Blob Blame History Raw
From 63151c4f0e9d1d037f80f10cb7809573a49da6c7 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 17 Oct 2017 13:33:28 -0400
Subject: [PATCH] make style match rest of audit system

---
 src/auditd-listen.c | 176 ++++++++++++++++++++++++++--------------------------
 1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index b4dc097..7a5c2c6 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -114,11 +114,11 @@ static char *sockaddr_to_addr4(struct sockaddr_in *addr)
 
 static void set_close_on_exec(int fd)
 {
-	int flags = fcntl (fd, F_GETFD);
+	int flags = fcntl(fd, F_GETFD);
 	if (flags == -1)
 		flags = 0;
 	flags |= FD_CLOEXEC;
-	fcntl (fd, F_SETFD, flags);
+	fcntl(fd, F_SETFD, flags);
 }
 
 static void release_client(struct ev_tcp *client)
@@ -144,11 +144,11 @@ static void release_client(struct ev_tcp *client)
 
 static void close_client(struct ev_tcp *client)
 {
-	release_client (client);
-	free (client);
+	release_client(client);
+	free(client);
 }
 
-static int ar_write (int sock, const void *buf, int len)
+static int ar_write(int sock, const void *buf, int len)
 {
 	int rc = 0, w;
 	while (len > 0) {
@@ -167,7 +167,7 @@ static int ar_write (int sock, const void *buf, int len)
 }
 
 #ifdef USE_GSSAPI
-static int ar_read (int sock, void *buf, int len)
+static int ar_read(int sock, void *buf, int len)
 {
 	int rc = 0, r;
 	while (len > 0) {
@@ -192,13 +192,13 @@ static int ar_read (int sock, void *buf, int len)
    the tokens.  The protocol we use for transferring tokens is to send
    the length first, four bytes MSB first, then the token data.  We
    return nonzero on error.  */
-static int recv_token (int s, gss_buffer_t tok)
+static int recv_token(int s, gss_buffer_t tok)
 {
 	int ret;
 	unsigned char lenbuf[4];
 	unsigned int len;
 
-	ret = ar_read(s, (char *) lenbuf, 4);
+	ret = ar_read(s, (char *)lenbuf, 4);
 	if (ret < 0) {
 		audit_msg(LOG_ERR, "GSS-API error reading token length");
 		return -1;
@@ -220,13 +220,13 @@ static int recv_token (int s, gss_buffer_t tok)
 	}
 	tok->length = len;
 
-	tok->value = (char *) malloc(tok->length ? tok->length : 1);
+	tok->value = (char *)malloc(tok->length ? tok->length : 1);
 	if (tok->length && tok->value == NULL) {
 		audit_msg(LOG_ERR, "Out of memory allocating token data");
 		return -1;
 	}
 
-	ret = ar_read(s, (char *) tok->value, tok->length);
+	ret = ar_read(s, (char *)tok->value, tok->length);
 	if (ret < 0) {
 		audit_msg(LOG_ERR, "GSS-API error reading token data");
 		free(tok->value);
@@ -243,7 +243,7 @@ static int recv_token (int s, gss_buffer_t tok)
 /* Same here.  */
 int send_token(int s, gss_buffer_t tok)
 {
-	int     ret;
+	int ret;
 	unsigned char lenbuf[4];
 	unsigned int len;
 
@@ -268,7 +268,7 @@ int send_token(int s, gss_buffer_t tok)
 	if (ret < 0) {
 		audit_msg(LOG_ERR, "GSS-API error sending token data");
 		return -1;
-	} else if (ret != (int) tok->length) {
+	} else if (ret != (int)tok->length) {
 		audit_msg(LOG_ERR, "GSS-API error sending token data");
 		return -1;
 	}
@@ -277,14 +277,14 @@ int send_token(int s, gss_buffer_t tok)
 }
 
 
-static void gss_failure_2 (const char *msg, int status, int type)
+static void gss_failure_2(const char *msg, int status, int type)
 {
 	OM_uint32 message_context = 0;
 	OM_uint32 min_status = 0;
 	gss_buffer_desc status_string;
 
 	do {
-		gss_display_status (&min_status,
+		gss_display_status(&min_status,
 				    status,
 				    type,
 				    GSS_C_NO_OID,
@@ -298,11 +298,11 @@ static void gss_failure_2 (const char *msg, int status, int type)
 	} while (message_context != 0);
 }
 
-static void gss_failure (const char *msg, int major_status, int minor_status)
+static void gss_failure(const char *msg, int major_status, int minor_status)
 {
-	gss_failure_2 (msg, major_status, GSS_C_GSS_CODE);
+	gss_failure_2(msg, major_status, GSS_C_GSS_CODE);
 	if (minor_status)
-		gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE);
+		gss_failure_2(msg, minor_status, GSS_C_MECH_CODE);
 }
 
 #define KCHECK(x,f) if (x) { \
@@ -323,7 +323,7 @@ static int server_acquire_creds(const char *service_name,
 	krb5_context kcontext = NULL;
 	int krberr;
 
-	my_service_name = strdup (service_name);
+	my_service_name = strdup(service_name);
 	name_buf.value = (char *)service_name;
 	name_buf.length = strlen(name_buf.value) + 1;
 	major_status = gss_import_name(&minor_status, &name_buf,
@@ -346,9 +346,9 @@ static int server_acquire_creds(const char *service_name,
 
 	(void) gss_release_name(&minor_status, &server_name);
 
-	krberr = krb5_init_context (&kcontext);
+	krberr = krb5_init_context(&kcontext);
 	KCHECK (krberr, "krb5_init_context");
-	krberr = krb5_get_default_realm (kcontext, &my_gss_realm);
+	krberr = krb5_get_default_realm(kcontext, &my_gss_realm);
 	KCHECK (krberr, "krb5_get_default_realm");
 
 	audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name);
@@ -360,7 +360,7 @@ static int server_acquire_creds(const char *service_name,
    the case of Kerberos, this is where the key exchange happens.
    FIXME: While everything else is strictly nonblocking, this
    negotiation blocks.  */
-static int negotiate_credentials (ev_tcp *io)
+static int negotiate_credentials(ev_tcp *io)
 {
 	gss_buffer_desc send_tok, recv_tok;
 	gss_name_t client;
@@ -440,12 +440,12 @@ static int negotiate_credentials (ev_tcp *io)
 
 	audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
 		  (char *)recv_tok.value);
-	io->remote_name = strdup (recv_tok.value);
-	io->remote_name_len = strlen (recv_tok.value);
+	io->remote_name = strdup(recv_tok.value);
+	io->remote_name_len = strlen(recv_tok.value);
 	gss_release_buffer(&min_stat, &recv_tok);
 
-	slashptr = strchr (io->remote_name, '/');
-	atptr = strchr (io->remote_name, '@');
+	slashptr = strchr(io->remote_name, '/');
+	atptr = strchr(io->remote_name, '@');
 
 	if (!slashptr || !atptr) {
 		audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
@@ -454,14 +454,14 @@ static int negotiate_credentials (ev_tcp *io)
 	}
 
 	*slashptr = 0;
-	if (strcmp (io->remote_name, my_service_name)) {
+	if (strcmp(io->remote_name, my_service_name)) {
 		audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)",
 			  io->remote_name, my_service_name);
 		return -1;
 	}
 	*slashptr = '/';
 
-	if (strcmp (atptr+1, my_gss_realm)) {
+	if (strcmp(atptr+1, my_gss_realm)) {
 		audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)",
 			  atptr+1, my_gss_realm);
 		return -1;
@@ -473,7 +473,7 @@ static int negotiate_credentials (ev_tcp *io)
 
 /* This is called from auditd-event after the message has been logged.
    The header is already filled in.  */
-static void client_ack (void *ack_data, const unsigned char *header,
+static void client_ack(void *ack_data, const unsigned char *header,
 	const char *msg)
 {
 	ev_tcp *io = (ev_tcp *)ack_data;
@@ -483,18 +483,18 @@ static void client_ack (void *ack_data, const unsigned char *header,
 		gss_buffer_desc utok, etok;
 		int rc, mlen;
 
-		mlen = strlen (msg);
+		mlen = strlen(msg);
 		utok.length = AUDIT_RMW_HEADER_SIZE + mlen;
-		utok.value = malloc (utok.length + 1);
+		utok.value = malloc(utok.length + 1);
 
-		memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
-		memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
+		memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
+		memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
 
 		/* Wrapping the message creates a token for the
 		   client.  Then we just have to worry about sending
 		   the token.  */
 
-		major_status = gss_wrap (&minor_status,
+		major_status = gss_wrap(&minor_status,
 					 io->gss_context,
 					 1,
 					 GSS_C_QOP_DEFAULT,
@@ -504,21 +504,21 @@ static void client_ack (void *ack_data, const unsigned char *header,
 		if (major_status != GSS_S_COMPLETE) {
 			gss_failure("encrypting message", major_status,
 					minor_status);
-			free (utok.value);
+			free(utok.value);
 			return;
 		}
 		// FIXME: What were we going to do with rc?
-		rc = send_token (io->io.fd, &etok);
-		free (utok.value);
+		rc = send_token(io->io.fd, &etok);
+		free(utok.value);
 		(void) gss_release_buffer(&minor_status, &etok);
 
 		return;
 	}
 #endif
 	// Send the header and a text error message if it exists
-	ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
+	ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
 	if (msg[0])
-		ar_write (io->io.fd, msg, strlen(msg));
+		ar_write(io->io.fd, msg, strlen(msg));
 }
 
 extern void distribute_event(struct auditd_event *e);
@@ -540,7 +540,7 @@ static void client_message (struct ev_tcp *io, unsigned int length,
 			unsigned char ack[AUDIT_RMW_HEADER_SIZE];
 			AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK,
 				0, seq);
-			client_ack (io, ack, "");
+			client_ack(io, ack, "");
 		} else {
 			struct auditd_event *e = create_event(
 					header+AUDIT_RMW_HEADER_SIZE,
@@ -552,10 +552,10 @@ static void client_message (struct ev_tcp *io, unsigned int length,
 	}
 }
 
-static void auditd_tcp_client_handler( struct ev_loop *loop,
-			struct ev_io *_io, int revents )
+static void auditd_tcp_client_handler(struct ev_loop *loop,
+			struct ev_io *_io, int revents)
 {
-	struct ev_tcp *io = (struct ev_tcp *) _io;
+	struct ev_tcp *io = (struct ev_tcp *)_io;
 	int i, r;
 	int total_this_call = 0;
 
@@ -586,18 +586,18 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
 	   otherwise fails, the read will return -1.  */
 	if (r <= 0) {
 		if (r < 0)
-			audit_msg (LOG_WARNING,
+			audit_msg(LOG_WARNING,
 				"client %s socket closed unexpectedly",
 				sockaddr_to_addr4(&io->addr));
 
 		/* There may have been a final message without a LF.  */
 		if (io->bufptr) {
-			client_message (io, io->bufptr, io->buffer);
+			client_message(io, io->bufptr, io->buffer);
 
 		}
 
-		ev_io_stop (loop, _io);
-		close_client (io);
+		ev_io_stop(loop, _io);
+		close_client(io);
 		return;
 	}
 
@@ -635,7 +635,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
 
 		/* Unwrapping the token gives us the original message,
 		   which we know is already a single record.  */
-		major_status = gss_unwrap (&minor_status, io->gss_context,
+		major_status = gss_unwrap(&minor_status, io->gss_context,
 				&etok, &utok, NULL, NULL);
 
 		if (major_status != GSS_S_COMPLETE) {
@@ -645,10 +645,10 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
 			/* client_message() wants to NUL terminate it,
 			   so copy it to a bigger buffer.  Plus, we
 			   want to add our own tag.  */
-			memcpy (msgbuf, utok.value, utok.length);
+			memcpy(msgbuf, utok.value, utok.length);
 			while (utok.length > 0 && msgbuf[utok.length-1] == '\n')
 				utok.length --;
-			snprintf (msgbuf + utok.length,
+			snprintf(msgbuf + utok.length,
 				MAX_AUDIT_MESSAGE_LENGTH - utok.length,
 				" krb5=%s", io->remote_name);
 			utok.length += 6 + io->remote_name_len;
@@ -681,7 +681,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
 			return;
 		
 		/* We have an I-byte message in buffer. Send ACK */
-		client_message (io, i, io->buffer);
+		client_message(io, i, io->buffer);
 
 	} else {
 		/* At this point, the buffer has IO->BUFPTR+R bytes in it.
@@ -701,7 +701,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
 		i++;
 
 		/* We have an I-byte message in buffer. Send ACK */
-		client_message (io, i, io->buffer);
+		client_message(io, i, io->buffer);
 	}
 
 	/* Now copy any remaining bytes to the beginning of the
@@ -730,7 +730,7 @@ static int auditd_tcpd_check(int sock)
 
 	request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0);
 	fromhost(&request);
-	if (! hosts_access(&request))
+	if (!hosts_access(&request))
 		return 1;
 	return 0;
 }
@@ -759,7 +759,7 @@ static int check_num_connections(struct sockaddr_in *aaddr)
 }
 
 static void auditd_tcp_listen_handler( struct ev_loop *loop,
-	struct ev_io *_io, int revents )
+	struct ev_io *_io, int revents)
 {
 	int one=1;
 	int afd;
@@ -770,7 +770,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
 
 	/* Accept the connection and see where it's coming from.  */
 	aaddrlen = sizeof(aaddr);
-	afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
+	afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
 	if (afd == -1) {
         	audit_msg(LOG_ERR, "Unable to accept TCP connection");
 		return;
@@ -793,8 +793,8 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
 
 	/* Verify it's coming from an authorized port.  We assume the firewall
 	 * will block attempts from unauthorized machines.  */
-	if (min_port > ntohs (aaddr.sin_port) ||
-					ntohs (aaddr.sin_port) > max_port) {
+	if (min_port > ntohs(aaddr.sin_port) ||
+					ntohs(aaddr.sin_port) > max_port) {
         	audit_msg(LOG_ERR, "TCP connection from %s rejected",
 				sockaddr_to_addr4(&aaddr));
 		snprintf(emsg, sizeof(emsg),
@@ -825,29 +825,29 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
 	setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int));
 	setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int));
 	setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int));
-	set_close_on_exec (afd);
+	set_close_on_exec(afd);
 
 	/* Make the client data structure */
-	client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp));
+	client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp));
 	if (client == NULL) {
         	audit_msg(LOG_CRIT, "Unable to allocate TCP client data");
 		snprintf(emsg, sizeof(emsg),
 			"op=alloc addr=%s port=%d res=no",
 			sockaddr_to_ipv4(&aaddr),
-			ntohs (aaddr.sin_port));
+			ntohs(aaddr.sin_port));
 		send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);
 		shutdown(afd, SHUT_RDWR);
 		close(afd);
 		return;
 	}
 
-	memset (client, 0, sizeof (struct ev_tcp));
+	memset(client, 0, sizeof (struct ev_tcp));
 	client->client_active = 1;
 
 	// Was watching for EV_ERROR, but libev 3.48 took it away
-	ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ);
+	ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ);
 
-	memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in));
+	memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in));
 
 #ifdef USE_GSSAPI
 	if (use_gss && negotiate_credentials (client)) {
@@ -860,7 +860,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
 #endif
 
 	fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY);
-	ev_io_start (loop, &(client->io));
+	ev_io_start(loop, &(client->io));
 
 	/* Add the new connection to a linked list of active clients.  */
 	client->next = client_chain;
@@ -883,7 +883,7 @@ static void auditd_set_ports(int minp, int maxp, int max_p_addr)
 }
 
 static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
-			int revents )
+			int revents)
 {
 	struct daemon_conf *config = (struct daemon_conf *) per->data;
 	struct ev_tcp *ev, *next = NULL;
@@ -902,24 +902,24 @@ static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
 		audit_msg(LOG_NOTICE,
 			"client %s idle too long - closing connection\n",
 			sockaddr_to_addr4(&(ev->addr)));
-		ev_io_stop (loop, &ev->io);
+		ev_io_stop(loop, &ev->io);
 		release_client(ev);
 		free(ev);
 	}
 }
 
-int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
+int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
 {
 	struct addrinfo *ai, *runp;
 	struct addrinfo hints;
 	char local[16];
 	int one = 1, rc;
 
-	ev_periodic_init (&periodic_watcher, periodic_handler,
+	ev_periodic_init(&periodic_watcher, periodic_handler,
 			  0, config->tcp_client_max_idle, NULL);
 	periodic_watcher.data = config;
 	if (config->tcp_client_max_idle)
-		ev_periodic_start (loop, &periodic_watcher);
+		ev_periodic_start(loop, &periodic_watcher);
 
 	/* If the port is not set, that means we aren't going to
 	  listen for connections.  */
@@ -940,7 +940,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
 	nlsocks = 0;
 	runp = ai;
 	while (runp && nlsocks < N_SOCKS) {
-		listen_socket[nlsocks] = socket (runp->ai_family,
+		listen_socket[nlsocks] = socket(runp->ai_family,
 				 runp->ai_socktype, runp->ai_protocol);
 		if (listen_socket[nlsocks] < 0) {
         		audit_msg(LOG_ERR, "Cannot create tcp listener socket");
@@ -950,7 +950,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
 		/* This avoids problems if auditd needs to be restarted.  */
 		setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,
 				(char *)&one, sizeof (int));
-		set_close_on_exec (listen_socket[nlsocks]);
+		set_close_on_exec(listen_socket[nlsocks]);
 
 		if (bind(listen_socket[nlsocks], runp->ai_addr,
 						runp->ai_addrlen)) {
@@ -977,9 +977,9 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
 			 p ? p->p_name: "?");
 		endprotoent();
 
-		ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler,
+		ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler,
 				listen_socket[nlsocks], EV_READ);
-		ev_io_start (loop, &tcp_listen_watcher);
+		ev_io_start(loop, &tcp_listen_watcher);
 non_fatal:
 		nlsocks++;
 		if (nlsocks == N_SOCKS)
@@ -1014,7 +1014,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
 			key_file = "/etc/audit/audit.key";
 		setenv ("KRB5_KTNAME", key_file, 1);
 
-		if (stat (key_file, &st) == 0) {
+		if (stat(key_file, &st) == 0) {
 			if ((st.st_mode & 07777) != 0400) {
 				audit_msg (LOG_ERR,
 			 "%s is not mode 0400 (it's %#o) - compromised key?",
@@ -1022,7 +1022,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
 				return -1;
 			}
 			if (st.st_uid != 0) {
-				audit_msg (LOG_ERR,
+				audit_msg(LOG_ERR,
 			 "%s is not owned by root (it's %d) - compromised key?",
 					   key_file, st.st_uid);
 				return -1;
@@ -1036,17 +1036,16 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
 	return 0;
 }
 
-void auditd_tcp_listen_uninit ( struct ev_loop *loop,
-				struct daemon_conf *config )
+void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
 {
 #ifdef USE_GSSAPI
 	OM_uint32 status;
 #endif
 
-	ev_io_stop ( loop, &tcp_listen_watcher );
+	ev_io_stop(loop, &tcp_listen_watcher);
 	while (nlsocks >= 0) {
 		nlsocks--;
-		close ( listen_socket[nlsocks] );
+		close (listen_socket[nlsocks]);
 	}
 
 #ifdef USE_GSSAPI
@@ -1060,29 +1059,29 @@ void auditd_tcp_listen_uninit ( struct ev_loop *loop,
 		unsigned char ack[AUDIT_RMW_HEADER_SIZE];
 
 		AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0);
-		client_ack (client_chain, ack, "");
-		ev_io_stop (loop, &client_chain->io);
-		close_client (client_chain);
+		client_ack(client_chain, ack, "");
+		ev_io_stop(loop, &client_chain->io);
+		close_client(client_chain);
 	}
 
 	if (config->tcp_client_max_idle)
-		ev_periodic_stop (loop, &periodic_watcher);
+		ev_periodic_stop(loop, &periodic_watcher);
 }
 
 static void periodic_reconfigure(struct daemon_conf *config)
 {
-	struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO);
+	struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO);
 	if (config->tcp_client_max_idle) {
-		ev_periodic_set (&periodic_watcher, ev_now (loop),
+		ev_periodic_set(&periodic_watcher, ev_now(loop),
 				 config->tcp_client_max_idle, NULL);
-		ev_periodic_start (loop, &periodic_watcher);
+		ev_periodic_start(loop, &periodic_watcher);
 	} else {
-		ev_periodic_stop (loop, &periodic_watcher);
+		ev_periodic_stop(loop, &periodic_watcher);
 	}
 }
 
-void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
-				     struct daemon_conf *oconf )
+void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf,
+				     struct daemon_conf *oconf)
 {
 	use_libwrap = nconf->use_libwrap;
 
@@ -1112,3 +1111,4 @@ void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
 	// and recredential if needed.
 	oconf->krb5_principal = nconf->krb5_principal;
 }
+