There is no longer a reason for the plugin to init the debug subsystem

itself.  It will always be initialized by the front-end if needed.

include/sudo_debug.h

@@ -205,12 +205,6 @@
 #define sudo_debug_write(str, len, errnum) \
     sudo_debug_write2(NULL, NULL, 0, (str), (len), (errnum))
 
-/*
- * NULL-terminated string lists of priorities and subsystems.
- */
-extern const char *const sudo_debug_priorities[];
-extern const char *const sudo_debug_subsystems[];
-
 __dso_public void sudo_debug_enter(const char *func, const char *file, int line, int subsys);
 __dso_public void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]);
 __dso_public void sudo_debug_exit(const char *func, const char *file, int line, int subsys);

lib/util/sudo_debug.c

@@ -64,7 +64,7 @@
  */
 
 /* Note: this must match the order in sudo_debug.h */
-const char *const sudo_debug_priorities[] = {
+static const char *const sudo_debug_priorities[] = {
     "crit",
     "err",
     "warn",
@@ -77,7 +77,7 @@ const char *const sudo_debug_priorities[] = {
 };
 
 /* Note: this must match the order in sudo_debug.h */
-const char *const sudo_debug_subsystems[] = {
+static const char *const sudo_debug_subsystems[] = {
     "main",
     "args",
     "exec",
@@ -110,21 +110,13 @@ const char *const sudo_debug_subsystems[] = {
 
 #define NUM_SUBSYSTEMS	(sizeof(sudo_debug_subsystems) / sizeof(sudo_debug_subsystems[0]) - 1)
 
-/* Values for sudo_debug_mode */
-#define SUDO_DEBUG_MODE_DISABLED	0
-#define SUDO_DEBUG_MODE_FILE		1
-#define SUDO_DEBUG_MODE_CONV		2
-
 static int sudo_debug_settings[NUM_SUBSYSTEMS];
 static int sudo_debug_fd = -1;
-static int sudo_debug_mode;
+static bool sudo_debug_initialized;
 static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3];
 static size_t sudo_debug_pidlen;
 static const int num_subsystems = NUM_SUBSYSTEMS;
 
-/* Exposed for sudo_printf.c */
-void sudo_debug_write_file(const char *func, const char *file, int line, const char *str, int len, int errno_val);
-
 /*
  * Parse settings string from sudo.conf and open debugfile.
  * Returns 1 on success, 0 if cannot open debugfile.
@@ -136,34 +128,33 @@ int sudo_debug_init(const char *debugfile, const char *settings)
     int i, j;
 
     /* Make sure we are not already initialized. */
-    if (sudo_debug_mode != SUDO_DEBUG_MODE_DISABLED)
+    if (sudo_debug_initialized)
+	return 1;
+
+    /* A debug file name is required. */
+    if (debugfile == NULL)
 	return 1;
 
     /* Init per-subsystems settings to -1 since 0 is a valid priority. */
     for (i = 0; i < num_subsystems; i++)
 	sudo_debug_settings[i] = -1;
 
-    /* Open debug file if specified. */
+    /* Open debug file. */
-    if (debugfile != NULL) {
+    if (sudo_debug_fd != -1)
-	if (sudo_debug_fd != -1)
+	close(sudo_debug_fd);
-	    close(sudo_debug_fd);
+    sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR);
-	sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR);
+    if (sudo_debug_fd == -1) {
-	if (sudo_debug_fd == -1) {
+	/* Create debug file as needed and set group ownership. */
-	    /* Create debug file as needed and set group ownership. */
+	if (errno == ENOENT) {
-	    if (errno == ENOENT) {
+	    sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
-		sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
+		S_IRUSR|S_IWUSR);
-		    S_IRUSR|S_IWUSR);
-	    }
-	    if (sudo_debug_fd == -1)
-		return 0;
-	    ignore_result(fchown(sudo_debug_fd, (uid_t)-1, 0));
 	}
-	(void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC);
+	if (sudo_debug_fd == -1)
-	sudo_debug_mode = SUDO_DEBUG_MODE_FILE;
+	    return 0;
-    } else {
+	ignore_result(fchown(sudo_debug_fd, (uid_t)-1, 0));
-	/* Called from the plugin, no debug file. */
-	sudo_debug_mode = SUDO_DEBUG_MODE_CONV;
     }
+    (void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC);
+    sudo_debug_initialized = true;
 
     /* Stash the pid string so we only have to format it once. */
     (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ",
@@ -298,44 +289,8 @@ sudo_debug_exit_ptr(const char *func, const char *file, int line,
 	"<- %s @ %s:%d := %p", func, file, line, rval);
 }
 
-static void
-sudo_debug_write_conv(const char *func, const char *file, int lineno,
-    const char *str, int len, int errnum)
-{
-    /* Remove trailing newlines. */
-    while (len > 0 && str[len - 1] == '\n')
-	len--;
-
-    if (len > 0) {
-	if (func != NULL && file != NULL) {
-	    if (errnum) {
-		sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s @ %s() %s:%d",
-		    len, str, strerror(errnum), func, file, lineno);
-	    } else {
-		sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s @ %s() %s:%d",
-		    len, str, func, file, lineno);
-	    }
-	} else {
-	    if (errnum) {
-		sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s",
-		    len, str, strerror(errnum));
-	    } else {
-		sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s", len, str);
-	    }
-	}
-    } else if (errnum) {
-	/* Only print error string. */
-	if (func != NULL && file != NULL) {
-	    sudo_printf(SUDO_CONV_DEBUG_MSG, "%s @ %s() %s:%d",
-		strerror(errnum), func, file, lineno);
-	} else {
-	    sudo_printf(SUDO_CONV_DEBUG_MSG, "%s", strerror(errnum));
-	}
-    }
-}
-
 void
-sudo_debug_write_file(const char *func, const char *file, int lineno,
+sudo_debug_write2(const char *func, const char *file, int lineno,
     const char *str, int len, int errnum)
 {
     char *timestr, numbuf[(((sizeof(int) * 8) + 2) / 3) + 2];
@@ -411,20 +366,6 @@ sudo_debug_write_file(const char *func, const char *file, int lineno,
     ignore_result(writev(sudo_debug_fd, iov, iovcnt));
 }
 
-void
-sudo_debug_write2(const char *func, const char *file, int lineno,
-    const char *str, int len, int errnum)
-{
-    switch (sudo_debug_mode) {
-    case SUDO_DEBUG_MODE_CONV:
-	sudo_debug_write_conv(func, file, lineno, str, len, errnum);
-	break;
-    case SUDO_DEBUG_MODE_FILE:
-	sudo_debug_write_file(func, file, lineno, str, len, errnum);
-	break;
-    }
-}
-
 void
 sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level,
     const char *fmt, va_list ap)
@@ -432,7 +373,7 @@ sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level,
     int buflen, pri, subsys, saved_errno = errno;
     char static_buf[1024], *buf = static_buf;
 
-    if (!sudo_debug_mode)
+    if (!sudo_debug_initialized)
 	return;
 
     /* Extract pri and subsystem from level. */
@@ -491,7 +432,7 @@ sudo_debug_execve2(int level, const char *path, char *const argv[], char *const
     int buflen, pri, subsys, log_envp = 0;
     size_t plen;
 
-    if (!sudo_debug_mode)
+    if (!sudo_debug_initialized)
 	return;
 
     /* Extract pri and subsystem from level. */

lib/util/sudo_printf.c

@@ -33,15 +33,11 @@
 #include "sudo_plugin.h"
 #include "sudo_debug.h"
 
-/* Not exported outside libsudo_util */
-void sudo_debug_write_file(const char *func, const char *file, int line, const char *str, int len, int errno_val);
-
 __dso_public int
 _sudo_printf(int msg_type, const char *fmt, ...)
 {
     va_list ap;
-    char *buf;
+    int len;
-    int len = -1;
 
     switch (msg_type) {
     case SUDO_CONV_INFO_MSG:
@@ -54,15 +50,8 @@ _sudo_printf(int msg_type, const char *fmt, ...)
 	len = vfprintf(stderr, fmt, ap);
 	va_end(ap);
 	break;
-    case SUDO_CONV_DEBUG_MSG:
-	/* XXX - add debug version of vfprintf()? */
-	va_start(ap, fmt);
-	len = vasprintf(&buf, fmt, ap);
-	va_end(ap);
-	if (len != -1)
-	    sudo_debug_write_file(NULL, NULL, 0, buf, len, 0);
-	break;
     default:
+	len = -1;
 	errno = EINVAL;
 	break;
     }

plugins/sudoers/iolog.c

@@ -569,8 +569,6 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
     struct iolog_details details;
     char pathbuf[PATH_MAX], sessid[7];
     char *tofree = NULL;
-    char * const *cur;
-    const char *debug_flags = NULL;
     size_t len;
     int i, rval = -1;
     debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN)
@@ -589,16 +587,6 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
     sudo_setpwent();
     sudo_setgrent();
 
-    /*
-     * Check for debug flags in settings list.
-     */
-    for (cur = settings; *cur != NULL; cur++) {
-	if (strncmp(*cur, "debug_flags=", sizeof("debug_flags=") - 1) == 0)
-	    debug_flags = *cur + sizeof("debug_flags=") - 1;
-    }
-    if (debug_flags != NULL)
-	sudo_debug_init(NULL, debug_flags);
-
     /*
      * Pull iolog settings out of command_info.
      */

plugins/sudoers/policy.c

@@ -88,7 +88,6 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
     struct sudoers_policy_open_info *info = v;
     char * const *cur;
     const char *p, *errstr, *groups = NULL;
-    const char *debug_flags = NULL;
     const char *remhost = NULL;
     int flags = 0;
     debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN)
@@ -153,10 +152,6 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 	    }
 	    continue;
 	}
-	if (MATCHES(*cur, "debug_flags=")) {
-	    debug_flags = *cur + sizeof("debug_flags=") - 1;
-	    continue;
-	}
 	if (MATCHES(*cur, "runas_user=")) {
 	    *runas_user = *cur + sizeof("runas_user=") - 1;
 	    sudo_user.flags |= RUNAS_USER_SPECIFIED;
@@ -367,14 +362,11 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
     user_umask = umask(SUDO_UMASK);
     umask(user_umask);
 
-    /* Setup debugging if indicated. */
+    /* Settings and user info debug. */
-    if (debug_flags != NULL) {
+    for (cur = info->settings; *cur != NULL; cur++)
-	sudo_debug_init(NULL, debug_flags);
+	sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);
-	for (cur = info->settings; *cur != NULL; cur++)
+    for (cur = info->user_info; *cur != NULL; cur++)
-	    sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);
+	sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur);
-	for (cur = info->user_info; *cur != NULL; cur++)
-	    sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur);
-    }
 
 #undef MATCHES
     debug_return_int(flags);