You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
579 lines
20 KiB
579 lines
20 KiB
7 years ago
|
From 63151c4f0e9d1d037f80f10cb7809573a49da6c7 Mon Sep 17 00:00:00 2001
|
||
|
From: Steve Grubb <sgrubb@redhat.com>
|
||
|
Date: Tue, 17 Oct 2017 13:33:28 -0400
|
||
|
Subject: [PATCH] make style match rest of audit system
|
||
|
|
||
|
---
|
||
|
src/auditd-listen.c | 176 ++++++++++++++++++++++++++--------------------------
|
||
|
1 file changed, 88 insertions(+), 88 deletions(-)
|
||
|
|
||
|
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
|
||
|
index b4dc097..7a5c2c6 100644
|
||
|
--- a/src/auditd-listen.c
|
||
|
+++ b/src/auditd-listen.c
|
||
|
@@ -114,11 +114,11 @@ static char *sockaddr_to_addr4(struct sockaddr_in *addr)
|
||
|
|
||
|
static void set_close_on_exec(int fd)
|
||
|
{
|
||
|
- int flags = fcntl (fd, F_GETFD);
|
||
|
+ int flags = fcntl(fd, F_GETFD);
|
||
|
if (flags == -1)
|
||
|
flags = 0;
|
||
|
flags |= FD_CLOEXEC;
|
||
|
- fcntl (fd, F_SETFD, flags);
|
||
|
+ fcntl(fd, F_SETFD, flags);
|
||
|
}
|
||
|
|
||
|
static void release_client(struct ev_tcp *client)
|
||
|
@@ -144,11 +144,11 @@ static void release_client(struct ev_tcp *client)
|
||
|
|
||
|
static void close_client(struct ev_tcp *client)
|
||
|
{
|
||
|
- release_client (client);
|
||
|
- free (client);
|
||
|
+ release_client(client);
|
||
|
+ free(client);
|
||
|
}
|
||
|
|
||
|
-static int ar_write (int sock, const void *buf, int len)
|
||
|
+static int ar_write(int sock, const void *buf, int len)
|
||
|
{
|
||
|
int rc = 0, w;
|
||
|
while (len > 0) {
|
||
|
@@ -167,7 +167,7 @@ static int ar_write (int sock, const void *buf, int len)
|
||
|
}
|
||
|
|
||
|
#ifdef USE_GSSAPI
|
||
|
-static int ar_read (int sock, void *buf, int len)
|
||
|
+static int ar_read(int sock, void *buf, int len)
|
||
|
{
|
||
|
int rc = 0, r;
|
||
|
while (len > 0) {
|
||
|
@@ -192,13 +192,13 @@ static int ar_read (int sock, void *buf, int len)
|
||
|
the tokens. The protocol we use for transferring tokens is to send
|
||
|
the length first, four bytes MSB first, then the token data. We
|
||
|
return nonzero on error. */
|
||
|
-static int recv_token (int s, gss_buffer_t tok)
|
||
|
+static int recv_token(int s, gss_buffer_t tok)
|
||
|
{
|
||
|
int ret;
|
||
|
unsigned char lenbuf[4];
|
||
|
unsigned int len;
|
||
|
|
||
|
- ret = ar_read(s, (char *) lenbuf, 4);
|
||
|
+ ret = ar_read(s, (char *)lenbuf, 4);
|
||
|
if (ret < 0) {
|
||
|
audit_msg(LOG_ERR, "GSS-API error reading token length");
|
||
|
return -1;
|
||
|
@@ -220,13 +220,13 @@ static int recv_token (int s, gss_buffer_t tok)
|
||
|
}
|
||
|
tok->length = len;
|
||
|
|
||
|
- tok->value = (char *) malloc(tok->length ? tok->length : 1);
|
||
|
+ tok->value = (char *)malloc(tok->length ? tok->length : 1);
|
||
|
if (tok->length && tok->value == NULL) {
|
||
|
audit_msg(LOG_ERR, "Out of memory allocating token data");
|
||
|
return -1;
|
||
|
}
|
||
|
|
||
|
- ret = ar_read(s, (char *) tok->value, tok->length);
|
||
|
+ ret = ar_read(s, (char *)tok->value, tok->length);
|
||
|
if (ret < 0) {
|
||
|
audit_msg(LOG_ERR, "GSS-API error reading token data");
|
||
|
free(tok->value);
|
||
|
@@ -243,7 +243,7 @@ static int recv_token (int s, gss_buffer_t tok)
|
||
|
/* Same here. */
|
||
|
int send_token(int s, gss_buffer_t tok)
|
||
|
{
|
||
|
- int ret;
|
||
|
+ int ret;
|
||
|
unsigned char lenbuf[4];
|
||
|
unsigned int len;
|
||
|
|
||
|
@@ -268,7 +268,7 @@ int send_token(int s, gss_buffer_t tok)
|
||
|
if (ret < 0) {
|
||
|
audit_msg(LOG_ERR, "GSS-API error sending token data");
|
||
|
return -1;
|
||
|
- } else if (ret != (int) tok->length) {
|
||
|
+ } else if (ret != (int)tok->length) {
|
||
|
audit_msg(LOG_ERR, "GSS-API error sending token data");
|
||
|
return -1;
|
||
|
}
|
||
|
@@ -277,14 +277,14 @@ int send_token(int s, gss_buffer_t tok)
|
||
|
}
|
||
|
|
||
|
|
||
|
-static void gss_failure_2 (const char *msg, int status, int type)
|
||
|
+static void gss_failure_2(const char *msg, int status, int type)
|
||
|
{
|
||
|
OM_uint32 message_context = 0;
|
||
|
OM_uint32 min_status = 0;
|
||
|
gss_buffer_desc status_string;
|
||
|
|
||
|
do {
|
||
|
- gss_display_status (&min_status,
|
||
|
+ gss_display_status(&min_status,
|
||
|
status,
|
||
|
type,
|
||
|
GSS_C_NO_OID,
|
||
|
@@ -298,11 +298,11 @@ static void gss_failure_2 (const char *msg, int status, int type)
|
||
|
} while (message_context != 0);
|
||
|
}
|
||
|
|
||
|
-static void gss_failure (const char *msg, int major_status, int minor_status)
|
||
|
+static void gss_failure(const char *msg, int major_status, int minor_status)
|
||
|
{
|
||
|
- gss_failure_2 (msg, major_status, GSS_C_GSS_CODE);
|
||
|
+ gss_failure_2(msg, major_status, GSS_C_GSS_CODE);
|
||
|
if (minor_status)
|
||
|
- gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE);
|
||
|
+ gss_failure_2(msg, minor_status, GSS_C_MECH_CODE);
|
||
|
}
|
||
|
|
||
|
#define KCHECK(x,f) if (x) { \
|
||
|
@@ -323,7 +323,7 @@ static int server_acquire_creds(const char *service_name,
|
||
|
krb5_context kcontext = NULL;
|
||
|
int krberr;
|
||
|
|
||
|
- my_service_name = strdup (service_name);
|
||
|
+ my_service_name = strdup(service_name);
|
||
|
name_buf.value = (char *)service_name;
|
||
|
name_buf.length = strlen(name_buf.value) + 1;
|
||
|
major_status = gss_import_name(&minor_status, &name_buf,
|
||
|
@@ -346,9 +346,9 @@ static int server_acquire_creds(const char *service_name,
|
||
|
|
||
|
(void) gss_release_name(&minor_status, &server_name);
|
||
|
|
||
|
- krberr = krb5_init_context (&kcontext);
|
||
|
+ krberr = krb5_init_context(&kcontext);
|
||
|
KCHECK (krberr, "krb5_init_context");
|
||
|
- krberr = krb5_get_default_realm (kcontext, &my_gss_realm);
|
||
|
+ krberr = krb5_get_default_realm(kcontext, &my_gss_realm);
|
||
|
KCHECK (krberr, "krb5_get_default_realm");
|
||
|
|
||
|
audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name);
|
||
|
@@ -360,7 +360,7 @@ static int server_acquire_creds(const char *service_name,
|
||
|
the case of Kerberos, this is where the key exchange happens.
|
||
|
FIXME: While everything else is strictly nonblocking, this
|
||
|
negotiation blocks. */
|
||
|
-static int negotiate_credentials (ev_tcp *io)
|
||
|
+static int negotiate_credentials(ev_tcp *io)
|
||
|
{
|
||
|
gss_buffer_desc send_tok, recv_tok;
|
||
|
gss_name_t client;
|
||
|
@@ -440,12 +440,12 @@ static int negotiate_credentials (ev_tcp *io)
|
||
|
|
||
|
audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
|
||
|
(char *)recv_tok.value);
|
||
|
- io->remote_name = strdup (recv_tok.value);
|
||
|
- io->remote_name_len = strlen (recv_tok.value);
|
||
|
+ io->remote_name = strdup(recv_tok.value);
|
||
|
+ io->remote_name_len = strlen(recv_tok.value);
|
||
|
gss_release_buffer(&min_stat, &recv_tok);
|
||
|
|
||
|
- slashptr = strchr (io->remote_name, '/');
|
||
|
- atptr = strchr (io->remote_name, '@');
|
||
|
+ slashptr = strchr(io->remote_name, '/');
|
||
|
+ atptr = strchr(io->remote_name, '@');
|
||
|
|
||
|
if (!slashptr || !atptr) {
|
||
|
audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
|
||
|
@@ -454,14 +454,14 @@ static int negotiate_credentials (ev_tcp *io)
|
||
|
}
|
||
|
|
||
|
*slashptr = 0;
|
||
|
- if (strcmp (io->remote_name, my_service_name)) {
|
||
|
+ if (strcmp(io->remote_name, my_service_name)) {
|
||
|
audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)",
|
||
|
io->remote_name, my_service_name);
|
||
|
return -1;
|
||
|
}
|
||
|
*slashptr = '/';
|
||
|
|
||
|
- if (strcmp (atptr+1, my_gss_realm)) {
|
||
|
+ if (strcmp(atptr+1, my_gss_realm)) {
|
||
|
audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)",
|
||
|
atptr+1, my_gss_realm);
|
||
|
return -1;
|
||
|
@@ -473,7 +473,7 @@ static int negotiate_credentials (ev_tcp *io)
|
||
|
|
||
|
/* This is called from auditd-event after the message has been logged.
|
||
|
The header is already filled in. */
|
||
|
-static void client_ack (void *ack_data, const unsigned char *header,
|
||
|
+static void client_ack(void *ack_data, const unsigned char *header,
|
||
|
const char *msg)
|
||
|
{
|
||
|
ev_tcp *io = (ev_tcp *)ack_data;
|
||
|
@@ -483,18 +483,18 @@ static void client_ack (void *ack_data, const unsigned char *header,
|
||
|
gss_buffer_desc utok, etok;
|
||
|
int rc, mlen;
|
||
|
|
||
|
- mlen = strlen (msg);
|
||
|
+ mlen = strlen(msg);
|
||
|
utok.length = AUDIT_RMW_HEADER_SIZE + mlen;
|
||
|
- utok.value = malloc (utok.length + 1);
|
||
|
+ utok.value = malloc(utok.length + 1);
|
||
|
|
||
|
- memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
|
||
|
- memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
|
||
|
+ memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
|
||
|
+ memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
|
||
|
|
||
|
/* Wrapping the message creates a token for the
|
||
|
client. Then we just have to worry about sending
|
||
|
the token. */
|
||
|
|
||
|
- major_status = gss_wrap (&minor_status,
|
||
|
+ major_status = gss_wrap(&minor_status,
|
||
|
io->gss_context,
|
||
|
1,
|
||
|
GSS_C_QOP_DEFAULT,
|
||
|
@@ -504,21 +504,21 @@ static void client_ack (void *ack_data, const unsigned char *header,
|
||
|
if (major_status != GSS_S_COMPLETE) {
|
||
|
gss_failure("encrypting message", major_status,
|
||
|
minor_status);
|
||
|
- free (utok.value);
|
||
|
+ free(utok.value);
|
||
|
return;
|
||
|
}
|
||
|
// FIXME: What were we going to do with rc?
|
||
|
- rc = send_token (io->io.fd, &etok);
|
||
|
- free (utok.value);
|
||
|
+ rc = send_token(io->io.fd, &etok);
|
||
|
+ free(utok.value);
|
||
|
(void) gss_release_buffer(&minor_status, &etok);
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
#endif
|
||
|
// Send the header and a text error message if it exists
|
||
|
- ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
|
||
|
+ ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
|
||
|
if (msg[0])
|
||
|
- ar_write (io->io.fd, msg, strlen(msg));
|
||
|
+ ar_write(io->io.fd, msg, strlen(msg));
|
||
|
}
|
||
|
|
||
|
extern void distribute_event(struct auditd_event *e);
|
||
|
@@ -540,7 +540,7 @@ static void client_message (struct ev_tcp *io, unsigned int length,
|
||
|
unsigned char ack[AUDIT_RMW_HEADER_SIZE];
|
||
|
AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK,
|
||
|
0, seq);
|
||
|
- client_ack (io, ack, "");
|
||
|
+ client_ack(io, ack, "");
|
||
|
} else {
|
||
|
struct auditd_event *e = create_event(
|
||
|
header+AUDIT_RMW_HEADER_SIZE,
|
||
|
@@ -552,10 +552,10 @@ static void client_message (struct ev_tcp *io, unsigned int length,
|
||
|
}
|
||
|
}
|
||
|
|
||
|
-static void auditd_tcp_client_handler( struct ev_loop *loop,
|
||
|
- struct ev_io *_io, int revents )
|
||
|
+static void auditd_tcp_client_handler(struct ev_loop *loop,
|
||
|
+ struct ev_io *_io, int revents)
|
||
|
{
|
||
|
- struct ev_tcp *io = (struct ev_tcp *) _io;
|
||
|
+ struct ev_tcp *io = (struct ev_tcp *)_io;
|
||
|
int i, r;
|
||
|
int total_this_call = 0;
|
||
|
|
||
|
@@ -586,18 +586,18 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
|
||
|
otherwise fails, the read will return -1. */
|
||
|
if (r <= 0) {
|
||
|
if (r < 0)
|
||
|
- audit_msg (LOG_WARNING,
|
||
|
+ audit_msg(LOG_WARNING,
|
||
|
"client %s socket closed unexpectedly",
|
||
|
sockaddr_to_addr4(&io->addr));
|
||
|
|
||
|
/* There may have been a final message without a LF. */
|
||
|
if (io->bufptr) {
|
||
|
- client_message (io, io->bufptr, io->buffer);
|
||
|
+ client_message(io, io->bufptr, io->buffer);
|
||
|
|
||
|
}
|
||
|
|
||
|
- ev_io_stop (loop, _io);
|
||
|
- close_client (io);
|
||
|
+ ev_io_stop(loop, _io);
|
||
|
+ close_client(io);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
@@ -635,7 +635,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
|
||
|
|
||
|
/* Unwrapping the token gives us the original message,
|
||
|
which we know is already a single record. */
|
||
|
- major_status = gss_unwrap (&minor_status, io->gss_context,
|
||
|
+ major_status = gss_unwrap(&minor_status, io->gss_context,
|
||
|
&etok, &utok, NULL, NULL);
|
||
|
|
||
|
if (major_status != GSS_S_COMPLETE) {
|
||
|
@@ -645,10 +645,10 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
|
||
|
/* client_message() wants to NUL terminate it,
|
||
|
so copy it to a bigger buffer. Plus, we
|
||
|
want to add our own tag. */
|
||
|
- memcpy (msgbuf, utok.value, utok.length);
|
||
|
+ memcpy(msgbuf, utok.value, utok.length);
|
||
|
while (utok.length > 0 && msgbuf[utok.length-1] == '\n')
|
||
|
utok.length --;
|
||
|
- snprintf (msgbuf + utok.length,
|
||
|
+ snprintf(msgbuf + utok.length,
|
||
|
MAX_AUDIT_MESSAGE_LENGTH - utok.length,
|
||
|
" krb5=%s", io->remote_name);
|
||
|
utok.length += 6 + io->remote_name_len;
|
||
|
@@ -681,7 +681,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
|
||
|
return;
|
||
|
|
||
|
/* We have an I-byte message in buffer. Send ACK */
|
||
|
- client_message (io, i, io->buffer);
|
||
|
+ client_message(io, i, io->buffer);
|
||
|
|
||
|
} else {
|
||
|
/* At this point, the buffer has IO->BUFPTR+R bytes in it.
|
||
|
@@ -701,7 +701,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
|
||
|
i++;
|
||
|
|
||
|
/* We have an I-byte message in buffer. Send ACK */
|
||
|
- client_message (io, i, io->buffer);
|
||
|
+ client_message(io, i, io->buffer);
|
||
|
}
|
||
|
|
||
|
/* Now copy any remaining bytes to the beginning of the
|
||
|
@@ -730,7 +730,7 @@ static int auditd_tcpd_check(int sock)
|
||
|
|
||
|
request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0);
|
||
|
fromhost(&request);
|
||
|
- if (! hosts_access(&request))
|
||
|
+ if (!hosts_access(&request))
|
||
|
return 1;
|
||
|
return 0;
|
||
|
}
|
||
|
@@ -759,7 +759,7 @@ static int check_num_connections(struct sockaddr_in *aaddr)
|
||
|
}
|
||
|
|
||
|
static void auditd_tcp_listen_handler( struct ev_loop *loop,
|
||
|
- struct ev_io *_io, int revents )
|
||
|
+ struct ev_io *_io, int revents)
|
||
|
{
|
||
|
int one=1;
|
||
|
int afd;
|
||
|
@@ -770,7 +770,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
|
||
|
|
||
|
/* Accept the connection and see where it's coming from. */
|
||
|
aaddrlen = sizeof(aaddr);
|
||
|
- afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
|
||
|
+ afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
|
||
|
if (afd == -1) {
|
||
|
audit_msg(LOG_ERR, "Unable to accept TCP connection");
|
||
|
return;
|
||
|
@@ -793,8 +793,8 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
|
||
|
|
||
|
/* Verify it's coming from an authorized port. We assume the firewall
|
||
|
* will block attempts from unauthorized machines. */
|
||
|
- if (min_port > ntohs (aaddr.sin_port) ||
|
||
|
- ntohs (aaddr.sin_port) > max_port) {
|
||
|
+ if (min_port > ntohs(aaddr.sin_port) ||
|
||
|
+ ntohs(aaddr.sin_port) > max_port) {
|
||
|
audit_msg(LOG_ERR, "TCP connection from %s rejected",
|
||
|
sockaddr_to_addr4(&aaddr));
|
||
|
snprintf(emsg, sizeof(emsg),
|
||
|
@@ -825,29 +825,29 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
|
||
|
setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int));
|
||
|
setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int));
|
||
|
setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int));
|
||
|
- set_close_on_exec (afd);
|
||
|
+ set_close_on_exec(afd);
|
||
|
|
||
|
/* Make the client data structure */
|
||
|
- client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp));
|
||
|
+ client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp));
|
||
|
if (client == NULL) {
|
||
|
audit_msg(LOG_CRIT, "Unable to allocate TCP client data");
|
||
|
snprintf(emsg, sizeof(emsg),
|
||
|
"op=alloc addr=%s port=%d res=no",
|
||
|
sockaddr_to_ipv4(&aaddr),
|
||
|
- ntohs (aaddr.sin_port));
|
||
|
+ ntohs(aaddr.sin_port));
|
||
|
send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);
|
||
|
shutdown(afd, SHUT_RDWR);
|
||
|
close(afd);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
- memset (client, 0, sizeof (struct ev_tcp));
|
||
|
+ memset(client, 0, sizeof (struct ev_tcp));
|
||
|
client->client_active = 1;
|
||
|
|
||
|
// Was watching for EV_ERROR, but libev 3.48 took it away
|
||
|
- ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ);
|
||
|
+ ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ);
|
||
|
|
||
|
- memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in));
|
||
|
+ memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in));
|
||
|
|
||
|
#ifdef USE_GSSAPI
|
||
|
if (use_gss && negotiate_credentials (client)) {
|
||
|
@@ -860,7 +860,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
|
||
|
#endif
|
||
|
|
||
|
fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY);
|
||
|
- ev_io_start (loop, &(client->io));
|
||
|
+ ev_io_start(loop, &(client->io));
|
||
|
|
||
|
/* Add the new connection to a linked list of active clients. */
|
||
|
client->next = client_chain;
|
||
|
@@ -883,7 +883,7 @@ static void auditd_set_ports(int minp, int maxp, int max_p_addr)
|
||
|
}
|
||
|
|
||
|
static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
|
||
|
- int revents )
|
||
|
+ int revents)
|
||
|
{
|
||
|
struct daemon_conf *config = (struct daemon_conf *) per->data;
|
||
|
struct ev_tcp *ev, *next = NULL;
|
||
|
@@ -902,24 +902,24 @@ static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
|
||
|
audit_msg(LOG_NOTICE,
|
||
|
"client %s idle too long - closing connection\n",
|
||
|
sockaddr_to_addr4(&(ev->addr)));
|
||
|
- ev_io_stop (loop, &ev->io);
|
||
|
+ ev_io_stop(loop, &ev->io);
|
||
|
release_client(ev);
|
||
|
free(ev);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
-int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
+int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
|
||
|
{
|
||
|
struct addrinfo *ai, *runp;
|
||
|
struct addrinfo hints;
|
||
|
char local[16];
|
||
|
int one = 1, rc;
|
||
|
|
||
|
- ev_periodic_init (&periodic_watcher, periodic_handler,
|
||
|
+ ev_periodic_init(&periodic_watcher, periodic_handler,
|
||
|
0, config->tcp_client_max_idle, NULL);
|
||
|
periodic_watcher.data = config;
|
||
|
if (config->tcp_client_max_idle)
|
||
|
- ev_periodic_start (loop, &periodic_watcher);
|
||
|
+ ev_periodic_start(loop, &periodic_watcher);
|
||
|
|
||
|
/* If the port is not set, that means we aren't going to
|
||
|
listen for connections. */
|
||
|
@@ -940,7 +940,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
nlsocks = 0;
|
||
|
runp = ai;
|
||
|
while (runp && nlsocks < N_SOCKS) {
|
||
|
- listen_socket[nlsocks] = socket (runp->ai_family,
|
||
|
+ listen_socket[nlsocks] = socket(runp->ai_family,
|
||
|
runp->ai_socktype, runp->ai_protocol);
|
||
|
if (listen_socket[nlsocks] < 0) {
|
||
|
audit_msg(LOG_ERR, "Cannot create tcp listener socket");
|
||
|
@@ -950,7 +950,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
/* This avoids problems if auditd needs to be restarted. */
|
||
|
setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,
|
||
|
(char *)&one, sizeof (int));
|
||
|
- set_close_on_exec (listen_socket[nlsocks]);
|
||
|
+ set_close_on_exec(listen_socket[nlsocks]);
|
||
|
|
||
|
if (bind(listen_socket[nlsocks], runp->ai_addr,
|
||
|
runp->ai_addrlen)) {
|
||
|
@@ -977,9 +977,9 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
p ? p->p_name: "?");
|
||
|
endprotoent();
|
||
|
|
||
|
- ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler,
|
||
|
+ ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler,
|
||
|
listen_socket[nlsocks], EV_READ);
|
||
|
- ev_io_start (loop, &tcp_listen_watcher);
|
||
|
+ ev_io_start(loop, &tcp_listen_watcher);
|
||
|
non_fatal:
|
||
|
nlsocks++;
|
||
|
if (nlsocks == N_SOCKS)
|
||
|
@@ -1014,7 +1014,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
key_file = "/etc/audit/audit.key";
|
||
|
setenv ("KRB5_KTNAME", key_file, 1);
|
||
|
|
||
|
- if (stat (key_file, &st) == 0) {
|
||
|
+ if (stat(key_file, &st) == 0) {
|
||
|
if ((st.st_mode & 07777) != 0400) {
|
||
|
audit_msg (LOG_ERR,
|
||
|
"%s is not mode 0400 (it's %#o) - compromised key?",
|
||
|
@@ -1022,7 +1022,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
return -1;
|
||
|
}
|
||
|
if (st.st_uid != 0) {
|
||
|
- audit_msg (LOG_ERR,
|
||
|
+ audit_msg(LOG_ERR,
|
||
|
"%s is not owned by root (it's %d) - compromised key?",
|
||
|
key_file, st.st_uid);
|
||
|
return -1;
|
||
|
@@ -1036,17 +1036,16 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
-void auditd_tcp_listen_uninit ( struct ev_loop *loop,
|
||
|
- struct daemon_conf *config )
|
||
|
+void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
|
||
|
{
|
||
|
#ifdef USE_GSSAPI
|
||
|
OM_uint32 status;
|
||
|
#endif
|
||
|
|
||
|
- ev_io_stop ( loop, &tcp_listen_watcher );
|
||
|
+ ev_io_stop(loop, &tcp_listen_watcher);
|
||
|
while (nlsocks >= 0) {
|
||
|
nlsocks--;
|
||
|
- close ( listen_socket[nlsocks] );
|
||
|
+ close (listen_socket[nlsocks]);
|
||
|
}
|
||
|
|
||
|
#ifdef USE_GSSAPI
|
||
|
@@ -1060,29 +1059,29 @@ void auditd_tcp_listen_uninit ( struct ev_loop *loop,
|
||
|
unsigned char ack[AUDIT_RMW_HEADER_SIZE];
|
||
|
|
||
|
AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0);
|
||
|
- client_ack (client_chain, ack, "");
|
||
|
- ev_io_stop (loop, &client_chain->io);
|
||
|
- close_client (client_chain);
|
||
|
+ client_ack(client_chain, ack, "");
|
||
|
+ ev_io_stop(loop, &client_chain->io);
|
||
|
+ close_client(client_chain);
|
||
|
}
|
||
|
|
||
|
if (config->tcp_client_max_idle)
|
||
|
- ev_periodic_stop (loop, &periodic_watcher);
|
||
|
+ ev_periodic_stop(loop, &periodic_watcher);
|
||
|
}
|
||
|
|
||
|
static void periodic_reconfigure(struct daemon_conf *config)
|
||
|
{
|
||
|
- struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO);
|
||
|
+ struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO);
|
||
|
if (config->tcp_client_max_idle) {
|
||
|
- ev_periodic_set (&periodic_watcher, ev_now (loop),
|
||
|
+ ev_periodic_set(&periodic_watcher, ev_now(loop),
|
||
|
config->tcp_client_max_idle, NULL);
|
||
|
- ev_periodic_start (loop, &periodic_watcher);
|
||
|
+ ev_periodic_start(loop, &periodic_watcher);
|
||
|
} else {
|
||
|
- ev_periodic_stop (loop, &periodic_watcher);
|
||
|
+ ev_periodic_stop(loop, &periodic_watcher);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
-void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
|
||
|
- struct daemon_conf *oconf )
|
||
|
+void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf,
|
||
|
+ struct daemon_conf *oconf)
|
||
|
{
|
||
|
use_libwrap = nconf->use_libwrap;
|
||
|
|
||
|
@@ -1112,3 +1111,4 @@ void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
|
||
|
// and recredential if needed.
|
||
|
oconf->krb5_principal = nconf->krb5_principal;
|
||
|
}
|
||
|
+
|