PERFORCE change 90752 for review
Robert Watson
rwatson at FreeBSD.org
Tue Jan 31 01:20:22 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=90752
Change 90752 by rwatson at rwatson_peppercorn on 2006/01/31 01:19:40
style(9), staticize some functions.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#2 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#2 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#2 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#2 (text+ko) ====
@@ -36,36 +36,44 @@
#include "auditd.h"
-/* Write to the audit log. */
-static int auditwarnlog(char *args[])
+/*
+ * Write to the audit log.
+ */
+static int
+auditwarnlog(char *args[])
{
char *loc_args[9];
+ pid_t pid;
int i;
- pid_t pid;
loc_args[0] = AUDITWARN_SCRIPT;
- for (i = 0; args[i] != NULL && i < 8; i++) {
+ for (i = 0; args[i] != NULL && i < 8; i++)
loc_args[i+1] = args[i];
- }
loc_args[i+1] = NULL;
pid = fork();
- if (pid == 0) { // child
+ if (pid == -1)
+ return (-1);
+ if (pid == 0) {
+ /*
+ * Child.
+ */
execv(AUDITWARN_SCRIPT, loc_args);
syslog(LOG_ERR, "Could not exec %s\n", AUDITWARN_SCRIPT);
- exit (1); // if we reach here, the exec failed
- } else if (pid == -1) {
- return -1;
- } else { // parent
- return 0;
+ exit(1);
}
+ /*
+ * Parent.
+ */
+ return (0);
}
/*
- * Indicates that the hard limit for all filesystems
- * has been exceeded count times
+ * Indicates that the hard limit for all filesystems has been exceeded count
+ * times.
*/
-int audit_warn_allhard(int count)
+int
+audit_warn_allhard(int count)
{
char intstr[12];
char *args[3];
@@ -76,61 +84,62 @@
args[1] = intstr;
args[2] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
/*
- * Indicates that the soft limit for all filesystems
- * has been exceeded
+ * Indicates that the soft limit for all filesystems has been exceeded.
*/
-int audit_warn_allsoft()
+int
+audit_warn_allsoft(void)
{
char *args[2];
args[0] = SOFTLIM_ALL_WARN;
args[1] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
/*
- * Indicates that someone other than the audit daemon
- * turned off auditing
- * XXX Its not clear at this point how this function will
- * XXX be invoked
+ * Indicates that someone other than the audit daemon turned off auditing.
+ * XXX Its not clear at this point how this function will be invoked.
+ * XXXRW: This function is not used.
*/
-int audit_warn_auditoff()
+int
+audit_warn_auditoff(void)
{
char *args[2];
args[0] = AUDITOFF_WARN;
args[1] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
/*
* Indicates that the audit deammn is already running
*/
-int audit_warn_ebusy()
+int
+audit_warn_ebusy(void)
{
char *args[2];
args[0] = EBUSY_WARN;
args[1] = NULL;
- return auditwarnlog(args);
-
+ return (auditwarnlog(args));
}
/*
- * Indicates that there is a problem getting the directory
- * from audit_control
+ * Indicates that there is a problem getting the directory from
+ * audit_control.
*
- * XXX Note that we take the filename instead of a count
- * XXX as the argument here (different from BSM)
+ * XXX Note that we take the filename instead of a count as the argument here
+ * (different from BSM).
*/
-int audit_warn_getacdir(char *filename)
+int
+audit_warn_getacdir(char *filename)
{
char *args[3];
@@ -138,15 +147,14 @@
args[1] = filename;
args[2] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
-
/*
- * Indicates that the hard limit for this file has been
- * exceeded
+ * Indicates that the hard limit for this file has been exceeded.
*/
-int audit_warn_hard(char *filename)
+int
+audit_warn_hard(char *filename)
{
char *args[3];
@@ -154,42 +162,43 @@
args[1] = filename;
args[2] = NULL;
- return auditwarnlog(args);
-
+ return (auditwarnlog(args));
}
/*
- * Indicates that auditing could not be started
+ * Indicates that auditing could not be started.
*/
-int audit_warn_nostart()
+int
+audit_warn_nostart(void)
{
char *args[2];
args[0] = NOSTART_WARN;
args[1] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
/*
- * Indicaes that an error occrred during the orderly shutdown
- * of the audit daemon
+ * Indicaes that an error occrred during the orderly shutdown of the audit
+ * daemon.
*/
-int audit_warn_postsigterm()
+int
+audit_warn_postsigterm(void)
{
char *args[2];
args[0] = POSTSIGTERM_WARN;
args[1] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
/*
- * Indicates that the soft limit for this file has been
- * exceeded
+ * Indicates that the soft limit for this file has been exceeded.
*/
-int audit_warn_soft(char *filename)
+int
+audit_warn_soft(char *filename)
{
char *args[3];
@@ -197,20 +206,20 @@
args[1] = filename;
args[2] = NULL;
- return auditwarnlog(args);
-
+ return (auditwarnlog(args));
}
/*
- * Indicates that the temporary audit file already exists
- * indicating a fatal error
+ * Indicates that the temporary audit file already exists indicating a fatal
+ * error.
*/
-int audit_warn_tmpfile()
+int
+audit_warn_tmpfile(void)
{
char *args[2];
args[0] = TMPFILE_WARN;
args[1] = NULL;
- return auditwarnlog(args);
+ return (auditwarnlog(args));
}
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#2 (text+ko) ====
@@ -61,19 +61,24 @@
static int allhardcount = 0;
static int triggerfd = 0;
-TAILQ_HEAD(, dir_ent) dir_q;
+static TAILQ_HEAD(, dir_ent) dir_q;
-/* Error starting auditd */
-void fail_exit()
+/*
+ * Error starting auditd
+ */
+static void
+fail_exit(void)
{
+
audit_warn_nostart();
exit(1);
}
/*
- * Free our local list of directory names
+ * Free our local list of directory names.
*/
-void free_dir_q()
+static void
+free_dir_q()
{
struct dir_ent *dirent;
@@ -85,30 +90,29 @@
}
/*
- * generate the timestamp string
+ * Generate the timestamp string.
*/
-int getTSstr(char *buf, int len)
+static int
+getTSstr(char *buf, int len)
{
struct timeval ts;
struct timezone tzp;
time_t tt;
- if(gettimeofday(&ts, &tzp) != 0) {
- return -1;
- }
+ if (gettimeofday(&ts, &tzp) != 0)
+ return (-1);
tt = (time_t)ts.tv_sec;
- if(!strftime(buf, len, "%Y%m%d%H%M%S", gmtime(&tt))) {
- return -1;
- }
-
- return 0;
+ if (!strftime(buf, len, "%Y%m%d%H%M%S", gmtime(&tt)))
+ return (-1);
+ return (0);
}
/*
- * Concat the directory name to the given file name
+ * Concat the directory name to the given file name.
* XXX We should affix the hostname also
*/
-char *affixdir(char *name, struct dir_ent *dirent)
+static char *
+affixdir(char *name, struct dir_ent *dirent)
{
char *fn;
char *curdir;
@@ -117,59 +121,53 @@
curdir = dirent->dirname;
syslog(LOG_INFO, "dir = %s\n", dirent->dirname);
- fn = (char *) malloc (strlen(curdir) + strlen(sep)
- + (2 * POSTFIX_LEN) + 1);
- if(fn == NULL) {
- return NULL;
- }
+ fn = malloc(strlen(curdir) + strlen(sep) + (2 * POSTFIX_LEN) + 1);
+ if (fn == NULL)
+ return (NULL);
strcpy(fn, curdir);
strcat(fn, sep);
strcat(fn, name);
-
- return fn;
+ return (fn);
}
-/* Close the previous audit trail file */
-int close_lastfile(char *TS)
+/*
+ * Close the previous audit trail file.
+ */
+static int
+close_lastfile(char *TS)
{
char *ptr;
char *oldname;
- if(lastfile != NULL) {
+ if (lastfile != NULL) {
oldname = (char *)malloc(strlen(lastfile) + 1);
- if(oldname == NULL) {
- return -1;
- }
+ if (oldname == NULL)
+ return (-1);
strcpy(oldname, lastfile);
- /* rename the last file -- append timestamp */
-
- if((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
+ /* Rename the last file -- append timestamp. */
+ if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
*ptr = '.';
strcpy(ptr+1, TS);
- if(rename(oldname, lastfile) != 0) {
+ if (rename(oldname, lastfile) != 0)
syslog(LOG_ERR, "Could not rename %s to %s \n",
- oldname, lastfile);
- }
- else {
+ oldname, lastfile);
+ else
syslog(LOG_INFO, "renamed %s to %s \n",
- oldname, lastfile);
- }
+ oldname, lastfile);
}
-
free(lastfile);
free(oldname);
-
lastfile = NULL;
}
-
- return 0;
+ return (0);
}
/*
- * Create the new file name, swap with existing audit file
+ * Create the new file name, swap with existing audit file.
*/
-int swap_audit_file()
+static int
+swap_audit_file(void)
{
char timestr[2 * POSTFIX_LEN];
char *fn;
@@ -177,19 +175,18 @@
struct dir_ent *dirent;
int fd;
- if(getTSstr(TS, POSTFIX_LEN) != 0) {
- return -1;
- }
+ if (getTSstr(TS, POSTFIX_LEN) != 0)
+ return (-1);
strcpy(timestr, TS);
strcat(timestr, NOT_TERMINATED);
- /* try until we succeed */
- while((dirent = TAILQ_FIRST(&dir_q))) {
- if((fn = affixdir(timestr, dirent)) == NULL) {
+ /* Try until we succeed. */
+ while ((dirent = TAILQ_FIRST(&dir_q))) {
+ if ((fn = affixdir(timestr, dirent)) == NULL) {
syslog(LOG_INFO, "Failed to swap log at time %s\n",
timestr);
- return -1;
+ return (-1);
}
/*
@@ -198,77 +195,80 @@
*/
syslog(LOG_INFO, "New audit file is %s\n", fn);
fd = open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP);
- if (fd < 0) {
+ if (fd < 0)
perror("File open");
- }
else if (auditctl(fn) != 0) {
- syslog(LOG_ERR,
- "auditctl failed setting log file! : %s\n",
- strerror(errno));
+ syslog(LOG_ERR,
+ "auditctl failed setting log file! : %s\n",
+ strerror(errno));
close(fd);
- }
- else {
- /* Success */
+ } else {
+ /* Success. */
close_lastfile(TS);
lastfile = fn;
close(fd);
- return 0;
+ return (0);
}
- /* Tell the administrator about lack of permissions for dir */
+ /*
+ * Tell the administrator about lack of permissions for dir.
+ */
audit_warn_getacdir(dirent->dirname);
- /* Try again with a different directory */
+ /* Try again with a different directory. */
TAILQ_REMOVE(&dir_q, dirent, dirs);
free(dirent->dirname);
free(dirent);
}
syslog(LOG_INFO, "Log directories exhausted\n");
- return -1;
+ return (-1);
}
/*
- * Read the audit_control file contents
+ * Read the audit_control file contents.
*/
-int read_control_file()
+static int
+read_control_file(void)
{
char cur_dir[MAXNAMLEN];
struct dir_ent *dirent;
au_qctrl_t qctrl;
- /* Clear old values */
+ /*
+ * Clear old values. Force a re-read of the file the next time.
+ */
free_dir_q();
- endac(); // force a re-read of the file the next time
+ endac();
- /* Read the list of directories into a local linked list */
- /* XXX We should use the reentrant interfaces once they are available */
- while(getacdir(cur_dir, MAXNAMLEN) >= 0) {
- dirent = (struct dir_ent *) malloc (sizeof(struct dir_ent));
- if(dirent == NULL) {
- return -1;
- }
-
+ /*
+ * Read the list of directories into a local linked list.
+ *
+ * XXX We should use the reentrant interfaces once they are
+ * available.
+ */
+ while (getacdir(cur_dir, MAXNAMLEN) >= 0) {
+ dirent = (struct dir_ent *) malloc(sizeof(struct dir_ent));
+ if (dirent == NULL)
+ return (-1);
dirent->softlim = 0;
- dirent->dirname = (char *) malloc (MAXNAMLEN);
- if(dirent->dirname == NULL) {
+ dirent->dirname = (char *) malloc(MAXNAMLEN);
+ if (dirent->dirname == NULL) {
free(dirent);
- return -1;
+ return (-1);
}
-
strcpy(dirent->dirname, cur_dir);
TAILQ_INSERT_TAIL(&dir_q, dirent, dirs);
}
allhardcount = 0;
-
- if(swap_audit_file() == -1) {
+ if (swap_audit_file() == -1) {
syslog(LOG_ERR, "Could not swap audit file\n");
/*
* XXX Faulty directory listing? - user should be given
* XXX an opportunity to change the audit_control file
* XXX switch to a reduced mode of auditing?
*/
- return -1;
+ return (-1);
}
/*
@@ -276,24 +276,22 @@
* XXX what should we do if a trigger for the earlier limit
* XXX is generated here?
*/
- if(0 == (ret = getacmin(&minval))) {
-
+ if (0 == (ret = getacmin(&minval))) {
syslog(LOG_INFO, "min free = %d\n", minval);
-
if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0) {
- syslog(LOG_ERR,
- "could not get audit queue settings\n");
- return -1;
+ syslog(LOG_ERR,
+ "could not get audit queue settings\n");
+ return (-1);
}
qctrl.aq_minfree = minval;
if (auditon(A_SETQCTRL, &qctrl, sizeof(qctrl)) != 0) {
- syslog(LOG_ERR,
- "could not set audit queue settings\n");
- return -1;
+ syslog(LOG_ERR,
+ "could not set audit queue settings\n");
+ return (-1);
}
}
- return 0;
+ return (0);
}
/*
@@ -308,15 +306,15 @@
long cond;
/* Generate an audit record */
- if((aufd = au_open()) == -1) {
+ if ((aufd = au_open()) == -1) {
syslog(LOG_ERR, "Could not create audit shutdown event.\n");
} else {
- if((tok = au_to_text("auditd::Audit shutdown")) != NULL) {
+ if ((tok = au_to_text("auditd::Audit shutdown")) != NULL) {
au_write(aufd, tok);
}
- if(au_close(aufd, 1, AUE_audit_shutdown) == -1) {
+ if (au_close(aufd, 1, AUE_audit_shutdown) == -1) {
syslog(LOG_ERR, "Could not close audit shutdown event.\n");
}
}
@@ -329,21 +327,21 @@
strerror(errno));
err_ret = 1;
}
- if(getTSstr(TS, POSTFIX_LEN) == 0) {
+ if (getTSstr(TS, POSTFIX_LEN) == 0) {
close_lastfile(TS);
}
- if(lastfile != NULL)
+ if (lastfile != NULL)
free(lastfile);
free_dir_q();
- if((remove(AUDITD_PIDFILE) == -1) || err_ret) {
+ if ((remove(AUDITD_PIDFILE) == -1) || err_ret) {
syslog(LOG_ERR, "Could not unregister\n");
audit_warn_postsigterm();
return (1);
}
endac();
- if(close(triggerfd) != 0) {
+ if (close(triggerfd) != 0) {
syslog(LOG_ERR, "Error closing control file\n");
}
syslog(LOG_INFO, "Finished.\n");
@@ -351,24 +349,29 @@
}
/*
- * When we get a signal, we are often not at a clean point.
- * So, little can be done in the signal handler itself. Instead,
- * we send a message to the main servicing loop to do proper
- * handling from a non-signal-handler context.
+ * When we get a signal, we are often not at a clean point. So, little can
+ * be done in the signal handler itself. Instead, we send a message to the
+ * main servicing loop to do proper handling from a non-signal-handler
+ * context.
+ *
+ * XXXRW: I don't see that happening here.
*/
static void
relay_signal(int signal)
{
}
-/* registering the daemon */
-int register_daemon()
+/*
+ * Registering the daemon.
+ */
+static int
+register_daemon(void)
{
FILE * pidfile;
int fd;
pid_t pid;
- /* Set up the signal hander */
+ /* Set up the signal hander. */
if (signal(SIGTERM, relay_signal) == SIG_ERR) {
syslog(LOG_ERR,
"Could not set signal handler for SIGTERM\n");
@@ -384,37 +387,36 @@
syslog(LOG_ERR,
"Could not open PID file\n");
audit_warn_tmpfile();
- return -1;
+ return (-1);
}
- /* attempt to lock the pid file; if a lock is present, exit */
+ /* Attempt to lock the pid file; if a lock is present, exit. */
fd = fileno(pidfile);
- if(flock(fd, LOCK_EX | LOCK_NB) < 0) {
+ if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
syslog(LOG_ERR,
"PID file is locked (is another auditd running?).\n");
audit_warn_ebusy();
- return -1;
+ return (-1);
}
pid = getpid();
ftruncate(fd, 0);
- if(fprintf(pidfile, "%u\n", pid) < 0) {
- /* should not start the daemon */
+ if (fprintf(pidfile, "%u\n", pid) < 0) {
+ /* Should not start the daemon. */
fail_exit();
}
fflush(pidfile);
- return 0;
+ return (0);
}
/*
- * Suppress duplicate messages within a 30 second interval.
- * This should be enough to time to rotate log files without
- * thrashing from soft warnings generated before the log is
- * actually rotated.
+ * Suppress duplicate messages within a 30 second interval. This should be
+ * enough to time to rotate log files without thrashing from soft warnings
+ * generated before the log is actually rotated.
*/
#define DUPLICATE_INTERVAL 30
-void
+static void
handle_audit_trigger(int trigger)
{
static int last_trigger;
@@ -430,49 +432,47 @@
struct timezone tzp;
time_t tt;
- if(gettimeofday(&ts, &tzp) == 0) {
+ if (gettimeofday(&ts, &tzp) == 0) {
tt = (time_t)ts.tv_sec;
if ((trigger == last_trigger) &&
- (tt < (last_time + DUPLICATE_INTERVAL))) {
+ (tt < (last_time + DUPLICATE_INTERVAL)))
return;
- }
last_trigger = trigger;
last_time = tt;
}
/*
- * Message processing is done here
+ * Message processing is done here.
*/
dirent = TAILQ_FIRST(&dir_q);
switch(trigger) {
case AUDIT_TRIGGER_LOW_SPACE:
syslog(LOG_INFO, "Got low space trigger\n");
- if(dirent && (dirent->softlim != 1)) {
+ if (dirent && (dirent->softlim != 1)) {
TAILQ_REMOVE(&dir_q, dirent, dirs);
- /* add this node to the end of the list */
+ /* Add this node to the end of the list. */
TAILQ_INSERT_TAIL(&dir_q, dirent, dirs);
audit_warn_soft(dirent->dirname);
dirent->softlim = 1;
if (TAILQ_NEXT(TAILQ_FIRST(&dir_q), dirs) != NULL &&
- swap_audit_file() == -1) {
+ swap_audit_file() == -1)
syslog(LOG_ERR, "Error swapping audit file\n");
- }
/*
- * check if the next dir has already reached its
- * soft limit
+ * Check if the next dir has already reached its soft
+ * limit.
*/
dirent = TAILQ_FIRST(&dir_q);
- if(dirent->softlim == 1) {
- /* all dirs have reached their soft limit */
+ if (dirent->softlim == 1) {
+ /* All dirs have reached their soft limit. */
audit_warn_allsoft();
}
} else {
/*
- * Continue auditing to the current file
- * Also generate an allsoft warning
+ * Continue auditing to the current file. Also
+ * generate an allsoft warning.
* XXX do we want to do this ?
*/
audit_warn_allsoft();
@@ -482,46 +482,46 @@
case AUDIT_TRIGGER_NO_SPACE:
syslog(LOG_INFO, "Got no space trigger\n");
- /* delete current dir, go on to next */
+ /* Delete current dir, go on to next. */
TAILQ_REMOVE(&dir_q, dirent, dirs);
audit_warn_hard(dirent->dirname);
free(dirent->dirname);
free(dirent);
- if(swap_audit_file() == -1)
+ if (swap_audit_file() == -1)
syslog(LOG_ERR, "Error swapping audit file\n");
- /* We are out of log directories */
+ /* We are out of log directories. */
audit_warn_allhard(++allhardcount);
-
break;
- case AUDIT_TRIGGER_OPEN_NEW :
+ case AUDIT_TRIGGER_OPEN_NEW:
+ /*
+ * Create a new file and swap with the one being used in
+ * kernel
+ */
syslog(LOG_INFO, "Got open new trigger\n");
- /* create a new file and swap with the one being
- * used in kernel */
- if(swap_audit_file() == -1)
+ if (swap_audit_file() == -1)
syslog(LOG_ERR, "Error swapping audit file\n");
break;
- case AUDIT_TRIGGER_READ_FILE :
+ case AUDIT_TRIGGER_READ_FILE:
syslog(LOG_INFO, "Got read file trigger\n");
- if(read_control_file() == -1) {
- syslog(LOG_ERR, "Error in audit control file\n");
- }
+ if (read_control_file() == -1)
+ syslog(LOG_ERR, "Error in audit control file\n");
break;
- default :
+ default:
syslog(LOG_ERR, "Got unknown trigger %d\n", trigger);
break;
}
- return;
}
/*
* Read the control file for triggers and handle appropriately.
*/
-int wait_for_triggers()
+static int
+wait_for_triggers(void)
{
int num;
unsigned int trigger;
@@ -542,7 +542,7 @@
else
handle_audit_trigger(trigger);
}
- return(close_all());
+ return (close_all());
}
/*
@@ -555,15 +555,13 @@
int wstatus;
while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) {
- if (wstatus) {
- syslog(LOG_INFO, "warn process [pid=%d] %s %d.\n", child,
- ((WIFEXITED(wstatus)) ?
- "exited with non-zero status" :
- "exited as a result of signal"),
- ((WIFEXITED(wstatus)) ?
- WEXITSTATUS(wstatus) :
- WTERMSIG(wstatus)));
- }
+ if (!wstatus)
+ continue;
+ syslog(LOG_INFO, "warn process [pid=%d] %s %d.\n", child,
+ ((WIFEXITED(wstatus)) ? "exited with non-zero status" :
+ "exited as a result of signal"),
+ ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) :
+ WTERMSIG(wstatus)));
}
}
@@ -571,7 +569,8 @@
* Configure the audit controls in the kernel: the event to class mapping,
* kernel preselection mask, etc.
*/
-int config_audit_controls(long flags)
+static int
+config_audit_controls(long flags)
{
au_event_ent_t ev, *evp;
au_evclass_map_t evc_map;
@@ -579,14 +578,14 @@
int ctr = 0;
char naeventstr[NA_EVENT_STR_SIZE];
- /* Process the audit event file, obtaining a class mapping for each
+ /*
+ * Process the audit event file, obtaining a class mapping for each
* event, and send that mapping into the kernel.
* XXX There's a risk here that the BSM library will return NULL
* for an event when it can't properly map it to a class. In that
* case, we will not process any events beyond the one that failed,
* but should. We need a way to get a count of the events.
*/
-
ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX);
ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX);
if ((ev.ae_name == NULL) || (ev.ae_desc == NULL)) {
@@ -595,17 +594,16 @@
return (-1);
}
evp = &ev;
- while((evp = getauevent_r(evp)) != NULL) {
+ while ((evp = getauevent_r(evp)) != NULL) {
evc_map.ec_number = evp->ae_number;
evc_map.ec_class = evp->ae_class;
- if (auditon(A_SETCLASS, &evc_map,
- sizeof(au_evclass_map_t)) != 0) {
+ if (auditon(A_SETCLASS, &evc_map, sizeof(au_evclass_map_t))
+ != 0)
syslog(LOG_ERR,
"Failed to register class mapping for event %s",
evp->ae_name);
- } else {
+ else
ctr++;
- }
}
endauevent();
free(ev.ae_name);
@@ -613,37 +611,36 @@
if (ctr == 0)
syslog(LOG_ERR, "No events to class mappings registered.");
else
- syslog(LOG_INFO, "Registered %d event to class mappings.", ctr);
+ syslog(LOG_INFO, "Registered %d event to class mappings.",
+ ctr);
- /* Get the non-attributable event string and set the kernel mask
- * from that.
+ /*
+ * Get the non-attributable event string and set the kernel mask from
+ * that.
*/
- if ((getacna(naeventstr, NA_EVENT_STR_SIZE) == 0)
- && ( getauditflagsbin(naeventstr, &aumask) == 0)) {
-
- if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t))){
+ if ((getacna(naeventstr, NA_EVENT_STR_SIZE) == 0) &&
+ (getauditflagsbin(naeventstr, &aumask) == 0)) {
+ if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t)))
syslog(LOG_ERR,
- "Failed to register non-attributable event mask.");
- } else {
- syslog(LOG_INFO, "Registered non-attributable event mask.");
- }
-
- } else {
- syslog(LOG_ERR,"Failed to obtain non-attributable event mask.");
- }
+ "Failed to register non-attributable event mask.");
+ else
+ syslog(LOG_INFO,
+ "Registered non-attributable event mask.");
+ } else
+ syslog(LOG_ERR,
+ "Failed to obtain non-attributable event mask.");
/*
* Set the audit policy flags based on passed in parameter values.
*/
- if (auditon(A_SETPOLICY, &flags, sizeof(flags))) {
- syslog(LOG_ERR,
- "Failed to set audit policy.");
- }
+ if (auditon(A_SETPOLICY, &flags, sizeof(flags)))
+ syslog(LOG_ERR, "Failed to set audit policy.");
- return 0;
+ return (0);
}
-void setup(long flags)
+static void
+setup(long flags)
{
int aufd;
token_t *tok;
@@ -654,34 +651,30 @@
}
TAILQ_INIT(&dir_q);
-
- if(read_control_file() == -1) {
+ if (read_control_file() == -1) {
syslog(LOG_ERR, "Error reading control file\n");
fail_exit();
}
- /* Generate an audit record */
- if((aufd = au_open()) == -1) {
+ /* Generate an audit record. */
+ if ((aufd = au_open()) == -1)
syslog(LOG_ERR, "Could not create audit startup event.\n");
- } else {
-
- if((tok = au_to_text("auditd::Audit startup")) != NULL) {
+ else {
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list