Make path_plugin_dir private to policy.c and add getter.

plugins/sudoers/group_plugin.c

@@ -38,7 +38,6 @@
 
 static void *group_handle;
 static struct sudoers_group_plugin *group_plugin;
-const char *path_plugin_dir = _PATH_SUDO_PLUGIN_DIR;
 
 /*
  * Check for a fallback path when the original group plugin is not loadable.
@@ -130,9 +129,10 @@ done:
  * Returns -1 if unable to open the plugin, else it returns
  * the value from the plugin's init function.
  */
-int
+static int
 group_plugin_load(const char *plugin_info)
 {
+    const char *plugin_dir = policy_path_plugin_dir();
     char *args, path[PATH_MAX];
     char **argv = NULL;
     int len, rc = -1;
@@ -144,17 +144,17 @@ group_plugin_load(const char *plugin_info)
      */
     if ((args = strpbrk(plugin_info, " \t")) != NULL) {
 	len = snprintf(path, sizeof(path), "%s%.*s",
-	    (*plugin_info != '/') ? path_plugin_dir : "",
+	    (*plugin_info != '/') ? plugin_dir : "",
 	    (int)(args - plugin_info), plugin_info);
 	args++;
     } else {
 	len = snprintf(path, sizeof(path), "%s%s",
-	    (*plugin_info != '/') ? path_plugin_dir : "", plugin_info);
+	    (*plugin_info != '/') ? plugin_dir : "", plugin_info);
     }
     if (len < 0 || len >= ssizeof(path)) {
 	errno = ENAMETOOLONG;
 	sudo_warn("%s%s",
-	    (*plugin_info != '/') ? path_plugin_dir : "", plugin_info);
+	    (*plugin_info != '/') ? plugin_dir : "", plugin_info);
 	goto done;
     }
 
@@ -271,7 +271,7 @@ group_plugin_query(const char *user, const char *group,
  * No loadable shared object support.
  */
 
-int
+static int
 group_plugin_load(const char *plugin_info)
 {
     debug_decl(group_plugin_load, SUDOERS_DEBUG_UTIL);

plugins/sudoers/policy.c

@@ -58,6 +58,7 @@ sudo_printf_t sudo_printf;
 struct sudo_plugin_event * (*plugin_event_alloc)(void);
 static const char *path_ldap_conf = _PATH_LDAP_CONF;
 static const char *path_ldap_secret = _PATH_LDAP_SECRET;
+static const char *path_plugin_dir = _PATH_SUDO_PLUGIN_DIR;
 static const char *path_sudoers = _PATH_SUDOERS;
 static bool session_opened;
 int sudoedit_nfiles;
@@ -627,6 +628,13 @@ policy_sudoers_conf(void)
     return &sudoers_conf;
 }
 
+/* Return the path to the sudo plugin directory. */
+const char *
+policy_path_plugin_dir(void)
+{
+    return path_plugin_dir;
+}
+
 /* Return the path to ldap.conf file, which may be set in the plugin args. */
 const char *
 policy_path_ldap_conf(void)

plugins/sudoers/regress/fuzz/fuzz_policy.c

@@ -47,7 +47,6 @@
 extern char **environ;
 extern sudo_dso_public struct policy_plugin sudoers_policy;
 
-const char *path_plugin_dir = _PATH_SUDO_PLUGIN_DIR;
 char *audit_msg;
 
 static int pass;
@@ -912,4 +911,3 @@ bsdauth_set_style(const char *style)
 {
     return;
 }
-

plugins/sudoers/sudoers.h

@@ -398,14 +398,13 @@ bool sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], mode
 const struct sudoers_parser_config *policy_sudoers_conf(void);
 const char *policy_path_ldap_conf(void);
 const char *policy_path_ldap_secret(void);
+const char *policy_path_plugin_dir(void);
 
 /* group_plugin.c */
-int group_plugin_load(const char *plugin_info);
 void group_plugin_unload(void);
 int group_plugin_query(const char *user, const char *group,
     const struct passwd *pwd);
 bool cb_group_plugin(const char *file, int line, int column, const union sudo_defs_val *sd_un, int op);
-extern const char *path_plugin_dir;
 
 /* editor.c */
 char *find_editor(int nfiles, char * const *files, int *argc_out,

plugins/sudoers/testsudoers.c

@@ -757,6 +757,12 @@ done:
     debug_return;
 }
 
+const char *
+policy_path_plugin_dir(void)
+{
+    return _PATH_SUDO_PLUGIN_DIR;
+}
+
 static int
 testsudoers_output(const char * restrict buf)
 {