From 63151c4f0e9d1d037f80f10cb7809573a49da6c7 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 17 Oct 2017 13:33:28 -0400
Subject: [PATCH] make style match rest of audit system
---
src/auditd-listen.c | 176 ++++++++++++++++++++++++++--------------------------
1 file changed, 88 insertions(+), 88 deletions(-)
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index b4dc097..7a5c2c6 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -114,11 +114,11 @@ static char *sockaddr_to_addr4(struct sockaddr_in *addr)
static void set_close_on_exec(int fd)
{
- int flags = fcntl (fd, F_GETFD);
+ int flags = fcntl(fd, F_GETFD);
if (flags == -1)
flags = 0;
flags |= FD_CLOEXEC;
- fcntl (fd, F_SETFD, flags);
+ fcntl(fd, F_SETFD, flags);
}
static void release_client(struct ev_tcp *client)
@@ -144,11 +144,11 @@ static void release_client(struct ev_tcp *client)
static void close_client(struct ev_tcp *client)
{
- release_client (client);
- free (client);
+ release_client(client);
+ free(client);
}
-static int ar_write (int sock, const void *buf, int len)
+static int ar_write(int sock, const void *buf, int len)
{
int rc = 0, w;
while (len > 0) {
@@ -167,7 +167,7 @@ static int ar_write (int sock, const void *buf, int len)
}
#ifdef USE_GSSAPI
-static int ar_read (int sock, void *buf, int len)
+static int ar_read(int sock, void *buf, int len)
{
int rc = 0, r;
while (len > 0) {
@@ -192,13 +192,13 @@ static int ar_read (int sock, void *buf, int len)
the tokens. The protocol we use for transferring tokens is to send
the length first, four bytes MSB first, then the token data. We
return nonzero on error. */
-static int recv_token (int s, gss_buffer_t tok)
+static int recv_token(int s, gss_buffer_t tok)
{
int ret;
unsigned char lenbuf[4];
unsigned int len;
- ret = ar_read(s, (char *) lenbuf, 4);
+ ret = ar_read(s, (char *)lenbuf, 4);
if (ret < 0) {
audit_msg(LOG_ERR, "GSS-API error reading token length");
return -1;
@@ -220,13 +220,13 @@ static int recv_token (int s, gss_buffer_t tok)
}
tok->length = len;
- tok->value = (char *) malloc(tok->length ? tok->length : 1);
+ tok->value = (char *)malloc(tok->length ? tok->length : 1);
if (tok->length && tok->value == NULL) {
audit_msg(LOG_ERR, "Out of memory allocating token data");
return -1;
}
- ret = ar_read(s, (char *) tok->value, tok->length);
+ ret = ar_read(s, (char *)tok->value, tok->length);
if (ret < 0) {
audit_msg(LOG_ERR, "GSS-API error reading token data");
free(tok->value);
@@ -243,7 +243,7 @@ static int recv_token (int s, gss_buffer_t tok)
/* Same here. */
int send_token(int s, gss_buffer_t tok)
{
- int ret;
+ int ret;
unsigned char lenbuf[4];
unsigned int len;
@@ -268,7 +268,7 @@ int send_token(int s, gss_buffer_t tok)
if (ret < 0) {
audit_msg(LOG_ERR, "GSS-API error sending token data");
return -1;
- } else if (ret != (int) tok->length) {
+ } else if (ret != (int)tok->length) {
audit_msg(LOG_ERR, "GSS-API error sending token data");
return -1;
}
@@ -277,14 +277,14 @@ int send_token(int s, gss_buffer_t tok)
}
-static void gss_failure_2 (const char *msg, int status, int type)
+static void gss_failure_2(const char *msg, int status, int type)
{
OM_uint32 message_context = 0;
OM_uint32 min_status = 0;
gss_buffer_desc status_string;
do {
- gss_display_status (&min_status,
+ gss_display_status(&min_status,
status,
type,
GSS_C_NO_OID,
@@ -298,11 +298,11 @@ static void gss_failure_2 (const char *msg, int status, int type)
} while (message_context != 0);
}
-static void gss_failure (const char *msg, int major_status, int minor_status)
+static void gss_failure(const char *msg, int major_status, int minor_status)
{
- gss_failure_2 (msg, major_status, GSS_C_GSS_CODE);
+ gss_failure_2(msg, major_status, GSS_C_GSS_CODE);
if (minor_status)
- gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE);
+ gss_failure_2(msg, minor_status, GSS_C_MECH_CODE);
}
#define KCHECK(x,f) if (x) { \
@@ -323,7 +323,7 @@ static int server_acquire_creds(const char *service_name,
krb5_context kcontext = NULL;
int krberr;
- my_service_name = strdup (service_name);
+ my_service_name = strdup(service_name);
name_buf.value = (char *)service_name;
name_buf.length = strlen(name_buf.value) + 1;
major_status = gss_import_name(&minor_status, &name_buf,
@@ -346,9 +346,9 @@ static int server_acquire_creds(const char *service_name,
(void) gss_release_name(&minor_status, &server_name);
- krberr = krb5_init_context (&kcontext);
+ krberr = krb5_init_context(&kcontext);
KCHECK (krberr, "krb5_init_context");
- krberr = krb5_get_default_realm (kcontext, &my_gss_realm);
+ krberr = krb5_get_default_realm(kcontext, &my_gss_realm);
KCHECK (krberr, "krb5_get_default_realm");
audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name);
@@ -360,7 +360,7 @@ static int server_acquire_creds(const char *service_name,
the case of Kerberos, this is where the key exchange happens.
FIXME: While everything else is strictly nonblocking, this
negotiation blocks. */
-static int negotiate_credentials (ev_tcp *io)
+static int negotiate_credentials(ev_tcp *io)
{
gss_buffer_desc send_tok, recv_tok;
gss_name_t client;
@@ -440,12 +440,12 @@ static int negotiate_credentials (ev_tcp *io)
audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
(char *)recv_tok.value);
- io->remote_name = strdup (recv_tok.value);
- io->remote_name_len = strlen (recv_tok.value);
+ io->remote_name = strdup(recv_tok.value);
+ io->remote_name_len = strlen(recv_tok.value);
gss_release_buffer(&min_stat, &recv_tok);
- slashptr = strchr (io->remote_name, '/');
- atptr = strchr (io->remote_name, '@');
+ slashptr = strchr(io->remote_name, '/');
+ atptr = strchr(io->remote_name, '@');
if (!slashptr || !atptr) {
audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
@@ -454,14 +454,14 @@ static int negotiate_credentials (ev_tcp *io)
}
*slashptr = 0;
- if (strcmp (io->remote_name, my_service_name)) {
+ if (strcmp(io->remote_name, my_service_name)) {
audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)",
io->remote_name, my_service_name);
return -1;
}
*slashptr = '/';
- if (strcmp (atptr+1, my_gss_realm)) {
+ if (strcmp(atptr+1, my_gss_realm)) {
audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)",
atptr+1, my_gss_realm);
return -1;
@@ -473,7 +473,7 @@ static int negotiate_credentials (ev_tcp *io)
/* This is called from auditd-event after the message has been logged.
The header is already filled in. */
-static void client_ack (void *ack_data, const unsigned char *header,
+static void client_ack(void *ack_data, const unsigned char *header,
const char *msg)
{
ev_tcp *io = (ev_tcp *)ack_data;
@@ -483,18 +483,18 @@ static void client_ack (void *ack_data, const unsigned char *header,
gss_buffer_desc utok, etok;
int rc, mlen;
- mlen = strlen (msg);
+ mlen = strlen(msg);
utok.length = AUDIT_RMW_HEADER_SIZE + mlen;
- utok.value = malloc (utok.length + 1);
+ utok.value = malloc(utok.length + 1);
- memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
- memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
+ memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
+ memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
/* Wrapping the message creates a token for the
client. Then we just have to worry about sending
the token. */
- major_status = gss_wrap (&minor_status,
+ major_status = gss_wrap(&minor_status,
io->gss_context,
1,
GSS_C_QOP_DEFAULT,
@@ -504,21 +504,21 @@ static void client_ack (void *ack_data, const unsigned char *header,
if (major_status != GSS_S_COMPLETE) {
gss_failure("encrypting message", major_status,
minor_status);
- free (utok.value);
+ free(utok.value);
return;
}
// FIXME: What were we going to do with rc?
- rc = send_token (io->io.fd, &etok);
- free (utok.value);
+ rc = send_token(io->io.fd, &etok);
+ free(utok.value);
(void) gss_release_buffer(&minor_status, &etok);
return;
}
#endif
// Send the header and a text error message if it exists
- ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
+ ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
if (msg[0])
- ar_write (io->io.fd, msg, strlen(msg));
+ ar_write(io->io.fd, msg, strlen(msg));
}
extern void distribute_event(struct auditd_event *e);
@@ -540,7 +540,7 @@ static void client_message (struct ev_tcp *io, unsigned int length,
unsigned char ack[AUDIT_RMW_HEADER_SIZE];
AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK,
0, seq);
- client_ack (io, ack, "");
+ client_ack(io, ack, "");
} else {
struct auditd_event *e = create_event(
header+AUDIT_RMW_HEADER_SIZE,
@@ -552,10 +552,10 @@ static void client_message (struct ev_tcp *io, unsigned int length,
}
}
-static void auditd_tcp_client_handler( struct ev_loop *loop,
- struct ev_io *_io, int revents )
+static void auditd_tcp_client_handler(struct ev_loop *loop,
+ struct ev_io *_io, int revents)
{
- struct ev_tcp *io = (struct ev_tcp *) _io;
+ struct ev_tcp *io = (struct ev_tcp *)_io;
int i, r;
int total_this_call = 0;
@@ -586,18 +586,18 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
otherwise fails, the read will return -1. */
if (r <= 0) {
if (r < 0)
- audit_msg (LOG_WARNING,
+ audit_msg(LOG_WARNING,
"client %s socket closed unexpectedly",
sockaddr_to_addr4(&io->addr));
/* There may have been a final message without a LF. */
if (io->bufptr) {
- client_message (io, io->bufptr, io->buffer);
+ client_message(io, io->bufptr, io->buffer);
}
- ev_io_stop (loop, _io);
- close_client (io);
+ ev_io_stop(loop, _io);
+ close_client(io);
return;
}
@@ -635,7 +635,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
/* Unwrapping the token gives us the original message,
which we know is already a single record. */
- major_status = gss_unwrap (&minor_status, io->gss_context,
+ major_status = gss_unwrap(&minor_status, io->gss_context,
&etok, &utok, NULL, NULL);
if (major_status != GSS_S_COMPLETE) {
@@ -645,10 +645,10 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
/* client_message() wants to NUL terminate it,
so copy it to a bigger buffer. Plus, we
want to add our own tag. */
- memcpy (msgbuf, utok.value, utok.length);
+ memcpy(msgbuf, utok.value, utok.length);
while (utok.length > 0 && msgbuf[utok.length-1] == '\n')
utok.length --;
- snprintf (msgbuf + utok.length,
+ snprintf(msgbuf + utok.length,
MAX_AUDIT_MESSAGE_LENGTH - utok.length,
" krb5=%s", io->remote_name);
utok.length += 6 + io->remote_name_len;
@@ -681,7 +681,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
return;
/* We have an I-byte message in buffer. Send ACK */
- client_message (io, i, io->buffer);
+ client_message(io, i, io->buffer);
} else {
/* At this point, the buffer has IO->BUFPTR+R bytes in it.
@@ -701,7 +701,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
i++;
/* We have an I-byte message in buffer. Send ACK */
- client_message (io, i, io->buffer);
+ client_message(io, i, io->buffer);
}
/* Now copy any remaining bytes to the beginning of the
@@ -730,7 +730,7 @@ static int auditd_tcpd_check(int sock)
request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0);
fromhost(&request);
- if (! hosts_access(&request))
+ if (!hosts_access(&request))
return 1;
return 0;
}
@@ -759,7 +759,7 @@ static int check_num_connections(struct sockaddr_in *aaddr)
}
static void auditd_tcp_listen_handler( struct ev_loop *loop,
- struct ev_io *_io, int revents )
+ struct ev_io *_io, int revents)
{
int one=1;
int afd;
@@ -770,7 +770,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
/* Accept the connection and see where it's coming from. */
aaddrlen = sizeof(aaddr);
- afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
+ afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
if (afd == -1) {
audit_msg(LOG_ERR, "Unable to accept TCP connection");
return;
@@ -793,8 +793,8 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
/* Verify it's coming from an authorized port. We assume the firewall
* will block attempts from unauthorized machines. */
- if (min_port > ntohs (aaddr.sin_port) ||
- ntohs (aaddr.sin_port) > max_port) {
+ if (min_port > ntohs(aaddr.sin_port) ||
+ ntohs(aaddr.sin_port) > max_port) {
audit_msg(LOG_ERR, "TCP connection from %s rejected",
sockaddr_to_addr4(&aaddr));
snprintf(emsg, sizeof(emsg),
@@ -825,29 +825,29 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int));
setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int));
setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int));
- set_close_on_exec (afd);
+ set_close_on_exec(afd);
/* Make the client data structure */
- client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp));
+ client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp));
if (client == NULL) {
audit_msg(LOG_CRIT, "Unable to allocate TCP client data");
snprintf(emsg, sizeof(emsg),
"op=alloc addr=%s port=%d res=no",
sockaddr_to_ipv4(&aaddr),
- ntohs (aaddr.sin_port));
+ ntohs(aaddr.sin_port));
send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);
shutdown(afd, SHUT_RDWR);
close(afd);
return;
}
- memset (client, 0, sizeof (struct ev_tcp));
+ memset(client, 0, sizeof (struct ev_tcp));
client->client_active = 1;
// Was watching for EV_ERROR, but libev 3.48 took it away
- ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ);
+ ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ);
- memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in));
+ memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in));
#ifdef USE_GSSAPI
if (use_gss && negotiate_credentials (client)) {
@@ -860,7 +860,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
#endif
fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY);
- ev_io_start (loop, &(client->io));
+ ev_io_start(loop, &(client->io));
/* Add the new connection to a linked list of active clients. */
client->next = client_chain;
@@ -883,7 +883,7 @@ static void auditd_set_ports(int minp, int maxp, int max_p_addr)
}
static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
- int revents )
+ int revents)
{
struct daemon_conf *config = (struct daemon_conf *) per->data;
struct ev_tcp *ev, *next = NULL;
@@ -902,24 +902,24 @@ static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
audit_msg(LOG_NOTICE,
"client %s idle too long - closing connection\n",
sockaddr_to_addr4(&(ev->addr)));
- ev_io_stop (loop, &ev->io);
+ ev_io_stop(loop, &ev->io);
release_client(ev);
free(ev);
}
}
-int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
+int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
{
struct addrinfo *ai, *runp;
struct addrinfo hints;
char local[16];
int one = 1, rc;
- ev_periodic_init (&periodic_watcher, periodic_handler,
+ ev_periodic_init(&periodic_watcher, periodic_handler,
0, config->tcp_client_max_idle, NULL);
periodic_watcher.data = config;
if (config->tcp_client_max_idle)
- ev_periodic_start (loop, &periodic_watcher);
+ ev_periodic_start(loop, &periodic_watcher);
/* If the port is not set, that means we aren't going to
listen for connections. */
@@ -940,7 +940,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
nlsocks = 0;
runp = ai;
while (runp && nlsocks < N_SOCKS) {
- listen_socket[nlsocks] = socket (runp->ai_family,
+ listen_socket[nlsocks] = socket(runp->ai_family,
runp->ai_socktype, runp->ai_protocol);
if (listen_socket[nlsocks] < 0) {
audit_msg(LOG_ERR, "Cannot create tcp listener socket");
@@ -950,7 +950,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
/* This avoids problems if auditd needs to be restarted. */
setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,
(char *)&one, sizeof (int));
- set_close_on_exec (listen_socket[nlsocks]);
+ set_close_on_exec(listen_socket[nlsocks]);
if (bind(listen_socket[nlsocks], runp->ai_addr,
runp->ai_addrlen)) {
@@ -977,9 +977,9 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
p ? p->p_name: "?");
endprotoent();
- ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler,
+ ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler,
listen_socket[nlsocks], EV_READ);
- ev_io_start (loop, &tcp_listen_watcher);
+ ev_io_start(loop, &tcp_listen_watcher);
non_fatal:
nlsocks++;
if (nlsocks == N_SOCKS)
@@ -1014,7 +1014,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
key_file = "/etc/audit/audit.key";
setenv ("KRB5_KTNAME", key_file, 1);
- if (stat (key_file, &st) == 0) {
+ if (stat(key_file, &st) == 0) {
if ((st.st_mode & 07777) != 0400) {
audit_msg (LOG_ERR,
"%s is not mode 0400 (it's %#o) - compromised key?",
@@ -1022,7 +1022,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
return -1;
}
if (st.st_uid != 0) {
- audit_msg (LOG_ERR,
+ audit_msg(LOG_ERR,
"%s is not owned by root (it's %d) - compromised key?",
key_file, st.st_uid);
return -1;
@@ -1036,17 +1036,16 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
return 0;
}
-void auditd_tcp_listen_uninit ( struct ev_loop *loop,
- struct daemon_conf *config )
+void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
{
#ifdef USE_GSSAPI
OM_uint32 status;
#endif
- ev_io_stop ( loop, &tcp_listen_watcher );
+ ev_io_stop(loop, &tcp_listen_watcher);
while (nlsocks >= 0) {
nlsocks--;
- close ( listen_socket[nlsocks] );
+ close (listen_socket[nlsocks]);
}
#ifdef USE_GSSAPI
@@ -1060,29 +1059,29 @@ void auditd_tcp_listen_uninit ( struct ev_loop *loop,
unsigned char ack[AUDIT_RMW_HEADER_SIZE];
AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0);
- client_ack (client_chain, ack, "");
- ev_io_stop (loop, &client_chain->io);
- close_client (client_chain);
+ client_ack(client_chain, ack, "");
+ ev_io_stop(loop, &client_chain->io);
+ close_client(client_chain);
}
if (config->tcp_client_max_idle)
- ev_periodic_stop (loop, &periodic_watcher);
+ ev_periodic_stop(loop, &periodic_watcher);
}
static void periodic_reconfigure(struct daemon_conf *config)
{
- struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO);
+ struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO);
if (config->tcp_client_max_idle) {
- ev_periodic_set (&periodic_watcher, ev_now (loop),
+ ev_periodic_set(&periodic_watcher, ev_now(loop),
config->tcp_client_max_idle, NULL);
- ev_periodic_start (loop, &periodic_watcher);
+ ev_periodic_start(loop, &periodic_watcher);
} else {
- ev_periodic_stop (loop, &periodic_watcher);
+ ev_periodic_stop(loop, &periodic_watcher);
}
}
-void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
- struct daemon_conf *oconf )
+void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf,
+ struct daemon_conf *oconf)
{
use_libwrap = nconf->use_libwrap;
@@ -1112,3 +1111,4 @@ void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
// and recredential if needed.
oconf->krb5_principal = nconf->krb5_principal;
}
+