Don't send mail about pseudo-command failure unless it is an

authentication failure.

NEWS

@@ -61,6 +61,9 @@ What's new in Sudo 1.8.12
    `+' prefix and checking whether the user is a member of any of
    the returned netgroups.
 
+ * The mail_always sudoers option no longer sends mail for "sudo -l"
+   or "sudo -v" unless the user is unable to authenticate themselves.
+
 What's new in Sudo 1.8.11p2
 
  * Fixed a bug where dynamic shared objects loaded from a plugin

doc/sudoers.cat

@@ -75,9 +75,12 @@ DDEESSCCRRIIPPTTIIOONN
      mail is configurable via the _m_a_i_l_t_o Defaults entry (described later) and
      defaults to root.
 
-     Note that mail will not be sent if an unauthorized user tries to run ssuuddoo
-     with the --ll or --vv option.  This allows users to determine for themselves
-     whether or not they are allowed to use ssuuddoo.
+     Note that no mail will be sent if an unauthorized user tries to run ssuuddoo
+     with the --ll or --vv option unless there is an authentication error and
+     either the _m_a_i_l___a_l_w_a_y_s or _m_a_i_l___b_a_d_p_a_s_s flags are enabled.  This allows
+     users to determine for themselves whether or not they are allowed to use
+     ssuuddoo.  All attempts to run ssuuddoo (successful or not) will be logged,
+     regardless of whether or not mail is sent.
 
      If ssuuddoo is run by root and the SUDO_USER environment variable is set, the
      _s_u_d_o_e_r_s policy will use this value to determine who the actual user is.
@@ -174,7 +177,7 @@ DDEESSCCRRIIPPTTIIOONN
      _e_n_v___r_e_s_e_t.  The DISPLAY, PATH and TERM variables remain unchanged; HOME,
      MAIL, SHELL, USER, and LOGNAME are set based on the target user.  On AIX
      (and Linux systems without PAM), the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are
-     also included.  On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled,
+     also included.  On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s flag is enabled,
      the _p_a_t_h and _s_e_t_e_n_v variables in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f are also applied.  All
      other environment variables are removed.
 
@@ -1047,8 +1050,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        some people find it more convenient.  This flag is _o_f_f
                        by default.
 
-     mail_always       Send mail to the _m_a_i_l_t_o user every time a user runs
-                       ssuuddoo.  This flag is _o_f_f by default.
+     mail_always       Send mail to the _m_a_i_l_t_o user every time a user attempts
+                       to run a command via ssuuddoo.  Mail will be sent for both
+                       successful and unsuccessful attempts.  No mail will be
+                       sent if the user runs ssuuddoo with the --ll or --vv option
+                       unless there is an authentication error.  This flag is
+                       _o_f_f by default.
 
      mail_badpass      Send mail to the _m_a_i_l_t_o user if the user running ssuuddoo
                        does not enter the correct password.  If the command
@@ -2356,4 +2363,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.12                    December 4, 2014                    Sudo 1.8.12
+Sudo 1.8.12                    January 21, 2015                    Sudo 1.8.12

doc/sudoers.man.in

@@ -1,7 +1,7 @@
 .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
 .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in
 .\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2015
 .\"	Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "December 4, 2014" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "January 21, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -172,17 +172,25 @@ Defaults entry
 (described later) and defaults to
 \fR@mailto@\fR.
 .PP
-Note that mail will not be sent if an unauthorized user tries to
-run
+Note that no mail will be sent if an unauthorized user tries to run
 \fBsudo\fR
 with the
 \fB\-l\fR
 or
 \fB\-v\fR
-option.
+option unless there is an authentication error and
+either the
+\fImail_always\fR
+or
+\fImail_badpass\fR
+flags are enabled.
 This allows users to
 determine for themselves whether or not they are allowed to use
 \fBsudo\fR.
+All attempts to run
+\fBsudo\fR
+(successful or not)
+will be logged, regardless of whether or not mail is sent.
 .PP
 If
 \fBsudo\fR
@@ -440,7 +448,7 @@ are also
 included.
 On BSD systems, if the
 \fIuse_loginclass\fR
-option is
+flag is
 enabled, the
 \fIpath\fR
 and
@@ -2218,8 +2226,16 @@ by default.
 mail_always
 Send mail to the
 \fImailto\fR
-user every time a user runs
+user every time a user attempts to run a command via
 \fBsudo\fR.
+Mail will be sent for both successful and unsuccessful attempts.
+No mail will be sent if the user runs
+\fBsudo\fR
+with the
+\fB\-l\fR
+or
+\fB\-v\fR
+option unless there is an authentication error.
 This flag is
 \fIoff\fR
 by default.

doc/sudoers.mdoc.in

@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2015
 .\"	Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd December 4, 2014
+.Dd January 21, 2015
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -160,17 +160,25 @@ Defaults entry
 (described later) and defaults to
 .Li @mailto@ .
 .Pp
-Note that mail will not be sent if an unauthorized user tries to
-run
+Note that no mail will be sent if an unauthorized user tries to run
 .Nm sudo
 with the
 .Fl l
 or
 .Fl v
-option.
+option unless there is an authentication error and
+either the
+.Em mail_always
+or
+.Em mail_badpass
+flags are enabled.
 This allows users to
 determine for themselves whether or not they are allowed to use
 .Nm sudo .
+All attempts to run
+.Nm sudo
+(successful or not)
+will be logged, regardless of whether or not mail is sent.
 .Pp
 If
 .Nm sudo
@@ -426,7 +434,7 @@ are also
 included.
 On BSD systems, if the
 .Em use_loginclass
-option is
+flag is
 enabled, the
 .Em path
 and
@@ -2075,8 +2083,16 @@ by default.
 .It mail_always
 Send mail to the
 .Em mailto
-user every time a user runs
+user every time a user attempts to run a command via
 .Nm sudo .
+Mail will be sent for both successful and unsuccessful attempts.
+No mail will be sent if the user runs
+.Nm sudo
+with the
+.Fl l
+or
+.Fl v
+option unless there is an authentication error.
 This flag is
 .Em off
 by default.

plugins/sudoers/logging.c

@@ -364,7 +364,7 @@ log_auth_failure(int status, unsigned int tries)
 	    SET(flags, SLOG_SEND_MAIL);
     } else {
 	/* Command denied, auth failed; make sure we don't send mail twice. */
-	if (def_mail_badpass && !should_mail(status))
+	if ((def_mail_badpass || def_mail_always) && !should_mail(status))
 	    SET(flags, SLOG_SEND_MAIL);
 	/* Don't log the bad password message, we'll log a denial instead. */
 	SET(flags, SLOG_NO_LOG);
@@ -756,6 +756,10 @@ should_mail(int status)
 {
     debug_decl(should_mail, SUDOERS_DEBUG_LOGGING)
 
+    /* Never send mail about the "sudo -l" and "sudo -v" pseudo-commands. */
+    if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
+	debug_return_bool(false);
+
     debug_return_bool(def_mail_always ||
 	(def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
 	(def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||