The sudo.conf file is considered a trusted source of information
and these checks suffer from TOCTOU issues anyway. The checks
complicate loading of shared objects since we need to perform
fallback processing twice.
If the .so file is missing but the .a file exists, try to dlopen()
the AIX .a file using the .so name as the member. We need to avoid
breaking existing configurations if the type of AIX shared library
changes when sudo is upgraded.
This removes the need to use the -brtl linker flag which can cause
problems when there are both a .so and .a version of the same library
but with different versions. This was particularly problematic
when using the AIX freeware version of OpenSSL. The --with-aix-soname=svr4
option can be used to build SVR4-style shared libs instead.
As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin. As a result, plugin options set for
sudoers_policy have no effect. If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
Now that logging of successful commands is performed by sudoers as an
audit plugin we need to load sudoers_audit if sudoers_policy is also
loaded. Otherwise, accpted commands will not be logged.
Previously we needed to include headers required by the various
sudo*h files. Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
The warning message said the later I/O plugin was ignored but it
actually overwrote the existing one instead.
The first registered plugin of the same name now is used, as was intended.
Specifying more than one policy plugin is no longer a fatal error;
this allows the admin to fix the situation.
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
even if only defined to NULL. This means the accessors can always be
present.
Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.
Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.
Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
