diff options
Diffstat (limited to 'framework/src/audit/src/auditd-config.c')
-rw-r--r-- | framework/src/audit/src/auditd-config.c | 1744 |
1 files changed, 0 insertions, 1744 deletions
diff --git a/framework/src/audit/src/auditd-config.c b/framework/src/audit/src/auditd-config.c deleted file mode 100644 index 0a99ffe0..00000000 --- a/framework/src/audit/src/auditd-config.c +++ /dev/null @@ -1,1744 +0,0 @@ -/* auditd-config.c -- - * Copyright 2004-2011,2013-14 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * - */ - -#include "config.h" -#include <stdio.h> -#include <unistd.h> -#include <sys/stat.h> -#include <errno.h> -#include <string.h> -#include <dirent.h> -#include <ctype.h> -#include <stdlib.h> -#include <netdb.h> -#include <fcntl.h> /* O_NOFOLLOW needs gnu defined */ -#include <libgen.h> -#include <arpa/inet.h> -#include <limits.h> /* INT_MAX */ -#include "auditd-config.h" -#include "libaudit.h" -#include "private.h" - -#define TCP_PORT_MAX 65535 - -/* Local prototypes */ -struct nv_pair -{ - const char *name; - const char *value; - const char *option; -}; - -struct kw_pair -{ - const char *name; - int (*parser)(struct nv_pair *, int, struct daemon_conf *); - int max_options; -}; - -struct nv_list -{ - const char *name; - int option; -}; - -static char *get_line(FILE *f, char *buf, unsigned size, int *lineno, - const char *file); -static int nv_split(char *buf, struct nv_pair *nv); -static const struct kw_pair *kw_lookup(const char *val); -static int log_file_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int num_logs_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int log_group_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int qos_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int dispatch_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int name_format_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int name_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int max_log_size_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int max_log_size_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int log_format_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int flush_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int freq_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int space_left_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int space_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int action_mail_acct_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int admin_space_left_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int admin_space_left_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int disk_full_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int disk_error_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int priority_boost_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int tcp_listen_port_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int tcp_listen_queue_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int tcp_max_per_addr_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int use_libwrap_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int tcp_client_ports_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int tcp_client_max_idle_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int enable_krb5_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int krb5_principal_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int krb5_key_file_parser(struct nv_pair *nv, int line, - struct daemon_conf *config); -static int sanity_check(struct daemon_conf *config); - -static const struct kw_pair keywords[] = -{ - {"log_file", log_file_parser, 0 }, - {"log_format", log_format_parser, 0 }, - {"log_group", log_group_parser, 0 }, - {"flush", flush_parser, 0 }, - {"freq", freq_parser, 0 }, - {"num_logs", num_logs_parser, 0 }, - {"dispatcher", dispatch_parser, 0 }, - {"name_format", name_format_parser, 0 }, - {"name", name_parser, 0 }, - {"disp_qos", qos_parser, 0 }, - {"max_log_file", max_log_size_parser, 0 }, - {"max_log_file_action", max_log_size_action_parser, 0 }, - {"space_left", space_left_parser, 0 }, - {"space_left_action", space_action_parser, 1 }, - {"action_mail_acct", action_mail_acct_parser, 0 }, - {"admin_space_left", admin_space_left_parser, 0 }, - {"admin_space_left_action", admin_space_left_action_parser, 1 }, - {"disk_full_action", disk_full_action_parser, 1 }, - {"disk_error_action", disk_error_action_parser, 1 }, - {"priority_boost", priority_boost_parser, 0 }, - {"tcp_listen_port", tcp_listen_port_parser, 0 }, - {"tcp_listen_queue", tcp_listen_queue_parser, 0 }, - {"tcp_max_per_addr", tcp_max_per_addr_parser, 0 }, - {"use_libwrap", use_libwrap_parser, 0 }, - {"tcp_client_ports", tcp_client_ports_parser, 0 }, - {"tcp_client_max_idle", tcp_client_max_idle_parser, 0 }, - {"enable_krb5", enable_krb5_parser, 0 }, - {"krb5_principal", krb5_principal_parser, 0 }, - {"krb5_key_file", krb5_key_file_parser, 0 }, - { NULL, NULL } -}; - -static const struct nv_list log_formats[] = -{ - {"raw", LF_RAW }, - {"nolog", LF_NOLOG }, - { NULL, 0 } -}; - -static const struct nv_list flush_techniques[] = -{ - {"none", FT_NONE }, - {"incremental", FT_INCREMENTAL }, - {"data", FT_DATA }, - {"sync", FT_SYNC }, - { NULL, 0 } -}; - -static const struct nv_list failure_actions[] = -{ - {"ignore", FA_IGNORE }, - {"syslog", FA_SYSLOG }, - {"rotate", FA_ROTATE }, - {"email", FA_EMAIL }, - {"exec", FA_EXEC }, - {"suspend", FA_SUSPEND }, - {"single", FA_SINGLE }, - {"halt", FA_HALT }, - { NULL, 0 } -}; - -// Future ideas: e-mail, run command -static const struct nv_list size_actions[] = -{ - {"ignore", SZ_IGNORE }, - {"syslog", SZ_SYSLOG }, - {"suspend", SZ_SUSPEND }, - {"rotate", SZ_ROTATE }, - {"keep_logs", SZ_KEEP_LOGS}, - { NULL, 0 } -}; - -static const struct nv_list qos_options[] = -{ - {"lossy", QOS_NON_BLOCKING }, - {"lossless", QOS_BLOCKING }, - { NULL, 0 } -}; - -static const struct nv_list node_name_formats[] = -{ - {"none", N_NONE }, - {"hostname", N_HOSTNAME }, - {"fqd", N_FQD }, - {"numeric", N_NUMERIC }, - {"user", N_USER }, - { NULL, 0 } -}; - -static const struct nv_list yes_no_values[] = -{ - {"yes", 1 }, - {"no", 0 }, - { NULL, 0 } -}; - -const char *email_command = "/usr/lib/sendmail"; -static int allow_links = 0; - - -void set_allow_links(int allow) -{ - allow_links = allow; -} - -/* - * Set everything to its default value -*/ -void clear_config(struct daemon_conf *config) -{ - config->qos = QOS_NON_BLOCKING; - config->sender_uid = 0; - config->sender_pid = 0; - config->sender_ctx = NULL; - config->log_file = strdup("/var/log/audit/audit.log"); - config->log_format = LF_RAW; - config->log_group = 0; - config->priority_boost = 4; - config->flush = FT_NONE; - config->freq = 0; - config->num_logs = 0L; - config->dispatcher = NULL; - config->node_name_format = N_NONE; - config->node_name = NULL; - config->max_log_size = 0L; - config->max_log_size_action = SZ_IGNORE; - config->space_left = 0L; - config->space_left_action = FA_IGNORE; - config->space_left_exe = NULL; - config->action_mail_acct = strdup("root"); - config->admin_space_left= 0L; - config->admin_space_left_action = FA_IGNORE; - config->admin_space_left_exe = NULL; - config->disk_full_action = FA_IGNORE; - config->disk_full_exe = NULL; - config->disk_error_action = FA_SYSLOG; - config->disk_error_exe = NULL; - config->tcp_listen_port = 0; - config->tcp_listen_queue = 5; - config->tcp_max_per_addr = 1; - config->use_libwrap = 1; - config->tcp_client_min_port = 0; - config->tcp_client_max_port = TCP_PORT_MAX; - config->tcp_client_max_idle = 0; - config->enable_krb5 = 0; - config->krb5_principal = NULL; - config->krb5_key_file = NULL; -} - -static log_test_t log_test = TEST_AUDITD; -int load_config(struct daemon_conf *config, log_test_t lt) -{ - int fd, rc, mode, lineno = 1; - struct stat st; - FILE *f; - char buf[160]; - - clear_config(config); - log_test = lt; - - /* open the file */ - mode = O_RDONLY; - if (allow_links == 0) - mode |= O_NOFOLLOW; - rc = open(CONFIG_FILE, mode); - if (rc < 0) { - if (errno != ENOENT) { - audit_msg(LOG_ERR, "Error opening config file (%s)", - strerror(errno)); - return 1; - } - audit_msg(LOG_WARNING, - "Config file %s doesn't exist, skipping", CONFIG_FILE); - return 0; - } - fd = rc; - - /* check the file's permissions: owned by root, not world writable, - * not symlink. - */ - audit_msg(LOG_DEBUG, "Config file %s opened for parsing", - CONFIG_FILE); - if (fstat(fd, &st) < 0) { - audit_msg(LOG_ERR, "Error fstat'ing config file (%s)", - strerror(errno)); - close(fd); - return 1; - } - if (st.st_uid != 0) { - audit_msg(LOG_ERR, "Error - %s isn't owned by root", - CONFIG_FILE); - close(fd); - return 1; - } - if ((st.st_mode & S_IWOTH) == S_IWOTH) { - audit_msg(LOG_ERR, "Error - %s is world writable", - CONFIG_FILE); - close(fd); - return 1; - } - if (!S_ISREG(st.st_mode)) { - audit_msg(LOG_ERR, "Error - %s is not a regular file", - CONFIG_FILE); - close(fd); - return 1; - } - - /* it's ok, read line by line */ - f = fdopen(fd, "rm"); - if (f == NULL) { - audit_msg(LOG_ERR, "Error - fdopen failed (%s)", - strerror(errno)); - close(fd); - return 1; - } - - while (get_line(f, buf, sizeof(buf), &lineno, CONFIG_FILE)) { - // convert line into name-value pair - const struct kw_pair *kw; - struct nv_pair nv; - rc = nv_split(buf, &nv); - switch (rc) { - case 0: // fine - break; - case 1: // not the right number of tokens. - audit_msg(LOG_ERR, - "Wrong number of arguments for line %d in %s", - lineno, CONFIG_FILE); - break; - case 2: // no '=' sign - audit_msg(LOG_ERR, - "Missing equal sign for line %d in %s", - lineno, CONFIG_FILE); - break; - default: // something else went wrong... - audit_msg(LOG_ERR, - "Unknown error for line %d in %s", - lineno, CONFIG_FILE); - break; - } - if (nv.name == NULL) { - lineno++; - continue; - } - if (nv.value == NULL) { - fclose(f); - audit_msg(LOG_ERR, - "Not processing any more lines in %s", - CONFIG_FILE); - return 1; - } - - /* identify keyword or error */ - kw = kw_lookup(nv.name); - if (kw->name == NULL) { - audit_msg(LOG_ERR, - "Unknown keyword \"%s\" in line %d of %s", - nv.name, lineno, CONFIG_FILE); - fclose(f); - return 1; - } - - /* Check number of options */ - if (kw->max_options == 0 && nv.option != NULL) { - audit_msg(LOG_ERR, - "Keyword \"%s\" has invalid option " - "\"%s\" in line %d of %s", - nv.name, nv.option, lineno, CONFIG_FILE); - fclose(f); - return 1; - } - - /* dispatch to keyword's local parser */ - rc = kw->parser(&nv, lineno, config); - if (rc != 0) { - fclose(f); - return 1; // local parser puts message out - } - - lineno++; - } - - fclose(f); - if (lineno > 1) - return sanity_check(config); - return 0; -} - -static char *get_line(FILE *f, char *buf, unsigned size, int *lineno, - const char *file) -{ - int too_long = 0; - - while (fgets_unlocked(buf, size, f)) { - /* remove newline */ - char *ptr = strchr(buf, 0x0a); - if (ptr) { - if (!too_long) { - *ptr = 0; - return buf; - } - // Reset and start with the next line - too_long = 0; - *lineno = *lineno + 1; - } else { - // If a line is too long skip it. - // Only output 1 warning - if (!too_long) - audit_msg(LOG_ERR, - "Skipping line %d in %s: too long", - *lineno, file); - too_long = 1; - } - } - return NULL; -} - -static int nv_split(char *buf, struct nv_pair *nv) -{ - /* Get the name part */ - char *ptr; - - nv->name = NULL; - nv->value = NULL; - nv->option = NULL; - ptr = audit_strsplit(buf); - if (ptr == NULL) - return 0; /* If there's nothing, go to next line */ - if (ptr[0] == '#') - return 0; /* If there's a comment, go to next line */ - nv->name = ptr; - - /* Check for a '=' */ - ptr = audit_strsplit(NULL); - if (ptr == NULL) - return 1; - if (strcmp(ptr, "=") != 0) - return 2; - - /* get the value */ - ptr = audit_strsplit(NULL); - if (ptr == NULL) - return 1; - nv->value = ptr; - - /* See if there's an option */ - ptr = audit_strsplit(NULL); - if (ptr) { - nv->option = ptr; - - /* Make sure there's nothing else */ - ptr = audit_strsplit(NULL); - if (ptr) - return 1; - } - - /* Everything is OK */ - return 0; -} - -static const struct kw_pair *kw_lookup(const char *val) -{ - int i = 0; - while (keywords[i].name != NULL) { - if (strcasecmp(keywords[i].name, val) == 0) - break; - i++; - } - return &keywords[i]; -} - -static int log_file_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - char *dir = NULL, *tdir; - DIR *d; - int fd, mode; - struct stat buf; - - audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value); - - /* get dir from name. */ - tdir = strdup(nv->value); - if (tdir) - dir = dirname(tdir); - if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname - audit_msg(LOG_ERR, - "The directory name: %s is too short - line %d", - dir, line); - free((void *)tdir); - return 1; - } - - /* verify the directory path exists */ - d = opendir(dir); - if (d == NULL) { - audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir, - strerror(errno)); - free((void *)tdir); - return 1; - } - free((void *)tdir); - closedir(d); - - /* if the file exists, see that its regular, owned by root, - * and not world anything */ - if (log_test == TEST_AUDITD) - mode = O_APPEND; - else - mode = O_RDONLY; - - fd = open(nv->value, mode); - if (fd < 0) { - if (errno == ENOENT) { - fd = create_log_file(nv->value); - if (fd < 0) - return 1; - } else { - audit_msg(LOG_ERR, "Unable to open %s (%s)", nv->value, - strerror(errno)); - return 1; - } - } - if (fstat(fd, &buf) < 0) { - audit_msg(LOG_ERR, "Unable to stat %s (%s)", - nv->value, strerror(errno)); - close(fd); - return 1; - } - close(fd); - if (!S_ISREG(buf.st_mode)) { - audit_msg(LOG_ERR, "%s is not a regular file", nv->value); - return 1; - } - if (buf.st_uid != 0) { - audit_msg(LOG_ERR, "%s is not owned by root", nv->value); - return 1; - } - if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) { - audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640", - nv->value); - return 1; - } - if ( !(buf.st_mode & S_IWUSR) ) { - audit_msg(LOG_ERR, "audit log is not writable by owner"); - return 1; - } - - free((void *)config->log_file); - config->log_file = strdup(nv->value); - if (config->log_file == NULL) - return 1; - return 0; -} - -static int num_logs_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "num_logs_parser called with: %s", nv->value); - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned long */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - if (i > 99) { - audit_msg(LOG_ERR, "num_logs must be 99 or less"); - return 1; - } - config->num_logs = i; - return 0; -} - -static int qos_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "qos_parser called with: %s", nv->value); - for (i=0; qos_options[i].name != NULL; i++) { - if (strcasecmp(nv->value, qos_options[i].name) == 0) { - config->qos = qos_options[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int dispatch_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - char *dir = NULL, *tdir; - int fd; - struct stat buf; - - audit_msg(LOG_DEBUG, "dispatch_parser called with: %s", nv->value); - if (nv->value == NULL) { - config->dispatcher = NULL; - return 0; - } - - /* get dir from name. */ - tdir = strdup(nv->value); - if (tdir) - dir = dirname(tdir); - if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname - audit_msg(LOG_ERR, - "The directory name: %s is too short - line %d", - dir, line); - free(tdir); - return 1; - } - - free((void *)tdir); - - /* Bypass the perms check if group is not root since - * this will fail under normal circumstances */ - if ((config->log_group != 0 && getuid() != 0) || - (log_test == TEST_SEARCH)) - goto bypass; - - /* if the file exists, see that its regular, owned by root, - * and not world anything */ - fd = open(nv->value, O_RDONLY); - if (fd < 0) { - audit_msg(LOG_ERR, "Unable to open %s (%s)", nv->value, - strerror(errno)); - return 1; - } - if (fstat(fd, &buf) < 0) { - audit_msg(LOG_ERR, "Unable to stat %s (%s)", nv->value, - strerror(errno)); - close(fd); - return 1; - } - close(fd); - if (!S_ISREG(buf.st_mode)) { - audit_msg(LOG_ERR, "%s is not a regular file", nv->value); - return 1; - } - if (buf.st_uid != 0) { - audit_msg(LOG_ERR, "%s is not owned by root", nv->value); - return 1; - } - if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != - (S_IRWXU|S_IRGRP|S_IXGRP) && - (buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != - (S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) { - audit_msg(LOG_ERR, "%s permissions should be 0750 or 0755", - nv->value); - return 1; - } -bypass: - free((void *)config->dispatcher); - config->dispatcher = strdup(nv->value); - if (config->dispatcher == NULL) - return 1; - return 0; -} - -static int name_format_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "name_format_parser called with: %s", nv->value); - for (i=0; node_name_formats[i].name != NULL; i++) { - if (strcasecmp(nv->value, node_name_formats[i].name) == 0) { - config->node_name_format = node_name_formats[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int name_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - audit_msg(LOG_DEBUG, "name_parser called with: %s", nv->value); - if (nv->value == NULL) - config->node_name = NULL; - else - config->node_name = strdup(nv->value); - return 0; -} - -static int max_log_size_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "max_log_size_parser called with: %s", nv->value); - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned long */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - config->max_log_size = i; - return 0; -} - -static int max_log_size_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "max_log_size_action_parser called with: %s", - nv->value); - for (i=0; size_actions[i].name != NULL; i++) { - if (strcasecmp(nv->value, size_actions[i].name) == 0) { - config->max_log_size_action = size_actions[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int log_format_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "log_format_parser called with: %s", nv->value); - for (i=0; log_formats[i].name != NULL; i++) { - if (strcasecmp(nv->value, log_formats[i].name) == 0) { - config->log_format = log_formats[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int log_group_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - gid_t gid = 0; - - audit_msg(LOG_DEBUG, "log_group_parser called with: %s", - nv->value); - if (isdigit(nv->value[0])) { - errno = 0; - gid = strtoul(nv->value,NULL,10); - if (errno) { - audit_msg(LOG_ERR, - "Numeric group ID conversion error (%s) for %s - line %d\n", - strerror(errno), nv->value, line); - return 1; - } - } else { - struct group *gr ; - - gr = getgrnam(nv->value); - if (gr == NULL) { - audit_msg(LOG_ERR, - "Group ID is non-numeric and unknown (%s) - line %d\n", - nv->value, line); - return 1; - } - gid = gr->gr_gid; - } - config->log_group = gid; - return 0; -} - -static int flush_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "flush_parser called with: %s", nv->value); - for (i=0; flush_techniques[i].name != NULL; i++) { - if (strcasecmp(nv->value, flush_techniques[i].name) == 0) { - config->flush = flush_techniques[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int freq_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "freq_parser called with: %s", nv->value); - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - /* Check its range */ - if (i > INT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too large - line %d", - nv->value, line); - return 1; - } - config->freq = (unsigned int)i; - return 0; -} - -static int space_left_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "space_left_parser called with: %s", nv->value); - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned long */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - config->space_left = i; - return 0; -} - -static int check_exe_name(const char *val, int line) -{ - struct stat buf; - - if (val == NULL) { - audit_msg(LOG_ERR, "Executable path needed for line %d", line); - return -1; - } - - if (*val != '/') { - audit_msg(LOG_ERR, "Absolute path needed for %s - line %d", - val, line); - return -1; - } - - if (stat(val, &buf) < 0) { - audit_msg(LOG_ERR, "Unable to stat %s (%s) - line %d", val, - strerror(errno), line); - return -1; - } - if (!S_ISREG(buf.st_mode)) { - audit_msg(LOG_ERR, "%s is not a regular file - line %d", val, - line); - return -1; - } - if (buf.st_uid != 0) { - audit_msg(LOG_ERR, "%s is not owned by root - line %d", val, - line); - return -1; - } - if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != - (S_IRWXU|S_IRGRP|S_IXGRP) && - (buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != - (S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) { - audit_msg(LOG_ERR, - "%s permissions should be 0750 or 0755 - line %d", - val, line); - return -1; - } - return 0; -} - -static int space_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "space_action_parser called with: %s", nv->value); - for (i=0; failure_actions[i].name != NULL; i++) { - if (strcasecmp(nv->value, failure_actions[i].name) == 0) { - if (failure_actions[i].option == FA_EMAIL) { - if (access(email_command, X_OK)) { - audit_msg(LOG_ERR, - "Email option is specified but %s doesn't seem executable.", - email_command); - } - } else if (failure_actions[i].option == FA_EXEC) { - if (check_exe_name(nv->option, line)) - return 1; - config->space_left_exe = strdup(nv->option); - } - config->space_left_action = failure_actions[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -// returns 0 if OK, 1 on temp error, 2 on permanent error -static int validate_email(const char *acct) -{ - int i, len; - char *ptr1; - - if (acct == NULL) - return 2; - - len = strlen(acct); - if (len < 2) { - audit_msg(LOG_ERR, - "email: %s is too short, expecting at least 2 characters", - acct); - return 2; - } - - // look for illegal char - for (i=0; i<len; i++) { - if (! (isalnum(acct[i]) || (acct[i] == '@') || - (acct[i]=='.') || (acct[i]=='-') || - (acct[i] == '_')) ) { - audit_msg(LOG_ERR, "email: %s has illegal character", - acct); - return 2; - } - } - - if ((ptr1 = strchr(acct, '@'))) { - char *ptr2; - struct hostent *t_addr; - - ptr2 = strrchr(acct, '.'); // get last dot - sb after @ - if ((ptr2 == NULL) || (ptr1 > ptr2)) { - audit_msg(LOG_ERR, "email: %s should have . after @", - acct); - return 2; - } - - t_addr = gethostbyname(ptr1+1); - if (t_addr == 0) { - if ((h_errno == HOST_NOT_FOUND) || - (h_errno == NO_RECOVERY)) { - audit_msg(LOG_ERR, - "validate_email: failed looking up host for %s", - ptr1+1); - // FIXME: gethostbyname is having trouble - // telling when we have a temporary vs permanent - // dns failure. So, for now, treat all as temp - return 1; - } - else if (h_errno == TRY_AGAIN) - audit_msg(LOG_DEBUG, - "validate_email: temporary failure looking up domain for %s", - ptr1+1); - return 1; - } - } - return 0; -} - -static int action_mail_acct_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - char *tmail; - - audit_msg(LOG_DEBUG, "action_mail_acct_parser called with: %s", - nv->value); - tmail = strdup(nv->value); - if (tmail == NULL) - return 1; - - if (validate_email(tmail) > 1) { - free(tmail); - return 1; - } - - - if (config->action_mail_acct) - free((void *)config->action_mail_acct); - config->action_mail_acct = tmail; - return 0; -} - -static int admin_space_left_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "admin_space_left_parser called with: %s", - nv->value); - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned long */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - config->admin_space_left = i; - return 0; -} - -static int admin_space_left_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "admin_space_left_action_parser called with: %s", - nv->value); - for (i=0; failure_actions[i].name != NULL; i++) { - if (strcasecmp(nv->value, failure_actions[i].name) == 0) { - if (failure_actions[i].option == FA_EMAIL) { - if (access(email_command, X_OK)) { - audit_msg(LOG_ERR, - "Email option is specified but %s doesn't seem executable.", - email_command); - } - } else if (failure_actions[i].option == FA_EXEC) { - if (check_exe_name(nv->option, line)) - return 1; - config->admin_space_left_exe = - strdup(nv->option); - } - config->admin_space_left_action = - failure_actions[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int disk_full_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "disk_full_action_parser called with: %s", - nv->value); - for (i=0; failure_actions[i].name != NULL; i++) { - if (strcasecmp(nv->value, failure_actions[i].name) == 0) { - if (failure_actions[i].option == FA_EMAIL) { - audit_msg(LOG_ERR, - "Illegal option %s for disk_full_action - line %d", - nv->value, line); - return 1; - } else if (failure_actions[i].option == FA_EXEC) { - if (check_exe_name(nv->option, line)) - return 1; - config->disk_full_exe = strdup(nv->option); - } - config->disk_full_action = failure_actions[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int disk_error_action_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - int i; - - audit_msg(LOG_DEBUG, "disk_error_action_parser called with: %s", - nv->value); - for (i=0; failure_actions[i].name != NULL; i++) { - if (strcasecmp(nv->value, failure_actions[i].name) == 0) { - if (failure_actions[i].option == FA_EMAIL || - failure_actions[i].option == FA_ROTATE) { - audit_msg(LOG_ERR, - "Illegal option %s for disk_error_action - line %d", - nv->value, line); - return 1; - } else if (failure_actions[i].option == FA_EXEC) { - if (check_exe_name(nv->option, line)) - return 1; - config->disk_error_exe = strdup(nv->option); - } - config->disk_error_action = failure_actions[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int priority_boost_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s", - nv->value); - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - /* Check its range */ - if (i > INT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too large - line %d", - nv->value, line); - return 1; - } - config->priority_boost = (unsigned int)i; - return 0; -} - -static int tcp_listen_port_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "tcp_listen_port_parser called with: %s", - nv->value); - -#ifndef USE_LISTENER - audit_msg(LOG_DEBUG, - "Listener support is not enabled, ignoring value at line %d", - line); - return 0; -#else - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - /* Check its range */ - if (i > TCP_PORT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too large - line %d", - nv->value, line); - return 1; - } - if (i < 1) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too small - line %d", - nv->value, line); - return 1; - } - config->tcp_listen_port = (unsigned int)i; - return 0; -#endif -} - -static int tcp_listen_queue_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "tcp_listen_queue_parser called with: %s", - nv->value); - -#ifndef USE_LISTENER - audit_msg(LOG_DEBUG, - "Listener support is not enabled, ignoring value at line %d", - line); - return 0; -#else - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - /* Check its range. While this value is technically - unlimited, it's limited by the kernel, and we limit it here - for sanity. */ - if (i > TCP_PORT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too large - line %d", - nv->value, line); - return 1; - } - if (i < 1) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too small - line %d", - nv->value, line); - return 1; - } - config->tcp_listen_queue = (unsigned int)i; - return 0; -#endif -} - - -static int tcp_max_per_addr_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "tcp_max_per_addr_parser called with: %s", - nv->value); - -#ifndef USE_LISTENER - audit_msg(LOG_DEBUG, - "Listener support is not enabled, ignoring value at line %d", - line); - return 0; -#else - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - /* Check its range. While this value is technically - unlimited, it's limited by the kernel, and we limit it here - for sanity. */ - if (i > 1024) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too large - line %d", - nv->value, line); - return 1; - } - if (i < 1) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too small - line %d", - nv->value, line); - return 1; - } - config->tcp_max_per_addr = (unsigned int)i; - return 0; -#endif -} - -static int use_libwrap_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - unsigned long i; - - audit_msg(LOG_DEBUG, "use_libwrap_parser called with: %s", - nv->value); - - for (i=0; yes_no_values[i].name != NULL; i++) { - if (strcasecmp(nv->value, yes_no_values[i].name) == 0) { - config->use_libwrap = yes_no_values[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -} - -static int tcp_client_ports_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i, minv, maxv; - const char *saw_dash = NULL; - - audit_msg(LOG_DEBUG, "tcp_listen_queue_parser called with: %s", - nv->value); - -#ifndef USE_LISTENER - audit_msg(LOG_DEBUG, - "Listener support is not enabled, ignoring value at line %d", - line); - return 0; -#else - /* check that all chars are numbers, with an optional inclusive '-'. */ - for (i=0; ptr[i]; i++) { - if (i > 0 && ptr[i] == '-' && ptr[i+1] != '\0') { - saw_dash = ptr + i; - continue; - } - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers, or " - "two numbers separated by a dash - line %d", - nv->value, line); - return 1; - } - } - for (; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers, or " - "two numbers separated by a dash - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - maxv = minv = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - if (saw_dash) { - maxv = strtoul(saw_dash + 1, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - } - /* Check their ranges. */ - if (minv > TCP_PORT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%ld) is too large - line %d", - minv, line); - return 1; - } - if (maxv > TCP_PORT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%ld) is too large - line %d", - maxv, line); - return 1; - } - if (minv > maxv) { - audit_msg(LOG_ERR, - "Error - converted range (%ld-%ld) is reversed - line %d", - minv, maxv, line); - return 1; - } - config->tcp_client_min_port = (unsigned int)minv; - config->tcp_client_max_port = (unsigned int)maxv; - return 0; -#endif -} - -static int tcp_client_max_idle_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - const char *ptr = nv->value; - unsigned long i; - - audit_msg(LOG_DEBUG, "tcp_client_max_idle_parser called with: %s", - nv->value); - -#ifndef USE_LISTENER - audit_msg(LOG_DEBUG, - "Listener support is not enabled, ignoring value at line %d", - line); - return 0; -#else - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { - if (!isdigit(ptr[i])) { - audit_msg(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); - return 1; - } - } - - /* convert to unsigned int */ - errno = 0; - i = strtoul(nv->value, NULL, 10); - if (errno) { - audit_msg(LOG_ERR, - "Error converting string to a number (%s) - line %d", - strerror(errno), line); - return 1; - } - /* Check its range. While this value is technically - unlimited, it's limited by the kernel, and we limit it here - for sanity. */ - if (i > INT_MAX) { - audit_msg(LOG_ERR, - "Error - converted number (%s) is too large - line %d", - nv->value, line); - return 1; - } - config->tcp_client_max_idle = (unsigned int)i; - return 0; -#endif -} - -static int enable_krb5_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - audit_msg(LOG_DEBUG, "enable_krb5_parser called with: %s", - nv->value); - -#ifndef USE_GSSAPI - audit_msg(LOG_DEBUG, - "GSSAPI support is not enabled, ignoring value at line %d", - line); - return 0; -#else - unsigned long i; - - for (i=0; yes_no_values[i].name != NULL; i++) { - if (strcasecmp(nv->value, yes_no_values[i].name) == 0) { - config->enable_krb5 = yes_no_values[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line); - return 1; -#endif -} - -static int krb5_principal_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - audit_msg(LOG_DEBUG,"krb5_principal_parser called with: %s",nv->value); -#ifndef USE_GSSAPI - audit_msg(LOG_DEBUG, - "GSSAPI support is not enabled, ignoring value at line %d", - line); -#else - config->krb5_principal = strdup(nv->value); -#endif - return 0; -} - -static int krb5_key_file_parser(struct nv_pair *nv, int line, - struct daemon_conf *config) -{ - audit_msg(LOG_DEBUG, "krb5_key_file_parser called with: %s", nv->value); -#ifndef USE_GSSAPI - audit_msg(LOG_DEBUG, - "GSSAPI support is not enabled, ignoring value at line %d", - line); -#else - config->krb5_key_file = strdup(nv->value); -#endif - return 0; -} - -/* - * This function is where we do the integrated check of the audit config - * options. At this point, all fields have been read. Returns 0 if no - * problems and 1 if problems detected. - */ -static int sanity_check(struct daemon_conf *config) -{ - /* Error checking */ - if (config->space_left <= config->admin_space_left) { - audit_msg(LOG_ERR, - "Error - space_left(%lu) must be larger than admin_space_left(%lu)", - config->space_left, config->admin_space_left); - return 1; - } - if (config->flush == FT_INCREMENTAL && config->freq == 0) { - audit_msg(LOG_ERR, - "Error - incremental flushing chosen, but 0 selected for freq"); - return 1; - } - /* Warnings */ - if (config->flush > FT_INCREMENTAL && config->freq != 0) { - audit_msg(LOG_WARNING, - "Warning - freq is non-zero and incremental flushing not selected."); - } - return 0; -} - -const char *audit_lookup_format(int fmt) -{ - int i; - - for (i=0; log_formats[i].name != NULL; i++) { - if (log_formats[i].option == fmt) - return log_formats[i].name; - } - return NULL; -} - -int create_log_file(const char *val) -{ - int fd; - - umask(S_IRWXO); - fd = open(val, O_CREAT|O_EXCL|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP); - if (fd < 0) - audit_msg(LOG_ERR, "Unable to create %s (%s)", val, - strerror(errno)); - return fd; -} - -void free_config(struct daemon_conf *config) -{ - free((void *)config->sender_ctx); - free((void *)config->log_file); - free((void *)config->dispatcher); - free((void *)config->node_name); - free((void *)config->action_mail_acct); - free((void *)config->space_left_exe); - free((void *)config->admin_space_left_exe); - free((void *)config->disk_full_exe); - free((void *)config->disk_error_exe); - free((void *)config->krb5_principal); - free((void *)config->krb5_key_file); -} - -int resolve_node(struct daemon_conf *config) -{ - int rc = 0; - char tmp_name[255]; - - /* Get the host name representation */ - switch (config->node_name_format) - { - case N_NONE: - break; - case N_HOSTNAME: - if (gethostname(tmp_name, sizeof(tmp_name))) { - audit_msg(LOG_ERR, - "Unable to get machine name"); - rc = -1; - } else - config->node_name = strdup(tmp_name); - break; - case N_USER: - if (config->node_name == NULL) { - audit_msg(LOG_ERR, "User defined name missing"); - rc = -1; - } - break; - case N_FQD: - if (gethostname(tmp_name, sizeof(tmp_name))) { - audit_msg(LOG_ERR, - "Unable to get machine name"); - rc = -1; - } else { - int rc2; - struct addrinfo *ai; - struct addrinfo hints; - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_ADDRCONFIG | AI_CANONNAME; - hints.ai_socktype = SOCK_STREAM; - - rc2 = getaddrinfo(tmp_name, NULL, &hints, &ai); - if (rc2 != 0) { - audit_msg(LOG_ERR, - "Cannot resolve hostname %s (%s)", - tmp_name, gai_strerror(rc)); - rc = -1; - break; - } - config->node_name = strdup(ai->ai_canonname); - freeaddrinfo(ai); - } - break; - case N_NUMERIC: - if (gethostname(tmp_name, sizeof(tmp_name))) { - audit_msg(LOG_ERR, - "Unable to get machine name"); - rc = -1; - } else { - int rc2; - struct addrinfo *ai; - struct addrinfo hints; - - audit_msg(LOG_DEBUG, - "Resolving numeric address for %s", - tmp_name); - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE; - hints.ai_socktype = SOCK_STREAM; - - rc2 = getaddrinfo(tmp_name, NULL, &hints, &ai); - if (rc2) { - audit_msg(LOG_ERR, - "Cannot resolve hostname %s (%s)", - tmp_name, gai_strerror(rc2)); - rc = -1; - break; - } - inet_ntop(ai->ai_family, - ai->ai_family == AF_INET ? - (void *) &((struct sockaddr_in *)ai->ai_addr)->sin_addr : - (void *) &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, - tmp_name, INET6_ADDRSTRLEN); - freeaddrinfo(ai); - config->node_name = strdup(tmp_name); - } - break; - } - if (rc == 0 && config->node_name) - audit_msg(LOG_DEBUG, "Resolved node name: %s", - config->node_name); - return rc; -} - |