[sudo-workers] Disabling the "not allowed" message
Todd C. Miller
Todd.Miller at courtesan.com
Mon Nov 5 11:25:40 EST 2012
That's a legitimate bug, introduced by the log changes in 1.8.6.
Something like the following diff will fix it.
- todd
diff -r 355e4b19c559 plugins/sudoers/logging.c
--- a/plugins/sudoers/logging.c Tue Sep 18 09:59:29 2012 -0400
+++ b/plugins/sudoers/logging.c Mon Nov 05 11:24:22 2012 -0500
@@ -310,7 +310,7 @@
log_failure(int status, int flags)
{
debug_decl(log_failure, SUDO_DEBUG_LOGGING)
- bool inform_user = true;
+ bool inform_user = !ISSET(flags, FLAG_LOG_ONLY);
/* Handle auditing first. */
if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
@@ -324,7 +324,7 @@
inform_user = false;
log_denial(status, inform_user);
- if (!inform_user) {
+ if (!inform_user && !ISSET(flags, FLAG_LOG_ONLY)) {
/*
* We'd like to not leak path info at all here, but that can
* *really* confuse the users. To really close the leak we'd
diff -r 355e4b19c559 plugins/sudoers/sudoers.c
--- a/plugins/sudoers/sudoers.c Tue Sep 18 09:59:29 2012 -0400
+++ b/plugins/sudoers/sudoers.c Mon Nov 05 11:24:22 2012 -0500
@@ -466,7 +466,7 @@
rval = check_user(validated, sudo_mode);
if (rval != true) {
if (!ISSET(validated, VALIDATE_OK))
- log_failure(validated, cmnd_status);
+ log_failure(validated, cmnd_status | FLAG_LOG_ONLY);
goto done;
}
diff -r 355e4b19c559 plugins/sudoers/sudoers.h
--- a/plugins/sudoers/sudoers.h Tue Sep 18 09:59:29 2012 -0400
+++ b/plugins/sudoers/sudoers.h Mon Nov 05 11:24:22 2012 -0500
@@ -118,6 +118,7 @@
#define FLAG_NON_INTERACTIVE 0x100
#define FLAG_BAD_PASSWORD 0x200
#define FLAG_AUTH_ERROR 0x400
+#define FLAG_LOG_ONLY 0x800
/*
* find_path()/load_cmnd() return values
More information about the sudo-workers
mailing list