summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-07-14 18:42:17 +0200
committerLennart Poettering <lennart@poettering.net>2017-07-31 18:01:42 +0200
commit3a87a86e33c20aab20d8b221adae2015d12bbb80 (patch)
tree9eaa3483c7e5e1f34a5ace9fa50ebf378aa2d26a
parentab7e3ef561e5c1ff63b58f4a329a9f90f0768eb0 (diff)
downloadsystemd-3a87a86e33c20aab20d8b221adae2015d12bbb80.tar.gz
systemd-3a87a86e33c20aab20d8b221adae2015d12bbb80.tar.bz2
systemd-3a87a86e33c20aab20d8b221adae2015d12bbb80.zip
audit: introduce audit_session_is_valid() and make use of it everywhere
Let's add a proper validation function, since validation isn't entirely trivial. Make use of it where applicable. Also make use of AUDIT_SESSION_INVALID where we need a marker for an invalid audit session.
-rw-r--r--src/basic/audit-util.c4
-rw-r--r--src/basic/audit-util.h4
-rw-r--r--src/libsystemd/sd-bus/bus-creds.c2
-rw-r--r--src/login/logind-dbus.c6
-rw-r--r--src/login/logind-session.c8
5 files changed, 14 insertions, 10 deletions
diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c
index d1c9695973..24a6c8a936 100644
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@@ -54,7 +54,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
if (r < 0)
return r;
- if (u == AUDIT_SESSION_INVALID || u <= 0)
+ if (!audit_session_is_valid(u))
return -ENODATA;
*id = u;
@@ -81,7 +81,7 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
if (r < 0)
return r;
- *uid = (uid_t) u;
+ *uid = u;
return 0;
}
diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h
index e048503991..3088951326 100644
--- a/src/basic/audit-util.h
+++ b/src/basic/audit-util.h
@@ -29,3 +29,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id);
int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
bool use_audit(void);
+
+static inline bool audit_session_is_valid(uint32_t id) {
+ return id > 0 && id != AUDIT_SESSION_INVALID;
+}
diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c
index 649fcdba44..f10592acd6 100644
--- a/src/libsystemd/sd-bus/bus-creds.c
+++ b/src/libsystemd/sd-bus/bus-creds.c
@@ -570,7 +570,7 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio
if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
return -ENODATA;
- if (c->audit_session_id == AUDIT_SESSION_INVALID)
+ if (!audit_session_is_valid(c->audit_session_id))
return -ENXIO;
*sessionid = c->audit_session_id;
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c9b7d99818..e22956bda2 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -767,8 +767,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
if (hashmap_size(m->sessions) >= m->sessions_max)
return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max);
- audit_session_from_pid(leader, &audit_id);
- if (audit_id > 0) {
+ (void) audit_session_from_pid(leader, &audit_id);
+ if (audit_session_is_valid(audit_id)) {
/* Keep our session IDs and the audit session IDs in sync */
if (asprintf(&id, "%"PRIu32, audit_id) < 0)
@@ -780,7 +780,7 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
* ID */
if (hashmap_get(m->sessions, id)) {
log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
- audit_id = 0;
+ audit_id = AUDIT_SESSION_INVALID;
id = mfree(id);
}
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 42dfecaffb..11d9e8ff5e 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -82,6 +82,7 @@ Session* session_new(Manager *m, const char *id) {
s->manager = m;
s->fifo_fd = -1;
s->vtfd = -1;
+ s->audit_id = AUDIT_SESSION_INVALID;
return s;
}
@@ -283,7 +284,7 @@ int session_save(Session *s) {
if (s->leader > 0)
fprintf(f, "LEADER="PID_FMT"\n", s->leader);
- if (s->audit_id > 0)
+ if (audit_session_is_valid(s->audit_id))
fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id);
if (dual_timestamp_is_set(&s->timestamp))
@@ -459,9 +460,8 @@ int session_load(Session *s) {
}
if (leader) {
- k = parse_pid(leader, &s->leader);
- if (k >= 0)
- audit_session_from_pid(s->leader, &s->audit_id);
+ if (parse_pid(leader, &s->leader) >= 0)
+ (void) audit_session_from_pid(s->leader, &s->audit_id);
}
if (type) {