picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

audit: introduce audit_session_is_valid() and make use of it everywhere 

Let's add a proper validation function, since validation isn't entirely
trivial. Make use of it where applicable. Also make use of
AUDIT_SESSION_INVALID where we need a marker for an invalid audit
session.
This commit is contained in:
Lennart Poettering 2017-07-14 18:42:17 +02:00
parent ab7e3ef561
commit 3a87a86e33
5 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/basic/audit-util.c
View File

@ -54,7 +54,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
if (r < 0)
return r;
if (u == AUDIT_SESSION_INVALID || u <= 0)
if (!audit_session_is_valid(u))
return -ENODATA;
*id = u;
@ -81,7 +81,7 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
if (r < 0)
return r;
*uid = (uid_t) u;
*uid = u;
return 0;
}

4
src/basic/audit-util.h
View File

@ -29,3 +29,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id);
int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
bool use_audit(void);
static inline bool audit_session_is_valid(uint32_t id) {
return id > 0 && id != AUDIT_SESSION_INVALID;
}

2
src/libsystemd/sd-bus/bus-creds.c
View File

@ -570,7 +570,7 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio
if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
return -ENODATA;
if (c->audit_session_id == AUDIT_SESSION_INVALID)
if (!audit_session_is_valid(c->audit_session_id))
return -ENXIO;
*sessionid = c->audit_session_id;

6
src/login/logind-dbus.c
View File

@ -767,8 +767,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
if (hashmap_size(m->sessions) >= m->sessions_max)
return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max);
audit_session_from_pid(leader, &audit_id);
if (audit_id > 0) {
(void) audit_session_from_pid(leader, &audit_id);
if (audit_session_is_valid(audit_id)) {
/* Keep our session IDs and the audit session IDs in sync */
if (asprintf(&id, "%"PRIu32, audit_id) < 0)
@ -780,7 +780,7 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
* ID */
if (hashmap_get(m->sessions, id)) {
log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
audit_id = 0;
audit_id = AUDIT_SESSION_INVALID;
id = mfree(id);
}

8
src/login/logind-session.c
View File

@ -82,6 +82,7 @@ Session* session_new(Manager *m, const char *id) {
s->manager = m;
s->fifo_fd = -1;
s->vtfd = -1;
s->audit_id = AUDIT_SESSION_INVALID;
return s;
}
@ -283,7 +284,7 @@ int session_save(Session *s) {
if (s->leader > 0)
fprintf(f, "LEADER="PID_FMT"\n", s->leader);
if (s->audit_id > 0)
if (audit_session_is_valid(s->audit_id))
fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id);
if (dual_timestamp_is_set(&s->timestamp))
@ -459,9 +460,8 @@ int session_load(Session *s) {
}
if (leader) {
k = parse_pid(leader, &s->leader);
if (k >= 0)
audit_session_from_pid(s->leader, &s->audit_id);
if (parse_pid(leader, &s->leader) >= 0)
(void) audit_session_from_pid(s->leader, &s->audit_id);
}
if (type) {