From: Todd C. Miller Date: Wed, 13 Feb 2008 12:28:37 +0000 (+0000) Subject: Remove dependence on VALIDATE_NOT_OK in logging functions. X-Git-Tag: SUDO_1_7_0~194 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=04bb8f00fcf061e00ebd903e40d1fb2377933fca;p=sudo Remove dependence on VALIDATE_NOT_OK in logging functions. Split log_auth() into log_allowed() and log_denial() Replace mail_auth() with should_mail() and a call to send_mail() --- diff --git a/logging.c b/logging.c index a7fd0d2af..f8dcce569 100644 --- a/logging.c +++ b/logging.c @@ -62,7 +62,7 @@ __unused static const char rcsid[] = "$Sudo$"; static void do_syslog __P((int, char *)); static void do_logfile __P((char *)); static void send_mail __P((char *)); -static void mail_auth __P((int, char *)); +static int should_mail __P((int)); static char *get_timestr __P((void)); static void mysyslog __P((int, const char *, ...)); static char *new_logline __P((const char *, int)); @@ -268,41 +268,31 @@ do_logfile(msg) } /* - * Two main functions, log_error() to log errors and log_auth() to - * log allow/deny messages. + * Log and mail the denial message, optionally informing the user. */ void -log_auth(status, inform_user) +log_denial(status, inform_user) int status; int inform_user; { char *message; char *logline; - int pri; - - if (ISSET(status, VALIDATE_OK)) - pri = def_syslog_goodpri; - else - pri = def_syslog_badpri; - /* Set error message, if any. */ - if (ISSET(status, VALIDATE_OK)) - message = NULL; - else if (ISSET(status, FLAG_NO_USER)) + /* Set error message. */ + if (ISSET(status, FLAG_NO_USER)) message = "user NOT in sudoers"; else if (ISSET(status, FLAG_NO_HOST)) message = "user NOT authorized on host"; - else if (ISSET(status, VALIDATE_NOT_OK)) - message = "command not allowed"; else - message = "unknown error"; + message = "command not allowed"; logline = new_logline(message, 0); - mail_auth(status, logline); /* send mail based on status */ + if (should_mail(status)) + send_mail(logline); /* send mail based on status */ /* Inform the user if they failed to authenticate. */ - if (inform_user && ISSET(status, VALIDATE_NOT_OK)) { + if (inform_user) { if (ISSET(status, FLAG_NO_USER)) (void) fprintf(stderr, "%s is not in the sudoers file. %s", user_name, "This incident will be reported.\n"); @@ -326,7 +316,32 @@ log_auth(status, inform_user) * Log via syslog and/or a file. */ if (def_syslog) - do_syslog(pri, logline); + do_syslog(def_syslog_badpri, logline); + if (def_logfile) + do_logfile(logline); + + efree(logline); +} + +/* + * Log and potentially mail the allowed command. + */ +void +log_allowed(status) + int status; +{ + char *logline; + + logline = new_logline(NULL, 0); + + if (should_mail(status)) + send_mail(logline); /* send mail based on status */ + + /* + * Log via syslog and/or a file. + */ + if (def_syslog) + do_syslog(def_syslog_goodpri, logline); if (def_logfile) do_logfile(logline); @@ -523,31 +538,17 @@ send_mail(line) } /* - * Send mail based on the value of "status" and compile-time options. + * Determine whether we should send mail based on "status" and defaults options. */ -static void -mail_auth(status, line) +static int +should_mail(status) int status; - char *line; { - int mail_mask; - - /* If any of these bits are set in status, we send mail. */ - if (def_mail_always) - mail_mask = - VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK; - else { - mail_mask = VALIDATE_ERROR; - if (def_mail_no_user) - SET(mail_mask, FLAG_NO_USER); - if (def_mail_no_host) - SET(mail_mask, FLAG_NO_HOST); - if (def_mail_no_perms) - SET(mail_mask, VALIDATE_NOT_OK); - } - if ((status & mail_mask) != 0) - send_mail(line); + return(def_mail_always || ISSET(status, VALIDATE_ERROR) || + (def_mail_no_user && ISSET(status, FLAG_NO_USER)) || + (def_mail_no_host && ISSET(status, FLAG_NO_HOST)) || + (def_mail_no_perms && !ISSET(status, VALIDATE_OK))); } /* diff --git a/logging.h b/logging.h index 8961d7c1f..3ca36ca98 100644 --- a/logging.h +++ b/logging.h @@ -48,7 +48,8 @@ # define MAXSYSLOGLEN 960 #endif -void log_auth __P((int, int)); +void log_allowed __P((int)); +void log_denial __P((int, int)); void log_error __P((int flags, const char *fmt, ...)) __printflike(2, 3); RETSIGTYPE reapchild __P((int)); diff --git a/sudo.c b/sudo.c index 714a5b6b6..073a98bdf 100644 --- a/sudo.c +++ b/sudo.c @@ -425,7 +425,7 @@ main(argc, argv, envp) validate_env_vars(sudo_user.env_vars); } - log_auth(validated, 1); + log_allowed(validated); if (sudo_mode == MODE_CHECK) rc = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw); else if (sudo_mode == MODE_LIST) @@ -514,8 +514,8 @@ main(argc, argv, envp) execv(_PATH_BSHELL, NewArgv); } warning("unable to execute %s", safe_cmnd); exit(127); - } else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) { - log_auth(validated, 1); + } else if (ISSET(validated, FLAG_NO_USER) || ISSET(validated, FLAG_NO_HOST)) { + log_denial(validated, 1); exit(1); } else { if (def_path_info) { @@ -526,7 +526,7 @@ main(argc, argv, envp) * is just "no foo in path" since the user can trivially set * their path to just contain a single dir. */ - log_auth(validated, + log_denial(validated, !(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND)); if (cmnd_status == NOT_FOUND) warningx("%s: command not found", user_cmnd); @@ -534,7 +534,7 @@ main(argc, argv, envp) warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); } else { /* Just tell the user they are not allowed to run foo. */ - log_auth(validated, 1); + log_denial(validated, 1); } exit(1); }