--- policycoreutils-1.30.29/newrole/newrole.c	2006-09-14 07:07:26.000000000 -0500
+++ policycoreutils-1.30.29.orig.dev/newrole/newrole.c	2006-09-28 14:21:27.000000000 -0500
@@ -47,7 +47,9 @@
  *
  *************************************************************************/
 
+#ifndef _GNU_SOURCE
 #define _GNU_SOURCE
+#endif
 #include <stdio.h>
 #include <stdlib.h>		/* for malloc(), realloc(), free() */
 #include <pwd.h>		/* for getpwuid() */
@@ -394,6 +396,41 @@
 		cap_free(new_caps);
 	}
 }
+
+/* Send audit message */
+int send_audit_message(int success, security_context_t old_context,
+			security_context_t new_context, const char *ttyn)
+{
+	char *msg = NULL;
+	int rc;
+	int audit_fd = audit_open();
+
+	if (audit_fd < 0) {
+		fprintf(stderr, _("Error connecting to audit system.\n"));
+		rc = -1;
+		goto out;
+	}
+	if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
+				old_context ? old_context : "?",
+				new_context ? new_context : "?") < 0) {
+		fprintf(stderr, _("Error allocating memory.\n"));
+		rc = -1;
+		goto out;
+	}
+	rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
+			msg, NULL, NULL, ttyn, success);
+	if (rc <= 0) {
+		fprintf(stderr, _("Error sending audit message.\n"));
+		rc = -1;
+		goto out;
+	}
+	rc = 0;
+out:
+	free(msg);
+	close(audit_fd);
+	return rc;
+}
+
 #endif
 
 /************************************************************************
@@ -536,6 +573,9 @@
 	if (role_s && !type_s) {
 		if (get_default_type(role_s, &type_s)) {
 			fprintf(stderr, _("Couldn't get default type.\n"));
+#ifdef LOG_AUDIT_PRIV
+			send_audit_message(0, old_context, new_context, ttyn);
+#endif
 			exit(-1);
 		}
 #ifdef CANTSPELLGDB
@@ -715,6 +755,9 @@
 
 	if (security_check_context(new_context) < 0) {
 		fprintf(stderr, _("%s is not a valid context\n"), new_context);
+#ifdef LOG_AUDIT_PRIV
+		send_audit_message(0, old_context, new_context, ttyn);
+#endif
 		exit(-1);
 	}
 
@@ -874,30 +917,8 @@
 		exit(-1);
 	}
 #ifdef LOG_AUDIT_PRIV
-	/* Send audit message */
-	{
-		char *msg;
-		int rc;
-		int audit_fd = audit_open();
-		if (audit_fd < 0) {
-			fprintf(stderr,
-				_("Error connecting to audit system.\n"));
-			exit(-1);
-		}
-		if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
-			     old_context, new_context) < 0) {
-			fprintf(stderr, _("Error allocating memory.\n"));
-			exit(-1);
-		}
-		rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
-					    msg, NULL, NULL, ttyn, 1);
-		if (rc <= 0) {
-			fprintf(stderr, _("Error sending audit message.\n"));
-			exit(-1);
-		}
-		free(msg);
-		close(audit_fd);
-	}
+	if (send_audit_message(1, old_context, new_context, ttyn))
+		exit(-1);
 #endif
 	freecon(old_context);
 	execv(pw->pw_shell, argv + optind - 1);