Add log_allowed and log_denied sudoers flags, defaulting to true.

2019-10-17 13:43:04 -06:00
parent 4229dfc566
commit cf6c60c102
8 changed files with 205 additions and 112 deletions
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -45,6 +45,9 @@ audit_success(int argc, char *argv[])
    int rc = 0;
    debug_decl(audit_success, SUDOERS_DEBUG_AUDIT)

+    if (!def_log_allowed)
+	debug_return_int(0);
+
    if (argv != NULL) {
 #ifdef HAVE_BSM_AUDIT
 	if (bsm_audit_success(argv) == -1)
@@ -69,6 +72,9 @@ audit_failure(int argc, char *argv[], char const *const fmt, ...)
    int rc = 0;
    debug_decl(audit_success, SUDOERS_DEBUG_AUDIT)

+    if (!def_log_denied)
+	debug_return_int(0);
+
 #if defined(HAVE_BSM_AUDIT) || defined(HAVE_LINUX_AUDIT)
    if (argv != NULL) {
 	va_list ap;