Fix logic bug. We only want to return -1 from linux_audit_open()

when audit_open() fails and errno is not one of EINVAL, EPROTONOSUPPORT,
or EAFNOSUPPORT.  For those errno values, we return AUDIT_NOT_CONFIGURED
which is not a fatal error.  Bug #671

diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c
index 2befd079be6f4914944afb2d07acfdb327da2fda..2e5f43d7475a36da231d865c1cc37c5ab91c2b76 100644 (file)
--- a/plugins/sudoers/linux_audit.c
+++ b/plugins/sudoers/linux_audit.c
@@ -57,10 +57,10 @@ linux_audit_open(void)
     au_fd = audit_open();
     if (au_fd == -1) {
        /* Kernel may not have audit support. */
-       if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) {
-           sudo_warn(U_("unable to open audit system"));
+       if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
            au_fd = AUDIT_NOT_CONFIGURED;
-       }
+       else
+           sudo_warn(U_("unable to open audit system"));
     } else {
        (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
     }