We only want to pass the execution environment back for commands
that are accepted or rejected.
A...

If logging via syslog, do the openlog() at config time instead.
We still lock the log file prior ...

Since lockf() uses the files's current offset, we need to seek to
the start of the file to unlock...

This only happens when sudo unloads the last python plugin.
The reason doing so is because there...

We do not use structsequence any more.

Previously, a config reload would refresh the listener address list
but the changes had no effect...

Adds a missing #ifdef HAVE_OPENSSL and reorders code to avoid the
need for a static init_tls_serv...

Note that depending on the system, the default syslog buffer
may not be large enough to store all...

We need to re-initialize the TLS server context.
Also fix a memory leak of the TLS parameters on ...

The I/O logging plugin is passed the environment the command will
run with, not the user's origin...

This is better than cluttering up the code with #ifdefs for obsolete
systems.

fromisoformat is only supported from python >=3.7

even if the arguments are not used (eg. when there is no "close" call
in the plugin).

It was no...

The python_plugin_api_rc_call function already decrements the
refcount of py_args.
Python avoids...

The error is always stored in plugin_ctx, but it is only set into errstr
if the API version is e...

Same as sudo.PluginError exception, have a sudo.PluginReject exception
as well. Added common bas...

Tests did not catch the issue where errstr was not set correctly, but
its pointer contained the ...

There's no need for four copies of sudo_debug_parse_flags().

Currently only env_check, env_delete, env_keep and log_servers are lists.

Also fix a few typos.

We need a close function to be able to to free memory allocated for
errstr. Unlike the other plu...

Also add a missing sudo_debug_enter() after debug registration.

This still breaks log filename incorrectly but is a step in the
right direction.

Instead, pass the repo path to either hg or log2cl.pl

The scriptdir contained a path relative to where the target was started.
The scripts are called ...

to simplify code a bit.

The main problem was that string array objects were constructed
differently:
- if constructed by...

It is a bit more code, but it is more "pythonic" and easier to debug
as the enum values also kno...

The intented behaviour was that those get skipped, but the PyList_GetItem
sets the interpreter i...

Unfortunately the test did not catch this mistake, because it only
searches that "Python policy ...

For the audit plugin.
Ensure we do not fail if plugin_ctx->py_instance is NULL (because
plugin i...

so they can start from clean state. (My problem was optional argument
tests has destroyed the ca...

Plugins can raise a sudo.PluginError exception to add context message
for the failure.

The call...

to avoid warning of debug python build.

This splits the usage printing out into display_usage().

Fixes coverity CID 207992

The only outlier is the policy plugin which is not part of a list
since there can only be a singl...

The basic idea is that the approval plugin adds an additional
layer of policy. There can be mult...

o whitespace cleanup
o show_version doesn't have an errstr argument
o document runas_user and ...

Otherwise, the audit plugin has to look up the runas name and group
by user or group ID.

This effectively disables pwfeedback when the -S or -A options are used.

This makes it possible for a plugin to change the event base
to a local one and then reset it bac...

We should already have displayed a more useful error message.
Otherwise, we can get two "error in...

Otherwise, the command could be run before the TLS handshake completes.

That way we can distinguish between different error types.

The audit_failure() function now stores the failure string.
This will allow an audit plugin to lo...

This can be used to implement logging-only plugins.
The plugin functions now take an errstr argum...

To be used by the upcoming JSON audit module.

We create type 4, variant 1 uuids (random).

In getln() if the user enters ^U (erase line) and the write(2) fails,
the remaining buffer size i...

The resolve_host() function returns 0 on success, not bool.