@@ -287,11 +287,12 @@ check_user_runchroot(void)
287287
288288 sudo_debug_printf (SUDO_DEBUG_INFO |SUDO_DEBUG_LINENO ,
289289 "def_runchroot %s, user_runchroot %s" ,
290- def_runchroot ? def_runchroot : "NULL" , user_runchroot );
290+ def_runchroot ? def_runchroot : "none" ,
291+ user_runchroot ? user_runchroot : "none" );
291292
292293 if (def_runchroot == NULL || (strcmp (def_runchroot , "*" ) != 0 &&
293294 strcmp (def_runchroot , user_runchroot ) != 0 )) {
294- audit_failure ( NewArgv ,
295+ log_warningx ( SLOG_NO_STDERR | SLOG_AUDIT ,
295296 N_ ("user not allowed to change root directory to %s" ),
296297 user_runchroot );
297298 sudo_warnx (U_ ("you are not permitted to use the -R option with %s" ),
@@ -313,11 +314,12 @@ check_user_runcwd(void)
313314
314315 sudo_debug_printf (SUDO_DEBUG_INFO |SUDO_DEBUG_LINENO ,
315316 "def_runcwd %s, user_runcwd %s, user_cwd %s" ,
316- def_runcwd , user_runcwd , user_cwd );
317+ def_runcwd ? def_runcwd : "none" , user_runcwd ? user_runcwd : "none" ,
318+ user_cwd ? user_cwd : "none" );
317319
318320 if (strcmp (user_cwd , user_runcwd ) != 0 ) {
319321 if (def_runcwd == NULL || strcmp (def_runcwd , "*" ) != 0 ) {
320- audit_failure ( NewArgv ,
322+ log_warningx ( SLOG_NO_STDERR | SLOG_AUDIT ,
321323 N_ ("user not allowed to change directory to %s" ), user_runcwd );
322324 sudo_warnx (U_ ("you are not permitted to use the -D option with %s" ),
323325 user_cmnd );
@@ -409,7 +411,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
409411 /* Check for -C overriding def_closefrom. */
410412 if (user_closefrom >= 0 && user_closefrom != def_closefrom ) {
411413 if (!def_closefrom_override ) {
412- audit_failure ( NewArgv ,
414+ log_warningx ( SLOG_NO_STDERR | SLOG_AUDIT ,
413415 N_ ("user not allowed to override closefrom limit" ));
414416 sudo_warnx ("%s" , U_ ("you are not permitted to use the -C option" ));
415417 goto bad ;
@@ -439,14 +441,13 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
439441
440442 /* Defer uid/gid checks until after defaults have been updated. */
441443 if (unknown_runas_uid && !def_runas_allow_unknown_id ) {
442- audit_failure (NewArgv , N_ ("unknown user: %s" ), runas_pw -> pw_name );
443- sudo_warnx (U_ ("unknown user: %s" ), runas_pw -> pw_name );
444+ log_warningx (SLOG_AUDIT , N_ ("unknown user: %s" ), runas_pw -> pw_name );
444445 goto done ;
445446 }
446447 if (runas_gr != NULL ) {
447448 if (unknown_runas_gid && !def_runas_allow_unknown_id ) {
448- audit_failure ( NewArgv , N_ ("unknown group: %s" ), runas_gr -> gr_name );
449- sudo_warnx ( U_ ( "unknown group: %s" ), runas_gr -> gr_name );
449+ log_warningx ( SLOG_AUDIT , N_ ("unknown group: %s" ),
450+ runas_gr -> gr_name );
450451 goto done ;
451452 }
452453 }
@@ -487,16 +488,15 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
487488
488489 /* Bail if a tty is required and we don't have one. */
489490 if (def_requiretty && !tty_present ()) {
490- audit_failure ( NewArgv , N_ ("no tty" ));
491+ log_warningx ( SLOG_NO_STDERR | SLOG_AUDIT , N_ ("no tty" ));
491492 sudo_warnx ("%s" , U_ ("sorry, you must have a tty to run sudo" ));
492493 goto bad ;
493494 }
494495
495496 /* Check runas user's shell. */
496497 if (!check_user_shell (runas_pw )) {
497- audit_failure (NewArgv , N_ ("invalid shell for user %s: %s" ),
498- runas_pw -> pw_name , runas_pw -> pw_shell );
499- log_warningx (SLOG_RAW_MSG , N_ ("invalid shell for user %s: %s" ),
498+ log_warningx (SLOG_RAW_MSG |SLOG_AUDIT ,
499+ N_ ("invalid shell for user %s: %s" ),
500500 runas_pw -> pw_name , runas_pw -> pw_shell );
501501 goto bad ;
502502 }
@@ -597,7 +597,8 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
597597
598598 /* If user specified a timeout make sure sudoers allows it. */
599599 if (!def_user_command_timeouts && user_timeout > 0 ) {
600- audit_failure (NewArgv , N_ ("user not allowed to set a command timeout" ));
600+ log_warningx (SLOG_NO_STDERR |SLOG_AUDIT ,
601+ N_ ("user not allowed to set a command timeout" ));
601602 sudo_warnx ("%s" ,
602603 U_ ("sorry, you are not allowed set a command timeout" ));
603604 goto bad ;
@@ -606,7 +607,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
606607 /* If user specified env vars make sure sudoers allows it. */
607608 if (ISSET (sudo_mode , MODE_RUN ) && !def_setenv ) {
608609 if (ISSET (sudo_mode , MODE_PRESERVE_ENV )) {
609- audit_failure ( NewArgv ,
610+ log_warningx ( SLOG_NO_STDERR | SLOG_AUDIT ,
610611 N_ ("user not allowed to preserve the environment" ));
611612 sudo_warnx ("%s" ,
612613 U_ ("sorry, you are not allowed to preserve the environment" ));
0 commit comments