Problem reported by Matthias Gerstner of SUSE.

This effectively backs out changeset f738f5ac5350, which made
it possible to log the command when...

We like to use an empty return for stub functions.

This is a regression introduced in sudo 1.8.9 with the strtonum()
conversion. Bug #950.

Also fix some warnings from the new version.

On macOS 10.6 and above, getgroups(2) can return more than NGROUPS_MAX
if _DARWIN_UNLIMITED_GETGR...

Fixes a problem when there are multiple versions of sudo installed
and not all suport the audit p...

This makes it available for event logging in case the name doesn't resolve.

The log message now includes user info and the command attempted.

Bug #948

Avoids a timeout during server shutdown while the server waits for
active connections to close.

Also add warnings if the audit reject or error functions fail.

Add the error string to "unable to connect to log server" instead of
using an extra error message...

Was: "recv: Unknown error 0", now: "lost connection to log server".

This fixes a localization problem where the error message could
have been reported in the wrong l...

Bug #947

Also avoid some new false positives

Need to work around a bug that produces closed brace errors,
see https://github.com/uncrustify/un...

The change to reinitialize the configuration data when sudo_conf_read()
is called again didn't ta...

We may need to use it when logging from the audit reject function.

The audit plugin should cope with a NULL command_info but there's no
reason not to pass the info ...

Fixes a NULL dereference in sudoers_audit when an I/O logging
plugin rejects input/output or retu...

Add a check for the function declaration in openssl/ssl.h.

The I/O log path is not known until the I/O log plugins have
run and other plugins may alter the ...

Use this to display a better error message when using a reserved
work in an alias definition.

The resulting package should work on Macs based on Apple Silicon.

Quote support is limited to the beginning of a word.
Also handles characters escaped with a backs...

This makes it possible to regenerate the test output again.
Also adds an update_test_data target ...

Fixes a problem with pam_xauth which checks effective and real uids
to get the real identity of t...

This is consistent with the pre-1.8.24 behavior. Bug #945

The ldap and sssd back-ends no longer require gram.h which fixes a
compilation issue with IBM LDAP.

Otherwise, if debugging is enabled we will get an extra log instance
each time sudo_logsrvd reeiv...

log_deserialize_info() can be private to iolog.c again.

This lets us log eventlog info along with the alert if it is available.

The logsrvd client code is now used for more than just I/O logging.

This matters when logging via sudo_logsrvd.
It also lets us remove a special case in vlog_warning().

It is no longer I/O log specific and is used by sudoers_audit too.

Previously, we logged the error string separately but this is
not consistent with how it is logge...

Add free_info_messages() to free the array.

Also rename client_close() to log_server_close().
This keeps more of the client code details out ...

The sudoers audit plugin will use this to communicate with sudo_logsrvd.

Fixes a crash in the SSL_VERIFY_PEER callback. Also call inet_ntop(3)
with addr pointer, not soc...

This is used to provided the column number along with the line
number in error messages. For ali...

Bug #841

We may call tls_init() from multiple places in the future so a
static initialized flag will cause...

Also replace backwards with backward.

We still use Tivoli when talking about the server itself but refer
to it as the "IBM Tivoli Direc...

This conflicts with the IBM ldap.h at least. Prevent it from being
exposed by defining YYTOKENTYPE.

We need to add this to LDFLAGS so the linker is able to find
the correct libs when building 64-bi...

Displaying SSL reason code directly is not user-friendly.

This is important for syslog where the record could be truncated.

Defaults to sudo-format logs.

This replaces the old "compact" mode which is only used for syslog.

This makes it possible to have a base config that the callers can
modify instead of replacing the...

This is consistent with historical practice.

These will be used by the sudoers plugin.

This moves the JSON formatting of struct eventlog out of libsudo_iolog
and into libsudo_eventlog ...

Previously, we just made the strings const and relied on the front-end
not changing them. Now th...