Date: Mon, 2 Jan 2006 17:29:52 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 89053 for review Message-ID: <200601021729.k02HTqit087219@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=89053 Change 89053 by rwatson@rwatson_sesame on 2006/01/02 17:29:46 Integrate recent changes in projects/trustedbsd/audit3/contrib/openbsm from projects/trustedbsd/openbsm: - README, TODO updates. - auditreduce cleanup and bug fixes. - locking fixes and restructuring for bsm_class, bsm_control, bsm_event. - annotate some remaining problems using libbsm with threaded applications. - fix various parsing bugs in databases. - audump debugging tool for various audit databases. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_class.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_control.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_flags.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/Makefile#1 branch .. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#1 branch Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#2 (text+ko) ==== @@ -57,6 +57,7 @@ Robert Watson Wayne Salamon Tom Rhodes + Wojciech Koszek Contributions @@ -68,5 +69,3 @@ Information on OpenBSM may be found on the OpenBSM home page: - http://www.OpenBSM.org/ - http://www.TrustedBSD.org/ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#2 (text+ko) ==== @@ -5,3 +5,4 @@ type and then compares the results with known good data. Make sure to test that things work properly with respect to endianness of the local platform. +- Document contents of libbsm "public" data structures in libbsm man pages. ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#3 (text+ko) ==== @@ -41,11 +41,12 @@ #include <stdio.h> #include <stdlib.h> -#include <unistd.h> +#include <sysexits.h> +#include <grp.h> +#include <pwd.h> #include <string.h> #include <time.h> -#include <pwd.h> -#include <grp.h> +#include <unistd.h> #include "auditreduce.h" @@ -53,30 +54,31 @@ extern char *optarg; extern int optind, optopt, opterr,optreset; -au_mask_t maskp; /* Used while selecting based on class */ -time_t p_atime;/* select records created after this time */ -time_t p_btime;/* select records created before this time */ -uint16_t p_evtype; /* The event that we are searching for */ -int p_auid; /* audit id */ -int p_euid; /* effective user id */ -int p_egid; /* effective group id */ -int p_rgid; /* real group id */ -int p_ruid; /* real user id */ -int p_subid; /* subject id */ +static au_mask_t maskp; /* Used while selecting based on class */ +static time_t p_atime;/* select records created after this time */ +static time_t p_btime;/* select records created before this time */ +static uint16_t p_evtype; /* The event that we are searching for */ +static int p_auid; /* audit id */ +static int p_euid; /* effective user id */ +static int p_egid; /* effective group id */ +static int p_rgid; /* real group id */ +static int p_ruid; /* real user id */ +static int p_subid; /* subject id */ /* Following are the objects (-o option) that we can select upon */ -char *p_fileobj = NULL; -char *p_msgqobj = NULL; -char *p_pidobj = NULL; -char *p_semobj = NULL; -char *p_shmobj = NULL; -char *p_sockobj = NULL; +static char *p_fileobj = NULL; +static char *p_msgqobj = NULL; +static char *p_pidobj = NULL; +static char *p_semobj = NULL; +static char *p_shmobj = NULL; +static char *p_sockobj = NULL; -uint32_t opttochk = 0; +static uint32_t opttochk = 0; -static void usage(const char *msg) +static void +usage(const char *msg) { fprintf(stderr, "%s\n", msg); fprintf(stderr, "Usage: auditreduce [options] audit-trail-file [....] \n"); @@ -99,7 +101,7 @@ fprintf(stderr, "\t\t shmid=<ID>\n"); fprintf(stderr, "\t-r <uid|name> : real user\n"); fprintf(stderr, "\t-u <uid|name> : audit user\n"); - exit(1); + exit(EX_USAGE); } /* @@ -531,172 +533,179 @@ } -int main(int argc, char **argv) +int +main(int argc, char **argv) { - char ch; - int i; - FILE *fp; - char *objval; + struct group *grp; + struct passwd *pw; struct tm tm; au_event_t *n; - struct passwd *pw; - struct group *grp; + FILE *fp; + int i; + char *objval, *converr; + char ch; + char timestr[128]; - char *converr = NULL; - char timestr[100]; + converr = NULL; - while((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) { - + while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) { switch(ch) { + case 'A': + SETOPT(opttochk, OPT_A); + break; + case 'a': + if (ISOPTSET(opttochk, OPT_a)) { + usage("d is exclusive with a and b"); + } + SETOPT(opttochk, OPT_a); + strptime(optarg, "%Y%m%d%H%M%S", &tm); + strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm); + //fprintf(stderr, "Time converted = %s\n", timestr); + p_atime = mktime(&tm); + break; + case 'b': + if (ISOPTSET(opttochk, OPT_b)) { + usage("d is exclusive with a and b"); + } + SETOPT(opttochk, OPT_b); + strptime(optarg, "%Y%m%d%H%M%S", &tm); + strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm); + //fprintf(stderr, "Time converted = %s\n", timestr); + p_btime = mktime(&tm); + break; + case 'c': + if(0 != getauditflagsbin(optarg, &maskp)) { + /* Incorrect class */ + usage("Incorrect class"); + } + SETOPT(opttochk, OPT_c); + break; - case 'A': SETOPT(opttochk, OPT_A); - break; + case 'd': + if (ISOPTSET(opttochk, OPT_b) || ISOPTSET(opttochk, OPT_a)) { + usage("'d' is exclusive with 'a' and 'b'"); + } + SETOPT(opttochk, OPT_d); + strptime(optarg, "%Y%m%d", &tm); + strftime(timestr, sizeof(timestr), "%Y%m%d", &tm); + //fprintf(stderr, "Time converted = %s\n", timestr); + p_atime = mktime(&tm); + tm.tm_hour = 23; + tm.tm_min = 59; + tm.tm_sec = 59; + strftime(timestr, sizeof(timestr), "%Y%m%d", &tm); + //fprintf(stderr, "Time converted = %s\n", timestr); + p_btime = mktime(&tm); + break; - case 'a': if(ISOPTSET(opttochk, OPT_a)) { - usage("d is exclusive with a and b"); - } - SETOPT(opttochk, OPT_a); - strptime(optarg, "%Y%m%d%H%M%S", &tm); - strftime(timestr, 99, "%Y%m%d%H%M%S", &tm); - //fprintf(stderr, "Time converted = %s\n", timestr); - p_atime = mktime(&tm); - break; - - case 'b': if(ISOPTSET(opttochk, OPT_b)) { - usage("d is exclusive with a and b"); - } - SETOPT(opttochk, OPT_b); - strptime(optarg, "%Y%m%d%H%M%S", &tm); - strftime(timestr, 99, "%Y%m%d%H%M%S", &tm); - //fprintf(stderr, "Time converted = %s\n", timestr); - p_btime = mktime(&tm); - break; - - case 'c': if(0 != getauditflagsbin(optarg, &maskp)) { - /* Incorrect class */ - usage("Incorrect class"); - } - SETOPT(opttochk, OPT_c); + case 'e': + p_euid = strtol(optarg, &converr, 10); + if (*converr != '\0') { + /* Try the actual name */ + if ((pw = getpwnam(optarg)) == NULL) { break; + } + p_euid = pw->pw_uid; + } + SETOPT(opttochk, OPT_e); + break; - case 'd': if(ISOPTSET(opttochk, OPT_b) || ISOPTSET(opttochk, OPT_a)) { - usage("d is exclusive with a and b"); - } - SETOPT(opttochk, OPT_d); - strptime(optarg, "%Y%m%d", &tm); - strftime(timestr, 99, "%Y%m%d", &tm); - //fprintf(stderr, "Time converted = %s\n", timestr); - p_atime = mktime(&tm); - - tm.tm_hour = 23; tm.tm_min = 59; tm.tm_sec = 59; - strftime(timestr, 99, "%Y%m%d", &tm); - //fprintf(stderr, "Time converted = %s\n", timestr); - p_btime = mktime(&tm); + case 'f': + p_egid = strtol(optarg, &converr, 10); + if (*converr != '\0') { + /* try actual group name */ + if ((grp = getgrnam(optarg)) == NULL) { break; + } + p_egid = grp->gr_gid; + } + SETOPT(opttochk, OPT_f); + break; - case 'e': p_euid = strtol(optarg, &converr, 10); - if(*converr != '\0') { - /* Try the actual name */ - if((pw = getpwnam(optarg)) == NULL) { - break; - } - p_euid = pw->pw_uid; - } - SETOPT(opttochk, OPT_e); + case 'g': + p_rgid = strtol(optarg, &converr, 10); + if (*converr != '\0') { + /* try actual group name */ + if ((grp = getgrnam(optarg)) == NULL) { break; + } + p_rgid = grp->gr_gid; + } + SETOPT(opttochk, OPT_g); + break; - case 'f': p_egid = strtol(optarg, &converr, 10); - if(*converr != '\0') { - /* try actual group name */ - if((grp = getgrnam(optarg)) == NULL) { - break; - } - p_egid = grp->gr_gid; - } - SETOPT(opttochk, OPT_f); - break; + case 'j': + p_subid = strtol(optarg, (char **)NULL, 10); + SETOPT(opttochk, OPT_j); + break; - case 'g': p_rgid = strtol(optarg, &converr, 10); - if(*converr != '\0') { - /* try actual group name */ - if((grp = getgrnam(optarg)) == NULL) { - break; - } - p_rgid = grp->gr_gid; - } - SETOPT(opttochk, OPT_g); - break; + case 'm': + p_evtype = strtol(optarg, (char **)NULL, 10); + if (p_evtype == 0) { + /* Could be the string representation */ + n = getauevnonam(optarg); + if(n == NULL) { + usage("Incorrect event name"); + } + p_evtype = *n; + free(n); + } + SETOPT(opttochk, OPT_m); + break; - case 'j': p_subid = strtol(optarg, (char **)NULL, 10); - SETOPT(opttochk, OPT_j); - break; + case 'o': + objval = strchr(optarg, '='); + if (objval != NULL) { + *objval = '\0'; + objval += 1; + parse_object_type(optarg, objval); + } + break; - case 'm': p_evtype = strtol(optarg, (char **)NULL, 10); - if(p_evtype == 0) { - /* Could be the string representation */ - n = getauevnonam(optarg); - if(n == NULL) { - usage("Incorrect event name"); - } - p_evtype = *n; - free(n); - } - SETOPT(opttochk, OPT_m); + case 'r': + p_ruid = strtol(optarg, &converr, 10); + if (*converr != '\0') { + if ((pw = getpwnam(optarg)) == NULL) { break; + } + p_ruid = pw->pw_uid; + } + SETOPT(opttochk, OPT_r); + break; - case 'o': objval = strchr(optarg, '='); - if(objval != NULL) { - *objval = '\0'; - objval += 1; - parse_object_type(optarg, objval); - } + case 'u': + p_auid = strtol(optarg, &converr, 10); + if (*converr != '\0') { + if ((pw = getpwnam(optarg)) == NULL) { break; - - case 'r': p_ruid = strtol(optarg, &converr, 10); - if(*converr != '\0') { - if((pw = getpwnam(optarg)) == NULL) { - break; - } - p_ruid = pw->pw_uid; - } - SETOPT(opttochk, OPT_r); - break; - - case 'u': p_auid = strtol(optarg, &converr, 10); - if(*converr != '\0') { - if((pw = getpwnam(optarg)) == NULL) { - break; - } - p_auid = pw->pw_uid; - } - SETOPT(opttochk, OPT_u); - break; - - case '?': - default : - usage("Unknown option"); + } + p_auid = pw->pw_uid; + } + SETOPT(opttochk, OPT_u); + break; + case '?': + default : + usage("Unknown option"); } } + argv += optind; + argc -= optind; - if (optind + 2 != argc) - usage("Unknown option"); + if (argc == 0) + usage("Filename needed"); - /* For each of the files passed as arguments dump the contents */ - if(optind == argc) { - // XXX should look in the default directory for audit trail files - return -1; - } - - // XXX we should actually be merging records here - for (i = optind; i < argc; i++) { - fp = fopen(argv[i], "r"); - if((fp == NULL) || (-1 == select_records(fp))) { - perror(argv[i]); + /* + * XXX: We should actually be merging records here + */ + for (i = 0;i < argc; i++) { + fp = fopen(*argv, "r"); + if (fp == NULL) + errx(EXIT_FAILURE, "Couldn't open %s", *argv); + if (select_records(fp) == -1) { + errx(EXIT_FAILURE, "Couldn't select records %s", *argv); } - if(fp != NULL) - fclose(fp); + fclose(fp); } - - return 1; + exit(EXIT_SUCCESS); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_class.c#4 (text+ko) ==== @@ -46,7 +46,8 @@ /* * XXX The reentrant versions of the following functions is TBD * XXX struct au_class_ent *getclassent_r(au_class_ent_t *class_int); - * XXX struct au_class_ent *getclassnam_r(au_class_ent_t *class_int, const char *name); + * XXX struct au_class_ent *getclassnam_r(au_class_ent_t *class_int, const + * char *name); */ /* @@ -132,28 +133,24 @@ /* * Return the next au_class_ent structure from the file setauclass should be * called before invoking this function for the first time. + * + * Must be called with mutex held. */ -struct au_class_ent * -getauclassent(void) +static struct au_class_ent * +getauclassent_locked(void) { struct au_class_ent *c; char *tokptr, *nl; - pthread_mutex_lock(&mutex); - - if ((fp == NULL) && ((fp = fopen(AUDIT_CLASS_FILE, "r")) == NULL)) { - pthread_mutex_unlock(&mutex); + if ((fp == NULL) && ((fp = fopen(AUDIT_CLASS_FILE, "r")) == NULL)) return (NULL); - } /* * Read until next non-comment line is found, or EOF. */ while (1) { - if (fgets(linestr, AU_LINE_MAX, fp) == NULL) { - pthread_mutex_unlock(&mutex); + if (fgets(linestr, AU_LINE_MAX, fp) == NULL) return (NULL); - } if (linestr[0] != '#') break; } @@ -165,26 +162,55 @@ tokptr = linestr; c = get_class_area(); /* allocate */ - if (c == NULL) { - pthread_mutex_unlock(&mutex); + if (c == NULL) return (NULL); - } /* Parse tokptr to au_class_ent components. */ if (classfromstr(tokptr, delim, c) == NULL) { free_au_class_ent(c); - pthread_mutex_unlock(&mutex); return (NULL); } + return (c); +} + +struct au_class_ent * +getauclassent(void) +{ + struct au_class_ent *c; + + pthread_mutex_lock(&mutex); + c = getauclassent_locked(); pthread_mutex_unlock(&mutex); return (c); } /* + * Rewind to the beginning of the enumeration. + * + * Must be called with mutex held. + */ +static void +setauclass_locked(void) +{ + + if (fp != NULL) + fseek(fp, 0, SEEK_SET); +} + +void +setauclass(void) +{ + + pthread_mutex_lock(&mutex); + setauclass_locked(); + pthread_mutex_unlock(&mutex); +} + +/* * Return the next au_class_entry having the given class name. */ -struct au_class_ent * +au_class_ent_t * getauclassnam(const char *name) { struct au_class_ent *c; @@ -192,22 +218,8 @@ if (name == NULL) return (NULL); - /* Rewind to beginning of file. */ - setauclass(); - pthread_mutex_lock(&mutex); - - if ((fp == NULL) && ((fp = fopen(AUDIT_CLASS_FILE, "r")) == NULL)) { - pthread_mutex_unlock(&mutex); - return (NULL); - } - - c = get_class_area(); /* allocate */ - if (c == NULL) { - pthread_mutex_unlock(&mutex); - return (NULL); - } - + setauclass_locked(); while ((c = getauclassent()) != NULL) { if (strcmp(name, c->ac_name) == 0) { pthread_mutex_unlock(&mutex); @@ -215,22 +227,29 @@ } free_au_class_ent(c); } - pthread_mutex_unlock(&mutex); return (NULL); } /* - * Rewind to the beginning of the enumeration. + * Return the next au_class_entry having the given class number. + * + * OpenBSM extension. */ -void -setauclass(void) +au_class_ent_t * +getauclassnum(au_class_t class_number) { + au_class_ent_t *c; pthread_mutex_lock(&mutex); - if (fp != NULL) - fseek(fp, 0, SEEK_SET); + setauclass_locked(); + while ((c = getauclassent()) != NULL) { + if (class_number == c->ac_class) + return (c); + free_au_class_ent(c); + } pthread_mutex_unlock(&mutex); + return (NULL); } /* ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_control.c#3 (text+ko) ==== @@ -50,9 +50,11 @@ /* * Returns the string value corresponding to the given label from the * configuration file. + * + * Must be called with mutex held. */ static int -getstrfromtype(char *name, char **str) +getstrfromtype_locked(char *name, char **str) { char *type, *nl; char *tokptr; @@ -60,34 +62,38 @@ *str = NULL; - pthread_mutex_lock(&mutex); + if ((fp == NULL) && ((fp = fopen(AUDIT_CONTROL_FILE, "r")) == NULL)) + return (-1); /* Error */ + + while (1) { + if (fgets(linestr, AU_LINE_MAX, fp) == NULL) { + if (ferror(fp)) + return (-1); + return (0); /* EOF */ + } + + if (linestr[0] == '#') + continue; - if ((fp == NULL) && ((fp = fopen(AUDIT_CONTROL_FILE, "r")) == - NULL)) { - pthread_mutex_unlock(&mutex); - return (0); /* Error */ - } - /* Search for the line beginning with the given name. */ - while (fgets(linestr, AU_LINE_MAX, fp) != NULL) { /* Remove trailing new line character. */ if ((nl = strrchr(linestr, '\n')) != NULL) *nl = '\0'; tokptr = linestr; if ((type = strtok_r(tokptr, delim, &last)) != NULL) { - if (!strcmp(name, type)) { + if (strcmp(name, type) == 0) { /* Found matching name. */ *str = strtok_r(NULL, delim, &last); - pthread_mutex_unlock(&mutex); - if (*str == NULL) - return (1); /* Parse error in file */ + if (*str == NULL) { + errno = EINVAL; + return (-1); /* Parse error in file */ + } return (0); /* Success */ } } } - pthread_mutex_unlock(&mutex); return (0); /* EOF */ } @@ -148,11 +154,14 @@ ret = 2; } + + if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + pthread_mutex_unlock(&mutex); - if (getstrfromtype(DIR_CONTROL_ENTRY, &dir) == 1) - return (-3); - if (dir == NULL) return (-1); @@ -179,8 +188,14 @@ return (-2); } - if (getstrfromtype(MINFREE_CONTROL_ENTRY, &min) == 1) - return (-3); + pthread_mutex_lock(&mutex); + + if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + + pthread_mutex_unlock(&mutex); if (min == NULL) return (1); @@ -205,8 +220,14 @@ return (-2); } - if (getstrfromtype(FLAGS_CONTROL_ENTRY, &str) == 1) - return (-3); + pthread_mutex_lock(&mutex); + + if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + + pthread_mutex_unlock(&mutex); if (str == NULL) return (1); @@ -234,8 +255,13 @@ return (-2); } - if (getstrfromtype(NA_CONTROL_ENTRY, &str) == 1) - return (-3); + pthread_mutex_lock(&mutex); + + if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + pthread_mutex_unlock(&mutex); if (str == NULL) return (1); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#3 (text+ko) ==== @@ -135,13 +135,20 @@ /* * Rewind the audit_event file. */ +static void +setauevent_locked(void) +{ + + if (fp != NULL) + fseek(fp, 0, SEEK_SET); +} + void setauevent(void) { pthread_mutex_lock(&mutex); - if (fp != NULL) - fseek(fp, 0, SEEK_SET); + setauevent_locked(); pthread_mutex_unlock(&mutex); } @@ -213,11 +220,11 @@ if (name == NULL) return (NULL); + pthread_mutex_lock(&mutex); + /* Rewind to beginning of the file. */ - setauevent(); + setauevent_locked(); - pthread_mutex_lock(&mutex); - if ((fp == NULL) && ((fp = fopen(AUDIT_EVENT_FILE, "r")) == NULL)) { pthread_mutex_unlock(&mutex); return (NULL); @@ -242,8 +249,10 @@ } } + pthread_mutex_unlock(&mutex); + free_au_event_ent(e); - pthread_mutex_unlock(&mutex); + return (NULL); } @@ -255,11 +264,11 @@ struct au_event_ent *e; char *nl; + pthread_mutex_lock(&mutex); + /* Rewind to beginning of the file. */ - setauevent(); + setauevent_locked(); - pthread_mutex_lock(&mutex); - if ((fp == NULL) && ((fp = fopen(AUDIT_EVENT_FILE, "r")) == NULL)) { pthread_mutex_unlock(&mutex); return (NULL); @@ -284,8 +293,8 @@ } } + pthread_mutex_unlock(&mutex); free_au_event_ent(e); - pthread_mutex_unlock(&mutex); return (NULL); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_flags.c#4 (text+ko) ==== @@ -97,6 +97,11 @@ * * XXXRW: If bits are specified that are not matched by any class, they are * omitted rather than rejected with EINVAL. + * + * XXXRW: This is not thread-safe as it relies on atomicity between + * setauclass() and sequential calls to getauclassent(). This could be + * fixed by iterating through the bitmask fields rather than iterating + * through the classes. */ int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose) ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#3 (text+ko) ==== @@ -42,11 +42,14 @@ * XXX ev_cache, once created, sticks around until the calling program exits. * This may or may not be a problem as far as absolute memory usage goes, but * at least there don't appear to be any leaks in using the cache. + * + * XXXRW: Note that despite (mutex), load_event_table() could race with + * other consumers of the getauevents() API. */ static LIST_HEAD(, audit_event_map) ev_cache; static int -load_event_table(VOID) +load_event_table(void) { struct au_event_ent *ev; struct audit_event_map *elem; @@ -64,7 +67,7 @@ /* Enumerate the events. */ while ((ev = getauevent()) != NULL) { - elem = malloc (sizeof (struct audit_event_map)); + elem = malloc(sizeof(struct audit_event_map)); if (elem == NULL) { free_au_event_ent(ev); pthread_mutex_unlock(&mutex); @@ -126,7 +129,7 @@ LIST_FOREACH(elem, &ev_cache, ev_list) { if (elem->ev->ae_number == event) { pthread_mutex_unlock(&mutex); - return elem->ev; + return (elem->ev); } } pthread_mutex_unlock(&mutex);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601021729.k02HTqit087219>