diff --git a/src/detect-engine-loader.c b/src/detect-engine-loader.c index ae01f406e9..4091956850 100644 --- a/src/detect-engine-loader.c +++ b/src/detect-engine-loader.c @@ -274,7 +274,7 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern, * \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively. * \retval -1 on error */ -int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive) +int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive) { SCEnter(); @@ -297,7 +297,7 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl } /* ok, let's load signature files from the general config */ - if (!(sig_file != NULL && sig_file_exclusive == TRUE)) { + if (!(sig_file != NULL && sig_file_exclusive)) { rule_files = ConfGetNode(varname); if (rule_files != NULL) { if (!ConfNodeIsSequence(rule_files)) { diff --git a/src/detect-engine.c b/src/detect-engine.c index 6fa894c0c7..0fc2df6869 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -3859,7 +3859,7 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil goto error; } - if (SigLoadSignatures(de_ctx, NULL, 0) < 0) { + if (SigLoadSignatures(de_ctx, NULL, false) < 0) { SCLogError("Loading signatures failed."); goto error; } @@ -3919,7 +3919,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f goto error; } - if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) { + if (SigLoadSignatures(new_de_ctx, NULL, false) < 0) { SCLogError("Loading signatures failed."); goto error; } diff --git a/src/detect-parse.c b/src/detect-parse.c index d9800f0a2f..bf54f9359a 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -128,7 +128,7 @@ void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg) /* Table with all SigMatch registrations */ SigTableElmt sigmatch_table[DETECT_TBLSIZE]; -extern int sc_set_caps; +extern bool sc_set_caps; static void SigMatchTransferSigMatchAcrossLists(SigMatch *sm, SigMatch **src_sm_list, SigMatch **src_sm_list_tail, @@ -1174,7 +1174,7 @@ static int SigParseActionRejectValidate(const char *action) { #ifdef HAVE_LIBNET11 #if defined HAVE_LIBCAP_NG && !defined HAVE_LIBNET_CAPABILITIES - if (sc_set_caps == TRUE) { + if (sc_set_caps) { SCLogError("Libnet 1.1 is " "incompatible with POSIX based capabilities with privs dropping. " "For rejects to work, run as root/super user."); diff --git a/src/detect.h b/src/detect.h index a4d9ef3602..ced0300670 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1559,7 +1559,7 @@ void SigRegisterTests(void); void DisableDetectFlowFileFlags(Flow *f); char *DetectLoadCompleteSigPath(const DetectEngineCtx *, const char *sig_file); -int SigLoadSignatures (DetectEngineCtx *, char *, int); +int SigLoadSignatures(DetectEngineCtx *, char *, bool); void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p); diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c index 95ff114484..634fa3b8b5 100644 --- a/src/respond-reject-libnet11.c +++ b/src/respond-reject-libnet11.c @@ -62,7 +62,7 @@ uint16_t g_reject_dev_mtu = 0; /** set to true in main if we're setting caps. We need it here if we're using * reject rules as libnet 1.1 is not compatible with caps. */ -extern int sc_set_caps; +extern bool sc_set_caps; #include diff --git a/src/suricata.c b/src/suricata.c index 7f979a7fbf..fd069e6e5d 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -189,7 +189,7 @@ uint16_t max_pending_packets; int g_detect_disabled = 0; /** set caps or not */ -int sc_set_caps = FALSE; +bool sc_set_caps = false; bool g_system = false; @@ -1075,7 +1075,7 @@ static void SCInstanceInit(SCInstance *suri, const char *progname) memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev)); suri->sig_file = NULL; - suri->sig_file_exclusive = FALSE; + suri->sig_file_exclusive = false; suri->pid_filename = NULL; suri->regex_arg = NULL; @@ -1084,8 +1084,8 @@ static void SCInstanceInit(SCInstance *suri, const char *progname) #ifndef OS_WIN32 suri->user_name = NULL; suri->group_name = NULL; - suri->do_setuid = FALSE; - suri->do_setgid = FALSE; + suri->do_setuid = false; + suri->do_setgid = false; #endif /* OS_WIN32 */ suri->userid = 0; suri->groupid = 0; @@ -1605,7 +1605,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) return TM_ECODE_FAILED; #else suri->user_name = optarg; - suri->do_setuid = TRUE; + suri->do_setuid = true; #endif /* HAVE_LIBCAP_NG */ } else if (strcmp((long_opts[option_index]).name, "group") == 0) { #ifndef HAVE_LIBCAP_NG @@ -1614,7 +1614,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) return TM_ECODE_FAILED; #else suri->group_name = optarg; - suri->do_setgid = TRUE; + suri->do_setgid = true; #endif /* HAVE_LIBCAP_NG */ } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) { suri->run_mode = RUNMODE_ERF_FILE; @@ -1972,7 +1972,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) return TM_ECODE_FAILED; } suri->sig_file = optarg; - suri->sig_file_exclusive = TRUE; + suri->sig_file_exclusive = true; break; case 'u': #ifdef UNITTESTS @@ -2142,25 +2142,25 @@ static int InitRunAs(SCInstance *suri) #ifndef OS_WIN32 /* Try to get user/group to run suricata as if command line as not decide of that */ - if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) { + if (!suri->do_setuid && !suri->do_setgid) { const char *id; if (ConfGet("run-as.user", &id) == 1) { - suri->do_setuid = TRUE; + suri->do_setuid = true; suri->user_name = id; } if (ConfGet("run-as.group", &id) == 1) { - suri->do_setgid = TRUE; + suri->do_setgid = true; suri->group_name = id; } } /* Get the suricata user ID to given user ID */ - if (suri->do_setuid == TRUE) { + if (suri->do_setuid) { SCGetUserID(suri->user_name, suri->group_name, &suri->userid, &suri->groupid); - sc_set_caps = TRUE; - /* Get the suricata group ID to given group ID */ - } else if (suri->do_setgid == TRUE) { + sc_set_caps = true; + /* Get the suricata group ID to given group ID */ + } else if (suri->do_setgid) { SCGetGroupID(suri->group_name, &suri->groupid); - sc_set_caps = TRUE; + sc_set_caps = true; } #endif return TM_ECODE_OK; diff --git a/src/suricata.h b/src/suricata.h index 957134b92c..9d275edc5d 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -126,7 +126,7 @@ typedef struct SCInstance_ { char pcap_dev[128]; char *sig_file; - int sig_file_exclusive; + bool sig_file_exclusive; char *pid_filename; char *regex_arg; @@ -135,8 +135,8 @@ typedef struct SCInstance_ { #ifndef OS_WIN32 const char *user_name; const char *group_name; - uint8_t do_setuid; - uint8_t do_setgid; + bool do_setuid; + bool do_setgid; #endif /* OS_WIN32 */ uint32_t userid; uint32_t groupid; diff --git a/src/util-landlock.c b/src/util-landlock.c index d14e1bed0a..258993c30d 100644 --- a/src/util-landlock.c +++ b/src/util-landlock.c @@ -244,7 +244,7 @@ void LandlockSandboxing(SCInstance *suri) LandlockSandboxingWritePath(ruleset, LOCAL_STATE_DIR "/run/suricata/"); } } - if (suri->sig_file_exclusive == FALSE) { + if (!suri->sig_file_exclusive) { const char *rule_path; if (ConfGet("default-rule-path", &rule_path) == 1 && rule_path) { LandlockSandboxingReadPath(ruleset, rule_path); diff --git a/src/util-privs.c b/src/util-privs.c index 8210cc8065..3a1ea48515 100644 --- a/src/util-privs.c +++ b/src/util-privs.c @@ -44,7 +44,7 @@ #include "runmodes.h" /** flag indicating if we'll be using caps */ -extern int sc_set_caps; +extern bool sc_set_caps; /** our current runmode */ extern int run_mode; @@ -54,7 +54,7 @@ extern int run_mode; */ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid) { - if (sc_set_caps == FALSE) + if (!sc_set_caps) return; capng_clear(CAPNG_SELECT_BOTH);