audit: introduce audit_session_is_valid() and make use of it everywhere
Let's add a proper validation function, since validation isn't entirely trivial. Make use of it where applicable. Also make use of AUDIT_SESSION_INVALID where we need a marker for an invalid audit session.
This commit is contained in:
parent
ab7e3ef561
commit
3a87a86e33
|
@ -54,7 +54,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (u == AUDIT_SESSION_INVALID || u <= 0)
|
||||
if (!audit_session_is_valid(u))
|
||||
return -ENODATA;
|
||||
|
||||
*id = u;
|
||||
|
@ -81,7 +81,7 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*uid = (uid_t) u;
|
||||
*uid = u;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -29,3 +29,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id);
|
|||
int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
|
||||
|
||||
bool use_audit(void);
|
||||
|
||||
static inline bool audit_session_is_valid(uint32_t id) {
|
||||
return id > 0 && id != AUDIT_SESSION_INVALID;
|
||||
}
|
||||
|
|
|
@ -570,7 +570,7 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio
|
|||
if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
|
||||
return -ENODATA;
|
||||
|
||||
if (c->audit_session_id == AUDIT_SESSION_INVALID)
|
||||
if (!audit_session_is_valid(c->audit_session_id))
|
||||
return -ENXIO;
|
||||
|
||||
*sessionid = c->audit_session_id;
|
||||
|
|
|
@ -767,8 +767,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
|
|||
if (hashmap_size(m->sessions) >= m->sessions_max)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max);
|
||||
|
||||
audit_session_from_pid(leader, &audit_id);
|
||||
if (audit_id > 0) {
|
||||
(void) audit_session_from_pid(leader, &audit_id);
|
||||
if (audit_session_is_valid(audit_id)) {
|
||||
/* Keep our session IDs and the audit session IDs in sync */
|
||||
|
||||
if (asprintf(&id, "%"PRIu32, audit_id) < 0)
|
||||
|
@ -780,7 +780,7 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
|
|||
* ID */
|
||||
if (hashmap_get(m->sessions, id)) {
|
||||
log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
|
||||
audit_id = 0;
|
||||
audit_id = AUDIT_SESSION_INVALID;
|
||||
|
||||
id = mfree(id);
|
||||
}
|
||||
|
|
|
@ -82,6 +82,7 @@ Session* session_new(Manager *m, const char *id) {
|
|||
s->manager = m;
|
||||
s->fifo_fd = -1;
|
||||
s->vtfd = -1;
|
||||
s->audit_id = AUDIT_SESSION_INVALID;
|
||||
|
||||
return s;
|
||||
}
|
||||
|
@ -283,7 +284,7 @@ int session_save(Session *s) {
|
|||
if (s->leader > 0)
|
||||
fprintf(f, "LEADER="PID_FMT"\n", s->leader);
|
||||
|
||||
if (s->audit_id > 0)
|
||||
if (audit_session_is_valid(s->audit_id))
|
||||
fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id);
|
||||
|
||||
if (dual_timestamp_is_set(&s->timestamp))
|
||||
|
@ -459,9 +460,8 @@ int session_load(Session *s) {
|
|||
}
|
||||
|
||||
if (leader) {
|
||||
k = parse_pid(leader, &s->leader);
|
||||
if (k >= 0)
|
||||
audit_session_from_pid(s->leader, &s->audit_id);
|
||||
if (parse_pid(leader, &s->leader) >= 0)
|
||||
(void) audit_session_from_pid(s->leader, &s->audit_id);
|
||||
}
|
||||
|
||||
if (type) {
|
||||
|
|
Loading…
Reference in New Issue