/* * This entry point _should_ be the common entry to suspend. It is in * it's entirety here, but would be best moved to libpower when that * is available. */ static void pm_suspend(void) { int cprarg = AD_SUSPEND; enum adt_uadmin_fcn fcn_id = ADT_FCN; au_event_t event_id = ADT_uadmin_freeze; adt_event_data_t *event = NULL; /* event to be generated */ adt_session_data_t *ah = NULL; /* audit session handle */ /* * Does the user have permission to use this command? */ if (chkauthattr(AUTHNAME_SUSPEND, user) != 1) { (void) printf(gettext("User %s does not have correct " "authorizations to suspend this machine.\n"), user); exit(1); } if (flags & LOWPOWER) { if (bringto_lowpower() == -1) { (void) printf(gettext("LowPower Failed\n")); exit(1); } } else if (flags & TEST) { /* * Test mode, do checks as if a real suspend, but * don't actually do the suspend. */ /* Check if suspend is supported */ if (pm_check_suspend() == -1) { suspend_error(errno); } (void) printf(gettext("TEST: Suspend would have been" " performed\n")); } else { /* Check if suspend is supported */ if (pm_check_suspend() == -1) { suspend_error(errno); } /* * We are about to suspend this machine, try and * lock the screen. We don't really care if this * succeeds or not, but that we actually tried. We * also know that we have sufficient privileges to * be here, so we lock the screen now, even if * suspend actually fails. * Note that garbage is sometimes displayed, and * we don't really care about it, so we toss all * text response. * it would also be good if there were another option * instead of launcing a file, as the disk might be * spun down if we are suspending due to idle. */ if (!(flags & NO_XLOCK)) { (void) system("/usr/bin/xdg-screensaver lock " " >/dev/null 2>&1"); } /* Time to do the actual deed! */ /* * Before we actually suspend, we need to audit and * "suspend" the audit files. */ /* set up audit session and event */ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) == 0) { if ((event = adt_alloc_event(ah, event_id)) != NULL) { event->adt_uadmin_freeze.fcn = fcn_id; event->adt_uadmin_freeze.mdep = NULL; if (adt_put_event(event, ADT_SUCCESS, 0) != 0) { (void) fprintf(stderr, gettext( "%s: can't put audit event\n"), argvl[0]); } else { wait_for_auqueue(); } } (void) change_audit_file(); } else { (void) fprintf(stderr, gettext( "%s: can't start audit session\n"), argvl[0]); } if (uadmin(A_FREEZE, cprarg, 0) != 0) { (void) printf(gettext("Suspend Failed\n")); if (flags & FORCE) { /* * Note, that if we actually poweroff, * that the poweroff function will handle * that audit trail, and the resume * trail is effectively done. */ pm_poweroff(); } else { /* suspend_error() will exit. */ suspend_error(errno); /* * Audit the suspend failure and * reuse the event, but don't create one * if we don't already have one. */ if (event != NULL) { (void) adt_put_event(event, ADT_FAILURE, 0); } } } /* * Write the thaw event. */ if (ah != NULL) { if ((event == NULL) && ((event = adt_alloc_event(ah, ADT_uadmin_thaw)) == NULL)) { (void) fprintf(stderr, gettext( "%s: can't allocate thaw audit event\n"), argvl[0]); } else { event->adt_uadmin_thaw.fcn = fcn_id; if (adt_put_event(event, ADT_SUCCESS, 0) != 0) { (void) fprintf(stderr, gettext( "%s: can't put thaw audit event\n"), argvl[0]); } (void) adt_free_event(event); } } } if ((no_tty ? 0 : 1) && !(flags & NO_XLOCK)) { pm_do_auth(ah); } (void) adt_end_session(ah); }
static void mdm_session_solaris_auditor_report_login_failure (MdmSessionAuditor *auditor, int pam_error_code, const char *pam_error_string) { MdmSessionSolarisAuditor *solaris_auditor; char *hostname; char *display_device; adt_session_data_t *ah; /* Audit session handle */ adt_event_data_t *event; /* Event to generate */ adt_termid_t *tid; /* Terminal ID for failures */ solaris_auditor = MDM_SESSION_SOLARIS_AUDITOR (auditor); g_object_get (G_OBJECT (auditor), "hostname", &hostname, "display-device", &display_device, NULL); if (solaris_auditor->priv->user_accredited) { if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_start_session (ADT_login, ADT_FAILURE): %m"); goto cleanup; } } else { if (adt_start_session (&ah, NULL, 0) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_start_session (ADT_login, ADT_FAILURE): %m"); goto cleanup; } /* If display is on console or VT */ if (hostname != NULL && hostname[0] != '\0') { /* Login from a remote host */ if (adt_load_hostname (hostname, &tid) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_loadhostname (%s): %m", hostname); } } else { /* login from the local host */ if (adt_load_ttyname (display_device, &tid) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_loadhostname (localhost): %m"); } } if (adt_set_user (ah, solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB, solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB, solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB, solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB, tid, ADT_NEW) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_set_user (%s): %m", solaris_auditor->priv->username != NULL ? solaris_auditor->priv->username : "******"); } } event = adt_alloc_event (ah, ADT_login); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login, ADT_FAILURE): %m"); goto done; } else if (adt_put_event (event, ADT_FAILURE, ADT_FAIL_PAM + pam_error_code) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_login (ADT_FAIL, %s): %m", pam_error_string); } if (solaris_auditor->priv->password_change_initiated) { /* Also audit password change */ adt_free_event (event); event = adt_alloc_event (ah, ADT_passwd); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_passwd): %m"); goto done; } if (solaris_auditor->priv->password_changed) { if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_passwd, ADT_SUCCESS): " "%m"); } } else { if (adt_put_event (event, ADT_FAILURE, ADT_FAIL_PAM + pam_error_code) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_passwd, ADT_FAILURE): " "%m"); } } } adt_free_event (event); done: /* Reset process audit state. this process is being reused.*/ if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || (adt_set_proc (ah) != 0)) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_login (ADT_FAILURE reset, %m)"); } (void) adt_end_session (ah); cleanup: g_free (hostname); g_free (display_device); }