From 00b6be9dfaa54479ce1decb1a5dcb56a3b4f92b9 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 30 Nov 2016 16:26:10 -0700 Subject: [PATCH] Allow syslog priority to be negated or set to "none" to disable logging successes or failures. --- doc/sudoers.cat | 22 +++++++++++++++------- doc/sudoers.man.in | 19 +++++++++++++++---- doc/sudoers.mdoc.in | 18 ++++++++++++++---- plugins/sudoers/def_data.c | 4 ++-- plugins/sudoers/def_data.in | 4 ++-- plugins/sudoers/defaults.c | 16 ++++++++++------ plugins/sudoers/logging.c | 4 ++++ 7 files changed, 62 insertions(+), 25 deletions(-) diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 379a3ff89..76dbf28a8 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1655,17 +1655,25 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS not specified on the command line. This defaults to root. - syslog_badpri Syslog priority to use when user authenticates - unsuccessfully. Defaults to alert. + syslog_badpri Syslog priority to use when the user is not allowed to + run a command or when authentication is unsuccessful. + Defaults to alert. The following syslog priorities are supported: aalleerrtt, - ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and wwaarrnniinngg. + ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, wwaarrnniinngg, and + nnoonnee. Negating the option or setting it to a value of + nnoonnee will disable logging of unsuccessful commands. - syslog_goodpri Syslog priority to use when user authenticates - successfully. Defaults to notice. + syslog_goodpri Syslog priority to use when the user is allowed to run + a command and authentication is successful. Defaults + to notice. See _s_y_s_l_o_g___b_a_d_p_r_i for the list of supported syslog - priorities. + priorities. Negating the option or setting it to a + value of nnoonnee will disable logging of successful + commands. + + syslog_goodpri syslog_maxlen On many systems, syslog(3) has a relatively small log buffer. IETF RFC 5424 states that syslog servers must @@ -2632,4 +2640,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.19 November 7, 2016 Sudo 1.8.19 +Sudo 1.8.19 November 30, 2016 Sudo 1.8.19 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index a23a61f08..8673da07a 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "5" "November 7, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "5" "November 30, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -3368,7 +3368,8 @@ This defaults to \fR@runas_default@\fR. .TP 18n syslog_badpri -Syslog priority to use when user authenticates unsuccessfully. +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. Defaults to \fR@badpri@\fR. .sp @@ -3380,17 +3381,27 @@ The following syslog priorities are supported: \fBerr\fR, \fBinfo\fR, \fBnotice\fR, +\fBwarning\fR, and -\fBwarning\fR. +\fBnone\fR. +Negating the option or setting it to a value of +\fBnone\fR +will disable logging of unsuccessful commands. .TP 18n syslog_goodpri -Syslog priority to use when user authenticates successfully. +Syslog priority to use when the user is allowed to run a command and +authentication is successful. Defaults to \fR@goodpri@\fR. .sp See \fIsyslog_badpri\fR for the list of supported syslog priorities. +Negating the option or setting it to a value of +\fBnone\fR +will disable logging of successful commands. +.TP 18n +syslog_goodpri .TP 18n syslog_maxlen On many systems, diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index e0ab8a889..74b6f0117 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd November 7, 2016 +.Dd November 30, 2016 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -3145,7 +3145,8 @@ option is not specified on the command line. This defaults to .Li @runas_default@ . .It syslog_badpri -Syslog priority to use when user authenticates unsuccessfully. +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. Defaults to .Li @badpri@ . .Pp @@ -3157,16 +3158,25 @@ The following syslog priorities are supported: .Sy err , .Sy info , .Sy notice , +.Sy warning , and -.Sy warning . +.Sy none . +Negating the option or setting it to a value of +.Sy none +will disable logging of unsuccessful commands. .It syslog_goodpri -Syslog priority to use when user authenticates successfully. +Syslog priority to use when the user is allowed to run a command and +authentication is successful. Defaults to .Li @goodpri@ . .Pp See .Em syslog_badpri for the list of supported syslog priorities. +Negating the option or setting it to a value of +.Sy none +will disable logging of successful commands. +.It syslog_goodpri .It syslog_maxlen On many systems, .Xr syslog 3 diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c index bdcbbdb4c..00caa8b45 100644 --- a/plugins/sudoers/def_data.c +++ b/plugins/sudoers/def_data.c @@ -27,11 +27,11 @@ struct sudo_defs_types sudo_defs_table[] = { N_("Syslog facility if syslog is being used for logging: %s"), NULL, }, { - "syslog_goodpri", T_LOGPRI, + "syslog_goodpri", T_LOGPRI|T_BOOL, N_("Syslog priority to use when user authenticates successfully: %s"), NULL, }, { - "syslog_badpri", T_LOGPRI, + "syslog_badpri", T_LOGPRI|T_BOOL, N_("Syslog priority to use when user authenticates unsuccessfully: %s"), NULL, }, { diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index 2a16166c0..9f069f1ee 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -14,10 +14,10 @@ syslog T_LOGFAC|T_BOOL "Syslog facility if syslog is being used for logging: %s" syslog_goodpri - T_LOGPRI + T_LOGPRI|T_BOOL "Syslog priority to use when user authenticates successfully: %s" syslog_badpri - T_LOGPRI + T_LOGPRI|T_BOOL "Syslog priority to use when user authenticates unsuccessfully: %s" long_otp_prompt T_FLAG diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index a9a2aa2a6..66ef8540f 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -74,6 +74,7 @@ static struct strmap priorities[] = { { "info", LOG_INFO }, { "notice", LOG_NOTICE }, { "warning", LOG_WARNING }, + { "none", -1 }, { NULL, -1 } }; @@ -936,9 +937,10 @@ store_syslogpri(const char *str, union sudo_defs_val *sd_un) struct strmap *pri; debug_decl(store_syslogpri, SUDOERS_DEBUG_DEFAULTS) - if (str == NULL) - debug_return_bool(false); - + if (str == NULL) { + sd_un->ival = -1; + debug_return_bool(true); + } for (pri = priorities; pri->name != NULL; pri++) { if (strcmp(str, pri->name) != 0) { sd_un->ival = pri->num; @@ -954,9 +956,11 @@ logpri2str(int n) struct strmap *pri; debug_decl(logpri2str, SUDOERS_DEBUG_DEFAULTS) - for (pri = priorities; pri->name && pri->num != n; pri++) - continue; - debug_return_const_str(pri->name); + for (pri = priorities; pri->name != NULL; pri++) { + if (pri->num == n) + debug_return_const_str(pri->name); + } + debug_return_const_str("unknown"); } static bool diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 37d801ab7..1e68d6a1a 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -94,6 +94,10 @@ do_syslog(int pri, char *msg) int oldlocale; debug_decl(do_syslog, SUDOERS_DEBUG_LOGGING) + /* A priority of -1 corresponds to "none". */ + if (pri == -1) + debug_return; + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* -- 2.40.0