isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add mail_badpass option

Browse Source 
Also modify mail_always behavior to also send mail when the password is wrong
This commit is contained in:
Todd C. Miller
2001-11-12 18:13:03 +00:00
parent 63ae9ec2ad
commit de9d655ea6
5 changed files with 74 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
auth/sudo_auth.c
View File

@@ -99,9 +99,10 @@ verify_user(pw, prompt)
struct passwd *pw; struct passwd *pw;
char *prompt; char *prompt;
{ {
short counter = def_ival(I_PASSWD_TRIES) + 1; int counter = def_ival(I_PASSWD_TRIES) + 1;
short success = AUTH_FAILURE; int success = AUTH_FAILURE;
short status; int status;
int flags;
char *p; char *p;
sudo_auth *auth; sudo_auth *auth;
@@ -213,7 +214,11 @@ cleanup:
case AUTH_SUCCESS: case AUTH_SUCCESS:
return; return;
case AUTH_FAILURE: case AUTH_FAILURE:
log_error(NO_MAIL, "%d incorrect password attempt%s", if (def_flag(I_MAIL_BADPASS) || def_flag(I_MAIL_ALWAYS))
flags = 0;
else
flags = NO_MAIL;
log_error(flags, "%d incorrect password attempt%s",
def_ival(I_PASSWD_TRIES) - counter, def_ival(I_PASSWD_TRIES) - counter,
(def_ival(I_PASSWD_TRIES) - counter == 1) ? "" : "s"); (def_ival(I_PASSWD_TRIES) - counter == 1) ? "" : "s");
case AUTH_FATAL: case AUTH_FATAL:

6
def_data.c
View File

@@ -26,6 +26,9 @@ struct sudo_defs_types sudo_defs_table[] = {
}, { }, {
"mail_always", T_FLAG, "mail_always", T_FLAG,
"Always send mail when sudo is run" "Always send mail when sudo is run"
}, {
"mail_badpass", T_FLAG,
"Send mail if user authentication fails"
}, { }, {
"mail_no_user", T_FLAG, "mail_no_user", T_FLAG,
"Send mail if the user is not in sudoers" "Send mail if the user is not in sudoers"
@@ -149,6 +152,9 @@ struct sudo_defs_types sudo_defs_table[] = {
}, { }, {
"editor", T_STR|T_PATH, "editor", T_STR|T_PATH,
"Path to the editor for use by visudo: %s" "Path to the editor for use by visudo: %s"
}, {
"env_delete", T_STR|T_BOOL,
"Environment variables to remove: %s"
}, { }, {
"env_keep", T_STR|T_BOOL, "env_keep", T_STR|T_BOOL,
"Environment variables to preserve: %s" "Environment variables to preserve: %s"

94
def_data.h
View File

@@ -7,49 +7,51 @@
#define I_LONG_OTP_PROMPT 6 #define I_LONG_OTP_PROMPT 6
#define I_IGNORE_DOT 7 #define I_IGNORE_DOT 7
#define I_MAIL_ALWAYS 8 #define I_MAIL_ALWAYS 8
#define I_MAIL_NO_USER 9 #define I_MAIL_BADPASS 9
#define I_MAIL_NO_HOST 10 #define I_MAIL_NO_USER 10
#define I_MAIL_NO_PERMS 11 #define I_MAIL_NO_HOST 11
#define I_TTY_TICKETS 12 #define I_MAIL_NO_PERMS 12
#define I_LECTURE 13 #define I_TTY_TICKETS 13
#define I_AUTHENTICATE 14 #define I_LECTURE 14
#define I_ROOT_SUDO 15 #define I_AUTHENTICATE 15
#define I_LOG_HOST 16 #define I_ROOT_SUDO 16
#define I_LOG_YEAR 17 #define I_LOG_HOST 17
#define I_SHELL_NOARGS 18 #define I_LOG_YEAR 18
#define I_SET_HOME 19 #define I_SHELL_NOARGS 19
#define I_ALWAYS_SET_HOME 20 #define I_SET_HOME 20
#define I_PATH_INFO 21 #define I_ALWAYS_SET_HOME 21
#define I_FQDN 22 #define I_PATH_INFO 22
#define I_INSULTS 23 #define I_FQDN 23
#define I_REQUIRETTY 24 #define I_INSULTS 24
#define I_ENV_EDITOR 25 #define I_REQUIRETTY 25
#define I_ROOTPW 26 #define I_ENV_EDITOR 26
#define I_RUNASPW 27 #define I_ROOTPW 27
#define I_TARGETPW 28 #define I_RUNASPW 28
#define I_USE_LOGINCLASS 29 #define I_TARGETPW 29
#define I_SET_LOGNAME 30 #define I_USE_LOGINCLASS 30
#define I_STAY_SETUID 31 #define I_SET_LOGNAME 31
#define I_ENV_RESET 32 #define I_STAY_SETUID 32
#define I_LOGLINELEN 33 #define I_ENV_RESET 33
#define I_TIMESTAMP_TIMEOUT 34 #define I_LOGLINELEN 34
#define I_PASSWD_TIMEOUT 35 #define I_TIMESTAMP_TIMEOUT 35
#define I_PASSWD_TRIES 36 #define I_PASSWD_TIMEOUT 36
#define I_UMASK 37 #define I_PASSWD_TRIES 37
#define I_LOGFILE 38 #define I_UMASK 38
#define I_MAILERPATH 39 #define I_LOGFILE 39
#define I_MAILERFLAGS 40 #define I_MAILERPATH 40
#define I_MAILTO 41 #define I_MAILERFLAGS 41
#define I_MAILSUB 42 #define I_MAILTO 42
#define I_BADPASS_MESSAGE 43 #define I_MAILSUB 43
#define I_TIMESTAMPDIR 44 #define I_BADPASS_MESSAGE 44
#define I_EXEMPT_GROUP 45 #define I_TIMESTAMPDIR 45
#define I_PASSPROMPT 46 #define I_EXEMPT_GROUP 46
#define I_RUNAS_DEFAULT 47 #define I_PASSPROMPT 47
#define I_SECURE_PATH 48 #define I_RUNAS_DEFAULT 48
#define I_EDITOR 49 #define I_SECURE_PATH 49
#define I_ENV_KEEP 50 #define I_EDITOR 50
#define I_LISTPW_I 51 #define I_ENV_DELETE 51
#define I_VERIFYPW_I 52 #define I_ENV_KEEP 52
#define I_LISTPW 53 #define I_LISTPW_I 53
#define I_VERIFYPW 54 #define I_VERIFYPW_I 54
#define I_LISTPW 55
#define I_VERIFYPW 56

6
def_data.in
View File

@@ -33,6 +33,9 @@ ignore_dot
mail_always mail_always
T_FLAG T_FLAG
"Always send mail when sudo is run" "Always send mail when sudo is run"
mail_badpass
T_FLAG
"Send mail if user authentication fails"
mail_no_user mail_no_user
T_FLAG T_FLAG
"Send mail if the user is not in sudoers" "Send mail if the user is not in sudoers"
@@ -156,6 +159,9 @@ secure_path
editor editor
T_STR|T_PATH T_STR|T_PATH
"Path to the editor for use by visudo: %s" "Path to the editor for use by visudo: %s"
env_delete
T_STR|T_BOOL
"Environment variables to remove: %s"
env_keep env_keep
T_STR|T_BOOL T_STR|T_BOOL
"Environment variables to preserve: %s" "Environment variables to preserve: %s"

5
sudoers.pod
View File

@@ -244,6 +244,11 @@ flag is I<@ignore_dot@> by default.
Send mail to the I<mailto> user every time a users runs B<sudo>. Send mail to the I<mailto> user every time a users runs B<sudo>.
This flag is I<off> by default. This flag is I<off> by default.
=item mail_badpass
Send mail to the I<mailto> user if the user running sudo does not
enter the correct password. This flag is I<off> by default.
=item mail_no_user =item mail_no_user
If set, mail will be sent to the I<mailto> user if the invoking If set, mail will be sent to the I<mailto> user if the invoking