Do not send mail for "sudo -nv" or "sudo -nl"

This avoids sending mail for users running "sudo -nv" or "sudo -nl"
even when mail_badpass or mail_always are enabled.  We already avoid
logging in that case but mailing was not disabled when that change
was made.  Bug #1072.

Author: millert

plugins/sudoers/logging.c

@@ -507,15 +507,6 @@ log_auth_failure(const struct sudoers_context *ctx, unsigned int status,
     /* Do auditing first (audit_failure() handles the locale itself). */
     audit_failure(ctx, ctx->runas.argv, "%s", N_("authentication failure"));
 
-    if (ISSET(status, FLAG_NO_USER_INPUT)) {
-	/* For "sudo -n", only log the entry if an actual command was run. */
-	if (ISSET(ctx->mode, MODE_LIST|MODE_VALIDATE))
-	    logit = false;
-    } else if (!ISSET(status, FLAG_BAD_PASSWORD)) {
-	/* Authenticated OK, sudoers denials are logged separately. */
-	logit = false;
-    }
-
     /*
      * Do we need to send mail?
      * We want to avoid sending multiple messages for the same command
@@ -536,6 +527,18 @@ log_auth_failure(const struct sudoers_context *ctx, unsigned int status,
 	logit = false;
     }
 
+    /* Special case overrides for logging and mailing. */
+    if (ISSET(status, FLAG_NO_USER_INPUT)) {
+	/* For "sudo -n", only log the entry if an actual command was run. */
+	if (ISSET(ctx->mode, MODE_LIST|MODE_VALIDATE)) {
+	    logit = false;
+	    mailit = false;
+	}
+    } else if (!ISSET(status, FLAG_BAD_PASSWORD)) {
+	/* Authenticated OK, sudoers denials are logged separately. */
+	logit = false;
+    }
+
     if (logit || mailit) {
 	/* Log and mail messages should be in the sudoers locale. */
 	sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);