static int
pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd, uint args)
{
const char *password, *original;
int ret, started_daemon = 0;
ret = pam_get_item (ph, PAM_OLDAUTHTOK, (const void**)&original);
if (ret != PAM_SUCCESS || original == NULL) {
syslog (GKR_LOG_WARN, "gkr-pam: couldn't update the login keyring password: %s",
"no old password was entered");
return PAM_IGNORE;
}
ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password);
if (ret != PAM_SUCCESS)
password = NULL;
if (password == NULL) {
/* No password was set, and we can't prompt for it */
if (args & ARG_USE_AUTHTOK) {
syslog (GKR_LOG_ERR, "gkr-pam: no password set, and use_authtok was specified");
return PAM_AUTHTOK_RECOVER_ERR;
}
/* No password was entered, prompt for it */
ret = prompt_password (ph);
if (ret != PAM_SUCCESS) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s",
pam_strerror (ph, ret));
return PAM_AUTH_ERR;
}
ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password);
if (ret != PAM_SUCCESS || password == NULL) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s",
ret == PAM_SUCCESS ? "password was null" : pam_strerror (ph, ret));
return PAM_AUTHTOK_RECOVER_ERR;
}
}
/*
* We always start the daemon here, and don't respect the auto_start
* argument. Because if the password is being changed, then making
* the 'login' keyring match it is a priority.
*/
ret = start_daemon_if_necessary (ph, pwd, original, &started_daemon);
if (ret != PAM_SUCCESS)
return ret;
ret = change_keyring_password (ph, pwd, password, original);
/* if not auto_start, kill the daemon if we started it: we don't want
* it to stay */
if (started_daemon && !(args & ARG_AUTO_START))
stop_daemon (ph, pwd);
if (ret != PAM_SUCCESS)
return ret;
return PAM_SUCCESS;
}
PAM_EXTERN int
pam_sm_close_session (pam_handle_t *ph, int flags, int argc, const char **argv)
{
struct passwd *pwd;
const char *user;
int ret;
ret = pam_get_user (ph, &user, NULL);
if (ret != PAM_SUCCESS) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't get user from pam: %s",
pam_strerror (ph, ret));
return PAM_SERVICE_ERR;
}
pwd = getpwnam (user);
if (!pwd) {
syslog (GKR_LOG_ERR, "gkr-pam: error looking up user information for: %s", user);
return PAM_SERVICE_ERR;
}
stop_daemon (ph, pwd);
/* Don't bother user when daemon can't be stopped */
return PAM_SUCCESS;
}
int main(int argc, char** argv) {
int i = 1;
int retval = 0;
if (argc < 1) {
usage();
}
if (!strcmp(argv[i], "--help") || !strcmp(argv[i], "-h")) {
usage();
}
if (!strcmp(argv[i], "--version") || !strcmp(argv[i], "-V")) {
version();
}
if (!strcmp(argv[i], "--start")) {
retval = !start_daemon();
}
if (!strcmp(argv[i], "--stop")) {
retval = !stop_daemon();
}
exit(retval);
}
/*
* The top level function for the "cryptoadm stop" subcommand.
*/
static int
do_stop(int argc)
{
if (argc != 2) {
usage();
return (ERROR_USAGE);
}
return (stop_daemon());
}
/**
* @brief SIGINT, SIGTERM handler
*/
void stop_handler(int sig) {
// close the main socket
stop_daemon();
}
int
stop_daemon_main(const struct cmd_stop_daemon_info* info)
{
stop_daemon();
return 0;
}
/*FUNC-************************************************************************/
int main(int argc, char **argv)
{
int ret;
strncpy(prog_name, argv[0], sizeof(prog_name) - 1);
strcpy(dest_ip, DEF_CMD_IP);
/****************************************************************************/
/* Parse command line parameters. */
/****************************************************************************/
ret = parse_args(argc, argv);
if (ret)
{
goto EXIT;
}
/****************************************************************************/
/* Create command socket. */
/****************************************************************************/
ret = create_cmd_socket();
if (ret )
{
goto EXIT;
}
/****************************************************************************/
/* Fan out command. */
/****************************************************************************/
switch (cmd_id)
{
case CMD_STATUS:
get_status(0);
break;
case CMD_STOP:
stop_daemon();
break;
case CMD_START:
start_daemon();
break;
case CMD_GET_WHITELIST_IP:
show_whitelist_ip();
break;
case CMD_DEL_WHITELIST_IP:
del_whitelist_ip();
break;
default:
fprintf(stdout, "Unsupported command.\n");
break;
}
ret = RET_OK;
EXIT:
close_cmd_socket();
return(ret);
}
