Add mail_all_cmnds to always mail when a user runs a command (or

tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 99171c9d3fafb2a47d73e08c26d250b3d7d2a559..0bbd900967f5e94ba21e3b88698f583977055d78 100644 (file)
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1050,19 +1050,23 @@ S\bSU\bUD\bDO\bOE\bER\bRS\bS O\bOP\bPT\bTI\bIO\bON\bNS\bS
                        some people find it more convenient.  This flag is _\bo_\bf_\bf
                        by default.
 
-     mail_always       Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user every time a user attempts
-                       to run a command via s\bsu\bud\bdo\bo.  Mail will be sent for both
-                       successful and unsuccessful attempts.  No mail will be
-                       sent if the user runs s\bsu\bud\bdo\bo with the -\b-l\bl or -\b-v\bv option
-                       unless there is an authentication error.  This flag is
-                       _\bo_\bf_\bf by default.
+     mail_all_cmnds    Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user every time a user attempts
+                       to run a command via s\bsu\bud\bdo\bo (this includes s\bsu\bud\bdo\boe\bed\bdi\bit\bt).  No
+                       mail will be sent if the user runs s\bsu\bud\bdo\bo with the -\b-l\bl or
+                       -\b-v\bv option unless there is an authentication error and
+                       the _\bm_\ba_\bi_\bl_\b__\bb_\ba_\bd_\bp_\ba_\bs_\bs flag is also set.  This flag is _\bo_\bf_\bf by
+                       default.
+
+     mail_always       Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user every time a user runs
+                       s\bsu\bud\bdo\bo.  This flag is _\bo_\bf_\bf by default.
 
      mail_badpass      Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user if the user running s\bsu\bud\bdo\bo
                        does not enter the correct password.  If the command
                        the user is attempting to run is not permitted by
-                       _\bs_\bu_\bd_\bo_\be_\br_\bs and one of the _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bw_\ba_\by_\bs, _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bh_\bo_\bs_\bt,
-                       _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bp_\be_\br_\bm_\bs or _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bu_\bs_\be_\br flags are set, this flag
-                       will have no effect.  This flag is _\bo_\bf_\bf by default.
+                       _\bs_\bu_\bd_\bo_\be_\br_\bs and one of the _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bl_\b__\bc_\bm_\bn_\bd_\bs, _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bw_\ba_\by_\bs,
+                       _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bh_\bo_\bs_\bt, _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bp_\be_\br_\bm_\bs or _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bu_\bs_\be_\br flags are
+                       set, this flag will have no effect.  This flag is _\bo_\bf_\bf
+                       by default.
 
      mail_no_host      If set, mail will be sent to the _\bm_\ba_\bi_\bl_\bt_\bo user if the
                        invoking user exists in the _\bs_\bu_\bd_\bo_\be_\br_\bs file, but is not

diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 7704484f88605ed25afc8c52cde2f507eb9429d5..4ee8c24bb3dce56f64db45b606cf3a9cdc8de184 100644 (file)
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -2223,19 +2223,31 @@ This flag is
 \fI@long_otp_prompt@\fR
 by default.
 .TP 18n
-mail_always
+mail_all_cmnds
 Send mail to the
 \fImailto\fR
 user every time a user attempts to run a command via
-\fBsudo\fR.
-Mail will be sent for both successful and unsuccessful attempts.
+\fBsudo\fR
+(this includes
+\fBsudoedit\fR).
 No mail will be sent if the user runs
 \fBsudo\fR
 with the
 \fB\-l\fR
 or
 \fB\-v\fR
-option unless there is an authentication error.
+option unless there is an authentication error and the
+\fImail_badpass\fR
+flag is also set.
+This flag is
+\fIoff\fR
+by default.
+.TP 18n
+mail_always
+Send mail to the
+\fImailto\fR
+user every time a user runs
+\fBsudo\fR.
 This flag is
 \fIoff\fR
 by default.
@@ -2249,6 +2261,7 @@ does not enter the correct password.
 If the command the user is attempting to run is not permitted by
 \fIsudoers\fR
 and one of the
+\fImail_all_cmnds\fR,
 \fImail_always\fR,
 \fImail_no_host\fR,
 \fImail_no_perms\fR

diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 205f73f16897640da54f1ef313fa404e543cb61c..a9be4182a8f52f5f835864c6f08a9f860420d431 100644 (file)
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -2080,19 +2080,30 @@ It's not as pretty as the default but some people find it more convenient.
 This flag is
 .Em @long_otp_prompt@
 by default.
-.It mail_always
+.It mail_all_cmnds
 Send mail to the
 .Em mailto
 user every time a user attempts to run a command via
-.Nm sudo .
-Mail will be sent for both successful and unsuccessful attempts.
+.Nm sudo
+(this includes
+.Nm sudoedit ) .
 No mail will be sent if the user runs
 .Nm sudo
 with the
 .Fl l
 or
 .Fl v
-option unless there is an authentication error.
+option unless there is an authentication error and the
+.Em mail_badpass
+flag is also set.
+This flag is
+.Em off
+by default.
+.It mail_always
+Send mail to the
+.Em mailto
+user every time a user runs
+.Nm sudo .
 This flag is
 .Em off
 by default.
@@ -2105,6 +2116,7 @@ does not enter the correct password.
 If the command the user is attempting to run is not permitted by
 .Em sudoers
 and one of the
+.Em mail_all_cmnds ,
 .Em mail_always ,
 .Em mail_no_host ,
 .Em mail_no_perms

diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index 4a776411827f0d69fe48ec7fda61073af2f2a9db..37cf62ac864802b39f3e8f8f903c3bd229ea1e6b 100644 (file)
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -62,6 +62,10 @@ struct sudo_defs_types sudo_defs_table[] = {
        "mail_no_perms", T_FLAG,
        N_("Send mail if the user is not allowed to run a command"),
        NULL,
+    }, {
+       "mail_all_cmnds", T_FLAG,
+       N_("Send mail if the user tries to run a command"),
+       NULL,
     }, {
        "tty_tickets", T_FLAG,
        N_("Use a separate timestamp for each user/tty combo"),

diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index d30f809b1fa918d8a4ee09d026d1fb10ae0e0208..c14526af7c19829aae5752593295f6518dd53a07 100644 (file)
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -18,166 +18,168 @@
 #define I_MAIL_NO_HOST          8
 #define def_mail_no_perms       (sudo_defs_table[9].sd_un.flag)
 #define I_MAIL_NO_PERMS         9
-#define def_tty_tickets         (sudo_defs_table[10].sd_un.flag)
-#define I_TTY_TICKETS           10
-#define def_lecture             (sudo_defs_table[11].sd_un.tuple)
-#define I_LECTURE               11
-#define def_lecture_file        (sudo_defs_table[12].sd_un.str)
-#define I_LECTURE_FILE          12
-#define def_authenticate        (sudo_defs_table[13].sd_un.flag)
-#define I_AUTHENTICATE          13
-#define def_root_sudo           (sudo_defs_table[14].sd_un.flag)
-#define I_ROOT_SUDO             14
-#define def_log_host            (sudo_defs_table[15].sd_un.flag)
-#define I_LOG_HOST              15
-#define def_log_year            (sudo_defs_table[16].sd_un.flag)
-#define I_LOG_YEAR              16
-#define def_shell_noargs        (sudo_defs_table[17].sd_un.flag)
-#define I_SHELL_NOARGS          17
-#define def_set_home            (sudo_defs_table[18].sd_un.flag)
-#define I_SET_HOME              18
-#define def_always_set_home     (sudo_defs_table[19].sd_un.flag)
-#define I_ALWAYS_SET_HOME       19
-#define def_path_info           (sudo_defs_table[20].sd_un.flag)
-#define I_PATH_INFO             20
-#define def_fqdn                (sudo_defs_table[21].sd_un.flag)
-#define I_FQDN                  21
-#define def_insults             (sudo_defs_table[22].sd_un.flag)
-#define I_INSULTS               22
-#define def_requiretty          (sudo_defs_table[23].sd_un.flag)
-#define I_REQUIRETTY            23
-#define def_env_editor          (sudo_defs_table[24].sd_un.flag)
-#define I_ENV_EDITOR            24
-#define def_rootpw              (sudo_defs_table[25].sd_un.flag)
-#define I_ROOTPW                25
-#define def_runaspw             (sudo_defs_table[26].sd_un.flag)
-#define I_RUNASPW               26
-#define def_targetpw            (sudo_defs_table[27].sd_un.flag)
-#define I_TARGETPW              27
-#define def_use_loginclass      (sudo_defs_table[28].sd_un.flag)
-#define I_USE_LOGINCLASS        28
-#define def_set_logname         (sudo_defs_table[29].sd_un.flag)
-#define I_SET_LOGNAME           29
-#define def_stay_setuid         (sudo_defs_table[30].sd_un.flag)
-#define I_STAY_SETUID           30
-#define def_preserve_groups     (sudo_defs_table[31].sd_un.flag)
-#define I_PRESERVE_GROUPS       31
-#define def_loglinelen          (sudo_defs_table[32].sd_un.uival)
-#define I_LOGLINELEN            32
-#define def_timestamp_timeout   (sudo_defs_table[33].sd_un.fval)
-#define I_TIMESTAMP_TIMEOUT     33
-#define def_passwd_timeout      (sudo_defs_table[34].sd_un.fval)
-#define I_PASSWD_TIMEOUT        34
-#define def_passwd_tries        (sudo_defs_table[35].sd_un.uival)
-#define I_PASSWD_TRIES          35
-#define def_umask               (sudo_defs_table[36].sd_un.mode)
-#define I_UMASK                 36
-#define def_logfile             (sudo_defs_table[37].sd_un.str)
-#define I_LOGFILE               37
-#define def_mailerpath          (sudo_defs_table[38].sd_un.str)
-#define I_MAILERPATH            38
-#define def_mailerflags         (sudo_defs_table[39].sd_un.str)
-#define I_MAILERFLAGS           39
-#define def_mailto              (sudo_defs_table[40].sd_un.str)
-#define I_MAILTO                40
-#define def_mailfrom            (sudo_defs_table[41].sd_un.str)
-#define I_MAILFROM              41
-#define def_mailsub             (sudo_defs_table[42].sd_un.str)
-#define I_MAILSUB               42
-#define def_badpass_message     (sudo_defs_table[43].sd_un.str)
-#define I_BADPASS_MESSAGE       43
-#define def_lecture_status_dir  (sudo_defs_table[44].sd_un.str)
-#define I_LECTURE_STATUS_DIR    44
-#define def_timestampdir        (sudo_defs_table[45].sd_un.str)
-#define I_TIMESTAMPDIR          45
-#define def_timestampowner      (sudo_defs_table[46].sd_un.str)
-#define I_TIMESTAMPOWNER        46
-#define def_exempt_group        (sudo_defs_table[47].sd_un.str)
-#define I_EXEMPT_GROUP          47
-#define def_passprompt          (sudo_defs_table[48].sd_un.str)
-#define I_PASSPROMPT            48
-#define def_passprompt_override (sudo_defs_table[49].sd_un.flag)
-#define I_PASSPROMPT_OVERRIDE   49
-#define def_runas_default       (sudo_defs_table[50].sd_un.str)
-#define I_RUNAS_DEFAULT         50
-#define def_secure_path         (sudo_defs_table[51].sd_un.str)
-#define I_SECURE_PATH           51
-#define def_editor              (sudo_defs_table[52].sd_un.str)
-#define I_EDITOR                52
-#define def_listpw              (sudo_defs_table[53].sd_un.tuple)
-#define I_LISTPW                53
-#define def_verifypw            (sudo_defs_table[54].sd_un.tuple)
-#define I_VERIFYPW              54
-#define def_noexec              (sudo_defs_table[55].sd_un.flag)
-#define I_NOEXEC                55
-#define def_ignore_local_sudoers (sudo_defs_table[56].sd_un.flag)
-#define I_IGNORE_LOCAL_SUDOERS  56
-#define def_closefrom           (sudo_defs_table[57].sd_un.ival)
-#define I_CLOSEFROM             57
-#define def_closefrom_override  (sudo_defs_table[58].sd_un.flag)
-#define I_CLOSEFROM_OVERRIDE    58
-#define def_setenv              (sudo_defs_table[59].sd_un.flag)
-#define I_SETENV                59
-#define def_env_reset           (sudo_defs_table[60].sd_un.flag)
-#define I_ENV_RESET             60
-#define def_env_check           (sudo_defs_table[61].sd_un.list)
-#define I_ENV_CHECK             61
-#define def_env_delete          (sudo_defs_table[62].sd_un.list)
-#define I_ENV_DELETE            62
-#define def_env_keep            (sudo_defs_table[63].sd_un.list)
-#define I_ENV_KEEP              63
-#define def_role                (sudo_defs_table[64].sd_un.str)
-#define I_ROLE                  64
-#define def_type                (sudo_defs_table[65].sd_un.str)
-#define I_TYPE                  65
-#define def_env_file            (sudo_defs_table[66].sd_un.str)
-#define I_ENV_FILE              66
-#define def_sudoers_locale      (sudo_defs_table[67].sd_un.str)
-#define I_SUDOERS_LOCALE        67
-#define def_visiblepw           (sudo_defs_table[68].sd_un.flag)
-#define I_VISIBLEPW             68
-#define def_pwfeedback          (sudo_defs_table[69].sd_un.flag)
-#define I_PWFEEDBACK            69
-#define def_fast_glob           (sudo_defs_table[70].sd_un.flag)
-#define I_FAST_GLOB             70
-#define def_umask_override      (sudo_defs_table[71].sd_un.flag)
-#define I_UMASK_OVERRIDE        71
-#define def_log_input           (sudo_defs_table[72].sd_un.flag)
-#define I_LOG_INPUT             72
-#define def_log_output          (sudo_defs_table[73].sd_un.flag)
-#define I_LOG_OUTPUT            73
-#define def_compress_io         (sudo_defs_table[74].sd_un.flag)
-#define I_COMPRESS_IO           74
-#define def_use_pty             (sudo_defs_table[75].sd_un.flag)
-#define I_USE_PTY               75
-#define def_group_plugin        (sudo_defs_table[76].sd_un.str)
-#define I_GROUP_PLUGIN          76
-#define def_iolog_dir           (sudo_defs_table[77].sd_un.str)
-#define I_IOLOG_DIR             77
-#define def_iolog_file          (sudo_defs_table[78].sd_un.str)
-#define I_IOLOG_FILE            78
-#define def_set_utmp            (sudo_defs_table[79].sd_un.flag)
-#define I_SET_UTMP              79
-#define def_utmp_runas          (sudo_defs_table[80].sd_un.flag)
-#define I_UTMP_RUNAS            80
-#define def_privs               (sudo_defs_table[81].sd_un.str)
-#define I_PRIVS                 81
-#define def_limitprivs          (sudo_defs_table[82].sd_un.str)
-#define I_LIMITPRIVS            82
-#define def_exec_background     (sudo_defs_table[83].sd_un.flag)
-#define I_EXEC_BACKGROUND       83
-#define def_pam_service         (sudo_defs_table[84].sd_un.str)
-#define I_PAM_SERVICE           84
-#define def_pam_login_service   (sudo_defs_table[85].sd_un.str)
-#define I_PAM_LOGIN_SERVICE     85
-#define def_pam_setcred         (sudo_defs_table[86].sd_un.flag)
-#define I_PAM_SETCRED           86
-#define def_pam_session         (sudo_defs_table[87].sd_un.flag)
-#define I_PAM_SESSION           87
-#define def_maxseq              (sudo_defs_table[88].sd_un.uival)
-#define I_MAXSEQ                88
-#define def_use_netgroups       (sudo_defs_table[89].sd_un.flag)
-#define I_USE_NETGROUPS         89
+#define def_mail_all_cmnds      (sudo_defs_table[10].sd_un.flag)
+#define I_MAIL_ALL_CMNDS        10
+#define def_tty_tickets         (sudo_defs_table[11].sd_un.flag)
+#define I_TTY_TICKETS           11
+#define def_lecture             (sudo_defs_table[12].sd_un.tuple)
+#define I_LECTURE               12
+#define def_lecture_file        (sudo_defs_table[13].sd_un.str)
+#define I_LECTURE_FILE          13
+#define def_authenticate        (sudo_defs_table[14].sd_un.flag)
+#define I_AUTHENTICATE          14
+#define def_root_sudo           (sudo_defs_table[15].sd_un.flag)
+#define I_ROOT_SUDO             15
+#define def_log_host            (sudo_defs_table[16].sd_un.flag)
+#define I_LOG_HOST              16
+#define def_log_year            (sudo_defs_table[17].sd_un.flag)
+#define I_LOG_YEAR              17
+#define def_shell_noargs        (sudo_defs_table[18].sd_un.flag)
+#define I_SHELL_NOARGS          18
+#define def_set_home            (sudo_defs_table[19].sd_un.flag)
+#define I_SET_HOME              19
+#define def_always_set_home     (sudo_defs_table[20].sd_un.flag)
+#define I_ALWAYS_SET_HOME       20
+#define def_path_info           (sudo_defs_table[21].sd_un.flag)
+#define I_PATH_INFO             21
+#define def_fqdn                (sudo_defs_table[22].sd_un.flag)
+#define I_FQDN                  22
+#define def_insults             (sudo_defs_table[23].sd_un.flag)
+#define I_INSULTS               23
+#define def_requiretty          (sudo_defs_table[24].sd_un.flag)
+#define I_REQUIRETTY            24
+#define def_env_editor          (sudo_defs_table[25].sd_un.flag)
+#define I_ENV_EDITOR            25
+#define def_rootpw              (sudo_defs_table[26].sd_un.flag)
+#define I_ROOTPW                26
+#define def_runaspw             (sudo_defs_table[27].sd_un.flag)
+#define I_RUNASPW               27
+#define def_targetpw            (sudo_defs_table[28].sd_un.flag)
+#define I_TARGETPW              28
+#define def_use_loginclass      (sudo_defs_table[29].sd_un.flag)
+#define I_USE_LOGINCLASS        29
+#define def_set_logname         (sudo_defs_table[30].sd_un.flag)
+#define I_SET_LOGNAME           30
+#define def_stay_setuid         (sudo_defs_table[31].sd_un.flag)
+#define I_STAY_SETUID           31
+#define def_preserve_groups     (sudo_defs_table[32].sd_un.flag)
+#define I_PRESERVE_GROUPS       32
+#define def_loglinelen          (sudo_defs_table[33].sd_un.uival)
+#define I_LOGLINELEN            33
+#define def_timestamp_timeout   (sudo_defs_table[34].sd_un.fval)
+#define I_TIMESTAMP_TIMEOUT     34
+#define def_passwd_timeout      (sudo_defs_table[35].sd_un.fval)
+#define I_PASSWD_TIMEOUT        35
+#define def_passwd_tries        (sudo_defs_table[36].sd_un.uival)
+#define I_PASSWD_TRIES          36
+#define def_umask               (sudo_defs_table[37].sd_un.mode)
+#define I_UMASK                 37
+#define def_logfile             (sudo_defs_table[38].sd_un.str)
+#define I_LOGFILE               38
+#define def_mailerpath          (sudo_defs_table[39].sd_un.str)
+#define I_MAILERPATH            39
+#define def_mailerflags         (sudo_defs_table[40].sd_un.str)
+#define I_MAILERFLAGS           40
+#define def_mailto              (sudo_defs_table[41].sd_un.str)
+#define I_MAILTO                41
+#define def_mailfrom            (sudo_defs_table[42].sd_un.str)
+#define I_MAILFROM              42
+#define def_mailsub             (sudo_defs_table[43].sd_un.str)
+#define I_MAILSUB               43
+#define def_badpass_message     (sudo_defs_table[44].sd_un.str)
+#define I_BADPASS_MESSAGE       44
+#define def_lecture_status_dir  (sudo_defs_table[45].sd_un.str)
+#define I_LECTURE_STATUS_DIR    45
+#define def_timestampdir        (sudo_defs_table[46].sd_un.str)
+#define I_TIMESTAMPDIR          46
+#define def_timestampowner      (sudo_defs_table[47].sd_un.str)
+#define I_TIMESTAMPOWNER        47
+#define def_exempt_group        (sudo_defs_table[48].sd_un.str)
+#define I_EXEMPT_GROUP          48
+#define def_passprompt          (sudo_defs_table[49].sd_un.str)
+#define I_PASSPROMPT            49
+#define def_passprompt_override (sudo_defs_table[50].sd_un.flag)
+#define I_PASSPROMPT_OVERRIDE   50
+#define def_runas_default       (sudo_defs_table[51].sd_un.str)
+#define I_RUNAS_DEFAULT         51
+#define def_secure_path         (sudo_defs_table[52].sd_un.str)
+#define I_SECURE_PATH           52
+#define def_editor              (sudo_defs_table[53].sd_un.str)
+#define I_EDITOR                53
+#define def_listpw              (sudo_defs_table[54].sd_un.tuple)
+#define I_LISTPW                54
+#define def_verifypw            (sudo_defs_table[55].sd_un.tuple)
+#define I_VERIFYPW              55
+#define def_noexec              (sudo_defs_table[56].sd_un.flag)
+#define I_NOEXEC                56
+#define def_ignore_local_sudoers (sudo_defs_table[57].sd_un.flag)
+#define I_IGNORE_LOCAL_SUDOERS  57
+#define def_closefrom           (sudo_defs_table[58].sd_un.ival)
+#define I_CLOSEFROM             58
+#define def_closefrom_override  (sudo_defs_table[59].sd_un.flag)
+#define I_CLOSEFROM_OVERRIDE    59
+#define def_setenv              (sudo_defs_table[60].sd_un.flag)
+#define I_SETENV                60
+#define def_env_reset           (sudo_defs_table[61].sd_un.flag)
+#define I_ENV_RESET             61
+#define def_env_check           (sudo_defs_table[62].sd_un.list)
+#define I_ENV_CHECK             62
+#define def_env_delete          (sudo_defs_table[63].sd_un.list)
+#define I_ENV_DELETE            63
+#define def_env_keep            (sudo_defs_table[64].sd_un.list)
+#define I_ENV_KEEP              64
+#define def_role                (sudo_defs_table[65].sd_un.str)
+#define I_ROLE                  65
+#define def_type                (sudo_defs_table[66].sd_un.str)
+#define I_TYPE                  66
+#define def_env_file            (sudo_defs_table[67].sd_un.str)
+#define I_ENV_FILE              67
+#define def_sudoers_locale      (sudo_defs_table[68].sd_un.str)
+#define I_SUDOERS_LOCALE        68
+#define def_visiblepw           (sudo_defs_table[69].sd_un.flag)
+#define I_VISIBLEPW             69
+#define def_pwfeedback          (sudo_defs_table[70].sd_un.flag)
+#define I_PWFEEDBACK            70
+#define def_fast_glob           (sudo_defs_table[71].sd_un.flag)
+#define I_FAST_GLOB             71
+#define def_umask_override      (sudo_defs_table[72].sd_un.flag)
+#define I_UMASK_OVERRIDE        72
+#define def_log_input           (sudo_defs_table[73].sd_un.flag)
+#define I_LOG_INPUT             73
+#define def_log_output          (sudo_defs_table[74].sd_un.flag)
+#define I_LOG_OUTPUT            74
+#define def_compress_io         (sudo_defs_table[75].sd_un.flag)
+#define I_COMPRESS_IO           75
+#define def_use_pty             (sudo_defs_table[76].sd_un.flag)
+#define I_USE_PTY               76
+#define def_group_plugin        (sudo_defs_table[77].sd_un.str)
+#define I_GROUP_PLUGIN          77
+#define def_iolog_dir           (sudo_defs_table[78].sd_un.str)
+#define I_IOLOG_DIR             78
+#define def_iolog_file          (sudo_defs_table[79].sd_un.str)
+#define I_IOLOG_FILE            79
+#define def_set_utmp            (sudo_defs_table[80].sd_un.flag)
+#define I_SET_UTMP              80
+#define def_utmp_runas          (sudo_defs_table[81].sd_un.flag)
+#define I_UTMP_RUNAS            81
+#define def_privs               (sudo_defs_table[82].sd_un.str)
+#define I_PRIVS                 82
+#define def_limitprivs          (sudo_defs_table[83].sd_un.str)
+#define I_LIMITPRIVS            83
+#define def_exec_background     (sudo_defs_table[84].sd_un.flag)
+#define I_EXEC_BACKGROUND       84
+#define def_pam_service         (sudo_defs_table[85].sd_un.str)
+#define I_PAM_SERVICE           85
+#define def_pam_login_service   (sudo_defs_table[86].sd_un.str)
+#define I_PAM_LOGIN_SERVICE     86
+#define def_pam_setcred         (sudo_defs_table[87].sd_un.flag)
+#define I_PAM_SETCRED           87
+#define def_pam_session         (sudo_defs_table[88].sd_un.flag)
+#define I_PAM_SESSION           88
+#define def_maxseq              (sudo_defs_table[89].sd_un.uival)
+#define I_MAXSEQ                89
+#define def_use_netgroups       (sudo_defs_table[90].sd_un.flag)
+#define I_USE_NETGROUPS         90
 
 enum def_tuple {
        never,

diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index 836e885d3b0bec5f38fa2889a81153077dd54027..c0a10ecfbbe4e255a8e695814424353d67407440 100644 (file)
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -40,6 +40,9 @@ mail_no_host
 mail_no_perms
        T_FLAG
        "Send mail if the user is not allowed to run a command"
+mail_all_cmnds
+       T_FLAG
+       "Send mail if the user tries to run a command"
 tty_tickets
        T_FLAG
        "Use a separate timestamp for each user/tty combo"

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 2b6693178216ce245dfca26587b3399b46f8193d..9b173f7d9925e15549abef1c8b9810e79396a467 100644 (file)
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -364,7 +364,7 @@ log_auth_failure(int status, unsigned int tries)
            SET(flags, SLOG_SEND_MAIL);
     } else {
        /* Command denied, auth failed; make sure we don't send mail twice. */
-       if ((def_mail_badpass || def_mail_always) && !should_mail(status))
+       if (def_mail_badpass && !should_mail(status))
            SET(flags, SLOG_SEND_MAIL);
        /* Don't log the bad password message, we'll log a denial instead. */
        SET(flags, SLOG_NO_LOG);
@@ -756,11 +756,8 @@ should_mail(int status)
 {
     debug_decl(should_mail, SUDOERS_DEBUG_LOGGING)
 
-    /* Never send mail about the "sudo -l" and "sudo -v" pseudo-commands. */
-    if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
-       debug_return_bool(false);
-
     debug_return_bool(def_mail_always ||
+       (def_mail_all_cmnds && ISSET(sudo_mode, (MODE_RUN|MODE_EDIT))) ||
        (def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
        (def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||
        (def_mail_no_perms && !ISSET(status, VALIDATE_SUCCESS)));