diff options
-rw-r--r-- | plugins/sudoers/logging.c | 6 | ||||
-rw-r--r-- | plugins/sudoers/parse.c | 4 | ||||
-rw-r--r-- | plugins/sudoers/sudoers.c | 9 |
3 files changed, 13 insertions, 6 deletions
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index d427064c3..2518e9722 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -322,9 +322,9 @@ log_denial(int status, bool inform_user) "sudo on %s.\n"), user_name, user_srunhost); } else { sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed " - "to execute '%s%s%s' as %s%s%s on %s.\n"), - user_name, user_cmnd, user_args ? " " : "", - user_args ? user_args : "", + "to execute '%s%s%s%s' as %s%s%s on %s.\n"), + user_name, user_cmnd, list_cmnd ? list_cmnd : "", + user_args ? " " : "", user_args ? user_args : "", list_pw ? list_pw->pw_name : runas_pw ? runas_pw->pw_name : user_name, runas_gr ? ":" : "", runas_gr ? runas_gr->gr_name : "", user_host); diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index df5405709..ec1e2a09a 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -1067,8 +1067,8 @@ display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) break; } if (match == ALLOW) { - /* For "sudo -l cmd" user_args includes the command being checked. */ - const int len = sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", user_args); + const int len = sudo_printf(SUDO_CONV_INFO_MSG, "%s%s%s\n", + list_cmnd, user_args ? " " : "", user_args ? user_args : ""); ret = len < 0 ? -1 : true; } debug_return_int(ret); diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 9ae5f96c6..db659868e 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1079,7 +1079,14 @@ set_cmnd(void) /* set user_args */ free(user_args); user_args = NULL; - if (NewArgc > 1) { + if (ISSET(sudo_mode, MODE_CHECK)) { + if (NewArgc > 2) { + /* Skip the command being listed in NewArgv[1]. */ + user_args = strvec_join(NewArgv + 2, ' ', NULL); + if (user_args == NULL) + debug_return_int(NOT_FOUND_ERROR); + } + } else if (NewArgc > 1) { if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) && ISSET(sudo_mode, MODE_RUN)) { /* |