Add back warning when a user is not allowed to run a command.

Previously, the warning was displayed when a user was not in the
sudoers file, or was present but not listed for the local host.
The new behavior is to display the warning if a command is denied
and mail is sent to the administrator.  Whether or not mail is sent
is controlled by the "mail_*" flags in sudoers.  The warning text
is now "This incident has been reported to the administrator." which
is hopefully less confusing.  The message will not be printed if
either the "mailto" or "mailerpath" sudoers settings are disabled.

NEWS

@@ -38,10 +38,13 @@ What's new in Sudo 1.9.10
    the nsswitch.conf file includes "sss" but no sudo provider is
    configured in /etc/sssd/sssd.conf.  Bug #1022.
 
- * Removed the text "This incident will be reported." from warnings
+ * Updated the warning displayed when the invoking user is not
-   when the invoking user is not listed in sudoers.  This warning
+   allowed to run sudo.  If sudo has been configured to send mail
-   is confusing to users and may not be accurate now that the email
+   on failed attempts (see the mail_* flags in sudoers), it will
-   settings are configurable in the sudoers file.  GitHub issue #48.
+   now print "This incident has been reported to the administrator."
+   If the "mailto" or "mailerpath" sudoers settings are disabled,
+   the message will not be printed and no mail will be sent.
+   GitHub issue #48.
 
  * Fixed a bug where the user-specified command timeout was not
    being honored if the sudoers rule did not also specify a timeout.

plugins/sudoers/logging.c

@@ -329,6 +329,10 @@ log_denial(int status, bool inform_user)
 		runas_pw->pw_name : user_name, runas_gr ? ":" : "",
 		runas_gr ? runas_gr->gr_name : "", user_host);
 	}
+	if (mailit) {
+	    sudo_printf(SUDO_CONV_ERROR_MSG, "%s",
+		_("This incident has been reported to the administrator.\n"));
+	}
 	sudoers_setlocale(oldlocale, NULL);
     }
     debug_return_bool(ret);