/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * This code has a lot in common with the original sys-suspend * code. Windowing facilities have been removed, and it has been * updated to use more recent API's. */ #include <stdio.h> #include <fcntl.h> #include <stdlib.h> #include <string.h> #include <strings.h> #include <unistd.h> #include <libintl.h> #include <locale.h> #include <utility.h> #include <signal.h> #include <errno.h> #include <setjmp.h> #include <pwd.h> #include <syslog.h> #include <sys/types.h> #include <sys/param.h> #include <sys/utsname.h> #include <sys/uadmin.h> #include <auth_attr.h> #include <auth_list.h> #include <secdb.h> #include <security/pam_appl.h> #include <utmpx.h> /* For audit */ #include <bsm/adt.h> #include <bsm/adt_event.h> #include <sys/wait.h> #include <sys/stat.h> #include <sys/pm.h> #include <dirent.h> #include <sys/cpr.h> /* STATICUSED */ struct utmpx utmp; #define NMAX (sizeof (utmp.ut_name)) /* * Authorizations used by Power Management */ #define AUTHNAME_SHUTDOWN "solaris.system.shutdown" #define AUTHNAME_SUSPEND_RAM "solaris.system.power.suspend.ram" #define AUTHNAME_SUSPEND_DISK "solaris.system.power.suspend.disk" /* Platform specific definitions */ #ifdef i386 #define AD_CHECK_SUSPEND AD_CHECK_SUSPEND_TO_RAM #define AD_SUSPEND AD_SUSPEND_TO_RAM #define ADT_FCN ADT_UADMIN_FCN_AD_SUSPEND_TO_RAM #define AUTHNAME_SUSPEND AUTHNAME_SUSPEND_RAM #else #define AD_CHECK_SUSPEND AD_CHECK_SUSPEND_TO_DISK #define AD_SUSPEND AD_SUSPEND_TO_DISK #define ADT_FCN ADT_UADMIN_FCN_AD_SUSPEND_TO_DISK #define AUTHNAME_SUSPEND AUTHNAME_SUSPEND_DISK #endif static int flags = 0; static int no_tty = 0; /* * Flag definitions - could go in a header file, but there are just a few */ #define FORCE 0x001 #define NO_WARN 0x002 #define NO_XLOCK 0x004 #define SHUTDOWN 0x008 #define LOWPOWER 0x010 #define TEST 0x800 static sigjmp_buf jmp_stack; static char user[NMAX + 1]; static char **argvl; /* * Forward Declarations. */ static void pm_poweroff(void); static int bringto_lowpower(void); static int is_mou3(void); static void suspend_error(int); static int pm_check_suspend(void); static void pm_suspend(void); static void pm_do_auth(adt_session_data_t *); /* * External Declarations. */ extern int pam_tty_conv(int, struct pam_message **, struct pam_response **, void *); extern char *optarg; /* * Audit related code. I would also think that some of this could be * in external code, as they could be useful of other apps. */ /* * Write audit event. Could be useful in the PM library, so it is * included here. For the most part it is only used by the PAM code. */ static void pm_audit_event(adt_session_data_t *ah, au_event_t event_id, int status) { adt_event_data_t *event; if ((event = adt_alloc_event(ah, event_id)) == NULL) { return; } (void) adt_put_event(event, status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE, status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAIL_PAM + status); adt_free_event(event); } #define RETRY_COUNT 15 static int change_audit_file(void) { pid_t pid; if (!adt_audit_state(AUC_AUDITING)) { /* auditd not running, just return */ return (0); } if ((pid = fork()) == 0) { (void) execl("/usr/sbin/audit", "audit", "-n", NULL); (void) fprintf(stderr, gettext("error changing audit files: " "%s\n"), strerror(errno)); _exit(-1); } else if (pid == -1) { (void) fprintf(stderr, gettext("error changing audit files: " "%s\n"), strerror(errno)); return (-1); } else { pid_t rc; int retries = RETRY_COUNT; /* * Wait for audit(1M) -n process to complete * */ do { if ((rc = waitpid(pid, NULL, WNOHANG)) == pid) { return (0); } else if (rc == -1) { return (-1); } else { (void) sleep(1); retries--; } } while (retries != 0); } return (-1); } static void wait_for_auqueue() { au_stat_t au_stat; int retries = 10; while (retries-- && auditon(A_GETSTAT, (caddr_t)&au_stat, NULL) == 0) { if (au_stat.as_enqueue == au_stat.as_written) { break; } (void) sleep(1); } } /* End of Audit-related code */ /* ARGSUSED0 */ static void alarm_handler(int sig) { siglongjmp(jmp_stack, 1); } /* * These are functions that would be candidates for moving to a library. */ /* * pm_poweroff - similar to poweroff(1M) * This should do the same auditing as poweroff(1m) would do when it * becomes a libpower function. Till then we use poweroff(1m). */ static void pm_poweroff(void) { if (chkauthattr(AUTHNAME_SHUTDOWN, user) != 1) { (void) printf(gettext("User %s does not have correct " "authorizations to shutdown this machine.\n"), user); exit(1); } openlog("suspend", 0, LOG_DAEMON); syslog(LOG_NOTICE, "System is being shut down."); closelog(); /* * Call poweroff(1m) to shut down the system. */ (void) execl("/usr/sbin/poweroff", "poweroff", NULL); } /* * pm_check_suspend() - Check to see if suspend is supported/enabled * on this machine. * Ultimately, we would prefer to get the "default" suspend type from * a PM property or some other API, but for now, we know that STR is * only available on x86 and STD is only available on Sparc. It does * make this function quite easy, though. */ static int pm_check_suspend(void) { /* * Use the uadmin(2) "CHECK" command to see if suspend is supported */ return (uadmin(A_FREEZE, AD_CHECK_SUSPEND, 0)); } /* * This entry point _should_ be the common entry to suspend. It is in * it's entirety here, but would be best moved to libpower when that * is available. */ static void pm_suspend(void) { int cprarg = AD_SUSPEND; enum adt_uadmin_fcn fcn_id = ADT_FCN; au_event_t event_id = ADT_uadmin_freeze; adt_event_data_t *event = NULL; /* event to be generated */ adt_session_data_t *ah = NULL; /* audit session handle */ /* * Does the user have permission to use this command? */ if (chkauthattr(AUTHNAME_SUSPEND, user) != 1) { (void) printf(gettext("User %s does not have correct " "authorizations to suspend this machine.\n"), user); exit(1); } if (flags & LOWPOWER) { if (bringto_lowpower() == -1) { (void) printf(gettext("LowPower Failed\n")); exit(1); } } else if (flags & TEST) { /* * Test mode, do checks as if a real suspend, but * don't actually do the suspend. */ /* Check if suspend is supported */ if (pm_check_suspend() == -1) { suspend_error(errno); } (void) printf(gettext("TEST: Suspend would have been" " performed\n")); } else { /* Check if suspend is supported */ if (pm_check_suspend() == -1) { suspend_error(errno); } /* * We are about to suspend this machine, try and * lock the screen. We don't really care if this * succeeds or not, but that we actually tried. We * also know that we have sufficient privileges to * be here, so we lock the screen now, even if * suspend actually fails. * Note that garbage is sometimes displayed, and * we don't really care about it, so we toss all * text response. * it would also be good if there were another option * instead of launcing a file, as the disk might be * spun down if we are suspending due to idle. */ if (!(flags & NO_XLOCK)) { (void) system("/usr/bin/xdg-screensaver lock " " >/dev/null 2>&1"); } /* Time to do the actual deed! */ /* * Before we actually suspend, we need to audit and * "suspend" the audit files. */ /* set up audit session and event */ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) == 0) { if ((event = adt_alloc_event(ah, event_id)) != NULL) { event->adt_uadmin_freeze.fcn = fcn_id; event->adt_uadmin_freeze.mdep = NULL; if (adt_put_event(event, ADT_SUCCESS, 0) != 0) { (void) fprintf(stderr, gettext( "%s: can't put audit event\n"), argvl[0]); } else { wait_for_auqueue(); } } (void) change_audit_file(); } else { (void) fprintf(stderr, gettext( "%s: can't start audit session\n"), argvl[0]); } if (uadmin(A_FREEZE, cprarg, 0) != 0) { (void) printf(gettext("Suspend Failed\n")); if (flags & FORCE) { /* * Note, that if we actually poweroff, * that the poweroff function will handle * that audit trail, and the resume * trail is effectively done. */ pm_poweroff(); } else { /* suspend_error() will exit. */ suspend_error(errno); /* * Audit the suspend failure and * reuse the event, but don't create one * if we don't already have one. */ if (event != NULL) { (void) adt_put_event(event, ADT_FAILURE, 0); } } } /* * Write the thaw event. */ if (ah != NULL) { if ((event == NULL) && ((event = adt_alloc_event(ah, ADT_uadmin_thaw)) == NULL)) { (void) fprintf(stderr, gettext( "%s: can't allocate thaw audit event\n"), argvl[0]); } else { event->adt_uadmin_thaw.fcn = fcn_id; if (adt_put_event(event, ADT_SUCCESS, 0) != 0) { (void) fprintf(stderr, gettext( "%s: can't put thaw audit event\n"), argvl[0]); } (void) adt_free_event(event); } } } if ((no_tty ? 0 : 1) && !(flags & NO_XLOCK)) { pm_do_auth(ah); } (void) adt_end_session(ah); } /* End of "library" functions */ /* * Print an appropriate error message and exit. */ static void suspend_error(int error) { switch (error) { case EBUSY: (void) printf(gettext("suspend: " "Suspend already in progress.\n\n")); exit(1); /*NOTREACHED*/ case ENOMEM: /*FALLTHROUGH*/ case ENOSPC: (void) printf(gettext("suspend: " "Not enough resources to suspend.\n\n")); exit(1); /*NOTREACHED*/ case ENOTSUP: (void) printf(gettext("suspend: " "Suspend is not supported.\n\n")); exit(1); /*NOTREACHED*/ case EPERM: (void) printf(gettext("suspend: " "Not sufficient privileges.\n\n")); exit(1); /*NOTREACHED*/ default: (void) printf(gettext("suspend: " "unknown error.\n\n")); exit(1); } } /* * refresh_dt() - Refresh screen when 'dtgreet' is running. * This is here for compatibility reasons, and could be removed once * dtgreet is no longer part of the system. */ static int refresh_dt() { int status; struct stat stat_buf; /* * If dtgreet exists, HUP it, otherwise just let screenlock * do it's thing. */ if ((stat("/usr/dt/bin/dtgreet", &stat_buf) == 0) && (stat_buf.st_mode & S_IXUSR)) { switch (fork()) { case -1: break; case 0: (void) close(1); (void) execl("/usr/bin/pkill", "pkill", "-HUP", "-u", "0", "-x", "dtgreet", NULL); break; default: (void) wait(&status); } } return (0); } #define DT_TMP "/var/dt/tmp" /* * On enter, the "xauthority" string has the value "XAUTHORITY=". On * return, if a Xauthority file is found, concatenate it to this string, * otherwise, return "xauthority" as it is. */ static char * get_xauthority(char *xauthority) { pid_t uid; char *home_dir; struct passwd *pwd; char filepath[MAXPATHLEN]; struct stat stat_buf; DIR *dirp; struct dirent *dp; char xauth[MAXPATHLEN] = ""; time_t latest = 0; uid = getuid(); /* * Determine home directory of the user. */ if ((home_dir = getenv("HOME")) == NULL) { if ((pwd = getpwuid(uid)) == NULL) { (void) printf(gettext("Error: unable to get passwd " "entry for user.\n")); exit(1); } home_dir = pwd->pw_dir; } if ((strlen(home_dir) + sizeof ("/.Xauthority")) >= MAXPATHLEN) { (void) printf(gettext("Error: path to home directory is too " "long.\n")); exit(1); } /* * If there is a .Xauthority file in home directory, reference it. */ /*LINTED*/ (void) sprintf(filepath, "%s/.Xauthority", home_dir); if (stat(filepath, &stat_buf) == 0) return (strcat(xauthority, filepath)); /* * If Xsession can not access user's home directory, it creates the * Xauthority file in "/var/dt/tmp" directory. Since the exact * name of the Xauthority is not known, search the directory and * find the last changed file that starts with ".Xauth" and owned * by the user. Hopefully, that is the valid Xauthority file for * the current X session. */ if ((dirp = opendir(DT_TMP)) == NULL) return (xauthority); while ((dp = readdir(dirp)) != NULL) { if (strstr(dp->d_name, ".Xauth") != NULL) { /*LINTED*/ (void) sprintf(filepath, "%s/%s", DT_TMP, dp->d_name); if (stat(filepath, &stat_buf) == -1) continue; if (stat_buf.st_uid != uid) continue; if (stat_buf.st_ctime > latest) { (void) strcpy(xauth, filepath); latest = stat_buf.st_ctime; } } } (void) closedir(dirp); return (strcat(xauthority, xauth)); } /* * suspend can be called in following ways: * 1. from daemon (powerd) for auto-shutdown. * a. there might be a OW/CDE environment * b. there might not be any windowing environment * 2. by a user entered command. * a. the command can be entered from a cmdtool type OW/CDE tool * b. the command can be entered by a user logged in on a dumb * terminal. * i) there might be a OW/CDE running on console * and we have permission to talk to it. * ii) there is no OW/CDE running on console or we * don't have permission to talk to it or console * itself is the dumb terminal we have logged into. * * In main(), we decide on the correct case and call appropriate functions. */ int main(int argc, char **argv) { int c; char display_name[MAXNAMELEN + 9] = "DISPLAY="; char xauthority[MAXPATHLEN + 12] = "XAUTHORITY="; struct passwd *pw; (void *) signal(SIGHUP, SIG_IGN); (void *) signal(SIGINT, SIG_IGN); (void *) signal(SIGQUIT, SIG_IGN); (void *) signal(SIGTSTP, SIG_IGN); (void *) signal(SIGTTIN, SIG_IGN); (void *) signal(SIGTTOU, SIG_IGN); /* * If suspend is invoked from a daemon (case 1 above), it * will not have a working stdin, stdout and stderr. We need * these to print proper error messages and possibly get user * input. We attach them to console and hope that attachment * works. */ if (ttyname(0) == NULL) { no_tty = 1; (void) dup2(open("/dev/console", O_RDONLY), 0); (void) dup2(open("/dev/console", O_WRONLY), 1); (void) dup2(open("/dev/console", O_WRONLY), 2); } while ((c = getopt(argc, argv, "fnxhtd:")) != EOF) { switch (c) { case 'f': /* * Force machine to poweroff if * suspend fails */ flags |= FORCE; break; case 'n': /* No warning popups - Obsolete */ flags |= NO_WARN; break; case 'x': /* Don't try to screenlock */ flags |= NO_XLOCK; break; case 'h': /* Do a shutdown instead of suspend */ flags |= SHUTDOWN; break; case 'd': /* Needswork */ /* Set the DISPLAY value in the environment */ if (strlen(optarg) >= MAXNAMELEN) { (void) printf(gettext("Error: " "display name is too long.\n")); return (1); } (void) strcat(display_name, optarg); if (putenv(display_name) != 0) { (void) printf(gettext("Error: " "unable to set DISPLAY " "environment variable.\n")); return (1); } break; case 't': /* Test, don't actually do any operation */ flags |= TEST; break; default: (void) printf(gettext("USAGE: suspend " "[-fnxh] [-d <display>]\n")); return (1); break; } } /* * The action of pressing power key and power button on a MOU-3 machine * causes suspend being invoked with SYSSUSPENDDODEFAULT * enviromental variable set - indicating the default action is machine * dependent: for MOU-3 type machine, "LowPower" mode is the default, * for all the rest, "Suspend" is the default. Existing suspend * flags works the same. */ if (getenv("SYSSUSPENDDODEFAULT")) if (is_mou3()) flags |= LOWPOWER; if ((flags & FORCE) && (flags & LOWPOWER)) flags &= ~LOWPOWER; /* * Flag "-h" overrides flag "-f". */ if ((flags & SHUTDOWN) && (flags & FORCE)) flags &= ~(FORCE | LOWPOWER); if (flags & FORCE) flags |= NO_WARN; /* * Check initally if the user has the authorizations to * do either a suspend or shutdown. pm_suspend() will also * make this test, so we could defer till then, but if we * do it now, we at least prevent a lot of unneeded setup. */ pw = getpwuid(getuid()); (void) strncpy(user, pw->pw_name, NMAX); if ((flags & (FORCE|SHUTDOWN)) && (chkauthattr(AUTHNAME_SHUTDOWN, pw->pw_name) != 1)) { (void) printf(gettext("User does not have correct " "authorizations to shutdown the machine.\n")); exit(1); } if (!(flags & SHUTDOWN) && (chkauthattr(AUTHNAME_SUSPEND, pw->pw_name) != 1)) { (void) printf(gettext("User does not have correct " "authorizations to suspend.\n")); exit(1); } /* * If we are only shutting down, there isn't much to do, just * call pm_poweroff(), and let it do all the work. */ if (flags & SHUTDOWN) { /* * pm_poweroff either powers off or exits, * so there is no return. */ if (flags & TEST) { (void) printf("TEST: This machine would have " "powered off\n"); exit(1); } else { pm_poweroff(); } /* NOTREACHED */ } /* * If XAUTHORITY environment variable is not set, try to set * one up. */ if (getenv("XAUTHORITY") == NULL) (void) putenv(get_xauthority(xauthority)); /* * In case of "suspend" being called from daemon "powerd", * signal SIGALRM is blocked so use "sigset()" instead of "signal()". */ (void *) sigset(SIGALRM, alarm_handler); /* Call the "suspend" function to do the last of the work */ pm_suspend(); if (refresh_dt() == -1) { (void) printf("%s: Failed to refresh screen.\n", argv[0]); return (1); } return (0); } #include <sys/pm.h> /* * Note that some of these functions are more relevant to Sparc platforms, * but they do function properly on other platforms, they just don't do * as much. */ /* * bringto_lowpower() * This tells the PM framework to put the devices it controls in an idle * state. The framework only complains if a device that *must* be idle * doesn't succeed in getting there. */ static int bringto_lowpower() { int fd; if ((fd = open("/dev/pm", O_RDWR)) < 0) { (void) printf(gettext("Can't open /dev/pm\n")); return (-1); } if (ioctl(fd, PM_IDLE_DOWN, NULL) < 0) { (void) printf(gettext("Failed to bring system " "to low power mode.\n")); (void) close(fd); return (-1); } (void) close(fd); return (0); } #include <sys/cpr.h> /* * Though this test is predominantly used on Sparc, it will run on other * platforms, and might be usefull one day on those. */ static int is_mou3() { struct cprconfig cf; int fd; int found = 0; if ((fd = open(CPR_CONFIG, O_RDONLY)) < 0) { (void) printf(gettext("Can't open /etc/.cpr_config file.")); return (found); } if (read(fd, (void *) &cf, sizeof (cf)) != sizeof (cf)) { (void) printf(gettext("Can't read /etc/.cpr_config file.")); } else { found = cf.is_autopm_default; } (void) close(fd); return (found); } /* * Reauthenticate the user on return from suspend. * This is here and not in the PAM-specific file, as there are * items specific to sys-suspend, and not generic to PAM. This may * become part of a future PM library. The audit handle is passed, * as the pm_suspend code actually starts an audit session, so it * makes sense to just continue to use it. If it were separated * from the pm_suspend code, it will need to open a new session. */ #define DEF_ATTEMPTS 3 static void pm_do_auth(adt_session_data_t *ah) { pam_handle_t *pm_pamh; int err; int pam_flag = 0; int chpasswd_tries; struct pam_conv pam_conv = {pam_tty_conv, NULL}; if (user[0] == '\0') return; if ((err = pam_start("sys-suspend", user, &pam_conv, &pm_pamh)) != PAM_SUCCESS) return; pam_flag = PAM_DISALLOW_NULL_AUTHTOK; do { err = pam_authenticate(pm_pamh, pam_flag); if (err == PAM_SUCCESS) { err = pam_acct_mgmt(pm_pamh, pam_flag); if (err == PAM_NEW_AUTHTOK_REQD) { chpasswd_tries = 0; do { err = pam_chauthtok(pm_pamh, PAM_CHANGE_EXPIRED_AUTHTOK); chpasswd_tries++; } while ((err == PAM_AUTHTOK_ERR || err == PAM_TRY_AGAIN) && chpasswd_tries < DEF_ATTEMPTS); pm_audit_event(ah, ADT_passwd, err); } err = pam_setcred(pm_pamh, PAM_REFRESH_CRED); } if (err != PAM_SUCCESS) { (void) fprintf(stdout, "%s\n", pam_strerror(pm_pamh, err)); pm_audit_event(ah, ADT_screenunlock, err); } } while (err != PAM_SUCCESS); pm_audit_event(ah, ADT_passwd, 0); (void) pam_end(pm_pamh, err); }