mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 23:35:36 +00:00
Code Issues Releases Wiki Activity

Add mail_all_cmnds to always mail when a user runs a command (or

Browse Source 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
This commit is contained in:
Todd C. Miller
2015-02-15 20:30:11 -07:00
parent 8bb5897091
commit 53ac30b63a
7 changed files with 217 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
doc/sudoers.cat
View File

@@ -1050,19 +1050,23 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
some people find it more convenient. This flag is _o_f_f some people find it more convenient. This flag is _o_f_f
by default. by default.
mail_always Send mail to the _m_a_i_l_t_o user every time a user attempts mail_all_cmnds Send mail to the _m_a_i_l_t_o user every time a user attempts
to run a command via ssuuddoo. Mail will be sent for both to run a command via ssuuddoo (this includes ssuuddooeeddiitt). No
successful and unsuccessful attempts. No mail will be mail will be sent if the user runs ssuuddoo with the --ll or
sent if the user runs ssuuddoo with the --ll or --vv option --vv option unless there is an authentication error and
unless there is an authentication error. This flag is the _m_a_i_l___b_a_d_p_a_s_s flag is also set. This flag is _o_f_f by
_o_f_f by default. default.
mail_always Send mail to the _m_a_i_l_t_o user every time a user runs
ssuuddoo. This flag is _o_f_f by default.
mail_badpass Send mail to the _m_a_i_l_t_o user if the user running ssuuddoo mail_badpass Send mail to the _m_a_i_l_t_o user if the user running ssuuddoo
does not enter the correct password. If the command does not enter the correct password. If the command
the user is attempting to run is not permitted by the user is attempting to run is not permitted by
_s_u_d_o_e_r_s and one of the _m_a_i_l___a_l_w_a_y_s, _m_a_i_l___n_o___h_o_s_t, _s_u_d_o_e_r_s and one of the _m_a_i_l___a_l_l___c_m_n_d_s, _m_a_i_l___a_l_w_a_y_s,
_m_a_i_l___n_o___p_e_r_m_s or _m_a_i_l___n_o___u_s_e_r flags are set, this flag _m_a_i_l___n_o___h_o_s_t, _m_a_i_l___n_o___p_e_r_m_s or _m_a_i_l___n_o___u_s_e_r flags are
will have no effect. This flag is _o_f_f by default. set, this flag will have no effect. This flag is _o_f_f
by default.
mail_no_host If set, mail will be sent to the _m_a_i_l_t_o user if the mail_no_host If set, mail will be sent to the _m_a_i_l_t_o user if the
invoking user exists in the _s_u_d_o_e_r_s file, but is not invoking user exists in the _s_u_d_o_e_r_s file, but is not

21
doc/sudoers.man.in
View File

@@ -2223,19 +2223,31 @@ This flag is
\fI@long_otp_prompt@\fR \fI@long_otp_prompt@\fR
by default. by default.
.TP 18n .TP 18n
mail_always mail_all_cmnds
Send mail to the Send mail to the
\fImailto\fR \fImailto\fR
user every time a user attempts to run a command via user every time a user attempts to run a command via
\fBsudo\fR. \fBsudo\fR
Mail will be sent for both successful and unsuccessful attempts. (this includes
\fBsudoedit\fR).
No mail will be sent if the user runs No mail will be sent if the user runs
\fBsudo\fR \fBsudo\fR
with the with the
\fB\-l\fR \fB\-l\fR
or or
\fB\-v\fR \fB\-v\fR
option unless there is an authentication error. option unless there is an authentication error and the
\fImail_badpass\fR
flag is also set.
This flag is
\fIoff\fR
by default.
.TP 18n
mail_always
Send mail to the
\fImailto\fR
user every time a user runs
\fBsudo\fR.
This flag is This flag is
\fIoff\fR \fIoff\fR
by default. by default.
@@ -2249,6 +2261,7 @@ does not enter the correct password.
If the command the user is attempting to run is not permitted by If the command the user is attempting to run is not permitted by
\fIsudoers\fR \fIsudoers\fR
and one of the and one of the
\fImail_all_cmnds\fR,
\fImail_always\fR, \fImail_always\fR,
\fImail_no_host\fR, \fImail_no_host\fR,
\fImail_no_perms\fR \fImail_no_perms\fR

20
doc/sudoers.mdoc.in
View File

@@ -2080,19 +2080,30 @@ It's not as pretty as the default but some people find it more convenient.
This flag is This flag is
.Em @long_otp_prompt@ .Em @long_otp_prompt@
by default. by default.
.It mail_always .It mail_all_cmnds
Send mail to the Send mail to the
.Em mailto .Em mailto
user every time a user attempts to run a command via user every time a user attempts to run a command via
.Nm sudo . .Nm sudo
Mail will be sent for both successful and unsuccessful attempts. (this includes
.Nm sudoedit ) .
No mail will be sent if the user runs No mail will be sent if the user runs
.Nm sudo .Nm sudo
with the with the
.Fl l .Fl l
or or
.Fl v .Fl v
option unless there is an authentication error. option unless there is an authentication error and the
.Em mail_badpass
flag is also set.
This flag is
.Em off
by default.
.It mail_always
Send mail to the
.Em mailto
user every time a user runs
.Nm sudo .
This flag is This flag is
.Em off .Em off
by default. by default.
@@ -2105,6 +2116,7 @@ does not enter the correct password.
If the command the user is attempting to run is not permitted by If the command the user is attempting to run is not permitted by
.Em sudoers .Em sudoers
and one of the and one of the
.Em mail_all_cmnds ,
.Em mail_always , .Em mail_always ,
.Em mail_no_host , .Em mail_no_host ,
.Em mail_no_perms .Em mail_no_perms

4
plugins/sudoers/def_data.c
View File

@@ -62,6 +62,10 @@ struct sudo_defs_types sudo_defs_table[] = {
"mail_no_perms", T_FLAG, "mail_no_perms", T_FLAG,
N_("Send mail if the user is not allowed to run a command"), N_("Send mail if the user is not allowed to run a command"),
NULL, NULL,
}, {
"mail_all_cmnds", T_FLAG,
N_("Send mail if the user tries to run a command"),
NULL,
}, { }, {
"tty_tickets", T_FLAG, "tty_tickets", T_FLAG,
N_("Use a separate timestamp for each user/tty combo"), N_("Use a separate timestamp for each user/tty combo"),

322
plugins/sudoers/def_data.h
View File

@@ -18,166 +18,168 @@
#define I_MAIL_NO_HOST 8 #define I_MAIL_NO_HOST 8
#define def_mail_no_perms (sudo_defs_table[9].sd_un.flag) #define def_mail_no_perms (sudo_defs_table[9].sd_un.flag)
#define I_MAIL_NO_PERMS 9 #define I_MAIL_NO_PERMS 9
#define def_tty_tickets (sudo_defs_table[10].sd_un.flag) #define def_mail_all_cmnds (sudo_defs_table[10].sd_un.flag)
#define I_TTY_TICKETS 10 #define I_MAIL_ALL_CMNDS 10
#define def_lecture (sudo_defs_table[11].sd_un.tuple) #define def_tty_tickets (sudo_defs_table[11].sd_un.flag)
#define I_LECTURE 11 #define I_TTY_TICKETS 11
#define def_lecture_file (sudo_defs_table[12].sd_un.str) #define def_lecture (sudo_defs_table[12].sd_un.tuple)
#define I_LECTURE_FILE 12 #define I_LECTURE 12
#define def_authenticate (sudo_defs_table[13].sd_un.flag) #define def_lecture_file (sudo_defs_table[13].sd_un.str)
#define I_AUTHENTICATE 13 #define I_LECTURE_FILE 13
#define def_root_sudo (sudo_defs_table[14].sd_un.flag) #define def_authenticate (sudo_defs_table[14].sd_un.flag)
#define I_ROOT_SUDO 14 #define I_AUTHENTICATE 14
#define def_log_host (sudo_defs_table[15].sd_un.flag) #define def_root_sudo (sudo_defs_table[15].sd_un.flag)
#define I_LOG_HOST 15 #define I_ROOT_SUDO 15
#define def_log_year (sudo_defs_table[16].sd_un.flag) #define def_log_host (sudo_defs_table[16].sd_un.flag)
#define I_LOG_YEAR 16 #define I_LOG_HOST 16
#define def_shell_noargs (sudo_defs_table[17].sd_un.flag) #define def_log_year (sudo_defs_table[17].sd_un.flag)
#define I_SHELL_NOARGS 17 #define I_LOG_YEAR 17
#define def_set_home (sudo_defs_table[18].sd_un.flag) #define def_shell_noargs (sudo_defs_table[18].sd_un.flag)
#define I_SET_HOME 18 #define I_SHELL_NOARGS 18
#define def_always_set_home (sudo_defs_table[19].sd_un.flag) #define def_set_home (sudo_defs_table[19].sd_un.flag)
#define I_ALWAYS_SET_HOME 19 #define I_SET_HOME 19
#define def_path_info (sudo_defs_table[20].sd_un.flag) #define def_always_set_home (sudo_defs_table[20].sd_un.flag)
#define I_PATH_INFO 20 #define I_ALWAYS_SET_HOME 20
#define def_fqdn (sudo_defs_table[21].sd_un.flag) #define def_path_info (sudo_defs_table[21].sd_un.flag)
#define I_FQDN 21 #define I_PATH_INFO 21
#define def_insults (sudo_defs_table[22].sd_un.flag) #define def_fqdn (sudo_defs_table[22].sd_un.flag)
#define I_INSULTS 22 #define I_FQDN 22
#define def_requiretty (sudo_defs_table[23].sd_un.flag) #define def_insults (sudo_defs_table[23].sd_un.flag)
#define I_REQUIRETTY 23 #define I_INSULTS 23
#define def_env_editor (sudo_defs_table[24].sd_un.flag) #define def_requiretty (sudo_defs_table[24].sd_un.flag)
#define I_ENV_EDITOR 24 #define I_REQUIRETTY 24
#define def_rootpw (sudo_defs_table[25].sd_un.flag) #define def_env_editor (sudo_defs_table[25].sd_un.flag)
#define I_ROOTPW 25 #define I_ENV_EDITOR 25
#define def_runaspw (sudo_defs_table[26].sd_un.flag) #define def_rootpw (sudo_defs_table[26].sd_un.flag)
#define I_RUNASPW 26 #define I_ROOTPW 26
#define def_targetpw (sudo_defs_table[27].sd_un.flag) #define def_runaspw (sudo_defs_table[27].sd_un.flag)
#define I_TARGETPW 27 #define I_RUNASPW 27
#define def_use_loginclass (sudo_defs_table[28].sd_un.flag) #define def_targetpw (sudo_defs_table[28].sd_un.flag)
#define I_USE_LOGINCLASS 28 #define I_TARGETPW 28
#define def_set_logname (sudo_defs_table[29].sd_un.flag) #define def_use_loginclass (sudo_defs_table[29].sd_un.flag)
#define I_SET_LOGNAME 29 #define I_USE_LOGINCLASS 29
#define def_stay_setuid (sudo_defs_table[30].sd_un.flag) #define def_set_logname (sudo_defs_table[30].sd_un.flag)
#define I_STAY_SETUID 30 #define I_SET_LOGNAME 30
#define def_preserve_groups (sudo_defs_table[31].sd_un.flag) #define def_stay_setuid (sudo_defs_table[31].sd_un.flag)
#define I_PRESERVE_GROUPS 31 #define I_STAY_SETUID 31
#define def_loglinelen (sudo_defs_table[32].sd_un.uival) #define def_preserve_groups (sudo_defs_table[32].sd_un.flag)
#define I_LOGLINELEN 32 #define I_PRESERVE_GROUPS 32
#define def_timestamp_timeout (sudo_defs_table[33].sd_un.fval) #define def_loglinelen (sudo_defs_table[33].sd_un.uival)
#define I_TIMESTAMP_TIMEOUT 33 #define I_LOGLINELEN 33
#define def_passwd_timeout (sudo_defs_table[34].sd_un.fval) #define def_timestamp_timeout (sudo_defs_table[34].sd_un.fval)
#define I_PASSWD_TIMEOUT 34 #define I_TIMESTAMP_TIMEOUT 34
#define def_passwd_tries (sudo_defs_table[35].sd_un.uival) #define def_passwd_timeout (sudo_defs_table[35].sd_un.fval)
#define I_PASSWD_TRIES 35 #define I_PASSWD_TIMEOUT 35
#define def_umask (sudo_defs_table[36].sd_un.mode) #define def_passwd_tries (sudo_defs_table[36].sd_un.uival)
#define I_UMASK 36 #define I_PASSWD_TRIES 36
#define def_logfile (sudo_defs_table[37].sd_un.str) #define def_umask (sudo_defs_table[37].sd_un.mode)
#define I_LOGFILE 37 #define I_UMASK 37
#define def_mailerpath (sudo_defs_table[38].sd_un.str) #define def_logfile (sudo_defs_table[38].sd_un.str)
#define I_MAILERPATH 38 #define I_LOGFILE 38
#define def_mailerflags (sudo_defs_table[39].sd_un.str) #define def_mailerpath (sudo_defs_table[39].sd_un.str)
#define I_MAILERFLAGS 39 #define I_MAILERPATH 39
#define def_mailto (sudo_defs_table[40].sd_un.str) #define def_mailerflags (sudo_defs_table[40].sd_un.str)
#define I_MAILTO 40 #define I_MAILERFLAGS 40
#define def_mailfrom (sudo_defs_table[41].sd_un.str) #define def_mailto (sudo_defs_table[41].sd_un.str)
#define I_MAILFROM 41 #define I_MAILTO 41
#define def_mailsub (sudo_defs_table[42].sd_un.str) #define def_mailfrom (sudo_defs_table[42].sd_un.str)
#define I_MAILSUB 42 #define I_MAILFROM 42
#define def_badpass_message (sudo_defs_table[43].sd_un.str) #define def_mailsub (sudo_defs_table[43].sd_un.str)
#define I_BADPASS_MESSAGE 43 #define I_MAILSUB 43
#define def_lecture_status_dir (sudo_defs_table[44].sd_un.str) #define def_badpass_message (sudo_defs_table[44].sd_un.str)
#define I_LECTURE_STATUS_DIR 44 #define I_BADPASS_MESSAGE 44
#define def_timestampdir (sudo_defs_table[45].sd_un.str) #define def_lecture_status_dir (sudo_defs_table[45].sd_un.str)
#define I_TIMESTAMPDIR 45 #define I_LECTURE_STATUS_DIR 45
#define def_timestampowner (sudo_defs_table[46].sd_un.str) #define def_timestampdir (sudo_defs_table[46].sd_un.str)
#define I_TIMESTAMPOWNER 46 #define I_TIMESTAMPDIR 46
#define def_exempt_group (sudo_defs_table[47].sd_un.str) #define def_timestampowner (sudo_defs_table[47].sd_un.str)
#define I_EXEMPT_GROUP 47 #define I_TIMESTAMPOWNER 47
#define def_passprompt (sudo_defs_table[48].sd_un.str) #define def_exempt_group (sudo_defs_table[48].sd_un.str)
#define I_PASSPROMPT 48 #define I_EXEMPT_GROUP 48
#define def_passprompt_override (sudo_defs_table[49].sd_un.flag) #define def_passprompt (sudo_defs_table[49].sd_un.str)
#define I_PASSPROMPT_OVERRIDE 49 #define I_PASSPROMPT 49
#define def_runas_default (sudo_defs_table[50].sd_un.str) #define def_passprompt_override (sudo_defs_table[50].sd_un.flag)
#define I_RUNAS_DEFAULT 50 #define I_PASSPROMPT_OVERRIDE 50
#define def_secure_path (sudo_defs_table[51].sd_un.str) #define def_runas_default (sudo_defs_table[51].sd_un.str)
#define I_SECURE_PATH 51 #define I_RUNAS_DEFAULT 51
#define def_editor (sudo_defs_table[52].sd_un.str) #define def_secure_path (sudo_defs_table[52].sd_un.str)
#define I_EDITOR 52 #define I_SECURE_PATH 52
#define def_listpw (sudo_defs_table[53].sd_un.tuple) #define def_editor (sudo_defs_table[53].sd_un.str)
#define I_LISTPW 53 #define I_EDITOR 53
#define def_verifypw (sudo_defs_table[54].sd_un.tuple) #define def_listpw (sudo_defs_table[54].sd_un.tuple)
#define I_VERIFYPW 54 #define I_LISTPW 54
#define def_noexec (sudo_defs_table[55].sd_un.flag) #define def_verifypw (sudo_defs_table[55].sd_un.tuple)
#define I_NOEXEC 55 #define I_VERIFYPW 55
#define def_ignore_local_sudoers (sudo_defs_table[56].sd_un.flag) #define def_noexec (sudo_defs_table[56].sd_un.flag)
#define I_IGNORE_LOCAL_SUDOERS 56 #define I_NOEXEC 56
#define def_closefrom (sudo_defs_table[57].sd_un.ival) #define def_ignore_local_sudoers (sudo_defs_table[57].sd_un.flag)
#define I_CLOSEFROM 57 #define I_IGNORE_LOCAL_SUDOERS 57
#define def_closefrom_override (sudo_defs_table[58].sd_un.flag) #define def_closefrom (sudo_defs_table[58].sd_un.ival)
#define I_CLOSEFROM_OVERRIDE 58 #define I_CLOSEFROM 58
#define def_setenv (sudo_defs_table[59].sd_un.flag) #define def_closefrom_override (sudo_defs_table[59].sd_un.flag)
#define I_SETENV 59 #define I_CLOSEFROM_OVERRIDE 59
#define def_env_reset (sudo_defs_table[60].sd_un.flag) #define def_setenv (sudo_defs_table[60].sd_un.flag)
#define I_ENV_RESET 60 #define I_SETENV 60
#define def_env_check (sudo_defs_table[61].sd_un.list) #define def_env_reset (sudo_defs_table[61].sd_un.flag)
#define I_ENV_CHECK 61 #define I_ENV_RESET 61
#define def_env_delete (sudo_defs_table[62].sd_un.list) #define def_env_check (sudo_defs_table[62].sd_un.list)
#define I_ENV_DELETE 62 #define I_ENV_CHECK 62
#define def_env_keep (sudo_defs_table[63].sd_un.list) #define def_env_delete (sudo_defs_table[63].sd_un.list)
#define I_ENV_KEEP 63 #define I_ENV_DELETE 63
#define def_role (sudo_defs_table[64].sd_un.str) #define def_env_keep (sudo_defs_table[64].sd_un.list)
#define I_ROLE 64 #define I_ENV_KEEP 64
#define def_type (sudo_defs_table[65].sd_un.str) #define def_role (sudo_defs_table[65].sd_un.str)
#define I_TYPE 65 #define I_ROLE 65
#define def_env_file (sudo_defs_table[66].sd_un.str) #define def_type (sudo_defs_table[66].sd_un.str)
#define I_ENV_FILE 66 #define I_TYPE 66
#define def_sudoers_locale (sudo_defs_table[67].sd_un.str) #define def_env_file (sudo_defs_table[67].sd_un.str)
#define I_SUDOERS_LOCALE 67 #define I_ENV_FILE 67
#define def_visiblepw (sudo_defs_table[68].sd_un.flag) #define def_sudoers_locale (sudo_defs_table[68].sd_un.str)
#define I_VISIBLEPW 68 #define I_SUDOERS_LOCALE 68
#define def_pwfeedback (sudo_defs_table[69].sd_un.flag) #define def_visiblepw (sudo_defs_table[69].sd_un.flag)
#define I_PWFEEDBACK 69 #define I_VISIBLEPW 69
#define def_fast_glob (sudo_defs_table[70].sd_un.flag) #define def_pwfeedback (sudo_defs_table[70].sd_un.flag)
#define I_FAST_GLOB 70 #define I_PWFEEDBACK 70
#define def_umask_override (sudo_defs_table[71].sd_un.flag) #define def_fast_glob (sudo_defs_table[71].sd_un.flag)
#define I_UMASK_OVERRIDE 71 #define I_FAST_GLOB 71
#define def_log_input (sudo_defs_table[72].sd_un.flag) #define def_umask_override (sudo_defs_table[72].sd_un.flag)
#define I_LOG_INPUT 72 #define I_UMASK_OVERRIDE 72
#define def_log_output (sudo_defs_table[73].sd_un.flag) #define def_log_input (sudo_defs_table[73].sd_un.flag)
#define I_LOG_OUTPUT 73 #define I_LOG_INPUT 73
#define def_compress_io (sudo_defs_table[74].sd_un.flag) #define def_log_output (sudo_defs_table[74].sd_un.flag)
#define I_COMPRESS_IO 74 #define I_LOG_OUTPUT 74
#define def_use_pty (sudo_defs_table[75].sd_un.flag) #define def_compress_io (sudo_defs_table[75].sd_un.flag)
#define I_USE_PTY 75 #define I_COMPRESS_IO 75
#define def_group_plugin (sudo_defs_table[76].sd_un.str) #define def_use_pty (sudo_defs_table[76].sd_un.flag)
#define I_GROUP_PLUGIN 76 #define I_USE_PTY 76
#define def_iolog_dir (sudo_defs_table[77].sd_un.str) #define def_group_plugin (sudo_defs_table[77].sd_un.str)
#define I_IOLOG_DIR 77 #define I_GROUP_PLUGIN 77
#define def_iolog_file (sudo_defs_table[78].sd_un.str) #define def_iolog_dir (sudo_defs_table[78].sd_un.str)
#define I_IOLOG_FILE 78 #define I_IOLOG_DIR 78
#define def_set_utmp (sudo_defs_table[79].sd_un.flag) #define def_iolog_file (sudo_defs_table[79].sd_un.str)
#define I_SET_UTMP 79 #define I_IOLOG_FILE 79
#define def_utmp_runas (sudo_defs_table[80].sd_un.flag) #define def_set_utmp (sudo_defs_table[80].sd_un.flag)
#define I_UTMP_RUNAS 80 #define I_SET_UTMP 80
#define def_privs (sudo_defs_table[81].sd_un.str) #define def_utmp_runas (sudo_defs_table[81].sd_un.flag)
#define I_PRIVS 81 #define I_UTMP_RUNAS 81
#define def_limitprivs (sudo_defs_table[82].sd_un.str) #define def_privs (sudo_defs_table[82].sd_un.str)
#define I_LIMITPRIVS 82 #define I_PRIVS 82
#define def_exec_background (sudo_defs_table[83].sd_un.flag) #define def_limitprivs (sudo_defs_table[83].sd_un.str)
#define I_EXEC_BACKGROUND 83 #define I_LIMITPRIVS 83
#define def_pam_service (sudo_defs_table[84].sd_un.str) #define def_exec_background (sudo_defs_table[84].sd_un.flag)
#define I_PAM_SERVICE 84 #define I_EXEC_BACKGROUND 84
#define def_pam_login_service (sudo_defs_table[85].sd_un.str) #define def_pam_service (sudo_defs_table[85].sd_un.str)
#define I_PAM_LOGIN_SERVICE 85 #define I_PAM_SERVICE 85
#define def_pam_setcred (sudo_defs_table[86].sd_un.flag) #define def_pam_login_service (sudo_defs_table[86].sd_un.str)
#define I_PAM_SETCRED 86 #define I_PAM_LOGIN_SERVICE 86
#define def_pam_session (sudo_defs_table[87].sd_un.flag) #define def_pam_setcred (sudo_defs_table[87].sd_un.flag)
#define I_PAM_SESSION 87 #define I_PAM_SETCRED 87
#define def_maxseq (sudo_defs_table[88].sd_un.uival) #define def_pam_session (sudo_defs_table[88].sd_un.flag)
#define I_MAXSEQ 88 #define I_PAM_SESSION 88
#define def_use_netgroups (sudo_defs_table[89].sd_un.flag) #define def_maxseq (sudo_defs_table[89].sd_un.uival)
#define I_USE_NETGROUPS 89 #define I_MAXSEQ 89
#define def_use_netgroups (sudo_defs_table[90].sd_un.flag)
#define I_USE_NETGROUPS 90
enum def_tuple { enum def_tuple {
never, never,

3
plugins/sudoers/def_data.in
View File

@@ -40,6 +40,9 @@ mail_no_host
mail_no_perms mail_no_perms
T_FLAG T_FLAG
"Send mail if the user is not allowed to run a command" "Send mail if the user is not allowed to run a command"
mail_all_cmnds
T_FLAG
"Send mail if the user tries to run a command"
tty_tickets tty_tickets
T_FLAG T_FLAG
"Use a separate timestamp for each user/tty combo" "Use a separate timestamp for each user/tty combo"

7
plugins/sudoers/logging.c
View File

@@ -364,7 +364,7 @@ log_auth_failure(int status, unsigned int tries)
SET(flags, SLOG_SEND_MAIL); SET(flags, SLOG_SEND_MAIL);
} else { } else {
/* Command denied, auth failed; make sure we don't send mail twice. */ /* Command denied, auth failed; make sure we don't send mail twice. */
if ((def_mail_badpass || def_mail_always) && !should_mail(status)) if (def_mail_badpass && !should_mail(status))
SET(flags, SLOG_SEND_MAIL); SET(flags, SLOG_SEND_MAIL);
/* Don't log the bad password message, we'll log a denial instead. */ /* Don't log the bad password message, we'll log a denial instead. */
SET(flags, SLOG_NO_LOG); SET(flags, SLOG_NO_LOG);
@@ -756,11 +756,8 @@ should_mail(int status)
{ {
debug_decl(should_mail, SUDOERS_DEBUG_LOGGING) debug_decl(should_mail, SUDOERS_DEBUG_LOGGING)
/* Never send mail about the "sudo -l" and "sudo -v" pseudo-commands. */
if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
debug_return_bool(false);
debug_return_bool(def_mail_always || debug_return_bool(def_mail_always ||
(def_mail_all_cmnds && ISSET(sudo_mode, (MODE_RUN|MODE_EDIT))) ||
(def_mail_no_user && ISSET(status, FLAG_NO_USER)) || (def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
(def_mail_no_host && ISSET(status, FLAG_NO_HOST)) || (def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||
(def_mail_no_perms && !ISSET(status, VALIDATE_SUCCESS))); (def_mail_no_perms && !ISSET(status, VALIDATE_SUCCESS)));