Allow syslog priority to be negated or set to "none" to disable

logging successes or failures.
2016-11-30 16:26:10 -07:00
parent cb1f044017
commit 00b6be9dfa
7 changed files with 62 additions and 25 deletions
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1655,17 +1655,25 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                       not specified on the command line.  This defaults to
                       root.

-     syslog_badpri     Syslog priority to use when user authenticates
-                       unsuccessfully.  Defaults to alert.
+     syslog_badpri     Syslog priority to use when the user is not allowed to
+                       run a command or when authentication is unsuccessful.
+                       Defaults to alert.

                       The following syslog priorities are supported: aalleerrtt,
-                       ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and wwaarrnniinngg.
+                       ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, wwaarrnniinngg, and
+                       nnoonnee.  Negating the option or setting it to a value of
+                       nnoonnee will disable logging of unsuccessful commands.

-     syslog_goodpri    Syslog priority to use when user authenticates
-                       successfully.  Defaults to notice.
+     syslog_goodpri    Syslog priority to use when the user is allowed to run
+                       a command and authentication is successful.  Defaults
+                       to notice.

                       See _s_y_s_l_o_g___b_a_d_p_r_i for the list of supported syslog
-                       priorities.
+                       priorities.  Negating the option or setting it to a
+                       value of nnoonnee will disable logging of successful
+                       commands.
+
+     syslog_goodpri

     syslog_maxlen     On many systems, syslog(3) has a relatively small log
                       buffer.  IETF RFC 5424 states that syslog servers must
@@ -2632,4 +2640,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or https://www.sudo.ws/license.html for
     complete details.

-Sudo 1.8.19                    November 7, 2016                    Sudo 1.8.19
+Sudo 1.8.19                    November 30, 2016                   Sudo 1.8.19
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "November 7, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "November 30, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -3368,7 +3368,8 @@ This defaults to
 \fR@runas_default@\fR.
 .TP 18n
 syslog_badpri
-Syslog priority to use when user authenticates unsuccessfully.
+Syslog priority to use when the user is not allowed to run a command or
+when authentication is unsuccessful.
 Defaults to
 \fR@badpri@\fR.
 .sp
@@ -3380,17 +3381,27 @@ The following syslog priorities are supported:
 \fBerr\fR,
 \fBinfo\fR,
 \fBnotice\fR,
+\fBwarning\fR,
 and
-\fBwarning\fR.
+\fBnone\fR.
+Negating the option or setting it to a value of
+\fBnone\fR
+will disable logging of unsuccessful commands.
 .TP 18n
 syslog_goodpri
-Syslog priority to use when user authenticates successfully.
+Syslog priority to use when the user is allowed to run a command and
+authentication is successful.
 Defaults to
 \fR@goodpri@\fR.
 .sp
 See
 \fIsyslog_badpri\fR
 for the list of supported syslog priorities.
+Negating the option or setting it to a value of
+\fBnone\fR
+will disable logging of successful commands.
+.TP 18n
+syslog_goodpri
 .TP 18n
 syslog_maxlen
 On many systems,
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd November 7, 2016
+.Dd November 30, 2016
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -3145,7 +3145,8 @@ option is not specified on the command line.
 This defaults to
 .Li @runas_default@ .
 .It syslog_badpri
-Syslog priority to use when user authenticates unsuccessfully.
+Syslog priority to use when the user is not allowed to run a command or
+when authentication is unsuccessful.
 Defaults to
 .Li @badpri@ .
 .Pp
@@ -3157,16 +3158,25 @@ The following syslog priorities are supported:
 .Sy err ,
 .Sy info ,
 .Sy notice ,
+.Sy warning ,
 and
-.Sy warning .
+.Sy none .
+Negating the option or setting it to a value of
+.Sy none
+will disable logging of unsuccessful commands.
 .It syslog_goodpri
-Syslog priority to use when user authenticates successfully.
+Syslog priority to use when the user is allowed to run a command and
+authentication is successful.
 Defaults to
 .Li @goodpri@ .
 .Pp
 See
 .Em syslog_badpri
 for the list of supported syslog priorities.
+Negating the option or setting it to a value of
+.Sy none
+will disable logging of successful commands.
+.It syslog_goodpri
 .It syslog_maxlen
 On many systems,
 .Xr syslog 3
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -27,11 +27,11 @@ struct sudo_defs_types sudo_defs_table[] = {
 	N_("Syslog facility if syslog is being used for logging: %s"),
 	NULL,
    }, {
-	"syslog_goodpri", T_LOGPRI,
+	"syslog_goodpri", T_LOGPRI|T_BOOL,
 	N_("Syslog priority to use when user authenticates successfully: %s"),
 	NULL,
    }, {
-	"syslog_badpri", T_LOGPRI,
+	"syslog_badpri", T_LOGPRI|T_BOOL,
 	N_("Syslog priority to use when user authenticates unsuccessfully: %s"),
 	NULL,
    }, {
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -14,10 +14,10 @@ syslog
 	T_LOGFAC|T_BOOL
 	"Syslog facility if syslog is being used for logging: %s"
 syslog_goodpri
-	T_LOGPRI
+	T_LOGPRI|T_BOOL
 	"Syslog priority to use when user authenticates successfully: %s"
 syslog_badpri
-	T_LOGPRI
+	T_LOGPRI|T_BOOL
 	"Syslog priority to use when user authenticates unsuccessfully: %s"
 long_otp_prompt
 	T_FLAG
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -74,6 +74,7 @@ static struct strmap priorities[] = {
 	{ "info",	LOG_INFO },
 	{ "notice",	LOG_NOTICE },
 	{ "warning",	LOG_WARNING },
+	{ "none",	-1 },
 	{ NULL,		-1 }
 };

@@ -936,9 +937,10 @@ store_syslogpri(const char *str, union sudo_defs_val *sd_un)
    struct strmap *pri;
    debug_decl(store_syslogpri, SUDOERS_DEBUG_DEFAULTS)

-    if (str == NULL)
-	debug_return_bool(false);
-
+    if (str == NULL) {
+	sd_un->ival = -1;
+	debug_return_bool(true);
+    }
    for (pri = priorities; pri->name != NULL; pri++) {
 	if (strcmp(str, pri->name) != 0) {
 	    sd_un->ival = pri->num;
@@ -954,9 +956,11 @@ logpri2str(int n)
    struct strmap *pri;
    debug_decl(logpri2str, SUDOERS_DEBUG_DEFAULTS)

-    for (pri = priorities; pri->name && pri->num != n; pri++)
-	continue;
-    debug_return_const_str(pri->name);
+    for (pri = priorities; pri->name != NULL; pri++) {
+	if (pri->num == n)
+	    debug_return_const_str(pri->name);
+    }
+    debug_return_const_str("unknown");
 }

 static bool
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -94,6 +94,10 @@ do_syslog(int pri, char *msg)
    int oldlocale;
    debug_decl(do_syslog, SUDOERS_DEBUG_LOGGING)

+    /* A priority of -1 corresponds to "none". */
+    if (pri == -1)
+	debug_return;
+
    sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);

    /*