$_noexec_file"
+    eval "noexec_file=\"$_noexec_file\""
 done
 
 # Update exec_prefix in sesh_file
 _sesh_file=
 while test X"$sesh_file" != X"$_sesh_file"; do
     _sesh_file="$sesh_file"
-    eval sesh_file="$_sesh_file"
+    eval "sesh_file=\"$_sesh_file\""
 done
 
 # Update exec_prefix in plugindir
 _plugindir=
 while test X"$plugindir" != X"$_plugindir"; do
     _plugindir="$plugindir"
-    eval plugindir="$_plugindir"
+    eval "plugindir=\"$_plugindir\""
 done
 exec_prefix="$oexec_prefix"
 
@@ -4410,6 +4419,7 @@ echo "  mail if command not allowed	: ${mail_no_perms}" >&AS_MESSAGE_FD
 echo " Pathnames:" >&AS_MESSAGE_FD
 echo "  log directory			: ${log_dir}" >&AS_MESSAGE_FD
 echo "  plugin directory		: ${plugindir}" >&AS_MESSAGE_FD
+echo "  sudoers plugin			: ${sudoers_plugin}" >&AS_MESSAGE_FD
 echo "  run directory			: ${rundir}" >&AS_MESSAGE_FD
 echo "  var directory			: ${vardir}" >&AS_MESSAGE_FD
 echo "  I/O log directory		: ${iolog_dir}" >&AS_MESSAGE_FD
@@ -4424,6 +4434,7 @@ if test ${with_netsvc-"no"} != "no"; then
 elif test ${with_nsswitch-"yes"} != "no"; then
     echo "  nsswitch file			: ${nsswitch_conf}" >&AS_MESSAGE_FD
 fi
+echo "  intercept file			: ${intercept_file}" >&AS_MESSAGE_FD
 echo "  noexec file			: ${noexec_file}" >&AS_MESSAGE_FD
 echo "  secure path			: ${with_secure_path-no}" >&AS_MESSAGE_FD
 echo "  askpass helper file		: ${with_askpass-no}" >&AS_MESSAGE_FD

docs/sudo.conf.man.in

@@ -17,7 +17,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .nr SL @SEMAN@
-.TH "SUDO.CONF" "@mansectform@" "May 31, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO.CONF" "@mansectform@" "December 22, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -127,7 +127,7 @@ In other words:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_policy sudoers.so
+Plugin sudoers_policy @sudoers_module@
 .RE
 .fi
 .PP
@@ -135,7 +135,7 @@ is equivalent to:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_policy @plugindir@/sudoers.so
+Plugin sudoers_policy @plugindir@/@sudoers_module@
 .RE
 .fi
 .PP
@@ -149,7 +149,7 @@ For example:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_policy sudoers.so
+Plugin sudoers_policy @sudoers_module@
 .RE
 .fi
 .PP
@@ -164,7 +164,7 @@ For example, to override the compile-time default sudoers file mode:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_policy sudoers.so sudoers_mode=0440
+Plugin sudoers_policy @sudoers_module@ sudoers_mode=0440
 .RE
 .fi
 .PP
@@ -191,9 +191,9 @@ This is equivalent to the following:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-Plugin sudoers_audit sudoers.so
+Plugin sudoers_policy @sudoers_module@
+Plugin sudoers_io @sudoers_module@
+Plugin sudoers_audit @sudoers_module@
 .RE
 .fi
 .PP
@@ -626,7 +626,7 @@ entries are also supported starting with
 \fBsudo\fR
 1.8.12 and are matched by either the base name of the plugin that was loaded
 (for example
-\fIsudoers.so\fR)
+\fI@sudoers_module@\fR)
 or by the plugin's fully-qualified path name.
 Previously, the
 \fBsudoers\fR
@@ -745,9 +745,9 @@ front-end configuration
 # The plugin_options are optional.
 #
 # The sudoers plugin is used by default if no Plugin lines are present.
-#Plugin sudoers_policy sudoers.so
-#Plugin sudoers_io sudoers.so
-#Plugin sudoers_audit sudoers.so
+#Plugin sudoers_policy @sudoers_module@
+#Plugin sudoers_io @sudoers_module@
+#Plugin sudoers_audit @sudoers_module@
 
 #
 # Sudo askpass:
@@ -870,7 +870,7 @@ front-end configuration
 # Multiple subsystem@priority may be specified, separated by a comma.
 #
 #Debug sudo @log_dir@/sudo_debug all@debug
-#Debug sudoers.so @log_dir@/sudoers_debug all@debug
+#Debug @sudoers_plugin@ @log_dir@/sudoers_debug all@debug
 .RE
 .fi
 .SH "SEE ALSO"

docs/sudo.conf.mdoc.in

@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .nr SL @SEMAN@
-.Dd May 31, 2022
+.Dd December 22, 2022
 .Dt SUDO.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -122,12 +122,12 @@ setting, which defaults to
 .Pa @plugindir@ .
 In other words:
 .Bd -literal -offset 4n
-Plugin sudoers_policy sudoers.so
+Plugin sudoers_policy @sudoers_module@
 .Ed
 .Pp
 is equivalent to:
 .Bd -literal -offset 4n
-Plugin sudoers_policy @plugindir@/sudoers.so
+Plugin sudoers_policy @plugindir@/@sudoers_module@
 .Ed
 .Pp
 If the plugin was compiled statically into the
@@ -138,7 +138,7 @@ should be specified without a leading directory,
 as it does not actually exist in the file system.
 For example:
 .Bd -literal -offset 4n
-Plugin sudoers_policy sudoers.so
+Plugin sudoers_policy @sudoers_module@
 .Ed
 .Pp
 Starting with
@@ -150,7 +150,7 @@ are passed as arguments to the plugin's
 function.
 For example, to override the compile-time default sudoers file mode:
 .Bd -literal -offset 4n
-Plugin sudoers_policy sudoers.so sudoers_mode=0440
+Plugin sudoers_policy @sudoers_module@ sudoers_mode=0440
 .Ed
 .Pp
 See the
@@ -174,9 +174,9 @@ plugin will be used as the default security policy, for I/O logging
 (if enabled by the policy), and for auditing.
 This is equivalent to the following:
 .Bd -literal -offset 4n
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-Plugin sudoers_audit sudoers.so
+Plugin sudoers_policy @sudoers_module@
+Plugin sudoers_io @sudoers_module@
+Plugin sudoers_audit @sudoers_module@
 .Ed
 .Pp
 Starting with
@@ -570,7 +570,7 @@ entries are also supported starting with
 .Nm sudo
 1.8.12 and are matched by either the base name of the plugin that was loaded
 (for example
-.Pa sudoers.so )
+.Pa @sudoers_module@ )
 or by the plugin's fully-qualified path name.
 Previously, the
 .Nm sudoers
@@ -674,9 +674,9 @@ front-end configuration
 # The plugin_options are optional.
 #
 # The sudoers plugin is used by default if no Plugin lines are present.
-#Plugin sudoers_policy sudoers.so
-#Plugin sudoers_io sudoers.so
-#Plugin sudoers_audit sudoers.so
+#Plugin sudoers_policy @sudoers_module@
+#Plugin sudoers_io @sudoers_module@
+#Plugin sudoers_audit @sudoers_module@
 
 #
 # Sudo askpass:
@@ -799,7 +799,7 @@ front-end configuration
 # Multiple subsystem@priority may be specified, separated by a comma.
 #
 #Debug sudo @log_dir@/sudo_debug all@debug
-#Debug sudoers.so @log_dir@/sudoers_debug all@debug
+#Debug @sudoers_plugin@ @log_dir@/sudoers_debug all@debug
 .Ed
 .Sh SEE ALSO
 .Xr sudo_plugin @mansectform@ ,

docs/sudoers.man.in

@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "December 9, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "December 22, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -72,9 +72,9 @@ plugin, the following configuration can be used.
 .nf
 .sp
 .RS 4n
-Plugin sudoers_audit sudoers.so
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
+Plugin sudoers_audit @sudoers_module@
+Plugin sudoers_policy @sudoers_module@
+Plugin sudoers_io @sudoers_module@
 .RE
 .fi
 .PP
@@ -87,7 +87,7 @@ sudo.conf(@mansectform@)
 file.
 Plugin arguments, if any, should be listed after the path to the plugin
 (i.e., after
-\fIsudoers.so\fR).
+\fI@sudoers_module@\fR).
 The arguments are only effective for the plugin that opens (and parses) the
 \fIsudoers\fR
 file.
@@ -105,7 +105,7 @@ For example:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false
+Plugin sudoers_audit @sudoers_module@ sudoers_mode=0400 error_recovery=false
 .RE
 .fi
 .PP
@@ -7813,7 +7813,7 @@ For example:
 .nf
 .sp
 .RS 0n
-Debug sudoers.so @log_dir@/sudoers_debug match@info,nss@info
+Debug @sudoers_plugin@ @log_dir@/sudoers_debug match@info,nss@info
 .RE
 .fi
 .PP

docs/sudoers.mdoc.in

@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd December 9, 2022
+.Dd December 22, 2022
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -70,9 +70,9 @@ to use the
 .Nm
 plugin, the following configuration can be used.
 .Bd -literal -offset 4n
-Plugin sudoers_audit sudoers.so
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
+Plugin sudoers_audit @sudoers_module@
+Plugin sudoers_policy @sudoers_module@
+Plugin sudoers_io @sudoers_module@
 .Ed
 .Pp
 Starting with
@@ -84,7 +84,7 @@ plugin in the
 file.
 Plugin arguments, if any, should be listed after the path to the plugin
 (i.e., after
-.Pa sudoers.so ) .
+.Pa @sudoers_module@ ) .
 The arguments are only effective for the plugin that opens (and parses) the
 .Em sudoers
 file.
@@ -100,7 +100,7 @@ plugin.
 Multiple arguments may be specified, separated by white space.
 For example:
 .Bd -literal -offset 4n
-Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false
+Plugin sudoers_audit @sudoers_module@ sudoers_mode=0400 error_recovery=false
 .Ed
 .Pp
 The following plugin arguments are supported:
@@ -7228,7 +7228,7 @@ utility functions
 .Pp
 For example:
 .Bd -literal
-Debug sudoers.so @log_dir@/sudoers_debug match@info,nss@info
+Debug @sudoers_plugin@ @log_dir@/sudoers_debug match@info,nss@info
 .Ed
 .Pp
 For more information, see the

docs/visudo.man.in

@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "VISUDO" "@mansectsu@" "October 4, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "December 22, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -323,13 +323,13 @@ plugin to override the default
 path name, user-ID, group-ID, and file mode.
 These arguments, if present, should be listed after the path to the plugin
 (i.e., after
-\fIsudoers.so\fR).
+\fI@sudoers_module@\fR).
 Multiple arguments may be specified, separated by white space.
 For example:
 .nf
 .sp
 .RS 4n
-Plugin sudoers_policy sudoers.so sudoers_mode=0400
+Plugin sudoers_policy @sudoers_module@ sudoers_mode=0400
 .RE
 .fi
 .PP

docs/visudo.mdoc.in

@@ -20,7 +20,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd October 4, 2022
+.Dd December 22, 2022
 .Dt VISUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -314,11 +314,11 @@ plugin to override the default
 path name, user-ID, group-ID, and file mode.
 These arguments, if present, should be listed after the path to the plugin
 (i.e., after
-.Pa sudoers.so ) .
+.Pa @sudoers_module@ ) .
 Multiple arguments may be specified, separated by white space.
 For example:
 .Bd -literal -offset 4n
-Plugin sudoers_policy sudoers.so sudoers_mode=0400
+Plugin sudoers_policy @sudoers_module@ sudoers_mode=0400
 .Ed
 .Pp
 The following arguments are supported:

examples/sudo.conf.in

@@ -11,9 +11,9 @@
 # The plugin_options are optional.
 #
 # The sudoers plugin is used by default if no Plugin lines are present.
-#Plugin sudoers_policy sudoers.so
-#Plugin sudoers_io sudoers.so
-#Plugin sudoers_audit sudoers.so
+#Plugin sudoers_policy @sudoers_module@
+#Plugin sudoers_io @sudoers_module@
+#Plugin sudoers_audit @sudoers_module@
 
 #
 # Sudo askpass:
@@ -51,7 +51,7 @@
 # The compiled-in value is usually sufficient and should only be changed
 # if you rename or move the sudo_intercept.so file.
 #
-#Path intercept @plugindir@/sudo_intercept.so
+#Path intercept @intercept_file@
 
 #
 # Sudo noexec:
@@ -65,7 +65,7 @@
 # The compiled-in value is usually sufficient and should only be changed
 # if you rename or move the sudo_noexec.so file.
 #
-#Path noexec @plugindir@/sudo_noexec.so
+#Path noexec @noexec_file@
 
 #
 # Sudo plugin directory:

pathnames.h.in

@@ -182,6 +182,10 @@
 # undef _PATH_SUDO_DEVSEARCH
 #endif /* _PATH_SUDO_DEVSEARCH */
 
+#ifndef _PATH_SUDOERS_PLUGIN
+# undef _PATH_SUDOERS_PLUGIN
+#endif /* _PATH_SUDOERS_PLUGIN */
+
 #ifndef _PATH_ASAN_LIB
 # undef	_PATH_ASAN_LIB
 #endif /* _PATH_ASAN_LIB */

src/load_plugins.c

@@ -34,9 +34,6 @@
 #include "sudo_plugin_int.h"
 #include "sudo_dso.h"
 
-/* We always use the same name for the sudoers plugin, regardless of the OS */
-#define SUDOERS_PLUGIN	"sudoers.so"
-
 #ifdef ENABLE_SUDO_PLUGIN_API
 static int
 sudo_stat_plugin(struct plugin_info *info, char *fullpath,
@@ -55,7 +52,7 @@ sudo_stat_plugin(struct plugin_info *info, char *fullpath,
     } else {
 #ifdef STATIC_SUDOERS_PLUGIN
 	/* Check static symbols. */
-	if (strcmp(info->path, SUDOERS_PLUGIN) == 0) {
+	if (strcmp(info->path, _PATH_SUDOERS_PLUGIN) == 0) {
 	    if (strlcpy(fullpath, info->path, pathsize) >= pathsize) {
 		errno = ENAMETOOLONG;
 		goto done;
@@ -466,7 +463,7 @@ sudo_load_sudoers_plugin(const char *symbol_name, bool optional)
 	goto done;
     }
     info->symbol_name = strdup(symbol_name);
-    info->path = strdup(SUDOERS_PLUGIN);
+    info->path = strdup(_PATH_SUDOERS_PLUGIN);
     if (info->symbol_name == NULL || info->path == NULL) {
 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
 	free_plugin_info(info);

src/preload.c

@@ -64,7 +64,7 @@ static struct sudo_preload_symbol sudo_sudoers_plugin_symbols[] = {
  */
 static struct sudo_preload_table sudo_preload_table[] = {
     { (char *)0, SUDO_DSO_DEFAULT, sudo_rtld_default_symbols },
-    { "sudoers.so", &sudo_sudoers_plugin_symbols, sudo_sudoers_plugin_symbols },
+    { _PATH_SUDOERS_PLUGIN, &sudo_sudoers_plugin_symbols, sudo_sudoers_plugin_symbols },
     { (char *)0, (void *)0, (struct sudo_preload_symbol *)0 }
 };