From 63151c4f0e9d1d037f80f10cb7809573a49da6c7 Mon Sep 17 00:00:00 2001

From: Steve Grubb <sgrubb@redhat.com>

Date: Tue, 17 Oct 2017 13:33:28 -0400

Subject: [PATCH] make style match rest of audit system

---

 src/auditd-listen.c | 176 ++++++++++++++++++++++++++--------------------------

 1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/src/auditd-listen.c b/src/auditd-listen.c

index b4dc097..7a5c2c6 100644

--- a/src/auditd-listen.c

+++ b/src/auditd-listen.c

@@ -114,11 +114,11 @@ static char *sockaddr_to_addr4(struct sockaddr_in *addr)

 static void set_close_on_exec(int fd)

 {

-	int flags = fcntl (fd, F_GETFD);

+	int flags = fcntl(fd, F_GETFD);

 	if (flags == -1)

 		flags = 0;

 	flags |= FD_CLOEXEC;

-	fcntl (fd, F_SETFD, flags);

+	fcntl(fd, F_SETFD, flags);

 }

 static void release_client(struct ev_tcp *client)

@@ -144,11 +144,11 @@ static void release_client(struct ev_tcp *client)

 static void close_client(struct ev_tcp *client)

 {

-	release_client (client);

-	free (client);

+	release_client(client);

+	free(client);

 }

-static int ar_write (int sock, const void *buf, int len)

+static int ar_write(int sock, const void *buf, int len)

 {

 	int rc = 0, w;

 	while (len > 0) {

@@ -167,7 +167,7 @@ static int ar_write (int sock, const void *buf, int len)

 }

 #ifdef USE_GSSAPI

-static int ar_read (int sock, void *buf, int len)

+static int ar_read(int sock, void *buf, int len)

 {

 	int rc = 0, r;

 	while (len > 0) {

@@ -192,13 +192,13 @@ static int ar_read (int sock, void *buf, int len)

    the tokens.  The protocol we use for transferring tokens is to send

    the length first, four bytes MSB first, then the token data.  We

    return nonzero on error.  */

-static int recv_token (int s, gss_buffer_t tok)

+static int recv_token(int s, gss_buffer_t tok)

 {

 	int ret;

 	unsigned char lenbuf[4];

 	unsigned int len;

-	ret = ar_read(s, (char *) lenbuf, 4);

+	ret = ar_read(s, (char *)lenbuf, 4);

 	if (ret < 0) {

 		audit_msg(LOG_ERR, "GSS-API error reading token length");

 		return -1;

@@ -220,13 +220,13 @@ static int recv_token (int s, gss_buffer_t tok)

 	}

 	tok->length = len;

-	tok->value = (char *) malloc(tok->length ? tok->length : 1);

+	tok->value = (char *)malloc(tok->length ? tok->length : 1);

 	if (tok->length && tok->value == NULL) {

 		audit_msg(LOG_ERR, "Out of memory allocating token data");

 		return -1;

 	}

-	ret = ar_read(s, (char *) tok->value, tok->length);

+	ret = ar_read(s, (char *)tok->value, tok->length);

 	if (ret < 0) {

 		audit_msg(LOG_ERR, "GSS-API error reading token data");

 		free(tok->value);

@@ -243,7 +243,7 @@ static int recv_token (int s, gss_buffer_t tok)

 /* Same here.  */

 int send_token(int s, gss_buffer_t tok)

 {

-	int     ret;

+	int ret;

 	unsigned char lenbuf[4];

 	unsigned int len;

@@ -268,7 +268,7 @@ int send_token(int s, gss_buffer_t tok)

 	if (ret < 0) {

 		audit_msg(LOG_ERR, "GSS-API error sending token data");

 		return -1;

-	} else if (ret != (int) tok->length) {

+	} else if (ret != (int)tok->length) {

 		audit_msg(LOG_ERR, "GSS-API error sending token data");

 		return -1;

 	}

@@ -277,14 +277,14 @@ int send_token(int s, gss_buffer_t tok)

 }

-static void gss_failure_2 (const char *msg, int status, int type)

+static void gss_failure_2(const char *msg, int status, int type)

 {

 	OM_uint32 message_context = 0;

 	OM_uint32 min_status = 0;

 	gss_buffer_desc status_string;

 	do {

-		gss_display_status (&min_status,

+		gss_display_status(&min_status,

 				    status,

 				    type,

 				    GSS_C_NO_OID,

@@ -298,11 +298,11 @@ static void gss_failure_2 (const char *msg, int status, int type)

 	} while (message_context != 0);

 }

-static void gss_failure (const char *msg, int major_status, int minor_status)

+static void gss_failure(const char *msg, int major_status, int minor_status)

 {

-	gss_failure_2 (msg, major_status, GSS_C_GSS_CODE);

+	gss_failure_2(msg, major_status, GSS_C_GSS_CODE);

 	if (minor_status)

-		gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE);

+		gss_failure_2(msg, minor_status, GSS_C_MECH_CODE);

 }

 #define KCHECK(x,f) if (x) { \

@@ -323,7 +323,7 @@ static int server_acquire_creds(const char *service_name,

 	krb5_context kcontext = NULL;

 	int krberr;

-	my_service_name = strdup (service_name);

+	my_service_name = strdup(service_name);

 	name_buf.value = (char *)service_name;

 	name_buf.length = strlen(name_buf.value) + 1;

 	major_status = gss_import_name(&minor_status, &name_buf,

@@ -346,9 +346,9 @@ static int server_acquire_creds(const char *service_name,

 	(void) gss_release_name(&minor_status, &server_name);

-	krberr = krb5_init_context (&kcontext);

+	krberr = krb5_init_context(&kcontext);

 	KCHECK (krberr, "krb5_init_context");

-	krberr = krb5_get_default_realm (kcontext, &my_gss_realm);

+	krberr = krb5_get_default_realm(kcontext, &my_gss_realm);

 	KCHECK (krberr, "krb5_get_default_realm");

 	audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name);

@@ -360,7 +360,7 @@ static int server_acquire_creds(const char *service_name,

    the case of Kerberos, this is where the key exchange happens.

    FIXME: While everything else is strictly nonblocking, this

    negotiation blocks.  */

-static int negotiate_credentials (ev_tcp *io)

+static int negotiate_credentials(ev_tcp *io)

 {

 	gss_buffer_desc send_tok, recv_tok;

 	gss_name_t client;

@@ -440,12 +440,12 @@ static int negotiate_credentials (ev_tcp *io)

 	audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",

 		  (char *)recv_tok.value);

-	io->remote_name = strdup (recv_tok.value);

-	io->remote_name_len = strlen (recv_tok.value);

+	io->remote_name = strdup(recv_tok.value);

+	io->remote_name_len = strlen(recv_tok.value);

 	gss_release_buffer(&min_stat, &recv_tok);

-	slashptr = strchr (io->remote_name, '/');

-	atptr = strchr (io->remote_name, '@');

+	slashptr = strchr(io->remote_name, '/');

+	atptr = strchr(io->remote_name, '@');

 	if (!slashptr || !atptr) {

 		audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",

@@ -454,14 +454,14 @@ static int negotiate_credentials (ev_tcp *io)

 	}

 	*slashptr = 0;

-	if (strcmp (io->remote_name, my_service_name)) {

+	if (strcmp(io->remote_name, my_service_name)) {

 		audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)",

 			  io->remote_name, my_service_name);

 		return -1;

 	}

 	*slashptr = '/';

-	if (strcmp (atptr+1, my_gss_realm)) {

+	if (strcmp(atptr+1, my_gss_realm)) {

 		audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)",

 			  atptr+1, my_gss_realm);

 		return -1;

@@ -473,7 +473,7 @@ static int negotiate_credentials (ev_tcp *io)

 /* This is called from auditd-event after the message has been logged.

    The header is already filled in.  */

-static void client_ack (void *ack_data, const unsigned char *header,

+static void client_ack(void *ack_data, const unsigned char *header,

 	const char *msg)

 {

 	ev_tcp *io = (ev_tcp *)ack_data;

@@ -483,18 +483,18 @@ static void client_ack (void *ack_data, const unsigned char *header,

 		gss_buffer_desc utok, etok;

 		int rc, mlen;

-		mlen = strlen (msg);

+		mlen = strlen(msg);

 		utok.length = AUDIT_RMW_HEADER_SIZE + mlen;

-		utok.value = malloc (utok.length + 1);

+		utok.value = malloc(utok.length + 1);

-		memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);

-		memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);

+		memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);

+		memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);

 		/* Wrapping the message creates a token for the

 		   client.  Then we just have to worry about sending

 		   the token.  */

-		major_status = gss_wrap (&minor_status,

+		major_status = gss_wrap(&minor_status,

 					 io->gss_context,

 					 1,

 					 GSS_C_QOP_DEFAULT,

@@ -504,21 +504,21 @@ static void client_ack (void *ack_data, const unsigned char *header,

 		if (major_status != GSS_S_COMPLETE) {

 			gss_failure("encrypting message", major_status,

 					minor_status);

-			free (utok.value);

+			free(utok.value);

 			return;

 		}

 		// FIXME: What were we going to do with rc?

-		rc = send_token (io->io.fd, &etok);

-		free (utok.value);

+		rc = send_token(io->io.fd, &etok);

+		free(utok.value);

 		(void) gss_release_buffer(&minor_status, &etok);

 		return;

 	}

 #endif

 	// Send the header and a text error message if it exists

-	ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE);

+	ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE);

 	if (msg[0])

-		ar_write (io->io.fd, msg, strlen(msg));

+		ar_write(io->io.fd, msg, strlen(msg));

 }

 extern void distribute_event(struct auditd_event *e);

@@ -540,7 +540,7 @@ static void client_message (struct ev_tcp *io, unsigned int length,

 			unsigned char ack[AUDIT_RMW_HEADER_SIZE];

 			AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK,

 				0, seq);

-			client_ack (io, ack, "");

+			client_ack(io, ack, "");

 		} else {

 			struct auditd_event *e = create_event(

 					header+AUDIT_RMW_HEADER_SIZE,

@@ -552,10 +552,10 @@ static void client_message (struct ev_tcp *io, unsigned int length,

 	}

 }

-static void auditd_tcp_client_handler( struct ev_loop *loop,

-			struct ev_io *_io, int revents )

+static void auditd_tcp_client_handler(struct ev_loop *loop,

+			struct ev_io *_io, int revents)

 {

-	struct ev_tcp *io = (struct ev_tcp *) _io;

+	struct ev_tcp *io = (struct ev_tcp *)_io;

 	int i, r;

 	int total_this_call = 0;

@@ -586,18 +586,18 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,

 	   otherwise fails, the read will return -1.  */

 	if (r <= 0) {

 		if (r < 0)

-			audit_msg (LOG_WARNING,

+			audit_msg(LOG_WARNING,

 				"client %s socket closed unexpectedly",

 				sockaddr_to_addr4(&io->addr));

 		/* There may have been a final message without a LF.  */

 		if (io->bufptr) {

-			client_message (io, io->bufptr, io->buffer);

+			client_message(io, io->bufptr, io->buffer);

 		}

-		ev_io_stop (loop, _io);

-		close_client (io);

+		ev_io_stop(loop, _io);

+		close_client(io);

 		return;

 	}

@@ -635,7 +635,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,

 		/* Unwrapping the token gives us the original message,

 		   which we know is already a single record.  */

-		major_status = gss_unwrap (&minor_status, io->gss_context,

+		major_status = gss_unwrap(&minor_status, io->gss_context,

 				&etok, &utok, NULL, NULL);

 		if (major_status != GSS_S_COMPLETE) {

@@ -645,10 +645,10 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,

 			/* client_message() wants to NUL terminate it,

 			   so copy it to a bigger buffer.  Plus, we

 			   want to add our own tag.  */

-			memcpy (msgbuf, utok.value, utok.length);

+			memcpy(msgbuf, utok.value, utok.length);

 			while (utok.length > 0 && msgbuf[utok.length-1] == '\n')

 				utok.length --;

-			snprintf (msgbuf + utok.length,

+			snprintf(msgbuf + utok.length,

 				MAX_AUDIT_MESSAGE_LENGTH - utok.length,

 				" krb5=%s", io->remote_name);

 			utok.length += 6 + io->remote_name_len;

@@ -681,7 +681,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,

 			return;

 		/* We have an I-byte message in buffer. Send ACK */

-		client_message (io, i, io->buffer);

+		client_message(io, i, io->buffer);

 	} else {

 		/* At this point, the buffer has IO->BUFPTR+R bytes in it.

@@ -701,7 +701,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,

 		i++;

 		/* We have an I-byte message in buffer. Send ACK */

-		client_message (io, i, io->buffer);

+		client_message(io, i, io->buffer);

 	}

 	/* Now copy any remaining bytes to the beginning of the

@@ -730,7 +730,7 @@ static int auditd_tcpd_check(int sock)

 	request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0);

 	fromhost(&request);

-	if (! hosts_access(&request))

+	if (!hosts_access(&request))

 		return 1;

 	return 0;

 }

@@ -759,7 +759,7 @@ static int check_num_connections(struct sockaddr_in *aaddr)

 }

 static void auditd_tcp_listen_handler( struct ev_loop *loop,

-	struct ev_io *_io, int revents )

+	struct ev_io *_io, int revents)

 {

 	int one=1;

 	int afd;

@@ -770,7 +770,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,

 	/* Accept the connection and see where it's coming from.  */

 	aaddrlen = sizeof(aaddr);

-	afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);

+	afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);

 	if (afd == -1) {

         	audit_msg(LOG_ERR, "Unable to accept TCP connection");

 		return;

@@ -793,8 +793,8 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,

 	/* Verify it's coming from an authorized port.  We assume the firewall

 	 * will block attempts from unauthorized machines.  */

-	if (min_port > ntohs (aaddr.sin_port) ||

-					ntohs (aaddr.sin_port) > max_port) {

+	if (min_port > ntohs(aaddr.sin_port) ||

+					ntohs(aaddr.sin_port) > max_port) {

         	audit_msg(LOG_ERR, "TCP connection from %s rejected",

 				sockaddr_to_addr4(&aaddr));

 		snprintf(emsg, sizeof(emsg),

@@ -825,29 +825,29 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,

 	setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int));

 	setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int));

 	setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int));

-	set_close_on_exec (afd);

+	set_close_on_exec(afd);

 	/* Make the client data structure */

-	client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp));

+	client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp));

 	if (client == NULL) {

         	audit_msg(LOG_CRIT, "Unable to allocate TCP client data");

 		snprintf(emsg, sizeof(emsg),

 			"op=alloc addr=%s port=%d res=no",

 			sockaddr_to_ipv4(&aaddr),

-			ntohs (aaddr.sin_port));

+			ntohs(aaddr.sin_port));

 		send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);

 		shutdown(afd, SHUT_RDWR);

 		close(afd);

 		return;

 	}

-	memset (client, 0, sizeof (struct ev_tcp));

+	memset(client, 0, sizeof (struct ev_tcp));

 	client->client_active = 1;

 	// Was watching for EV_ERROR, but libev 3.48 took it away

-	ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ);

+	ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ);

-	memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in));

+	memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in));

 #ifdef USE_GSSAPI

 	if (use_gss && negotiate_credentials (client)) {

@@ -860,7 +860,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,

 #endif

 	fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY);

-	ev_io_start (loop, &(client->io));

+	ev_io_start(loop, &(client->io));

 	/* Add the new connection to a linked list of active clients.  */

 	client->next = client_chain;

@@ -883,7 +883,7 @@ static void auditd_set_ports(int minp, int maxp, int max_p_addr)

 }

 static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,

-			int revents )

+			int revents)

 {

 	struct daemon_conf *config = (struct daemon_conf *) per->data;

 	struct ev_tcp *ev, *next = NULL;

@@ -902,24 +902,24 @@ static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,

 		audit_msg(LOG_NOTICE,

 			"client %s idle too long - closing connection\n",

 			sockaddr_to_addr4(&(ev->addr)));

-		ev_io_stop (loop, &ev->io);

+		ev_io_stop(loop, &ev->io);

 		release_client(ev);

 		free(ev);

 	}

 }

-int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

+int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)

 {

 	struct addrinfo *ai, *runp;

 	struct addrinfo hints;

 	char local[16];

 	int one = 1, rc;

-	ev_periodic_init (&periodic_watcher, periodic_handler,

+	ev_periodic_init(&periodic_watcher, periodic_handler,

 			  0, config->tcp_client_max_idle, NULL);

 	periodic_watcher.data = config;

 	if (config->tcp_client_max_idle)

-		ev_periodic_start (loop, &periodic_watcher);

+		ev_periodic_start(loop, &periodic_watcher);

 	/* If the port is not set, that means we aren't going to

 	  listen for connections.  */

@@ -940,7 +940,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

 	nlsocks = 0;

 	runp = ai;

 	while (runp && nlsocks < N_SOCKS) {

-		listen_socket[nlsocks] = socket (runp->ai_family,

+		listen_socket[nlsocks] = socket(runp->ai_family,

 				 runp->ai_socktype, runp->ai_protocol);

 		if (listen_socket[nlsocks] < 0) {

         		audit_msg(LOG_ERR, "Cannot create tcp listener socket");

@@ -950,7 +950,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

 		/* This avoids problems if auditd needs to be restarted.  */

 		setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,

 				(char *)&one, sizeof (int));

-		set_close_on_exec (listen_socket[nlsocks]);

+		set_close_on_exec(listen_socket[nlsocks]);

 		if (bind(listen_socket[nlsocks], runp->ai_addr,

 						runp->ai_addrlen)) {

@@ -977,9 +977,9 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

 			 p ? p->p_name: "?");

 		endprotoent();

-		ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler,

+		ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler,

 				listen_socket[nlsocks], EV_READ);

-		ev_io_start (loop, &tcp_listen_watcher);

+		ev_io_start(loop, &tcp_listen_watcher);

 non_fatal:

 		nlsocks++;

 		if (nlsocks == N_SOCKS)

@@ -1014,7 +1014,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

 			key_file = "/etc/audit/audit.key";

 		setenv ("KRB5_KTNAME", key_file, 1);

-		if (stat (key_file, &st) == 0) {

+		if (stat(key_file, &st) == 0) {

 			if ((st.st_mode & 07777) != 0400) {

 				audit_msg (LOG_ERR,

 			 "%s is not mode 0400 (it's %#o) - compromised key?",

@@ -1022,7 +1022,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

 				return -1;

 			}

 			if (st.st_uid != 0) {

-				audit_msg (LOG_ERR,

+				audit_msg(LOG_ERR,

 			 "%s is not owned by root (it's %d) - compromised key?",

 					   key_file, st.st_uid);

 				return -1;

@@ -1036,17 +1036,16 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )

 	return 0;

 }

-void auditd_tcp_listen_uninit ( struct ev_loop *loop,

-				struct daemon_conf *config )

+void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)

 {

 #ifdef USE_GSSAPI

 	OM_uint32 status;

 #endif

-	ev_io_stop ( loop, &tcp_listen_watcher );

+	ev_io_stop(loop, &tcp_listen_watcher);

 	while (nlsocks >= 0) {

 		nlsocks--;

-		close ( listen_socket[nlsocks] );

+		close (listen_socket[nlsocks]);

 	}

 #ifdef USE_GSSAPI

@@ -1060,29 +1059,29 @@ void auditd_tcp_listen_uninit ( struct ev_loop *loop,

 		unsigned char ack[AUDIT_RMW_HEADER_SIZE];

 		AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0);

-		client_ack (client_chain, ack, "");

-		ev_io_stop (loop, &client_chain->io);

-		close_client (client_chain);

+		client_ack(client_chain, ack, "");

+		ev_io_stop(loop, &client_chain->io);

+		close_client(client_chain);

 	}

 	if (config->tcp_client_max_idle)

-		ev_periodic_stop (loop, &periodic_watcher);

+		ev_periodic_stop(loop, &periodic_watcher);

 }

 static void periodic_reconfigure(struct daemon_conf *config)

 {

-	struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO);

+	struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO);

 	if (config->tcp_client_max_idle) {

-		ev_periodic_set (&periodic_watcher, ev_now (loop),

+		ev_periodic_set(&periodic_watcher, ev_now(loop),

 				 config->tcp_client_max_idle, NULL);

-		ev_periodic_start (loop, &periodic_watcher);

+		ev_periodic_start(loop, &periodic_watcher);

 	} else {

-		ev_periodic_stop (loop, &periodic_watcher);

+		ev_periodic_stop(loop, &periodic_watcher);

 	}

 }

-void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,

-				     struct daemon_conf *oconf )

+void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf,

+				     struct daemon_conf *oconf)

 {

 	use_libwrap = nconf->use_libwrap;

@@ -1112,3 +1111,4 @@ void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,

 	// and recredential if needed.

 	oconf->krb5_principal = nconf->krb5_principal;

 }

+