audit_failure() now calls gettext itself using the sudoers locale.

plugins/sudoers/audit.c

@@ -65,12 +65,16 @@ void
 audit_failure(char *exec_args[], char const *const fmt, ...)
 {
     va_list ap;
+    int oldlocale;
     debug_decl(audit_success, SUDO_DEBUG_AUDIT)
 
+    /* Audit error messages should be in the sudoers locale. */
+    sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+
     if (exec_args != NULL) {
 	va_start(ap, fmt);
 #ifdef HAVE_BSM_AUDIT
-	bsm_audit_failure(exec_args, fmt, ap);
+	bsm_audit_failure(exec_args, _(fmt), ap);
 #endif
 #ifdef HAVE_LINUX_AUDIT
 	linux_audit_command(exec_args, 0);
@@ -78,5 +82,7 @@ audit_failure(char *exec_args[], char const *const fmt, ...)
 	va_end(ap);
     }
 
+    sudoers_setlocale(oldlocale, NULL);
+
     debug_return;
 }

plugins/sudoers/auth/sudo_auth.c

@@ -117,7 +117,7 @@ sudo_auth_init(struct passwd *pw)
     /* Make sure we haven't mixed standalone and shared auth methods. */
     standalone = IS_STANDALONE(&auth_switch[0]);
     if (standalone && auth_switch[1].name != NULL) {
-	audit_failure(NewArgv, "invalid authentication methods");
+	audit_failure(NewArgv, N_("invalid authentication methods"));
     	log_fatal(0, _("Invalid authentication methods compiled into sudo!  "
 	    "You may mix standalone and non-standalone authentication."));
 	debug_return_int(-1);
@@ -201,7 +201,7 @@ verify_user(struct passwd *pw, char *prompt, int validated)
     /* Make sure we have at least one auth method. */
     /* XXX - check FLAG_DISABLED too */
     if (auth_switch[0].name == NULL) {
-	audit_failure(NewArgv, "no authentication methods");
+	audit_failure(NewArgv, N_("no authentication methods"));
     	log_error(0,
 	    _("There are no authentication methods compiled into sudo!  "
 	    "If you want to turn off authentication, use the "

plugins/sudoers/logging.c

@@ -240,9 +240,9 @@ log_denial(int status, bool inform_user)
 
     /* Handle auditing first. */
     if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
-	audit_failure(NewArgv, _("No user or host"));
+	audit_failure(NewArgv, N_("No user or host"));
     else
-	audit_failure(NewArgv, _("validation failure"));
+	audit_failure(NewArgv, N_("validation failure"));
 
     /* Set error message. */
     if (ISSET(status, FLAG_NO_USER))
@@ -334,7 +334,7 @@ log_auth_failure(int status, int tries)
     debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING)
 
     /* Handle auditing first. */
-    audit_failure(NewArgv, _("authentication failure"));
+    audit_failure(NewArgv, N_("authentication failure"));
 
     /*
      * Do we need to send mail?

plugins/sudoers/sudoers.c

@@ -349,7 +349,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
     if (def_requiretty) {
 	int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
 	if (fd == -1) {
-	    audit_failure(NewArgv, _("no tty"));
+	    audit_failure(NewArgv, N_("no tty"));
 	    warningx(_("sorry, you must have a tty to run sudo"));
 	    goto bad;
 	} else
@@ -400,11 +400,11 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 
     /* Finally tell the user if the command did not exist. */
     if (cmnd_status == NOT_FOUND_DOT) {
-	audit_failure(NewArgv, _("command in current directory"));
+	audit_failure(NewArgv, N_("command in current directory"));
 	warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
 	goto bad;
     } else if (cmnd_status == NOT_FOUND) {
-	audit_failure(NewArgv, _("%s: command not found"), user_cmnd);
+	audit_failure(NewArgv, N_("%s: command not found"), user_cmnd);
 	warningx(_("%s: command not found"), user_cmnd);
 	goto bad;
     }
@@ -1013,7 +1013,7 @@ find_editor(int nfiles, char **files, char ***argv_out)
 	} while (ep != NULL && editor_path == NULL);
     }
     if (!editor_path) {
-	audit_failure(NewArgv, _("%s: command not found"), editor);
+	audit_failure(NewArgv, N_("%s: command not found"), editor);
 	warningx(_("%s: command not found"), editor);
     }
     debug_return_str(editor_path);