From: kn <kn>
Date: Fri, 9 Oct 2020 00:04:05 +0000 (+0000)
Subject: Improve error message on missing permission
X-Git-Tag: v6.8~28
X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=7441dfc4da8c9474ee767464dabe73ca90ff42ae;hp=1ae55876daaf1d2d02e6261db7b6dd08c41b8fcb

Improve error message on missing permission

In case "cmd" (and "args") in doas.conf(5) mismatch, the log syslog(3)
message might be read as if the command was executed but failed, i.e.
returned non-zero.

Be unambiguous and help admins spot execution *attempts* as such:

-Oct  9 01:05:20 eru doas: failed command for kn: echo bar
+Oct  9 01:05:20 eru doas: command not permitted for kn: echo bar

OK tedu deraadt
---

diff --git a/doas.c b/doas.c
index 008132b..8275fe1 100644
--- a/doas.c
+++ b/doas.c
@@ -340,7 +340,7 @@ main(int argc, char **argv)
 	if (!permit(uid, groups, ngroups, &rule, target, cmd,
 	    (const char **)argv + 1)) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
-		    "failed command for %s: %s", mypw->pw_name, cmdline);
+		    "command not permitted for %s: %s", mypw->pw_name, cmdline);
 		errc(1, EPERM, NULL);
 	}