Add dlopen() emulation for systems without it.

For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().

Makefile.in

@@ -39,7 +39,7 @@ sudoers_uid = @SUDOERS_UID@
 sudoers_gid = @SUDOERS_GID@
 sudoers_mode = @SUDOERS_MODE@
 
-SUBDIRS = compat common src plugins/sudoers include doc
+SUBDIRS = compat common plugins/sudoers src include doc
 
 SAMPLES = plugins/sample plugins/sample_group
 

compat/Makefile.in

@@ -76,6 +76,7 @@ siglist.lo: siglist.c $(incdir)/missing.h $(top_builddir)/config.h
 
 # Dependencies
 closefrom.lo: $(compat)/closefrom.c $(incdir)/missing.h $(top_builddir)/config.h
+dlopen.lo: $(compat)/dlopen.c $(compat)/dlfcn.h $(incdir)/missing.h $(top_builddir)/config.h
 fnmatch.lo: $(compat)/fnmatch.c $(compat)/fnmatch.h $(compat)/charclass.h $(incdir)/missing.h $(top_builddir)/config.h
 getcwd.lo: $(compat)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h
 getline.lo: $(compat)/getline.c $(incdir)/missing.h $(top_builddir)/config.h

compat/dlfcn.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Emulated functions. */
+void *dlopen(const char *path, int mode);
+int dlclose(void *handle);
+void *dlsym(void *handle, const char *symbol);
+const char *dlerror(void);
+
+/* Values for dlopen() mode. */
+#define RTLD_LAZY	0x1
+#define RTLD_NOW	0x2
+#define RTLD_GLOBAL	0x4
+#define RTLD_LOCAL	0x8
+
+/* Special handle arguments for dlsym(). */
+#define	RTLD_NEXT	((void *) -1)	/* Search subsequent objects. */
+#define	RTLD_DEFAULT	((void *) -2)	/* Use default search algorithm. */
+#define	RTLD_SELF	((void *) -3)	/* Search the caller itself. */
+
+#endif /* !_DLFCN_H_ */

compat/dlopen.c

@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <errno.h>
+
+#include "compat/dlfcn.h"
+#include "missing.h"
+
+#ifdef HAVE_SHL_LOAD
+/*
+ * Emulate dlopen() using shl_load().
+ */
+#include <dl.h>
+
+#ifndef DYNAMIC_PATH
+# define DYNAMIC_PATH	0
+#endif
+
+void *
+dlopen(const char *path, int mode)
+{
+    int flags = DYNAMIC_PATH;
+    shl_t handle;
+
+    if (mode == 0)
+	mode = RTLD_LAZY;	/* default behavior */
+
+    if (ISSET(mode, RTLD_LAZY))
+	flags |= BIND_DEFERRED
+    if (ISSET(mode, RTLD_NOW))
+	flags |= BIND_IMMEDIATE
+
+    /* We don't support RTLD_GLOBAL or RTLD_LOCAL yet. */
+
+    return (void *)handle;
+}
+
+int
+dlclose(void *handle)
+{
+    return shl_unload((shl_t)handle);
+}
+
+void *
+dlsym(void *handle, const char *symbol)
+{
+    shl_t handle;
+    void *value = NULL;
+
+    (void)shl_findsym(&handle, symbol, TYPE_UNDEFINED, (void *)&value);
+
+    return value;
+}
+
+char *
+dlerror(void)
+{
+    return strerror(errno);
+}
+
+#else /* !HAVE_SHL_LOAD */
+
+/*
+ * Emulate dlopen() using a static list of symbols compiled into sudo.
+ */
+
+struct sudo_preload_table {
+    const char *name;
+    void *address;
+};
+extern sudo_preload_table;
+
+void *
+dlopen(const char *path, int mode)
+{
+    return path;
+}
+
+int
+dlclose(void *handle)
+{
+    return 0;
+}
+
+void *
+dlsym(void *handle, const char *symbol)
+{
+    struct sudo_preload_table *sym;
+
+    for (sym = sudo_preload_table; sym->name != NULL; sym++) {
+	if (strcmp(symbol, sym->name) == 0)
+	    return sym->address;
+    }
+    return NULL;
+}
+
+char *
+dlerror(void)
+{
+    return strerror(errno);
+}
+
+#endif /* HAVE_SHL_LOAD */

config.h.in

@@ -104,6 +104,9 @@
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
+/* Define to 1 if you have the `dlopen' function. */
+#undef HAVE_DLOPEN
+
 /* Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags. */
 #undef HAVE_EXTENDED_GLOB
 
@@ -424,6 +427,9 @@
 /* Define to 1 if you have the `set_auth_parameters' function. */
 #undef HAVE_SET_AUTH_PARAMETERS
 
+/* Define to 1 if you have the `shl_load' function. */
+#undef HAVE_SHL_LOAD
+
 /* Define to 1 if you have the `sia_ses_init' function. */
 #undef HAVE_SIA_SES_INIT
 

configure

@@ -823,7 +823,6 @@ CONFIGURE_ARGS
 ac_config_libobj_dir
 LIBTOOL_DEPS
 ZLIB
-NONUNIX_GROUPS_IMPL
 LOGINCAP_USAGE
 LDAP
 SELINUX_USAGE
@@ -2965,7 +2964,6 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
 
 
 
-
 
 
 #
@@ -6770,13 +6768,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
 else
   lt_cv_nm_interface="BSD nm"
   echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:6773: $ac_compile\"" >&5)
+  (eval echo "\"\$as_me:6771: $ac_compile\"" >&5)
   (eval "$ac_compile" 2>conftest.err)
   cat conftest.err >&5
-  (eval echo "\"\$as_me:6776: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+  (eval echo "\"\$as_me:6774: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
   (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
   cat conftest.err >&5
-  (eval echo "\"\$as_me:6779: output\"" >&5)
+  (eval echo "\"\$as_me:6777: output\"" >&5)
   cat conftest.out >&5
   if $GREP 'External.*some_variable' conftest.out > /dev/null; then
     lt_cv_nm_interface="MS dumpbin"
@@ -7981,7 +7979,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 7984 "configure"' > conftest.$ac_ext
+  echo '#line 7982 "configure"' > conftest.$ac_ext
   if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -9373,11 +9371,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9376: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9374: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:9380: \$? = $ac_status" >&5
+   echo "$as_me:9378: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -9712,11 +9710,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9715: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9713: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:9719: \$? = $ac_status" >&5
+   echo "$as_me:9717: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -9817,11 +9815,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9820: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9818: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:9824: \$? = $ac_status" >&5
+   echo "$as_me:9822: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -9872,11 +9870,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9875: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9873: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:9879: \$? = $ac_status" >&5
+   echo "$as_me:9877: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -12239,7 +12237,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 12242 "configure"
+#line 12240 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -12335,7 +12333,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 12338 "configure"
+#line 12336 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -18078,8 +18076,46 @@ $as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the
 fi
 
 #
-# Add library needed for dynamic linking, if any.
-# XXX - using the cache value like this is ugly
+# How to do dynamic object loading.
+# We support dlopen() and sh_load(), else fall back to static loading.
+#
+case "$lt_cv_dlopen" in
+    dlopen)
+	SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+	;;
+    shl_load)
+	$as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h
+
+	SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+	;;
+    no)
+	# Preload sudoers module symbols
+	SUDO_OBJS="${SUDO_OBJS} preload.o"
+	SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
+	;;
+esac
+for ac_func in dlopen
+do :
+  ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DLOPEN 1
+_ACEOF
+
+else
+  case " $LIBOBJS " in
+  *" $ac_func.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+
+
+#
+# Add library needed for dynamic loading, if any.
 #
 LIBDL="$lt_cv_dlopen_libs"
 if test X"$LIBDL" != X""; then
@@ -20560,5 +20596,6 @@ fi
 
 
 
+
 
 

configure.in

@@ -55,12 +55,12 @@ AC_SUBST([BSDAUTH_USAGE])
 AC_SUBST([SELINUX_USAGE])
 AC_SUBST([LDAP])
 AC_SUBST([LOGINCAP_USAGE])
-AC_SUBST([NONUNIX_GROUPS_IMPL])
 AC_SUBST([ZLIB])
 AC_SUBST([LIBTOOL_DEPS])
 AC_SUBST([ac_config_libobj_dir])
 AC_SUBST([CONFIGURE_ARGS])
 AC_SUBST([LIBDL])
+AC_SUBST([LT_STATIC])
 dnl
 dnl Variables that get substituted in docs (not overridden by environment)
 dnl
@@ -2663,8 +2663,30 @@ if test ${with_ldap-'no'} != "no"; then
 fi
 
 #
-# Add library needed for dynamic linking, if any.
-# XXX - using the cache value like this is ugly
+# How to do dynamic object loading.
+# We support dlopen() and sh_load(), else fall back to static loading.
+#
+case "$lt_cv_dlopen" in
+    dlopen)
+	SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+	LT_STATIC='--tag=disable-static"
+	;;
+    shl_load)
+	AC_DEFINE(HAVE_SHL_LOAD)
+	SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+	LT_STATIC='--tag=disable-static"
+	;;
+    no)
+	# Preload sudoers module symbols
+	SUDO_OBJS="${SUDO_OBJS} preload.o"
+	SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
+	LT_STATIC=""
+	;;
+esac
+AC_REPLACE_FUNCS(dlopen)
+
+#
+# Add library needed for dynamic loading, if any.
 #
 LIBDL="$lt_cv_dlopen_libs"
 if test X"$LIBDL" != X""; then
@@ -2855,6 +2877,7 @@ AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file
 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
 AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
+AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])

plugins/sample/Makefile.in

@@ -30,7 +30,7 @@ VPATH = $(srcdir)
 
 # Compiler & tools to use
 CC = @CC@
-LIBTOOL = @LIBTOOL@ --tag=disable-static
+LIBTOOL = @LIBTOOL@ @LT_STATIC@
 
 # Our install program supports extra flags...
 INSTALL = $(SHELL) $(top_srcdir)/install-sh -c

plugins/sample_group/Makefile.in

@@ -30,7 +30,7 @@ VPATH = $(srcdir)
 
 # Compiler & tools to use
 CC = @CC@
-LIBTOOL = @LIBTOOL@ --tag=disable-static
+LIBTOOL = @LIBTOOL@ @LT_STATIC@
 
 # Our install program supports extra flags...
 INSTALL = $(SHELL) $(top_srcdir)/install-sh -c

plugins/sudoers/Makefile.in

@@ -103,12 +103,11 @@ PROGS = sudoers.la visudo sudoreplay testsudoers
 AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
 
 LIBSUDOERS_OBJS = alias.lo audit.lo defaults.lo gram.lo match.lo pwutil.lo \
-		  timestr.lo toke.lo redblack.lo @NONUNIX_GROUPS_IMPL@
+		  timestr.lo toke.lo redblack.lo
 
-SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo plugin_error.lo env.lo \
-	       goodpath.lo group_plugin.lo find_path.lo interfaces.lo \
-	       logging.lo parse.lo set_perms.lo sudoers.lo sudo_nss.lo \
-	       iolog.lo @SUDOERS_OBJS@
+SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo goodpath.lo \
+	       group_plugin.lo find_path.lo interfaces.lo logging.lo parse.lo \
+	       set_perms.lo sudoers.lo sudo_nss.lo iolog.lo @SUDOERS_OBJS@
 
 VISUDO_OBJS = visudo.o goodpath.o find_path.o error.o
 
@@ -149,7 +148,7 @@ libsudoers.la: $(LIBSUDOERS_OBJS)
 	$(LIBTOOL) --mode=link $(CC) -o $@ $(LIBSUDOERS_OBJS) -no-install
 
 sudoers.la: $(SUDOERS_OBJS) libsudoers.la
-	$(LIBTOOL) --tag=disable-static --mode=link $(CC) $(SUDOERS_LDFLAGS) -o $@ $(SUDOERS_OBJS) libsudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir)
+	$(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(SUDOERS_LDFLAGS) -o $@ $(SUDOERS_OBJS) libsudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir)
 
 visudo: libsudoers.la $(VISUDO_OBJS) $(LIBS)
 	$(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) libsudoers.la $(LIBS) $(NET_LIBS)

plugins/sudoers/group_plugin.c

@@ -16,6 +16,8 @@
 
 #include <config.h>
 
+#if defined(HAVE_DLOPEN) || defined(HAVE_SHL_LOAD)
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/stat.h>
@@ -41,13 +43,21 @@
 #if TIME_WITH_SYS_TIME
 # include <time.h>
 #endif
+#ifdef HAVE_DLFCN_H
+# include <dlfcn.h>
+#else
+# include "compat/dlfcn.h"
+#endif
 #include <ctype.h>
-#include <dlfcn.h>
 #include <errno.h>
 #include <pwd.h>
 
 #include "sudoers.h"
 
+#ifndef RTLD_LOCAL
+# define RTLD_LOCAL	0
+#endif
+
 static void *group_handle;
 static struct sudoers_group_plugin *group_plugin;
 
@@ -99,7 +109,7 @@ group_plugin_load(char *plugin_info)
     }
 
     /* Open plugin and map in symbol. */
-    group_handle = dlopen(path, RTLD_LAZY);
+    group_handle = dlopen(path, RTLD_LAZY|RTLD_LOCAL);
     if (!group_handle) {
 	warningx("unable to dlopen %s: %s", path, dlerror());
 	return -1;
@@ -161,3 +171,30 @@ group_plugin_query(const char *user, const char *group,
 {
     return (group_plugin->query)(user, group, pwd);
 }
+
+#else /* !HAVE_DLOPEN && !HAVE_SHL_LOAD */
+
+/*
+ * No loadable shared object support.
+ */
+
+int
+group_plugin_load(char *plugin_info)
+{
+    return FALSE;
+}
+
+void
+group_plugin_unload(void)
+{
+    return;
+}
+
+int
+group_plugin_query(const char *user, const char *group,
+    const struct passwd *pwd)
+{
+    return FALSE;
+}
+
+#endif /* HAVE_DLOPEN || HAVE_SHL_LOAD */

plugins/sudoers/plugin_error.c

@@ -30,9 +30,9 @@
 #include "sudo_plugin.h"
 
 static void _warning(int, const char *, va_list);
-       void cleanup(int);
+       void plugin_cleanup(int);
 
-sigjmp_buf error_jmp;
+extern sigjmp_buf error_jmp;
 
 extern sudo_conv_t sudo_conv;
 
@@ -44,7 +44,7 @@ error(int eval, const char *fmt, ...)
     va_start(ap, fmt);
     _warning(1, fmt, ap);
     va_end(ap);
-    cleanup(0);
+    plugin_cleanup(0);
     siglongjmp(error_jmp, eval);
 }
 
@@ -56,7 +56,7 @@ errorx(int eval, const char *fmt, ...)
     va_start(ap, fmt);
     _warning(0, fmt, ap);
     va_end(ap);
-    cleanup(0);
+    plugin_cleanup(0);
     siglongjmp(error_jmp, eval);
 }
 

plugins/sudoers/sudoers.c

@@ -150,7 +150,7 @@ int NewArgc;
 char **NewArgv;
 
 /* error.c */
-extern sigjmp_buf error_jmp;
+sigjmp_buf error_jmp;
 
 static int
 sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
@@ -1117,7 +1117,7 @@ set_runasgr(char *group)
  * Cleanup hook for error()/errorx()
  */
 void
-cleanup(int gotsignal)
+plugin_cleanup(int gotsignal)
 {
     struct sudo_nss *nss;
 

src/Makefile.in

@@ -30,7 +30,7 @@ VPATH = $(srcdir)
 
 # Compiler & tools to use
 CC = @CC@
-LIBTOOL = @LIBTOOL@ --tag=disable-static
+LIBTOOL = @LIBTOOL@ @LT_STATIC@
 
 # Our install program supports extra flags...
 INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
@@ -113,6 +113,7 @@ get_pty.o: $(srcdir)/get_pty.c $(SUDODEP)
 net_ifs.o: $(srcdir)/net_ifs.c $(SUDODEP)
 load_plugins.o: $(srcdir)/load_plugins.c $(SUDODEP)
 parse_args.o: $(srcdir)/parse_args.c sudo_usage.h $(SUDODEP)
+preload.o: $(srcdir)/preload.c $(incdir)/sudo_plugin.h $(top_builddir)/config.h
 selinux.o: $(srcdir)/selinux.c $(SUDODEP)
 sesh.o: $(srcdir)/sesh.c $(incdir)/missing.h $(top_builddir)/config.h
 sudo.o: $(srcdir)/sudo.c $(SUDODEP)

src/load_plugins.c

@@ -37,13 +37,21 @@
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
+#ifdef HAVE_DLFCN_H
+# include <dlfcn.h>
+#else
+# include "compat/dlfcn.h"
+#endif
 #include <errno.h>
-#include <dlfcn.h>
 
 #include "sudo.h"
 #include "sudo_plugin.h"
 #include "sudo_plugin_int.h"
 
+#ifndef RTLD_LOCAL
+# define RTLD_LOCAL	0
+#endif
+
 /*
  * Read in /etc/sudo.conf
  * Returns a list of plugins.
@@ -157,7 +165,7 @@ sudo_load_plugins(const char *conf_file,
 	    errorx(1, "%s must be only be writable by owner", path);
 
 	/* Open plugin and map in symbol */
-	handle = dlopen(path, RTLD_LAZY);
+	handle = dlopen(path, RTLD_LAZY|RTLD_LOCAL);
 	if (!handle)
 	    errorx(1, "unable to dlopen %s: %s", path, dlerror());
 	plugin = dlsym(handle, info->symbol_name);

src/preload.c

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include "sudo_plugin.h"
+
+extern struct policy_plugin sudoers_policy;
+extern struct io_plugin sudoers_io;
+
+struct sudo_preload_table {
+    const char *name;
+    void *address;
+} sudo_preload_table = {
+    { "sudoers_policy", (void *) &sudoers_policy},
+    { "sudoers_io", (void *) &sudoers_io},
+    { NULL, NULL }
+};