Only ASCII letters and digits are allowed.
libudev_core_la_SOURCES += \
src/udev/udev-builtin-uaccess.c \
src/login/logind-acl.c \
- src/login/sd-login.c
+ src/login/sd-login.c \
+ src/systemd/sd-login.h \
+ src/login/login-shared.c \
+ src/login/login-shared.h
libudev_core_la_LIBADD += \
libsystemd-acl.la
src/login/logind-session-dbus.c \
src/login/logind-seat-dbus.c \
src/login/logind-user-dbus.c \
- src/login/logind-acl.h
+ src/login/logind-acl.h \
+ src/login/login-shared.c \
+ src/login/login-shared.h
libsystemd_logind_core_la_CFLAGS = \
$(AM_CFLAGS) \
test-login-tables
libsystemd_login_la_SOURCES = \
- src/login/sd-login.c
+ src/login/sd-login.c \
+ src/systemd/sd-login.h \
+ src/login/login-shared.c \
+ src/login/login-shared.h
libsystemd_login_la_CFLAGS = \
$(AM_CFLAGS) \
* journald: make sure ratelimit is actually really per-service with the new cgroup changes
-* libsystemd-logind: sd_session_is_active() and friends: verify
- validity of session name before appending it to a path
-
* gparted needs to disable auto-activation of mount units somehow, or
maybe we should stop doing auto-activation of this after boot
entirely. https://bugzilla.gnome.org/show_bug.cgi?id=701676
--- /dev/null
+#include "login-shared.h"
+#include "def.h"
+
+bool session_id_valid(const char *id) {
+ assert(id);
+
+ return id + strspn(id, LETTERS DIGITS) == '\0';
+}
--- /dev/null
+#include <stdbool.h>
+
+bool session_id_valid(const char *id);
* the audit data and let's better register a new
* ID */
if (hashmap_get(m->sessions, id)) {
+ log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
audit_id = 0;
free(id);
assert(m);
assert(id);
+ assert(session_id_valid(id));
s = new0(Session, 1);
if (!s)
#include "logind.h"
#include "logind-seat.h"
#include "logind-user.h"
+#include "login-shared.h"
typedef enum SessionState {
SESSION_OPENING, /* Session scope is being created */
if (!dirent_is_file(de))
continue;
+ if (!session_id_valid(de->d_name)) {
+ log_warning("Invalid session file name '%s', ignoring.", de->d_name);
+ r = -EINVAL;
+ continue;
+ }
+
k = manager_add_session(m, de->d_name, &s);
if (k < 0) {
log_error("Failed to add session by file name %s: %s", de->d_name, strerror(-k));
#include "sd-login.h"
#include "strv.h"
#include "fileio.h"
+#include "login-shared.h"
_public_ int sd_pid_get_session(pid_t pid, char **session) {
if (pid < 0)
assert(_p);
- if (session)
+ if (session) {
+ if (!session_id_valid(session))
+ return -EINVAL;
+
p = strappend("/run/systemd/sessions/", session);
- else {
- char *buf;
+ } else {
+ _cleanup_free_ char *buf = NULL;
r = sd_pid_get_session(0, &buf);
if (r < 0)
return r;
p = strappend("/run/systemd/sessions/", buf);
- free(buf);
}
if (!p)
return r;
r = parse_env_file(p, NEWLINE, "ACTIVE", &s, NULL);
-
if (r < 0)
return r;
}
#define CONTROLLER_VALID \
- "0123456789" \
- "abcdefghijklmnopqrstuvwxyz" \
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ DIGITS LETTERS \
"_"
bool cg_controller_is_valid(const char *p, bool allow_named) {
#define SIGNALS_CRASH_HANDLER SIGSEGV,SIGILL,SIGFPE,SIGBUS,SIGQUIT,SIGABRT
#define SIGNALS_IGNORE SIGPIPE
+
+#define DIGITS "0123456789"
+#define LOWERCASE_LETTERS "abcdefghijklmnopqrstuvwxyz"
+#define UPPERCASE_LETTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+#define LETTERS LOWERCASE_LETTERS UPPERCASE_LETTERS
#include "utf8.h"
#include "util.h"
#include "env-util.h"
+#include "def.h"
#define VALID_CHARS_ENV_NAME \
- "0123456789" \
- "abcdefghijklmnopqrstuvwxyz" \
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ DIGITS LETTERS \
"_"
#ifndef ARG_MAX
#include "macro.h"
#include "util.h"
#include "replace-var.h"
+#include "def.h"
/*
* Generic infrastructure for replacing @FOO@ style variables in
if (*b != '@')
return 0;
- k = strspn(b + 1, "ABCDEFGHIJKLMNOPQRSTUVWXYZ_");
+ k = strspn(b + 1, UPPERCASE_LETTERS "_");
if (k <= 0 || b[k+1] != '@')
return 0;
#include "path-util.h"
#include "util.h"
#include "unit-name.h"
+#include "def.h"
#define VALID_CHARS \
- "0123456789" \
- "abcdefghijklmnopqrstuvwxyz" \
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ DIGITS LETTERS \
":-_.\\"
static const char* const unit_type_table[_UNIT_TYPE_MAX] = {