From 63151c4f0e9d1d037f80f10cb7809573a49da6c7 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Tue, 17 Oct 2017 13:33:28 -0400 Subject: [PATCH] make style match rest of audit system --- src/auditd-listen.c | 176 ++++++++++++++++++++++++++-------------------------- 1 file changed, 88 insertions(+), 88 deletions(-) diff --git a/src/auditd-listen.c b/src/auditd-listen.c index b4dc097..7a5c2c6 100644 --- a/src/auditd-listen.c +++ b/src/auditd-listen.c @@ -114,11 +114,11 @@ static char *sockaddr_to_addr4(struct sockaddr_in *addr) static void set_close_on_exec(int fd) { - int flags = fcntl (fd, F_GETFD); + int flags = fcntl(fd, F_GETFD); if (flags == -1) flags = 0; flags |= FD_CLOEXEC; - fcntl (fd, F_SETFD, flags); + fcntl(fd, F_SETFD, flags); } static void release_client(struct ev_tcp *client) @@ -144,11 +144,11 @@ static void release_client(struct ev_tcp *client) static void close_client(struct ev_tcp *client) { - release_client (client); - free (client); + release_client(client); + free(client); } -static int ar_write (int sock, const void *buf, int len) +static int ar_write(int sock, const void *buf, int len) { int rc = 0, w; while (len > 0) { @@ -167,7 +167,7 @@ static int ar_write (int sock, const void *buf, int len) } #ifdef USE_GSSAPI -static int ar_read (int sock, void *buf, int len) +static int ar_read(int sock, void *buf, int len) { int rc = 0, r; while (len > 0) { @@ -192,13 +192,13 @@ static int ar_read (int sock, void *buf, int len) the tokens. The protocol we use for transferring tokens is to send the length first, four bytes MSB first, then the token data. We return nonzero on error. */ -static int recv_token (int s, gss_buffer_t tok) +static int recv_token(int s, gss_buffer_t tok) { int ret; unsigned char lenbuf[4]; unsigned int len; - ret = ar_read(s, (char *) lenbuf, 4); + ret = ar_read(s, (char *)lenbuf, 4); if (ret < 0) { audit_msg(LOG_ERR, "GSS-API error reading token length"); return -1; @@ -220,13 +220,13 @@ static int recv_token (int s, gss_buffer_t tok) } tok->length = len; - tok->value = (char *) malloc(tok->length ? tok->length : 1); + tok->value = (char *)malloc(tok->length ? tok->length : 1); if (tok->length && tok->value == NULL) { audit_msg(LOG_ERR, "Out of memory allocating token data"); return -1; } - ret = ar_read(s, (char *) tok->value, tok->length); + ret = ar_read(s, (char *)tok->value, tok->length); if (ret < 0) { audit_msg(LOG_ERR, "GSS-API error reading token data"); free(tok->value); @@ -243,7 +243,7 @@ static int recv_token (int s, gss_buffer_t tok) /* Same here. */ int send_token(int s, gss_buffer_t tok) { - int ret; + int ret; unsigned char lenbuf[4]; unsigned int len; @@ -268,7 +268,7 @@ int send_token(int s, gss_buffer_t tok) if (ret < 0) { audit_msg(LOG_ERR, "GSS-API error sending token data"); return -1; - } else if (ret != (int) tok->length) { + } else if (ret != (int)tok->length) { audit_msg(LOG_ERR, "GSS-API error sending token data"); return -1; } @@ -277,14 +277,14 @@ int send_token(int s, gss_buffer_t tok) } -static void gss_failure_2 (const char *msg, int status, int type) +static void gss_failure_2(const char *msg, int status, int type) { OM_uint32 message_context = 0; OM_uint32 min_status = 0; gss_buffer_desc status_string; do { - gss_display_status (&min_status, + gss_display_status(&min_status, status, type, GSS_C_NO_OID, @@ -298,11 +298,11 @@ static void gss_failure_2 (const char *msg, int status, int type) } while (message_context != 0); } -static void gss_failure (const char *msg, int major_status, int minor_status) +static void gss_failure(const char *msg, int major_status, int minor_status) { - gss_failure_2 (msg, major_status, GSS_C_GSS_CODE); + gss_failure_2(msg, major_status, GSS_C_GSS_CODE); if (minor_status) - gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE); + gss_failure_2(msg, minor_status, GSS_C_MECH_CODE); } #define KCHECK(x,f) if (x) { \ @@ -323,7 +323,7 @@ static int server_acquire_creds(const char *service_name, krb5_context kcontext = NULL; int krberr; - my_service_name = strdup (service_name); + my_service_name = strdup(service_name); name_buf.value = (char *)service_name; name_buf.length = strlen(name_buf.value) + 1; major_status = gss_import_name(&minor_status, &name_buf, @@ -346,9 +346,9 @@ static int server_acquire_creds(const char *service_name, (void) gss_release_name(&minor_status, &server_name); - krberr = krb5_init_context (&kcontext); + krberr = krb5_init_context(&kcontext); KCHECK (krberr, "krb5_init_context"); - krberr = krb5_get_default_realm (kcontext, &my_gss_realm); + krberr = krb5_get_default_realm(kcontext, &my_gss_realm); KCHECK (krberr, "krb5_get_default_realm"); audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name); @@ -360,7 +360,7 @@ static int server_acquire_creds(const char *service_name, the case of Kerberos, this is where the key exchange happens. FIXME: While everything else is strictly nonblocking, this negotiation blocks. */ -static int negotiate_credentials (ev_tcp *io) +static int negotiate_credentials(ev_tcp *io) { gss_buffer_desc send_tok, recv_tok; gss_name_t client; @@ -440,12 +440,12 @@ static int negotiate_credentials (ev_tcp *io) audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s", (char *)recv_tok.value); - io->remote_name = strdup (recv_tok.value); - io->remote_name_len = strlen (recv_tok.value); + io->remote_name = strdup(recv_tok.value); + io->remote_name_len = strlen(recv_tok.value); gss_release_buffer(&min_stat, &recv_tok); - slashptr = strchr (io->remote_name, '/'); - atptr = strchr (io->remote_name, '@'); + slashptr = strchr(io->remote_name, '/'); + atptr = strchr(io->remote_name, '@'); if (!slashptr || !atptr) { audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s", @@ -454,14 +454,14 @@ static int negotiate_credentials (ev_tcp *io) } *slashptr = 0; - if (strcmp (io->remote_name, my_service_name)) { + if (strcmp(io->remote_name, my_service_name)) { audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)", io->remote_name, my_service_name); return -1; } *slashptr = '/'; - if (strcmp (atptr+1, my_gss_realm)) { + if (strcmp(atptr+1, my_gss_realm)) { audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)", atptr+1, my_gss_realm); return -1; @@ -473,7 +473,7 @@ static int negotiate_credentials (ev_tcp *io) /* This is called from auditd-event after the message has been logged. The header is already filled in. */ -static void client_ack (void *ack_data, const unsigned char *header, +static void client_ack(void *ack_data, const unsigned char *header, const char *msg) { ev_tcp *io = (ev_tcp *)ack_data; @@ -483,18 +483,18 @@ static void client_ack (void *ack_data, const unsigned char *header, gss_buffer_desc utok, etok; int rc, mlen; - mlen = strlen (msg); + mlen = strlen(msg); utok.length = AUDIT_RMW_HEADER_SIZE + mlen; - utok.value = malloc (utok.length + 1); + utok.value = malloc(utok.length + 1); - memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE); - memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen); + memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE); + memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen); /* Wrapping the message creates a token for the client. Then we just have to worry about sending the token. */ - major_status = gss_wrap (&minor_status, + major_status = gss_wrap(&minor_status, io->gss_context, 1, GSS_C_QOP_DEFAULT, @@ -504,21 +504,21 @@ static void client_ack (void *ack_data, const unsigned char *header, if (major_status != GSS_S_COMPLETE) { gss_failure("encrypting message", major_status, minor_status); - free (utok.value); + free(utok.value); return; } // FIXME: What were we going to do with rc? - rc = send_token (io->io.fd, &etok); - free (utok.value); + rc = send_token(io->io.fd, &etok); + free(utok.value); (void) gss_release_buffer(&minor_status, &etok); return; } #endif // Send the header and a text error message if it exists - ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE); + ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE); if (msg[0]) - ar_write (io->io.fd, msg, strlen(msg)); + ar_write(io->io.fd, msg, strlen(msg)); } extern void distribute_event(struct auditd_event *e); @@ -540,7 +540,7 @@ static void client_message (struct ev_tcp *io, unsigned int length, unsigned char ack[AUDIT_RMW_HEADER_SIZE]; AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK, 0, seq); - client_ack (io, ack, ""); + client_ack(io, ack, ""); } else { struct auditd_event *e = create_event( header+AUDIT_RMW_HEADER_SIZE, @@ -552,10 +552,10 @@ static void client_message (struct ev_tcp *io, unsigned int length, } } -static void auditd_tcp_client_handler( struct ev_loop *loop, - struct ev_io *_io, int revents ) +static void auditd_tcp_client_handler(struct ev_loop *loop, + struct ev_io *_io, int revents) { - struct ev_tcp *io = (struct ev_tcp *) _io; + struct ev_tcp *io = (struct ev_tcp *)_io; int i, r; int total_this_call = 0; @@ -586,18 +586,18 @@ static void auditd_tcp_client_handler( struct ev_loop *loop, otherwise fails, the read will return -1. */ if (r <= 0) { if (r < 0) - audit_msg (LOG_WARNING, + audit_msg(LOG_WARNING, "client %s socket closed unexpectedly", sockaddr_to_addr4(&io->addr)); /* There may have been a final message without a LF. */ if (io->bufptr) { - client_message (io, io->bufptr, io->buffer); + client_message(io, io->bufptr, io->buffer); } - ev_io_stop (loop, _io); - close_client (io); + ev_io_stop(loop, _io); + close_client(io); return; } @@ -635,7 +635,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop, /* Unwrapping the token gives us the original message, which we know is already a single record. */ - major_status = gss_unwrap (&minor_status, io->gss_context, + major_status = gss_unwrap(&minor_status, io->gss_context, &etok, &utok, NULL, NULL); if (major_status != GSS_S_COMPLETE) { @@ -645,10 +645,10 @@ static void auditd_tcp_client_handler( struct ev_loop *loop, /* client_message() wants to NUL terminate it, so copy it to a bigger buffer. Plus, we want to add our own tag. */ - memcpy (msgbuf, utok.value, utok.length); + memcpy(msgbuf, utok.value, utok.length); while (utok.length > 0 && msgbuf[utok.length-1] == '\n') utok.length --; - snprintf (msgbuf + utok.length, + snprintf(msgbuf + utok.length, MAX_AUDIT_MESSAGE_LENGTH - utok.length, " krb5=%s", io->remote_name); utok.length += 6 + io->remote_name_len; @@ -681,7 +681,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop, return; /* We have an I-byte message in buffer. Send ACK */ - client_message (io, i, io->buffer); + client_message(io, i, io->buffer); } else { /* At this point, the buffer has IO->BUFPTR+R bytes in it. @@ -701,7 +701,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop, i++; /* We have an I-byte message in buffer. Send ACK */ - client_message (io, i, io->buffer); + client_message(io, i, io->buffer); } /* Now copy any remaining bytes to the beginning of the @@ -730,7 +730,7 @@ static int auditd_tcpd_check(int sock) request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0); fromhost(&request); - if (! hosts_access(&request)) + if (!hosts_access(&request)) return 1; return 0; } @@ -759,7 +759,7 @@ static int check_num_connections(struct sockaddr_in *aaddr) } static void auditd_tcp_listen_handler( struct ev_loop *loop, - struct ev_io *_io, int revents ) + struct ev_io *_io, int revents) { int one=1; int afd; @@ -770,7 +770,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop, /* Accept the connection and see where it's coming from. */ aaddrlen = sizeof(aaddr); - afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen); + afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen); if (afd == -1) { audit_msg(LOG_ERR, "Unable to accept TCP connection"); return; @@ -793,8 +793,8 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop, /* Verify it's coming from an authorized port. We assume the firewall * will block attempts from unauthorized machines. */ - if (min_port > ntohs (aaddr.sin_port) || - ntohs (aaddr.sin_port) > max_port) { + if (min_port > ntohs(aaddr.sin_port) || + ntohs(aaddr.sin_port) > max_port) { audit_msg(LOG_ERR, "TCP connection from %s rejected", sockaddr_to_addr4(&aaddr)); snprintf(emsg, sizeof(emsg), @@ -825,29 +825,29 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop, setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int)); setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int)); setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int)); - set_close_on_exec (afd); + set_close_on_exec(afd); /* Make the client data structure */ - client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp)); + client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp)); if (client == NULL) { audit_msg(LOG_CRIT, "Unable to allocate TCP client data"); snprintf(emsg, sizeof(emsg), "op=alloc addr=%s port=%d res=no", sockaddr_to_ipv4(&aaddr), - ntohs (aaddr.sin_port)); + ntohs(aaddr.sin_port)); send_audit_event(AUDIT_DAEMON_ACCEPT, emsg); shutdown(afd, SHUT_RDWR); close(afd); return; } - memset (client, 0, sizeof (struct ev_tcp)); + memset(client, 0, sizeof (struct ev_tcp)); client->client_active = 1; // Was watching for EV_ERROR, but libev 3.48 took it away - ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ); + ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ); - memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in)); + memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in)); #ifdef USE_GSSAPI if (use_gss && negotiate_credentials (client)) { @@ -860,7 +860,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop, #endif fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY); - ev_io_start (loop, &(client->io)); + ev_io_start(loop, &(client->io)); /* Add the new connection to a linked list of active clients. */ client->next = client_chain; @@ -883,7 +883,7 @@ static void auditd_set_ports(int minp, int maxp, int max_p_addr) } static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per, - int revents ) + int revents) { struct daemon_conf *config = (struct daemon_conf *) per->data; struct ev_tcp *ev, *next = NULL; @@ -902,24 +902,24 @@ static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per, audit_msg(LOG_NOTICE, "client %s idle too long - closing connection\n", sockaddr_to_addr4(&(ev->addr))); - ev_io_stop (loop, &ev->io); + ev_io_stop(loop, &ev->io); release_client(ev); free(ev); } } -int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) +int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config) { struct addrinfo *ai, *runp; struct addrinfo hints; char local[16]; int one = 1, rc; - ev_periodic_init (&periodic_watcher, periodic_handler, + ev_periodic_init(&periodic_watcher, periodic_handler, 0, config->tcp_client_max_idle, NULL); periodic_watcher.data = config; if (config->tcp_client_max_idle) - ev_periodic_start (loop, &periodic_watcher); + ev_periodic_start(loop, &periodic_watcher); /* If the port is not set, that means we aren't going to listen for connections. */ @@ -940,7 +940,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) nlsocks = 0; runp = ai; while (runp && nlsocks < N_SOCKS) { - listen_socket[nlsocks] = socket (runp->ai_family, + listen_socket[nlsocks] = socket(runp->ai_family, runp->ai_socktype, runp->ai_protocol); if (listen_socket[nlsocks] < 0) { audit_msg(LOG_ERR, "Cannot create tcp listener socket"); @@ -950,7 +950,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) /* This avoids problems if auditd needs to be restarted. */ setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int)); - set_close_on_exec (listen_socket[nlsocks]); + set_close_on_exec(listen_socket[nlsocks]); if (bind(listen_socket[nlsocks], runp->ai_addr, runp->ai_addrlen)) { @@ -977,9 +977,9 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) p ? p->p_name: "?"); endprotoent(); - ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler, + ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler, listen_socket[nlsocks], EV_READ); - ev_io_start (loop, &tcp_listen_watcher); + ev_io_start(loop, &tcp_listen_watcher); non_fatal: nlsocks++; if (nlsocks == N_SOCKS) @@ -1014,7 +1014,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) key_file = "/etc/audit/audit.key"; setenv ("KRB5_KTNAME", key_file, 1); - if (stat (key_file, &st) == 0) { + if (stat(key_file, &st) == 0) { if ((st.st_mode & 07777) != 0400) { audit_msg (LOG_ERR, "%s is not mode 0400 (it's %#o) - compromised key?", @@ -1022,7 +1022,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) return -1; } if (st.st_uid != 0) { - audit_msg (LOG_ERR, + audit_msg(LOG_ERR, "%s is not owned by root (it's %d) - compromised key?", key_file, st.st_uid); return -1; @@ -1036,17 +1036,16 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) return 0; } -void auditd_tcp_listen_uninit ( struct ev_loop *loop, - struct daemon_conf *config ) +void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config) { #ifdef USE_GSSAPI OM_uint32 status; #endif - ev_io_stop ( loop, &tcp_listen_watcher ); + ev_io_stop(loop, &tcp_listen_watcher); while (nlsocks >= 0) { nlsocks--; - close ( listen_socket[nlsocks] ); + close (listen_socket[nlsocks]); } #ifdef USE_GSSAPI @@ -1060,29 +1059,29 @@ void auditd_tcp_listen_uninit ( struct ev_loop *loop, unsigned char ack[AUDIT_RMW_HEADER_SIZE]; AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0); - client_ack (client_chain, ack, ""); - ev_io_stop (loop, &client_chain->io); - close_client (client_chain); + client_ack(client_chain, ack, ""); + ev_io_stop(loop, &client_chain->io); + close_client(client_chain); } if (config->tcp_client_max_idle) - ev_periodic_stop (loop, &periodic_watcher); + ev_periodic_stop(loop, &periodic_watcher); } static void periodic_reconfigure(struct daemon_conf *config) { - struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO); + struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO); if (config->tcp_client_max_idle) { - ev_periodic_set (&periodic_watcher, ev_now (loop), + ev_periodic_set(&periodic_watcher, ev_now(loop), config->tcp_client_max_idle, NULL); - ev_periodic_start (loop, &periodic_watcher); + ev_periodic_start(loop, &periodic_watcher); } else { - ev_periodic_stop (loop, &periodic_watcher); + ev_periodic_stop(loop, &periodic_watcher); } } -void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf, - struct daemon_conf *oconf ) +void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf, + struct daemon_conf *oconf) { use_libwrap = nconf->use_libwrap; @@ -1112,3 +1111,4 @@ void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf, // and recredential if needed. oconf->krb5_principal = nconf->krb5_principal; } +