Otherwise it is possible to decrement the reference more than once.

The "log_server_verify" setting passed from the policy plugin was
applied to the "keepalive" opti...

This can be used to debug client problems such as a connection
not being closed as expected.

This will make it possible to process completed journal files
periodically if the relay server is...

For an immediate relay we will close the connection when the client
disconnects (or there is a ti...

More detailed error messages may be found in the debug log.

This got broken by some code rearrangement when relay mode was added.

The other end of the connection should perform a proper TLS shutdown
but as long as we are in the...

This is a big hammer but it seems like the best we can do for now.
Allows "make check" to succeed...

Also add check_editor to sudoers "make check".

GitHub issue #99

Coverit CID 221401

Coverity CID 221399

Coverity CID 221402

When relaying from a journal there will be no socket.
Coverity CID 221403

Coverity CID 221400

Coverity CID 221397 and 221398

This separats out the message handler from the functions that store
or relay the message contents.

Formats and enqueues an error message and enables the write event.

If the configuration changes it should not affect a connection that
is already in progress.

Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will ...

Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section. Also ad...

If SIGCHLD is ignored there is a race condition between when the
process is executed and when the...

Currently only used for RLIMIT_DATA and RLIMIT_AS.

This works around a problem on HP-UX where se...

There's no need to rebuild the message buffer for anything but
RestartMessage and ClientHello.

We always know the size of the data buffer we need at allocation time.

Also adjust debug tests so they pass on older python versions

from upstream automake

Previously they were inline in aclocal.m4.

Also move the HP-UX 11.00 pread(2) workaround into the section where
pread(2) is tested for, not ...

Otherwise we end up with weird paths for a prefix like /opt/sudo.

Normally, mkpkg will figure this out, but if the user does "make
package" outside of the mkpkg sc...

This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sud...

Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd itself).
Also fix linking fuzz_log...

TLS options in the relay section will be used if specified, otherwise
the TLS options from the se...

Now that the SSL context is initialized in logsrvd_conf.c there's
no need to export TLS configura...

This way we get certificate errors at configuration time, not after.
It also means that a change ...

Coverity CID 220564

Not actually possible in practice. Coverity CID 220568.

It is the caller's responsibility to free resources on error.
Coverity CID 220557

Avoids a portability issue on systems where NULL is not a pointer.

Fixes a warning when sudo is not configured to use OpenSSL.

There is no longer a need to do anything in shutdown_cb() other
than break out of the event loop.

This will be used by the upcoming relay mode.

It will be used by sudo_logsrvd too.

Also convert sa_str to ref counted string.

This allows it to be used by the relay code too.

Relay hosts are be specified in the server section of sudo_logsrvd.conf.

This allows us to queue up multiple messages for writing like the
sudoers client supports. Curre...

Under normal circumstances the existing group list will match the
list fetched by sudo. However,...

Some of the macros deprecated in 2.70 are required by older versions.
For example, AC_PROG_CC now...

Signed-off-by: Radovan Sroka <[email protected]>

Based on a patch from Dennis Filder. Bug #971.

Fixes a link error when sudo is configured with --disable-log-client.

Otherwise, we will call SSL_new with a freed SSL context.
Bug #970

Avoids a problem where the user gets an exclusive usage error message
when using a sudo-specific ...

Also add missing -B option to usage strings.

GitHub issue #95

Fixes a directory conflict with the AIX sudo rpm package.
Other deb/rpm packages were not affecte...

On OpenServer, SIOCGIFNUM is the number of network interfaces,
not the number of ifreq structs.

We need to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF
only returns IPv6 addresses.

Now that we store the string version of the address before fetching
the netmask we can just re-us...

Gleaned from sendmail.

Still falls back to a loop if not but now maxes out at 2048
interfaces instead of potentially loo...

They were getting in the way of net_its.c simplification.

HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also...