As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin. As a result, plugin options set for
sudoers_policy have no effect. If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
Now that logging of successful commands is performed by sudoers as an
audit plugin we need to load sudoers_audit if sudoers_policy is also
loaded. Otherwise, accpted commands will not be logged.
Previously we needed to include headers required by the various
sudo*h files. Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
The warning message said the later I/O plugin was ignored but it
actually overwrote the existing one instead.
The first registered plugin of the same name now is used, as was intended.
Specifying more than one policy plugin is no longer a fatal error;
this allows the admin to fix the situation.
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
even if only defined to NULL. This means the accessors can always be
present.
Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.
Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.
Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
sudo front-end will now set the default debug instance appropriately
before calling into the plugin. This means the plugin no longer needs
to do the sudo_debug_set_default_instance() dance.
set the values after the entire file has been parsed. This lets
us init the debug system earlier. Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
statically compiling in the sudoers plugin but still allow other
plugins to be loaded. The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary. This does not prevent other plugins from being
loaded as per sudo.conf.
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
