mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 22:05:46 +00:00
Code Issues Releases Wiki Activity

Don't send mail about pseudo-command failure unless it is an

Browse Source 
authentication failure.
This commit is contained in:
Todd C. Miller
2015-02-02 15:01:06 -07:00
parent dfb369198a
commit ed4ffa6265
5 changed files with 68 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/sudoers/logging.c
View File

@@ -364,7 +364,7 @@ log_auth_failure(int status, unsigned int tries)
SET(flags, SLOG_SEND_MAIL);
} else {
/* Command denied, auth failed; make sure we don't send mail twice. */
if (def_mail_badpass && !should_mail(status))
if ((def_mail_badpass || def_mail_always) && !should_mail(status))
SET(flags, SLOG_SEND_MAIL);
/* Don't log the bad password message, we'll log a denial instead. */
SET(flags, SLOG_NO_LOG);
@@ -756,6 +756,10 @@ should_mail(int status)
{
debug_decl(should_mail, SUDOERS_DEBUG_LOGGING)
/* Never send mail about the "sudo -l" and "sudo -v" pseudo-commands. */
if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
debug_return_bool(false);
debug_return_bool(def_mail_always ||
(def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
(def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||