audit: introduce audit_session_is_valid() and make use of it everywhere

poettering · poettering · commit 3a87a86e33c2 · 2017-07-31T18:01:42.000+02:00
Let's add a proper validation function, since validation isn't entirely
trivial. Make use of it where applicable. Also make use of
AUDIT_SESSION_INVALID where we need a marker for an invalid audit
session.
diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c
@@ -54,7 +54,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
         if (r < 0)
                 return r;
 
-        if (u == AUDIT_SESSION_INVALID || u <= 0)
+        if (!audit_session_is_valid(u))
                 return -ENODATA;
 
         *id = u;
@@ -81,7 +81,7 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
         if (r < 0)
                 return r;
 
-        *uid = (uid_t) u;
+        *uid = u;
         return 0;
 }
 
diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h
@@ -29,3 +29,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id);
 int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
 
 bool use_audit(void);
+
+static inline bool audit_session_is_valid(uint32_t id) {
+        return id > 0 && id != AUDIT_SESSION_INVALID;
+}
diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c
@@ -570,7 +570,7 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio
         if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
                 return -ENODATA;
 
-        if (c->audit_session_id == AUDIT_SESSION_INVALID)
+        if (!audit_session_is_valid(c->audit_session_id))
                 return -ENXIO;
 
         *sessionid = c->audit_session_id;
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
@@ -767,8 +767,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
         if (hashmap_size(m->sessions) >= m->sessions_max)
                 return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max);
 
-        audit_session_from_pid(leader, &audit_id);
-        if (audit_id > 0) {
+        (void) audit_session_from_pid(leader, &audit_id);
+        if (audit_session_is_valid(audit_id)) {
                 /* Keep our session IDs and the audit session IDs in sync */
 
                 if (asprintf(&id, "%"PRIu32, audit_id) < 0)
@@ -780,7 +780,7 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
                  * ID */
                 if (hashmap_get(m->sessions, id)) {
                         log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
-                        audit_id = 0;
+                        audit_id = AUDIT_SESSION_INVALID;
 
                         id = mfree(id);
                 }
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
@@ -82,6 +82,7 @@ Session* session_new(Manager *m, const char *id) {
         s->manager = m;
         s->fifo_fd = -1;
         s->vtfd = -1;
+        s->audit_id = AUDIT_SESSION_INVALID;
 
         return s;
 }
@@ -283,7 +284,7 @@ int session_save(Session *s) {
         if (s->leader > 0)
                 fprintf(f, "LEADER="PID_FMT"\n", s->leader);
 
-        if (s->audit_id > 0)
+        if (audit_session_is_valid(s->audit_id))
                 fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id);
 
         if (dual_timestamp_is_set(&s->timestamp))
@@ -459,9 +460,8 @@ int session_load(Session *s) {
         }
 
         if (leader) {
-                k = parse_pid(leader, &s->leader);
-                if (k >= 0)
-                        audit_session_from_pid(s->leader, &s->audit_id);
+                if (parse_pid(leader, &s->leader) >= 0)
+                        (void) audit_session_from_pid(s->leader, &s->audit_id);
         }
 
         if (type) {
