Change how sudo.conf is parsed. We now do a quick parse and then

set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.

diff --git a/MANIFEST b/MANIFEST
index da3bbd67d9597d75248d10ed900b7cf99ccbf6ec..c567d88736ad07f0c9cf685b533f32598a979b09 100644 (file)
--- a/MANIFEST
+++ b/MANIFEST
@@ -131,6 +131,8 @@ lib/util/regress/sudo_conf/test5.in
 lib/util/regress/sudo_conf/test5.out.ok
 lib/util/regress/sudo_conf/test6.in
 lib/util/regress/sudo_conf/test6.out.ok
+lib/util/regress/sudo_conf/test7.in
+lib/util/regress/sudo_conf/test7.out.ok
 lib/util/regress/sudo_parseln/parseln_test.c
 lib/util/regress/sudo_parseln/test1.in
 lib/util/regress/sudo_parseln/test1.out.ok

diff --git a/doc/sudo.conf.cat b/doc/sudo.conf.cat
index 26c0cfc700f4174f11df8dfffbd190e912e98e98..a9c37e6dcdc15bd40787504296c51fcf39cf3097 100644 (file)
--- a/doc/sudo.conf.cat
+++ b/doc/sudo.conf.cat
@@ -238,10 +238,13 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
      would log all debugging statements at the _\bw_\ba_\br_\bn level and higher in
      addition to those at the _\bi_\bn_\bf_\bo level for the plugin subsystem.
 
-     Currently, only one Debug entry per program is supported.  The s\bsu\bud\bdo\bo Debug
-     entry is shared by the s\bsu\bud\bdo\bo front end, s\bsu\bud\bdo\boe\bed\bdi\bit\bt and the plugins.  A
-     future release may add support for per-plugin Debug lines and/or support
-     for multiple debugging files for a single program.
+     As of s\bsu\bud\bdo\bo 1.8.12, multiple Debug entries may be specified per program.
+     Older versions of s\bsu\bud\bdo\bo only support a single Debug entry per program.
+     Plugin-specific Debug entries are also supported starting with s\bsu\bud\bdo\bo
+     1.8.12 and are matched by either the base name of the plugin that was
+     loaded (for example sudoers.so) or by the plugin's fully-qualified path
+     name.  Previously, the s\bsu\bud\bdo\boe\ber\brs\bs plugin shared the same Debug entry as the
+     s\bsu\bud\bdo\bo front end and could not be configured separately.
 
      The following priorities are supported, in order of decreasing severity:
      _\bc_\br_\bi_\bt, _\be_\br_\br, _\bw_\ba_\br_\bn, _\bn_\bo_\bt_\bi_\bc_\be, _\bd_\bi_\ba_\bg, _\bi_\bn_\bf_\bo, _\bt_\br_\ba_\bc_\be and _\bd_\be_\bb_\bu_\bg.  Each priority,
@@ -405,4 +408,4 @@ D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
      file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.11                      July 24, 2014                     Sudo 1.8.11
+Sudo 1.8.11                    October 21, 2014                    Sudo 1.8.11

diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in
index c121d8d5c0859aba9d7deef180ad13aac32b8bb2..9816f0e37887c94f73ad2b78d37454167c5a381c 100644 (file)
--- a/doc/sudo.conf.man.in
+++ b/doc/sudo.conf.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDO" "5" "July 24, 2014" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO" "5" "October 21, 2014" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -460,19 +460,31 @@ level and higher in addition to those at the
 \fIinfo\fR
 level for the plugin subsystem.
 .PP
-Currently, only one
+As of
+\fBsudo\fR
+1.8.12, multiple
 \fRDebug\fR
-entry per program is supported.  The
+entries may be specified per program.
+Older versions of
 \fBsudo\fR
+only support a single
+\fRDebug\fR
+entry per program.
+Plugin-specific
 \fRDebug\fR
-entry is shared by the
+entries are also supported starting with
 \fBsudo\fR
-front end,
-\fBsudoedit\fR
-and the plugins.  A future release may add support for per-plugin
+1.8.12 and are matched by either the base name of the plugin that was loaded
+(for example
+\fRsudoers.so\fR)
+or by the plugin's fully-qualified path name.
+Previously, the
+\fBsudoers\fR
+plugin shared the same
 \fRDebug\fR
-lines and/or support for multiple debugging files for a single
-program.
+entry as the
+\fBsudo\fR
+front end and could not be configured separately.
 .PP
 The following priorities are supported, in order of decreasing severity:
 \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR

diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in
index c987f513b5f29acd64d1737d024e4af96621a7b7..357ddda4511a9479c092601aa13bbfbbd690bf1c 100644 (file)
--- a/doc/sudo.conf.mdoc.in
+++ b/doc/sudo.conf.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd July 24, 2014
+.Dd October 21, 2014
 .Dt SUDO @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -413,19 +413,31 @@ level and higher in addition to those at the
 .Em info
 level for the plugin subsystem.
 .Pp
-Currently, only one
+As of
+.Nm sudo
+1.8.12, multiple
 .Li Debug
-entry per program is supported.  The
+entries may be specified per program.
+Older versions of
 .Nm sudo
+only support a single
+.Li Debug
+entry per program.
+Plugin-specific
 .Li Debug
-entry is shared by the
+entries are also supported starting with
 .Nm sudo
-front end,
-.Nm sudoedit
-and the plugins.  A future release may add support for per-plugin
+1.8.12 and are matched by either the base name of the plugin that was loaded
+(for example
+.Li sudoers.so )
+or by the plugin's fully-qualified path name.
+Previously, the
+.Nm sudoers
+plugin shared the same
 .Li Debug
-lines and/or support for multiple debugging files for a single
-program.
+entry as the
+.Nm sudo
+front end and could not be configured separately.
 .Pp
 The following priorities are supported, in order of decreasing severity:
 .Em crit , err , warn , notice , diag , info , trace

diff --git a/doc/sudo_plugin.cat b/doc/sudo_plugin.cat
index 4943db8337f1991584d54d31b4d364507e7cf514..277a165305a1d17828acf076464868cf994bf031 100644 (file)
--- a/doc/sudo_plugin.cat
+++ b/doc/sudo_plugin.cat
@@ -115,15 +115,20 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
                        or another value, back in the _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
 
                  debug_flags=string
-                       A comma-separated list of debug flags that correspond
-                       to s\bsu\bud\bdo\bo's Debug entry in sudo.conf(4), if there is one.
-                       The flags are passed to the plugin as they appear in
-                       sudo.conf(4).  The syntax used by s\bsu\bud\bdo\bo and the s\bsu\bud\bdo\boe\ber\brs\bs
-                       plugin is _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by but the plugin is free to
-                       use a different format so long as it does not include a
-                       comma (`,').  There is not currently a way to specify a
-                       set of debug flags specific to the plugin--the flags
-                       are shared by s\bsu\bud\bdo\bo and the plugin.
+                       A debug file path name followed by a space and a comma-
+                       separated list of debug flags that correspond to the
+                       plugin's Debug entry in sudo.conf(4), if there is one.
+                       The flags are passed to the plugin exactly as they
+                       appear in sudo.conf(4).  The syntax used by s\bsu\bud\bdo\bo and
+                       the s\bsu\bud\bdo\boe\ber\brs\bs plugin is _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by but a plugin
+                       is free to use a different format so long as it does
+                       not include a comma (`,').  Prior to s\bsu\bud\bdo\bo 1.8.12, there
+                       was no way to specify plugin-specific _\bd_\be_\bb_\bu_\bg_\b__\bf_\bl_\ba_\bg_\bs so
+                       the value was always the same as that used by the s\bsu\bud\bdo\bo
+                       front end and did not include a path name, only the
+                       flags themselves.  As of version 1.7 of the plugin
+                       interface, s\bsu\bud\bdo\bo will only pass _\bd_\be_\bb_\bu_\bg_\b__\bf_\bl_\ba_\bg_\bs if
+                       sudo.conf(4) contains a plugin-specific Debug entry.
 
                  debug_level=number
                        This setting has been deprecated in favor of
@@ -1470,6 +1475,10 @@ P\bPL\bLU\bUG\bGI\bIN\bN A\bAP\bPI\bI C\bCH\bHA\bAN\bNG\bGE\bEL\bLO\bOG\bG
      Version 1.7 (sudo 1.8.12)
            The _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bp_\ba_\bt_\bh entry was added to the settings list.
 
+           The _\bd_\be_\bb_\bu_\bg_\b__\bf_\bl_\ba_\bg_\bs entry now starts with a debug file path name and
+           may occur multiple times if there are multiple plugin-specific
+           Debug lines in the sudo.conf(4) file.
+
 S\bSE\bEE\bE A\bAL\bLS\bSO\bO
      sudo.conf(4), sudoers(4), sudo(1m)
 
@@ -1489,4 +1498,4 @@ D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
      file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.11                    September 8, 2014                   Sudo 1.8.11
+Sudo 1.8.11                    October 21, 2014                    Sudo 1.8.11

diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in
index c34b5754a18c8165abe56ac3d539ce274556077a..251223f4933fe31eb3dc2264b88124586d23aeb5 100644 (file)
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDO_PLUGIN" "5" "September 8, 2014" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "October 21, 2014" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -206,13 +206,13 @@ The plugin may optionally pass this, or another value, back in the
 list.
 .TP 6n
 debug_flags=string
-A comma-separated list of debug flags that correspond to
-\fBsudo\fR's
+A debug file path name followed by a space and a comma-separated
+list of debug flags that correspond to the plugin's
 \fRDebug\fR
 entry in
 sudo.conf(@mansectform@),
 if there is one.
-The flags are passed to the plugin as they appear in
+The flags are passed to the plugin exactly as they appear in
 sudo.conf(@mansectform@).
 The syntax used by
 \fBsudo\fR
@@ -220,13 +220,25 @@ and the
 \fBsudoers\fR
 plugin is
 \fIsubsystem\fR@\fIpriority\fR
-but the plugin is free to use a different
+but a plugin is free to use a different
 format so long as it does not include a comma
 (\(oq,\&\(cq).
-There is not currently a way to specify a set of debug flags specific
-to the plugin--the flags are shared by
+Prior to
 \fBsudo\fR
-and the plugin.
+1.8.12, there was no way to specify plugin-specific
+\fIdebug_flags\fR
+so the value was always the same as that used by the
+\fBsudo\fR
+front end and did not include a path name, only the flags themselves.
+As of version 1.7 of the plugin interface,
+\fBsudo\fR
+will only pass
+\fIdebug_flags\fR
+if
+sudo.conf(@mansectform@)
+contains a plugin-specific
+\fRDebug\fR
+entry.
 .TP 6n
 debug_level=number
 This setting has been deprecated in favor of
@@ -2623,6 +2635,12 @@ The
 entry was added to the
 \fRsettings\fR
 list.
+.sp
+The
+\fIdebug_flags\fR
+entry now starts with a debug file path name and may occur multiple
+times if there are multiple plugin-specific Debug lines in the
+sudo.conf(@mansectform@) file.
 .SH "SEE ALSO"
 sudo.conf(@mansectform@),
 sudoers(@mansectform@),

diff --git a/doc/sudo_plugin.mdoc.in b/doc/sudo_plugin.mdoc.in
index 1641d50591a5100134d6651f4ffc221859f5982b..98057fb035771807ae1d44fcb8fcc7a97ff9c5f9 100644 (file)
--- a/doc/sudo_plugin.mdoc.in
+++ b/doc/sudo_plugin.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd September 8, 2014
+.Dd October 21, 2014
 .Dt SUDO_PLUGIN @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -187,13 +187,13 @@ The plugin may optionally pass this, or another value, back in the
 .Em command_info
 list.
 .It debug_flags=string
-A comma-separated list of debug flags that correspond to
-.Nm sudo Ns 's
+A debug file path name followed by a space and a comma-separated
+list of debug flags that correspond to the plugin's
 .Li Debug
 entry in
 .Xr sudo.conf @mansectform@ ,
 if there is one.
-The flags are passed to the plugin as they appear in
+The flags are passed to the plugin exactly as they appear in
 .Xr sudo.conf @mansectform@ .
 The syntax used by
 .Nm sudo
@@ -201,13 +201,25 @@ and the
 .Nm sudoers
 plugin is
 .Em subsystem Ns @ Ns Em priority
-but the plugin is free to use a different
+but a plugin is free to use a different
 format so long as it does not include a comma
 .Pq Ql ,\& .
-There is not currently a way to specify a set of debug flags specific
-to the plugin--the flags are shared by
+Prior to
 .Nm sudo
-and the plugin.
+1.8.12, there was no way to specify plugin-specific
+.Em debug_flags
+so the value was always the same as that used by the
+.Nm sudo
+front end and did not include a path name, only the flags themselves.
+As of version 1.7 of the plugin interface, 
+.Nm sudo
+will only pass
+.Em debug_flags
+if
+.Xr sudo.conf @mansectform@
+contains a plugin-specific
+.Li Debug
+entry.
 .It debug_level=number
 This setting has been deprecated in favor of
 .Em debug_flags .
@@ -2292,6 +2304,12 @@ The
 entry was added to the
 .Li settings
 list.
+.Pp
+The
+.Em debug_flags
+entry now starts with a debug file path name and may occur multiple
+times if there are multiple plugin-specific Debug lines in the
+.Xr sudo.conf @mansectform@ file.
 .El
 .Sh SEE ALSO
 .Xr sudo.conf @mansectform@ ,

diff --git a/include/sudo_conf.h b/include/sudo_conf.h
index 0bcf70cc73d03abe2fac2c766d07325a707e22b1..ed72671647a72fe3a99d61f5b2f68ede01b9bc44 100644 (file)
--- a/include/sudo_conf.h
+++ b/include/sudo_conf.h
@@ -23,15 +23,26 @@
 #define GROUP_SOURCE_STATIC    1
 #define GROUP_SOURCE_DYNAMIC   2
 
+struct sudo_debug_file;
+TAILQ_HEAD(sudo_conf_debug_file_list, sudo_debug_file);
+
 struct plugin_info {
     TAILQ_ENTRY(plugin_info) entries;
+    struct sudo_conf_debug_file_list debug_files;
     const char *path;
     const char *symbol_name;
     char * const * options;
-    int lineno;
+    unsigned int lineno;
 };
 TAILQ_HEAD(plugin_info_list, plugin_info);
 
+struct sudo_conf_debug {
+    TAILQ_ENTRY(sudo_conf_debug) entries;
+    struct sudo_conf_debug_file_list debug_files;
+    char *progname;
+};
+TAILQ_HEAD(sudo_conf_debug_list, sudo_conf_debug);
+
 /* Read main sudo.conf file. */
 __dso_public void sudo_conf_read_v1(const char *conf_file);
 #define sudo_conf_read(_a) sudo_conf_read_v1((_a))
@@ -41,7 +52,7 @@ __dso_public const char *sudo_conf_askpass_path_v1(void);
 __dso_public const char *sudo_conf_sesh_path_v1(void);
 __dso_public const char *sudo_conf_noexec_path_v1(void);
 __dso_public const char *sudo_conf_plugin_dir_path_v1(void);
-__dso_public const char *sudo_conf_debug_flags_v1(void);
+__dso_public struct sudo_conf_debug_list *sudo_conf_debugging_v1(void);
 __dso_public struct plugin_info_list *sudo_conf_plugins_v1(void);
 __dso_public bool sudo_conf_disable_coredump_v1(void);
 __dso_public bool sudo_conf_probe_interfaces_v1(void);
@@ -51,7 +62,7 @@ __dso_public int sudo_conf_max_groups_v1(void);
 #define sudo_conf_sesh_path() sudo_conf_sesh_path_v1()
 #define sudo_conf_noexec_path() sudo_conf_noexec_path_v1()
 #define sudo_conf_plugin_dir_path() sudo_conf_plugin_dir_path_v1()
-#define sudo_conf_debug_flags() sudo_conf_debug_flags_v1()
+#define sudo_conf_debugging() sudo_conf_debugging_v1()
 #define sudo_conf_plugins() sudo_conf_plugins_v1()
 #define sudo_conf_disable_coredump() sudo_conf_disable_coredump_v1()
 #define sudo_conf_probe_interfaces() sudo_conf_probe_interfaces_v1()

diff --git a/include/sudo_debug.h b/include/sudo_debug.h
index e672f87632da8d3e460e9ef549595d515689bda8..7d6327092c9476d043b4afdca0542a220a1c19c5 100644 (file)
--- a/include/sudo_debug.h
+++ b/include/sudo_debug.h
@@ -18,6 +18,17 @@
 #define _SUDO_DEBUG_H
 
 #include <stdarg.h>
+#include "sudo_queue.h"
+
+/*
+ * List of debug files and flags for use in registration.
+ */
+struct sudo_debug_file {
+    TAILQ_ENTRY(sudo_debug_file) entries;
+    char *debug_file;
+    char *debug_flags;
+};
+struct sudo_conf_debug_file_list;
 
 /*
  * The priority and subsystem are encoded in a single 32-bit value.

diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in
index f495a95bb7c4590d31c75f527a9bede0804faeb3..865a4e0f5557eb6a866d419c3f179d006f4ac381 100644 (file)
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -300,7 +300,8 @@ cleandir: realclean
 # Autogenerated dependencies, do not modify
 aix.lo: $(srcdir)/aix.c $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
         $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-        $(incdir)/sudo_gettext.h $(incdir)/sudo_util.h $(top_builddir)/config.h
+        $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+        $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/aix.c
 alloc.lo: $(srcdir)/alloc.c $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
           $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -319,8 +320,9 @@ closefrom.lo: $(srcdir)/closefrom.c $(incdir)/sudo_compat.h \
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/closefrom.c
 conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-              $(incdir)/sudo_conf.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(top_builddir)/config.h
+              $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c
 event.lo: $(srcdir)/event.c $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
           $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
@@ -370,8 +372,8 @@ getopt_long.lo: $(srcdir)/getopt_long.c $(incdir)/compat/getopt.h \
 gidlist.lo: $(srcdir)/gidlist.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-            $(incdir)/sudo_gettext.h $(incdir)/sudo_util.h \
-            $(top_builddir)/config.h
+            $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
+            $(incdir)/sudo_util.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gidlist.c
 glob.lo: $(srcdir)/glob.c $(incdir)/compat/charclass.h $(incdir)/compat/glob.h \
          $(incdir)/sudo_compat.h $(top_builddir)/config.h
@@ -389,10 +391,12 @@ isblank.lo: $(srcdir)/isblank.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/isblank.c
 key_val.lo: $(srcdir)/key_val.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_util.h $(top_builddir)/config.h
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+            $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/key_val.c
 lbuf.lo: $(srcdir)/lbuf.c $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-         $(incdir)/sudo_debug.h $(incdir)/sudo_lbuf.h $(top_builddir)/config.h
+         $(incdir)/sudo_debug.h $(incdir)/sudo_lbuf.h $(incdir)/sudo_queue.h \
+         $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/lbuf.c
 locale_stub.lo: $(top_srcdir)/src/locale_stub.c $(incdir)/sudo_compat.h \
                 $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -400,7 +404,8 @@ locale_stub.lo: $(top_srcdir)/src/locale_stub.c $(incdir)/sudo_compat.h \
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/locale_stub.c
 locking.lo: $(srcdir)/locking.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_util.h $(top_builddir)/config.h
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+            $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locking.c
 memrchr.lo: $(srcdir)/memrchr.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/memrchr.c
@@ -417,7 +422,8 @@ mktemp.lo: $(srcdir)/mktemp.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mktemp.c
 parseln.lo: $(srcdir)/parseln.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_util.h $(top_builddir)/config.h
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+            $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/parseln.c
 parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \
                  $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
@@ -435,11 +441,13 @@ pw_dup.lo: $(srcdir)/pw_dup.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pw_dup.c
 secure_path.lo: $(srcdir)/secure_path.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-                $(incdir)/sudo_util.h $(top_builddir)/config.h
+                $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/secure_path.c
 setgroups.lo: $(srcdir)/setgroups.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_util.h $(top_builddir)/config.h
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/setgroups.c
 sha2.lo: $(srcdir)/sha2.c $(incdir)/compat/endian.h $(incdir)/compat/sha2.h \
          $(incdir)/sudo_compat.h $(top_builddir)/config.h
@@ -462,17 +470,18 @@ strsignal.lo: $(srcdir)/strsignal.c $(incdir)/sudo_compat.h \
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strsignal.c
 strtobool.lo: $(srcdir)/strtobool.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_util.h $(top_builddir)/config.h
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strtobool.c
 strtoid.lo: $(srcdir)/strtoid.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_gettext.h $(incdir)/sudo_util.h \
-            $(top_builddir)/config.h
+            $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
+            $(incdir)/sudo_util.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strtoid.c
 strtomode.lo: $(srcdir)/strtomode.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_gettext.h $(incdir)/sudo_util.h \
-              $(top_builddir)/config.h
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
+              $(incdir)/sudo_util.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strtomode.c
 strtonum.lo: $(srcdir)/strtonum.c $(incdir)/sudo_compat.h \
              $(incdir)/sudo_gettext.h $(top_builddir)/config.h
@@ -487,19 +496,22 @@ sudo_conf.lo: $(srcdir)/sudo_conf.c $(incdir)/compat/stdbool.h \
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_conf.c
 sudo_debug.lo: $(srcdir)/sudo_debug.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-               $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+               $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
+               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                $(incdir)/sudo_util.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_debug.c
 sudo_dso.lo: $(srcdir)/sudo_dso.c $(incdir)/sudo_compat.h $(incdir)/sudo_dso.h \
              $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_dso.c
 term.lo: $(srcdir)/term.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-         $(incdir)/sudo_debug.h $(incdir)/sudo_util.h $(top_builddir)/config.h
+         $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+         $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/term.c
 ttysize.lo: $(srcdir)/ttysize.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_util.h $(top_builddir)/config.h
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+            $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ttysize.c
 utimes.lo: $(srcdir)/utimes.c $(incdir)/compat/utime.h $(incdir)/sudo_compat.h \
            $(top_builddir)/config.h

diff --git a/lib/util/regress/sudo_conf/conf_test.c b/lib/util/regress/sudo_conf/conf_test.c
index 1e3d20c5f6ae6749f1ba00ddb15611682d19eadd..c6062bf82d75b23e150324ce46342e7d37cbb4ae 100644 (file)
--- a/lib/util/regress/sudo_conf/conf_test.c
+++ b/lib/util/regress/sudo_conf/conf_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2013-2014 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -43,6 +43,7 @@
 
 #include "sudo_compat.h"
 #include "sudo_conf.h"
+#include "sudo_debug.h"
 #include "sudo_util.h"
 
 static void sudo_conf_dump(void);
@@ -72,6 +73,9 @@ static void
 sudo_conf_dump(void)
 {
     struct plugin_info_list *plugins = sudo_conf_plugins();
+    struct sudo_conf_debug_list *debug_list = sudo_conf_debugging();
+    struct sudo_conf_debug *debug_spec;
+    struct sudo_debug_file *debug_file;
     struct plugin_info *info;
 
     printf("Set disable_coredump %s\n",
@@ -80,8 +84,6 @@ sudo_conf_dump(void)
        sudo_conf_group_source() == GROUP_SOURCE_ADAPTIVE ? "adaptive" :
        sudo_conf_group_source() == GROUP_SOURCE_STATIC ? "static" : "dynamic");
     printf("Set max_groups %d\n", sudo_conf_max_groups());
-    if (sudo_conf_debug_flags() != NULL)
-       printf("Debug %s %s\n", getprogname(), sudo_conf_debug_flags());
     if (sudo_conf_askpass_path() != NULL)
        printf("Path askpass %s\n", sudo_conf_askpass_path());
 #ifdef _PATH_SUDO_NOEXEC
@@ -97,4 +99,10 @@ sudo_conf_dump(void)
        }
        putchar('\n');
     }
+    TAILQ_FOREACH(debug_spec, debug_list, entries) {
+       TAILQ_FOREACH(debug_file, &debug_spec->debug_files, entries) {
+           printf("Debug %s %s %s\n", debug_spec->progname,
+               debug_file->debug_file, debug_file->debug_flags);
+       }
+    }
 }

diff --git a/lib/util/regress/sudo_conf/test7.in b/lib/util/regress/sudo_conf/test7.in
new file mode 100644 (file)
index 0000000..7438131
--- /dev/null
+++ b/lib/util/regress/sudo_conf/test7.in
@@ -0,0 +1,4 @@
+Debug sudo /var/log/sudo_debug all@info
+Debug sudo /var/log/sudo_debug util@debug
+Debug visudo /var/log/sudo_debug match@debug
+Debug sudoers.so /var/log/sudoers_debug match@debug,nss@info

diff --git a/lib/util/regress/sudo_conf/test7.out.ok b/lib/util/regress/sudo_conf/test7.out.ok
new file mode 100644 (file)
index 0000000..5644109
--- /dev/null
+++ b/lib/util/regress/sudo_conf/test7.out.ok
@@ -0,0 +1,7 @@
+Set disable_coredump true
+Set group_source adaptive
+Set max_groups -1
+Debug sudo /var/log/sudo_debug all@info
+Debug sudo /var/log/sudo_debug util@debug
+Debug visudo /var/log/sudo_debug match@debug
+Debug sudoers.so /var/log/sudoers_debug match@debug,nss@info

diff --git a/lib/util/sudo_conf.c b/lib/util/sudo_conf.c
index bde247058d08a033d04426b29a8a8965aec44402..edb72b15c8acd38671afea8534b179b9bdf4e0c2 100644 (file)
--- a/lib/util/sudo_conf.c
+++ b/lib/util/sudo_conf.c
@@ -68,69 +68,85 @@
 struct sudo_conf_table {
     const char *name;
     unsigned int namelen;
-    void (*setter)(const char *entry, const char *conf_file);
+    void (*parser)(const char *entry, unsigned int lineno);
 };
 
-struct sudo_conf_paths {
+struct sudo_conf_var_table {
+    const char *name;
+    bool (*setter)(const char *entry, const char *conf_file, unsigned int conf_lineno);
+};
+
+struct sudo_conf_path_table {
     const char *pname;
-    unsigned int pnamelen;
     const char *pval;
 };
 
-static void set_debug(const char *entry, const char *conf_file);
-static void set_path(const char *entry, const char *conf_file);
-static void set_plugin(const char *entry, const char *conf_file);
-static void set_variable(const char *entry, const char *conf_file);
-static void set_var_disable_coredump(const char *entry, const char *conf_file);
-static void set_var_group_source(const char *entry, const char *conf_file);
-static void set_var_max_groups(const char *entry, const char *conf_file);
-static void set_var_probe_interfaces(const char *entry, const char *conf_file);
+struct sudo_conf_setting {
+    TAILQ_ENTRY(sudo_conf_setting) entries;
+    char *name;
+    char *value;
+    unsigned int lineno;
+};
+TAILQ_HEAD(sudo_conf_setting_list, sudo_conf_setting);
 
-static unsigned int conf_lineno;
+static void store_debug(const char *entry, unsigned int lineno);
+static void store_path(const char *entry, unsigned int lineno);
+static void store_plugin(const char *entry, unsigned int lineno);
+static void store_variable(const char *entry, unsigned int lineno);
 
 static struct sudo_conf_table sudo_conf_table[] = {
-    { "Debug", sizeof("Debug") - 1, set_debug },
-    { "Path", sizeof("Path") - 1, set_path },
-    { "Plugin", sizeof("Plugin") - 1, set_plugin },
-    { "Set", sizeof("Set") - 1, set_variable },
+    { "Debug", sizeof("Debug") - 1, store_debug },
+    { "Path", sizeof("Path") - 1, store_path },
+    { "Plugin", sizeof("Plugin") - 1, store_plugin },
+    { "Set", sizeof("Set") - 1, store_variable },
     { NULL }
 };
 
-static struct sudo_conf_table sudo_conf_table_vars[] = {
-    { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump },
-    { "group_source", sizeof("group_source") - 1, set_var_group_source },
-    { "max_groups", sizeof("max_groups") - 1, set_var_max_groups },
-    { "probe_interfaces", sizeof("probe_interfaces") - 1, set_var_probe_interfaces },
+static bool set_var_disable_coredump(const char *entry, const char *conf_file, unsigned int);
+static bool set_var_group_source(const char *entry, const char *conf_file, unsigned int);
+static bool set_var_max_groups(const char *entry, const char *conf_file, unsigned int);
+static bool set_var_probe_interfaces(const char *entry, const char *conf_file, unsigned int);
+
+static struct sudo_conf_var_table sudo_conf_var_table[] = {
+    { "disable_coredump", set_var_disable_coredump },
+    { "group_source", set_var_group_source },
+    { "max_groups", set_var_max_groups },
+    { "probe_interfaces", set_var_probe_interfaces },
     { NULL }
 };
 
+/* XXX - it would be nice to make this local to sudo_conf_read */
 static struct sudo_conf_data {
     bool disable_coredump;
     bool probe_interfaces;
     int group_source;
     int max_groups;
-    const char *debug_flags;
+    struct sudo_conf_setting_list paths;
+    struct sudo_conf_setting_list settings;
+    struct sudo_conf_debug_list debugging;
     struct plugin_info_list plugins;
-    struct sudo_conf_paths paths[5];
+    struct sudo_conf_path_table path_table[5];
 } sudo_conf_data = {
     true,
     true,
     GROUP_SOURCE_ADAPTIVE,
     -1,
-    NULL,
+    TAILQ_HEAD_INITIALIZER(sudo_conf_data.paths),
+    TAILQ_HEAD_INITIALIZER(sudo_conf_data.settings),
+    TAILQ_HEAD_INITIALIZER(sudo_conf_data.debugging),
     TAILQ_HEAD_INITIALIZER(sudo_conf_data.plugins),
     {
 #define SUDO_CONF_ASKPASS_IDX  0
-       { "askpass", sizeof("askpass") - 1, _PATH_SUDO_ASKPASS },
+       { "askpass", _PATH_SUDO_ASKPASS },
 #define SUDO_CONF_SESH_IDX     1
-       { "sesh", sizeof("sesh") - 1, _PATH_SUDO_SESH },
+       { "sesh", _PATH_SUDO_SESH },
 #ifdef _PATH_SUDO_NOEXEC
 #define SUDO_CONF_NOEXEC_IDX   2
-       { "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC },
+       { "noexec", _PATH_SUDO_NOEXEC },
 #endif
 #ifdef _PATH_SUDO_PLUGIN_DIR
 #define SUDO_CONF_PLUGIN_IDX   3
-       { "plugin", sizeof("plugin") - 1, _PATH_SUDO_PLUGIN_DIR },
+       { "plugin", _PATH_SUDO_PLUGIN_DIR },
 #endif
        { NULL }
     }
@@ -140,153 +156,151 @@ static struct sudo_conf_data {
  * "Set variable_name value"
  */
 static void
-set_variable(const char *entry, const char *conf_file)
-{
-    struct sudo_conf_table *var;
-
-    for (var = sudo_conf_table_vars; var->name != NULL; var++) {
-       if (strncmp(entry, var->name, var->namelen) == 0 &&
-           isblank((unsigned char)entry[var->namelen])) {
-           entry += var->namelen + 1;
-           while (isblank((unsigned char)*entry))
-               entry++;
-           var->setter(entry, conf_file);
-           break;
-       }
-    }
-}
-
-static void
-set_var_disable_coredump(const char *entry, const char *conf_file)
-{
-    int val = sudo_strtobool(entry);
-
-    if (val != -1)
-       sudo_conf_data.disable_coredump = val;
-}
-
-static void
-set_var_group_source(const char *entry, const char *conf_file)
+store_variable(const char *entry, unsigned int lineno)
 {
-    if (strcasecmp(entry, "adaptive") == 0) {
-       sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE;
-    } else if (strcasecmp(entry, "static") == 0) {
-       sudo_conf_data.group_source = GROUP_SOURCE_STATIC;
-    } else if (strcasecmp(entry, "dynamic") == 0) {
-       sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC;
-    } else {
-       sudo_warnx(U_("unsupported group source `%s' in %s, line %d"), entry,
-           conf_file, conf_lineno);
-    }
-}
-
-static void
-set_var_max_groups(const char *entry, const char *conf_file)
-{
-    int max_groups;
-
-    max_groups = strtonum(entry, 1, INT_MAX, NULL);
-    if (max_groups > 0) {
-       sudo_conf_data.max_groups = max_groups;
-    } else {
-       sudo_warnx(U_("invalid max groups `%s' in %s, line %d"), entry,
-           conf_file, conf_lineno);
-    }
-}
-
-static void
-set_var_probe_interfaces(const char *entry, const char *conf_file)
-{
-    int val = sudo_strtobool(entry);
-
-    if (val != -1)
-       sudo_conf_data.probe_interfaces = val;
+    struct sudo_conf_setting *setting;
+    const char *value;
+    size_t namelen;
+
+    /* Split line into name and value. */
+    namelen = strcspn(entry, " \t");
+    if (entry[namelen] == '\0')
+       return;         /* no value! */
+    value = entry + namelen;
+    do {
+       value++;
+    } while (isblank((unsigned char)*value));
+    if (*value == '\0')
+       return;         /* no value! */
+
+    setting = sudo_ecalloc(1, sizeof(*setting));
+    setting->name = sudo_estrndup(entry, namelen);
+    setting->value = sudo_estrdup(value);
+    setting->lineno = lineno;
+    TAILQ_INSERT_TAIL(&sudo_conf_data.settings, setting, entries);
 }
 
 /*
- * "Debug progname debug_file debug_flags"
+ * "Path name /path/to/file"
  */
 static void
-set_debug(const char *entry, const char *conf_file)
+store_path(const char *entry, unsigned int lineno)
 {
-    size_t filelen, proglen;
-    const char *progname;
-    char *debug_file, *debug_flags;
-
-    /* Is this debug setting for me? */
-    progname = getprogname();
-    if (strcmp(progname, "sudoedit") == 0)
-       progname = "sudo";
-    proglen = strlen(progname);
-    if (strncmp(entry, progname, proglen) != 0 ||
-       !isblank((unsigned char)entry[proglen]))
-       return;
-    entry += proglen + 1;
-    while (isblank((unsigned char)*entry))
-       entry++;
-
-    debug_flags = strpbrk(entry, " \t");
-    if (debug_flags == NULL)
-       return;
-    filelen = (size_t)(debug_flags - entry);
-    while (isblank((unsigned char)*debug_flags))
-       debug_flags++;
-
-    /* Set debug file and parse the flags (init debug as soon as possible). */
-    debug_file = sudo_estrndup(entry, filelen);
-    debug_flags = sudo_estrdup(debug_flags);
-    sudo_debug_init(debug_file, debug_flags);
-    sudo_efree(debug_file);
-
-    sudo_conf_data.debug_flags = debug_flags;
+    struct sudo_conf_setting *path_spec;
+    const char *path;
+    size_t namelen;
+
+    /* Split line into name and path. */
+    namelen = strcspn(entry, " \t");
+    if (entry[namelen] == '\0')
+       return;         /* no path! */
+    path = entry + namelen;
+    do {
+       path++;
+    } while (isblank((unsigned char)*path));
+    if (*path == '\0')
+       return;         /* no path! */
+
+    path_spec = sudo_ecalloc(1, sizeof(*path_spec));
+    path_spec->name = sudo_estrndup(entry, namelen);
+    path_spec->value = sudo_estrdup(path);
+    path_spec->lineno = lineno;
+    TAILQ_INSERT_TAIL(&sudo_conf_data.paths, path_spec, entries);
 }
 
+/*
+ * "Debug program /path/to/log flags,..."
+ */
 static void
-set_path(const char *entry, const char *conf_file)
+store_debug(const char *progname, unsigned int lineno)
 {
-    const char *name, *path;
-    struct sudo_conf_paths *cur;
-
-    /* Parse Path line */
-    name = entry;
-    path = strpbrk(entry, " \t");
-    if (path == NULL)
-       return;
-    while (isblank((unsigned char)*path))
-       path++;
-
-    /* Match supported paths, ignore the rest. */
-    for (cur = sudo_conf_data.paths; cur->pname != NULL; cur++) {
-       if (strncasecmp(name, cur->pname, cur->pnamelen) == 0 &&
-           isblank((unsigned char)name[cur->pnamelen])) {
-           cur->pval = sudo_estrdup(path);
+    struct sudo_conf_debug *debug_spec;
+    struct sudo_debug_file *debug_file;
+    const char *path, *flags, *cp = progname;
+    size_t pathlen, prognamelen;
+
+    /* Parse progname. */
+    while (*cp != '\0' && !isblank((unsigned char)*cp))
+       cp++;
+    if (*cp == '\0')
+       return;         /* not enough fields */
+    prognamelen = (size_t)(cp - progname);
+    do {
+       cp++;
+    } while (isblank((unsigned char)*cp));
+    if (*cp == '\0')
+       return;         /* not enough fields */
+
+    /* Parse path. */
+    path = cp;
+    while (*cp != '\0' && !isblank((unsigned char)*cp))
+       cp++;
+    if (*cp == '\0')
+       return;         /* not enough fields */
+    pathlen = (size_t)(cp - path);
+    do {
+       cp++;
+    } while (isblank((unsigned char)*cp));
+    if (*cp == '\0')
+       return;         /* not enough fields */
+
+    /* Remainder is flags (freeform). */
+    flags = cp;
+
+    /* If progname already exists, use it, else alloc a new one. */
+    TAILQ_FOREACH(debug_spec, &sudo_conf_data.debugging, entries) {
+       if (strncmp(debug_spec->progname, progname, prognamelen) == 0 &&
+           debug_spec->progname[prognamelen] == '\0' &&
+           isblank((unsigned char)debug_spec->progname[prognamelen]))
            break;
-       }
     }
+    if (debug_spec == NULL) {
+       debug_spec = sudo_emalloc(sizeof(*debug_spec));
+       debug_spec->progname = sudo_estrndup(progname, prognamelen);
+       TAILQ_INIT(&debug_spec->debug_files);
+       TAILQ_INSERT_TAIL(&sudo_conf_data.debugging, debug_spec, entries);
+    }
+    debug_file = sudo_emalloc(sizeof(*debug_file));
+    debug_file->debug_file = sudo_estrndup(path, pathlen);
+    debug_file->debug_flags = sudo_estrdup(flags);
+    TAILQ_INSERT_TAIL(&debug_spec->debug_files, debug_file, entries);
 }
 
+/*
+ * "Plugin symbol /path/to/log args..."
+ */
 static void
-set_plugin(const char *entry, const char *conf_file)
+store_plugin(const char *cp, unsigned int lineno)
 {
     struct plugin_info *info;
-    const char *name, *path, *cp, *ep;
+    const char *ep, *path, *symbol;
     char **options = NULL;
-    size_t namelen, pathlen;
+    size_t pathlen, symlen;
     unsigned int nopts;
 
-    /* Parse Plugin line */
-    name = entry;
-    path = strpbrk(entry, " \t");
-    if (path == NULL)
-       return;
-    namelen = (size_t)(path - name);
-    while (isblank((unsigned char)*path))
-       path++;
-    if ((cp = strpbrk(path, " \t")) != NULL) {
-       /* Convert any options to an array. */
-       pathlen = (size_t)(cp - path);
-       while (isblank((unsigned char)*cp))
-           cp++;
+    /* Parse symbol. */
+    if (*cp == '\0')
+       return;         /* not enough fields */
+    symbol = cp;
+    while (*cp != '\0' && !isblank((unsigned char)*cp))
+       cp++;
+    symlen = (size_t)(cp - symbol);
+    while (isblank((unsigned char)*cp))
+       cp++;
+
+    /* Parse path. */
+    if (*cp == '\0')
+       return;         /* not enough fields */
+    path = cp;
+    while (*cp != '\0' && !isblank((unsigned char)*cp))
+       cp++;
+    pathlen = (size_t)(cp - path);
+    while (isblank((unsigned char)*cp))
+       cp++;
+
+    /* Split options into an array if present. */
+    /* XXX - consider as separate function */
+    if (*cp != '\0') {
        /* Count number of options and allocate array. */
        for (ep = cp, nopts = 1; (ep = strpbrk(ep, " \t")) != NULL; nopts++) {
            while (isblank((unsigned char)*ep))
@@ -302,36 +316,211 @@ set_plugin(const char *entry, const char *conf_file)
        }
        options[nopts++] = sudo_estrdup(cp);
        options[nopts] = NULL;
-    } else {
-       /* No extra options. */
-       pathlen = strlen(path);
     }
 
-    info = sudo_ecalloc(1, sizeof(*info));
-    info->symbol_name = sudo_estrndup(name, namelen);
+    info = sudo_emalloc(sizeof(*info));
+    info->symbol_name = sudo_estrndup(symbol, symlen);
     info->path = sudo_estrndup(path, pathlen);
     info->options = options;
-    info->lineno = conf_lineno;
+    info->lineno = lineno;
+    TAILQ_INIT(&info->debug_files);
     TAILQ_INSERT_TAIL(&sudo_conf_data.plugins, info, entries);
 }
 
+/*
+ * Initialize debugging subsystem for the running program.
+ * Also stores plugin-specific debug info in sudo_conf_data.plugins.
+ */
+static void
+set_debugging(const char *conf_file)
+{
+    struct sudo_conf_debug *debug_spec;
+    struct plugin_info *plugin_info;
+    const char *progname;
+    size_t prognamelen;
+    debug_decl(main, SUDO_DEBUG_UTIL)
+
+    progname = getprogname();
+    prognamelen = strlen(progname);
+    if (prognamelen > 4 && strcmp(progname + 4, "edit") == 0)
+       prognamelen -= 4;
+    TAILQ_FOREACH(debug_spec, &sudo_conf_data.debugging, entries) {
+       /* XXX - only uses last matching Debug entry */
+       if (strncmp(debug_spec->progname, progname, prognamelen) == 0 &&
+           debug_spec->progname[prognamelen] == '\0') {
+           sudo_debug_init(TAILQ_LAST(&debug_spec->debug_files, sudo_conf_debug_file_list)->debug_file, TAILQ_LAST(&debug_spec->debug_files, sudo_conf_debug_file_list)->debug_flags);
+           sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys);
+           continue;
+       }
+       /* Move debug_files to plugin if it matches. */
+       TAILQ_FOREACH(plugin_info, &sudo_conf_data.plugins, entries) {
+           const char *plugin_name = plugin_info->path;
+           if (debug_spec->progname[0] != '/') {
+               /* Match basename(path). */
+               plugin_name = strrchr(plugin_info->path, '/');
+               if (plugin_name++ == NULL)
+                   plugin_name = plugin_info->path;
+           }
+           if (strcmp(debug_spec->progname, plugin_name) == 0) {
+               /* Move debug_files into plugin_info. */
+               TAILQ_SWAP(&plugin_info->debug_files, &debug_spec->debug_files,
+                   sudo_debug_file, entries);
+               break;
+           }
+       }
+       /* XXX - free up remaining structs */
+    }
+}
+
+/*
+ * Update path settings.
+ */
+static void
+set_paths(const char *conf_file)
+{
+    struct sudo_conf_setting *path_spec, *next;
+    unsigned int i;
+    debug_decl(sudo_conf_set_paths, SUDO_DEBUG_UTIL)
+
+    /*
+     * Store matching paths in sudo_conf_data.path_table.
+     */
+    TAILQ_FOREACH_SAFE(path_spec, &sudo_conf_data.paths, entries, next) {
+       TAILQ_REMOVE(&sudo_conf_data.paths, path_spec, entries);
+       /* Store path in sudo_conf_data, ignoring unsupported paths. */
+       for (i = 0; sudo_conf_data.path_table[i].pname != NULL; i++) {
+           if (strcmp(path_spec->name, sudo_conf_data.path_table[i].pname) == 0) {
+               sudo_conf_data.path_table[i].pval = path_spec->value;
+               sudo_debug_printf(SUDO_DEBUG_INFO,
+                   "%s: %s:%u: path %s=%s\n", __func__, conf_file,
+                   path_spec->lineno, path_spec->name, path_spec->value);
+               break;
+           }
+       }
+       if (sudo_conf_data.path_table[i].pname == NULL) {
+           /* not found */
+           sudo_debug_printf(SUDO_DEBUG_WARN,
+               "%s: %s:%u: unknown path %s=%s\n", __func__, conf_file,
+               path_spec->lineno, path_spec->name, path_spec->value);
+           sudo_efree(path_spec->value);
+       }
+       sudo_efree(path_spec->name);
+       sudo_efree(path_spec);
+    }
+    TAILQ_INIT(&sudo_conf_data.paths);
+    debug_return;
+}
+
+/*
+ * Update variable settings.
+ */
+static void
+set_variables(const char *conf_file)
+{
+    struct sudo_conf_setting *setting, *next;
+    struct sudo_conf_var_table *var;
+    debug_decl(sudo_conf_set_variables, SUDO_DEBUG_UTIL)
+
+    TAILQ_FOREACH_SAFE(setting, &sudo_conf_data.settings, entries, next) {
+       for (var = sudo_conf_var_table; var->name != NULL; var++) {
+           if (strcmp(setting->name, var->name) == 0) {
+               if (var->setter(setting->value, conf_file, setting->lineno)) {
+                   sudo_debug_printf(SUDO_DEBUG_INFO,
+                       "%s: %s:%u: var %s=%s\n", __func__, conf_file,
+                       setting->lineno, setting->name, setting->value);
+               }
+               break;
+           }
+       }
+       if (var->name == NULL) {
+           /* not found */
+           sudo_debug_printf(SUDO_DEBUG_WARN,
+               "%s: %s:%u: unknown var %s=%s\n", __func__, conf_file,
+               setting->lineno, setting->name, setting->value);
+       }
+       sudo_efree(setting->name);
+       sudo_efree(setting->value);
+       sudo_efree(setting);
+    }
+    TAILQ_INIT(&sudo_conf_data.settings);
+    debug_return;
+}
+
+static bool
+set_var_disable_coredump(const char *entry, const char *conf_file,
+    unsigned int conf_lineno)
+{
+    int val = sudo_strtobool(entry);
+
+    if (val == -1)
+       return false;
+    sudo_conf_data.disable_coredump = val;
+    return true;
+}
+
+static bool
+set_var_group_source(const char *strval, const char *conf_file,
+    unsigned int conf_lineno)
+{
+    if (strcasecmp(strval, "adaptive") == 0) {
+       sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE;
+    } else if (strcasecmp(strval, "static") == 0) {
+       sudo_conf_data.group_source = GROUP_SOURCE_STATIC;
+    } else if (strcasecmp(strval, "dynamic") == 0) {
+       sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC;
+    } else {
+       sudo_warnx(U_("unsupported group source `%s' in %s, line %d"), strval,
+           conf_file, conf_lineno);
+       return false;
+    }
+    return true;
+}
+
+static bool
+set_var_max_groups(const char *strval, const char *conf_file,
+    unsigned int conf_lineno)
+{
+    int max_groups;
+
+    max_groups = strtonum(strval, 1, INT_MAX, NULL);
+    if (max_groups <= 0) {
+       sudo_warnx(U_("invalid max groups `%s' in %s, line %d"), strval,
+           conf_file, conf_lineno);
+       return false;
+    }
+    sudo_conf_data.max_groups = max_groups;
+    return true;
+}
+
+static bool
+set_var_probe_interfaces(const char *strval, const char *conf_file,
+    unsigned int conf_lineno)
+{
+    int val = sudo_strtobool(strval);
+
+    if (val == -1)
+       return false;
+    sudo_conf_data.probe_interfaces = val;
+    return true;
+}
+
 const char *
 sudo_conf_askpass_path_v1(void)
 {
-    return sudo_conf_data.paths[SUDO_CONF_ASKPASS_IDX].pval;
+    return sudo_conf_data.path_table[SUDO_CONF_ASKPASS_IDX].pval;
 }
 
 const char *
 sudo_conf_sesh_path_v1(void)
 {
-    return sudo_conf_data.paths[SUDO_CONF_SESH_IDX].pval;
+    return sudo_conf_data.path_table[SUDO_CONF_SESH_IDX].pval;
 }
 
 #ifdef _PATH_SUDO_NOEXEC
 const char *
 sudo_conf_noexec_path_v1(void)
 {
-    return sudo_conf_data.paths[SUDO_CONF_NOEXEC_IDX].pval;
+    return sudo_conf_data.path_table[SUDO_CONF_NOEXEC_IDX].pval;
 }
 #endif
 
@@ -339,16 +528,10 @@ sudo_conf_noexec_path_v1(void)
 const char *
 sudo_conf_plugin_dir_path_v1(void)
 {
-    return sudo_conf_data.paths[SUDO_CONF_PLUGIN_IDX].pval;
+    return sudo_conf_data.path_table[SUDO_CONF_PLUGIN_IDX].pval;
 }
 #endif
 
-const char *
-sudo_conf_debug_flags_v1(void)
-{
-    return sudo_conf_data.debug_flags;
-}
-
 int
 sudo_conf_group_source_v1(void)
 {
@@ -367,6 +550,12 @@ sudo_conf_plugins_v1(void)
     return &sudo_conf_data.plugins;
 }
 
+struct sudo_conf_debug_list *
+sudo_conf_debugging_v1(void)
+{
+    return &sudo_conf_data.debugging;
+}
+
 bool
 sudo_conf_disable_coredump_v1(void)
 {
@@ -390,6 +579,7 @@ sudo_conf_read_v1(const char *conf_file)
     FILE *fp;
     char *cp, *line = NULL;
     char *prev_locale = sudo_estrdup(setlocale(LC_ALL, NULL));
+    unsigned int conf_lineno = 0;
     size_t linesize = 0;
 
     /* Parse sudo.conf in the "C" locale. */
@@ -431,7 +621,6 @@ sudo_conf_read_v1(const char *conf_file)
        goto done;
     }
 
-    conf_lineno = 0;
     while (sudo_parseln(&line, &linesize, &conf_lineno, fp) != -1) {
        if (*(cp = line) == '\0')
            continue;           /* empty line or comment */
@@ -442,13 +631,21 @@ sudo_conf_read_v1(const char *conf_file)
                cp += cur->namelen;
                while (isblank((unsigned char)*cp))
                    cp++;
-               cur->setter(cp, conf_file);
+               cur->parser(cp, conf_lineno);
                break;
            }
        }
     }
     fclose(fp);
     free(line);
+
+    /* First, init the debug system. */
+    set_debugging(conf_file);
+
+    /* Then set paths and variables. */
+    set_paths(conf_file);
+    set_variables(conf_file);
+
 done:
     /* Restore locale if needed. */
     if (prev_locale[0] != 'C' || prev_locale[1] != '\0')

diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c
index 08772d05f66e4e2ad804a9930b252c9de30c4ef3..88b966805d051ff312e7c59821e1be47dba7060a 100644 (file)
--- a/lib/util/sudo_debug.c
+++ b/lib/util/sudo_debug.c
@@ -54,6 +54,7 @@
 #include "sudo_alloc.h"
 #include "sudo_fatal.h"
 #include "sudo_plugin.h"
+#include "sudo_conf.h"
 #include "sudo_debug.h"
 #include "sudo_util.h"
 

diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in
index 4ee1549304f75c3c5c19c880357bc030d056e053..06d87124bb76f87932b6ef8ce206c79adf77b9bf 100644 (file)
--- a/lib/util/util.exp.in
+++ b/lib/util/util.exp.in
@@ -1,7 +1,7 @@
 @COMPAT_EXP@
 initprogname
 sudo_conf_askpass_path_v1
-sudo_conf_debug_flags_v1
+sudo_conf_debugging_v1
 sudo_conf_disable_coredump_v1
 sudo_conf_group_source_v1
 sudo_conf_max_groups_v1
@@ -88,5 +88,5 @@ sudo_vfatalx_nodebug_v1
 sudo_vwarn_nodebug_v1
 sudo_vwarnx_nodebug_v1
 sudo_warn_nodebug_v1
-sudo_warnx_nodebug_v1
 sudo_warn_set_conversation_v1
+sudo_warnx_nodebug_v1

diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index d676812710dc8a165095fe230454d00e2627dc11..6c8b27342de96615e3b9d5fb2d27c247c2c6bf7c 100644 (file)
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -455,24 +455,24 @@ cleandir: realclean
 
 # Autogenerated dependencies, do not modify
 afs.lo: $(authdir)/afs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-        $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+        $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(srcdir)/sudoers.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/afs.c
 aix_auth.lo: $(authdir)/aix_auth.c $(devdir)/def_data.h \
              $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-             $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-             $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-             $(top_builddir)/pathnames.h
+             $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+             $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+             $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+             $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+             $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/aix_auth.c
 alias.lo: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \
           $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-          $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+          $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
           $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
           $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
           $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
@@ -481,33 +481,33 @@ alias.lo: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c
 audit.lo: $(srcdir)/audit.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
           $(incdir)/sudo_debug.h $(incdir)/sudo_gettext.h \
-          $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h $(srcdir)/logging.h \
-          $(srcdir)/solaris_audit.h $(top_builddir)/config.h
+          $(incdir)/sudo_queue.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \
+          $(srcdir)/logging.h $(srcdir)/solaris_audit.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c
 base64.lo: $(srcdir)/base64.c $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-           $(top_builddir)/config.h
+           $(incdir)/sudo_queue.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c
 base64.o: base64.lo
 boottime.lo: $(srcdir)/boottime.c $(incdir)/compat/stdbool.h \
              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(top_builddir)/config.h
+             $(incdir)/sudo_queue.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c
 bsdauth.lo: $(authdir)/bsdauth.c $(devdir)/def_data.h \
             $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-            $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-            $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-            $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-            $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-            $(top_builddir)/pathnames.h
+            $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+            $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+            $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/bsdauth.c
 bsm_audit.lo: $(srcdir)/bsm_audit.c $(incdir)/sudo_compat.h \
               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-              $(incdir)/sudo_gettext.h $(srcdir)/bsm_audit.h \
-              $(top_builddir)/config.h
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
+              $(srcdir)/bsm_audit.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/bsm_audit.c
 check.lo: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
+          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
           $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
           $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/check.h \
@@ -517,12 +517,12 @@ check.lo: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/check.c
 check_addr.o: $(srcdir)/regress/parser/check_addr.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-              $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \
-              $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \
+              $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
               $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_addr.c
 check_base64.o: $(srcdir)/regress/parser/check_base64.c \
@@ -544,13 +544,13 @@ check_hexchar.o: $(srcdir)/regress/parser/check_hexchar.c \
 check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \
                     $(devdir)/def_data.c $(devdir)/def_data.h \
                     $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-                    $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-                    $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-                    $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-                    $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-                    $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
-                    $(srcdir)/sudoers.h $(top_builddir)/config.h \
-                    $(top_builddir)/pathnames.h
+                    $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                    $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+                    $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+                    $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                    $(srcdir)/defaults.h $(srcdir)/logging.h \
+                    $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+                    $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/iolog_path/check_iolog_path.c
 check_symbols.o: $(srcdir)/regress/check_symbols/check_symbols.c \
                  $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
@@ -563,8 +563,8 @@ check_wrap.o: $(srcdir)/regress/logging/check_wrap.c \
               $(incdir)/sudo_util.h $(top_builddir)/config.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/logging/check_wrap.c
 dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-        $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+        $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(srcdir)/sudoers.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
@@ -572,95 +572,98 @@ dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
 defaults.lo: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \
              $(devdir)/gram.h $(incdir)/compat/stdbool.h \
              $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-             $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
-             $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-             $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
-             $(srcdir)/sudoers.h $(top_builddir)/config.h \
-             $(top_builddir)/pathnames.h
+             $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
+             $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
+             $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
+             $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+             $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/defaults.c
 env.lo: $(srcdir)/env.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-        $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+        $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(srcdir)/sudoers.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env.c
 find_path.lo: $(srcdir)/find_path.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-              $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-              $(top_builddir)/config.h $(top_builddir)/pathnames.h
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+              $(srcdir)/sudoers.h $(top_builddir)/config.h \
+              $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/find_path.c
 find_path.o: find_path.lo
 fwtk.lo: $(authdir)/fwtk.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-         $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
-         $(srcdir)/sudoers.h $(top_builddir)/config.h \
-         $(top_builddir)/pathnames.h
+         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+         $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+         $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+         $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+         $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+         $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/fwtk.c
 getdate.o: $(devdir)/getdate.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/getdate.c
 getspwuid.lo: $(srcdir)/getspwuid.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-              $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-              $(top_builddir)/config.h $(top_builddir)/pathnames.h
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+              $(srcdir)/sudoers.h $(top_builddir)/config.h \
+              $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getspwuid.c
 goodpath.lo: $(srcdir)/goodpath.c $(devdir)/def_data.h \
              $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-             $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-             $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-             $(top_builddir)/pathnames.h
+             $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+             $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+             $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+             $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+             $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/goodpath.c
 goodpath.o: goodpath.lo
 gram.lo: $(devdir)/gram.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-         $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
-         $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \
-         $(top_builddir)/config.h $(top_builddir)/pathnames.h
+         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+         $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+         $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+         $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+         $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
+         $(srcdir)/sudoers.h $(srcdir)/toke.h $(top_builddir)/config.h \
+         $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/gram.c
 group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \
                  $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-                 $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \
-                 $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
-                 $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-                 $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
-                 $(srcdir)/sudoers.h $(top_builddir)/config.h \
-                 $(top_builddir)/pathnames.h
+                 $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                 $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \
+                 $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+                 $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
+                 $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+                 $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+                 $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c
 group_plugin.o: group_plugin.lo
 hexchar.lo: $(srcdir)/hexchar.c $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(top_builddir)/config.h
+            $(incdir)/sudo_queue.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c
 hexchar.o: hexchar.lo
 interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h \
                $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-               $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-               $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
-               $(srcdir)/sudoers.h $(top_builddir)/config.h \
-               $(top_builddir)/pathnames.h
+               $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+               $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+               $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \
+               $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+               $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/interfaces.c
 interfaces.o: interfaces.lo
 iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
+          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
           $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
           $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
@@ -670,16 +673,17 @@ iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/iolog.c
 iolog_path.lo: $(srcdir)/iolog_path.c $(devdir)/def_data.h \
                $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-               $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-               $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-               $(top_builddir)/config.h $(top_builddir)/pathnames.h
+               $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+               $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+               $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+               $(srcdir)/sudoers.h $(top_builddir)/config.h \
+               $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/iolog_path.c
 iolog_path.o: iolog_path.lo
 kerb5.lo: $(authdir)/kerb5.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
+          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
           $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
           $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
@@ -687,17 +691,19 @@ kerb5.lo: $(authdir)/kerb5.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
           $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/kerb5.c
 ldap.lo: $(srcdir)/ldap.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-         $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-         $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-         $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-         $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-         $(top_builddir)/config.h $(top_builddir)/pathnames.h
+         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+         $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \
+         $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
+         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+         $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
+         $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ldap.c
 linux_audit.lo: $(srcdir)/linux_audit.c $(incdir)/sudo_alloc.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-                $(srcdir)/linux_audit.h $(top_builddir)/config.h
+                $(incdir)/sudo_queue.h $(srcdir)/linux_audit.h \
+                $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c
 locale.lo: $(srcdir)/locale.c $(incdir)/compat/stdbool.h \
            $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
@@ -707,27 +713,27 @@ locale.lo: $(srcdir)/locale.c $(incdir)/compat/stdbool.h \
 locale.o: locale.lo
 logging.lo: $(srcdir)/logging.c $(devdir)/def_data.h \
             $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-            $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-            $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-            $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-            $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-            $(top_builddir)/pathnames.h
+            $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+            $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+            $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/logging.c
 logwrap.lo: $(srcdir)/logwrap.c $(devdir)/def_data.h \
             $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-            $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-            $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-            $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-            $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-            $(top_builddir)/pathnames.h
+            $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+            $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+            $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/logwrap.c
 logwrap.o: logwrap.lo
 match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \
           $(incdir)/compat/fnmatch.h $(incdir)/compat/glob.h \
           $(incdir)/compat/sha2.h $(incdir)/compat/stdbool.h \
-          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
+          $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
           $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
           $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
@@ -737,13 +743,13 @@ match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c
 match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h \
                $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-               $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-               $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
-               $(srcdir)/sudoers.h $(top_builddir)/config.h \
-               $(top_builddir)/pathnames.h
+               $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+               $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+               $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \
+               $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+               $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match_addr.c
 match_addr.o: match_addr.lo
 net_ifs.o: $(top_srcdir)/src/net_ifs.c $(incdir)/compat/stdbool.h \
@@ -753,15 +759,15 @@ net_ifs.o: $(top_srcdir)/src/net_ifs.c $(incdir)/compat/stdbool.h \
            $(top_builddir)/config.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/net_ifs.c
 pam.lo: $(authdir)/pam.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-        $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+        $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(srcdir)/sudoers.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/pam.c
 parse.lo: $(srcdir)/parse.c $(devdir)/def_data.h $(devdir)/gram.h \
           $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-          $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+          $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
           $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
           $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
           $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
@@ -770,7 +776,7 @@ parse.lo: $(srcdir)/parse.c $(devdir)/def_data.h $(devdir)/gram.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/parse.c
 passwd.lo: $(authdir)/passwd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
            $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+           $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
@@ -778,7 +784,7 @@ passwd.lo: $(authdir)/passwd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/passwd.c
 policy.lo: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
            $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+           $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
            $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
@@ -787,7 +793,7 @@ policy.lo: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/policy.c
 prompt.lo: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
            $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+           $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
@@ -795,7 +801,7 @@ prompt.lo: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/prompt.c
 pwutil.lo: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
            $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-           $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+           $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
            $(srcdir)/logging.h $(srcdir)/pwutil.h $(srcdir)/redblack.h \
@@ -805,86 +811,93 @@ pwutil.lo: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
 pwutil.o: pwutil.lo
 pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \
                 $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-                $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-                $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-                $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-                $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+                $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+                $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+                $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/pwutil.h \
+                $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
                 $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil_impl.c
 pwutil_impl.o: pwutil_impl.lo
 redblack.lo: $(srcdir)/redblack.c $(incdir)/sudo_alloc.h \
              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(srcdir)/redblack.h $(top_builddir)/config.h
+             $(incdir)/sudo_queue.h $(srcdir)/redblack.h \
+             $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/redblack.c
 redblack.o: redblack.lo
 rfc1938.lo: $(authdir)/rfc1938.c $(devdir)/def_data.h \
             $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-            $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-            $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-            $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-            $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-            $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-            $(top_builddir)/pathnames.h
+            $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+            $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+            $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/rfc1938.c
 secureware.lo: $(authdir)/secureware.c $(devdir)/def_data.h \
                $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-               $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-               $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-               $(top_builddir)/config.h $(top_builddir)/pathnames.h
+               $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+               $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+               $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+               $(srcdir)/sudoers.h $(top_builddir)/config.h \
+               $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/secureware.c
 securid5.lo: $(authdir)/securid5.c $(devdir)/def_data.h \
              $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-             $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-             $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-             $(top_builddir)/pathnames.h
+             $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+             $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+             $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+             $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+             $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/securid5.c
 set_perms.lo: $(srcdir)/set_perms.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-              $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-              $(top_builddir)/config.h $(top_builddir)/pathnames.h
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+              $(srcdir)/sudoers.h $(top_builddir)/config.h \
+              $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c
 sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-        $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+        $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+        $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(srcdir)/sudoers.h $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c
 solaris_audit.lo: $(srcdir)/solaris_audit.c $(devdir)/def_data.h \
                   $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-                  $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-                  $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-                  $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-                  $(srcdir)/logging.h $(srcdir)/solaris_audit.h \
-                  $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-                  $(top_builddir)/config.h $(top_builddir)/pathnames.h
+                  $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                  $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+                  $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                  $(srcdir)/defaults.h $(srcdir)/logging.h \
+                  $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \
+                  $(srcdir)/sudoers.h $(top_builddir)/config.h \
+                  $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c
 sssd.lo: $(srcdir)/sssd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
-         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-         $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-         $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-         $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-         $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-         $(top_builddir)/config.h $(top_builddir)/pathnames.h
+         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+         $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \
+         $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
+         $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+         $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+         $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
+         $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sssd.c
 sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/ins_2001.h \
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/ins_2001.h \
               $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \
               $(srcdir)/ins_goons.h $(srcdir)/insults.h $(srcdir)/logging.h \
               $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
@@ -892,26 +905,28 @@ sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sudo_auth.c
 sudo_nss.lo: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \
              $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-             $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \
-             $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
-             $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-             $(top_builddir)/config.h $(top_builddir)/pathnames.h
+             $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+             $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
+             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
+             $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
+             $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
+             $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_nss.c
 sudo_printf.o: $(srcdir)/sudo_printf.c $(incdir)/sudo_compat.h \
                $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \
-               $(top_builddir)/config.h
+               $(incdir)/sudo_queue.h $(top_builddir)/config.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_printf.c
 sudoers.lo: $(srcdir)/sudoers.c $(devdir)/def_data.h \
             $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-            $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-            $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
-            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-            $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \
-            $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-            $(top_builddir)/config.h $(top_builddir)/pathnames.h
+            $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
+            $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+            $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
+            $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \
+            $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+            $(srcdir)/sudoers.h $(top_builddir)/config.h \
+            $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoers.c
 sudoreplay.o: $(srcdir)/sudoreplay.c $(incdir)/compat/getopt.h \
               $(incdir)/compat/stdbool.h $(incdir)/compat/timespec.h \
@@ -937,19 +952,20 @@ testsudoers.o: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \
 timestamp.lo: $(srcdir)/timestamp.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/compat/timespec.h \
               $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \
-              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
-              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
-              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/check.h \
-              $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
-              $(srcdir)/sudoers.h $(top_builddir)/config.h \
-              $(top_builddir)/pathnames.h
+              $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
+              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
+              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
+              $(incdir)/sudo_util.h $(srcdir)/check.h $(srcdir)/defaults.h \
+              $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+              $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestamp.c
 timestr.lo: $(srcdir)/timestr.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestr.c
 toke.lo: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \
          $(incdir)/compat/sha2.h $(incdir)/compat/stdbool.h \
-         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-         $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
+         $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+         $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+         $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
          $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
          $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
          $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \
@@ -957,23 +973,24 @@ toke.lo: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c
 toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-              $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-              $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-              $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-              $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-              $(srcdir)/toke.h $(top_builddir)/config.h \
-              $(top_builddir)/pathnames.h
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+              $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \
+              $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/toke_util.c
 toke_util.o: toke_util.lo
 tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \
              $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-             $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-             $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-             $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/tsgetgrpw.h \
-             $(top_builddir)/config.h $(top_builddir)/pathnames.h
+             $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+             $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+             $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+             $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
+             $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+             $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \
+             $(top_builddir)/pathnames.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/tsgetgrpw.c
 visudo.o: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \
           $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \
@@ -987,10 +1004,11 @@ visudo.o: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/visudo.c
 visudo_json.o: $(srcdir)/visudo_json.c $(devdir)/def_data.h $(devdir)/gram.h \
                $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \
-               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-               $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-               $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+               $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+               $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+               $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+               $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+               $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
                $(top_builddir)/config.h $(top_builddir)/pathnames.h
        $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/visudo_json.c

diff --git a/plugins/sudoers/solaris_audit.c b/plugins/sudoers/solaris_audit.c
index cea60ce132c55aab50a08a568fc308123bd2f5f7..83cb78d4256e25652f5843ecfe325f7187fcb67a 100644 (file)
--- a/plugins/sudoers/solaris_audit.c
+++ b/plugins/sudoers/solaris_audit.c
@@ -24,7 +24,6 @@
 #include <bsm/adt_event.h>
 
 #include "sudoers.h"
-#include "sudo_debug.h"
 #include "solaris_audit.h"
 
 static adt_session_data_t *ah;         /* audit session handle */

diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index bf5db259093a6c133856fbe108f5f38e67514534..86b77d36346957bba9ff76d8a67ac2d1e798689c 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -54,7 +54,6 @@
 #include "parse.h"
 #include "sudo_lbuf.h"
 #include "sudo_dso.h"
-#include "sudo_debug.h"
 
 /* SSSD <--> SUDO interface - do not change */
 struct sss_sudo_attr {

diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index e13fec60e2014d1921ce29bccca71af8afe50d47..8f5b49afb04356167fae29c7ed310f921bd2afa9 100644 (file)
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -41,6 +41,7 @@
 #include "logging.h"
 #include "sudo_nss.h"
 #include "sudo_plugin.h"
+#include "sudo_conf.h"
 #include "sudo_debug.h"
 #include "sudo_util.h"
 

diff --git a/src/hooks.c b/src/hooks.c
index b394cb6181fdc2af0ed82c4880f20857b556e1cc..3e29f3b6013442b9f9b45473bba84d1e7b5d0455 100644 (file)
--- a/src/hooks.c
+++ b/src/hooks.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2012-2014 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -39,8 +39,6 @@
 #include "sudo.h"
 #include "sudo_plugin.h"
 #include "sudo_plugin_int.h"
-#include "sudo_debug.h"
-#include "sudo_queue.h"
 
 /* Singly linked hook list. */
 struct sudo_hook_entry {

diff --git a/src/load_plugins.c b/src/load_plugins.c
index f12cf8157b0ca9fed3067869e0f4b7da2590433a..a0441e81284a944481c77f32f701053bcf0d55c3 100644 (file)
--- a/src/load_plugins.c
+++ b/src/load_plugins.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -41,9 +41,7 @@
 #include "sudo.h"
 #include "sudo_plugin.h"
 #include "sudo_plugin_int.h"
-#include "sudo_conf.h"
 #include "sudo_dso.h"
-#include "sudo_debug.h"
 
 /* We always use the same name for the sudoers plugin, regardless of the OS */
 #define SUDOERS_PLUGIN "sudoers.so"
@@ -241,6 +239,9 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
            policy_plugin->name = info->symbol_name;
            policy_plugin->options = info->options;
            policy_plugin->u.generic = plugin;
+           TAILQ_INIT(&policy_plugin->debug_files);
+           TAILQ_SWAP(&policy_plugin->debug_files, &info->debug_files,
+               sudo_debug_file, entries);
        }
     } else if (plugin->type == SUDO_IO_PLUGIN) {
        /* Check for duplicate entries. */
@@ -260,6 +261,9 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
            container->name = info->symbol_name;
            container->options = info->options;
            container->u.generic = plugin;
+           TAILQ_INIT(&container->debug_files);
+           TAILQ_SWAP(&container->debug_files, &info->debug_files,
+               sudo_debug_file, entries);
            TAILQ_INSERT_TAIL(io_plugins, container, entries);
        }
     }

diff --git a/src/parse_args.c b/src/parse_args.c
index f8089667567ea2765457f6a3941e343b7f46da42..9aaceed6784d1920b60c9a97b252991b636476d4 100644 (file)
--- a/src/parse_args.c
+++ b/src/parse_args.c
@@ -70,49 +70,47 @@ static struct sudo_settings sudo_settings[] = {
     { "bsdauth_type" },
 #define ARG_LOGIN_CLASS 1
     { "login_class" },
-#define ARG_DEBUG_FLAGS 2
-    { "debug_flags" },
-#define ARG_PRESERVE_ENVIRONMENT 3
+#define ARG_PRESERVE_ENVIRONMENT 2
     { "preserve_environment" },
-#define ARG_RUNAS_GROUP 4
+#define ARG_RUNAS_GROUP 3
     { "runas_group" },
-#define ARG_SET_HOME 5
+#define ARG_SET_HOME 4
     { "set_home" },
-#define ARG_USER_SHELL 6
+#define ARG_USER_SHELL 5
     { "run_shell" },
-#define ARG_LOGIN_SHELL 7
+#define ARG_LOGIN_SHELL 6
     { "login_shell" },
-#define ARG_IGNORE_TICKET 8
+#define ARG_IGNORE_TICKET 7
     { "ignore_ticket" },
-#define ARG_PROMPT 9
+#define ARG_PROMPT 8
     { "prompt" },
-#define ARG_SELINUX_ROLE 10
+#define ARG_SELINUX_ROLE 9
     { "selinux_role" },
-#define ARG_SELINUX_TYPE 11
+#define ARG_SELINUX_TYPE 10
     { "selinux_type" },
-#define ARG_RUNAS_USER 12
+#define ARG_RUNAS_USER 11
     { "runas_user" },
-#define ARG_PROGNAME 13
+#define ARG_PROGNAME 12
     { "progname" },
-#define ARG_IMPLIED_SHELL 14
+#define ARG_IMPLIED_SHELL 13
     { "implied_shell" },
-#define ARG_PRESERVE_GROUPS 15
+#define ARG_PRESERVE_GROUPS 14
     { "preserve_groups" },
-#define ARG_NONINTERACTIVE 16
+#define ARG_NONINTERACTIVE 15
     { "noninteractive" },
-#define ARG_SUDOEDIT 17
+#define ARG_SUDOEDIT 16
     { "sudoedit" },
-#define ARG_CLOSEFROM 18
+#define ARG_CLOSEFROM 17
     { "closefrom" },
-#define ARG_NET_ADDRS 19
+#define ARG_NET_ADDRS 18
     { "network_addrs" },
-#define ARG_MAX_GROUPS 20
+#define ARG_MAX_GROUPS 19
     { "max_groups" },
-#define ARG_PLUGIN_DIR 21
+#define ARG_PLUGIN_DIR 20
     { "plugin_dir" },
-#define ARG_REMOTE_HOST 22
+#define ARG_REMOTE_HOST 21
     { "remote_host" },
-#define NUM_SETTINGS 23
+#define NUM_SETTINGS 22
     { NULL }
 };
 
@@ -176,7 +174,6 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv,
     char *cp, **env_add;
     const char *runas_user = NULL;
     const char *runas_group = NULL;
-    const char *debug_flags;
     const char *progname;
     int proglen;
     int nenv = 0;
@@ -201,11 +198,6 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv,
     if (get_net_ifs(&cp) > 0)
        sudo_settings[ARG_NET_ADDRS].value = cp;
 
-    /* Set debug file and flags from sudo.conf. */
-    debug_flags = sudo_conf_debug_flags();
-    if (debug_flags != NULL)
-       sudo_settings[ARG_DEBUG_FLAGS].value = debug_flags;
-
     /* Set max_groups from sudo.conf. */
     i = sudo_conf_max_groups();
     if (i != -1) {

diff --git a/src/sudo.c b/src/sudo.c
index ee6b2c2d0429f1c035ba4a5ecc319eeba9daa3c2..37c4a3d30a7441710b5d6fb5813e3680f689cb1a 100644 (file)
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -1084,32 +1084,41 @@ run_command(struct command_details *details)
  */
 static char **
 format_plugin_settings(struct plugin_container *plugin,
-    struct sudo_settings *settings)
+    struct sudo_settings *sudo_settings)
 {
+    size_t plugin_settings_size, num_plugin_settings = 0;
+    struct sudo_debug_file *debug_file;
+    struct sudo_settings *setting;
     char **plugin_settings;
-    size_t plugin_settings_size = 32, num_plugin_settings = 0;
     debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM)
 
+    /* XXX - should use exact plugin_settings_size */
+    /* Determine sudo_settings array size (including plugin_path and NULL) */
+    plugin_settings_size = 2;
+    for (setting = sudo_settings; setting->name != NULL; setting++)
+       plugin_settings_size++;
+    TAILQ_FOREACH(debug_file, &plugin->debug_files, entries)
+       plugin_settings_size++;
+
+    /* Allocate and fill in. */
     plugin_settings = sudo_emallocarray(plugin_settings_size, sizeof(char *));
     plugin_settings[num_plugin_settings++] =
        sudo_new_key_val("plugin_path", plugin->path);
-    while (settings->name != NULL) {
-        if (settings->value != NULL) {
+    for (setting = sudo_settings; setting->name != NULL; setting++) {
+        if (setting->value != NULL) {
             sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s=%s",
-                settings->name, settings->value);
-           /* Expand plugin_settings as needed. */
-           if (num_plugin_settings == plugin_settings_size) {
-               plugin_settings_size *= 2;
-               plugin_settings = sudo_ereallocarray(plugin_settings,
-                   plugin_settings_size, sizeof(char *));
-           }
+                setting->name, setting->value);
             plugin_settings[num_plugin_settings] =
-               sudo_new_key_val(settings->name, settings->value);
+               sudo_new_key_val(setting->name, setting->value);
             if (plugin_settings[num_plugin_settings] == NULL)
                 sudo_fatal(NULL);
             num_plugin_settings++;
         }
-       settings++;
+    }
+    TAILQ_FOREACH(debug_file, &plugin->debug_files, entries) {
+       /* XXX - quote filename? */
+       sudo_easprintf(&plugin_settings[num_plugin_settings++],
+           "debug_flags=%s %s", debug_file->debug_file, debug_file->debug_flags);
     }
     plugin_settings[num_plugin_settings] = NULL;
 

diff --git a/src/sudo_plugin_int.h b/src/sudo_plugin_int.h
index fb82b204d4495c3f4ea5b87fd4e077ed4c507e04..5cd1693b7ed3f5eca6647410b410c27645ce5bab 100644 (file)
--- a/src/sudo_plugin_int.h
+++ b/src/sudo_plugin_int.h
@@ -82,6 +82,7 @@ struct io_plugin_1_1 {
  */
 struct plugin_container {
     TAILQ_ENTRY(plugin_container) entries;
+    struct sudo_conf_debug_file_list debug_files;
     const char *name;
     const char *path;
     char * const *options;