1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2013 Gary Mills
24 *
25 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
26 */
27
28 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
29 /* All Rights Reserved */
30
31 /*
32 * University Copyright- Copyright (c) 1982, 1986, 1988
33 * The Regents of the University of California
34 * All Rights Reserved
35 *
36 * University Acknowledgment- Portions of this document are derived from
37 * software developed by the University of California, Berkeley, and its
38 * contributors.
39 */
40
41 /*
42 * init(1M) is the general process spawning program. Its primary job is to
43 * start and restart svc.startd for smf(5). For backwards-compatibility it also
44 * spawns and respawns processes according to /etc/inittab and the current
45 * run-level. It reads /etc/default/inittab for general configuration.
46 *
47 * To change run-levels the system administrator runs init from the command
48 * line with a level name. init signals svc.startd via libscf and directs the
49 * zone's init (pid 1 in the global zone) what to do by sending it a signal;
50 * these signal numbers are commonly refered to in the code as 'states'. Valid
51 * run-levels are [sS0123456]. Additionally, init can be given directives
52 * [qQabc], which indicate actions to be taken pertaining to /etc/inittab.
53 *
54 * When init processes inittab entries, it finds processes that are to be
55 * spawned at various run-levels. inittab contains the set of the levels for
56 * which each inittab entry is valid.
57 *
58 * State File and Restartability
59 * Premature exit by init(1M) is handled as a special case by the kernel:
60 * init(1M) will be immediately re-executed, retaining its original PID. (PID
61 * 1 in the global zone.) To track the processes it has previously spawned,
62 * as well as other mutable state, init(1M) regularly updates a state file
63 * such that its subsequent invocations have knowledge of its various
64 * dependent processes and duties.
65 *
66 * Process Contracts
67 * We start svc.startd(1M) in a contract and transfer inherited contracts when
68 * restarting it. Everything else is started using the legacy contract
69 * template, and the created contracts are abandoned when they become empty.
70 *
71 * utmpx Entry Handling
72 * Because init(1M) no longer governs the startup process, its knowledge of
73 * when utmpx becomes writable is indirect. However, spawned processes
74 * expect to be constructed with valid utmpx entries. As a result, attempts
75 * to write normal entries will be retried until successful.
76 *
77 * Maintenance Mode
78 * In certain failure scenarios, init(1M) will enter a maintenance mode, in
79 * which it invokes sulogin(1M) to allow the operator an opportunity to
80 * repair the system. Normally, this operation is performed as a
81 * fork(2)-exec(2)-waitpid(3C) sequence with the parent waiting for repair or
82 * diagnosis to be completed. In the cases that fork(2) requests themselves
83 * fail, init(1M) will directly execute sulogin(1M), and allow the kernel to
84 * restart init(1M) on exit from the operator session.
85 *
86 * One scenario where init(1M) enters its maintenance mode is when
87 * svc.startd(1M) begins to fail rapidly, defined as when the average time
88 * between recent failures drops below a given threshold.
89 */
90
91 #include <sys/contract/process.h>
92 #include <sys/ctfs.h>
93 #include <sys/stat.h>
94 #include <sys/statvfs.h>
95 #include <sys/stropts.h>
96 #include <sys/systeminfo.h>
97 #include <sys/time.h>
98 #include <sys/termios.h>
99 #include <sys/tty.h>
100 #include <sys/types.h>
101 #include <sys/utsname.h>
102
103 #include <bsm/adt_event.h>
104 #include <bsm/libbsm.h>
105 #include <security/pam_appl.h>
106
107 #include <assert.h>
108 #include <ctype.h>
109 #include <dirent.h>
110 #include <errno.h>
111 #include <fcntl.h>
112 #include <libcontract.h>
113 #include <libcontract_priv.h>
114 #include <libintl.h>
115 #include <libscf.h>
116 #include <libscf_priv.h>
117 #include <poll.h>
118 #include <procfs.h>
119 #include <signal.h>
120 #include <stdarg.h>
121 #include <stdio.h>
122 #include <stdio_ext.h>
123 #include <stdlib.h>
124 #include <string.h>
125 #include <strings.h>
126 #include <syslog.h>
127 #include <time.h>
128 #include <ulimit.h>
129 #include <unistd.h>
130 #include <utmpx.h>
131 #include <wait.h>
132 #include <zone.h>
133 #include <ucontext.h>
134
135 #undef sleep
136
137 #define fioctl(p, sptr, cmd) ioctl(fileno(p), sptr, cmd)
138 #define min(a, b) (((a) < (b)) ? (a) : (b))
139
140 #define TRUE 1
141 #define FALSE 0
142 #define FAILURE -1
143
144 #define UT_USER_SZ 32 /* Size of a utmpx ut_user field */
145 #define UT_LINE_SZ 32 /* Size of a utmpx ut_line field */
146
147 /*
148 * SLEEPTIME The number of seconds "init" sleeps between wakeups if
149 * nothing else requires this "init" wakeup.
150 */
151 #define SLEEPTIME (5 * 60)
152
153 /*
154 * MAXCMDL The maximum length of a command string in inittab.
155 */
156 #define MAXCMDL 512
157
158 /*
159 * EXEC The length of the prefix string added to all comamnds
160 * found in inittab.
161 */
162 #define EXEC (sizeof ("exec ") - 1)
163
164 /*
165 * TWARN The amount of time between warning signal, SIGTERM,
166 * and the fatal kill signal, SIGKILL.
167 */
168 #define TWARN 5
169
170 #define id_eq(x, y) ((x[0] == y[0] && x[1] == y[1] && x[2] == y[2] &&\
171 x[3] == y[3]) ? TRUE : FALSE)
172
173 /*
174 * The kernel's default umask is 022 these days; since some processes inherit
175 * their umask from init, init will set it from CMASK in /etc/default/init.
176 * init gets the default umask from the kernel, it sets it to 022 whenever
177 * it wants to create a file and reverts to CMASK afterwards.
178 */
179
180 static int cmask;
181
182 /*
183 * The following definitions, concluding with the 'lvls' array, provide a
184 * common mapping between level-name (like 'S'), signal number (state),
185 * run-level mask, and specific properties associated with a run-level.
186 * This array should be accessed using the routines lvlname_to_state(),
187 * lvlname_to_mask(), state_to_mask(), and state_to_flags().
188 */
189
190 /*
191 * Correspondence of signals to init actions.
192 */
193 #define LVLQ SIGHUP
194 #define LVL0 SIGINT
195 #define LVL1 SIGQUIT
196 #define LVL2 SIGILL
197 #define LVL3 SIGTRAP
198 #define LVL4 SIGIOT
199 #define LVL5 SIGEMT
200 #define LVL6 SIGFPE
201 #define SINGLE_USER SIGBUS
202 #define LVLa SIGSEGV
203 #define LVLb SIGSYS
204 #define LVLc SIGPIPE
205
206 /*
207 * Bit Mask for each level. Used to determine legal levels.
208 */
209 #define MASK0 0x0001
210 #define MASK1 0x0002
211 #define MASK2 0x0004
212 #define MASK3 0x0008
213 #define MASK4 0x0010
214 #define MASK5 0x0020
215 #define MASK6 0x0040
216 #define MASKSU 0x0080
217 #define MASKa 0x0100
218 #define MASKb 0x0200
219 #define MASKc 0x0400
220
221 #define MASK_NUMERIC (MASK0 | MASK1 | MASK2 | MASK3 | MASK4 | MASK5 | MASK6)
222 #define MASK_abc (MASKa | MASKb | MASKc)
223
224 /*
225 * Flags to indicate properties of various states.
226 */
227 #define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */
228
229 typedef struct lvl {
230 int lvl_state;
231 int lvl_mask;
232 char lvl_name;
233 int lvl_flags;
234 } lvl_t;
235
236 static lvl_t lvls[] = {
237 { LVLQ, 0, 'Q', 0 },
238 { LVLQ, 0, 'q', 0 },
239 { LVL0, MASK0, '0', LSEL_RUNLEVEL },
240 { LVL1, MASK1, '1', LSEL_RUNLEVEL },
241 { LVL2, MASK2, '2', LSEL_RUNLEVEL },
242 { LVL3, MASK3, '3', LSEL_RUNLEVEL },
243 { LVL4, MASK4, '4', LSEL_RUNLEVEL },
244 { LVL5, MASK5, '5', LSEL_RUNLEVEL },
245 { LVL6, MASK6, '6', LSEL_RUNLEVEL },
246 { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL },
247 { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL },
248 { LVLa, MASKa, 'a', 0 },
249 { LVLb, MASKb, 'b', 0 },
250 { LVLc, MASKc, 'c', 0 }
251 };
252
253 #define LVL_NELEMS (sizeof (lvls) / sizeof (lvl_t))
254
255 /*
256 * Legal action field values.
257 */
258 #define OFF 0 /* Kill process if on, else ignore */
259 #define RESPAWN 1 /* Continuously restart process when it dies */
260 #define ONDEMAND RESPAWN /* Respawn for a, b, c type processes */
261 #define ONCE 2 /* Start process, do not respawn when dead */
262 #define WAIT 3 /* Perform once and wait to complete */
263 #define BOOT 4 /* Start at boot time only */
264 #define BOOTWAIT 5 /* Start at boot time and wait to complete */
265 #define POWERFAIL 6 /* Start on powerfail */
266 #define POWERWAIT 7 /* Start and wait for complete on powerfail */
267 #define INITDEFAULT 8 /* Default level "init" should start at */
268 #define SYSINIT 9 /* Actions performed before init speaks */
269
270 #define M_OFF 0001
271 #define M_RESPAWN 0002
272 #define M_ONDEMAND M_RESPAWN
273 #define M_ONCE 0004
274 #define M_WAIT 0010
275 #define M_BOOT 0020
276 #define M_BOOTWAIT 0040
277 #define M_PF 0100
278 #define M_PWAIT 0200
279 #define M_INITDEFAULT 0400
280 #define M_SYSINIT 01000
281
282 /* States for the inittab parser in getcmd(). */
283 #define ID 1
284 #define LEVELS 2
285 #define ACTION 3
286 #define COMMAND 4
287 #define COMMENT 5
288
289 /*
290 * inittab entry id constants
291 */
292 #define INITTAB_ENTRY_ID_SIZE 4
293 #define INITTAB_ENTRY_ID_STR_FORMAT "%.4s" /* if INITTAB_ENTRY_ID_SIZE */
294 /* changes, this should */
295 /* change accordingly */
296
297 /*
298 * Init can be in any of three main states, "normal" mode where it is
299 * processing entries for the lines file in a normal fashion, "boot" mode,
300 * where it is only interested in the boot actions, and "powerfail" mode,
301 * where it is only interested in powerfail related actions. The following
302 * masks declare the legal actions for each mode.
303 */
304 #define NORMAL_MODES (M_OFF | M_RESPAWN | M_ONCE | M_WAIT)
305 #define BOOT_MODES (M_BOOT | M_BOOTWAIT)
306 #define PF_MODES (M_PF | M_PWAIT)
307
308 struct PROC_TABLE {
309 char p_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */
310 /* process */
311 pid_t p_pid; /* Process id */
312 short p_count; /* How many respawns of this command in */
313 /* the current series */
314 long p_time; /* Start time for a series of respawns */
315 short p_flags;
316 short p_exit; /* Exit status of a process which died */
317 };
318
319 /*
320 * Flags for the "p_flags" word of a PROC_TABLE entry:
321 *
322 * OCCUPIED This slot in init's proc table is in use.
323 *
324 * LIVING Process is alive.
325 *
326 * NOCLEANUP efork() is not allowed to cleanup this entry even
327 * if process is dead.
328 *
329 * NAMED This process has a name, i.e. came from inittab.
330 *
331 * DEMANDREQUEST Process started by a "telinit [abc]" command. Processes
332 * formed this way are respawnable and immune to level
333 * changes as long as their entry exists in inittab.
334 *
335 * TOUCHED Flag used by remv() to determine whether it has looked
336 * at an entry while checking for processes to be killed.
337 *
338 * WARNED Flag used by remv() to mark processes that have been
339 * sent the SIGTERM signal. If they don't die in 5
340 * seconds, they are sent the SIGKILL signal.
341 *
342 * KILLED Flag used by remv() to mark procs that have been sent
343 * the SIGTERM and SIGKILL signals.
344 *
345 * PF_MASK Bitwise or of legal flags, for sanity checking.
346 */
347 #define OCCUPIED 01
348 #define LIVING 02
349 #define NOCLEANUP 04
350 #define NAMED 010
351 #define DEMANDREQUEST 020
352 #define TOUCHED 040
353 #define WARNED 0100
354 #define KILLED 0200
355 #define PF_MASK 0377
356
357 /*
358 * Respawn limits for processes that are to be respawned:
359 *
360 * SPAWN_INTERVAL The number of seconds over which "init" will try to
361 * respawn a process SPAWN_LIMIT times before it gets mad.
362 *
363 * SPAWN_LIMIT The number of respawns "init" will attempt in
364 * SPAWN_INTERVAL seconds before it generates an
365 * error message and inhibits further tries for
366 * INHIBIT seconds.
367 *
368 * INHIBIT The number of seconds "init" ignores an entry it had
369 * trouble spawning unless a "telinit Q" is received.
370 */
371
372 #define SPAWN_INTERVAL (2*60)
373 #define SPAWN_LIMIT 10
374 #define INHIBIT (5*60)
375
376 /*
377 * The maximum number of decimal digits for an id_t. (ceil(log10 (max_id)))
378 */
379 #define ID_MAX_STR_LEN 10
380
381 #define NULLPROC ((struct PROC_TABLE *)(0))
382 #define NO_ROOM ((struct PROC_TABLE *)(FAILURE))
383
384 struct CMD_LINE {
385 char c_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */
386 /* process to be affected by */
387 /* action */
388 short c_levels; /* Mask of legal levels for process */
389 short c_action; /* Mask for type of action required */
390 char *c_command; /* Pointer to init command */
391 };
392
393 struct pidrec {
394 int pd_type; /* Command type */
395 pid_t pd_pid; /* pid to add or remove */
396 };
397
398 /*
399 * pd_type's
400 */
401 #define ADDPID 1
402 #define REMPID 2
403
404 static struct pidlist {
405 pid_t pl_pid; /* pid to watch for */
406 int pl_dflag; /* Flag indicating SIGCLD from this pid */
407 short pl_exit; /* Exit status of proc */
408 struct pidlist *pl_next; /* Next in list */
409 } *Plhead, *Plfree;
410
411 /*
412 * The following structure contains a set of modes for /dev/syscon
413 * and should match the default contents of /etc/ioctl.syscon. It should also
414 * be kept in-sync with base_termios in uts/common/io/ttcompat.c.
415 */
416 static struct termios dflt_termios = {
417 BRKINT|ICRNL|IXON|IMAXBEL, /* iflag */
418 OPOST|ONLCR|TAB3, /* oflag */
419 CS8|CREAD|B9600, /* cflag */
420 ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN, /* lflag */
421 CINTR, CQUIT, CERASE, CKILL, CEOF, 0, 0, 0,
422 0, 0, 0, 0, 0, 0, 0, 0,
423 0, 0, 0
424 };
425
426 static struct termios stored_syscon_termios;
427 static int write_ioctl = 0; /* Rewrite /etc/ioctl.syscon */
428
429 static union WAKEUP {
430 struct WAKEFLAGS {
431 unsigned w_usersignal : 1; /* User sent signal to "init" */
432 unsigned w_childdeath : 1; /* An "init" child died */
433 unsigned w_powerhit : 1; /* OS experienced powerfail */
434 } w_flags;
435 int w_mask;
436 } wakeup;
437
438
439 struct init_state {
440 int ist_runlevel;
441 int ist_num_proc;
442 int ist_utmpx_ok;
443 struct PROC_TABLE ist_proc_table[1];
444 };
445
446 #define cur_state (g_state->ist_runlevel)
447 #define num_proc (g_state->ist_num_proc)
448 #define proc_table (g_state->ist_proc_table)
449 #define utmpx_ok (g_state->ist_utmpx_ok)
450
451 /* Contract cookies. */
452 #define ORDINARY_COOKIE 0
453 #define STARTD_COOKIE 1
454
455
456 #ifndef NDEBUG
457 #define bad_error(func, err) { \
458 (void) fprintf(stderr, "%s:%d: %s() failed with unexpected " \
459 "error %d. Aborting.\n", __FILE__, __LINE__, (func), (err)); \
460 abort(); \
461 }
462 #else
463 #define bad_error(func, err) abort()
464 #endif
465
466
467 /*
468 * Useful file and device names.
469 */
470 static char *CONSOLE = "/dev/console"; /* Real system console */
471 static char *INITPIPE_DIR = "/var/run";
472 static char *INITPIPE = "/var/run/initpipe";
473
474 #define INIT_STATE_DIR "/etc/svc/volatile"
475 static const char * const init_state_file = INIT_STATE_DIR "/init.state";
476 static const char * const init_next_state_file =
477 INIT_STATE_DIR "/init-next.state";
478
479 static const int init_num_proc = 20; /* Initial size of process table. */
480
481 static char *UTMPX = UTMPX_FILE; /* Snapshot record file */
482 static char *WTMPX = WTMPX_FILE; /* Long term record file */
483 static char *INITTAB = "/etc/inittab"; /* Script file for "init" */
484 static char *SYSTTY = "/dev/systty"; /* System Console */
485 static char *SYSCON = "/dev/syscon"; /* Virtual System console */
486 static char *IOCTLSYSCON = "/etc/ioctl.syscon"; /* Last syscon modes */
487 static char *ENVFILE = "/etc/default/init"; /* Default env. */
488 static char *SU = "/etc/sulogin"; /* Super-user program for single user */
489 static char *SH = "/sbin/sh"; /* Standard shell */
490
491 /*
492 * Default Path. /sbin is included in path only during sysinit phase
493 */
494 #define DEF_PATH "PATH=/usr/sbin:/usr/bin"
495 #define INIT_PATH "PATH=/sbin:/usr/sbin:/usr/bin"
496
497 static int prior_state;
498 static int prev_state; /* State "init" was in last time it woke */
499 static int new_state; /* State user wants "init" to go to. */
500 static int lvlq_received; /* Explicit request to examine state */
501 static int op_modes = BOOT_MODES; /* Current state of "init" */
502 static int Gchild = 0; /* Flag to indicate "godchild" died, set in */
503 /* childeath() and cleared in cleanaux() */
504 static int Pfd = -1; /* fd to receive pids thru */
505 static unsigned int spawncnt, pausecnt;
506 static int rsflag; /* Set if a respawn has taken place */
507 static volatile int time_up; /* Flag set to TRUE by the alarm interrupt */
508 /* routine each time an alarm interrupt */
509 /* takes place. */
510 static int sflg = 0; /* Set if we were booted -s to single user */
511 static int rflg = 0; /* Set if booted -r, reconfigure devices */
512 static int bflg = 0; /* Set if booted -b, don't run rc scripts */
513 static pid_t init_pid; /* PID of "one true" init for current zone */
514
515 static struct init_state *g_state = NULL;
516 static size_t g_state_sz;
517 static int booting = 1; /* Set while we're booting. */
518
519 /*
520 * Array for default global environment.
521 */
522 #define MAXENVENT 24 /* Max number of default env variables + 1 */
523 /* init can use three itself, so this leaves */
524 /* 20 for the administrator in ENVFILE. */
525 static char *glob_envp[MAXENVENT]; /* Array of environment strings */
526 static int glob_envn; /* Number of environment strings */
527
528
529 static struct pollfd poll_fds[1];
530 static int poll_nfds = 0; /* poll_fds is uninitialized */
531
532 /*
533 * Contracts constants
534 */
535 #define SVC_INIT_PREFIX "init:/"
536 #define SVC_AUX_SIZE (INITTAB_ENTRY_ID_SIZE + 1)
537 #define SVC_FMRI_SIZE (sizeof (SVC_INIT_PREFIX) + INITTAB_ENTRY_ID_SIZE)
538
539 static int legacy_tmpl = -1; /* fd for legacy contract template */
540 static int startd_tmpl = -1; /* fd for svc.startd's template */
541 static char startd_svc_aux[SVC_AUX_SIZE];
542
543 static char startd_cline[256] = ""; /* svc.startd's command line */
544 static int do_restart_startd = 1; /* Whether to restart svc.startd. */
545 static char *smf_options = NULL; /* Options to give to startd. */
546 static int smf_debug = 0; /* Messages for debugging smf(5) */
547 static time_t init_boot_time; /* Substitute for kernel boot time. */
548
549 #define NSTARTD_FAILURE_TIMES 3 /* trigger after 3 failures */
550 #define STARTD_FAILURE_RATE_NS 5000000000LL /* 1 failure/5 seconds */
551
552 static hrtime_t startd_failure_time[NSTARTD_FAILURE_TIMES];
553 static uint_t startd_failure_index;
554
555
556 static char *prog_name(char *);
557 static int state_to_mask(int);
558 static int lvlname_to_mask(char, int *);
559 static void lscf_set_runlevel(char);
560 static int state_to_flags(int);
561 static char state_to_name(int);
562 static int lvlname_to_state(char);
563 static int getcmd(struct CMD_LINE *, char *);
564 static int realcon();
565 static int spawn_processes();
566 static int get_ioctl_syscon();
567 static int account(short, struct PROC_TABLE *, char *);
568 static void alarmclk();
569 static void childeath(int);
570 static void cleanaux();
571 static void clearent(pid_t, short);
572 static void console(boolean_t, char *, ...);
573 static void init_signals(void);
574 static void setup_pipe();
575 static void killproc(pid_t);
576 static void init_env();
577 static void boot_init();
578 static void powerfail();
579 static void remv();
580 static void write_ioctl_syscon();
581 static void spawn(struct PROC_TABLE *, struct CMD_LINE *);
582 static void setimer(int);
583 static void siglvl(int, siginfo_t *, ucontext_t *);
584 static void sigpoll(int);
585 static void enter_maintenance(void);
586 static void timer(int);
587 static void userinit(int, char **);
588 static void notify_pam_dead(struct utmpx *);
589 static long waitproc(struct PROC_TABLE *);
590 static struct PROC_TABLE *efork(int, struct PROC_TABLE *, int);
591 static struct PROC_TABLE *findpslot(struct CMD_LINE *);
592 static void increase_proc_table_size();
593 static void st_init();
594 static void st_write();
595 static void contracts_init();
596 static void contract_event(struct pollfd *);
597 static int startd_run(const char *, int, ctid_t);
598 static void startd_record_failure();
599 static int startd_failure_rate_critical();
600 static char *audit_boot_msg();
601 static int audit_put_record(int, int, char *);
602 static void update_boot_archive(int new_state);
603
604 int
main(int argc,char * argv[])605 main(int argc, char *argv[])
606 {
607 int chg_lvl_flag = FALSE, print_banner = FALSE;
608 int may_need_audit = 1;
609 int c;
610 char *msg;
611
612 /* Get a timestamp for use as boot time, if needed. */
613 (void) time(&init_boot_time);
614
615 /* Get the default umask */
616 cmask = umask(022);
617 (void) umask(cmask);
618
619 /* Parse the arguments to init. Check for single user */
620 opterr = 0;
621 while ((c = getopt(argc, argv, "brsm:")) != EOF) {
622 switch (c) {
623 case 'b':
624 rflg = 0;
625 bflg = 1;
626 if (!sflg)
627 sflg++;
628 break;
629 case 'r':
630 bflg = 0;
631 rflg++;
632 break;
633 case 's':
634 if (!bflg)
635 sflg++;
636 break;
637 case 'm':
638 smf_options = optarg;
639 smf_debug = (strstr(smf_options, "debug") != NULL);
640 break;
641 }
642 }
643
644 /*
645 * Determine if we are the main init, or a user invoked init, whose job
646 * it is to inform init to change levels or perform some other action.
647 */
648 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid,
649 sizeof (init_pid)) != sizeof (init_pid)) {
650 (void) fprintf(stderr, "could not get pid for init\n");
651 return (1);
652 }
653
654 /*
655 * If this PID is not the same as the "true" init for the zone, then we
656 * must be in 'user' mode.
657 */
658 if (getpid() != init_pid) {
659 userinit(argc, argv);
660 }
661
662 if (getzoneid() != GLOBAL_ZONEID) {
663 print_banner = TRUE;
664 }
665
666 /*
667 * Initialize state (and set "booting").
668 */
669 st_init();
670
671 if (booting && print_banner) {
672 struct utsname un;
673 char buf[BUFSIZ], *isa;
674 long ret;
675 int bits = 32;
676
677 /*
678 * We want to print the boot banner as soon as
679 * possible. In the global zone, the kernel does it,
680 * but we do not have that luxury in non-global zones,
681 * so we will print it here.
682 */
683 (void) uname(&un);
684 ret = sysinfo(SI_ISALIST, buf, sizeof (buf));
685 if (ret != -1L && ret <= sizeof (buf)) {
686 for (isa = strtok(buf, " "); isa;
687 isa = strtok(NULL, " ")) {
688 if (strcmp(isa, "sparcv9") == 0 ||
689 strcmp(isa, "amd64") == 0) {
690 bits = 64;
691 break;
692 }
693 }
694 }
695
696 console(B_FALSE,
697 "\n\n%s Release %s Version %s %d-bit\r\n",
698 un.sysname, un.release, un.version, bits);
699 console(B_FALSE,
700 "Copyright (c) 1983, 2010, Oracle and/or its affiliates."
701 " All rights reserved.\r\n");
702 }
703
704 /*
705 * Get the ioctl settings for /dev/syscon from /etc/ioctl.syscon
706 * so that it can be brought up in the state it was in when the
707 * system went down; or set to defaults if ioctl.syscon isn't
708 * valid.
709 *
710 * This needs to be done even if we're restarting so reset_modes()
711 * will work in case we need to go down to single user mode.
712 */
713 write_ioctl = get_ioctl_syscon();
714
715 /*
716 * Set up all signals to be caught or ignored as appropriate.
717 */
718 init_signals();
719
720 /* Load glob_envp from ENVFILE. */
721 init_env();
722
723 contracts_init();
724
725 if (!booting) {
726 /* cur_state should have been read in. */
727
728 op_modes = NORMAL_MODES;
729
730 /* Rewrite the ioctl file if it was bad. */
731 if (write_ioctl)
732 write_ioctl_syscon();
733 } else {
734 /*
735 * It's fine to boot up with state as zero, because
736 * startd will later tell us the real state.
737 */
738 cur_state = 0;
739 op_modes = BOOT_MODES;
740
741 boot_init();
742 }
743
744 prev_state = prior_state = cur_state;
745
746 setup_pipe();
747
748 /*
749 * Here is the beginning of the main process loop.
750 */
751 for (;;) {
752 if (lvlq_received) {
753 setup_pipe();
754 lvlq_received = B_FALSE;
755 }
756
757 /*
758 * Clean up any accounting records for dead "godchildren".
759 */
760 if (Gchild)
761 cleanaux();
762
763 /*
764 * If in "normal" mode, check all living processes and initiate
765 * kill sequence on those that should not be there anymore.
766 */
767 if (op_modes == NORMAL_MODES && cur_state != LVLa &&
768 cur_state != LVLb && cur_state != LVLc)
769 remv();
770
771 /*
772 * If a change in run levels is the reason we awoke, now do
773 * the accounting to report the change in the utmp file.
774 * Also report the change on the system console.
775 */
776 if (chg_lvl_flag) {
777 chg_lvl_flag = FALSE;
778
779 if (state_to_flags(cur_state) & LSEL_RUNLEVEL) {
780 char rl = state_to_name(cur_state);
781
782 if (rl != -1)
783 lscf_set_runlevel(rl);
784 }
785
786 may_need_audit = 1;
787 }
788
789 /*
790 * Scan the inittab file and spawn and respawn processes that
791 * should be alive in the current state. If inittab does not
792 * exist default to single user mode.
793 */
794 if (spawn_processes() == FAILURE) {
795 prior_state = prev_state;
796 cur_state = SINGLE_USER;
797 }
798
799 /* If any respawns occurred, take note. */
800 if (rsflag) {
801 rsflag = 0;
802 spawncnt++;
803 }
804
805 /*
806 * If a powerfail signal was received during the last
807 * sequence, set mode to powerfail. When spawn_processes() is
808 * entered the first thing it does is to check "powerhit". If
809 * it is in PF_MODES then it clears "powerhit" and does
810 * a powerfail sequence. If it is not in PF_MODES, then it
811 * puts itself in PF_MODES and then clears "powerhit". Should
812 * "powerhit" get set again while spawn_processes() is working
813 * on a powerfail sequence, the following code will see that
814 * spawn_processes() tries to execute the powerfail sequence
815 * again. This guarantees that the powerfail sequence will be
816 * successfully completed before further processing takes
817 * place.
818 */
819 if (wakeup.w_flags.w_powerhit) {
820 op_modes = PF_MODES;
821 /*
822 * Make sure that cur_state != prev_state so that
823 * ONCE and WAIT types work.
824 */
825 prev_state = 0;
826 } else if (op_modes != NORMAL_MODES) {
827 /*
828 * If spawn_processes() was not just called while in
829 * normal mode, we set the mode to normal and it will
830 * be called again to check normal modes. If we have
831 * just finished a powerfail sequence with prev_state
832 * equal to zero, we set prev_state equal to cur_state
833 * before the next pass through.
834 */
835 if (op_modes == PF_MODES)
836 prev_state = cur_state;
837 op_modes = NORMAL_MODES;
838 } else if (cur_state == LVLa || cur_state == LVLb ||
839 cur_state == LVLc) {
840 /*
841 * If it was a change of levels that awakened us and the
842 * new level is one of the demand levels then reset
843 * cur_state to the previous state and do another scan
844 * to take care of the usual respawn actions.
845 */
846 cur_state = prior_state;
847 prior_state = prev_state;
848 prev_state = cur_state;
849 } else {
850 prev_state = cur_state;
851
852 if (wakeup.w_mask == 0) {
853 int ret;
854
855 if (may_need_audit && (cur_state == LVL3)) {
856 msg = audit_boot_msg();
857
858 may_need_audit = 0;
859 (void) audit_put_record(ADT_SUCCESS,
860 ADT_SUCCESS, msg);
861 free(msg);
862 }
863
864 /*
865 * "init" is finished with all actions for
866 * the current wakeup.
867 */
868 ret = poll(poll_fds, poll_nfds,
869 SLEEPTIME * MILLISEC);
870 pausecnt++;
871 if (ret > 0)
872 contract_event(&poll_fds[0]);
873 else if (ret < 0 && errno != EINTR)
874 console(B_TRUE, "poll() error: %s\n",
875 strerror(errno));
876 }
877
878 if (wakeup.w_flags.w_usersignal) {
879 /*
880 * Install the new level. This could be a real
881 * change in levels or a telinit [Q|a|b|c] or
882 * just a telinit to the same level at which
883 * we are running.
884 */
885 if (new_state != cur_state) {
886 if (new_state == LVLa ||
887 new_state == LVLb ||
888 new_state == LVLc) {
889 prev_state = prior_state;
890 prior_state = cur_state;
891 cur_state = new_state;
892 } else {
893 prev_state = cur_state;
894 if (cur_state >= 0)
895 prior_state = cur_state;
896 cur_state = new_state;
897 chg_lvl_flag = TRUE;
898 }
899 }
900
901 new_state = 0;
902 }
903
904 if (wakeup.w_flags.w_powerhit)
905 op_modes = PF_MODES;
906
907 /*
908 * Clear all wakeup reasons.
909 */
910 wakeup.w_mask = 0;
911 }
912 }
913
914 /*NOTREACHED*/
915 }
916
917 static void
update_boot_archive(int new_state)918 update_boot_archive(int new_state)
919 {
920 if (new_state != LVL0 && new_state != LVL5 && new_state != LVL6)
921 return;
922
923 if (getzoneid() != GLOBAL_ZONEID)
924 return;
925
926 (void) system("/sbin/bootadm -ea update_all");
927 }
928
929 /*
930 * void enter_maintenance()
931 * A simple invocation of sulogin(1M), with no baggage, in the case that we
932 * are unable to activate svc.startd(1M). We fork; the child runs sulogin;
933 * we wait for it to exit.
934 */
935 static void
enter_maintenance()936 enter_maintenance()
937 {
938 struct PROC_TABLE *su_process;
939
940 console(B_FALSE, "Requesting maintenance mode\n"
941 "(See /lib/svc/share/README for additional information.)\n");
942 (void) sighold(SIGCLD);
943 while ((su_process = efork(M_OFF, NULLPROC, NOCLEANUP)) == NO_ROOM)
944 (void) pause();
945 (void) sigrelse(SIGCLD);
946 if (su_process == NULLPROC) {
947 int fd;
948
949 (void) fclose(stdin);
950 (void) fclose(stdout);
951 (void) fclose(stderr);
952 closefrom(0);
953
954 fd = open(SYSCON, O_RDWR | O_NOCTTY);
955 if (fd >= 0) {
956 (void) dup2(fd, 1);
957 (void) dup2(fd, 2);
958 } else {
959 /*
960 * Need to issue an error message somewhere.
961 */
962 syslog(LOG_CRIT, "init[%d]: cannot open %s; %s\n",
963 getpid(), SYSCON, strerror(errno));
964 }
965
966 /*
967 * Execute the "su" program.
968 */
969 (void) execle(SU, SU, "-", (char *)0, glob_envp);
970 console(B_TRUE, "execle of %s failed: %s\n", SU,
971 strerror(errno));
972 timer(5);
973 exit(1);
974 }
975
976 /*
977 * If we are the parent, wait around for the child to die
978 * or for "init" to be signaled to change levels.
979 */
980 while (waitproc(su_process) == FAILURE) {
981 /*
982 * All other reasons for waking are ignored when in
983 * single-user mode. The only child we are interested
984 * in is being waited for explicitly by waitproc().
985 */
986 wakeup.w_mask = 0;
987 }
988 }
989
990 /*
991 * remv() scans through "proc_table" and performs cleanup. If
992 * there is a process in the table, which shouldn't be here at
993 * the current run level, then remv() kills the process.
994 */
995 static void
remv()996 remv()
997 {
998 struct PROC_TABLE *process;
999 struct CMD_LINE cmd;
1000 char cmd_string[MAXCMDL];
1001 int change_level;
1002
1003 change_level = (cur_state != prev_state ? TRUE : FALSE);
1004
1005 /*
1006 * Clear the TOUCHED flag on all entries so that when we have
1007 * finished scanning inittab, we will be able to tell if we
1008 * have any processes for which there is no entry in inittab.
1009 */
1010 for (process = proc_table;
1011 (process < proc_table + num_proc); process++) {
1012 process->p_flags &= ~TOUCHED;
1013 }
1014
1015 /*
1016 * Scan all inittab entries.
1017 */
1018 while (getcmd(&cmd, &cmd_string[0]) == TRUE) {
1019 /* Scan for process which goes with this entry in inittab. */
1020 for (process = proc_table;
1021 (process < proc_table + num_proc); process++) {
1022 if ((process->p_flags & OCCUPIED) == 0 ||
1023 !id_eq(process->p_id, cmd.c_id))
1024 continue;
1025
1026 /*
1027 * This slot contains the process we are looking for.
1028 */
1029
1030 /*
1031 * Is the cur_state SINGLE_USER or is this process
1032 * marked as "off" or was this proc started by some
1033 * mechanism other than LVL{a|b|c} and the current level
1034 * does not support this process?
1035 */
1036 if (cur_state == SINGLE_USER ||
1037 cmd.c_action == M_OFF ||
1038 ((cmd.c_levels & state_to_mask(cur_state)) == 0 &&
1039 (process->p_flags & DEMANDREQUEST) == 0)) {
1040 if (process->p_flags & LIVING) {
1041 /*
1042 * Touch this entry so we know we have
1043 * treated it. Note that procs which
1044 * are already dead at this point and
1045 * should not be restarted are left
1046 * untouched. This causes their slot to
1047 * be freed later after dead accounting
1048 * is done.
1049 */
1050 process->p_flags |= TOUCHED;
1051
1052 if ((process->p_flags & KILLED) == 0) {
1053 if (change_level) {
1054 process->p_flags
1055 |= WARNED;
1056 (void) kill(
1057 process->p_pid,
1058 SIGTERM);
1059 } else {
1060 /*
1061 * Fork a killing proc
1062 * so "init" can
1063 * continue without
1064 * having to pause for
1065 * TWARN seconds.
1066 */
1067 killproc(
1068 process->p_pid);
1069 }
1070 process->p_flags |= KILLED;
1071 }
1072 }
1073 } else {
1074 /*
1075 * Process can exist at current level. If it is
1076 * still alive or a DEMANDREQUEST we touch it so
1077 * it will be left alone. Otherwise we leave it
1078 * untouched so it will be accounted for and
1079 * cleaned up later in remv(). Dead
1080 * DEMANDREQUESTs will be accounted but not
1081 * freed.
1082 */
1083 if (process->p_flags &
1084 (LIVING|NOCLEANUP|DEMANDREQUEST))
1085 process->p_flags |= TOUCHED;
1086 }
1087
1088 break;
1089 }
1090 }
1091
1092 st_write();
1093
1094 /*
1095 * If this was a change of levels call, scan through the
1096 * process table for processes that were warned to die. If any
1097 * are found that haven't left yet, sleep for TWARN seconds and
1098 * then send final terminations to any that haven't died yet.
1099 */
1100 if (change_level) {
1101
1102 /*
1103 * Set the alarm for TWARN seconds on the assumption
1104 * that there will be some that need to be waited for.
1105 * This won't harm anything except we are guaranteed to
1106 * wakeup in TWARN seconds whether we need to or not.
1107 */
1108 setimer(TWARN);
1109
1110 /*
1111 * Scan for processes which should be dying. We hope they
1112 * will die without having to be sent a SIGKILL signal.
1113 */
1114 for (process = proc_table;
1115 (process < proc_table + num_proc); process++) {
1116 /*
1117 * If this process should die, hasn't yet, and the
1118 * TWARN time hasn't expired yet, wait for process
1119 * to die or for timer to expire.
1120 */
1121 while (time_up == FALSE &&
1122 (process->p_flags & (WARNED|LIVING|OCCUPIED)) ==
1123 (WARNED|LIVING|OCCUPIED))
1124 (void) pause();
1125
1126 if (time_up == TRUE)
1127 break;
1128 }
1129
1130 /*
1131 * If we reached the end of the table without the timer
1132 * expiring, then there are no procs which will have to be
1133 * sent the SIGKILL signal. If the timer has expired, then
1134 * it is necessary to scan the table again and send signals
1135 * to all processes which aren't going away nicely.
1136 */
1137 if (time_up == TRUE) {
1138 for (process = proc_table;
1139 (process < proc_table + num_proc); process++) {
1140 if ((process->p_flags &
1141 (WARNED|LIVING|OCCUPIED)) ==
1142 (WARNED|LIVING|OCCUPIED))
1143 (void) kill(process->p_pid, SIGKILL);
1144 }
1145 }
1146 setimer(0);
1147 }
1148
1149 /*
1150 * Rescan the proc_table for two kinds of entry, those marked LIVING,
1151 * NAMED, which don't have an entry in inittab (haven't been TOUCHED
1152 * by the above scanning), and haven't been sent kill signals, and
1153 * those entries marked not LIVING, NAMED. The former procs are killed.
1154 * The latter have DEAD_PROCESS accounting done and the slot cleared.
1155 */
1156 for (process = proc_table;
1157 (process < proc_table + num_proc); process++) {
1158 if ((process->p_flags & (LIVING|NAMED|TOUCHED|KILLED|OCCUPIED))
1159 == (LIVING|NAMED|OCCUPIED)) {
1160 killproc(process->p_pid);
1161 process->p_flags |= KILLED;
1162 } else if ((process->p_flags & (LIVING|NAMED|OCCUPIED)) ==
1163 (NAMED|OCCUPIED)) {
1164 (void) account(DEAD_PROCESS, process, NULL);
1165 /*
1166 * If this named proc hasn't been TOUCHED, then free the
1167 * space. It has either died of it's own accord, but
1168 * isn't respawnable or it was killed because it
1169 * shouldn't exist at this level.
1170 */
1171 if ((process->p_flags & TOUCHED) == 0)
1172 process->p_flags = 0;
1173 }
1174 }
1175
1176 st_write();
1177 }
1178
1179 /*
1180 * Extract the svc.startd command line and whether to restart it from its
1181 * inittab entry.
1182 */
1183 /*ARGSUSED*/
1184 static void
process_startd_line(struct CMD_LINE * cmd,char * cmd_string)1185 process_startd_line(struct CMD_LINE *cmd, char *cmd_string)
1186 {
1187 size_t sz;
1188
1189 /* Save the command line. */
1190 if (sflg || rflg) {
1191 /* Also append -r or -s. */
1192 (void) strlcpy(startd_cline, cmd_string, sizeof (startd_cline));
1193 (void) strlcat(startd_cline, " -", sizeof (startd_cline));
1194 if (sflg)
1195 sz = strlcat(startd_cline, "s", sizeof (startd_cline));
1196 if (rflg)
1197 sz = strlcat(startd_cline, "r", sizeof (startd_cline));
1198 } else {
1199 sz = strlcpy(startd_cline, cmd_string, sizeof (startd_cline));
1200 }
1201
1202 if (sz >= sizeof (startd_cline)) {
1203 console(B_TRUE,
1204 "svc.startd command line too long. Ignoring.\n");
1205 startd_cline[0] = '\0';
1206 return;
1207 }
1208 }
1209
1210 /*
1211 * spawn_processes() scans inittab for entries which should be run at this
1212 * mode. Processes which should be running but are not, are started.
1213 */
1214 static int
spawn_processes()1215 spawn_processes()
1216 {
1217 struct PROC_TABLE *pp;
1218 struct CMD_LINE cmd;
1219 char cmd_string[MAXCMDL];
1220 short lvl_mask;
1221 int status;
1222
1223 /*
1224 * First check the "powerhit" flag. If it is set, make sure the modes
1225 * are PF_MODES and clear the "powerhit" flag. Avoid the possible race
1226 * on the "powerhit" flag by disallowing a new powerfail interrupt
1227 * between the test of the powerhit flag and the clearing of it.
1228 */
1229 if (wakeup.w_flags.w_powerhit) {
1230 wakeup.w_flags.w_powerhit = 0;
1231 op_modes = PF_MODES;
1232 }
1233 lvl_mask = state_to_mask(cur_state);
1234
1235 /*
1236 * Scan through all the entries in inittab.
1237 */
1238 while ((status = getcmd(&cmd, &cmd_string[0])) == TRUE) {
1239 if (id_eq(cmd.c_id, "smf")) {
1240 process_startd_line(&cmd, cmd_string);
1241 continue;
1242 }
1243
1244 retry_for_proc_slot:
1245
1246 /*
1247 * Find out if there is a process slot for this entry already.
1248 */
1249 if ((pp = findpslot(&cmd)) == NULLPROC) {
1250 /*
1251 * we've run out of proc table entries
1252 * increase proc_table.
1253 */
1254 increase_proc_table_size();
1255
1256 /*
1257 * Retry now as we have an empty proc slot.
1258 * In case increase_proc_table_size() fails,
1259 * we will keep retrying.
1260 */
1261 goto retry_for_proc_slot;
1262 }
1263
1264 /*
1265 * If there is an entry, and it is marked as DEMANDREQUEST,
1266 * one of the levels a, b, or c is in its levels mask, and
1267 * the action field is ONDEMAND and ONDEMAND is a permissable
1268 * mode, and the process is dead, then respawn it.
1269 */
1270 if (((pp->p_flags & (LIVING|DEMANDREQUEST)) == DEMANDREQUEST) &&
1271 (cmd.c_levels & MASK_abc) &&
1272 (cmd.c_action & op_modes) == M_ONDEMAND) {
1273 spawn(pp, &cmd);
1274 continue;
1275 }
1276
1277 /*
1278 * If the action is not an action we are interested in,
1279 * skip the entry.
1280 */
1281 if ((cmd.c_action & op_modes) == 0 || pp->p_flags & LIVING ||
1282 (cmd.c_levels & lvl_mask) == 0)
1283 continue;
1284
1285 /*
1286 * If the modes are the normal modes (ONCE, WAIT, RESPAWN, OFF,
1287 * ONDEMAND) and the action field is either OFF or the action
1288 * field is ONCE or WAIT and the current level is the same as
1289 * the last level, then skip this entry. ONCE and WAIT only
1290 * get run when the level changes.
1291 */
1292 if (op_modes == NORMAL_MODES &&
1293 (cmd.c_action == M_OFF ||
1294 (cmd.c_action & (M_ONCE|M_WAIT)) &&
1295 cur_state == prev_state))
1296 continue;
1297
1298 /*
1299 * At this point we are interested in performing the action for
1300 * this entry. Actions fall into two categories, spinning off
1301 * a process and not waiting, and spinning off a process and
1302 * waiting for it to die. If the action is ONCE, RESPAWN,
1303 * ONDEMAND, POWERFAIL, or BOOT we don't wait for the process
1304 * to die, for all other actions we do wait.
1305 */
1306 if (cmd.c_action & (M_ONCE | M_RESPAWN | M_PF | M_BOOT)) {
1307 spawn(pp, &cmd);
1308
1309 } else {
1310 spawn(pp, &cmd);
1311 while (waitproc(pp) == FAILURE)
1312 ;
1313 (void) account(DEAD_PROCESS, pp, NULL);
1314 pp->p_flags = 0;
1315 }
1316 }
1317 return (status);
1318 }
1319
1320 /*
1321 * spawn() spawns a shell, inserts the information about the process
1322 * process into the proc_table, and does the startup accounting.
1323 */
1324 static void
spawn(struct PROC_TABLE * process,struct CMD_LINE * cmd)1325 spawn(struct PROC_TABLE *process, struct CMD_LINE *cmd)
1326 {
1327 int i;
1328 int modes, maxfiles;
1329 time_t now;
1330 struct PROC_TABLE tmproc, *oprocess;
1331
1332 /*
1333 * The modes to be sent to efork() are 0 unless we are
1334 * spawning a LVLa, LVLb, or LVLc entry or we will be
1335 * waiting for the death of the child before continuing.
1336 */
1337 modes = NAMED;
1338 if (process->p_flags & DEMANDREQUEST || cur_state == LVLa ||
1339 cur_state == LVLb || cur_state == LVLc)
1340 modes |= DEMANDREQUEST;
1341 if ((cmd->c_action & (M_SYSINIT | M_WAIT | M_BOOTWAIT | M_PWAIT)) != 0)
1342 modes |= NOCLEANUP;
1343
1344 /*
1345 * If this is a respawnable process, check the threshold
1346 * information to avoid excessive respawns.
1347 */
1348 if (cmd->c_action & M_RESPAWN) {
1349 /*
1350 * Add NOCLEANUP to all respawnable commands so that the
1351 * information about the frequency of respawns isn't lost.
1352 */
1353 modes |= NOCLEANUP;
1354 (void) time(&now);
1355
1356 /*
1357 * If no time is assigned, then this is the first time
1358 * this command is being processed in this series. Assign
1359 * the current time.
1360 */
1361 if (process->p_time == 0L)
1362 process->p_time = now;
1363
1364 if (process->p_count++ == SPAWN_LIMIT) {
1365
1366 if ((now - process->p_time) < SPAWN_INTERVAL) {
1367 /*
1368 * Process is respawning too rapidly. Print
1369 * message and refuse to respawn it for now.
1370 */
1371 console(B_TRUE, "Command is respawning too "
1372 "rapidly. Check for possible errors.\n"
1373 "id:%4s \"%s\"\n",
1374 &cmd->c_id[0], &cmd->c_command[EXEC]);
1375 return;
1376 }
1377 process->p_time = now;
1378 process->p_count = 0;
1379
1380 } else if (process->p_count > SPAWN_LIMIT) {
1381 /*
1382 * If process has been respawning too rapidly and
1383 * the inhibit time limit hasn't expired yet, we
1384 * refuse to respawn.
1385 */
1386 if (now - process->p_time < SPAWN_INTERVAL + INHIBIT)
1387 return;
1388 process->p_time = now;
1389 process->p_count = 0;
1390 }
1391 rsflag = TRUE;
1392 }
1393
1394 /*
1395 * Spawn a child process to execute this command.
1396 */
1397 (void) sighold(SIGCLD);
1398 oprocess = process;
1399 while ((process = efork(cmd->c_action, oprocess, modes)) == NO_ROOM)
1400 (void) pause();
1401
1402 if (process == NULLPROC) {
1403
1404 /*
1405 * We are the child. We must make sure we get a different
1406 * file pointer for our references to utmpx. Otherwise our
1407 * seeks and reads will compete with those of the parent.
1408 */
1409 endutxent();
1410
1411 /*
1412 * Perform the accounting for the beginning of a process.
1413 * Note that all processes are initially "INIT_PROCESS"es.
1414 */
1415 tmproc.p_id[0] = cmd->c_id[0];
1416 tmproc.p_id[1] = cmd->c_id[1];
1417 tmproc.p_id[2] = cmd->c_id[2];
1418 tmproc.p_id[3] = cmd->c_id[3];
1419 tmproc.p_pid = getpid();
1420 tmproc.p_exit = 0;
1421 (void) account(INIT_PROCESS, &tmproc,
1422 prog_name(&cmd->c_command[EXEC]));
1423 maxfiles = ulimit(UL_GDESLIM, 0);
1424 for (i = 0; i < maxfiles; i++)
1425 (void) fcntl(i, F_SETFD, FD_CLOEXEC);
1426
1427 /*
1428 * Now exec a shell with the -c option and the command
1429 * from inittab.
1430 */
1431 (void) execle(SH, "INITSH", "-c", cmd->c_command, (char *)0,
1432 glob_envp);
1433 console(B_TRUE, "Command\n\"%s\"\n failed to execute. errno "
1434 "= %d (exec of shell failed)\n", cmd->c_command, errno);
1435
1436 /*
1437 * Don't come back so quickly that "init" doesn't have a
1438 * chance to finish putting this child in "proc_table".
1439 */
1440 timer(20);
1441 exit(1);
1442
1443 }
1444
1445 /*
1446 * We are the parent. Insert the necessary
1447 * information in the proc_table.
1448 */
1449 process->p_id[0] = cmd->c_id[0];
1450 process->p_id[1] = cmd->c_id[1];
1451 process->p_id[2] = cmd->c_id[2];
1452 process->p_id[3] = cmd->c_id[3];
1453
1454 st_write();
1455
1456 (void) sigrelse(SIGCLD);
1457 }
1458
1459 /*
1460 * findpslot() finds the old slot in the process table for the
1461 * command with the same id, or it finds an empty slot.
1462 */
1463 static struct PROC_TABLE *
findpslot(struct CMD_LINE * cmd)1464 findpslot(struct CMD_LINE *cmd)
1465 {
1466 struct PROC_TABLE *process;
1467 struct PROC_TABLE *empty = NULLPROC;
1468
1469 for (process = proc_table;
1470 (process < proc_table + num_proc); process++) {
1471 if (process->p_flags & OCCUPIED &&
1472 id_eq(process->p_id, cmd->c_id))
1473 break;
1474
1475 /*
1476 * If the entry is totally empty and "empty" is still 0,
1477 * remember where this hole is and make sure the slot is
1478 * zeroed out.
1479 */
1480 if (empty == NULLPROC && (process->p_flags & OCCUPIED) == 0) {
1481 empty = process;
1482 process->p_id[0] = '\0';
1483 process->p_id[1] = '\0';
1484 process->p_id[2] = '\0';
1485 process->p_id[3] = '\0';
1486 process->p_pid = 0;
1487 process->p_time = 0L;
1488 process->p_count = 0;
1489 process->p_flags = 0;
1490 process->p_exit = 0;
1491 }
1492 }
1493
1494 /*
1495 * If there is no entry for this slot, then there should be an
1496 * empty slot. If there is no empty slot, then we've run out
1497 * of proc_table space. If the latter is true, empty will be
1498 * NULL and the caller will have to complain.
1499 */
1500 if (process == (proc_table + num_proc))
1501 process = empty;
1502
1503 return (process);
1504 }
1505
1506 /*
1507 * getcmd() parses lines from inittab. Each time it finds a command line
1508 * it will return TRUE as well as fill the passed CMD_LINE structure and
1509 * the shell command string. When the end of inittab is reached, FALSE
1510 * is returned inittab is automatically opened if it is not currently open
1511 * and is closed when the end of the file is reached.
1512 */
1513 static FILE *fp_inittab = NULL;
1514
1515 static int
getcmd(struct CMD_LINE * cmd,char * shcmd)1516 getcmd(struct CMD_LINE *cmd, char *shcmd)
1517 {
1518 char *ptr;
1519 int c, lastc, state;
1520 char *ptr1;
1521 int answer, i, proceed;
1522 struct stat sbuf;
1523 static char *actions[] = {
1524 "off", "respawn", "ondemand", "once", "wait", "boot",
1525 "bootwait", "powerfail", "powerwait", "initdefault",
1526 "sysinit",
1527 };
1528 static short act_masks[] = {
1529 M_OFF, M_RESPAWN, M_ONDEMAND, M_ONCE, M_WAIT, M_BOOT,
1530 M_BOOTWAIT, M_PF, M_PWAIT, M_INITDEFAULT, M_SYSINIT,
1531 };
1532 /*
1533 * Only these actions will be allowed for entries which
1534 * are specified for single-user mode.
1535 */
1536 short su_acts = M_INITDEFAULT | M_PF | M_PWAIT | M_WAIT;
1537
1538 if (fp_inittab == NULL) {
1539 /*
1540 * Before attempting to open inittab we stat it to make
1541 * sure it currently exists and is not empty. We try
1542 * several times because someone may have temporarily
1543 * unlinked or truncated the file.
1544 */
1545 for (i = 0; i < 3; i++) {
1546 if (stat(INITTAB, &sbuf) == -1) {
1547 if (i == 2) {
1548 console(B_TRUE,
1549 "Cannot stat %s, errno: %d\n",
1550 INITTAB, errno);
1551 return (FAILURE);
1552 } else {
1553 timer(3);
1554 }
1555 } else if (sbuf.st_size < 10) {
1556 if (i == 2) {
1557 console(B_TRUE,
1558 "%s truncated or corrupted\n",
1559 INITTAB);
1560 return (FAILURE);
1561 } else {
1562 timer(3);
1563 }
1564 } else {
1565 break;
1566 }
1567 }
1568
1569 /*
1570 * If unable to open inittab, print error message and
1571 * return FAILURE to caller.
1572 */
1573 if ((fp_inittab = fopen(INITTAB, "r")) == NULL) {
1574 console(B_TRUE, "Cannot open %s errno: %d\n", INITTAB,
1575 errno);
1576 return (FAILURE);
1577 }
1578 }
1579
1580 /*
1581 * Keep getting commands from inittab until you find a
1582 * good one or run out of file.
1583 */
1584 for (answer = FALSE; answer == FALSE; ) {
1585 /*
1586 * Zero out the cmd itself before trying next line.
1587 */
1588 bzero(cmd, sizeof (struct CMD_LINE));
1589
1590 /*
1591 * Read in lines of inittab, parsing at colons, until a line is
1592 * read in which doesn't end with a backslash. Do not start if
1593 * the first character read is an EOF. Note that this means
1594 * that lines which don't end in a newline are still processed,
1595 * since the "for" will terminate normally once started,
1596 * regardless of whether line terminates with a newline or EOF.
1597 */
1598 state = FAILURE;
1599 if ((c = fgetc(fp_inittab)) == EOF) {
1600 answer = FALSE;
1601 (void) fclose(fp_inittab);
1602 fp_inittab = NULL;
1603 break;
1604 }
1605
1606 for (proceed = TRUE, ptr = shcmd, state = ID, lastc = '\0';
1607 proceed && c != EOF;
1608 lastc = c, c = fgetc(fp_inittab)) {
1609 /* If we're not in the FAILURE state and haven't */
1610 /* yet reached the shell command field, process */
1611 /* the line, otherwise just look for a real end */
1612 /* of line. */
1613 if (state != FAILURE && state != COMMAND) {
1614 /*
1615 * Squeeze out spaces and tabs.
1616 */
1617 if (c == ' ' || c == '\t')
1618 continue;
1619
1620 /*
1621 * Ignore characters in a comment, except for the \n.
1622 */
1623 if (state == COMMENT) {
1624 if (c == '\n') {
1625 lastc = ' ';
1626 break;
1627 } else {
1628 continue;
1629 }
1630 }
1631
1632 /*
1633 * Detect comments (lines whose first non-whitespace
1634 * character is '#') by checking that we're at the
1635 * beginning of a line, have seen a '#', and haven't
1636 * yet accumulated any characters.
1637 */
1638 if (state == ID && c == '#' && ptr == shcmd) {
1639 state = COMMENT;
1640 continue;
1641 }
1642
1643 /*
1644 * If the character is a ':', then check the
1645 * previous field for correctness and advance
1646 * to the next field.
1647 */
1648 if (c == ':') {
1649 switch (state) {
1650
1651 case ID :
1652 /*
1653 * Check to see that there are only
1654 * 1 to 4 characters for the id.
1655 */
1656 if ((i = ptr - shcmd) < 1 || i > 4) {
1657 state = FAILURE;
1658 } else {
1659 bcopy(shcmd, &cmd->c_id[0], i);
1660 ptr = shcmd;
1661 state = LEVELS;
1662 }
1663 break;
1664
1665 case LEVELS :
1666 /*
1667 * Build a mask for all the levels for
1668 * which this command will be legal.
1669 */
1670 for (cmd->c_levels = 0, ptr1 = shcmd;
1671 ptr1 < ptr; ptr1++) {
1672 int mask;
1673 if (lvlname_to_mask(*ptr1,
1674 &mask) == -1) {
1675 state = FAILURE;
1676 break;
1677 }
1678 cmd->c_levels |= mask;
1679 }
1680 if (state != FAILURE) {
1681 state = ACTION;
1682 ptr = shcmd; /* Reset the buffer */
1683 }
1684 break;
1685
1686 case ACTION :
1687 /*
1688 * Null terminate the string in shcmd buffer and
1689 * then try to match against legal actions. If
1690 * the field is of length 0, then the default of
1691 * "RESPAWN" is used if the id is numeric,
1692 * otherwise the default is "OFF".
1693 */
1694 if (ptr == shcmd) {
1695 if (isdigit(cmd->c_id[0]) &&
1696 (cmd->c_id[1] == '\0' ||
1697 isdigit(cmd->c_id[1])) &&
1698 (cmd->c_id[2] == '\0' ||
1699 isdigit(cmd->c_id[2])) &&
1700 (cmd->c_id[3] == '\0' ||
1701 isdigit(cmd->c_id[3])))
1702 cmd->c_action = M_RESPAWN;
1703 else
1704 cmd->c_action = M_OFF;
1705 } else {
1706 for (cmd->c_action = 0, i = 0,
1707 *ptr = '\0';
1708 i <
1709 sizeof (actions)/sizeof (char *);
1710 i++) {
1711 if (strcmp(shcmd, actions[i]) == 0) {
1712 if ((cmd->c_levels & MASKSU) &&
1713 !(act_masks[i] & su_acts))
1714 cmd->c_action = 0;
1715 else
1716 cmd->c_action =
1717 act_masks[i];
1718 break;
1719 }
1720 }
1721 }
1722
1723 /*
1724 * If the action didn't match any legal action,
1725 * set state to FAILURE.
1726 */
1727 if (cmd->c_action == 0) {
1728 state = FAILURE;
1729 } else {
1730 state = COMMAND;
1731 (void) strcpy(shcmd, "exec ");
1732 }
1733 ptr = shcmd + EXEC;
1734 break;
1735 }
1736 continue;
1737 }
1738 }
1739
1740 /* If the character is a '\n', then this is the end of a */
1741 /* line. If the '\n' wasn't preceded by a backslash, */
1742 /* it is also the end of an inittab command. If it was */
1743 /* preceded by a backslash then the next line is a */
1744 /* continuation. Note that the continuation '\n' falls */
1745 /* through and is treated like other characters and is */
1746 /* stored in the shell command line. */
1747 if (c == '\n' && lastc != '\\') {
1748 proceed = FALSE;
1749 *ptr = '\0';
1750 break;
1751 }
1752
1753 /* For all other characters just stuff them into the */
1754 /* command as long as there aren't too many of them. */
1755 /* Make sure there is room for a terminating '\0' also. */
1756 if (ptr >= shcmd + MAXCMDL - 1)
1757 state = FAILURE;
1758 else
1759 *ptr++ = (char)c;
1760
1761 /* If the character we just stored was a quoted */
1762 /* backslash, then change "c" to '\0', so that this */
1763 /* backslash will not cause a subsequent '\n' to appear */
1764 /* quoted. In otherwords '\' '\' '\n' is the real end */
1765 /* of a command, while '\' '\n' is a continuation. */
1766 if (c == '\\' && lastc == '\\')
1767 c = '\0';
1768 }
1769
1770 /*
1771 * Make sure all the fields are properly specified
1772 * for a good command line.
1773 */
1774 if (state == COMMAND) {
1775 answer = TRUE;
1776 cmd->c_command = shcmd;
1777
1778 /*
1779 * If no default level was supplied, insert
1780 * all numerical levels.
1781 */
1782 if (cmd->c_levels == 0)
1783 cmd->c_levels = MASK_NUMERIC;
1784
1785 /*
1786 * If no action has been supplied, declare this
1787 * entry to be OFF.
1788 */
1789 if (cmd->c_action == 0)
1790 cmd->c_action = M_OFF;
1791
1792 /*
1793 * If no shell command has been supplied, make sure
1794 * there is a null string in the command field.
1795 */
1796 if (ptr == shcmd + EXEC)
1797 *shcmd = '\0';
1798 } else
1799 answer = FALSE;
1800
1801 /*
1802 * If we have reached the end of inittab, then close it
1803 * and quit trying to find a good command line.
1804 */
1805 if (c == EOF) {
1806 (void) fclose(fp_inittab);
1807 fp_inittab = NULL;
1808 break;
1809 }
1810 }
1811 return (answer);
1812 }
1813
1814 /*
1815 * lvlname_to_state(): convert the character name of a state to its level
1816 * (its corresponding signal number).
1817 */
1818 static int
lvlname_to_state(char name)1819 lvlname_to_state(char name)
1820 {
1821 int i;
1822 for (i = 0; i < LVL_NELEMS; i++) {
1823 if (lvls[i].lvl_name == name)
1824 return (lvls[i].lvl_state);
1825 }
1826 return (-1);
1827 }
1828
1829 /*
1830 * state_to_name(): convert the level to the character name.
1831 */
1832 static char
state_to_name(int state)1833 state_to_name(int state)
1834 {
1835 int i;
1836 for (i = 0; i < LVL_NELEMS; i++) {
1837 if (lvls[i].lvl_state == state)
1838 return (lvls[i].lvl_name);
1839 }
1840 return (-1);
1841 }
1842
1843 /*
1844 * state_to_mask(): return the mask corresponding to a signal number
1845 */
1846 static int
state_to_mask(int state)1847 state_to_mask(int state)
1848 {
1849 int i;
1850 for (i = 0; i < LVL_NELEMS; i++) {
1851 if (lvls[i].lvl_state == state)
1852 return (lvls[i].lvl_mask);
1853 }
1854 return (0); /* return 0, since that represents an empty mask */
1855 }
1856
1857 /*
1858 * lvlname_to_mask(): return the mask corresponding to a levels character name
1859 */
1860 static int
lvlname_to_mask(char name,int * mask)1861 lvlname_to_mask(char name, int *mask)
1862 {
1863 int i;
1864 for (i = 0; i < LVL_NELEMS; i++) {
1865 if (lvls[i].lvl_name == name) {
1866 *mask = lvls[i].lvl_mask;
1867 return (0);
1868 }
1869 }
1870 return (-1);
1871 }
1872
1873 /*
1874 * state_to_flags(): return the flags corresponding to a runlevel. These
1875 * indicate properties of that runlevel.
1876 */
1877 static int
state_to_flags(int state)1878 state_to_flags(int state)
1879 {
1880 int i;
1881 for (i = 0; i < LVL_NELEMS; i++) {
1882 if (lvls[i].lvl_state == state)
1883 return (lvls[i].lvl_flags);
1884 }
1885 return (0);
1886 }
1887
1888 /*
1889 * killproc() creates a child which kills the process specified by pid.
1890 */
1891 void
killproc(pid_t pid)1892 killproc(pid_t pid)
1893 {
1894 struct PROC_TABLE *process;
1895
1896 (void) sighold(SIGCLD);
1897 while ((process = efork(M_OFF, NULLPROC, 0)) == NO_ROOM)
1898 (void) pause();
1899 (void) sigrelse(SIGCLD);
1900
1901 if (process == NULLPROC) {
1902 /*
1903 * efork() sets all signal handlers to the default, so reset
1904 * the ALRM handler to make timer() work as expected.
1905 */
1906 (void) sigset(SIGALRM, alarmclk);
1907
1908 /*
1909 * We are the child. Try to terminate the process nicely
1910 * first using SIGTERM and if it refuses to die in TWARN
1911 * seconds kill it with SIGKILL.
1912 */
1913 (void) kill(pid, SIGTERM);
1914 (void) timer(TWARN);
1915 (void) kill(pid, SIGKILL);
1916 (void) exit(0);
1917 }
1918 }
1919
1920 /*
1921 * Set up the default environment for all procs to be forked from init.
1922 * Read the values from the /etc/default/init file, except for PATH. If
1923 * there's not enough room in the environment array, the environment
1924 * lines that don't fit are silently discarded.
1925 */
1926 void
init_env()1927 init_env()
1928 {
1929 char line[MAXCMDL];
1930 FILE *fp;
1931 int inquotes, length, wslength;
1932 char *tokp, *cp1, *cp2;
1933
1934 glob_envp[0] = malloc((unsigned)(strlen(DEF_PATH)+2));
1935 (void) strcpy(glob_envp[0], DEF_PATH);
1936 glob_envn = 1;
1937
1938 if (rflg) {
1939 glob_envp[1] =
1940 malloc((unsigned)(strlen("_DVFS_RECONFIG=YES")+2));
1941 (void) strcpy(glob_envp[1], "_DVFS_RECONFIG=YES");
1942 ++glob_envn;
1943 } else if (bflg == 1) {
1944 glob_envp[1] =
1945 malloc((unsigned)(strlen("RB_NOBOOTRC=YES")+2));
1946 (void) strcpy(glob_envp[1], "RB_NOBOOTRC=YES");
1947 ++glob_envn;
1948 }
1949
1950 if ((fp = fopen(ENVFILE, "r")) == NULL) {
1951 console(B_TRUE,
1952 "Cannot open %s. Environment not initialized.\n",
1953 ENVFILE);
1954 } else {
1955 while (fgets(line, MAXCMDL - 1, fp) != NULL &&
1956 glob_envn < MAXENVENT - 2) {
1957 /*
1958 * Toss newline
1959 */
1960 length = strlen(line);
1961 if (line[length - 1] == '\n')
1962 line[length - 1] = '\0';
1963
1964 /*
1965 * Ignore blank or comment lines.
1966 */
1967 if (line[0] == '#' || line[0] == '\0' ||
1968 (wslength = strspn(line, " \t\n")) ==
1969 strlen(line) ||
1970 strchr(line, '#') == line + wslength)
1971 continue;
1972
1973 /*
1974 * First make a pass through the line and change
1975 * any non-quoted semi-colons to blanks so they
1976 * will be treated as token separators below.
1977 */
1978 inquotes = 0;
1979 for (cp1 = line; *cp1 != '\0'; cp1++) {
1980 if (*cp1 == '"') {
1981 if (inquotes == 0)
1982 inquotes = 1;
1983 else
1984 inquotes = 0;
1985 } else if (*cp1 == ';') {
1986 if (inquotes == 0)
1987 *cp1 = ' ';
1988 }
1989 }
1990
1991 /*
1992 * Tokens within the line are separated by blanks
1993 * and tabs. For each token in the line which
1994 * contains a '=' we strip out any quotes and then
1995 * stick the token in the environment array.
1996 */
1997 if ((tokp = strtok(line, " \t")) == NULL)
1998 continue;
1999 do {
2000 if (strchr(tokp, '=') == NULL)
2001 continue;
2002 length = strlen(tokp);
2003 while ((cp1 = strpbrk(tokp, "\"\'")) != NULL) {
2004 for (cp2 = cp1;
2005 cp2 < &tokp[length]; cp2++)
2006 *cp2 = *(cp2 + 1);
2007 length--;
2008 }
2009
2010 if (strncmp(tokp, "CMASK=",
2011 sizeof ("CMASK=") - 1) == 0) {
2012 long t;
2013
2014 /* We know there's an = */
2015 t = strtol(strchr(tokp, '=') + 1, NULL,
2016 8);
2017
2018 /* Sanity */
2019 if (t <= 077 && t >= 0)
2020 cmask = (int)t;
2021 (void) umask(cmask);
2022 continue;
2023 }
2024 glob_envp[glob_envn] =
2025 malloc((unsigned)(length + 1));
2026 (void) strcpy(glob_envp[glob_envn], tokp);
2027 if (++glob_envn >= MAXENVENT - 1)
2028 break;
2029 } while ((tokp = strtok(NULL, " \t")) != NULL);
2030 }
2031
2032 /*
2033 * Append a null pointer to the environment array
2034 * to mark its end.
2035 */
2036 glob_envp[glob_envn] = NULL;
2037 (void) fclose(fp);
2038 }
2039 }
2040
2041 /*
2042 * boot_init(): Do initialization things that should be done at boot.
2043 */
2044 void
boot_init()2045 boot_init()
2046 {
2047 int i;
2048 struct PROC_TABLE *process, *oprocess;
2049 struct CMD_LINE cmd;
2050 char line[MAXCMDL];
2051 char svc_aux[SVC_AUX_SIZE];
2052 char init_svc_fmri[SVC_FMRI_SIZE];
2053 char *old_path;
2054 int maxfiles;
2055
2056 /* Use INIT_PATH for sysinit cmds */
2057 old_path = glob_envp[0];
2058 glob_envp[0] = malloc((unsigned)(strlen(INIT_PATH)+2));
2059 (void) strcpy(glob_envp[0], INIT_PATH);
2060
2061 /*
2062 * Scan inittab(4) and process the special svc.startd entry, initdefault
2063 * and sysinit entries.
2064 */
2065 while (getcmd(&cmd, &line[0]) == TRUE) {
2066 if (startd_tmpl >= 0 && id_eq(cmd.c_id, "smf")) {
2067 process_startd_line(&cmd, line);
2068 (void) snprintf(startd_svc_aux, SVC_AUX_SIZE,
2069 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id);
2070 } else if (cmd.c_action == M_INITDEFAULT) {
2071 /*
2072 * initdefault is no longer meaningful, as the SMF
2073 * milestone controls what (legacy) run level we
2074 * boot to.
2075 */
2076 console(B_TRUE,
2077 "Ignoring legacy \"initdefault\" entry.\n");
2078 } else if (cmd.c_action == M_SYSINIT) {
2079 /*
2080 * Execute the "sysinit" entry and wait for it to
2081 * complete. No bookkeeping is performed on these
2082 * entries because we avoid writing to the file system
2083 * until after there has been an chance to check it.
2084 */
2085 if (process = findpslot(&cmd)) {
2086 (void) sighold(SIGCLD);
2087 (void) snprintf(svc_aux, SVC_AUX_SIZE,
2088 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id);
2089 (void) snprintf(init_svc_fmri, SVC_FMRI_SIZE,
2090 SVC_INIT_PREFIX INITTAB_ENTRY_ID_STR_FORMAT,
2091 cmd.c_id);
2092 if (legacy_tmpl >= 0) {
2093 (void) ct_pr_tmpl_set_svc_fmri(
2094 legacy_tmpl, init_svc_fmri);
2095 (void) ct_pr_tmpl_set_svc_aux(
2096 legacy_tmpl, svc_aux);
2097 }
2098
2099 for (oprocess = process;
2100 (process = efork(M_OFF, oprocess,
2101 (NAMED|NOCLEANUP))) == NO_ROOM;
2102 /* CSTYLED */)
2103 ;
2104 (void) sigrelse(SIGCLD);
2105
2106 if (process == NULLPROC) {
2107 maxfiles = ulimit(UL_GDESLIM, 0);
2108
2109 for (i = 0; i < maxfiles; i++)
2110 (void) fcntl(i, F_SETFD,
2111 FD_CLOEXEC);
2112 (void) execle(SH, "INITSH", "-c",
2113 cmd.c_command,
2114 (char *)0, glob_envp);
2115 console(B_TRUE,
2116 "Command\n\"%s\"\n failed to execute. errno = %d (exec of shell failed)\n",
2117 cmd.c_command, errno);
2118 exit(1);
2119 } else
2120 while (waitproc(process) == FAILURE)
2121 ;
2122 process->p_flags = 0;
2123 st_write();
2124 }
2125 }
2126 }
2127
2128 /* Restore the path. */
2129 free(glob_envp[0]);
2130 glob_envp[0] = old_path;
2131
2132 /*
2133 * This will enable st_write() to complain about init_state_file.
2134 */
2135 booting = 0;
2136
2137 /*
2138 * If the /etc/ioctl.syscon didn't exist or had invalid contents write
2139 * out a correct version.
2140 */
2141 if (write_ioctl)
2142 write_ioctl_syscon();
2143
2144 /*
2145 * Start svc.startd(1M), which does most of the work.
2146 */
2147 if (startd_cline[0] != '\0' && startd_tmpl >= 0) {
2148 /* Start svc.startd. */
2149 if (startd_run(startd_cline, startd_tmpl, 0) == -1)
2150 cur_state = SINGLE_USER;
2151 } else {
2152 console(B_TRUE, "Absent svc.startd entry or bad "
2153 "contract template. Not starting svc.startd.\n");
2154 enter_maintenance();
2155 }
2156 }
2157
2158 /*
2159 * init_signals(): Initialize all signals to either be caught or ignored.
2160 */
2161 void
init_signals(void)2162 init_signals(void)
2163 {
2164 struct sigaction act;
2165 int i;
2166
2167 /*
2168 * Start by ignoring all signals, then selectively re-enable some.
2169 * The SIG_IGN disposition will only affect asynchronous signals:
2170 * any signal that we trigger synchronously that doesn't end up
2171 * being handled by siglvl() will be forcibly delivered by the kernel.
2172 */
2173 for (i = SIGHUP; i <= SIGRTMAX; i++)
2174 (void) sigset(i, SIG_IGN);
2175
2176 /*
2177 * Handle all level-changing signals using siglvl() and set sa_mask so
2178 * that all level-changing signals are blocked while in siglvl().
2179 */
2180 act.sa_handler = siglvl;
2181 act.sa_flags = SA_SIGINFO;
2182 (void) sigemptyset(&act.sa_mask);
2183
2184 (void) sigaddset(&act.sa_mask, LVLQ);
2185 (void) sigaddset(&act.sa_mask, LVL0);
2186 (void) sigaddset(&act.sa_mask, LVL1);
2187 (void) sigaddset(&act.sa_mask, LVL2);
2188 (void) sigaddset(&act.sa_mask, LVL3);
2189 (void) sigaddset(&act.sa_mask, LVL4);
2190 (void) sigaddset(&act.sa_mask, LVL5);
2191 (void) sigaddset(&act.sa_mask, LVL6);
2192 (void) sigaddset(&act.sa_mask, SINGLE_USER);
2193 (void) sigaddset(&act.sa_mask, LVLa);
2194 (void) sigaddset(&act.sa_mask, LVLb);
2195 (void) sigaddset(&act.sa_mask, LVLc);
2196
2197 (void) sigaction(LVLQ, &act, NULL);
2198 (void) sigaction(LVL0, &act, NULL);
2199 (void) sigaction(LVL1, &act, NULL);
2200 (void) sigaction(LVL2, &act, NULL);
2201 (void) sigaction(LVL3, &act, NULL);
2202 (void) sigaction(LVL4, &act, NULL);
2203 (void) sigaction(LVL5, &act, NULL);
2204 (void) sigaction(LVL6, &act, NULL);
2205 (void) sigaction(SINGLE_USER, &act, NULL);
2206 (void) sigaction(LVLa, &act, NULL);
2207 (void) sigaction(LVLb, &act, NULL);
2208 (void) sigaction(LVLc, &act, NULL);
2209
2210 (void) sigset(SIGALRM, alarmclk);
2211 alarmclk();
2212
2213 (void) sigset(SIGCLD, childeath);
2214 (void) sigset(SIGPWR, powerfail);
2215 }
2216
2217 /*
2218 * Set up pipe for "godchildren". If the file exists and is a pipe just open
2219 * it. Else, if the file system is r/w create it. Otherwise, defer its
2220 * creation and open until after /var/run has been mounted. This function is
2221 * only called on startup and when explicitly requested via LVLQ.
2222 */
2223 void
setup_pipe()2224 setup_pipe()
2225 {
2226 struct stat stat_buf;
2227 struct statvfs statvfs_buf;
2228 struct sigaction act;
2229
2230 /*
2231 * Always close the previous pipe descriptor as the mounted filesystems
2232 * may have changed.
2233 */
2234 if (Pfd >= 0)
2235 (void) close(Pfd);
2236
2237 if ((stat(INITPIPE, &stat_buf) == 0) &&
2238 ((stat_buf.st_mode & (S_IFMT|S_IRUSR)) == (S_IFIFO|S_IRUSR)))
2239 Pfd = open(INITPIPE, O_RDWR | O_NDELAY);
2240 else
2241 if ((statvfs(INITPIPE_DIR, &statvfs_buf) == 0) &&
2242 ((statvfs_buf.f_flag & ST_RDONLY) == 0)) {
2243 (void) unlink(INITPIPE);
2244 (void) mknod(INITPIPE, S_IFIFO | 0600, 0);
2245 Pfd = open(INITPIPE, O_RDWR | O_NDELAY);
2246 }
2247
2248 if (Pfd >= 0) {
2249 (void) ioctl(Pfd, I_SETSIG, S_INPUT);
2250 /*
2251 * Read pipe in message discard mode.
2252 */
2253 (void) ioctl(Pfd, I_SRDOPT, RMSGD);
2254
2255 act.sa_handler = sigpoll;
2256 act.sa_flags = 0;
2257 (void) sigemptyset(&act.sa_mask);
2258 (void) sigaddset(&act.sa_mask, SIGCLD);
2259 (void) sigaction(SIGPOLL, &act, NULL);
2260 }
2261 }
2262
2263 /*
2264 * siglvl - handle an asynchronous signal from init(1M) telling us that we
2265 * should change the current run level. We set new_state accordingly.
2266 */
2267 void
siglvl(int sig,siginfo_t * sip,ucontext_t * ucp)2268 siglvl(int sig, siginfo_t *sip, ucontext_t *ucp)
2269 {
2270 struct PROC_TABLE *process;
2271 struct sigaction act;
2272
2273 /*
2274 * If the signal was from the kernel (rather than init(1M)) then init
2275 * itself tripped the signal. That is, we might have a bug and tripped
2276 * a real SIGSEGV instead of receiving it as an alias for SIGLVLa. In
2277 * such a case we reset the disposition to SIG_DFL, block all signals
2278 * in uc_mask but the current one, and return to the interrupted ucp
2279 * to effect an appropriate death. The kernel will then restart us.
2280 *
2281 * The one exception to SI_FROMKERNEL() is SIGFPE (a.k.a. LVL6), which
2282 * the kernel can send us when it wants to effect an orderly reboot.
2283 * For this case we must also verify si_code is zero, rather than a
2284 * code such as FPE_INTDIV which a bug might have triggered.
2285 */
2286 if (sip != NULL && SI_FROMKERNEL(sip) &&
2287 (sig != SIGFPE || sip->si_code == 0)) {
2288
2289 (void) sigemptyset(&act.sa_mask);
2290 act.sa_handler = SIG_DFL;
2291 act.sa_flags = 0;
2292 (void) sigaction(sig, &act, NULL);
2293
2294 (void) sigfillset(&ucp->uc_sigmask);
2295 (void) sigdelset(&ucp->uc_sigmask, sig);
2296 ucp->uc_flags |= UC_SIGMASK;
2297
2298 (void) setcontext(ucp);
2299 }
2300
2301 /*
2302 * If the signal received is a LVLQ signal, do not really
2303 * change levels, just restate the current level. If the
2304 * signal is not a LVLQ, set the new level to the signal
2305 * received.
2306 */
2307 if (sig == LVLQ) {
2308 new_state = cur_state;
2309 lvlq_received = B_TRUE;
2310 } else {
2311 new_state = sig;
2312 }
2313
2314 /*
2315 * Clear all times and repeat counts in the process table
2316 * since either the level is changing or the user has editted
2317 * the inittab file and wants us to look at it again.
2318 * If the user has fixed a typo, we don't want residual timing
2319 * data preventing the fixed command line from executing.
2320 */
2321 for (process = proc_table;
2322 (process < proc_table + num_proc); process++) {
2323 process->p_time = 0L;
2324 process->p_count = 0;
2325 }
2326
2327 /*
2328 * Set the flag to indicate that a "user signal" was received.
2329 */
2330 wakeup.w_flags.w_usersignal = 1;
2331 }
2332
2333
2334 /*
2335 * alarmclk
2336 */
2337 static void
alarmclk()2338 alarmclk()
2339 {
2340 time_up = TRUE;
2341 }
2342
2343 /*
2344 * childeath_single():
2345 *
2346 * This used to be the SIGCLD handler and it was set with signal()
2347 * (as opposed to sigset()). When a child exited we'd come to the
2348 * handler, wait for the child, and reenable the handler with
2349 * signal() just before returning. The implementation of signal()
2350 * checks with waitid() for waitable children and sends a SIGCLD
2351 * if there are some. If children are exiting faster than the
2352 * handler can run we keep sending signals and the handler never
2353 * gets to return and eventually the stack runs out and init dies.
2354 * To prevent that we set the handler with sigset() so the handler
2355 * doesn't need to be reset, and in childeath() (see below) we
2356 * call childeath_single() as long as there are children to be
2357 * waited for. If a child exits while init is in the handler a
2358 * SIGCLD will be pending and delivered on return from the handler.
2359 * If the child was already waited for the handler will have nothing
2360 * to do and return, otherwise the child will be waited for.
2361 */
2362 static void
childeath_single(pid_t pid,int status)2363 childeath_single(pid_t pid, int status)
2364 {
2365 struct PROC_TABLE *process;
2366 struct pidlist *pp;
2367
2368 /*
2369 * Scan the process table to see if we are interested in this process.
2370 */
2371 for (process = proc_table;
2372 (process < proc_table + num_proc); process++) {
2373 if ((process->p_flags & (LIVING|OCCUPIED)) ==
2374 (LIVING|OCCUPIED) && process->p_pid == pid) {
2375
2376 /*
2377 * Mark this process as having died and store the exit
2378 * status. Also set the wakeup flag for a dead child
2379 * and break out of the loop.
2380 */
2381 process->p_flags &= ~LIVING;
2382 process->p_exit = (short)status;
2383 wakeup.w_flags.w_childdeath = 1;
2384
2385 return;
2386 }
2387 }
2388
2389 /*
2390 * No process was found above, look through auxiliary list.
2391 */
2392 (void) sighold(SIGPOLL);
2393 pp = Plhead;
2394 while (pp) {
2395 if (pid > pp->pl_pid) {
2396 /*
2397 * Keep on looking.
2398 */
2399 pp = pp->pl_next;
2400 continue;
2401 } else if (pid < pp->pl_pid) {
2402 /*
2403 * Not in the list.
2404 */
2405 break;
2406 } else {
2407 /*
2408 * This is a dead "godchild".
2409 */
2410 pp->pl_dflag = 1;
2411 pp->pl_exit = (short)status;
2412 wakeup.w_flags.w_childdeath = 1;
2413 Gchild = 1; /* Notice to call cleanaux(). */
2414 break;
2415 }
2416 }
2417
2418 (void) sigrelse(SIGPOLL);
2419 }
2420
2421 /* ARGSUSED */
2422 static void
childeath(int signo)2423 childeath(int signo)
2424 {
2425 pid_t pid;
2426 int status;
2427
2428 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
2429 childeath_single(pid, status);
2430 }
2431
2432 static void
powerfail()2433 powerfail()
2434 {
2435 (void) nice(-19);
2436 wakeup.w_flags.w_powerhit = 1;
2437 }
2438
2439 /*
2440 * efork() forks a child and the parent inserts the process in its table
2441 * of processes that are directly a result of forks that it has performed.
2442 * The child just changes the "global" with the process id for this process
2443 * to it's new value.
2444 * If efork() is called with a pointer into the proc_table it uses that slot,
2445 * otherwise it searches for a free slot. Regardless of how it was called,
2446 * it returns the pointer to the proc_table entry
2447 *
2448 * The SIGCLD signal is blocked (held) before calling efork()
2449 * and is unblocked (released) after efork() returns.
2450 *
2451 * Ideally, this should be rewritten to use modern signal semantics.
2452 */
2453 static struct PROC_TABLE *
efork(int action,struct PROC_TABLE * process,int modes)2454 efork(int action, struct PROC_TABLE *process, int modes)
2455 {
2456 pid_t childpid;
2457 struct PROC_TABLE *proc;
2458 int i;
2459 /*
2460 * Freshen up the proc_table, removing any entries for dead processes
2461 * that don't have NOCLEANUP set. Perform the necessary accounting.
2462 */
2463 for (proc = proc_table; (proc < proc_table + num_proc); proc++) {
2464 if ((proc->p_flags & (OCCUPIED|LIVING|NOCLEANUP)) ==
2465 (OCCUPIED)) {
2466 /*
2467 * Is this a named process?
2468 * If so, do the necessary bookkeeping.
2469 */
2470 if (proc->p_flags & NAMED)
2471 (void) account(DEAD_PROCESS, proc, NULL);
2472
2473 /*
2474 * Free this entry for new usage.
2475 */
2476 proc->p_flags = 0;
2477 }
2478 }
2479
2480 while ((childpid = fork()) == FAILURE) {
2481 /*
2482 * Shorten the alarm timer in case someone else's child dies
2483 * and free up a slot in the process table.
2484 */
2485 setimer(5);
2486
2487 /*
2488 * Wait for some children to die. Since efork()
2489 * is always called with SIGCLD blocked, unblock
2490 * it here so that child death signals can come in.
2491 */
2492 (void) sigrelse(SIGCLD);
2493 (void) pause();
2494 (void) sighold(SIGCLD);
2495 setimer(0);
2496 }
2497
2498 if (childpid != 0) {
2499
2500 if (process == NULLPROC) {
2501 /*
2502 * No proc table pointer specified so search
2503 * for a free slot.
2504 */
2505 for (process = proc_table; process->p_flags != 0 &&
2506 (process < proc_table + num_proc); process++)
2507 ;
2508
2509 if (process == (proc_table + num_proc)) {
2510 int old_proc_table_size = num_proc;
2511
2512 /* Increase the process table size */
2513 increase_proc_table_size();
2514 if (old_proc_table_size == num_proc) {
2515 /* didn't grow: memory failure */
2516 return (NO_ROOM);
2517 } else {
2518 process =
2519 proc_table + old_proc_table_size;
2520 }
2521 }
2522
2523 process->p_time = 0L;
2524 process->p_count = 0;
2525 }
2526 process->p_id[0] = '\0';
2527 process->p_id[1] = '\0';
2528 process->p_id[2] = '\0';
2529 process->p_id[3] = '\0';
2530 process->p_pid = childpid;
2531 process->p_flags = (LIVING | OCCUPIED | modes);
2532 process->p_exit = 0;
2533
2534 st_write();
2535 } else {
2536 if ((action & (M_WAIT | M_BOOTWAIT)) == 0)
2537 (void) setpgrp();
2538
2539 process = NULLPROC;
2540
2541 /*
2542 * Reset all signals to the system defaults.
2543 */
2544 for (i = SIGHUP; i <= SIGRTMAX; i++)
2545 (void) sigset(i, SIG_DFL);
2546
2547 /*
2548 * POSIX B.2.2.2 advises that init should set SIGTTOU,
2549 * SIGTTIN, and SIGTSTP to SIG_IGN.
2550 *
2551 * Make sure that SIGXCPU and SIGXFSZ also remain ignored,
2552 * for backward compatibility.
2553 */
2554 (void) sigset(SIGTTIN, SIG_IGN);
2555 (void) sigset(SIGTTOU, SIG_IGN);
2556 (void) sigset(SIGTSTP, SIG_IGN);
2557 (void) sigset(SIGXCPU, SIG_IGN);
2558 (void) sigset(SIGXFSZ, SIG_IGN);
2559 }
2560 return (process);
2561 }
2562
2563
2564 /*
2565 * waitproc() waits for a specified process to die. For this function to
2566 * work, the specified process must already in the proc_table. waitproc()
2567 * returns the exit status of the specified process when it dies.
2568 */
2569 static long
waitproc(struct PROC_TABLE * process)2570 waitproc(struct PROC_TABLE *process)
2571 {
2572 int answer;
2573 sigset_t oldmask, newmask, zeromask;
2574
2575 (void) sigemptyset(&zeromask);
2576 (void) sigemptyset(&newmask);
2577
2578 (void) sigaddset(&newmask, SIGCLD);
2579
2580 /* Block SIGCLD and save the current signal mask */
2581 if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
2582 perror("SIG_BLOCK error");
2583
2584 /*
2585 * Wait around until the process dies.
2586 */
2587 if (process->p_flags & LIVING)
2588 (void) sigsuspend(&zeromask);
2589
2590 /* Reset signal mask to unblock SIGCLD */
2591 if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
2592 perror("SIG_SETMASK error");
2593
2594 if (process->p_flags & LIVING)
2595 return (FAILURE);
2596
2597 /*
2598 * Make sure to only return 16 bits so that answer will always
2599 * be positive whenever the process of interest really died.
2600 */
2601 answer = (process->p_exit & 0xffff);
2602
2603 /*
2604 * Free the slot in the proc_table.
2605 */
2606 process->p_flags = 0;
2607 return (answer);
2608 }
2609
2610 /*
2611 * notify_pam_dead(): calls into the PAM framework to close the given session.
2612 */
2613 static void
notify_pam_dead(struct utmpx * up)2614 notify_pam_dead(struct utmpx *up)
2615 {
2616 pam_handle_t *pamh;
2617 char user[sizeof (up->ut_user) + 1];
2618 char ttyn[sizeof (up->ut_line) + 1];
2619 char host[sizeof (up->ut_host) + 1];
2620
2621 /*
2622 * PAM does not take care of updating utmpx/wtmpx.
2623 */
2624 (void) snprintf(user, sizeof (user), "%s", up->ut_user);
2625 (void) snprintf(ttyn, sizeof (ttyn), "%s", up->ut_line);
2626 (void) snprintf(host, sizeof (host), "%s", up->ut_host);
2627
2628 if (pam_start("init", user, NULL, &pamh) == PAM_SUCCESS) {
2629 (void) pam_set_item(pamh, PAM_TTY, ttyn);
2630 (void) pam_set_item(pamh, PAM_RHOST, host);
2631 (void) pam_close_session(pamh, 0);
2632 (void) pam_end(pamh, PAM_SUCCESS);
2633 }
2634 }
2635
2636 /*
2637 * Check you can access utmpx (As / may be read-only and
2638 * /var may not be mounted yet).
2639 */
2640 static int
access_utmpx(void)2641 access_utmpx(void)
2642 {
2643 do {
2644 utmpx_ok = (access(UTMPX, R_OK|W_OK) == 0);
2645 } while (!utmpx_ok && errno == EINTR);
2646
2647 return (utmpx_ok);
2648 }
2649
2650 /*
2651 * account() updates entries in utmpx and appends new entries to the end of
2652 * wtmpx (assuming they exist). The program argument indicates the name of
2653 * program if INIT_PROCESS, otherwise should be NULL.
2654 *
2655 * account() only blocks for INIT_PROCESS requests.
2656 *
2657 * Returns non-zero if write failed.
2658 */
2659 static int
account(short state,struct PROC_TABLE * process,char * program)2660 account(short state, struct PROC_TABLE *process, char *program)
2661 {
2662 struct utmpx utmpbuf, *u, *oldu;
2663 int tmplen;
2664 char fail_buf[UT_LINE_SZ];
2665 sigset_t block, unblock;
2666
2667 if (!utmpx_ok && !access_utmpx()) {
2668 return (-1);
2669 }
2670
2671 /*
2672 * Set up the prototype for the utmp structure we want to write.
2673 */
2674 u = &utmpbuf;
2675 (void) memset(u, 0, sizeof (struct utmpx));
2676
2677 /*
2678 * Fill in the various fields of the utmp structure.
2679 */
2680 u->ut_id[0] = process->p_id[0];
2681 u->ut_id[1] = process->p_id[1];
2682 u->ut_id[2] = process->p_id[2];
2683 u->ut_id[3] = process->p_id[3];
2684 u->ut_pid = process->p_pid;
2685
2686 /*
2687 * Fill the "ut_exit" structure.
2688 */
2689 u->ut_exit.e_termination = WTERMSIG(process->p_exit);
2690 u->ut_exit.e_exit = WEXITSTATUS(process->p_exit);
2691 u->ut_type = state;
2692
2693 (void) time(&u->ut_tv.tv_sec);
2694
2695 /*
2696 * Block signals for utmp update.
2697 */
2698 (void) sigfillset(&block);
2699 (void) sigprocmask(SIG_BLOCK, &block, &unblock);
2700
2701 /*
2702 * See if there already is such an entry in the "utmpx" file.
2703 */
2704 setutxent(); /* Start at beginning of utmpx file. */
2705
2706 if ((oldu = getutxid(u)) != NULL) {
2707 /*
2708 * Copy in the old "user", "line" and "host" fields
2709 * to our new structure.
2710 */
2711 bcopy(oldu->ut_user, u->ut_user, sizeof (u->ut_user));
2712 bcopy(oldu->ut_line, u->ut_line, sizeof (u->ut_line));
2713 bcopy(oldu->ut_host, u->ut_host, sizeof (u->ut_host));
2714 u->ut_syslen = (tmplen = strlen(u->ut_host)) ?
2715 min(tmplen + 1, sizeof (u->ut_host)) : 0;
2716
2717 if (oldu->ut_type == USER_PROCESS && state == DEAD_PROCESS) {
2718 notify_pam_dead(oldu);
2719 }
2720 }
2721
2722 /*
2723 * Perform special accounting. Insert the special string into the
2724 * ut_line array. For INIT_PROCESSes put in the name of the
2725 * program in the "ut_user" field.
2726 */
2727 switch (state) {
2728 case INIT_PROCESS:
2729 (void) strncpy(u->ut_user, program, sizeof (u->ut_user));
2730 (void) strcpy(fail_buf, "INIT_PROCESS");
2731 break;
2732
2733 default:
2734 (void) strlcpy(fail_buf, u->ut_id, sizeof (u->ut_id) + 1);
2735 break;
2736 }
2737
2738 /*
2739 * Write out the updated entry to utmpx file.
2740 */
2741 if (pututxline(u) == NULL) {
2742 console(B_TRUE, "Failed write of utmpx entry: \"%s\": %s\n",
2743 fail_buf, strerror(errno));
2744 endutxent();
2745 (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2746 return (-1);
2747 }
2748
2749 /*
2750 * If we're able to write to utmpx, then attempt to add to the
2751 * end of the wtmpx file.
2752 */
2753 updwtmpx(WTMPX, u);
2754
2755 endutxent();
2756
2757 (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2758
2759 return (0);
2760 }
2761
2762 static void
clearent(pid_t pid,short status)2763 clearent(pid_t pid, short status)
2764 {
2765 struct utmpx *up;
2766 sigset_t block, unblock;
2767
2768 /*
2769 * Block signals for utmp update.
2770 */
2771 (void) sigfillset(&block);
2772 (void) sigprocmask(SIG_BLOCK, &block, &unblock);
2773
2774 /*
2775 * No error checking for now.
2776 */
2777
2778 setutxent();
2779 while (up = getutxent()) {
2780 if (up->ut_pid == pid) {
2781 if (up->ut_type == DEAD_PROCESS) {
2782 /*
2783 * Cleaned up elsewhere.
2784 */
2785 continue;
2786 }
2787
2788 notify_pam_dead(up);
2789
2790 up->ut_type = DEAD_PROCESS;
2791 up->ut_exit.e_termination = WTERMSIG(status);
2792 up->ut_exit.e_exit = WEXITSTATUS(status);
2793 (void) time(&up->ut_tv.tv_sec);
2794
2795 (void) pututxline(up);
2796 /*
2797 * Now attempt to add to the end of the
2798 * wtmp and wtmpx files. Do not create
2799 * if they don't already exist.
2800 */
2801 updwtmpx(WTMPX, up);
2802
2803 break;
2804 }
2805 }
2806
2807 endutxent();
2808 (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2809 }
2810
2811 /*
2812 * prog_name() searches for the word or unix path name and
2813 * returns a pointer to the last element of the pathname.
2814 */
2815 static char *
prog_name(char * string)2816 prog_name(char *string)
2817 {
2818 char *ptr, *ptr2;
2819 static char word[UT_USER_SZ + 1];
2820
2821 /*
2822 * Search for the first word skipping leading spaces and tabs.
2823 */
2824 while (*string == ' ' || *string == '\t')
2825 string++;
2826
2827 /*
2828 * If the first non-space non-tab character is not one allowed in
2829 * a word, return a pointer to a null string, otherwise parse the
2830 * pathname.
2831 */
2832 if (*string != '.' && *string != '/' && *string != '_' &&
2833 (*string < 'a' || *string > 'z') &&
2834 (*string < 'A' || * string > 'Z') &&
2835 (*string < '0' || *string > '9'))
2836 return ("");
2837
2838 /*
2839 * Parse the pathname looking forward for '/', ' ', '\t', '\n' or
2840 * '\0'. Each time a '/' is found, move "ptr" to one past the
2841 * '/', thus when a ' ', '\t', '\n', or '\0' is found, "ptr" will
2842 * point to the last element of the pathname.
2843 */
2844 for (ptr = string; *string != ' ' && *string != '\t' &&
2845 *string != '\n' && *string != '\0'; string++) {
2846 if (*string == '/')
2847 ptr = string+1;
2848 }
2849
2850 /*
2851 * Copy out up to the size of the "ut_user" array into "word",
2852 * null terminate it and return a pointer to it.
2853 */
2854 for (ptr2 = &word[0]; ptr2 < &word[UT_USER_SZ] &&
2855 ptr < string; /* CSTYLED */)
2856 *ptr2++ = *ptr++;
2857
2858 *ptr2 = '\0';
2859 return (&word[0]);
2860 }
2861
2862
2863 /*
2864 * realcon() returns a nonzero value if there is a character device
2865 * associated with SYSCON that has the same device number as CONSOLE.
2866 */
2867 static int
realcon()2868 realcon()
2869 {
2870 struct stat sconbuf, conbuf;
2871
2872 if (stat(SYSCON, &sconbuf) != -1 &&
2873 stat(CONSOLE, &conbuf) != -1 &&
2874 S_ISCHR(sconbuf.st_mode) &&
2875 S_ISCHR(conbuf.st_mode) &&
2876 sconbuf.st_rdev == conbuf.st_rdev) {
2877 return (1);
2878 } else {
2879 return (0);
2880 }
2881 }
2882
2883
2884 /*
2885 * get_ioctl_syscon() retrieves the SYSCON settings from the IOCTLSYSCON file.
2886 * Returns true if the IOCTLSYSCON file needs to be written (with
2887 * write_ioctl_syscon() below)
2888 */
2889 static int
get_ioctl_syscon()2890 get_ioctl_syscon()
2891 {
2892 FILE *fp;
2893 unsigned int iflags, oflags, cflags, lflags, ldisc, cc[18];
2894 int i, valid_format = 0;
2895
2896 /*
2897 * Read in the previous modes for SYSCON from IOCTLSYSCON.
2898 */
2899 if ((fp = fopen(IOCTLSYSCON, "r")) == NULL) {
2900 stored_syscon_termios = dflt_termios;
2901 console(B_TRUE,
2902 "warning:%s does not exist, default settings assumed\n",
2903 IOCTLSYSCON);
2904 } else {
2905
2906 i = fscanf(fp,
2907 "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x",
2908 &iflags, &oflags, &cflags, &lflags,
2909 &cc[0], &cc[1], &cc[2], &cc[3], &cc[4], &cc[5], &cc[6],
2910 &cc[7], &cc[8], &cc[9], &cc[10], &cc[11], &cc[12], &cc[13],
2911 &cc[14], &cc[15], &cc[16], &cc[17]);
2912
2913 if (i == 22) {
2914 stored_syscon_termios.c_iflag = iflags;
2915 stored_syscon_termios.c_oflag = oflags;
2916 stored_syscon_termios.c_cflag = cflags;
2917 stored_syscon_termios.c_lflag = lflags;
2918 for (i = 0; i < 18; i++)
2919 stored_syscon_termios.c_cc[i] = (char)cc[i];
2920 valid_format = 1;
2921 } else if (i == 13) {
2922 rewind(fp);
2923 i = fscanf(fp, "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x",
2924 &iflags, &oflags, &cflags, &lflags, &ldisc, &cc[0], &cc[1],
2925 &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], &cc[7]);
2926
2927 /*
2928 * If the file is formatted properly, use the values to
2929 * initialize the console terminal condition.
2930 */
2931 stored_syscon_termios.c_iflag = (ushort_t)iflags;
2932 stored_syscon_termios.c_oflag = (ushort_t)oflags;
2933 stored_syscon_termios.c_cflag = (ushort_t)cflags;
2934 stored_syscon_termios.c_lflag = (ushort_t)lflags;
2935 for (i = 0; i < 8; i++)
2936 stored_syscon_termios.c_cc[i] = (char)cc[i];
2937 valid_format = 1;
2938 }
2939 (void) fclose(fp);
2940
2941 /* If the file is badly formatted, use the default settings. */
2942 if (!valid_format)
2943 stored_syscon_termios = dflt_termios;
2944 }
2945
2946 /* If the file had a bad format, rewrite it later. */
2947 return (!valid_format);
2948 }
2949
2950
2951 static void
write_ioctl_syscon()2952 write_ioctl_syscon()
2953 {
2954 FILE *fp;
2955 int i;
2956
2957 (void) unlink(SYSCON);
2958 (void) link(SYSTTY, SYSCON);
2959 (void) umask(022);
2960 fp = fopen(IOCTLSYSCON, "w");
2961
2962 (void) fprintf(fp, "%x:%x:%x:%x:0", stored_syscon_termios.c_iflag,
2963 stored_syscon_termios.c_oflag, stored_syscon_termios.c_cflag,
2964 stored_syscon_termios.c_lflag);
2965 for (i = 0; i < 8; ++i)
2966 (void) fprintf(fp, ":%x", stored_syscon_termios.c_cc[i]);
2967 (void) putc('\n', fp);
2968
2969 (void) fflush(fp);
2970 (void) fsync(fileno(fp));
2971 (void) fclose(fp);
2972 (void) umask(cmask);
2973 }
2974
2975
2976 /*
2977 * void console(boolean_t, char *, ...)
2978 * Outputs the requested message to the system console. Note that the number
2979 * of arguments passed to console() should be determined by the print format.
2980 *
2981 * The "prefix" parameter indicates whether or not "INIT: " should precede the
2982 * message.
2983 *
2984 * To make sure we write to the console in a sane fashion, we use the modes
2985 * we keep in stored_syscon_termios (which we read out of /etc/ioctl.syscon).
2986 * Afterwards we restore whatever modes were already there.
2987 */
2988 /* PRINTFLIKE2 */
2989 static void
console(boolean_t prefix,char * format,...)2990 console(boolean_t prefix, char *format, ...)
2991 {
2992 char outbuf[BUFSIZ];
2993 va_list args;
2994 int fd, getret;
2995 struct termios old_syscon_termios;
2996 FILE *f;
2997
2998 /*
2999 * We open SYSCON anew each time in case it has changed (see
3000 * userinit()).
3001 */
3002 if ((fd = open(SYSCON, O_RDWR | O_NOCTTY)) < 0 ||
3003 (f = fdopen(fd, "r+")) == NULL) {
3004 if (prefix)
3005 syslog(LOG_WARNING, "INIT: ");
3006 va_start(args, format);
3007 vsyslog(LOG_WARNING, format, args);
3008 va_end(args);
3009 if (fd >= 0)
3010 (void) close(fd);
3011 return;
3012 }
3013 setbuf(f, &outbuf[0]);
3014
3015 getret = tcgetattr(fd, &old_syscon_termios);
3016 old_syscon_termios.c_cflag &= ~HUPCL;
3017 if (realcon())
3018 /* Don't overwrite cflag of real console. */
3019 stored_syscon_termios.c_cflag = old_syscon_termios.c_cflag;
3020
3021 stored_syscon_termios.c_cflag &= ~HUPCL;
3022
3023 (void) tcsetattr(fd, TCSANOW, &stored_syscon_termios);
3024
3025 if (prefix)
3026 (void) fprintf(f, "\nINIT: ");
3027 va_start(args, format);
3028 (void) vfprintf(f, format, args);
3029 va_end(args);
3030
3031 if (getret == 0)
3032 (void) tcsetattr(fd, TCSADRAIN, &old_syscon_termios);
3033
3034 (void) fclose(f);
3035 }
3036
3037 /*
3038 * timer() is a substitute for sleep() which uses alarm() and pause().
3039 */
3040 static void
timer(int waitime)3041 timer(int waitime)
3042 {
3043 setimer(waitime);
3044 while (time_up == FALSE)
3045 (void) pause();
3046 }
3047
3048 static void
setimer(int timelimit)3049 setimer(int timelimit)
3050 {
3051 alarmclk();
3052 (void) alarm(timelimit);
3053 time_up = (timelimit ? FALSE : TRUE);
3054 }
3055
3056 /*
3057 * Fails with
3058 * ENOMEM - out of memory
3059 * ECONNABORTED - repository connection broken
3060 * EPERM - permission denied
3061 * EACCES - backend access denied
3062 * EROFS - backend readonly
3063 */
3064 static int
get_or_add_startd(scf_instance_t * inst)3065 get_or_add_startd(scf_instance_t *inst)
3066 {
3067 scf_handle_t *h;
3068 scf_scope_t *scope = NULL;
3069 scf_service_t *svc = NULL;
3070 int ret = 0;
3071
3072 h = scf_instance_handle(inst);
3073
3074 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst,
3075 NULL, NULL, SCF_DECODE_FMRI_EXACT) == 0)
3076 return (0);
3077
3078 switch (scf_error()) {
3079 case SCF_ERROR_CONNECTION_BROKEN:
3080 return (ECONNABORTED);
3081
3082 case SCF_ERROR_NOT_FOUND:
3083 break;
3084
3085 case SCF_ERROR_HANDLE_MISMATCH:
3086 case SCF_ERROR_INVALID_ARGUMENT:
3087 case SCF_ERROR_CONSTRAINT_VIOLATED:
3088 default:
3089 bad_error("scf_handle_decode_fmri", scf_error());
3090 }
3091
3092 /* Make sure we're right, since we're adding piece-by-piece. */
3093 assert(strcmp(SCF_SERVICE_STARTD,
3094 "svc:/system/svc/restarter:default") == 0);
3095
3096 if ((scope = scf_scope_create(h)) == NULL ||
3097 (svc = scf_service_create(h)) == NULL) {
3098 ret = ENOMEM;
3099 goto out;
3100 }
3101
3102 get_scope:
3103 if (scf_handle_get_scope(h, SCF_SCOPE_LOCAL, scope) != 0) {
3104 switch (scf_error()) {
3105 case SCF_ERROR_CONNECTION_BROKEN:
3106 ret = ECONNABORTED;
3107 goto out;
3108
3109 case SCF_ERROR_NOT_FOUND:
3110 (void) fputs(gettext(
3111 "smf(5) repository missing local scope.\n"),
3112 stderr);
3113 exit(1);
3114 /* NOTREACHED */
3115
3116 case SCF_ERROR_HANDLE_MISMATCH:
3117 case SCF_ERROR_INVALID_ARGUMENT:
3118 default:
3119 bad_error("scf_handle_get_scope", scf_error());
3120 }
3121 }
3122
3123 get_svc:
3124 if (scf_scope_get_service(scope, "system/svc/restarter", svc) != 0) {
3125 switch (scf_error()) {
3126 case SCF_ERROR_CONNECTION_BROKEN:
3127 ret = ECONNABORTED;
3128 goto out;
3129
3130 case SCF_ERROR_DELETED:
3131 goto get_scope;
3132
3133 case SCF_ERROR_NOT_FOUND:
3134 break;
3135
3136 case SCF_ERROR_HANDLE_MISMATCH:
3137 case SCF_ERROR_INVALID_ARGUMENT:
3138 case SCF_ERROR_NOT_SET:
3139 default:
3140 bad_error("scf_scope_get_service", scf_error());
3141 }
3142
3143 add_svc:
3144 if (scf_scope_add_service(scope, "system/svc/restarter", svc) !=
3145 0) {
3146 switch (scf_error()) {
3147 case SCF_ERROR_CONNECTION_BROKEN:
3148 ret = ECONNABORTED;
3149 goto out;
3150
3151 case SCF_ERROR_EXISTS:
3152 goto get_svc;
3153
3154 case SCF_ERROR_PERMISSION_DENIED:
3155 ret = EPERM;
3156 goto out;
3157
3158 case SCF_ERROR_BACKEND_ACCESS:
3159 ret = EACCES;
3160 goto out;
3161
3162 case SCF_ERROR_BACKEND_READONLY:
3163 ret = EROFS;
3164 goto out;
3165
3166 case SCF_ERROR_HANDLE_MISMATCH:
3167 case SCF_ERROR_INVALID_ARGUMENT:
3168 case SCF_ERROR_NOT_SET:
3169 default:
3170 bad_error("scf_scope_add_service", scf_error());
3171 }
3172 }
3173 }
3174
3175 get_inst:
3176 if (scf_service_get_instance(svc, "default", inst) != 0) {
3177 switch (scf_error()) {
3178 case SCF_ERROR_CONNECTION_BROKEN:
3179 ret = ECONNABORTED;
3180 goto out;
3181
3182 case SCF_ERROR_DELETED:
3183 goto add_svc;
3184
3185 case SCF_ERROR_NOT_FOUND:
3186 break;
3187
3188 case SCF_ERROR_HANDLE_MISMATCH:
3189 case SCF_ERROR_INVALID_ARGUMENT:
3190 case SCF_ERROR_NOT_SET:
3191 default:
3192 bad_error("scf_service_get_instance", scf_error());
3193 }
3194
3195 if (scf_service_add_instance(svc, "default", inst) !=
3196 0) {
3197 switch (scf_error()) {
3198 case SCF_ERROR_CONNECTION_BROKEN:
3199 ret = ECONNABORTED;
3200 goto out;
3201
3202 case SCF_ERROR_DELETED:
3203 goto add_svc;
3204
3205 case SCF_ERROR_EXISTS:
3206 goto get_inst;
3207
3208 case SCF_ERROR_PERMISSION_DENIED:
3209 ret = EPERM;
3210 goto out;
3211
3212 case SCF_ERROR_BACKEND_ACCESS:
3213 ret = EACCES;
3214 goto out;
3215
3216 case SCF_ERROR_BACKEND_READONLY:
3217 ret = EROFS;
3218 goto out;
3219
3220 case SCF_ERROR_HANDLE_MISMATCH:
3221 case SCF_ERROR_INVALID_ARGUMENT:
3222 case SCF_ERROR_NOT_SET:
3223 default:
3224 bad_error("scf_service_add_instance",
3225 scf_error());
3226 }
3227 }
3228 }
3229
3230 ret = 0;
3231
3232 out:
3233 scf_service_destroy(svc);
3234 scf_scope_destroy(scope);
3235 return (ret);
3236 }
3237
3238 /*
3239 * Fails with
3240 * ECONNABORTED - repository connection broken
3241 * ECANCELED - the transaction's property group was deleted
3242 */
3243 static int
transaction_add_set(scf_transaction_t * tx,scf_transaction_entry_t * ent,const char * pname,scf_type_t type)3244 transaction_add_set(scf_transaction_t *tx, scf_transaction_entry_t *ent,
3245 const char *pname, scf_type_t type)
3246 {
3247 change_type:
3248 if (scf_transaction_property_change_type(tx, ent, pname, type) == 0)
3249 return (0);
3250
3251 switch (scf_error()) {
3252 case SCF_ERROR_CONNECTION_BROKEN:
3253 return (ECONNABORTED);
3254
3255 case SCF_ERROR_DELETED:
3256 return (ECANCELED);
3257
3258 case SCF_ERROR_NOT_FOUND:
3259 goto new;
3260
3261 case SCF_ERROR_HANDLE_MISMATCH:
3262 case SCF_ERROR_INVALID_ARGUMENT:
3263 case SCF_ERROR_NOT_BOUND:
3264 case SCF_ERROR_NOT_SET:
3265 default:
3266 bad_error("scf_transaction_property_change_type", scf_error());
3267 }
3268
3269 new:
3270 if (scf_transaction_property_new(tx, ent, pname, type) == 0)
3271 return (0);
3272
3273 switch (scf_error()) {
3274 case SCF_ERROR_CONNECTION_BROKEN:
3275 return (ECONNABORTED);
3276
3277 case SCF_ERROR_DELETED:
3278 return (ECANCELED);
3279
3280 case SCF_ERROR_EXISTS:
3281 goto change_type;
3282
3283 case SCF_ERROR_HANDLE_MISMATCH:
3284 case SCF_ERROR_INVALID_ARGUMENT:
3285 case SCF_ERROR_NOT_BOUND:
3286 case SCF_ERROR_NOT_SET:
3287 default:
3288 bad_error("scf_transaction_property_new", scf_error());
3289 /* NOTREACHED */
3290 }
3291 }
3292
3293 static void
scferr(void)3294 scferr(void)
3295 {
3296 switch (scf_error()) {
3297 case SCF_ERROR_NO_MEMORY:
3298 console(B_TRUE, gettext("Out of memory.\n"));
3299 break;
3300
3301 case SCF_ERROR_CONNECTION_BROKEN:
3302 console(B_TRUE, gettext(
3303 "Connection to smf(5) repository server broken.\n"));
3304 break;
3305
3306 case SCF_ERROR_NO_RESOURCES:
3307 console(B_TRUE, gettext(
3308 "smf(5) repository server is out of memory.\n"));
3309 break;
3310
3311 case SCF_ERROR_PERMISSION_DENIED:
3312 console(B_TRUE, gettext("Insufficient privileges.\n"));
3313 break;
3314
3315 default:
3316 console(B_TRUE, gettext("libscf error: %s\n"),
3317 scf_strerror(scf_error()));
3318 }
3319 }
3320
3321 static void
lscf_set_runlevel(char rl)3322 lscf_set_runlevel(char rl)
3323 {
3324 scf_handle_t *h;
3325 scf_instance_t *inst = NULL;
3326 scf_propertygroup_t *pg = NULL;
3327 scf_transaction_t *tx = NULL;
3328 scf_transaction_entry_t *ent = NULL;
3329 scf_value_t *val = NULL;
3330 char buf[2];
3331 int r;
3332
3333 h = scf_handle_create(SCF_VERSION);
3334 if (h == NULL) {
3335 scferr();
3336 return;
3337 }
3338
3339 if (scf_handle_bind(h) != 0) {
3340 switch (scf_error()) {
3341 case SCF_ERROR_NO_SERVER:
3342 console(B_TRUE,
3343 gettext("smf(5) repository server not running.\n"));
3344 goto bail;
3345
3346 default:
3347 scferr();
3348 goto bail;
3349 }
3350 }
3351
3352 if ((inst = scf_instance_create(h)) == NULL ||
3353 (pg = scf_pg_create(h)) == NULL ||
3354 (val = scf_value_create(h)) == NULL ||
3355 (tx = scf_transaction_create(h)) == NULL ||
3356 (ent = scf_entry_create(h)) == NULL) {
3357 scferr();
3358 goto bail;
3359 }
3360
3361 get_inst:
3362 r = get_or_add_startd(inst);
3363 switch (r) {
3364 case 0:
3365 break;
3366
3367 case ENOMEM:
3368 case ECONNABORTED:
3369 case EPERM:
3370 case EACCES:
3371 case EROFS:
3372 scferr();
3373 goto bail;
3374 default:
3375 bad_error("get_or_add_startd", r);
3376 }
3377
3378 get_pg:
3379 if (scf_instance_get_pg(inst, SCF_PG_OPTIONS_OVR, pg) != 0) {
3380 switch (scf_error()) {
3381 case SCF_ERROR_CONNECTION_BROKEN:
3382 scferr();
3383 goto bail;
3384
3385 case SCF_ERROR_DELETED:
3386 goto get_inst;
3387
3388 case SCF_ERROR_NOT_FOUND:
3389 break;
3390
3391 case SCF_ERROR_HANDLE_MISMATCH:
3392 case SCF_ERROR_INVALID_ARGUMENT:
3393 case SCF_ERROR_NOT_SET:
3394 default:
3395 bad_error("scf_instance_get_pg", scf_error());
3396 }
3397
3398 add_pg:
3399 if (scf_instance_add_pg(inst, SCF_PG_OPTIONS_OVR,
3400 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, pg) !=
3401 0) {
3402 switch (scf_error()) {
3403 case SCF_ERROR_CONNECTION_BROKEN:
3404 case SCF_ERROR_PERMISSION_DENIED:
3405 case SCF_ERROR_BACKEND_ACCESS:
3406 scferr();
3407 goto bail;
3408
3409 case SCF_ERROR_DELETED:
3410 goto get_inst;
3411
3412 case SCF_ERROR_EXISTS:
3413 goto get_pg;
3414
3415 case SCF_ERROR_HANDLE_MISMATCH:
3416 case SCF_ERROR_INVALID_ARGUMENT:
3417 case SCF_ERROR_NOT_SET:
3418 default:
3419 bad_error("scf_instance_add_pg", scf_error());
3420 }
3421 }
3422 }
3423
3424 buf[0] = rl;
3425 buf[1] = '\0';
3426 r = scf_value_set_astring(val, buf);
3427 assert(r == 0);
3428
3429 for (;;) {
3430 if (scf_transaction_start(tx, pg) != 0) {
3431 switch (scf_error()) {
3432 case SCF_ERROR_CONNECTION_BROKEN:
3433 case SCF_ERROR_PERMISSION_DENIED:
3434 case SCF_ERROR_BACKEND_ACCESS:
3435 scferr();
3436 goto bail;
3437
3438 case SCF_ERROR_DELETED:
3439 goto add_pg;
3440
3441 case SCF_ERROR_HANDLE_MISMATCH:
3442 case SCF_ERROR_NOT_BOUND:
3443 case SCF_ERROR_IN_USE:
3444 case SCF_ERROR_NOT_SET:
3445 default:
3446 bad_error("scf_transaction_start", scf_error());
3447 }
3448 }
3449
3450 r = transaction_add_set(tx, ent, "runlevel", SCF_TYPE_ASTRING);
3451 switch (r) {
3452 case 0:
3453 break;
3454
3455 case ECONNABORTED:
3456 scferr();
3457 goto bail;
3458
3459 case ECANCELED:
3460 scf_transaction_reset(tx);
3461 goto add_pg;
3462
3463 default:
3464 bad_error("transaction_add_set", r);
3465 }
3466
3467 r = scf_entry_add_value(ent, val);
3468 assert(r == 0);
3469
3470 r = scf_transaction_commit(tx);
3471 if (r == 1)
3472 break;
3473
3474 if (r != 0) {
3475 switch (scf_error()) {
3476 case SCF_ERROR_CONNECTION_BROKEN:
3477 case SCF_ERROR_PERMISSION_DENIED:
3478 case SCF_ERROR_BACKEND_ACCESS:
3479 case SCF_ERROR_BACKEND_READONLY:
3480 scferr();
3481 goto bail;
3482
3483 case SCF_ERROR_DELETED:
3484 scf_transaction_reset(tx);
3485 goto add_pg;
3486
3487 case SCF_ERROR_INVALID_ARGUMENT:
3488 case SCF_ERROR_NOT_BOUND:
3489 case SCF_ERROR_NOT_SET:
3490 default:
3491 bad_error("scf_transaction_commit",
3492 scf_error());
3493 }
3494 }
3495
3496 scf_transaction_reset(tx);
3497 (void) scf_pg_update(pg);
3498 }
3499
3500 bail:
3501 scf_transaction_destroy(tx);
3502 scf_entry_destroy(ent);
3503 scf_value_destroy(val);
3504 scf_pg_destroy(pg);
3505 scf_instance_destroy(inst);
3506
3507 (void) scf_handle_unbind(h);
3508 scf_handle_destroy(h);
3509 }
3510
3511 /*
3512 * Function to handle requests from users to main init running as process 1.
3513 */
3514 static void
userinit(int argc,char ** argv)3515 userinit(int argc, char **argv)
3516 {
3517 FILE *fp;
3518 char *ln;
3519 int init_signal;
3520 struct stat sconbuf, conbuf;
3521 const char *usage_msg = "Usage: init [0123456SsQqabc]\n";
3522
3523 /*
3524 * We are a user invoked init. Is there an argument and is it
3525 * a single character? If not, print usage message and quit.
3526 */
3527 if (argc != 2 || argv[1][1] != '\0') {
3528 (void) fprintf(stderr, usage_msg);
3529 exit(0);
3530 }
3531
3532 if ((init_signal = lvlname_to_state((char)argv[1][0])) == -1) {
3533 (void) fprintf(stderr, usage_msg);
3534 (void) audit_put_record(ADT_FAILURE, ADT_FAIL_VALUE_BAD_CMD,
3535 argv[1]);
3536 exit(1);
3537 }
3538
3539 if (init_signal == SINGLE_USER) {
3540 /*
3541 * Make sure this process is talking to a legal tty line
3542 * and that /dev/syscon is linked to this line.
3543 */
3544 ln = ttyname(0); /* Get the name of tty */
3545 if (ln == NULL) {
3546 (void) fprintf(stderr,
3547 "Standard input not a tty line\n");
3548 (void) audit_put_record(ADT_FAILURE,
3549 ADT_FAIL_VALUE_BAD_TTY, argv[1]);
3550 exit(1);
3551 }
3552
3553 if ((stat(ln, &sconbuf) != -1) &&
3554 (stat(SYSCON, &conbuf) == -1 ||
3555 sconbuf.st_rdev != conbuf.st_rdev)) {
3556 /*
3557 * /dev/syscon needs to change.
3558 * Unlink /dev/syscon and relink it to the current line.
3559 */
3560 if (lstat(SYSCON, &conbuf) != -1 &&
3561 unlink(SYSCON) == FAILURE) {
3562 perror("Can't unlink /dev/syscon");
3563 (void) fprintf(stderr,
3564 "Run command on the system console.\n");
3565 (void) audit_put_record(ADT_FAILURE,
3566 ADT_FAIL_VALUE_PROGRAM, argv[1]);
3567 exit(1);
3568 }
3569 if (symlink(ln, SYSCON) == FAILURE) {
3570 (void) fprintf(stderr,
3571 "Can't symlink /dev/syscon to %s: %s", ln,
3572 strerror(errno));
3573
3574 /* Try to leave a syscon */
3575 (void) link(SYSTTY, SYSCON);
3576 (void) audit_put_record(ADT_FAILURE,
3577 ADT_FAIL_VALUE_PROGRAM, argv[1]);
3578 exit(1);
3579 }
3580
3581 /*
3582 * Try to leave a message on system console saying where
3583 * /dev/syscon is currently connected.
3584 */
3585 if ((fp = fopen(SYSTTY, "r+")) != NULL) {
3586 (void) fprintf(fp,
3587 "\n**** SYSCON CHANGED TO %s ****\n",
3588 ln);
3589 (void) fclose(fp);
3590 }
3591 }
3592 }
3593
3594 update_boot_archive(init_signal);
3595
3596 (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]);
3597
3598 /*
3599 * Signal init; init will take care of telling svc.startd.
3600 */
3601 if (kill(init_pid, init_signal) == FAILURE) {
3602 (void) fprintf(stderr, "Must be super-user\n");
3603 (void) audit_put_record(ADT_FAILURE,
3604 ADT_FAIL_VALUE_AUTH, argv[1]);
3605 exit(1);
3606 }
3607
3608 exit(0);
3609 }
3610
3611
3612 #define DELTA 25 /* Number of pidlist elements to allocate at a time */
3613
3614 /* ARGSUSED */
3615 void
sigpoll(int n)3616 sigpoll(int n)
3617 {
3618 struct pidrec prec;
3619 struct pidrec *p = ≺
3620 struct pidlist *plp;
3621 struct pidlist *tp, *savetp;
3622 int i;
3623
3624 if (Pfd < 0) {
3625 return;
3626 }
3627
3628 for (;;) {
3629 /*
3630 * Important Note: Either read will really fail (in which case
3631 * return is all we can do) or will get EAGAIN (Pfd was opened
3632 * O_NDELAY), in which case we also want to return.
3633 * Always return from here!
3634 */
3635 if (read(Pfd, p, sizeof (struct pidrec)) !=
3636 sizeof (struct pidrec)) {
3637 return;
3638 }
3639 switch (p->pd_type) {
3640
3641 case ADDPID:
3642 /*
3643 * New "godchild", add to list.
3644 */
3645 if (Plfree == NULL) {
3646 plp = (struct pidlist *)calloc(DELTA,
3647 sizeof (struct pidlist));
3648 if (plp == NULL) {
3649 /* Can't save pid */
3650 break;
3651 }
3652 /*
3653 * Point at 2nd record allocated, we'll use plp.
3654 */
3655 tp = plp + 1;
3656 /*
3657 * Link them into a chain.
3658 */
3659 Plfree = tp;
3660 for (i = 0; i < DELTA - 2; i++) {
3661 tp->pl_next = tp + 1;
3662 tp++;
3663 }
3664 } else {
3665 plp = Plfree;
3666 Plfree = plp->pl_next;
3667 }
3668 plp->pl_pid = p->pd_pid;
3669 plp->pl_dflag = 0;
3670 plp->pl_next = NULL;
3671 /*
3672 * Note - pid list is kept in increasing order of pids.
3673 */
3674 if (Plhead == NULL) {
3675 Plhead = plp;
3676 /* Back up to read next record */
3677 break;
3678 } else {
3679 savetp = tp = Plhead;
3680 while (tp) {
3681 if (plp->pl_pid > tp->pl_pid) {
3682 savetp = tp;
3683 tp = tp->pl_next;
3684 continue;
3685 } else if (plp->pl_pid < tp->pl_pid) {
3686 if (tp == Plhead) {
3687 plp->pl_next = Plhead;
3688 Plhead = plp;
3689 } else {
3690 plp->pl_next =
3691 savetp->pl_next;
3692 savetp->pl_next = plp;
3693 }
3694 break;
3695 } else {
3696 /* Already in list! */
3697 plp->pl_next = Plfree;
3698 Plfree = plp;
3699 break;
3700 }
3701 }
3702 if (tp == NULL) {
3703 /* Add to end of list */
3704 savetp->pl_next = plp;
3705 }
3706 }
3707 /* Back up to read next record. */
3708 break;
3709
3710 case REMPID:
3711 /*
3712 * This one was handled by someone else,
3713 * purge it from the list.
3714 */
3715 if (Plhead == NULL) {
3716 /* Back up to read next record. */
3717 break;
3718 }
3719 savetp = tp = Plhead;
3720 while (tp) {
3721 if (p->pd_pid > tp->pl_pid) {
3722 /* Keep on looking. */
3723 savetp = tp;
3724 tp = tp->pl_next;
3725 continue;
3726 } else if (p->pd_pid < tp->pl_pid) {
3727 /* Not in list. */
3728 break;
3729 } else {
3730 /* Found it. */
3731 if (tp == Plhead)
3732 Plhead = tp->pl_next;
3733 else
3734 savetp->pl_next = tp->pl_next;
3735 tp->pl_next = Plfree;
3736 Plfree = tp;
3737 break;
3738 }
3739 }
3740 /* Back up to read next record. */
3741 break;
3742 default:
3743 console(B_TRUE, "Bad message on initpipe\n");
3744 break;
3745 }
3746 }
3747 }
3748
3749
3750 static void
cleanaux()3751 cleanaux()
3752 {
3753 struct pidlist *savep, *p;
3754 pid_t pid;
3755 short status;
3756
3757 (void) sighold(SIGCLD);
3758 Gchild = 0; /* Note - Safe to do this here since no SIGCLDs */
3759 (void) sighold(SIGPOLL);
3760 savep = p = Plhead;
3761 while (p) {
3762 if (p->pl_dflag) {
3763 /*
3764 * Found an entry to delete,
3765 * remove it from list first.
3766 */
3767 pid = p->pl_pid;
3768 status = p->pl_exit;
3769 if (p == Plhead) {
3770 Plhead = p->pl_next;
3771 p->pl_next = Plfree;
3772 Plfree = p;
3773 savep = p = Plhead;
3774 } else {
3775 savep->pl_next = p->pl_next;
3776 p->pl_next = Plfree;
3777 Plfree = p;
3778 p = savep->pl_next;
3779 }
3780 clearent(pid, status);
3781 continue;
3782 }
3783 savep = p;
3784 p = p->pl_next;
3785 }
3786 (void) sigrelse(SIGPOLL);
3787 (void) sigrelse(SIGCLD);
3788 }
3789
3790
3791 /*
3792 * /etc/inittab has more entries and we have run out of room in the proc_table
3793 * array. Double the size of proc_table to accomodate the extra entries.
3794 */
3795 static void
increase_proc_table_size()3796 increase_proc_table_size()
3797 {
3798 sigset_t block, unblock;
3799 void *ptr;
3800 size_t delta = num_proc * sizeof (struct PROC_TABLE);
3801
3802
3803 /*
3804 * Block signals for realloc.
3805 */
3806 (void) sigfillset(&block);
3807 (void) sigprocmask(SIG_BLOCK, &block, &unblock);
3808
3809
3810 /*
3811 * On failure we just return because callers of this function check
3812 * for failure.
3813 */
3814 do
3815 ptr = realloc(g_state, g_state_sz + delta);
3816 while (ptr == NULL && errno == EAGAIN)
3817 ;
3818
3819 if (ptr != NULL) {
3820 /* ensure that the new part is initialized to zero */
3821 bzero((caddr_t)ptr + g_state_sz, delta);
3822
3823 g_state = ptr;
3824 g_state_sz += delta;
3825 num_proc <<= 1;
3826 }
3827
3828
3829 /* unblock our signals before returning */
3830 (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
3831 }
3832
3833
3834
3835 /*
3836 * Sanity check g_state.
3837 */
3838 static int
st_sane()3839 st_sane()
3840 {
3841 int i;
3842 struct PROC_TABLE *ptp;
3843
3844
3845 /* Note: cur_state is encoded as a signal number */
3846 if (cur_state < 1 || cur_state == 9 || cur_state > 13)
3847 return (0);
3848
3849 /* Check num_proc */
3850 if (g_state_sz != sizeof (struct init_state) + (num_proc - 1) *
3851 sizeof (struct PROC_TABLE))
3852 return (0);
3853
3854 /* Check proc_table */
3855 for (i = 0, ptp = proc_table; i < num_proc; ++i, ++ptp) {
3856 /* skip unoccupied entries */
3857 if (!(ptp->p_flags & OCCUPIED))
3858 continue;
3859
3860 /* p_flags has no bits outside of PF_MASK */
3861 if (ptp->p_flags & ~(PF_MASK))
3862 return (0);
3863
3864 /* 5 <= pid <= MAXPID */
3865 if (ptp->p_pid < 5 || ptp->p_pid > MAXPID)
3866 return (0);
3867
3868 /* p_count >= 0 */
3869 if (ptp->p_count < 0)
3870 return (0);
3871
3872 /* p_time >= 0 */
3873 if (ptp->p_time < 0)
3874 return (0);
3875 }
3876
3877 return (1);
3878 }
3879
3880 /*
3881 * Initialize our state.
3882 *
3883 * If the system just booted, then init_state_file, which is located on an
3884 * everpresent tmpfs filesystem, should not exist.
3885 *
3886 * If we were restarted, then init_state_file should exist, in
3887 * which case we'll read it in, sanity check it, and use it.
3888 *
3889 * Note: You can't call console() until proc_table is ready.
3890 */
3891 void
st_init()3892 st_init()
3893 {
3894 struct stat stb;
3895 int ret, st_fd, insane = 0;
3896 size_t to_be_read;
3897 char *ptr;
3898
3899
3900 booting = 1;
3901
3902 do {
3903 /*
3904 * If we can exclusively create the file, then we're the
3905 * initial invocation of init(1M).
3906 */
3907 st_fd = open(init_state_file, O_RDWR | O_CREAT | O_EXCL,
3908 S_IRUSR | S_IWUSR);
3909 } while (st_fd == -1 && errno == EINTR);
3910 if (st_fd != -1)
3911 goto new_state;
3912
3913 booting = 0;
3914
3915 do {
3916 st_fd = open(init_state_file, O_RDWR, S_IRUSR | S_IWUSR);
3917 } while (st_fd == -1 && errno == EINTR);
3918 if (st_fd == -1)
3919 goto new_state;
3920
3921 /* Get the size of the file. */
3922 do
3923 ret = fstat(st_fd, &stb);
3924 while (ret == -1 && errno == EINTR)
3925 ;
3926 if (ret == -1)
3927 goto new_state;
3928
3929 do
3930 g_state = malloc(stb.st_size);
3931 while (g_state == NULL && errno == EAGAIN)
3932 ;
3933 if (g_state == NULL)
3934 goto new_state;
3935
3936 to_be_read = stb.st_size;
3937 ptr = (char *)g_state;
3938 while (to_be_read > 0) {
3939 ssize_t read_ret;
3940
3941 read_ret = read(st_fd, ptr, to_be_read);
3942 if (read_ret < 0) {
3943 if (errno == EINTR)
3944 continue;
3945
3946 goto new_state;
3947 }
3948
3949 to_be_read -= read_ret;
3950 ptr += read_ret;
3951 }
3952
3953 (void) close(st_fd);
3954
3955 g_state_sz = stb.st_size;
3956
3957 if (st_sane()) {
3958 console(B_TRUE, "Restarting.\n");
3959 return;
3960 }
3961
3962 insane = 1;
3963
3964 new_state:
3965 if (st_fd >= 0)
3966 (void) close(st_fd);
3967 else
3968 (void) unlink(init_state_file);
3969
3970 if (g_state != NULL)
3971 free(g_state);
3972
3973 /* Something went wrong, so allocate new state. */
3974 g_state_sz = sizeof (struct init_state) +
3975 ((init_num_proc - 1) * sizeof (struct PROC_TABLE));
3976 do
3977 g_state = calloc(1, g_state_sz);
3978 while (g_state == NULL && errno == EAGAIN)
3979 ;
3980 if (g_state == NULL) {
3981 /* Fatal error! */
3982 exit(errno);
3983 }
3984
3985 g_state->ist_runlevel = -1;
3986 num_proc = init_num_proc;
3987
3988 if (!booting) {
3989 console(B_TRUE, "Restarting.\n");
3990
3991 /* Overwrite the bad state file. */
3992 st_write();
3993
3994 if (!insane) {
3995 console(B_TRUE,
3996 "Error accessing persistent state file `%s'. "
3997 "Ignored.\n", init_state_file);
3998 } else {
3999 console(B_TRUE,
4000 "Persistent state file `%s' is invalid and was "
4001 "ignored.\n", init_state_file);
4002 }
4003 }
4004 }
4005
4006 /*
4007 * Write g_state out to the state file.
4008 */
4009 void
st_write()4010 st_write()
4011 {
4012 static int complained = 0;
4013
4014 int st_fd;
4015 char *cp;
4016 size_t sz;
4017 ssize_t ret;
4018
4019
4020 do {
4021 st_fd = open(init_next_state_file,
4022 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
4023 } while (st_fd < 0 && errno == EINTR);
4024 if (st_fd < 0)
4025 goto err;
4026
4027 cp = (char *)g_state;
4028 sz = g_state_sz;
4029 while (sz > 0) {
4030 ret = write(st_fd, cp, sz);
4031 if (ret < 0) {
4032 if (errno == EINTR)
4033 continue;
4034
4035 goto err;
4036 }
4037
4038 sz -= ret;
4039 cp += ret;
4040 }
4041
4042 (void) close(st_fd);
4043 st_fd = -1;
4044 if (rename(init_next_state_file, init_state_file)) {
4045 (void) unlink(init_next_state_file);
4046 goto err;
4047 }
4048 complained = 0;
4049
4050 return;
4051
4052 err:
4053 if (st_fd >= 0)
4054 (void) close(st_fd);
4055
4056 if (!booting && !complained) {
4057 /*
4058 * Only complain after the filesystem should have come up.
4059 * And only do it once so we don't loop between console()
4060 * & efork().
4061 */
4062 complained = 1;
4063 if (st_fd)
4064 console(B_TRUE, "Couldn't write persistent state "
4065 "file `%s'.\n", init_state_file);
4066 else
4067 console(B_TRUE, "Couldn't move persistent state "
4068 "file `%s' to `%s'.\n", init_next_state_file,
4069 init_state_file);
4070 }
4071 }
4072
4073 /*
4074 * Create a contract with these parameters.
4075 */
4076 static int
contract_make_template(uint_t info,uint_t critical,uint_t fatal,uint64_t cookie)4077 contract_make_template(uint_t info, uint_t critical, uint_t fatal,
4078 uint64_t cookie)
4079 {
4080 int fd, err;
4081
4082 char *ioctl_tset_emsg =
4083 "Couldn't set \"%s\" contract template parameter: %s.\n";
4084
4085 do
4086 fd = open64(CTFS_ROOT "/process/template", O_RDWR);
4087 while (fd < 0 && errno == EINTR)
4088 ;
4089 if (fd < 0) {
4090 console(B_TRUE, "Couldn't create process template: %s.\n",
4091 strerror(errno));
4092 return (-1);
4093 }
4094
4095 if (err = ct_pr_tmpl_set_param(fd, CT_PR_INHERIT | CT_PR_REGENT))
4096 console(B_TRUE, "Contract set template inherit, regent "
4097 "failed: %s.\n", strerror(err));
4098
4099 /*
4100 * These errors result in a misconfigured template, which is better
4101 * than no template at all, so warn but don't abort.
4102 */
4103 if (err = ct_tmpl_set_informative(fd, info))
4104 console(B_TRUE, ioctl_tset_emsg, "informative", strerror(err));
4105
4106 if (err = ct_tmpl_set_critical(fd, critical))
4107 console(B_TRUE, ioctl_tset_emsg, "critical", strerror(err));
4108
4109 if (err = ct_pr_tmpl_set_fatal(fd, fatal))
4110 console(B_TRUE, ioctl_tset_emsg, "fatal", strerror(err));
4111
4112 if (err = ct_tmpl_set_cookie(fd, cookie))
4113 console(B_TRUE, ioctl_tset_emsg, "cookie", strerror(err));
4114
4115 (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
4116
4117 return (fd);
4118 }
4119
4120 /*
4121 * Create the templates and open an event file descriptor. We use dup2(2) to
4122 * get these descriptors away from the stdin/stdout/stderr group.
4123 */
4124 static void
contracts_init()4125 contracts_init()
4126 {
4127 int err, fd;
4128
4129 /*
4130 * Create & configure a legacy template. We only want empty events so
4131 * we know when to abandon them.
4132 */
4133 legacy_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, CT_PR_EV_HWERR,
4134 ORDINARY_COOKIE);
4135 if (legacy_tmpl >= 0) {
4136 err = ct_tmpl_activate(legacy_tmpl);
4137 if (err != 0) {
4138 (void) close(legacy_tmpl);
4139 legacy_tmpl = -1;
4140 console(B_TRUE,
4141 "Couldn't activate legacy template (%s); "
4142 "legacy services will be in init's contract.\n",
4143 strerror(err));
4144 }
4145 } else
4146 console(B_TRUE,
4147 "Legacy services will be in init's contract.\n");
4148
4149 if (dup2(legacy_tmpl, 255) == -1) {
4150 console(B_TRUE, "Could not duplicate legacy template: %s.\n",
4151 strerror(errno));
4152 } else {
4153 (void) close(legacy_tmpl);
4154 legacy_tmpl = 255;
4155 }
4156
4157 (void) fcntl(legacy_tmpl, F_SETFD, FD_CLOEXEC);
4158
4159 startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY,
4160 CT_PR_EV_HWERR | CT_PR_EV_SIGNAL | CT_PR_EV_CORE, STARTD_COOKIE);
4161
4162 if (dup2(startd_tmpl, 254) == -1) {
4163 console(B_TRUE, "Could not duplicate startd template: %s.\n",
4164 strerror(errno));
4165 } else {
4166 (void) close(startd_tmpl);
4167 startd_tmpl = 254;
4168 }
4169
4170 (void) fcntl(startd_tmpl, F_SETFD, FD_CLOEXEC);
4171
4172 if (legacy_tmpl < 0 && startd_tmpl < 0) {
4173 /* The creation errors have already been reported. */
4174 console(B_TRUE,
4175 "Ignoring contract events. Core smf(5) services will not "
4176 "be restarted.\n");
4177 return;
4178 }
4179
4180 /*
4181 * Open an event endpoint.
4182 */
4183 do
4184 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY);
4185 while (fd < 0 && errno == EINTR)
4186 ;
4187 if (fd < 0) {
4188 console(B_TRUE,
4189 "Couldn't open process pbundle: %s. Core smf(5) services "
4190 "will not be restarted.\n", strerror(errno));
4191 return;
4192 }
4193
4194 if (dup2(fd, 253) == -1) {
4195 console(B_TRUE, "Could not duplicate process bundle: %s.\n",
4196 strerror(errno));
4197 } else {
4198 (void) close(fd);
4199 fd = 253;
4200 }
4201
4202 (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
4203
4204 /* Reset in case we've been restarted. */
4205 (void) ct_event_reset(fd);
4206
4207 poll_fds[0].fd = fd;
4208 poll_fds[0].events = POLLIN;
4209 poll_nfds = 1;
4210 }
4211
4212 static int
contract_getfile(ctid_t id,const char * name,int oflag)4213 contract_getfile(ctid_t id, const char *name, int oflag)
4214 {
4215 int fd;
4216
4217 do
4218 fd = contract_open(id, "process", name, oflag);
4219 while (fd < 0 && errno == EINTR)
4220 ;
4221
4222 if (fd < 0)
4223 console(B_TRUE, "Couldn't open %s for contract %ld: %s.\n",
4224 name, id, strerror(errno));
4225
4226 return (fd);
4227 }
4228
4229 static int
contract_cookie(ctid_t id,uint64_t * cp)4230 contract_cookie(ctid_t id, uint64_t *cp)
4231 {
4232 int fd, err;
4233 ct_stathdl_t sh;
4234
4235 fd = contract_getfile(id, "status", O_RDONLY);
4236 if (fd < 0)
4237 return (-1);
4238
4239 err = ct_status_read(fd, CTD_COMMON, &sh);
4240 if (err != 0) {
4241 console(B_TRUE, "Couldn't read status of contract %ld: %s.\n",
4242 id, strerror(err));
4243 (void) close(fd);
4244 return (-1);
4245 }
4246
4247 (void) close(fd);
4248
4249 *cp = ct_status_get_cookie(sh);
4250
4251 ct_status_free(sh);
4252 return (0);
4253 }
4254
4255 static void
contract_ack(ct_evthdl_t e)4256 contract_ack(ct_evthdl_t e)
4257 {
4258 int fd;
4259
4260 if (ct_event_get_flags(e) & CTE_INFO)
4261 return;
4262
4263 fd = contract_getfile(ct_event_get_ctid(e), "ctl", O_WRONLY);
4264 if (fd < 0)
4265 return;
4266
4267 (void) ct_ctl_ack(fd, ct_event_get_evid(e));
4268 (void) close(fd);
4269 }
4270
4271 /*
4272 * Process a contract event.
4273 */
4274 static void
contract_event(struct pollfd * poll)4275 contract_event(struct pollfd *poll)
4276 {
4277 ct_evthdl_t e;
4278 int err;
4279 ctid_t ctid;
4280
4281 if (!(poll->revents & POLLIN)) {
4282 if (poll->revents & POLLERR)
4283 console(B_TRUE,
4284 "Unknown poll error on my process contract "
4285 "pbundle.\n");
4286 return;
4287 }
4288
4289 err = ct_event_read(poll->fd, &e);
4290 if (err != 0) {
4291 console(B_TRUE, "Error retrieving contract event: %s.\n",
4292 strerror(err));
4293 return;
4294 }
4295
4296 ctid = ct_event_get_ctid(e);
4297
4298 if (ct_event_get_type(e) == CT_PR_EV_EMPTY) {
4299 uint64_t cookie;
4300 int ret, abandon = 1;
4301
4302 /* If it's svc.startd, restart it. Else, abandon. */
4303 ret = contract_cookie(ctid, &cookie);
4304
4305 if (ret == 0) {
4306 if (cookie == STARTD_COOKIE &&
4307 do_restart_startd) {
4308 if (smf_debug)
4309 console(B_TRUE, "Restarting "
4310 "svc.startd.\n");
4311
4312 /*
4313 * Account for the failure. If the failure rate
4314 * exceeds a threshold, then drop to maintenance
4315 * mode.
4316 */
4317 startd_record_failure();
4318 if (startd_failure_rate_critical())
4319 enter_maintenance();
4320
4321 if (startd_tmpl < 0)
4322 console(B_TRUE,
4323 "Restarting svc.startd in "
4324 "improper contract (bad "
4325 "template).\n");
4326
4327 (void) startd_run(startd_cline, startd_tmpl,
4328 ctid);
4329
4330 abandon = 0;
4331 }
4332 }
4333
4334 if (abandon && (err = contract_abandon_id(ctid))) {
4335 console(B_TRUE, "Couldn't abandon contract %ld: %s.\n",
4336 ctid, strerror(err));
4337 }
4338
4339 /*
4340 * No need to acknowledge the event since either way the
4341 * originating contract should be abandoned.
4342 */
4343 } else {
4344 console(B_TRUE,
4345 "Received contract event of unexpected type %d from "
4346 "contract %ld.\n", ct_event_get_type(e), ctid);
4347
4348 if ((ct_event_get_flags(e) & (CTE_INFO | CTE_ACK)) == 0)
4349 /* Allow unexpected critical events to be released. */
4350 contract_ack(e);
4351 }
4352
4353 ct_event_free(e);
4354 }
4355
4356 /*
4357 * svc.startd(1M) Management
4358 */
4359
4360 /*
4361 * (Re)start svc.startd(1M). old_ctid should be the contract ID of the old
4362 * contract, or 0 if we're starting it for the first time. If wait is true
4363 * we'll wait for and return the exit value of the child.
4364 */
4365 static int
startd_run(const char * cline,int tmpl,ctid_t old_ctid)4366 startd_run(const char *cline, int tmpl, ctid_t old_ctid)
4367 {
4368 int err, i, ret, did_activate;
4369 pid_t pid;
4370 struct stat sb;
4371
4372 if (cline[0] == '\0')
4373 return (-1);
4374
4375 /*
4376 * Don't restart startd if the system is rebooting or shutting down.
4377 */
4378 do {
4379 ret = stat("/etc/svc/volatile/resetting", &sb);
4380 } while (ret == -1 && errno == EINTR);
4381
4382 if (ret == 0) {
4383 if (smf_debug)
4384 console(B_TRUE, "Quiescing for reboot.\n");
4385 (void) pause();
4386 return (-1);
4387 }
4388
4389 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid);
4390 if (err == EINVAL) {
4391 console(B_TRUE, "Remake startd_tmpl; reattempt transfer.\n");
4392 tmpl = startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY,
4393 CT_PR_EV_HWERR, STARTD_COOKIE);
4394
4395 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid);
4396 }
4397 if (err != 0) {
4398 console(B_TRUE,
4399 "Couldn't set transfer parameter of contract template: "
4400 "%s.\n", strerror(err));
4401 }
4402
4403 if ((err = ct_pr_tmpl_set_svc_fmri(startd_tmpl,
4404 SCF_SERVICE_STARTD)) != 0)
4405 console(B_TRUE,
4406 "Can not set svc_fmri in contract template: %s\n",
4407 strerror(err));
4408 if ((err = ct_pr_tmpl_set_svc_aux(startd_tmpl,
4409 startd_svc_aux)) != 0)
4410 console(B_TRUE,
4411 "Can not set svc_aux in contract template: %s\n",
4412 strerror(err));
4413 did_activate = !(ct_tmpl_activate(tmpl));
4414 if (!did_activate)
4415 console(B_TRUE,
4416 "Template activation failed; not starting \"%s\" in "
4417 "proper contract.\n", cline);
4418
4419 /* Hold SIGCLD so we can wait if necessary. */
4420 (void) sighold(SIGCLD);
4421
4422 while ((pid = fork()) < 0) {
4423 if (errno == EPERM) {
4424 console(B_TRUE, "Insufficient permission to fork.\n");
4425
4426 /* Now that's a doozy. */
4427 exit(1);
4428 }
4429
4430 console(B_TRUE,
4431 "fork() for svc.startd failed: %s. Will retry in 1 "
4432 "second...\n", strerror(errno));
4433
4434 (void) sleep(1);
4435
4436 /* Eventually give up? */
4437 }
4438
4439 if (pid == 0) {
4440 /* child */
4441
4442 /* See the comment in efork() */
4443 for (i = SIGHUP; i <= SIGRTMAX; ++i) {
4444 if (i == SIGTTOU || i == SIGTTIN || i == SIGTSTP)
4445 (void) sigset(i, SIG_IGN);
4446 else
4447 (void) sigset(i, SIG_DFL);
4448 }
4449
4450 if (smf_options != NULL) {
4451 /* Put smf_options in the environment. */
4452 glob_envp[glob_envn] =
4453 malloc(sizeof ("SMF_OPTIONS=") - 1 +
4454 strlen(smf_options) + 1);
4455
4456 if (glob_envp[glob_envn] != NULL) {
4457 /* LINTED */
4458 (void) sprintf(glob_envp[glob_envn],
4459 "SMF_OPTIONS=%s", smf_options);
4460 glob_envp[glob_envn+1] = NULL;
4461 } else {
4462 console(B_TRUE,
4463 "Could not set SMF_OPTIONS (%s).\n",
4464 strerror(errno));
4465 }
4466 }
4467
4468 if (smf_debug)
4469 console(B_TRUE, "Executing svc.startd\n");
4470
4471 (void) execle(SH, "INITSH", "-c", cline, NULL, glob_envp);
4472
4473 console(B_TRUE, "Could not exec \"%s\" (%s).\n", SH,
4474 strerror(errno));
4475
4476 exit(1);
4477 }
4478
4479 /* parent */
4480
4481 if (did_activate) {
4482 if (legacy_tmpl < 0 || ct_tmpl_activate(legacy_tmpl) != 0)
4483 (void) ct_tmpl_clear(tmpl);
4484 }
4485
4486 /* Clear the old_ctid reference so the kernel can reclaim it. */
4487 if (old_ctid != 0)
4488 (void) ct_pr_tmpl_set_transfer(tmpl, 0);
4489
4490 (void) sigrelse(SIGCLD);
4491
4492 return (0);
4493 }
4494
4495 /*
4496 * void startd_record_failure(void)
4497 * Place the current time in our circular array of svc.startd failures.
4498 */
4499 void
startd_record_failure()4500 startd_record_failure()
4501 {
4502 int index = startd_failure_index++ % NSTARTD_FAILURE_TIMES;
4503
4504 startd_failure_time[index] = gethrtime();
4505 }
4506
4507 /*
4508 * int startd_failure_rate_critical(void)
4509 * Return true if the average failure interval is less than the permitted
4510 * interval. Implicit success if insufficient measurements for an average
4511 * exist.
4512 */
4513 int
startd_failure_rate_critical()4514 startd_failure_rate_critical()
4515 {
4516 int n = startd_failure_index;
4517 hrtime_t avg_ns = 0;
4518
4519 if (startd_failure_index < NSTARTD_FAILURE_TIMES)
4520 return (0);
4521
4522 avg_ns =
4523 (startd_failure_time[(n - 1) % NSTARTD_FAILURE_TIMES] -
4524 startd_failure_time[n % NSTARTD_FAILURE_TIMES]) /
4525 NSTARTD_FAILURE_TIMES;
4526
4527 return (avg_ns < STARTD_FAILURE_RATE_NS);
4528 }
4529
4530 /*
4531 * returns string that must be free'd
4532 */
4533
4534 static char
audit_boot_msg()4535 *audit_boot_msg()
4536 {
4537 char *b, *p;
4538 char desc[] = "booted";
4539 zoneid_t zid = getzoneid();
4540
4541 b = malloc(sizeof (desc) + MAXNAMELEN + 3);
4542 if (b == NULL)
4543 return (b);
4544
4545 p = b;
4546 p += strlcpy(p, desc, sizeof (desc));
4547 if (zid != GLOBAL_ZONEID) {
4548 p += strlcpy(p, ": ", 3);
4549 (void) getzonenamebyid(zid, p, MAXNAMELEN);
4550 }
4551 return (b);
4552 }
4553
4554 /*
4555 * Generate AUE_init_solaris audit record. Return 1 if
4556 * auditing is enabled in case the caller cares.
4557 *
4558 * In the case of userint() or a local zone invocation of
4559 * one_true_init, the process initially contains the audit
4560 * characteristics of the process that invoked init. The first pass
4561 * through here uses those characteristics then for the case of
4562 * one_true_init in a local zone, clears them so subsequent system
4563 * state changes won't be attributed to the person who booted the
4564 * zone.
4565 */
4566 static int
audit_put_record(int pass_fail,int status,char * msg)4567 audit_put_record(int pass_fail, int status, char *msg)
4568 {
4569 adt_session_data_t *ah;
4570 adt_event_data_t *event;
4571
4572 if (!adt_audit_enabled())
4573 return (0);
4574
4575 /*
4576 * the PROC_DATA picks up the context to tell whether this is
4577 * an attributed record (auid = -2 is unattributed)
4578 */
4579 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
4580 console(B_TRUE, "audit failure: %s\n", strerror(errno));
4581 return (1);
4582 }
4583 event = adt_alloc_event(ah, ADT_init_solaris);
4584 if (event == NULL) {
4585 console(B_TRUE, "audit failure: %s\n", strerror(errno));
4586 (void) adt_end_session(ah);
4587 return (1);
4588 }
4589 event->adt_init_solaris.info = msg; /* NULL is ok here */
4590
4591 if (adt_put_event(event, pass_fail, status)) {
4592 console(B_TRUE, "audit failure: %s\n", strerror(errno));
4593 (void) adt_end_session(ah);
4594 return (1);
4595 }
4596 adt_free_event(event);
4597
4598 (void) adt_end_session(ah);
4599
4600 return (1);
4601 }
4602