/*
* This entry point _should_ be the common entry to suspend. It is in
* it's entirety here, but would be best moved to libpower when that
* is available.
*/
static void
pm_suspend(void)
{
int cprarg = AD_SUSPEND;
enum adt_uadmin_fcn fcn_id = ADT_FCN;
au_event_t event_id = ADT_uadmin_freeze;
adt_event_data_t *event = NULL; /* event to be generated */
adt_session_data_t *ah = NULL; /* audit session handle */
/*
* Does the user have permission to use this command?
*/
if (chkauthattr(AUTHNAME_SUSPEND, user) != 1) {
(void) printf(gettext("User %s does not have correct "
"authorizations to suspend this machine.\n"), user);
exit(1);
}
if (flags & LOWPOWER) {
if (bringto_lowpower() == -1) {
(void) printf(gettext("LowPower Failed\n"));
exit(1);
}
} else if (flags & TEST) {
/*
* Test mode, do checks as if a real suspend, but
* don't actually do the suspend.
*/
/* Check if suspend is supported */
if (pm_check_suspend() == -1) {
suspend_error(errno);
}
(void) printf(gettext("TEST: Suspend would have been"
" performed\n"));
} else {
/* Check if suspend is supported */
if (pm_check_suspend() == -1) {
suspend_error(errno);
}
/*
* We are about to suspend this machine, try and
* lock the screen. We don't really care if this
* succeeds or not, but that we actually tried. We
* also know that we have sufficient privileges to
* be here, so we lock the screen now, even if
* suspend actually fails.
* Note that garbage is sometimes displayed, and
* we don't really care about it, so we toss all
* text response.
* it would also be good if there were another option
* instead of launcing a file, as the disk might be
* spun down if we are suspending due to idle.
*/
if (!(flags & NO_XLOCK)) {
(void) system("/usr/bin/xdg-screensaver lock "
" >/dev/null 2>&1");
}
/* Time to do the actual deed! */
/*
* Before we actually suspend, we need to audit and
* "suspend" the audit files.
*/
/* set up audit session and event */
if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) == 0) {
if ((event = adt_alloc_event(ah, event_id)) != NULL) {
event->adt_uadmin_freeze.fcn = fcn_id;
event->adt_uadmin_freeze.mdep = NULL;
if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
(void) fprintf(stderr, gettext(
"%s: can't put audit event\n"),
argvl[0]);
} else {
wait_for_auqueue();
}
}
(void) change_audit_file();
} else {
(void) fprintf(stderr, gettext(
"%s: can't start audit session\n"), argvl[0]);
}
if (uadmin(A_FREEZE, cprarg, 0) != 0) {
(void) printf(gettext("Suspend Failed\n"));
if (flags & FORCE) {
/*
* Note, that if we actually poweroff,
* that the poweroff function will handle
* that audit trail, and the resume
* trail is effectively done.
*/
pm_poweroff();
} else {
/* suspend_error() will exit. */
suspend_error(errno);
/*
* Audit the suspend failure and
* reuse the event, but don't create one
* if we don't already have one.
*/
if (event != NULL) {
(void) adt_put_event(event,
ADT_FAILURE, 0);
}
}
}
/*
* Write the thaw event.
*/
if (ah != NULL) {
if ((event == NULL) &&
((event = adt_alloc_event(ah, ADT_uadmin_thaw))
== NULL)) {
(void) fprintf(stderr, gettext(
"%s: can't allocate thaw audit event\n"),
argvl[0]);
} else {
event->adt_uadmin_thaw.fcn = fcn_id;
if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
(void) fprintf(stderr, gettext(
"%s: can't put thaw audit event\n"),
argvl[0]);
}
(void) adt_free_event(event);
}
}
}
if ((no_tty ? 0 : 1) && !(flags & NO_XLOCK)) {
pm_do_auth(ah);
}
(void) adt_end_session(ah);
}
static void
mdm_session_solaris_auditor_report_login_failure (MdmSessionAuditor *auditor,
int pam_error_code,
const char *pam_error_string)
{
MdmSessionSolarisAuditor *solaris_auditor;
char *hostname;
char *display_device;
adt_session_data_t *ah; /* Audit session handle */
adt_event_data_t *event; /* Event to generate */
adt_termid_t *tid; /* Terminal ID for failures */
solaris_auditor = MDM_SESSION_SOLARIS_AUDITOR (auditor);
g_object_get (G_OBJECT (auditor),
"hostname", &hostname,
"display-device", &display_device, NULL);
if (solaris_auditor->priv->user_accredited) {
if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_start_session (ADT_login, ADT_FAILURE): %m");
goto cleanup;
}
} else {
if (adt_start_session (&ah, NULL, 0) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_start_session (ADT_login, ADT_FAILURE): %m");
goto cleanup;
}
/* If display is on console or VT */
if (hostname != NULL && hostname[0] != '\0') {
/* Login from a remote host */
if (adt_load_hostname (hostname, &tid) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_loadhostname (%s): %m", hostname);
}
} else {
/* login from the local host */
if (adt_load_ttyname (display_device, &tid) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_loadhostname (localhost): %m");
}
}
if (adt_set_user (ah,
solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB,
solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB,
solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB,
solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB,
tid, ADT_NEW) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_set_user (%s): %m",
solaris_auditor->priv->username != NULL ? solaris_auditor->priv->username : "******");
}
}
event = adt_alloc_event (ah, ADT_login);
if (event == NULL) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_alloc_event (ADT_login, ADT_FAILURE): %m");
goto done;
} else if (adt_put_event (event, ADT_FAILURE,
ADT_FAIL_PAM + pam_error_code) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_put_event (ADT_login (ADT_FAIL, %s): %m",
pam_error_string);
}
if (solaris_auditor->priv->password_change_initiated) {
/* Also audit password change */
adt_free_event (event);
event = adt_alloc_event (ah, ADT_passwd);
if (event == NULL) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_alloc_event (ADT_passwd): %m");
goto done;
}
if (solaris_auditor->priv->password_changed) {
if (adt_put_event (event, ADT_SUCCESS,
ADT_SUCCESS) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_put_event (ADT_passwd, ADT_SUCCESS): "
"%m");
}
} else {
if (adt_put_event (event, ADT_FAILURE,
ADT_FAIL_PAM + pam_error_code) != 0) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_put_event (ADT_passwd, ADT_FAILURE): "
"%m");
}
}
}
adt_free_event (event);
done:
/* Reset process audit state. this process is being reused.*/
if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT,
ADT_NO_AUDIT, NULL, ADT_NEW) != 0) ||
(adt_set_proc (ah) != 0)) {
syslog (LOG_AUTH | LOG_ALERT,
"adt_put_event (ADT_login (ADT_FAILURE reset, %m)");
}
(void) adt_end_session (ah);
cleanup:
g_free (hostname);
g_free (display_device);
}
