Merge pull request #58 from fermitools/clang-format

Run clang-format

src/C/client-keytab-name.c

@@ -44,10 +44,10 @@
 #define __PROGRAM_NAME "client-keytab-name"
 #endif
 
-#include <stdio.h>                      /* for fprintf, stderr, NULL, etc   */
-#include <stdlib.h>                     /* for free, EXIT_FAILURE, etc      */
+#include <stdio.h>  /* for fprintf, stderr, NULL, etc   */
+#include <stdlib.h> /* for free, EXIT_FAILURE, etc      */
 
-#include "kcron_filename.h"             /* for get_filename                 */
+#include "kcron_filename.h" /* for get_filename                 */
 
 int main(void) {
 

src/C/init-kcron-keytab.c

@@ -44,22 +44,22 @@
 #define __PROGRAM_NAME "init-kcron-keytab"
 #endif
 
-#include <dirent.h>                     /* for dirfd                          */
-#include <fcntl.h>                      /* for openat, O_WRONLY               */
-#include <libgen.h>                     /* for dirname                        */
-#include <stdio.h>                      /* for fprintf, stderr, NULL, etc     */
-#include <stdlib.h>                     /* for free, EXIT_FAILURE, etc        */
-#include <sys/stat.h>                   /* for S_IRWXU, stat, S_IXGRP, etc    */
-#include <sys/types.h>                  /* for uid_t, gid_t, etc              */
-#include <unistd.h>                     /* for getuid, fchown, fchmod         */
-
-#include "kcron_caps.h"                 /* for disable_capabilities, etc      */
-#include "kcron_filename.h"             /* for get_filename                   */
-#include "kcron_empty_keytab_file.h"    /* for write_empty_keytab             */
-#include "kcron_setup.h"                /* for harden_runtime                 */
+#include <dirent.h>    /* for dirfd                          */
+#include <fcntl.h>     /* for openat, O_WRONLY               */
+#include <libgen.h>    /* for dirname                        */
+#include <stdio.h>     /* for fprintf, stderr, NULL, etc     */
+#include <stdlib.h>    /* for free, EXIT_FAILURE, etc        */
+#include <sys/stat.h>  /* for S_IRWXU, stat, S_IXGRP, etc    */
+#include <sys/types.h> /* for uid_t, gid_t, etc              */
+#include <unistd.h>    /* for getuid, fchown, fchmod         */
+
+#include "kcron_caps.h"              /* for disable_capabilities, etc      */
+#include "kcron_empty_keytab_file.h" /* for write_empty_keytab             */
+#include "kcron_filename.h"          /* for get_filename                   */
+#include "kcron_setup.h"             /* for harden_runtime                 */
 
 #if USE_CAPABILITIES == 1
-#include <sys/capability.h>             /* for CAP_CHOWN, CAP_FOWNER,etc      */
+#include <sys/capability.h> /* for CAP_CHOWN, CAP_FOWNER,etc      */
 #endif
 
 #ifndef _0600
@@ -69,14 +69,15 @@
 #define _0700 S_IRWXU
 #endif
 
-static int mkdir_if_missing(const char *dir, uid_t owner, gid_t group, mode_t mode) __attribute__((nonnull(1))) __attribute__((access(read_only, 1))) __attribute__((warn_unused_result));
+static int mkdir_if_missing(const char *dir, uid_t owner, gid_t group, mode_t mode) __attribute__((nonnull(1))) __attribute__((access(read_only, 1)))
+__attribute__((warn_unused_result));
 static int mkdir_if_missing(const char *dir, uid_t owner, gid_t group, mode_t mode) {
 
-  #if USE_CAPABILITIES == 1
+#if USE_CAPABILITIES == 1
   const cap_value_t caps[] = {CAP_CHOWN, CAP_DAC_OVERRIDE};
-  #else
+#else
   const cap_value_t caps[] = {-1};
-  #endif
+#endif
   int num_caps = sizeof(caps) / sizeof(cap_value_t);
 
   struct stat st = {0};
@@ -193,14 +194,15 @@ static int mkdir_if_missing(const char *dir, uid_t owner, gid_t group, mode_t mo
   return 0;
 }
 
-static int chown_chmod_keytab(int filedescriptor, const char *keytab) __attribute__((nonnull(2))) __attribute__((access(read_only, 2))) __attribute__((warn_unused_result));
+static int chown_chmod_keytab(int filedescriptor, const char *keytab) __attribute__((nonnull(2))) __attribute__((access(read_only, 2)))
+__attribute__((warn_unused_result));
 static int chown_chmod_keytab(int filedescriptor, const char *keytab) {
 
-  #if USE_CAPABILITIES == 1
+#if USE_CAPABILITIES == 1
   const cap_value_t keytab_caps[] = {CAP_CHOWN};
-  #else
+#else
   const cap_value_t keytab_caps[] = {-1};
-  #endif
+#endif
   const int num_caps = sizeof(keytab_caps) / sizeof(cap_value_t);
 
   const uid_t uid = getuid();
@@ -269,8 +271,7 @@ static int chown_chmod_keytab(int filedescriptor, const char *keytab) {
 }
 
 void constructor(void) __attribute__((constructor));
-void constructor(void)
-{
+void constructor(void) {
   /* Setup runtime hardening /before/ main() is even called */
   (void)harden_runtime();
 }
@@ -286,11 +287,11 @@ int main(void) {
   DIR *keytab_dir = NULL;
   const DIR *null_dir = NULL;
 
-  #if USE_CAPABILITIES == 1
+#if USE_CAPABILITIES == 1
   const cap_value_t caps[] = {CAP_DAC_OVERRIDE};
-  #else
+#else
   const cap_value_t caps[] = {-1};
-  #endif
+#endif
   const int num_caps = sizeof(caps) / sizeof(cap_value_t);
 
   const uid_t euid = geteuid();
@@ -448,7 +449,7 @@ int main(void) {
       exit(EXIT_FAILURE);
     }
 
-    filedescriptor = openat(dirfd(keytab_dir), keytab_filename, O_WRONLY|O_CREAT|O_NOFOLLOW|O_CLOEXEC, _0600);
+    filedescriptor = openat(dirfd(keytab_dir), keytab_filename, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, _0600);
 
     if (disable_capabilities() != 0) {
       /* technically we might not have active caps now, but eh              */

src/C/kcron_caps.h

@@ -48,7 +48,6 @@
 #include <sys/capability.h> /* for cap_t, cap_get_proc, etc  */
 #include <sys/types.h>      /* for cap_t, etc                */
 
-
 int disable_capabilities(void) __attribute__((flatten)) __attribute__((hot));
 int disable_capabilities(void) {
   cap_t capabilities = cap_get_proc();
@@ -66,17 +65,18 @@ int disable_capabilities(void) {
   return 0;
 }
 
-static void print_cap_error(const char *mode, const cap_value_t expected_cap[], const int num_caps) __attribute__((nonnull(1))) __attribute__((access(read_only, 1))) __attribute__((flatten));
+static void print_cap_error(const char *mode, const cap_value_t expected_cap[], const int num_caps) __attribute__((nonnull(1)))
+__attribute__((access(read_only, 1))) __attribute__((flatten));
 static void print_cap_error(const char *mode, const cap_value_t expected_cap[], const int num_caps) {
-    (void)fprintf(stderr, "%s: Unable to set CAPABILITIES %s\n", __PROGRAM_NAME, mode);
-    (void)fprintf(stderr, "%s: Requested CAPABILITIES %s %i:\n", __PROGRAM_NAME, mode, num_caps);
-    for(int i=0; i < num_caps; i++) {
-        (void)fprintf(stderr, "%s:    capability:%s\n", __PROGRAM_NAME, cap_to_name(expected_cap[i]));
-    }
+  (void)fprintf(stderr, "%s: Unable to set CAPABILITIES %s\n", __PROGRAM_NAME, mode);
+  (void)fprintf(stderr, "%s: Requested CAPABILITIES %s %i:\n", __PROGRAM_NAME, mode, num_caps);
+  for (int i = 0; i < num_caps; i++) {
+    (void)fprintf(stderr, "%s:    capability:%s\n", __PROGRAM_NAME, cap_to_name(expected_cap[i]));
+  }
 }
 
-
-int enable_capabilities(const cap_value_t expected_cap[], const int num_caps) __attribute__((nonnull(1))) __attribute__((warn_unused_result)) __attribute__((flatten)) __attribute__((hot));
+int enable_capabilities(const cap_value_t expected_cap[], const int num_caps) __attribute__((nonnull(1))) __attribute__((warn_unused_result))
+__attribute__((flatten)) __attribute__((hot));
 int enable_capabilities(const cap_value_t expected_cap[], const int num_caps) {
   cap_t capabilities = cap_get_proc();
 
@@ -126,7 +126,8 @@ int disable_capabilities(void) {
   return 0;
 }
 
-int enable_capabilities(const cap_value_t expected_cap[], const int num_caps) __attribute__((nonnull(1))) __attribute__((warn_unused_result)) __attribute__((flatten));
+int enable_capabilities(const cap_value_t expected_cap[], const int num_caps) __attribute__((nonnull(1))) __attribute__((warn_unused_result))
+__attribute__((flatten));
 int enable_capabilities(const cap_value_t expected_cap[], const int num_caps) {
   DTRACE_PROBE1(__PROGRAM_NAME, "cap-set-flag-permitted", 2);
   DTRACE_PROBE1(__PROGRAM_NAME, "cap-set-flag-effective", 2);

src/C/kcron_empty_keytab_file.h

@@ -41,8 +41,8 @@
 #ifndef KCRON_EMPTY_KEYTAB_FILE_H
 #define KCRON_EMPTY_KEYTAB_FILE_H 1
 
-#include <stdio.h>          /* for fprintf, stderr, NULL, etc   */
-#include <stdlib.h>         /* for EXIT_FAILURE                 */
+#include <stdio.h>  /* for fprintf, stderr, NULL, etc   */
+#include <stdlib.h> /* for EXIT_FAILURE                 */
 
 int write_empty_keytab(int filedescriptor) __attribute__((warn_unused_result));
 int write_empty_keytab(int filedescriptor) {

src/C/kcron_filename.h

@@ -41,12 +41,12 @@
 #ifndef KCRON_FILENAME_H
 #define KCRON_FILENAME_H 1
 
-#include <stdio.h>        /* for calloc, fprintf, snprintf        */
-#include <stdlib.h>       /* for EXIT_FAILURE                     */
-#include <unistd.h>       /* for getuid                           */
+#include <stdio.h>  /* for calloc, fprintf, snprintf        */
+#include <stdlib.h> /* for EXIT_FAILURE                     */
+#include <unistd.h> /* for getuid                           */
 
-
-int get_client_dirname(char *keytab_dir) __attribute__((nonnull(1))) __attribute__((access(read_write, 1))) __attribute__((warn_unused_result)) __attribute__((flatten));
+int get_client_dirname(char *keytab_dir) __attribute__((nonnull(1))) __attribute__((access(read_write, 1))) __attribute__((warn_unused_result))
+__attribute__((flatten));
 int get_client_dirname(char *keytab_dir) {
 
   const char *nullpointer = NULL;
@@ -61,7 +61,8 @@ int get_client_dirname(char *keytab_dir) {
   return 0;
 }
 
-int get_filenames(char *keytab_dir, char *keytab_filename, char *keytab) __attribute__((nonnull(1, 2, 3))) __attribute__((access(read_write, 1))) __attribute((access(read_write, 2))) __attribute((access(read_write, 3))) __attribute__((warn_unused_result)) __attribute__((flatten));
+int get_filenames(char *keytab_dir, char *keytab_filename, char *keytab) __attribute__((nonnull(1, 2, 3))) __attribute__((access(read_write, 1)))
+__attribute((access(read_write, 2))) __attribute((access(read_write, 3))) __attribute__((warn_unused_result)) __attribute__((flatten));
 int get_filenames(char *keytab_dir, char *keytab_filename, char *keytab) {
 
   const uid_t uid = getuid();

src/C/kcron_landlock.h

@@ -41,11 +41,11 @@
 #ifndef KCRON_LANDLOCK_H
 #define KCRON_LANDLOCK_H 1
 
-#include <stdio.h>                      /* for fprintf, stderr, NULL, etc     */
-#include <stdlib.h>                     /* for free, EXIT_FAILURE, etc        */
+#include <stdio.h>  /* for fprintf, stderr, NULL, etc     */
+#include <stdlib.h> /* for free, EXIT_FAILURE, etc        */
 
-#include <sys/syscall.h>                /* for  SYS_* constants               */
-#include <linux/landlock.h>             /* Definition of LANDLOCK_* constants */
+#include <linux/landlock.h> /* Definition of LANDLOCK_* constants */
+#include <sys/syscall.h>    /* for  SYS_* constants               */
 
 void set_kcron_landlock(void) __attribute__((flatten));
 void set_kcron_landlock(void) {
@@ -59,28 +59,14 @@ void set_kcron_landlock(void) {
   const char *nullstring = NULL;
 
   struct landlock_ruleset_attr ruleset_attr = {
-    .handled_access_fs =
-        LANDLOCK_ACCESS_FS_EXECUTE |
-        LANDLOCK_ACCESS_FS_WRITE_FILE |
-        LANDLOCK_ACCESS_FS_READ_FILE |
-        LANDLOCK_ACCESS_FS_READ_DIR |
-        LANDLOCK_ACCESS_FS_REMOVE_DIR |
-        LANDLOCK_ACCESS_FS_REMOVE_FILE |
-        LANDLOCK_ACCESS_FS_MAKE_CHAR |
-        LANDLOCK_ACCESS_FS_MAKE_DIR |
-        LANDLOCK_ACCESS_FS_MAKE_REG |
-        LANDLOCK_ACCESS_FS_MAKE_SOCK |
-        LANDLOCK_ACCESS_FS_MAKE_FIFO |
-        LANDLOCK_ACCESS_FS_MAKE_BLOCK |
-        LANDLOCK_ACCESS_FS_MAKE_SYM,
+      .handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE | LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_READ_DIR |
+                           LANDLOCK_ACCESS_FS_REMOVE_DIR | LANDLOCK_ACCESS_FS_REMOVE_FILE | LANDLOCK_ACCESS_FS_MAKE_CHAR | LANDLOCK_ACCESS_FS_MAKE_DIR |
+                           LANDLOCK_ACCESS_FS_MAKE_REG | LANDLOCK_ACCESS_FS_MAKE_SOCK | LANDLOCK_ACCESS_FS_MAKE_FIFO | LANDLOCK_ACCESS_FS_MAKE_BLOCK |
+                           LANDLOCK_ACCESS_FS_MAKE_SYM,
   };
 
   struct landlock_path_beneath_attr path_beneath = {
-    .allowed_access =
-        LANDLOCK_ACCESS_FS_WRITE_FILE |
-        LANDLOCK_ACCESS_FS_READ_FILE |
-        LANDLOCK_ACCESS_FS_READ_DIR |
-        LANDLOCK_ACCESS_FS_MAKE_DIR,
+      .allowed_access = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_READ_DIR | LANDLOCK_ACCESS_FS_MAKE_DIR,
   };
 
   /* verify memory can be allocated */
@@ -99,15 +85,15 @@ void set_kcron_landlock(void) {
       exit(EXIT_FAILURE);
     }
 
-    landlock_ruleset_fd = (int) syscall(__NR_landlock_create_ruleset, &ruleset_attr, sizeof(ruleset_attr), 0);
+    landlock_ruleset_fd = (int)syscall(__NR_landlock_create_ruleset, &ruleset_attr, sizeof(ruleset_attr), 0);
     if (landlock_ruleset_fd < 0) {
       (void)fprintf(stderr, "%s: landlock is enabled but non-functional?\n", __PROGRAM_NAME);
       (void)free(client_keytab_dirname);
       (void)close(landlock_ruleset_fd);
       exit(EXIT_FAILURE);
     }
 
-    path_beneath.parent_fd = open(client_keytab_dirname, O_RDONLY|O_NOFOLLOW|O_CLOEXEC);
+    path_beneath.parent_fd = open(client_keytab_dirname, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
     if (path_beneath.parent_fd < 0) {
       (void)fprintf(stderr, "%s: landlock could not find %s?\n", __PROGRAM_NAME, client_keytab_dirname);
       (void)free(client_keytab_dirname);

src/C/kcron_seccomp.h

@@ -41,18 +41,16 @@
 #ifndef KCRON_SECCOMP_H
 #define KCRON_SECCOMP_H 1
 
-#include <seccomp.h>      /* libseccomp                  */
-#include <stdio.h>        /* for fprintf, stderr, NULL   */
-#include <stdlib.h>       /* for EXIT_FAILURE            */
-
-#include <sys/stat.h>     /* for S_IRUSR, S_IWUSR, stat, etc  */
+#include <seccomp.h> /* libseccomp                  */
+#include <stdio.h>   /* for fprintf, stderr, NULL   */
+#include <stdlib.h>  /* for EXIT_FAILURE            */
 
+#include <sys/stat.h> /* for S_IRUSR, S_IWUSR, stat, etc  */
 
 #ifndef _0600
 #define _0600 S_IRUSR | S_IWUSR
 #endif
 
-
 int set_kcron_seccomp(void) __attribute__((warn_unused_result)) __attribute__((flatten));
 int set_kcron_seccomp(void) {
 
@@ -101,28 +99,27 @@ int set_kcron_seccomp(void) {
     exit(EXIT_FAILURE);
   }
 
-
- /*
-  * STDOUT
-  */
+  /*
+   * STDOUT
+   */
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, 1)) != 0) {
     (void)fprintf(stderr, "%s: Cannot set allowlist 'write' to stdout.\n", __PROGRAM_NAME);
     (void)seccomp_release(ctx);
     exit(EXIT_FAILURE);
   }
 
- /*
-  * STDERR
-  */
+  /*
+   * STDERR
+   */
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, 2)) != 0) {
     (void)fprintf(stderr, "%s: Cannot set allowlist 'write' to stderr.\n", __PROGRAM_NAME);
     (void)seccomp_release(ctx);
     exit(EXIT_FAILURE);
   }
 
- /*
-  *   Our directory handle
-  */
+  /*
+   *   Our directory handle
+   */
 
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0) != 0) {
     /* not sure how to restrict this to the args I want */
@@ -137,9 +134,9 @@ int set_kcron_seccomp(void) {
     exit(EXIT_FAILURE);
   }
 
- /*
-  *   Our file handle
-  */
+  /*
+   *   Our file handle
+   */
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_EQ, 4)) != 0) {
     (void)fprintf(stderr, "%s: Cannot set allowlist 'write' to our file handle.\n", __PROGRAM_NAME);
     (void)seccomp_release(ctx);
@@ -161,9 +158,9 @@ int set_kcron_seccomp(void) {
     exit(EXIT_FAILURE);
   }
 
- /*
-  *   General usage, not sure how to restrict these to the args I want....
-  */
+  /*
+   *   General usage, not sure how to restrict these to the args I want....
+   */
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstat), 0) != 0) {
     (void)fprintf(stderr, "%s: Cannot set allowlist 'fstat'.\n", __PROGRAM_NAME);
     (void)seccomp_release(ctx);
@@ -190,7 +187,6 @@ int set_kcron_seccomp(void) {
     exit(EXIT_FAILURE);
   }
 
-
 #if USE_CAPABILITIES == 1
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(capget), 0) != 0) {
     (void)fprintf(stderr, "%s: Cannot set allowlist 'capget'.\n", __PROGRAM_NAME);