Only fall back on AUE_DARWIN_sudo if au_preselect() fails.

plugins/sudoers/bsm_audit.c

@@ -43,13 +43,7 @@
 # define AUDIT_NOT_CONFIGURED	ENOSYS
 #endif
 
-/*
- * Darwin defines AUE_sudo but au_preselect() only accepts AUE_DARWIN_sudo.
- */
-#if defined(__APPLE__) && defined(AUE_DARWIN_sudo)
-# undef AUE_sudo
-# define AUE_sudo AUE_DARWIN_sudo
-#endif
+static au_event_t sudo_audit_event = AUE_sudo;
 
 static int
 audit_sudo_selected(int sorf)
@@ -75,9 +69,19 @@ audit_sudo_selected(int sorf)
         } else {
 		mask = &ainfo_addr.ai_mask;
 	}
-	rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD);
-	if (rc == -1)
+	rc = au_preselect(sudo_audit_event, mask, sorf, AU_PRS_REREAD);
+	if (rc == -1) {
+#if defined(__APPLE__) && defined(AUE_DARWIN_sudo)
+	    /*
+	     * Mac OS X 10.10 au_preselect() only accepts AUE_DARWIN_sudo.
+	     */
+	    sudo_audit_event = AUE_DARWIN_sudo;
+	    rc = au_preselect(sudo_audit_event, mask, sorf, AU_PRS_REREAD);
+	    if (rc == -1)
+#endif
+
 		sudo_warn("au_preselect");
+	}
         debug_return_int(rc);
 }
 
@@ -158,9 +162,9 @@ bsm_audit_success(char *exec_args[])
 	}
 	au_write(aufd, tok);
 #ifdef __sun
-	if (au_close(aufd, 1, AUE_sudo, 0) == -1)
+	if (au_close(aufd, 1, sudo_audit_event, 0) == -1)
 #else
-	if (au_close(aufd, 1, AUE_sudo) == -1)
+	if (au_close(aufd, 1, sudo_audit_event) == -1)
 #endif
 	{
 		sudo_warn(U_("unable to commit audit record"));
@@ -246,9 +250,9 @@ bsm_audit_failure(char *exec_args[], char const *const fmt, va_list ap)
 	}
 	au_write(aufd, tok);
 #ifdef __sun
-	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
+	if (au_close(aufd, 1, sudo_audit_event, PAD_FAILURE) == -1)
 #else
-	if (au_close(aufd, 1, AUE_sudo) == -1)
+	if (au_close(aufd, 1, sudo_audit_event) == -1)
 #endif
 	{
 		sudo_warn(U_("unable to commit audit record"));