mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

Do not inform the user that the command was not permitted by the

Browse Source 
policy if they do not successfully authenticate.  This is a regression
introduced in sudo 1.8.6.
This commit is contained in:
Todd C. Miller
2012-11-06 11:19:51 -05:00
parent 941d759c51
commit 5d052aeb60
4 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/sudoers/logging.c
View File

@@ -247,14 +247,20 @@ do_logfile(char *msg)
}
/*
* Log and mail the denial message, optionally informing the user.
* Log, audit and mail the denial message, optionally informing the user.
*/
static void
void
log_denial(int status, bool inform_user)
{
char *logline, *message;
debug_decl(log_denial, SUDO_DEBUG_LOGGING)
/* Handle auditing first. */
if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
audit_failure(NewArgv, _("No user or host"));
else
audit_failure(NewArgv, _("validation failure"));
/* Set error message. */
if (ISSET(status, FLAG_NO_USER))
message = _("user NOT in sudoers");
@@ -312,12 +318,6 @@ log_failure(int status, int flags)
debug_decl(log_failure, SUDO_DEBUG_LOGGING)
bool inform_user = true;
/* Handle auditing first. */
if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
audit_failure(NewArgv, _("No user or host"));
else
audit_failure(NewArgv, _("validation failure"));
/* The user doesn't always get to see the log message (path info). */
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
(flags == NOT_FOUND_DOT || flags == NOT_FOUND))