Defer logging of the successful command until approval plugins have run.

This adds audit plugin support to the sudoers module, currently
only used for accept events.  As a result, the sudoers file is now
initially parsed as an audit plugin.

plugins/sudoers/solaris_audit.c

@@ -44,8 +44,10 @@ static char		cwd[PATH_MAX];
 static char		cmdpath[PATH_MAX];
 
 static int
-adt_sudo_common(int argc, char *argv[])
+adt_sudo_common(char *argv[])
 {
+	int argc;
+
 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
 		log_warning(SLOG_NO_STDERR, "adt_start_session");
 		return -1;
@@ -76,6 +78,9 @@ adt_sudo_common(int argc, char *argv[])
 		}
 	}
 
+	for (argc = 0; argv[argc] != NULL; argc++)
+		continue;
+
 	event->adt_sudo.cmdpath = cmdpath;
 	event->adt_sudo.argc = argc - 1;
 	event->adt_sudo.argv = &argv[1];
@@ -89,11 +94,11 @@ adt_sudo_common(int argc, char *argv[])
  * Returns 0 on success or -1 on error.
  */
 int
-solaris_audit_success(int argc, char *argv[])
+solaris_audit_success(char *argv[])
 {
 	int rc = -1;
 
-	if (adt_sudo_common(argc, argv) != 0) {
+	if (adt_sudo_common(argv) != 0) {
 		return -1;
 	}
 	if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
@@ -111,23 +116,20 @@ solaris_audit_success(int argc, char *argv[])
  * Returns 0 on success or -1 on error.
  */
 int
-solaris_audit_failure(int argc, char *argv[], char const *const fmt, va_list ap)
+solaris_audit_failure(char *argv[], const char *errmsg)
 {
 	int rc = -1;
 
-	if (adt_sudo_common(argc, argv) != 0) {
+	if (adt_sudo_common(argv) != 0) {
 		return -1;
 	}
-	if (vasprintf(&event->adt_sudo.errmsg, fmt, ap) == -1) {
-		log_warning(SLOG_NO_STDERR,
-		    _("audit_failure message too long"));
-	}
+
+	event->adt_sudo.errmsg = errmsg;
 	if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) {
 		log_warning(SLOG_NO_STDERR, "adt_put_event(ADT_FAILURE)");
 	} else {
 		rc = 0;
 	}
-	free(event->adt_sudo.errmsg);
 	adt_free_event(event);
 	(void) adt_end_session(ah);