Do not inform the user that the command was not permitted by the

policy if they do not successfully authenticate.  This is a regression
introduced in sudo 1.8.6.

diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c
index d2dcca3536b89553293b3abc9a8be57c78862c86..e6baadb9b6a158c014eb6e9fbed8918a7975e213 100644 (file)
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -26,6 +26,11 @@
 #  include <stdlib.h>
 # endif
 #endif /* STDC_HEADERS */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
 #include <stdarg.h>
 
 #include "missing.h"

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index a2b577ddbb23f08bf2d3cc1af4a274a64fd47f30..f316a18aa17adf85cc99ec41e0c3d59db8af5a1c 100644 (file)
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -247,14 +247,20 @@ do_logfile(char *msg)
 }
 
 /*
- * Log and mail the denial message, optionally informing the user.
+ * Log, audit and mail the denial message, optionally informing the user.
  */
-static void
+void
 log_denial(int status, bool inform_user)
 {
     char *logline, *message;
     debug_decl(log_denial, SUDO_DEBUG_LOGGING)
 
+    /* Handle auditing first. */
+    if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
+       audit_failure(NewArgv, _("No user or host"));
+    else
+       audit_failure(NewArgv, _("validation failure"));
+
     /* Set error message. */
     if (ISSET(status, FLAG_NO_USER))
        message = _("user NOT in sudoers");
@@ -312,12 +318,6 @@ log_failure(int status, int flags)
     debug_decl(log_failure, SUDO_DEBUG_LOGGING)
     bool inform_user = true;
 
-    /* Handle auditing first. */
-    if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
-       audit_failure(NewArgv, _("No user or host"));
-    else
-       audit_failure(NewArgv, _("validation failure"));
-
     /* The user doesn't always get to see the log message (path info). */
     if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
        (flags == NOT_FOUND_DOT || flags == NOT_FOUND))

diff --git a/plugins/sudoers/logging.h b/plugins/sudoers/logging.h
index 648c2f6016c0bf176d8c24c9e403b12094a9f20f..81b73c0c4faf048f44866283886e4b0f1c2fd89b 100644 (file)
--- a/plugins/sudoers/logging.h
+++ b/plugins/sudoers/logging.h
@@ -56,6 +56,7 @@ void audit_success(char *exec_args[]);
 void audit_failure(char *exec_args[], char const *const fmt, ...);
 void log_allowed(int status);
 void log_auth_failure(int status, int tries);
+void log_denial(int status, bool inform_user);
 void log_failure(int status, int flags);
 void log_error(int flags, const char *fmt, ...) __printflike(2, 3);
 void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__));

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index f6f16644f206c997416e07f19995d2ff57111b34..a112f0f5c3273bd3f5bce11529b4595d9658eb86 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -379,7 +379,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
     rval = check_user(validated, sudo_mode);
     if (rval != true) {
        if (!ISSET(validated, VALIDATE_OK))
-           log_failure(validated, cmnd_status);
+           log_denial(validated, false);
        goto done;
     }