PyArg_ParseTuple sets the py_config_tuple pointer, but it does not
increment the reference count...

Sudo is not multi-threaded so we don't need the added complexity.

MAP_SGI_ANYADDR cannot be used in place of MAP_ANON

IRIX lacks MAP_ANON (and MAP_ANONYMOUS) but we can use the IRIX-specific
flag MAP_SGI_ANYADDR ins...

Since python plugins are run inside the same interpreter, they affect
each other's state, which ...

On each plugin initialization we create a separate python interpreter
which gets stored in the p...

The closure pointer in sudo_conv_callback was being filled in with
a struct getpass_closure ** in...

Separate sudo io plugin symbols are created which stores wrapper
functions adding the context of...

to verify 2 python plugins can work next to each other.

if they want to support getting loaded multiple times.

Adapted the default sudo_printf from sudoers plugin to be able to print
errors before plugin ope...

Also use AC_CHECK_FUNCS to check for the other OpenSSL functions

This will help avoid duplicate code in the audit and approval plugins.

This adds compatibility defines for some OpenSSL 1.1.x functions.

We don't export symbols in convenience libraries, only installed DSOs.

Also check for getpeername() and inet_ntop() failure.

If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_...

Fixes running "make depend" in lib/util dir when siglist.c or
signame.c are not already present.

Configure provides absolution versions of srcdir, builddir, top_srcdir
and top_builddir. We can ...

Uses lcov and genhtml to generate test coverage. It is meant to be run
in a clean directory. Ext...

Make the demonstration extend the environment with a new variable.
Easier to read, and makes the...

IO/Group/Policy Python API version is displayed instead of sudo version,
because that is not ver...

Storing them as "tuple" instead of "set", so they have a fix order.
This makes the output of the...

When calling validate() python function, TypeError exception was thrown
("argument list must be ...

If the plugin fails to open the file for writing, constructor will raise
an exception and exit b...

Similarly to IO plugin example. (It is easier to test it this way.)

instead of linking with it.

They are platform dependant, so their test would fail on some platforms.
While we could create s...

Include sys/socket.h for getpeername().
Link with -lnsl on Solaris to get inet_pton().

We only need to use libtool's clean mode to remove files created by libtool.

We need to switch from SUDO_EV_READ to SUDO_EV_WRITE for this case.

We need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
Also make the tls connect eve...

Fixes missing time stamp in remote I/O log info file.

Fixes sudoedit on macOS 10.15 and above where the root file system
is mounted read-only. See htt...

Now that we call fmt_exit_message() from client_close() we do not
need to try to determine whethe...

Otherwise, the debug output in a plugin's event callback will go
to the sudo debug file, not sudo...

Don't test SIGLWP on FreeBSD where it is reserved for the thread
library and is not listed in sys...

Otherwise, LD_LIBRARY_PATH does not work when running the tests.
The GNU linker's --enable-new-dt...

If both sudoers policy and I/O log plugins are loaded, debug_files
will be empty when the I/O plu...

The warning message said the later I/O plugin was ignored but it
actually overwrote the existing ...

The non-faccessat() code already did this so this just brings the
faccessat() path into alignment...

Moving the iteration into the wrapper functions simplifies the calling code.

Previously we appended the path to SUDOERS_LDFLAGS but now that we
use OpenSSL in the log server,...

Coverity CID 206591

Potential use after free calling gzstrerror() after gzclose().

Avoids some coverity false positives when using TAILQ_FOREACH_SAFE
to free the tail queue.

Coverity CID 206396

The deprecated "max_groups" setting is not documented.

If the debug sudoers subsystem is not registered, because it does not
get any file names to deal...

Examples are installed by default to "docdir", which refers to
PACKAGE_TARNAME variable which wa...

EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
limit is lower than the curren...

If there is no installed sudoers there is nothing to check...