1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * University Copyright- Copyright (c) 1982, 1986, 1988 32 * The Regents of the University of California 33 * All Rights Reserved 34 * 35 * University Acknowledgment- Portions of this document are derived from 36 * software developed by the University of California, Berkeley, and its 37 * contributors. 38 */ 39 40 /* 41 * init(1M) is the general process spawning program. Its primary job is to 42 * start and restart svc.startd for smf(5). For backwards-compatibility it also 43 * spawns and respawns processes according to /etc/inittab and the current 44 * run-level. It reads /etc/default/inittab for general configuration. 45 * 46 * To change run-levels the system administrator runs init from the command 47 * line with a level name. init signals svc.startd via libscf and directs the 48 * zone's init (pid 1 in the global zone) what to do by sending it a signal; 49 * these signal numbers are commonly refered to in the code as 'states'. Valid 50 * run-levels are [sS0123456]. Additionally, init can be given directives 51 * [qQabc], which indicate actions to be taken pertaining to /etc/inittab. 52 * 53 * When init processes inittab entries, it finds processes that are to be 54 * spawned at various run-levels. inittab contains the set of the levels for 55 * which each inittab entry is valid. 56 * 57 * State File and Restartability 58 * Premature exit by init(1M) is handled as a special case by the kernel: 59 * init(1M) will be immediately re-executed, retaining its original PID. (PID 60 * 1 in the global zone.) To track the processes it has previously spawned, 61 * as well as other mutable state, init(1M) regularly updates a state file 62 * such that its subsequent invocations have knowledge of its various 63 * dependent processes and duties. 64 * 65 * Process Contracts 66 * We start svc.startd(1M) in a contract and transfer inherited contracts when 67 * restarting it. Everything else is started using the legacy contract 68 * template, and the created contracts are abandoned when they become empty. 69 * 70 * utmpx Entry Handling 71 * Because init(1M) no longer governs the startup process, its knowledge of 72 * when utmpx becomes writable is indirect. However, spawned processes 73 * expect to be constructed with valid utmpx entries. As a result, attempts 74 * to write normal entries will be retried until successful. 75 * 76 * Maintenance Mode 77 * In certain failure scenarios, init(1M) will enter a maintenance mode, in 78 * which it invokes sulogin(1M) to allow the operator an opportunity to 79 * repair the system. Normally, this operation is performed as a 80 * fork(2)-exec(2)-waitpid(3C) sequence with the parent waiting for repair or 81 * diagnosis to be completed. In the cases that fork(2) requests themselves 82 * fail, init(1M) will directly execute sulogin(1M), and allow the kernel to 83 * restart init(1M) on exit from the operator session. 84 * 85 * One scenario where init(1M) enters its maintenance mode is when 86 * svc.startd(1M) begins to fail rapidly, defined as when the average time 87 * between recent failures drops below a given threshold. 88 */ 89 90 #include <sys/contract/process.h> 91 #include <sys/ctfs.h> 92 #include <sys/stat.h> 93 #include <sys/statvfs.h> 94 #include <sys/stropts.h> 95 #include <sys/systeminfo.h> 96 #include <sys/time.h> 97 #include <sys/termios.h> 98 #include <sys/tty.h> 99 #include <sys/types.h> 100 #include <sys/utsname.h> 101 102 #include <bsm/adt_event.h> 103 #include <bsm/libbsm.h> 104 #include <security/pam_appl.h> 105 106 #include <assert.h> 107 #include <ctype.h> 108 #include <dirent.h> 109 #include <errno.h> 110 #include <fcntl.h> 111 #include <libcontract.h> 112 #include <libcontract_priv.h> 113 #include <libintl.h> 114 #include <libscf.h> 115 #include <libscf_priv.h> 116 #include <poll.h> 117 #include <procfs.h> 118 #include <signal.h> 119 #include <stdarg.h> 120 #include <stdio.h> 121 #include <stdio_ext.h> 122 #include <stdlib.h> 123 #include <string.h> 124 #include <strings.h> 125 #include <syslog.h> 126 #include <time.h> 127 #include <ulimit.h> 128 #include <unistd.h> 129 #include <utmpx.h> 130 #include <wait.h> 131 #include <zone.h> 132 #include <ucontext.h> 133 134 #undef sleep 135 136 #define fioctl(p, sptr, cmd) ioctl(fileno(p), sptr, cmd) 137 #define min(a, b) (((a) < (b)) ? (a) : (b)) 138 139 #define TRUE 1 140 #define FALSE 0 141 #define FAILURE -1 142 143 #define UT_LINE_SZ 32 /* Size of a utmpx ut_line field */ 144 145 /* 146 * SLEEPTIME The number of seconds "init" sleeps between wakeups if 147 * nothing else requires this "init" wakeup. 148 */ 149 #define SLEEPTIME (5 * 60) 150 151 /* 152 * MAXCMDL The maximum length of a command string in inittab. 153 */ 154 #define MAXCMDL 512 155 156 /* 157 * EXEC The length of the prefix string added to all comamnds 158 * found in inittab. 159 */ 160 #define EXEC (sizeof ("exec ") - 1) 161 162 /* 163 * TWARN The amount of time between warning signal, SIGTERM, 164 * and the fatal kill signal, SIGKILL. 165 */ 166 #define TWARN 5 167 168 #define id_eq(x, y) ((x[0] == y[0] && x[1] == y[1] && x[2] == y[2] &&\ 169 x[3] == y[3]) ? TRUE : FALSE) 170 171 /* 172 * The kernel's default umask is 022 these days; since some processes inherit 173 * their umask from init, init will set it from CMASK in /etc/default/init. 174 * init gets the default umask from the kernel, it sets it to 022 whenever 175 * it wants to create a file and reverts to CMASK afterwards. 176 */ 177 178 static int cmask; 179 180 /* 181 * The following definitions, concluding with the 'lvls' array, provide a 182 * common mapping between level-name (like 'S'), signal number (state), 183 * run-level mask, and specific properties associated with a run-level. 184 * This array should be accessed using the routines lvlname_to_state(), 185 * lvlname_to_mask(), state_to_mask(), and state_to_flags(). 186 */ 187 188 /* 189 * Correspondence of signals to init actions. 190 */ 191 #define LVLQ SIGHUP 192 #define LVL0 SIGINT 193 #define LVL1 SIGQUIT 194 #define LVL2 SIGILL 195 #define LVL3 SIGTRAP 196 #define LVL4 SIGIOT 197 #define LVL5 SIGEMT 198 #define LVL6 SIGFPE 199 #define SINGLE_USER SIGBUS 200 #define LVLa SIGSEGV 201 #define LVLb SIGSYS 202 #define LVLc SIGPIPE 203 204 /* 205 * Bit Mask for each level. Used to determine legal levels. 206 */ 207 #define MASK0 0x0001 208 #define MASK1 0x0002 209 #define MASK2 0x0004 210 #define MASK3 0x0008 211 #define MASK4 0x0010 212 #define MASK5 0x0020 213 #define MASK6 0x0040 214 #define MASKSU 0x0080 215 #define MASKa 0x0100 216 #define MASKb 0x0200 217 #define MASKc 0x0400 218 219 #define MASK_NUMERIC (MASK0 | MASK1 | MASK2 | MASK3 | MASK4 | MASK5 | MASK6) 220 #define MASK_abc (MASKa | MASKb | MASKc) 221 222 /* 223 * Flags to indicate properties of various states. 224 */ 225 #define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */ 226 227 typedef struct lvl { 228 int lvl_state; 229 int lvl_mask; 230 char lvl_name; 231 int lvl_flags; 232 } lvl_t; 233 234 static lvl_t lvls[] = { 235 { LVLQ, 0, 'Q', 0 }, 236 { LVLQ, 0, 'q', 0 }, 237 { LVL0, MASK0, '0', LSEL_RUNLEVEL }, 238 { LVL1, MASK1, '1', LSEL_RUNLEVEL }, 239 { LVL2, MASK2, '2', LSEL_RUNLEVEL }, 240 { LVL3, MASK3, '3', LSEL_RUNLEVEL }, 241 { LVL4, MASK4, '4', LSEL_RUNLEVEL }, 242 { LVL5, MASK5, '5', LSEL_RUNLEVEL }, 243 { LVL6, MASK6, '6', LSEL_RUNLEVEL }, 244 { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL }, 245 { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL }, 246 { LVLa, MASKa, 'a', 0 }, 247 { LVLb, MASKb, 'b', 0 }, 248 { LVLc, MASKc, 'c', 0 } 249 }; 250 251 #define LVL_NELEMS (sizeof (lvls) / sizeof (lvl_t)) 252 253 /* 254 * Legal action field values. 255 */ 256 #define OFF 0 /* Kill process if on, else ignore */ 257 #define RESPAWN 1 /* Continuously restart process when it dies */ 258 #define ONDEMAND RESPAWN /* Respawn for a, b, c type processes */ 259 #define ONCE 2 /* Start process, do not respawn when dead */ 260 #define WAIT 3 /* Perform once and wait to complete */ 261 #define BOOT 4 /* Start at boot time only */ 262 #define BOOTWAIT 5 /* Start at boot time and wait to complete */ 263 #define POWERFAIL 6 /* Start on powerfail */ 264 #define POWERWAIT 7 /* Start and wait for complete on powerfail */ 265 #define INITDEFAULT 8 /* Default level "init" should start at */ 266 #define SYSINIT 9 /* Actions performed before init speaks */ 267 268 #define M_OFF 0001 269 #define M_RESPAWN 0002 270 #define M_ONDEMAND M_RESPAWN 271 #define M_ONCE 0004 272 #define M_WAIT 0010 273 #define M_BOOT 0020 274 #define M_BOOTWAIT 0040 275 #define M_PF 0100 276 #define M_PWAIT 0200 277 #define M_INITDEFAULT 0400 278 #define M_SYSINIT 01000 279 280 /* States for the inittab parser in getcmd(). */ 281 #define ID 1 282 #define LEVELS 2 283 #define ACTION 3 284 #define COMMAND 4 285 #define COMMENT 5 286 287 /* 288 * inittab entry id constants 289 */ 290 #define INITTAB_ENTRY_ID_SIZE 4 291 #define INITTAB_ENTRY_ID_STR_FORMAT "%.4s" /* if INITTAB_ENTRY_ID_SIZE */ 292 /* changes, this should */ 293 /* change accordingly */ 294 295 /* 296 * Init can be in any of three main states, "normal" mode where it is 297 * processing entries for the lines file in a normal fashion, "boot" mode, 298 * where it is only interested in the boot actions, and "powerfail" mode, 299 * where it is only interested in powerfail related actions. The following 300 * masks declare the legal actions for each mode. 301 */ 302 #define NORMAL_MODES (M_OFF | M_RESPAWN | M_ONCE | M_WAIT) 303 #define BOOT_MODES (M_BOOT | M_BOOTWAIT) 304 #define PF_MODES (M_PF | M_PWAIT) 305 306 struct PROC_TABLE { 307 char p_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */ 308 /* process */ 309 pid_t p_pid; /* Process id */ 310 short p_count; /* How many respawns of this command in */ 311 /* the current series */ 312 long p_time; /* Start time for a series of respawns */ 313 short p_flags; 314 short p_exit; /* Exit status of a process which died */ 315 }; 316 317 /* 318 * Flags for the "p_flags" word of a PROC_TABLE entry: 319 * 320 * OCCUPIED This slot in init's proc table is in use. 321 * 322 * LIVING Process is alive. 323 * 324 * NOCLEANUP efork() is not allowed to cleanup this entry even 325 * if process is dead. 326 * 327 * NAMED This process has a name, i.e. came from inittab. 328 * 329 * DEMANDREQUEST Process started by a "telinit [abc]" command. Processes 330 * formed this way are respawnable and immune to level 331 * changes as long as their entry exists in inittab. 332 * 333 * TOUCHED Flag used by remv() to determine whether it has looked 334 * at an entry while checking for processes to be killed. 335 * 336 * WARNED Flag used by remv() to mark processes that have been 337 * sent the SIGTERM signal. If they don't die in 5 338 * seconds, they are sent the SIGKILL signal. 339 * 340 * KILLED Flag used by remv() to mark procs that have been sent 341 * the SIGTERM and SIGKILL signals. 342 * 343 * PF_MASK Bitwise or of legal flags, for sanity checking. 344 */ 345 #define OCCUPIED 01 346 #define LIVING 02 347 #define NOCLEANUP 04 348 #define NAMED 010 349 #define DEMANDREQUEST 020 350 #define TOUCHED 040 351 #define WARNED 0100 352 #define KILLED 0200 353 #define PF_MASK 0377 354 355 /* 356 * Respawn limits for processes that are to be respawned: 357 * 358 * SPAWN_INTERVAL The number of seconds over which "init" will try to 359 * respawn a process SPAWN_LIMIT times before it gets mad. 360 * 361 * SPAWN_LIMIT The number of respawns "init" will attempt in 362 * SPAWN_INTERVAL seconds before it generates an 363 * error message and inhibits further tries for 364 * INHIBIT seconds. 365 * 366 * INHIBIT The number of seconds "init" ignores an entry it had 367 * trouble spawning unless a "telinit Q" is received. 368 */ 369 370 #define SPAWN_INTERVAL (2*60) 371 #define SPAWN_LIMIT 10 372 #define INHIBIT (5*60) 373 374 /* 375 * The maximum number of decimal digits for an id_t. (ceil(log10 (max_id))) 376 */ 377 #define ID_MAX_STR_LEN 10 378 379 #define NULLPROC ((struct PROC_TABLE *)(0)) 380 #define NO_ROOM ((struct PROC_TABLE *)(FAILURE)) 381 382 struct CMD_LINE { 383 char c_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */ 384 /* process to be affected by */ 385 /* action */ 386 short c_levels; /* Mask of legal levels for process */ 387 short c_action; /* Mask for type of action required */ 388 char *c_command; /* Pointer to init command */ 389 }; 390 391 struct pidrec { 392 int pd_type; /* Command type */ 393 pid_t pd_pid; /* pid to add or remove */ 394 }; 395 396 /* 397 * pd_type's 398 */ 399 #define ADDPID 1 400 #define REMPID 2 401 402 static struct pidlist { 403 pid_t pl_pid; /* pid to watch for */ 404 int pl_dflag; /* Flag indicating SIGCLD from this pid */ 405 short pl_exit; /* Exit status of proc */ 406 struct pidlist *pl_next; /* Next in list */ 407 } *Plhead, *Plfree; 408 409 /* 410 * The following structure contains a set of modes for /dev/syscon 411 * and should match the default contents of /etc/ioctl.syscon. 412 */ 413 static struct termios dflt_termios = { 414 BRKINT|ICRNL|IXON|IMAXBEL, /* iflag */ 415 OPOST|ONLCR|TAB3, /* oflag */ 416 CS8|CREAD|B9600, /* cflag */ 417 ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN, /* lflag */ 418 CINTR, CQUIT, CERASE, CKILL, CEOF, 0, 0, 0, 419 0, 0, 0, 0, 0, 0, 0, 0, 420 0, 0, 0 421 }; 422 423 static struct termios stored_syscon_termios; 424 static int write_ioctl = 0; /* Rewrite /etc/ioctl.syscon */ 425 426 static union WAKEUP { 427 struct WAKEFLAGS { 428 unsigned w_usersignal : 1; /* User sent signal to "init" */ 429 unsigned w_childdeath : 1; /* An "init" child died */ 430 unsigned w_powerhit : 1; /* OS experienced powerfail */ 431 } w_flags; 432 int w_mask; 433 } wakeup; 434 435 436 struct init_state { 437 int ist_runlevel; 438 int ist_num_proc; 439 int ist_utmpx_ok; 440 struct PROC_TABLE ist_proc_table[1]; 441 }; 442 443 #define cur_state (g_state->ist_runlevel) 444 #define num_proc (g_state->ist_num_proc) 445 #define proc_table (g_state->ist_proc_table) 446 #define utmpx_ok (g_state->ist_utmpx_ok) 447 448 /* Contract cookies. */ 449 #define ORDINARY_COOKIE 0 450 #define STARTD_COOKIE 1 451 452 453 #ifndef NDEBUG 454 #define bad_error(func, err) { \ 455 (void) fprintf(stderr, "%s:%d: %s() failed with unexpected " \ 456 "error %d. Aborting.\n", __FILE__, __LINE__, (func), (err)); \ 457 abort(); \ 458 } 459 #else 460 #define bad_error(func, err) abort() 461 #endif 462 463 464 /* 465 * Useful file and device names. 466 */ 467 static char *CONSOLE = "/dev/console"; /* Real system console */ 468 static char *INITPIPE_DIR = "/var/run"; 469 static char *INITPIPE = "/var/run/initpipe"; 470 471 #define INIT_STATE_DIR "/etc/svc/volatile" 472 static const char * const init_state_file = INIT_STATE_DIR "/init.state"; 473 static const char * const init_next_state_file = 474 INIT_STATE_DIR "/init-next.state"; 475 476 static const int init_num_proc = 20; /* Initial size of process table. */ 477 478 static char *UTMPX = UTMPX_FILE; /* Snapshot record file */ 479 static char *WTMPX = WTMPX_FILE; /* Long term record file */ 480 static char *INITTAB = "/etc/inittab"; /* Script file for "init" */ 481 static char *SYSTTY = "/dev/systty"; /* System Console */ 482 static char *SYSCON = "/dev/syscon"; /* Virtual System console */ 483 static char *IOCTLSYSCON = "/etc/ioctl.syscon"; /* Last syscon modes */ 484 static char *ENVFILE = "/etc/default/init"; /* Default env. */ 485 static char *SU = "/etc/sulogin"; /* Super-user program for single user */ 486 static char *SH = "/sbin/sh"; /* Standard shell */ 487 488 /* 489 * Default Path. /sbin is included in path only during sysinit phase 490 */ 491 #define DEF_PATH "PATH=/usr/sbin:/usr/bin" 492 #define INIT_PATH "PATH=/sbin:/usr/sbin:/usr/bin" 493 494 static int prior_state; 495 static int prev_state; /* State "init" was in last time it woke */ 496 static int new_state; /* State user wants "init" to go to. */ 497 static int lvlq_received; /* Explicit request to examine state */ 498 static int op_modes = BOOT_MODES; /* Current state of "init" */ 499 static int Gchild = 0; /* Flag to indicate "godchild" died, set in */ 500 /* childeath() and cleared in cleanaux() */ 501 static int Pfd = -1; /* fd to receive pids thru */ 502 static unsigned int spawncnt, pausecnt; 503 static int rsflag; /* Set if a respawn has taken place */ 504 static volatile int time_up; /* Flag set to TRUE by the alarm interrupt */ 505 /* routine each time an alarm interrupt */ 506 /* takes place. */ 507 static int sflg = 0; /* Set if we were booted -s to single user */ 508 static int rflg = 0; /* Set if booted -r, reconfigure devices */ 509 static int bflg = 0; /* Set if booted -b, don't run rc scripts */ 510 static pid_t init_pid; /* PID of "one true" init for current zone */ 511 512 static struct init_state *g_state = NULL; 513 static size_t g_state_sz; 514 static int booting = 1; /* Set while we're booting. */ 515 516 /* 517 * Array for default global environment. 518 */ 519 #define MAXENVENT 24 /* Max number of default env variables + 1 */ 520 /* init can use three itself, so this leaves */ 521 /* 20 for the administrator in ENVFILE. */ 522 static char *glob_envp[MAXENVENT]; /* Array of environment strings */ 523 static int glob_envn; /* Number of environment strings */ 524 525 526 static struct pollfd poll_fds[1]; 527 static int poll_nfds = 0; /* poll_fds is uninitialized */ 528 529 /* 530 * Contracts constants 531 */ 532 #define SVC_INIT_PREFIX "init:/" 533 #define SVC_AUX_SIZE (INITTAB_ENTRY_ID_SIZE + 1) 534 #define SVC_FMRI_SIZE (sizeof (SVC_INIT_PREFIX) + INITTAB_ENTRY_ID_SIZE) 535 536 static int legacy_tmpl = -1; /* fd for legacy contract template */ 537 static int startd_tmpl = -1; /* fd for svc.startd's template */ 538 static char startd_svc_aux[SVC_AUX_SIZE]; 539 540 static char startd_cline[256] = ""; /* svc.startd's command line */ 541 static int do_restart_startd = 1; /* Whether to restart svc.startd. */ 542 static char *smf_options = NULL; /* Options to give to startd. */ 543 static int smf_debug = 0; /* Messages for debugging smf(5) */ 544 static time_t init_boot_time; /* Substitute for kernel boot time. */ 545 546 #define NSTARTD_FAILURE_TIMES 3 /* trigger after 3 failures */ 547 #define STARTD_FAILURE_RATE_NS 5000000000LL /* 1 failure/5 seconds */ 548 549 static hrtime_t startd_failure_time[NSTARTD_FAILURE_TIMES]; 550 static uint_t startd_failure_index; 551 552 553 static char *prog_name(char *); 554 static int state_to_mask(int); 555 static int lvlname_to_mask(char, int *); 556 static void lscf_set_runlevel(char); 557 static int state_to_flags(int); 558 static char state_to_name(int); 559 static int lvlname_to_state(char); 560 static int getcmd(struct CMD_LINE *, char *); 561 static int realcon(); 562 static int spawn_processes(); 563 static int get_ioctl_syscon(); 564 static int account(short, struct PROC_TABLE *, char *); 565 static void alarmclk(); 566 static void childeath(int); 567 static void cleanaux(); 568 static void clearent(pid_t, short); 569 static void console(boolean_t, char *, ...); 570 static void init_signals(void); 571 static void setup_pipe(); 572 static void killproc(pid_t); 573 static void init_env(); 574 static void boot_init(); 575 static void powerfail(); 576 static void remv(); 577 static void write_ioctl_syscon(); 578 static void spawn(struct PROC_TABLE *, struct CMD_LINE *); 579 static void setimer(int); 580 static void siglvl(int, siginfo_t *, ucontext_t *); 581 static void sigpoll(int); 582 static void enter_maintenance(void); 583 static void timer(int); 584 static void userinit(int, char **); 585 static void notify_pam_dead(struct utmpx *); 586 static long waitproc(struct PROC_TABLE *); 587 static struct PROC_TABLE *efork(int, struct PROC_TABLE *, int); 588 static struct PROC_TABLE *findpslot(struct CMD_LINE *); 589 static void increase_proc_table_size(); 590 static void st_init(); 591 static void st_write(); 592 static void contracts_init(); 593 static void contract_event(struct pollfd *); 594 static int startd_run(const char *, int, ctid_t); 595 static void startd_record_failure(); 596 static int startd_failure_rate_critical(); 597 static char *audit_boot_msg(); 598 static int audit_put_record(int, int, char *); 599 static void update_boot_archive(int new_state); 600 601 int 602 main(int argc, char *argv[]) 603 { 604 int chg_lvl_flag = FALSE, print_banner = FALSE; 605 int may_need_audit = 1; 606 int c; 607 char *msg; 608 609 /* Get a timestamp for use as boot time, if needed. */ 610 (void) time(&init_boot_time); 611 612 /* Get the default umask */ 613 cmask = umask(022); 614 (void) umask(cmask); 615 616 /* Parse the arguments to init. Check for single user */ 617 opterr = 0; 618 while ((c = getopt(argc, argv, "brsm:")) != EOF) { 619 switch (c) { 620 case 'b': 621 rflg = 0; 622 bflg = 1; 623 if (!sflg) 624 sflg++; 625 break; 626 case 'r': 627 bflg = 0; 628 rflg++; 629 break; 630 case 's': 631 if (!bflg) 632 sflg++; 633 break; 634 case 'm': 635 smf_options = optarg; 636 smf_debug = (strstr(smf_options, "debug") != NULL); 637 break; 638 } 639 } 640 641 /* 642 * Determine if we are the main init, or a user invoked init, whose job 643 * it is to inform init to change levels or perform some other action. 644 */ 645 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 646 sizeof (init_pid)) != sizeof (init_pid)) { 647 (void) fprintf(stderr, "could not get pid for init\n"); 648 return (1); 649 } 650 651 /* 652 * If this PID is not the same as the "true" init for the zone, then we 653 * must be in 'user' mode. 654 */ 655 if (getpid() != init_pid) { 656 userinit(argc, argv); 657 } 658 659 if (getzoneid() != GLOBAL_ZONEID) { 660 print_banner = TRUE; 661 } 662 663 /* 664 * Initialize state (and set "booting"). 665 */ 666 st_init(); 667 668 if (booting && print_banner) { 669 struct utsname un; 670 char buf[BUFSIZ], *isa; 671 long ret; 672 int bits = 32; 673 674 /* 675 * We want to print the boot banner as soon as 676 * possible. In the global zone, the kernel does it, 677 * but we do not have that luxury in non-global zones, 678 * so we will print it here. 679 */ 680 (void) uname(&un); 681 ret = sysinfo(SI_ISALIST, buf, sizeof (buf)); 682 if (ret != -1L && ret <= sizeof (buf)) { 683 for (isa = strtok(buf, " "); isa; 684 isa = strtok(NULL, " ")) { 685 if (strcmp(isa, "sparcv9") == 0 || 686 strcmp(isa, "amd64") == 0) { 687 bits = 64; 688 break; 689 } 690 } 691 } 692 693 console(B_FALSE, 694 "\n\n%s Release %s Version %s %d-bit\r\n", 695 un.sysname, un.release, un.version, bits); 696 console(B_FALSE, 697 "Copyright 1983-2009 Sun Microsystems, Inc. " 698 " All rights reserved.\r\n"); 699 console(B_FALSE, 700 "Use is subject to license terms.\r\n"); 701 } 702 703 /* 704 * Get the ioctl settings for /dev/syscon from /etc/ioctl.syscon 705 * so that it can be brought up in the state it was in when the 706 * system went down; or set to defaults if ioctl.syscon isn't 707 * valid. 708 * 709 * This needs to be done even if we're restarting so reset_modes() 710 * will work in case we need to go down to single user mode. 711 */ 712 write_ioctl = get_ioctl_syscon(); 713 714 /* 715 * Set up all signals to be caught or ignored as appropriate. 716 */ 717 init_signals(); 718 719 /* Load glob_envp from ENVFILE. */ 720 init_env(); 721 722 contracts_init(); 723 724 if (!booting) { 725 /* cur_state should have been read in. */ 726 727 op_modes = NORMAL_MODES; 728 729 /* Rewrite the ioctl file if it was bad. */ 730 if (write_ioctl) 731 write_ioctl_syscon(); 732 } else { 733 /* 734 * It's fine to boot up with state as zero, because 735 * startd will later tell us the real state. 736 */ 737 cur_state = 0; 738 op_modes = BOOT_MODES; 739 740 boot_init(); 741 } 742 743 prev_state = prior_state = cur_state; 744 745 setup_pipe(); 746 747 /* 748 * Here is the beginning of the main process loop. 749 */ 750 for (;;) { 751 if (lvlq_received) { 752 setup_pipe(); 753 lvlq_received = B_FALSE; 754 } 755 756 /* 757 * Clean up any accounting records for dead "godchildren". 758 */ 759 if (Gchild) 760 cleanaux(); 761 762 /* 763 * If in "normal" mode, check all living processes and initiate 764 * kill sequence on those that should not be there anymore. 765 */ 766 if (op_modes == NORMAL_MODES && cur_state != LVLa && 767 cur_state != LVLb && cur_state != LVLc) 768 remv(); 769 770 /* 771 * If a change in run levels is the reason we awoke, now do 772 * the accounting to report the change in the utmp file. 773 * Also report the change on the system console. 774 */ 775 if (chg_lvl_flag) { 776 chg_lvl_flag = FALSE; 777 778 if (state_to_flags(cur_state) & LSEL_RUNLEVEL) { 779 char rl = state_to_name(cur_state); 780 781 if (rl != -1) 782 lscf_set_runlevel(rl); 783 } 784 785 may_need_audit = 1; 786 } 787 788 /* 789 * Scan the inittab file and spawn and respawn processes that 790 * should be alive in the current state. If inittab does not 791 * exist default to single user mode. 792 */ 793 if (spawn_processes() == FAILURE) { 794 prior_state = prev_state; 795 cur_state = SINGLE_USER; 796 } 797 798 /* If any respawns occurred, take note. */ 799 if (rsflag) { 800 rsflag = 0; 801 spawncnt++; 802 } 803 804 /* 805 * If a powerfail signal was received during the last 806 * sequence, set mode to powerfail. When spawn_processes() is 807 * entered the first thing it does is to check "powerhit". If 808 * it is in PF_MODES then it clears "powerhit" and does 809 * a powerfail sequence. If it is not in PF_MODES, then it 810 * puts itself in PF_MODES and then clears "powerhit". Should 811 * "powerhit" get set again while spawn_processes() is working 812 * on a powerfail sequence, the following code will see that 813 * spawn_processes() tries to execute the powerfail sequence 814 * again. This guarantees that the powerfail sequence will be 815 * successfully completed before further processing takes 816 * place. 817 */ 818 if (wakeup.w_flags.w_powerhit) { 819 op_modes = PF_MODES; 820 /* 821 * Make sure that cur_state != prev_state so that 822 * ONCE and WAIT types work. 823 */ 824 prev_state = 0; 825 } else if (op_modes != NORMAL_MODES) { 826 /* 827 * If spawn_processes() was not just called while in 828 * normal mode, we set the mode to normal and it will 829 * be called again to check normal modes. If we have 830 * just finished a powerfail sequence with prev_state 831 * equal to zero, we set prev_state equal to cur_state 832 * before the next pass through. 833 */ 834 if (op_modes == PF_MODES) 835 prev_state = cur_state; 836 op_modes = NORMAL_MODES; 837 } else if (cur_state == LVLa || cur_state == LVLb || 838 cur_state == LVLc) { 839 /* 840 * If it was a change of levels that awakened us and the 841 * new level is one of the demand levels then reset 842 * cur_state to the previous state and do another scan 843 * to take care of the usual respawn actions. 844 */ 845 cur_state = prior_state; 846 prior_state = prev_state; 847 prev_state = cur_state; 848 } else { 849 prev_state = cur_state; 850 851 if (wakeup.w_mask == 0) { 852 int ret; 853 854 if (may_need_audit && (cur_state == LVL3)) { 855 msg = audit_boot_msg(); 856 857 may_need_audit = 0; 858 (void) audit_put_record(ADT_SUCCESS, 859 ADT_SUCCESS, msg); 860 free(msg); 861 } 862 863 /* 864 * "init" is finished with all actions for 865 * the current wakeup. 866 */ 867 ret = poll(poll_fds, poll_nfds, 868 SLEEPTIME * MILLISEC); 869 pausecnt++; 870 if (ret > 0) 871 contract_event(&poll_fds[0]); 872 else if (ret < 0 && errno != EINTR) 873 console(B_TRUE, "poll() error: %s\n", 874 strerror(errno)); 875 } 876 877 if (wakeup.w_flags.w_usersignal) { 878 /* 879 * Install the new level. This could be a real 880 * change in levels or a telinit [Q|a|b|c] or 881 * just a telinit to the same level at which 882 * we are running. 883 */ 884 if (new_state != cur_state) { 885 if (new_state == LVLa || 886 new_state == LVLb || 887 new_state == LVLc) { 888 prev_state = prior_state; 889 prior_state = cur_state; 890 cur_state = new_state; 891 } else { 892 prev_state = cur_state; 893 if (cur_state >= 0) 894 prior_state = cur_state; 895 cur_state = new_state; 896 chg_lvl_flag = TRUE; 897 } 898 } 899 900 new_state = 0; 901 } 902 903 if (wakeup.w_flags.w_powerhit) 904 op_modes = PF_MODES; 905 906 /* 907 * Clear all wakeup reasons. 908 */ 909 wakeup.w_mask = 0; 910 } 911 } 912 913 /*NOTREACHED*/ 914 } 915 916 static void 917 update_boot_archive(int new_state) 918 { 919 if (new_state != LVL0 && new_state != LVL5 && new_state != LVL6) 920 return; 921 922 if (getzoneid() != GLOBAL_ZONEID) 923 return; 924 925 (void) system("/sbin/bootadm -a update_all"); 926 } 927 928 /* 929 * void enter_maintenance() 930 * A simple invocation of sulogin(1M), with no baggage, in the case that we 931 * are unable to activate svc.startd(1M). We fork; the child runs sulogin; 932 * we wait for it to exit. 933 */ 934 static void 935 enter_maintenance() 936 { 937 struct PROC_TABLE *su_process; 938 939 console(B_FALSE, "Requesting maintenance mode\n" 940 "(See /lib/svc/share/README for additional information.)\n"); 941 (void) sigset(SIGCLD, SIG_DFL); 942 while ((su_process = efork(M_OFF, NULLPROC, NOCLEANUP)) == NO_ROOM) 943 (void) pause(); 944 (void) sigset(SIGCLD, childeath); 945 if (su_process == NULLPROC) { 946 int fd; 947 948 (void) fclose(stdin); 949 (void) fclose(stdout); 950 (void) fclose(stderr); 951 closefrom(0); 952 953 fd = open(SYSCON, O_RDWR | O_NOCTTY); 954 if (fd >= 0) { 955 (void) dup2(fd, 1); 956 (void) dup2(fd, 2); 957 } else { 958 /* 959 * Need to issue an error message somewhere. 960 */ 961 syslog(LOG_CRIT, "init[%d]: cannot open %s; %s\n", 962 getpid(), SYSCON, strerror(errno)); 963 } 964 965 /* 966 * Execute the "su" program. 967 */ 968 (void) execle(SU, SU, "-", (char *)0, glob_envp); 969 console(B_TRUE, "execle of %s failed: %s\n", SU, 970 strerror(errno)); 971 timer(5); 972 exit(1); 973 } 974 975 /* 976 * If we are the parent, wait around for the child to die 977 * or for "init" to be signaled to change levels. 978 */ 979 while (waitproc(su_process) == FAILURE) { 980 /* 981 * All other reasons for waking are ignored when in 982 * single-user mode. The only child we are interested 983 * in is being waited for explicitly by waitproc(). 984 */ 985 wakeup.w_mask = 0; 986 } 987 } 988 989 /* 990 * remv() scans through "proc_table" and performs cleanup. If 991 * there is a process in the table, which shouldn't be here at 992 * the current run level, then remv() kills the process. 993 */ 994 static void 995 remv() 996 { 997 struct PROC_TABLE *process; 998 struct CMD_LINE cmd; 999 char cmd_string[MAXCMDL]; 1000 int change_level; 1001 1002 change_level = (cur_state != prev_state ? TRUE : FALSE); 1003 1004 /* 1005 * Clear the TOUCHED flag on all entries so that when we have 1006 * finished scanning inittab, we will be able to tell if we 1007 * have any processes for which there is no entry in inittab. 1008 */ 1009 for (process = proc_table; 1010 (process < proc_table + num_proc); process++) { 1011 process->p_flags &= ~TOUCHED; 1012 } 1013 1014 /* 1015 * Scan all inittab entries. 1016 */ 1017 while (getcmd(&cmd, &cmd_string[0]) == TRUE) { 1018 /* Scan for process which goes with this entry in inittab. */ 1019 for (process = proc_table; 1020 (process < proc_table + num_proc); process++) { 1021 if ((process->p_flags & OCCUPIED) == 0 || 1022 !id_eq(process->p_id, cmd.c_id)) 1023 continue; 1024 1025 /* 1026 * This slot contains the process we are looking for. 1027 */ 1028 1029 /* 1030 * Is the cur_state SINGLE_USER or is this process 1031 * marked as "off" or was this proc started by some 1032 * mechanism other than LVL{a|b|c} and the current level 1033 * does not support this process? 1034 */ 1035 if (cur_state == SINGLE_USER || 1036 cmd.c_action == M_OFF || 1037 ((cmd.c_levels & state_to_mask(cur_state)) == 0 && 1038 (process->p_flags & DEMANDREQUEST) == 0)) { 1039 if (process->p_flags & LIVING) { 1040 /* 1041 * Touch this entry so we know we have 1042 * treated it. Note that procs which 1043 * are already dead at this point and 1044 * should not be restarted are left 1045 * untouched. This causes their slot to 1046 * be freed later after dead accounting 1047 * is done. 1048 */ 1049 process->p_flags |= TOUCHED; 1050 1051 if ((process->p_flags & KILLED) == 0) { 1052 if (change_level) { 1053 process->p_flags 1054 |= WARNED; 1055 (void) kill( 1056 process->p_pid, 1057 SIGTERM); 1058 } else { 1059 /* 1060 * Fork a killing proc 1061 * so "init" can 1062 * continue without 1063 * having to pause for 1064 * TWARN seconds. 1065 */ 1066 killproc( 1067 process->p_pid); 1068 } 1069 process->p_flags |= KILLED; 1070 } 1071 } 1072 } else { 1073 /* 1074 * Process can exist at current level. If it is 1075 * still alive or a DEMANDREQUEST we touch it so 1076 * it will be left alone. Otherwise we leave it 1077 * untouched so it will be accounted for and 1078 * cleaned up later in remv(). Dead 1079 * DEMANDREQUESTs will be accounted but not 1080 * freed. 1081 */ 1082 if (process->p_flags & 1083 (LIVING|NOCLEANUP|DEMANDREQUEST)) 1084 process->p_flags |= TOUCHED; 1085 } 1086 1087 break; 1088 } 1089 } 1090 1091 st_write(); 1092 1093 /* 1094 * If this was a change of levels call, scan through the 1095 * process table for processes that were warned to die. If any 1096 * are found that haven't left yet, sleep for TWARN seconds and 1097 * then send final terminations to any that haven't died yet. 1098 */ 1099 if (change_level) { 1100 1101 /* 1102 * Set the alarm for TWARN seconds on the assumption 1103 * that there will be some that need to be waited for. 1104 * This won't harm anything except we are guaranteed to 1105 * wakeup in TWARN seconds whether we need to or not. 1106 */ 1107 setimer(TWARN); 1108 1109 /* 1110 * Scan for processes which should be dying. We hope they 1111 * will die without having to be sent a SIGKILL signal. 1112 */ 1113 for (process = proc_table; 1114 (process < proc_table + num_proc); process++) { 1115 /* 1116 * If this process should die, hasn't yet, and the 1117 * TWARN time hasn't expired yet, wait for process 1118 * to die or for timer to expire. 1119 */ 1120 while (time_up == FALSE && 1121 (process->p_flags & (WARNED|LIVING|OCCUPIED)) == 1122 (WARNED|LIVING|OCCUPIED)) 1123 (void) pause(); 1124 1125 if (time_up == TRUE) 1126 break; 1127 } 1128 1129 /* 1130 * If we reached the end of the table without the timer 1131 * expiring, then there are no procs which will have to be 1132 * sent the SIGKILL signal. If the timer has expired, then 1133 * it is necessary to scan the table again and send signals 1134 * to all processes which aren't going away nicely. 1135 */ 1136 if (time_up == TRUE) { 1137 for (process = proc_table; 1138 (process < proc_table + num_proc); process++) { 1139 if ((process->p_flags & 1140 (WARNED|LIVING|OCCUPIED)) == 1141 (WARNED|LIVING|OCCUPIED)) 1142 (void) kill(process->p_pid, SIGKILL); 1143 } 1144 } 1145 setimer(0); 1146 } 1147 1148 /* 1149 * Rescan the proc_table for two kinds of entry, those marked LIVING, 1150 * NAMED, which don't have an entry in inittab (haven't been TOUCHED 1151 * by the above scanning), and haven't been sent kill signals, and 1152 * those entries marked not LIVING, NAMED. The former procs are killed. 1153 * The latter have DEAD_PROCESS accounting done and the slot cleared. 1154 */ 1155 for (process = proc_table; 1156 (process < proc_table + num_proc); process++) { 1157 if ((process->p_flags & (LIVING|NAMED|TOUCHED|KILLED|OCCUPIED)) 1158 == (LIVING|NAMED|OCCUPIED)) { 1159 killproc(process->p_pid); 1160 process->p_flags |= KILLED; 1161 } else if ((process->p_flags & (LIVING|NAMED|OCCUPIED)) == 1162 (NAMED|OCCUPIED)) { 1163 (void) account(DEAD_PROCESS, process, NULL); 1164 /* 1165 * If this named proc hasn't been TOUCHED, then free the 1166 * space. It has either died of it's own accord, but 1167 * isn't respawnable or it was killed because it 1168 * shouldn't exist at this level. 1169 */ 1170 if ((process->p_flags & TOUCHED) == 0) 1171 process->p_flags = 0; 1172 } 1173 } 1174 1175 st_write(); 1176 } 1177 1178 /* 1179 * Extract the svc.startd command line and whether to restart it from its 1180 * inittab entry. 1181 */ 1182 /*ARGSUSED*/ 1183 static void 1184 process_startd_line(struct CMD_LINE *cmd, char *cmd_string) 1185 { 1186 size_t sz; 1187 1188 /* Save the command line. */ 1189 if (sflg || rflg) { 1190 /* Also append -r or -s. */ 1191 (void) strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1192 (void) strlcat(startd_cline, " -", sizeof (startd_cline)); 1193 if (sflg) 1194 sz = strlcat(startd_cline, "s", sizeof (startd_cline)); 1195 if (rflg) 1196 sz = strlcat(startd_cline, "r", sizeof (startd_cline)); 1197 } else { 1198 sz = strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1199 } 1200 1201 if (sz >= sizeof (startd_cline)) { 1202 console(B_TRUE, 1203 "svc.startd command line too long. Ignoring.\n"); 1204 startd_cline[0] = '\0'; 1205 return; 1206 } 1207 } 1208 1209 /* 1210 * spawn_processes() scans inittab for entries which should be run at this 1211 * mode. Processes which should be running but are not, are started. 1212 */ 1213 static int 1214 spawn_processes() 1215 { 1216 struct PROC_TABLE *pp; 1217 struct CMD_LINE cmd; 1218 char cmd_string[MAXCMDL]; 1219 short lvl_mask; 1220 int status; 1221 1222 /* 1223 * First check the "powerhit" flag. If it is set, make sure the modes 1224 * are PF_MODES and clear the "powerhit" flag. Avoid the possible race 1225 * on the "powerhit" flag by disallowing a new powerfail interrupt 1226 * between the test of the powerhit flag and the clearing of it. 1227 */ 1228 if (wakeup.w_flags.w_powerhit) { 1229 wakeup.w_flags.w_powerhit = 0; 1230 op_modes = PF_MODES; 1231 } 1232 lvl_mask = state_to_mask(cur_state); 1233 1234 /* 1235 * Scan through all the entries in inittab. 1236 */ 1237 while ((status = getcmd(&cmd, &cmd_string[0])) == TRUE) { 1238 if (id_eq(cmd.c_id, "smf")) { 1239 process_startd_line(&cmd, cmd_string); 1240 continue; 1241 } 1242 1243 retry_for_proc_slot: 1244 1245 /* 1246 * Find out if there is a process slot for this entry already. 1247 */ 1248 if ((pp = findpslot(&cmd)) == NULLPROC) { 1249 /* 1250 * we've run out of proc table entries 1251 * increase proc_table. 1252 */ 1253 increase_proc_table_size(); 1254 1255 /* 1256 * Retry now as we have an empty proc slot. 1257 * In case increase_proc_table_size() fails, 1258 * we will keep retrying. 1259 */ 1260 goto retry_for_proc_slot; 1261 } 1262 1263 /* 1264 * If there is an entry, and it is marked as DEMANDREQUEST, 1265 * one of the levels a, b, or c is in its levels mask, and 1266 * the action field is ONDEMAND and ONDEMAND is a permissable 1267 * mode, and the process is dead, then respawn it. 1268 */ 1269 if (((pp->p_flags & (LIVING|DEMANDREQUEST)) == DEMANDREQUEST) && 1270 (cmd.c_levels & MASK_abc) && 1271 (cmd.c_action & op_modes) == M_ONDEMAND) { 1272 spawn(pp, &cmd); 1273 continue; 1274 } 1275 1276 /* 1277 * If the action is not an action we are interested in, 1278 * skip the entry. 1279 */ 1280 if ((cmd.c_action & op_modes) == 0 || pp->p_flags & LIVING || 1281 (cmd.c_levels & lvl_mask) == 0) 1282 continue; 1283 1284 /* 1285 * If the modes are the normal modes (ONCE, WAIT, RESPAWN, OFF, 1286 * ONDEMAND) and the action field is either OFF or the action 1287 * field is ONCE or WAIT and the current level is the same as 1288 * the last level, then skip this entry. ONCE and WAIT only 1289 * get run when the level changes. 1290 */ 1291 if (op_modes == NORMAL_MODES && 1292 (cmd.c_action == M_OFF || 1293 (cmd.c_action & (M_ONCE|M_WAIT)) && 1294 cur_state == prev_state)) 1295 continue; 1296 1297 /* 1298 * At this point we are interested in performing the action for 1299 * this entry. Actions fall into two categories, spinning off 1300 * a process and not waiting, and spinning off a process and 1301 * waiting for it to die. If the action is ONCE, RESPAWN, 1302 * ONDEMAND, POWERFAIL, or BOOT we don't wait for the process 1303 * to die, for all other actions we do wait. 1304 */ 1305 if (cmd.c_action & (M_ONCE | M_RESPAWN | M_PF | M_BOOT)) { 1306 spawn(pp, &cmd); 1307 1308 } else { 1309 spawn(pp, &cmd); 1310 while (waitproc(pp) == FAILURE); 1311 (void) account(DEAD_PROCESS, pp, NULL); 1312 pp->p_flags = 0; 1313 } 1314 } 1315 return (status); 1316 } 1317 1318 /* 1319 * spawn() spawns a shell, inserts the information about the process 1320 * process into the proc_table, and does the startup accounting. 1321 */ 1322 static void 1323 spawn(struct PROC_TABLE *process, struct CMD_LINE *cmd) 1324 { 1325 int i; 1326 int modes, maxfiles; 1327 time_t now; 1328 struct PROC_TABLE tmproc, *oprocess; 1329 1330 /* 1331 * The modes to be sent to efork() are 0 unless we are 1332 * spawning a LVLa, LVLb, or LVLc entry or we will be 1333 * waiting for the death of the child before continuing. 1334 */ 1335 modes = NAMED; 1336 if (process->p_flags & DEMANDREQUEST || cur_state == LVLa || 1337 cur_state == LVLb || cur_state == LVLc) 1338 modes |= DEMANDREQUEST; 1339 if ((cmd->c_action & (M_SYSINIT | M_WAIT | M_BOOTWAIT | M_PWAIT)) != 0) 1340 modes |= NOCLEANUP; 1341 1342 /* 1343 * If this is a respawnable process, check the threshold 1344 * information to avoid excessive respawns. 1345 */ 1346 if (cmd->c_action & M_RESPAWN) { 1347 /* 1348 * Add NOCLEANUP to all respawnable commands so that the 1349 * information about the frequency of respawns isn't lost. 1350 */ 1351 modes |= NOCLEANUP; 1352 (void) time(&now); 1353 1354 /* 1355 * If no time is assigned, then this is the first time 1356 * this command is being processed in this series. Assign 1357 * the current time. 1358 */ 1359 if (process->p_time == 0L) 1360 process->p_time = now; 1361 1362 if (process->p_count++ == SPAWN_LIMIT) { 1363 1364 if ((now - process->p_time) < SPAWN_INTERVAL) { 1365 /* 1366 * Process is respawning too rapidly. Print 1367 * message and refuse to respawn it for now. 1368 */ 1369 console(B_TRUE, "Command is respawning too " 1370 "rapidly. Check for possible errors.\n" 1371 "id:%4s \"%s\"\n", 1372 &cmd->c_id[0], &cmd->c_command[EXEC]); 1373 return; 1374 } 1375 process->p_time = now; 1376 process->p_count = 0; 1377 1378 } else if (process->p_count > SPAWN_LIMIT) { 1379 /* 1380 * If process has been respawning too rapidly and 1381 * the inhibit time limit hasn't expired yet, we 1382 * refuse to respawn. 1383 */ 1384 if (now - process->p_time < SPAWN_INTERVAL + INHIBIT) 1385 return; 1386 process->p_time = now; 1387 process->p_count = 0; 1388 } 1389 rsflag = TRUE; 1390 } 1391 1392 /* 1393 * Spawn a child process to execute this command. 1394 */ 1395 (void) sigset(SIGCLD, SIG_DFL); 1396 oprocess = process; 1397 while ((process = efork(cmd->c_action, oprocess, modes)) == NO_ROOM) 1398 (void) pause(); 1399 1400 if (process == NULLPROC) { 1401 1402 /* 1403 * We are the child. We must make sure we get a different 1404 * file pointer for our references to utmpx. Otherwise our 1405 * seeks and reads will compete with those of the parent. 1406 */ 1407 endutxent(); 1408 1409 /* 1410 * Perform the accounting for the beginning of a process. 1411 * Note that all processes are initially "INIT_PROCESS"es. 1412 */ 1413 tmproc.p_id[0] = cmd->c_id[0]; 1414 tmproc.p_id[1] = cmd->c_id[1]; 1415 tmproc.p_id[2] = cmd->c_id[2]; 1416 tmproc.p_id[3] = cmd->c_id[3]; 1417 tmproc.p_pid = getpid(); 1418 tmproc.p_exit = 0; 1419 (void) account(INIT_PROCESS, &tmproc, 1420 prog_name(&cmd->c_command[EXEC])); 1421 maxfiles = ulimit(UL_GDESLIM, 0); 1422 for (i = 0; i < maxfiles; i++) 1423 (void) fcntl(i, F_SETFD, FD_CLOEXEC); 1424 1425 /* 1426 * Now exec a shell with the -c option and the command 1427 * from inittab. 1428 */ 1429 (void) execle(SH, "INITSH", "-c", cmd->c_command, (char *)0, 1430 glob_envp); 1431 console(B_TRUE, "Command\n\"%s\"\n failed to execute. errno " 1432 "= %d (exec of shell failed)\n", cmd->c_command, errno); 1433 1434 /* 1435 * Don't come back so quickly that "init" doesn't have a 1436 * chance to finish putting this child in "proc_table". 1437 */ 1438 timer(20); 1439 exit(1); 1440 1441 } 1442 1443 /* 1444 * We are the parent. Insert the necessary 1445 * information in the proc_table. 1446 */ 1447 process->p_id[0] = cmd->c_id[0]; 1448 process->p_id[1] = cmd->c_id[1]; 1449 process->p_id[2] = cmd->c_id[2]; 1450 process->p_id[3] = cmd->c_id[3]; 1451 1452 st_write(); 1453 1454 (void) sigset(SIGCLD, childeath); 1455 } 1456 1457 /* 1458 * findpslot() finds the old slot in the process table for the 1459 * command with the same id, or it finds an empty slot. 1460 */ 1461 static struct PROC_TABLE * 1462 findpslot(struct CMD_LINE *cmd) 1463 { 1464 struct PROC_TABLE *process; 1465 struct PROC_TABLE *empty = NULLPROC; 1466 1467 for (process = proc_table; 1468 (process < proc_table + num_proc); process++) { 1469 if (process->p_flags & OCCUPIED && 1470 id_eq(process->p_id, cmd->c_id)) 1471 break; 1472 1473 /* 1474 * If the entry is totally empty and "empty" is still 0, 1475 * remember where this hole is and make sure the slot is 1476 * zeroed out. 1477 */ 1478 if (empty == NULLPROC && (process->p_flags & OCCUPIED) == 0) { 1479 empty = process; 1480 process->p_id[0] = '\0'; 1481 process->p_id[1] = '\0'; 1482 process->p_id[2] = '\0'; 1483 process->p_id[3] = '\0'; 1484 process->p_pid = 0; 1485 process->p_time = 0L; 1486 process->p_count = 0; 1487 process->p_flags = 0; 1488 process->p_exit = 0; 1489 } 1490 } 1491 1492 /* 1493 * If there is no entry for this slot, then there should be an 1494 * empty slot. If there is no empty slot, then we've run out 1495 * of proc_table space. If the latter is true, empty will be 1496 * NULL and the caller will have to complain. 1497 */ 1498 if (process == (proc_table + num_proc)) 1499 process = empty; 1500 1501 return (process); 1502 } 1503 1504 /* 1505 * getcmd() parses lines from inittab. Each time it finds a command line 1506 * it will return TRUE as well as fill the passed CMD_LINE structure and 1507 * the shell command string. When the end of inittab is reached, FALSE 1508 * is returned inittab is automatically opened if it is not currently open 1509 * and is closed when the end of the file is reached. 1510 */ 1511 static FILE *fp_inittab = NULL; 1512 1513 static int 1514 getcmd(struct CMD_LINE *cmd, char *shcmd) 1515 { 1516 char *ptr; 1517 int c, lastc, state; 1518 char *ptr1; 1519 int answer, i, proceed; 1520 struct stat sbuf; 1521 static char *actions[] = { 1522 "off", "respawn", "ondemand", "once", "wait", "boot", 1523 "bootwait", "powerfail", "powerwait", "initdefault", 1524 "sysinit", 1525 }; 1526 static short act_masks[] = { 1527 M_OFF, M_RESPAWN, M_ONDEMAND, M_ONCE, M_WAIT, M_BOOT, 1528 M_BOOTWAIT, M_PF, M_PWAIT, M_INITDEFAULT, M_SYSINIT, 1529 }; 1530 /* 1531 * Only these actions will be allowed for entries which 1532 * are specified for single-user mode. 1533 */ 1534 short su_acts = M_INITDEFAULT | M_PF | M_PWAIT | M_WAIT; 1535 1536 if (fp_inittab == NULL) { 1537 /* 1538 * Before attempting to open inittab we stat it to make 1539 * sure it currently exists and is not empty. We try 1540 * several times because someone may have temporarily 1541 * unlinked or truncated the file. 1542 */ 1543 for (i = 0; i < 3; i++) { 1544 if (stat(INITTAB, &sbuf) == -1) { 1545 if (i == 2) { 1546 console(B_TRUE, 1547 "Cannot stat %s, errno: %d\n", 1548 INITTAB, errno); 1549 return (FAILURE); 1550 } else { 1551 timer(3); 1552 } 1553 } else if (sbuf.st_size < 10) { 1554 if (i == 2) { 1555 console(B_TRUE, 1556 "%s truncated or corrupted\n", 1557 INITTAB); 1558 return (FAILURE); 1559 } else { 1560 timer(3); 1561 } 1562 } else { 1563 break; 1564 } 1565 } 1566 1567 /* 1568 * If unable to open inittab, print error message and 1569 * return FAILURE to caller. 1570 */ 1571 if ((fp_inittab = fopen(INITTAB, "r")) == NULL) { 1572 console(B_TRUE, "Cannot open %s errno: %d\n", INITTAB, 1573 errno); 1574 return (FAILURE); 1575 } 1576 } 1577 1578 /* 1579 * Keep getting commands from inittab until you find a 1580 * good one or run out of file. 1581 */ 1582 for (answer = FALSE; answer == FALSE; ) { 1583 /* 1584 * Zero out the cmd itself before trying next line. 1585 */ 1586 bzero(cmd, sizeof (struct CMD_LINE)); 1587 1588 /* 1589 * Read in lines of inittab, parsing at colons, until a line is 1590 * read in which doesn't end with a backslash. Do not start if 1591 * the first character read is an EOF. Note that this means 1592 * that lines which don't end in a newline are still processed, 1593 * since the "for" will terminate normally once started, 1594 * regardless of whether line terminates with a newline or EOF. 1595 */ 1596 state = FAILURE; 1597 if ((c = fgetc(fp_inittab)) == EOF) { 1598 answer = FALSE; 1599 (void) fclose(fp_inittab); 1600 fp_inittab = NULL; 1601 break; 1602 } 1603 1604 for (proceed = TRUE, ptr = shcmd, state = ID, lastc = '\0'; 1605 proceed && c != EOF; 1606 lastc = c, c = fgetc(fp_inittab)) { 1607 /* If we're not in the FAILURE state and haven't */ 1608 /* yet reached the shell command field, process */ 1609 /* the line, otherwise just look for a real end */ 1610 /* of line. */ 1611 if (state != FAILURE && state != COMMAND) { 1612 /* 1613 * Squeeze out spaces and tabs. 1614 */ 1615 if (c == ' ' || c == '\t') 1616 continue; 1617 1618 /* 1619 * Ignore characters in a comment, except for the \n. 1620 */ 1621 if (state == COMMENT) { 1622 if (c == '\n') { 1623 lastc = ' '; 1624 break; 1625 } else { 1626 continue; 1627 } 1628 } 1629 1630 /* 1631 * Detect comments (lines whose first non-whitespace 1632 * character is '#') by checking that we're at the 1633 * beginning of a line, have seen a '#', and haven't 1634 * yet accumulated any characters. 1635 */ 1636 if (state == ID && c == '#' && ptr == shcmd) { 1637 state = COMMENT; 1638 continue; 1639 } 1640 1641 /* 1642 * If the character is a ':', then check the 1643 * previous field for correctness and advance 1644 * to the next field. 1645 */ 1646 if (c == ':') { 1647 switch (state) { 1648 1649 case ID : 1650 /* 1651 * Check to see that there are only 1652 * 1 to 4 characters for the id. 1653 */ 1654 if ((i = ptr - shcmd) < 1 || i > 4) { 1655 state = FAILURE; 1656 } else { 1657 bcopy(shcmd, &cmd->c_id[0], i); 1658 ptr = shcmd; 1659 state = LEVELS; 1660 } 1661 break; 1662 1663 case LEVELS : 1664 /* 1665 * Build a mask for all the levels for 1666 * which this command will be legal. 1667 */ 1668 for (cmd->c_levels = 0, ptr1 = shcmd; 1669 ptr1 < ptr; ptr1++) { 1670 int mask; 1671 if (lvlname_to_mask(*ptr1, 1672 &mask) == -1) { 1673 state = FAILURE; 1674 break; 1675 } 1676 cmd->c_levels |= mask; 1677 } 1678 if (state != FAILURE) { 1679 state = ACTION; 1680 ptr = shcmd; /* Reset the buffer */ 1681 } 1682 break; 1683 1684 case ACTION : 1685 /* 1686 * Null terminate the string in shcmd buffer and 1687 * then try to match against legal actions. If 1688 * the field is of length 0, then the default of 1689 * "RESPAWN" is used if the id is numeric, 1690 * otherwise the default is "OFF". 1691 */ 1692 if (ptr == shcmd) { 1693 if (isdigit(cmd->c_id[0]) && 1694 (cmd->c_id[1] == '\0' || 1695 isdigit(cmd->c_id[1])) && 1696 (cmd->c_id[2] == '\0' || 1697 isdigit(cmd->c_id[2])) && 1698 (cmd->c_id[3] == '\0' || 1699 isdigit(cmd->c_id[3]))) 1700 cmd->c_action = M_RESPAWN; 1701 else 1702 cmd->c_action = M_OFF; 1703 } else { 1704 for (cmd->c_action = 0, i = 0, *ptr = '\0'; 1705 i < sizeof (actions)/sizeof (char *); 1706 i++) { 1707 if (strcmp(shcmd, actions[i]) == 0) { 1708 if ((cmd->c_levels & MASKSU) && 1709 !(act_masks[i] & su_acts)) 1710 cmd->c_action = 0; 1711 else 1712 cmd->c_action = act_masks[i]; 1713 break; 1714 } 1715 } 1716 } 1717 1718 /* 1719 * If the action didn't match any legal action, 1720 * set state to FAILURE. 1721 */ 1722 if (cmd->c_action == 0) { 1723 state = FAILURE; 1724 } else { 1725 state = COMMAND; 1726 (void) strcpy(shcmd, "exec "); 1727 } 1728 ptr = shcmd + EXEC; 1729 break; 1730 } 1731 continue; 1732 } 1733 } 1734 1735 /* If the character is a '\n', then this is the end of a */ 1736 /* line. If the '\n' wasn't preceded by a backslash, */ 1737 /* it is also the end of an inittab command. If it was */ 1738 /* preceded by a backslash then the next line is a */ 1739 /* continuation. Note that the continuation '\n' falls */ 1740 /* through and is treated like other characters and is */ 1741 /* stored in the shell command line. */ 1742 if (c == '\n' && lastc != '\\') { 1743 proceed = FALSE; 1744 *ptr = '\0'; 1745 break; 1746 } 1747 1748 /* For all other characters just stuff them into the */ 1749 /* command as long as there aren't too many of them. */ 1750 /* Make sure there is room for a terminating '\0' also. */ 1751 if (ptr >= shcmd + MAXCMDL - 1) 1752 state = FAILURE; 1753 else 1754 *ptr++ = (char)c; 1755 1756 /* If the character we just stored was a quoted */ 1757 /* backslash, then change "c" to '\0', so that this */ 1758 /* backslash will not cause a subsequent '\n' to appear */ 1759 /* quoted. In otherwords '\' '\' '\n' is the real end */ 1760 /* of a command, while '\' '\n' is a continuation. */ 1761 if (c == '\\' && lastc == '\\') 1762 c = '\0'; 1763 } 1764 1765 /* 1766 * Make sure all the fields are properly specified 1767 * for a good command line. 1768 */ 1769 if (state == COMMAND) { 1770 answer = TRUE; 1771 cmd->c_command = shcmd; 1772 1773 /* 1774 * If no default level was supplied, insert 1775 * all numerical levels. 1776 */ 1777 if (cmd->c_levels == 0) 1778 cmd->c_levels = MASK_NUMERIC; 1779 1780 /* 1781 * If no action has been supplied, declare this 1782 * entry to be OFF. 1783 */ 1784 if (cmd->c_action == 0) 1785 cmd->c_action = M_OFF; 1786 1787 /* 1788 * If no shell command has been supplied, make sure 1789 * there is a null string in the command field. 1790 */ 1791 if (ptr == shcmd + EXEC) 1792 *shcmd = '\0'; 1793 } else 1794 answer = FALSE; 1795 1796 /* 1797 * If we have reached the end of inittab, then close it 1798 * and quit trying to find a good command line. 1799 */ 1800 if (c == EOF) { 1801 (void) fclose(fp_inittab); 1802 fp_inittab = NULL; 1803 break; 1804 } 1805 } 1806 return (answer); 1807 } 1808 1809 /* 1810 * lvlname_to_state(): convert the character name of a state to its level 1811 * (its corresponding signal number). 1812 */ 1813 static int 1814 lvlname_to_state(char name) 1815 { 1816 int i; 1817 for (i = 0; i < LVL_NELEMS; i++) { 1818 if (lvls[i].lvl_name == name) 1819 return (lvls[i].lvl_state); 1820 } 1821 return (-1); 1822 } 1823 1824 /* 1825 * state_to_name(): convert the level to the character name. 1826 */ 1827 static char 1828 state_to_name(int state) 1829 { 1830 int i; 1831 for (i = 0; i < LVL_NELEMS; i++) { 1832 if (lvls[i].lvl_state == state) 1833 return (lvls[i].lvl_name); 1834 } 1835 return (-1); 1836 } 1837 1838 /* 1839 * state_to_mask(): return the mask corresponding to a signal number 1840 */ 1841 static int 1842 state_to_mask(int state) 1843 { 1844 int i; 1845 for (i = 0; i < LVL_NELEMS; i++) { 1846 if (lvls[i].lvl_state == state) 1847 return (lvls[i].lvl_mask); 1848 } 1849 return (0); /* return 0, since that represents an empty mask */ 1850 } 1851 1852 /* 1853 * lvlname_to_mask(): return the mask corresponding to a levels character name 1854 */ 1855 static int 1856 lvlname_to_mask(char name, int *mask) 1857 { 1858 int i; 1859 for (i = 0; i < LVL_NELEMS; i++) { 1860 if (lvls[i].lvl_name == name) { 1861 *mask = lvls[i].lvl_mask; 1862 return (0); 1863 } 1864 } 1865 return (-1); 1866 } 1867 1868 /* 1869 * state_to_flags(): return the flags corresponding to a runlevel. These 1870 * indicate properties of that runlevel. 1871 */ 1872 static int 1873 state_to_flags(int state) 1874 { 1875 int i; 1876 for (i = 0; i < LVL_NELEMS; i++) { 1877 if (lvls[i].lvl_state == state) 1878 return (lvls[i].lvl_flags); 1879 } 1880 return (0); 1881 } 1882 1883 /* 1884 * killproc() creates a child which kills the process specified by pid. 1885 */ 1886 void 1887 killproc(pid_t pid) 1888 { 1889 struct PROC_TABLE *process; 1890 1891 (void) sigset(SIGCLD, SIG_DFL); 1892 while ((process = efork(M_OFF, NULLPROC, 0)) == NO_ROOM) 1893 (void) pause(); 1894 (void) sigset(SIGCLD, childeath); 1895 1896 if (process == NULLPROC) { 1897 /* 1898 * efork() sets all signal handlers to the default, so reset 1899 * the ALRM handler to make timer() work as expected. 1900 */ 1901 (void) sigset(SIGALRM, alarmclk); 1902 1903 /* 1904 * We are the child. Try to terminate the process nicely 1905 * first using SIGTERM and if it refuses to die in TWARN 1906 * seconds kill it with SIGKILL. 1907 */ 1908 (void) kill(pid, SIGTERM); 1909 (void) timer(TWARN); 1910 (void) kill(pid, SIGKILL); 1911 (void) exit(0); 1912 } 1913 } 1914 1915 /* 1916 * Set up the default environment for all procs to be forked from init. 1917 * Read the values from the /etc/default/init file, except for PATH. If 1918 * there's not enough room in the environment array, the environment 1919 * lines that don't fit are silently discarded. 1920 */ 1921 void 1922 init_env() 1923 { 1924 char line[MAXCMDL]; 1925 FILE *fp; 1926 int inquotes, length, wslength; 1927 char *tokp, *cp1, *cp2; 1928 1929 glob_envp[0] = malloc((unsigned)(strlen(DEF_PATH)+2)); 1930 (void) strcpy(glob_envp[0], DEF_PATH); 1931 glob_envn = 1; 1932 1933 if (rflg) { 1934 glob_envp[1] = 1935 malloc((unsigned)(strlen("_DVFS_RECONFIG=YES")+2)); 1936 (void) strcpy(glob_envp[1], "_DVFS_RECONFIG=YES"); 1937 ++glob_envn; 1938 } else if (bflg == 1) { 1939 glob_envp[1] = 1940 malloc((unsigned)(strlen("RB_NOBOOTRC=YES")+2)); 1941 (void) strcpy(glob_envp[1], "RB_NOBOOTRC=YES"); 1942 ++glob_envn; 1943 } 1944 1945 if ((fp = fopen(ENVFILE, "r")) == NULL) { 1946 console(B_TRUE, 1947 "Cannot open %s. Environment not initialized.\n", 1948 ENVFILE); 1949 } else { 1950 while (fgets(line, MAXCMDL - 1, fp) != NULL && 1951 glob_envn < MAXENVENT - 2) { 1952 /* 1953 * Toss newline 1954 */ 1955 length = strlen(line); 1956 if (line[length - 1] == '\n') 1957 line[length - 1] = '\0'; 1958 1959 /* 1960 * Ignore blank or comment lines. 1961 */ 1962 if (line[0] == '#' || line[0] == '\0' || 1963 (wslength = strspn(line, " \t\n")) == 1964 strlen(line) || 1965 strchr(line, '#') == line + wslength) 1966 continue; 1967 1968 /* 1969 * First make a pass through the line and change 1970 * any non-quoted semi-colons to blanks so they 1971 * will be treated as token separators below. 1972 */ 1973 inquotes = 0; 1974 for (cp1 = line; *cp1 != '\0'; cp1++) { 1975 if (*cp1 == '"') { 1976 if (inquotes == 0) 1977 inquotes = 1; 1978 else 1979 inquotes = 0; 1980 } else if (*cp1 == ';') { 1981 if (inquotes == 0) 1982 *cp1 = ' '; 1983 } 1984 } 1985 1986 /* 1987 * Tokens within the line are separated by blanks 1988 * and tabs. For each token in the line which 1989 * contains a '=' we strip out any quotes and then 1990 * stick the token in the environment array. 1991 */ 1992 if ((tokp = strtok(line, " \t")) == NULL) 1993 continue; 1994 do { 1995 if (strchr(tokp, '=') == NULL) 1996 continue; 1997 length = strlen(tokp); 1998 while ((cp1 = strpbrk(tokp, "\"\'")) != NULL) { 1999 for (cp2 = cp1; 2000 cp2 < &tokp[length]; cp2++) 2001 *cp2 = *(cp2 + 1); 2002 length--; 2003 } 2004 2005 if (strncmp(tokp, "CMASK=", 2006 sizeof ("CMASK=") - 1) == 0) { 2007 long t; 2008 2009 /* We know there's an = */ 2010 t = strtol(strchr(tokp, '=') + 1, NULL, 2011 8); 2012 2013 /* Sanity */ 2014 if (t <= 077 && t >= 0) 2015 cmask = (int)t; 2016 (void) umask(cmask); 2017 continue; 2018 } 2019 glob_envp[glob_envn] = 2020 malloc((unsigned)(length + 1)); 2021 (void) strcpy(glob_envp[glob_envn], tokp); 2022 if (++glob_envn >= MAXENVENT - 1) 2023 break; 2024 } while ((tokp = strtok(NULL, " \t")) != NULL); 2025 } 2026 2027 /* 2028 * Append a null pointer to the environment array 2029 * to mark its end. 2030 */ 2031 glob_envp[glob_envn] = NULL; 2032 (void) fclose(fp); 2033 } 2034 } 2035 2036 /* 2037 * boot_init(): Do initialization things that should be done at boot. 2038 */ 2039 void 2040 boot_init() 2041 { 2042 int i; 2043 struct PROC_TABLE *process, *oprocess; 2044 struct CMD_LINE cmd; 2045 char line[MAXCMDL]; 2046 char svc_aux[SVC_AUX_SIZE]; 2047 char init_svc_fmri[SVC_FMRI_SIZE]; 2048 char *old_path; 2049 int maxfiles; 2050 2051 /* Use INIT_PATH for sysinit cmds */ 2052 old_path = glob_envp[0]; 2053 glob_envp[0] = malloc((unsigned)(strlen(INIT_PATH)+2)); 2054 (void) strcpy(glob_envp[0], INIT_PATH); 2055 2056 /* 2057 * Scan inittab(4) and process the special svc.startd entry, initdefault 2058 * and sysinit entries. 2059 */ 2060 while (getcmd(&cmd, &line[0]) == TRUE) { 2061 if (startd_tmpl >= 0 && id_eq(cmd.c_id, "smf")) { 2062 process_startd_line(&cmd, line); 2063 (void) snprintf(startd_svc_aux, SVC_AUX_SIZE, 2064 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id); 2065 } else if (cmd.c_action == M_INITDEFAULT) { 2066 /* 2067 * initdefault is no longer meaningful, as the SMF 2068 * milestone controls what (legacy) run level we 2069 * boot to. 2070 */ 2071 console(B_TRUE, 2072 "Ignoring legacy \"initdefault\" entry.\n"); 2073 } else if (cmd.c_action == M_SYSINIT) { 2074 /* 2075 * Execute the "sysinit" entry and wait for it to 2076 * complete. No bookkeeping is performed on these 2077 * entries because we avoid writing to the file system 2078 * until after there has been an chance to check it. 2079 */ 2080 if (process = findpslot(&cmd)) { 2081 (void) sigset(SIGCLD, SIG_DFL); 2082 (void) snprintf(svc_aux, SVC_AUX_SIZE, 2083 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id); 2084 (void) snprintf(init_svc_fmri, SVC_FMRI_SIZE, 2085 SVC_INIT_PREFIX INITTAB_ENTRY_ID_STR_FORMAT, 2086 cmd.c_id); 2087 if (legacy_tmpl >= 0) { 2088 (void) ct_pr_tmpl_set_svc_fmri( 2089 legacy_tmpl, init_svc_fmri); 2090 (void) ct_pr_tmpl_set_svc_aux( 2091 legacy_tmpl, svc_aux); 2092 } 2093 2094 for (oprocess = process; 2095 (process = efork(M_OFF, oprocess, 2096 (NAMED|NOCLEANUP))) == NO_ROOM; 2097 /* CSTYLED */) 2098 ; 2099 (void) sigset(SIGCLD, childeath); 2100 2101 if (process == NULLPROC) { 2102 maxfiles = ulimit(UL_GDESLIM, 0); 2103 2104 for (i = 0; i < maxfiles; i++) 2105 (void) fcntl(i, F_SETFD, 2106 FD_CLOEXEC); 2107 (void) execle(SH, "INITSH", "-c", 2108 cmd.c_command, 2109 (char *)0, glob_envp); 2110 console(B_TRUE, 2111 "Command\n\"%s\"\n failed to execute. errno = %d (exec of shell failed)\n", 2112 cmd.c_command, errno); 2113 exit(1); 2114 } else while (waitproc(process) == FAILURE); 2115 process->p_flags = 0; 2116 st_write(); 2117 } 2118 } 2119 } 2120 2121 /* Restore the path. */ 2122 free(glob_envp[0]); 2123 glob_envp[0] = old_path; 2124 2125 /* 2126 * This will enable st_write() to complain about init_state_file. 2127 */ 2128 booting = 0; 2129 2130 /* 2131 * If the /etc/ioctl.syscon didn't exist or had invalid contents write 2132 * out a correct version. 2133 */ 2134 if (write_ioctl) 2135 write_ioctl_syscon(); 2136 2137 /* 2138 * Start svc.startd(1M), which does most of the work. 2139 */ 2140 if (startd_cline[0] != '\0' && startd_tmpl >= 0) { 2141 /* Start svc.startd. */ 2142 if (startd_run(startd_cline, startd_tmpl, 0) == -1) 2143 cur_state = SINGLE_USER; 2144 } else { 2145 console(B_TRUE, "Absent svc.startd entry or bad " 2146 "contract template. Not starting svc.startd.\n"); 2147 enter_maintenance(); 2148 } 2149 } 2150 2151 /* 2152 * init_signals(): Initialize all signals to either be caught or ignored. 2153 */ 2154 void 2155 init_signals(void) 2156 { 2157 struct sigaction act; 2158 int i; 2159 2160 /* 2161 * Start by ignoring all signals, then selectively re-enable some. 2162 * The SIG_IGN disposition will only affect asynchronous signals: 2163 * any signal that we trigger synchronously that doesn't end up 2164 * being handled by siglvl() will be forcibly delivered by the kernel. 2165 */ 2166 for (i = SIGHUP; i <= SIGRTMAX; i++) 2167 (void) sigset(i, SIG_IGN); 2168 2169 /* 2170 * Handle all level-changing signals using siglvl() and set sa_mask so 2171 * that all level-changing signals are blocked while in siglvl(). 2172 */ 2173 act.sa_handler = siglvl; 2174 act.sa_flags = SA_SIGINFO; 2175 (void) sigemptyset(&act.sa_mask); 2176 2177 (void) sigaddset(&act.sa_mask, LVLQ); 2178 (void) sigaddset(&act.sa_mask, LVL0); 2179 (void) sigaddset(&act.sa_mask, LVL1); 2180 (void) sigaddset(&act.sa_mask, LVL2); 2181 (void) sigaddset(&act.sa_mask, LVL3); 2182 (void) sigaddset(&act.sa_mask, LVL4); 2183 (void) sigaddset(&act.sa_mask, LVL5); 2184 (void) sigaddset(&act.sa_mask, LVL6); 2185 (void) sigaddset(&act.sa_mask, SINGLE_USER); 2186 (void) sigaddset(&act.sa_mask, LVLa); 2187 (void) sigaddset(&act.sa_mask, LVLb); 2188 (void) sigaddset(&act.sa_mask, LVLc); 2189 2190 (void) sigaction(LVLQ, &act, NULL); 2191 (void) sigaction(LVL0, &act, NULL); 2192 (void) sigaction(LVL1, &act, NULL); 2193 (void) sigaction(LVL2, &act, NULL); 2194 (void) sigaction(LVL3, &act, NULL); 2195 (void) sigaction(LVL4, &act, NULL); 2196 (void) sigaction(LVL5, &act, NULL); 2197 (void) sigaction(LVL6, &act, NULL); 2198 (void) sigaction(SINGLE_USER, &act, NULL); 2199 (void) sigaction(LVLa, &act, NULL); 2200 (void) sigaction(LVLb, &act, NULL); 2201 (void) sigaction(LVLc, &act, NULL); 2202 2203 (void) sigset(SIGALRM, alarmclk); 2204 alarmclk(); 2205 2206 (void) sigset(SIGCLD, childeath); 2207 (void) sigset(SIGPWR, powerfail); 2208 } 2209 2210 /* 2211 * Set up pipe for "godchildren". If the file exists and is a pipe just open 2212 * it. Else, if the file system is r/w create it. Otherwise, defer its 2213 * creation and open until after /var/run has been mounted. This function is 2214 * only called on startup and when explicitly requested via LVLQ. 2215 */ 2216 void 2217 setup_pipe() 2218 { 2219 struct stat stat_buf; 2220 struct statvfs statvfs_buf; 2221 struct sigaction act; 2222 2223 /* 2224 * Always close the previous pipe descriptor as the mounted filesystems 2225 * may have changed. 2226 */ 2227 if (Pfd >= 0) 2228 (void) close(Pfd); 2229 2230 if ((stat(INITPIPE, &stat_buf) == 0) && 2231 ((stat_buf.st_mode & (S_IFMT|S_IRUSR)) == (S_IFIFO|S_IRUSR))) 2232 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2233 else 2234 if ((statvfs(INITPIPE_DIR, &statvfs_buf) == 0) && 2235 ((statvfs_buf.f_flag & ST_RDONLY) == 0)) { 2236 (void) unlink(INITPIPE); 2237 (void) mknod(INITPIPE, S_IFIFO | 0600, 0); 2238 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2239 } 2240 2241 if (Pfd >= 0) { 2242 (void) ioctl(Pfd, I_SETSIG, S_INPUT); 2243 /* 2244 * Read pipe in message discard mode. 2245 */ 2246 (void) ioctl(Pfd, I_SRDOPT, RMSGD); 2247 2248 act.sa_handler = sigpoll; 2249 act.sa_flags = 0; 2250 (void) sigemptyset(&act.sa_mask); 2251 (void) sigaddset(&act.sa_mask, SIGCLD); 2252 (void) sigaction(SIGPOLL, &act, NULL); 2253 } 2254 } 2255 2256 /* 2257 * siglvl - handle an asynchronous signal from init(1M) telling us that we 2258 * should change the current run level. We set new_state accordingly. 2259 */ 2260 void 2261 siglvl(int sig, siginfo_t *sip, ucontext_t *ucp) 2262 { 2263 struct PROC_TABLE *process; 2264 struct sigaction act; 2265 2266 /* 2267 * If the signal was from the kernel (rather than init(1M)) then init 2268 * itself tripped the signal. That is, we might have a bug and tripped 2269 * a real SIGSEGV instead of receiving it as an alias for SIGLVLa. In 2270 * such a case we reset the disposition to SIG_DFL, block all signals 2271 * in uc_mask but the current one, and return to the interrupted ucp 2272 * to effect an appropriate death. The kernel will then restart us. 2273 * 2274 * The one exception to SI_FROMKERNEL() is SIGFPE (a.k.a. LVL6), which 2275 * the kernel can send us when it wants to effect an orderly reboot. 2276 * For this case we must also verify si_code is zero, rather than a 2277 * code such as FPE_INTDIV which a bug might have triggered. 2278 */ 2279 if (sip != NULL && SI_FROMKERNEL(sip) && 2280 (sig != SIGFPE || sip->si_code == 0)) { 2281 2282 (void) sigemptyset(&act.sa_mask); 2283 act.sa_handler = SIG_DFL; 2284 act.sa_flags = 0; 2285 (void) sigaction(sig, &act, NULL); 2286 2287 (void) sigfillset(&ucp->uc_sigmask); 2288 (void) sigdelset(&ucp->uc_sigmask, sig); 2289 ucp->uc_flags |= UC_SIGMASK; 2290 2291 (void) setcontext(ucp); 2292 } 2293 2294 /* 2295 * If the signal received is a LVLQ signal, do not really 2296 * change levels, just restate the current level. If the 2297 * signal is not a LVLQ, set the new level to the signal 2298 * received. 2299 */ 2300 if (sig == LVLQ) { 2301 new_state = cur_state; 2302 lvlq_received = B_TRUE; 2303 } else { 2304 new_state = sig; 2305 } 2306 2307 /* 2308 * Clear all times and repeat counts in the process table 2309 * since either the level is changing or the user has editted 2310 * the inittab file and wants us to look at it again. 2311 * If the user has fixed a typo, we don't want residual timing 2312 * data preventing the fixed command line from executing. 2313 */ 2314 for (process = proc_table; 2315 (process < proc_table + num_proc); process++) { 2316 process->p_time = 0L; 2317 process->p_count = 0; 2318 } 2319 2320 /* 2321 * Set the flag to indicate that a "user signal" was received. 2322 */ 2323 wakeup.w_flags.w_usersignal = 1; 2324 } 2325 2326 2327 /* 2328 * alarmclk 2329 */ 2330 static void 2331 alarmclk() 2332 { 2333 time_up = TRUE; 2334 } 2335 2336 /* 2337 * childeath_single(): 2338 * 2339 * This used to be the SIGCLD handler and it was set with signal() 2340 * (as opposed to sigset()). When a child exited we'd come to the 2341 * handler, wait for the child, and reenable the handler with 2342 * signal() just before returning. The implementation of signal() 2343 * checks with waitid() for waitable children and sends a SIGCLD 2344 * if there are some. If children are exiting faster than the 2345 * handler can run we keep sending signals and the handler never 2346 * gets to return and eventually the stack runs out and init dies. 2347 * To prevent that we set the handler with sigset() so the handler 2348 * doesn't need to be reset, and in childeath() (see below) we 2349 * call childeath_single() as long as there are children to be 2350 * waited for. If a child exits while init is in the handler a 2351 * SIGCLD will be pending and delivered on return from the handler. 2352 * If the child was already waited for the handler will have nothing 2353 * to do and return, otherwise the child will be waited for. 2354 */ 2355 static void 2356 childeath_single() 2357 { 2358 struct PROC_TABLE *process; 2359 struct pidlist *pp; 2360 pid_t pid; 2361 int status; 2362 2363 /* 2364 * Perform wait to get the process id of the child that died and 2365 * then scan the process table to see if we are interested in 2366 * this process. NOTE: if a super-user sends the SIGCLD signal 2367 * to init, the following wait will not immediately return and 2368 * init will be inoperative until one of its child really does die. 2369 */ 2370 pid = wait(&status); 2371 2372 for (process = proc_table; 2373 (process < proc_table + num_proc); process++) { 2374 if ((process->p_flags & (LIVING|OCCUPIED)) == 2375 (LIVING|OCCUPIED) && process->p_pid == pid) { 2376 2377 /* 2378 * Mark this process as having died and store the exit 2379 * status. Also set the wakeup flag for a dead child 2380 * and break out of the loop. 2381 */ 2382 process->p_flags &= ~LIVING; 2383 process->p_exit = (short)status; 2384 wakeup.w_flags.w_childdeath = 1; 2385 2386 return; 2387 } 2388 } 2389 2390 /* 2391 * No process was found above, look through auxiliary list. 2392 */ 2393 (void) sighold(SIGPOLL); 2394 pp = Plhead; 2395 while (pp) { 2396 if (pid > pp->pl_pid) { 2397 /* 2398 * Keep on looking. 2399 */ 2400 pp = pp->pl_next; 2401 continue; 2402 } else if (pid < pp->pl_pid) { 2403 /* 2404 * Not in the list. 2405 */ 2406 break; 2407 } else { 2408 /* 2409 * This is a dead "godchild". 2410 */ 2411 pp->pl_dflag = 1; 2412 pp->pl_exit = (short)status; 2413 wakeup.w_flags.w_childdeath = 1; 2414 Gchild = 1; /* Notice to call cleanaux(). */ 2415 break; 2416 } 2417 } 2418 2419 (void) sigrelse(SIGPOLL); 2420 } 2421 2422 /* ARGSUSED */ 2423 static void 2424 childeath(int signo) 2425 { 2426 siginfo_t info; 2427 2428 while ((waitid(P_ALL, (id_t)0, &info, WEXITED|WNOHANG|WNOWAIT) == 0) && 2429 info.si_pid != 0) 2430 childeath_single(); 2431 } 2432 2433 static void 2434 powerfail() 2435 { 2436 (void) nice(-19); 2437 wakeup.w_flags.w_powerhit = 1; 2438 } 2439 2440 /* 2441 * efork() forks a child and the parent inserts the process in its table 2442 * of processes that are directly a result of forks that it has performed. 2443 * The child just changes the "global" with the process id for this process 2444 * to it's new value. 2445 * If efork() is called with a pointer into the proc_table it uses that slot, 2446 * otherwise it searches for a free slot. Regardless of how it was called, 2447 * it returns the pointer to the proc_table entry 2448 * 2449 * The SIGCLD handler is set to default (SIG_DFL) before calling efork(). 2450 * This relies on the somewhat obscure SVR2 SIGCLD/SIG_DFL semantic 2451 * implied by the use of signal(3c). While the meaning of SIG_DFL for 2452 * SIGCLD is nominally to ignore the signal, once the signal disposition 2453 * is set to childeath(), the kernel will post a SIGCLD if a child 2454 * exited during the period the disposition was SIG_DFL. It acts more 2455 * like a signal block. 2456 * 2457 * Ideally, this should be rewritten to use modern signal semantics. 2458 */ 2459 static struct PROC_TABLE * 2460 efork(int action, struct PROC_TABLE *process, int modes) 2461 { 2462 pid_t childpid; 2463 struct PROC_TABLE *proc; 2464 int i; 2465 void (*oldroutine)(); 2466 /* 2467 * Freshen up the proc_table, removing any entries for dead processes 2468 * that don't have NOCLEANUP set. Perform the necessary accounting. 2469 */ 2470 for (proc = proc_table; (proc < proc_table + num_proc); proc++) { 2471 if ((proc->p_flags & (OCCUPIED|LIVING|NOCLEANUP)) == 2472 (OCCUPIED)) { 2473 /* 2474 * Is this a named process? 2475 * If so, do the necessary bookkeeping. 2476 */ 2477 if (proc->p_flags & NAMED) 2478 (void) account(DEAD_PROCESS, proc, NULL); 2479 2480 /* 2481 * Free this entry for new usage. 2482 */ 2483 proc->p_flags = 0; 2484 } 2485 } 2486 2487 while ((childpid = fork()) == FAILURE) { 2488 /* 2489 * Shorten the alarm timer in case someone else's child dies 2490 * and free up a slot in the process table. 2491 */ 2492 setimer(5); 2493 2494 /* 2495 * Wait for some children to die. Since efork() is normally 2496 * called with SIGCLD in the default state, reset it to catch 2497 * so that child death signals can come in. 2498 */ 2499 oldroutine = sigset(SIGCLD, childeath); 2500 (void) pause(); 2501 (void) sigset(SIGCLD, oldroutine); 2502 setimer(0); 2503 } 2504 2505 if (childpid != 0) { 2506 2507 if (process == NULLPROC) { 2508 /* 2509 * No proc table pointer specified so search 2510 * for a free slot. 2511 */ 2512 for (process = proc_table; process->p_flags != 0 && 2513 (process < proc_table + num_proc); process++) 2514 ; 2515 2516 if (process == (proc_table + num_proc)) { 2517 int old_proc_table_size = num_proc; 2518 2519 /* Increase the process table size */ 2520 increase_proc_table_size(); 2521 if (old_proc_table_size == num_proc) { 2522 /* didn't grow: memory failure */ 2523 return (NO_ROOM); 2524 } else { 2525 process = 2526 proc_table + old_proc_table_size; 2527 } 2528 } 2529 2530 process->p_time = 0L; 2531 process->p_count = 0; 2532 } 2533 process->p_id[0] = '\0'; 2534 process->p_id[1] = '\0'; 2535 process->p_id[2] = '\0'; 2536 process->p_id[3] = '\0'; 2537 process->p_pid = childpid; 2538 process->p_flags = (LIVING | OCCUPIED | modes); 2539 process->p_exit = 0; 2540 2541 st_write(); 2542 } else { 2543 if ((action & (M_WAIT | M_BOOTWAIT)) == 0) 2544 (void) setpgrp(); 2545 2546 process = NULLPROC; 2547 2548 /* 2549 * Reset all signals to the system defaults. 2550 */ 2551 for (i = SIGHUP; i <= SIGRTMAX; i++) 2552 (void) sigset(i, SIG_DFL); 2553 2554 /* 2555 * POSIX B.2.2.2 advises that init should set SIGTTOU, 2556 * SIGTTIN, and SIGTSTP to SIG_IGN. 2557 * 2558 * Make sure that SIGXCPU and SIGXFSZ also remain ignored, 2559 * for backward compatibility. 2560 */ 2561 (void) sigset(SIGTTIN, SIG_IGN); 2562 (void) sigset(SIGTTOU, SIG_IGN); 2563 (void) sigset(SIGTSTP, SIG_IGN); 2564 (void) sigset(SIGXCPU, SIG_IGN); 2565 (void) sigset(SIGXFSZ, SIG_IGN); 2566 } 2567 return (process); 2568 } 2569 2570 2571 /* 2572 * waitproc() waits for a specified process to die. For this function to 2573 * work, the specified process must already in the proc_table. waitproc() 2574 * returns the exit status of the specified process when it dies. 2575 */ 2576 static long 2577 waitproc(struct PROC_TABLE *process) 2578 { 2579 int answer; 2580 sigset_t oldmask, newmask, zeromask; 2581 2582 (void) sigemptyset(&zeromask); 2583 (void) sigemptyset(&newmask); 2584 2585 (void) sigaddset(&newmask, SIGCLD); 2586 2587 /* Block SIGCLD and save the current signal mask */ 2588 if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0) 2589 perror("SIG_BLOCK error"); 2590 2591 /* 2592 * Wait around until the process dies. 2593 */ 2594 if (process->p_flags & LIVING) 2595 (void) sigsuspend(&zeromask); 2596 2597 /* Reset signal mask to unblock SIGCLD */ 2598 if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0) 2599 perror("SIG_SETMASK error"); 2600 2601 if (process->p_flags & LIVING) 2602 return (FAILURE); 2603 2604 /* 2605 * Make sure to only return 16 bits so that answer will always 2606 * be positive whenever the process of interest really died. 2607 */ 2608 answer = (process->p_exit & 0xffff); 2609 2610 /* 2611 * Free the slot in the proc_table. 2612 */ 2613 process->p_flags = 0; 2614 return (answer); 2615 } 2616 2617 /* 2618 * notify_pam_dead(): calls into the PAM framework to close the given session. 2619 */ 2620 static void 2621 notify_pam_dead(struct utmpx *up) 2622 { 2623 pam_handle_t *pamh; 2624 char user[sizeof (up->ut_user) + 1]; 2625 char ttyn[sizeof (up->ut_line) + 1]; 2626 char host[sizeof (up->ut_host) + 1]; 2627 2628 /* 2629 * PAM does not take care of updating utmpx/wtmpx. 2630 */ 2631 (void) snprintf(user, sizeof (user), "%s", up->ut_user); 2632 (void) snprintf(ttyn, sizeof (ttyn), "%s", up->ut_line); 2633 (void) snprintf(host, sizeof (host), "%s", up->ut_host); 2634 2635 if (pam_start("init", user, NULL, &pamh) == PAM_SUCCESS) { 2636 (void) pam_set_item(pamh, PAM_TTY, ttyn); 2637 (void) pam_set_item(pamh, PAM_RHOST, host); 2638 (void) pam_close_session(pamh, 0); 2639 (void) pam_end(pamh, PAM_SUCCESS); 2640 } 2641 } 2642 2643 /* 2644 * Check you can access utmpx (As / may be read-only and 2645 * /var may not be mounted yet). 2646 */ 2647 static int 2648 access_utmpx(void) 2649 { 2650 do { 2651 utmpx_ok = (access(UTMPX, R_OK|W_OK) == 0); 2652 } while (!utmpx_ok && errno == EINTR); 2653 2654 return (utmpx_ok); 2655 } 2656 2657 /* 2658 * account() updates entries in utmpx and appends new entries to the end of 2659 * wtmpx (assuming they exist). The program argument indicates the name of 2660 * program if INIT_PROCESS, otherwise should be NULL. 2661 * 2662 * account() only blocks for INIT_PROCESS requests. 2663 * 2664 * Returns non-zero if write failed. 2665 */ 2666 static int 2667 account(short state, struct PROC_TABLE *process, char *program) 2668 { 2669 struct utmpx utmpbuf, *u, *oldu; 2670 int tmplen; 2671 char fail_buf[UT_LINE_SZ]; 2672 sigset_t block, unblock; 2673 2674 if (!utmpx_ok && !access_utmpx()) { 2675 return (-1); 2676 } 2677 2678 /* 2679 * Set up the prototype for the utmp structure we want to write. 2680 */ 2681 u = &utmpbuf; 2682 (void) memset(u, 0, sizeof (struct utmpx)); 2683 2684 /* 2685 * Fill in the various fields of the utmp structure. 2686 */ 2687 u->ut_id[0] = process->p_id[0]; 2688 u->ut_id[1] = process->p_id[1]; 2689 u->ut_id[2] = process->p_id[2]; 2690 u->ut_id[3] = process->p_id[3]; 2691 u->ut_pid = process->p_pid; 2692 2693 /* 2694 * Fill the "ut_exit" structure. 2695 */ 2696 u->ut_exit.e_termination = WTERMSIG(process->p_exit); 2697 u->ut_exit.e_exit = WEXITSTATUS(process->p_exit); 2698 u->ut_type = state; 2699 2700 (void) time(&u->ut_tv.tv_sec); 2701 2702 /* 2703 * Block signals for utmp update. 2704 */ 2705 (void) sigfillset(&block); 2706 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2707 2708 /* 2709 * See if there already is such an entry in the "utmpx" file. 2710 */ 2711 setutxent(); /* Start at beginning of utmpx file. */ 2712 2713 if ((oldu = getutxid(u)) != NULL) { 2714 /* 2715 * Copy in the old "user", "line" and "host" fields 2716 * to our new structure. 2717 */ 2718 bcopy(oldu->ut_user, u->ut_user, sizeof (u->ut_user)); 2719 bcopy(oldu->ut_line, u->ut_line, sizeof (u->ut_line)); 2720 bcopy(oldu->ut_host, u->ut_host, sizeof (u->ut_host)); 2721 u->ut_syslen = (tmplen = strlen(u->ut_host)) ? 2722 min(tmplen + 1, sizeof (u->ut_host)) : 0; 2723 2724 if (oldu->ut_type == USER_PROCESS && state == DEAD_PROCESS) { 2725 notify_pam_dead(oldu); 2726 } 2727 } 2728 2729 /* 2730 * Perform special accounting. Insert the special string into the 2731 * ut_line array. For INIT_PROCESSes put in the name of the 2732 * program in the "ut_user" field. 2733 */ 2734 switch (state) { 2735 case INIT_PROCESS: 2736 (void) strncpy(u->ut_user, program, sizeof (u->ut_user)); 2737 (void) strcpy(fail_buf, "INIT_PROCESS"); 2738 break; 2739 2740 default: 2741 (void) strlcpy(fail_buf, u->ut_id, sizeof (u->ut_id) + 1); 2742 break; 2743 } 2744 2745 /* 2746 * Write out the updated entry to utmpx file. 2747 */ 2748 if (pututxline(u) == NULL) { 2749 console(B_TRUE, "Failed write of utmpx entry: \"%s\": %s\n", 2750 fail_buf, strerror(errno)); 2751 endutxent(); 2752 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2753 return (-1); 2754 } 2755 2756 /* 2757 * If we're able to write to utmpx, then attempt to add to the 2758 * end of the wtmpx file. 2759 */ 2760 updwtmpx(WTMPX, u); 2761 2762 endutxent(); 2763 2764 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2765 2766 return (0); 2767 } 2768 2769 static void 2770 clearent(pid_t pid, short status) 2771 { 2772 struct utmpx *up; 2773 sigset_t block, unblock; 2774 2775 /* 2776 * Block signals for utmp update. 2777 */ 2778 (void) sigfillset(&block); 2779 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2780 2781 /* 2782 * No error checking for now. 2783 */ 2784 2785 setutxent(); 2786 while (up = getutxent()) { 2787 if (up->ut_pid == pid) { 2788 if (up->ut_type == DEAD_PROCESS) { 2789 /* 2790 * Cleaned up elsewhere. 2791 */ 2792 continue; 2793 } 2794 2795 notify_pam_dead(up); 2796 2797 up->ut_type = DEAD_PROCESS; 2798 up->ut_exit.e_termination = WTERMSIG(status); 2799 up->ut_exit.e_exit = WEXITSTATUS(status); 2800 (void) time(&up->ut_tv.tv_sec); 2801 2802 (void) pututxline(up); 2803 /* 2804 * Now attempt to add to the end of the 2805 * wtmp and wtmpx files. Do not create 2806 * if they don't already exist. 2807 */ 2808 updwtmpx(WTMPX, up); 2809 2810 break; 2811 } 2812 } 2813 2814 endutxent(); 2815 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2816 } 2817 2818 /* 2819 * prog_name() searches for the word or unix path name and 2820 * returns a pointer to the last element of the pathname. 2821 */ 2822 static char * 2823 prog_name(char *string) 2824 { 2825 char *ptr, *ptr2; 2826 /* XXX - utmp - fix name length */ 2827 static char word[_POSIX_LOGIN_NAME_MAX]; 2828 2829 /* 2830 * Search for the first word skipping leading spaces and tabs. 2831 */ 2832 while (*string == ' ' || *string == '\t') 2833 string++; 2834 2835 /* 2836 * If the first non-space non-tab character is not one allowed in 2837 * a word, return a pointer to a null string, otherwise parse the 2838 * pathname. 2839 */ 2840 if (*string != '.' && *string != '/' && *string != '_' && 2841 (*string < 'a' || *string > 'z') && 2842 (*string < 'A' || * string > 'Z') && 2843 (*string < '0' || *string > '9')) 2844 return (""); 2845 2846 /* 2847 * Parse the pathname looking forward for '/', ' ', '\t', '\n' or 2848 * '\0'. Each time a '/' is found, move "ptr" to one past the 2849 * '/', thus when a ' ', '\t', '\n', or '\0' is found, "ptr" will 2850 * point to the last element of the pathname. 2851 */ 2852 for (ptr = string; 2853 *string != ' ' && *string != '\t' && *string != '\n' && 2854 *string != '\0'; 2855 string++) { 2856 if (*string == '/') 2857 ptr = string+1; 2858 } 2859 2860 /* 2861 * Copy out up to the size of the "ut_user" array into "word", 2862 * null terminate it and return a pointer to it. 2863 */ 2864 /* XXX - utmp - fix name length */ 2865 for (ptr2 = &word[0]; ptr2 < &word[_POSIX_LOGIN_NAME_MAX - 1] && 2866 ptr < string; /* CSTYLED */) 2867 *ptr2++ = *ptr++; 2868 2869 *ptr2 = '\0'; 2870 return (&word[0]); 2871 } 2872 2873 2874 /* 2875 * realcon() returns a nonzero value if there is a character device 2876 * associated with SYSCON that has the same device number as CONSOLE. 2877 */ 2878 static int 2879 realcon() 2880 { 2881 struct stat sconbuf, conbuf; 2882 2883 if (stat(SYSCON, &sconbuf) != -1 && 2884 stat(CONSOLE, &conbuf) != -1 && 2885 S_ISCHR(sconbuf.st_mode) && 2886 S_ISCHR(conbuf.st_mode) && 2887 sconbuf.st_rdev == conbuf.st_rdev) { 2888 return (1); 2889 } else { 2890 return (0); 2891 } 2892 } 2893 2894 2895 /* 2896 * get_ioctl_syscon() retrieves the SYSCON settings from the IOCTLSYSCON file. 2897 * Returns true if the IOCTLSYSCON file needs to be written (with 2898 * write_ioctl_syscon() below) 2899 */ 2900 static int 2901 get_ioctl_syscon() 2902 { 2903 FILE *fp; 2904 unsigned int iflags, oflags, cflags, lflags, ldisc, cc[18]; 2905 int i, valid_format = 0; 2906 2907 /* 2908 * Read in the previous modes for SYSCON from IOCTLSYSCON. 2909 */ 2910 if ((fp = fopen(IOCTLSYSCON, "r")) == NULL) { 2911 stored_syscon_termios = dflt_termios; 2912 console(B_TRUE, 2913 "warning:%s does not exist, default settings assumed\n", 2914 IOCTLSYSCON); 2915 } else { 2916 2917 i = fscanf(fp, 2918 "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2919 &iflags, &oflags, &cflags, &lflags, 2920 &cc[0], &cc[1], &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], 2921 &cc[7], &cc[8], &cc[9], &cc[10], &cc[11], &cc[12], &cc[13], 2922 &cc[14], &cc[15], &cc[16], &cc[17]); 2923 2924 if (i == 22) { 2925 stored_syscon_termios.c_iflag = iflags; 2926 stored_syscon_termios.c_oflag = oflags; 2927 stored_syscon_termios.c_cflag = cflags; 2928 stored_syscon_termios.c_lflag = lflags; 2929 for (i = 0; i < 18; i++) 2930 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2931 valid_format = 1; 2932 } else if (i == 13) { 2933 rewind(fp); 2934 i = fscanf(fp, "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2935 &iflags, &oflags, &cflags, &lflags, &ldisc, &cc[0], &cc[1], 2936 &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], &cc[7]); 2937 2938 /* 2939 * If the file is formatted properly, use the values to 2940 * initialize the console terminal condition. 2941 */ 2942 stored_syscon_termios.c_iflag = (ushort_t)iflags; 2943 stored_syscon_termios.c_oflag = (ushort_t)oflags; 2944 stored_syscon_termios.c_cflag = (ushort_t)cflags; 2945 stored_syscon_termios.c_lflag = (ushort_t)lflags; 2946 for (i = 0; i < 8; i++) 2947 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2948 valid_format = 1; 2949 } 2950 (void) fclose(fp); 2951 2952 /* If the file is badly formatted, use the default settings. */ 2953 if (!valid_format) 2954 stored_syscon_termios = dflt_termios; 2955 } 2956 2957 /* If the file had a bad format, rewrite it later. */ 2958 return (!valid_format); 2959 } 2960 2961 2962 static void 2963 write_ioctl_syscon() 2964 { 2965 FILE *fp; 2966 int i; 2967 2968 (void) unlink(SYSCON); 2969 (void) link(SYSTTY, SYSCON); 2970 (void) umask(022); 2971 fp = fopen(IOCTLSYSCON, "w"); 2972 2973 (void) fprintf(fp, "%x:%x:%x:%x:0", stored_syscon_termios.c_iflag, 2974 stored_syscon_termios.c_oflag, stored_syscon_termios.c_cflag, 2975 stored_syscon_termios.c_lflag); 2976 for (i = 0; i < 8; ++i) 2977 (void) fprintf(fp, ":%x", stored_syscon_termios.c_cc[i]); 2978 (void) putc('\n', fp); 2979 2980 (void) fflush(fp); 2981 (void) fsync(fileno(fp)); 2982 (void) fclose(fp); 2983 (void) umask(cmask); 2984 } 2985 2986 2987 /* 2988 * void console(boolean_t, char *, ...) 2989 * Outputs the requested message to the system console. Note that the number 2990 * of arguments passed to console() should be determined by the print format. 2991 * 2992 * The "prefix" parameter indicates whether or not "INIT: " should precede the 2993 * message. 2994 * 2995 * To make sure we write to the console in a sane fashion, we use the modes 2996 * we keep in stored_syscon_termios (which we read out of /etc/ioctl.syscon). 2997 * Afterwards we restore whatever modes were already there. 2998 */ 2999 /* PRINTFLIKE2 */ 3000 static void 3001 console(boolean_t prefix, char *format, ...) 3002 { 3003 char outbuf[BUFSIZ]; 3004 va_list args; 3005 int fd, getret; 3006 struct termios old_syscon_termios; 3007 FILE *f; 3008 3009 /* 3010 * We open SYSCON anew each time in case it has changed (see 3011 * userinit()). 3012 */ 3013 if ((fd = open(SYSCON, O_RDWR | O_NOCTTY)) < 0 || 3014 (f = fdopen(fd, "r+")) == NULL) { 3015 if (prefix) 3016 syslog(LOG_WARNING, "INIT: "); 3017 va_start(args, format); 3018 vsyslog(LOG_WARNING, format, args); 3019 va_end(args); 3020 if (fd >= 0) 3021 (void) close(fd); 3022 return; 3023 } 3024 setbuf(f, &outbuf[0]); 3025 3026 getret = tcgetattr(fd, &old_syscon_termios); 3027 old_syscon_termios.c_cflag &= ~HUPCL; 3028 if (realcon()) 3029 /* Don't overwrite cflag of real console. */ 3030 stored_syscon_termios.c_cflag = old_syscon_termios.c_cflag; 3031 3032 stored_syscon_termios.c_cflag &= ~HUPCL; 3033 3034 (void) tcsetattr(fd, TCSANOW, &stored_syscon_termios); 3035 3036 if (prefix) 3037 (void) fprintf(f, "\nINIT: "); 3038 va_start(args, format); 3039 (void) vfprintf(f, format, args); 3040 va_end(args); 3041 3042 if (getret == 0) 3043 (void) tcsetattr(fd, TCSADRAIN, &old_syscon_termios); 3044 3045 (void) fclose(f); 3046 } 3047 3048 /* 3049 * timer() is a substitute for sleep() which uses alarm() and pause(). 3050 */ 3051 static void 3052 timer(int waitime) 3053 { 3054 setimer(waitime); 3055 while (time_up == FALSE) 3056 (void) pause(); 3057 } 3058 3059 static void 3060 setimer(int timelimit) 3061 { 3062 alarmclk(); 3063 (void) alarm(timelimit); 3064 time_up = (timelimit ? FALSE : TRUE); 3065 } 3066 3067 /* 3068 * Fails with 3069 * ENOMEM - out of memory 3070 * ECONNABORTED - repository connection broken 3071 * EPERM - permission denied 3072 * EACCES - backend access denied 3073 * EROFS - backend readonly 3074 */ 3075 static int 3076 get_or_add_startd(scf_instance_t *inst) 3077 { 3078 scf_handle_t *h; 3079 scf_scope_t *scope = NULL; 3080 scf_service_t *svc = NULL; 3081 int ret = 0; 3082 3083 h = scf_instance_handle(inst); 3084 3085 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 3086 NULL, NULL, SCF_DECODE_FMRI_EXACT) == 0) 3087 return (0); 3088 3089 switch (scf_error()) { 3090 case SCF_ERROR_CONNECTION_BROKEN: 3091 return (ECONNABORTED); 3092 3093 case SCF_ERROR_NOT_FOUND: 3094 break; 3095 3096 case SCF_ERROR_HANDLE_MISMATCH: 3097 case SCF_ERROR_INVALID_ARGUMENT: 3098 case SCF_ERROR_CONSTRAINT_VIOLATED: 3099 default: 3100 bad_error("scf_handle_decode_fmri", scf_error()); 3101 } 3102 3103 /* Make sure we're right, since we're adding piece-by-piece. */ 3104 assert(strcmp(SCF_SERVICE_STARTD, 3105 "svc:/system/svc/restarter:default") == 0); 3106 3107 if ((scope = scf_scope_create(h)) == NULL || 3108 (svc = scf_service_create(h)) == NULL) { 3109 ret = ENOMEM; 3110 goto out; 3111 } 3112 3113 get_scope: 3114 if (scf_handle_get_scope(h, SCF_SCOPE_LOCAL, scope) != 0) { 3115 switch (scf_error()) { 3116 case SCF_ERROR_CONNECTION_BROKEN: 3117 ret = ECONNABORTED; 3118 goto out; 3119 3120 case SCF_ERROR_NOT_FOUND: 3121 (void) fputs(gettext( 3122 "smf(5) repository missing local scope.\n"), 3123 stderr); 3124 exit(1); 3125 /* NOTREACHED */ 3126 3127 case SCF_ERROR_HANDLE_MISMATCH: 3128 case SCF_ERROR_INVALID_ARGUMENT: 3129 default: 3130 bad_error("scf_handle_get_scope", scf_error()); 3131 } 3132 } 3133 3134 get_svc: 3135 if (scf_scope_get_service(scope, "system/svc/restarter", svc) != 0) { 3136 switch (scf_error()) { 3137 case SCF_ERROR_CONNECTION_BROKEN: 3138 ret = ECONNABORTED; 3139 goto out; 3140 3141 case SCF_ERROR_DELETED: 3142 goto get_scope; 3143 3144 case SCF_ERROR_NOT_FOUND: 3145 break; 3146 3147 case SCF_ERROR_HANDLE_MISMATCH: 3148 case SCF_ERROR_INVALID_ARGUMENT: 3149 case SCF_ERROR_NOT_SET: 3150 default: 3151 bad_error("scf_scope_get_service", scf_error()); 3152 } 3153 3154 add_svc: 3155 if (scf_scope_add_service(scope, "system/svc/restarter", svc) != 3156 0) { 3157 switch (scf_error()) { 3158 case SCF_ERROR_CONNECTION_BROKEN: 3159 ret = ECONNABORTED; 3160 goto out; 3161 3162 case SCF_ERROR_EXISTS: 3163 goto get_svc; 3164 3165 case SCF_ERROR_PERMISSION_DENIED: 3166 ret = EPERM; 3167 goto out; 3168 3169 case SCF_ERROR_BACKEND_ACCESS: 3170 ret = EACCES; 3171 goto out; 3172 3173 case SCF_ERROR_BACKEND_READONLY: 3174 ret = EROFS; 3175 goto out; 3176 3177 case SCF_ERROR_HANDLE_MISMATCH: 3178 case SCF_ERROR_INVALID_ARGUMENT: 3179 case SCF_ERROR_NOT_SET: 3180 default: 3181 bad_error("scf_scope_add_service", scf_error()); 3182 } 3183 } 3184 } 3185 3186 get_inst: 3187 if (scf_service_get_instance(svc, "default", inst) != 0) { 3188 switch (scf_error()) { 3189 case SCF_ERROR_CONNECTION_BROKEN: 3190 ret = ECONNABORTED; 3191 goto out; 3192 3193 case SCF_ERROR_DELETED: 3194 goto add_svc; 3195 3196 case SCF_ERROR_NOT_FOUND: 3197 break; 3198 3199 case SCF_ERROR_HANDLE_MISMATCH: 3200 case SCF_ERROR_INVALID_ARGUMENT: 3201 case SCF_ERROR_NOT_SET: 3202 default: 3203 bad_error("scf_service_get_instance", scf_error()); 3204 } 3205 3206 if (scf_service_add_instance(svc, "default", inst) != 3207 0) { 3208 switch (scf_error()) { 3209 case SCF_ERROR_CONNECTION_BROKEN: 3210 ret = ECONNABORTED; 3211 goto out; 3212 3213 case SCF_ERROR_DELETED: 3214 goto add_svc; 3215 3216 case SCF_ERROR_EXISTS: 3217 goto get_inst; 3218 3219 case SCF_ERROR_PERMISSION_DENIED: 3220 ret = EPERM; 3221 goto out; 3222 3223 case SCF_ERROR_BACKEND_ACCESS: 3224 ret = EACCES; 3225 goto out; 3226 3227 case SCF_ERROR_BACKEND_READONLY: 3228 ret = EROFS; 3229 goto out; 3230 3231 case SCF_ERROR_HANDLE_MISMATCH: 3232 case SCF_ERROR_INVALID_ARGUMENT: 3233 case SCF_ERROR_NOT_SET: 3234 default: 3235 bad_error("scf_service_add_instance", 3236 scf_error()); 3237 } 3238 } 3239 } 3240 3241 ret = 0; 3242 3243 out: 3244 scf_service_destroy(svc); 3245 scf_scope_destroy(scope); 3246 return (ret); 3247 } 3248 3249 /* 3250 * Fails with 3251 * ECONNABORTED - repository connection broken 3252 * ECANCELED - the transaction's property group was deleted 3253 */ 3254 static int 3255 transaction_add_set(scf_transaction_t *tx, scf_transaction_entry_t *ent, 3256 const char *pname, scf_type_t type) 3257 { 3258 change_type: 3259 if (scf_transaction_property_change_type(tx, ent, pname, type) == 0) 3260 return (0); 3261 3262 switch (scf_error()) { 3263 case SCF_ERROR_CONNECTION_BROKEN: 3264 return (ECONNABORTED); 3265 3266 case SCF_ERROR_DELETED: 3267 return (ECANCELED); 3268 3269 case SCF_ERROR_NOT_FOUND: 3270 goto new; 3271 3272 case SCF_ERROR_HANDLE_MISMATCH: 3273 case SCF_ERROR_INVALID_ARGUMENT: 3274 case SCF_ERROR_NOT_BOUND: 3275 case SCF_ERROR_NOT_SET: 3276 default: 3277 bad_error("scf_transaction_property_change_type", scf_error()); 3278 } 3279 3280 new: 3281 if (scf_transaction_property_new(tx, ent, pname, type) == 0) 3282 return (0); 3283 3284 switch (scf_error()) { 3285 case SCF_ERROR_CONNECTION_BROKEN: 3286 return (ECONNABORTED); 3287 3288 case SCF_ERROR_DELETED: 3289 return (ECANCELED); 3290 3291 case SCF_ERROR_EXISTS: 3292 goto change_type; 3293 3294 case SCF_ERROR_HANDLE_MISMATCH: 3295 case SCF_ERROR_INVALID_ARGUMENT: 3296 case SCF_ERROR_NOT_BOUND: 3297 case SCF_ERROR_NOT_SET: 3298 default: 3299 bad_error("scf_transaction_property_new", scf_error()); 3300 /* NOTREACHED */ 3301 } 3302 } 3303 3304 static void 3305 scferr(void) 3306 { 3307 switch (scf_error()) { 3308 case SCF_ERROR_NO_MEMORY: 3309 console(B_TRUE, gettext("Out of memory.\n")); 3310 break; 3311 3312 case SCF_ERROR_CONNECTION_BROKEN: 3313 console(B_TRUE, gettext( 3314 "Connection to smf(5) repository server broken.\n")); 3315 break; 3316 3317 case SCF_ERROR_NO_RESOURCES: 3318 console(B_TRUE, gettext( 3319 "smf(5) repository server is out of memory.\n")); 3320 break; 3321 3322 case SCF_ERROR_PERMISSION_DENIED: 3323 console(B_TRUE, gettext("Insufficient privileges.\n")); 3324 break; 3325 3326 default: 3327 console(B_TRUE, gettext("libscf error: %s\n"), 3328 scf_strerror(scf_error())); 3329 } 3330 } 3331 3332 static void 3333 lscf_set_runlevel(char rl) 3334 { 3335 scf_handle_t *h; 3336 scf_instance_t *inst = NULL; 3337 scf_propertygroup_t *pg = NULL; 3338 scf_transaction_t *tx = NULL; 3339 scf_transaction_entry_t *ent = NULL; 3340 scf_value_t *val = NULL; 3341 char buf[2]; 3342 int r; 3343 3344 h = scf_handle_create(SCF_VERSION); 3345 if (h == NULL) { 3346 scferr(); 3347 return; 3348 } 3349 3350 if (scf_handle_bind(h) != 0) { 3351 switch (scf_error()) { 3352 case SCF_ERROR_NO_SERVER: 3353 console(B_TRUE, 3354 gettext("smf(5) repository server not running.\n")); 3355 goto bail; 3356 3357 default: 3358 scferr(); 3359 goto bail; 3360 } 3361 } 3362 3363 if ((inst = scf_instance_create(h)) == NULL || 3364 (pg = scf_pg_create(h)) == NULL || 3365 (val = scf_value_create(h)) == NULL || 3366 (tx = scf_transaction_create(h)) == NULL || 3367 (ent = scf_entry_create(h)) == NULL) { 3368 scferr(); 3369 goto bail; 3370 } 3371 3372 get_inst: 3373 r = get_or_add_startd(inst); 3374 switch (r) { 3375 case 0: 3376 break; 3377 3378 case ENOMEM: 3379 case ECONNABORTED: 3380 case EPERM: 3381 case EACCES: 3382 case EROFS: 3383 scferr(); 3384 goto bail; 3385 default: 3386 bad_error("get_or_add_startd", r); 3387 } 3388 3389 get_pg: 3390 if (scf_instance_get_pg(inst, SCF_PG_OPTIONS_OVR, pg) != 0) { 3391 switch (scf_error()) { 3392 case SCF_ERROR_CONNECTION_BROKEN: 3393 scferr(); 3394 goto bail; 3395 3396 case SCF_ERROR_DELETED: 3397 goto get_inst; 3398 3399 case SCF_ERROR_NOT_FOUND: 3400 break; 3401 3402 case SCF_ERROR_HANDLE_MISMATCH: 3403 case SCF_ERROR_INVALID_ARGUMENT: 3404 case SCF_ERROR_NOT_SET: 3405 default: 3406 bad_error("scf_instance_get_pg", scf_error()); 3407 } 3408 3409 add_pg: 3410 if (scf_instance_add_pg(inst, SCF_PG_OPTIONS_OVR, 3411 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, pg) != 3412 0) { 3413 switch (scf_error()) { 3414 case SCF_ERROR_CONNECTION_BROKEN: 3415 case SCF_ERROR_PERMISSION_DENIED: 3416 case SCF_ERROR_BACKEND_ACCESS: 3417 scferr(); 3418 goto bail; 3419 3420 case SCF_ERROR_DELETED: 3421 goto get_inst; 3422 3423 case SCF_ERROR_EXISTS: 3424 goto get_pg; 3425 3426 case SCF_ERROR_HANDLE_MISMATCH: 3427 case SCF_ERROR_INVALID_ARGUMENT: 3428 case SCF_ERROR_NOT_SET: 3429 default: 3430 bad_error("scf_instance_add_pg", scf_error()); 3431 } 3432 } 3433 } 3434 3435 buf[0] = rl; 3436 buf[1] = '\0'; 3437 r = scf_value_set_astring(val, buf); 3438 assert(r == 0); 3439 3440 for (;;) { 3441 if (scf_transaction_start(tx, pg) != 0) { 3442 switch (scf_error()) { 3443 case SCF_ERROR_CONNECTION_BROKEN: 3444 case SCF_ERROR_PERMISSION_DENIED: 3445 case SCF_ERROR_BACKEND_ACCESS: 3446 scferr(); 3447 goto bail; 3448 3449 case SCF_ERROR_DELETED: 3450 goto add_pg; 3451 3452 case SCF_ERROR_HANDLE_MISMATCH: 3453 case SCF_ERROR_NOT_BOUND: 3454 case SCF_ERROR_IN_USE: 3455 case SCF_ERROR_NOT_SET: 3456 default: 3457 bad_error("scf_transaction_start", scf_error()); 3458 } 3459 } 3460 3461 r = transaction_add_set(tx, ent, "runlevel", SCF_TYPE_ASTRING); 3462 switch (r) { 3463 case 0: 3464 break; 3465 3466 case ECONNABORTED: 3467 scferr(); 3468 goto bail; 3469 3470 case ECANCELED: 3471 scf_transaction_reset(tx); 3472 goto add_pg; 3473 3474 default: 3475 bad_error("transaction_add_set", r); 3476 } 3477 3478 r = scf_entry_add_value(ent, val); 3479 assert(r == 0); 3480 3481 r = scf_transaction_commit(tx); 3482 if (r == 1) 3483 break; 3484 3485 if (r != 0) { 3486 switch (scf_error()) { 3487 case SCF_ERROR_CONNECTION_BROKEN: 3488 case SCF_ERROR_PERMISSION_DENIED: 3489 case SCF_ERROR_BACKEND_ACCESS: 3490 case SCF_ERROR_BACKEND_READONLY: 3491 scferr(); 3492 goto bail; 3493 3494 case SCF_ERROR_DELETED: 3495 scf_transaction_reset(tx); 3496 goto add_pg; 3497 3498 case SCF_ERROR_INVALID_ARGUMENT: 3499 case SCF_ERROR_NOT_BOUND: 3500 case SCF_ERROR_NOT_SET: 3501 default: 3502 bad_error("scf_transaction_commit", 3503 scf_error()); 3504 } 3505 } 3506 3507 scf_transaction_reset(tx); 3508 (void) scf_pg_update(pg); 3509 } 3510 3511 bail: 3512 scf_transaction_destroy(tx); 3513 scf_entry_destroy(ent); 3514 scf_value_destroy(val); 3515 scf_pg_destroy(pg); 3516 scf_instance_destroy(inst); 3517 3518 (void) scf_handle_unbind(h); 3519 scf_handle_destroy(h); 3520 } 3521 3522 /* 3523 * Function to handle requests from users to main init running as process 1. 3524 */ 3525 static void 3526 userinit(int argc, char **argv) 3527 { 3528 FILE *fp; 3529 char *ln; 3530 int init_signal; 3531 struct stat sconbuf, conbuf; 3532 const char *usage_msg = "Usage: init [0123456SsQqabc]\n"; 3533 3534 /* 3535 * We are a user invoked init. Is there an argument and is it 3536 * a single character? If not, print usage message and quit. 3537 */ 3538 if (argc != 2 || argv[1][1] != '\0') { 3539 (void) fprintf(stderr, usage_msg); 3540 exit(0); 3541 } 3542 3543 if ((init_signal = lvlname_to_state((char)argv[1][0])) == -1) { 3544 (void) fprintf(stderr, usage_msg); 3545 (void) audit_put_record(ADT_FAILURE, ADT_FAIL_VALUE_BAD_CMD, 3546 argv[1]); 3547 exit(1); 3548 } 3549 3550 if (init_signal == SINGLE_USER) { 3551 /* 3552 * Make sure this process is talking to a legal tty line 3553 * and that /dev/syscon is linked to this line. 3554 */ 3555 ln = ttyname(0); /* Get the name of tty */ 3556 if (ln == NULL) { 3557 (void) fprintf(stderr, 3558 "Standard input not a tty line\n"); 3559 (void) audit_put_record(ADT_FAILURE, 3560 ADT_FAIL_VALUE_BAD_TTY, argv[1]); 3561 exit(1); 3562 } 3563 3564 if ((stat(ln, &sconbuf) != -1) && 3565 (stat(SYSCON, &conbuf) == -1 || 3566 sconbuf.st_rdev != conbuf.st_rdev)) { 3567 /* 3568 * /dev/syscon needs to change. 3569 * Unlink /dev/syscon and relink it to the current line. 3570 */ 3571 if (lstat(SYSCON, &conbuf) != -1 && 3572 unlink(SYSCON) == FAILURE) { 3573 perror("Can't unlink /dev/syscon"); 3574 (void) fprintf(stderr, 3575 "Run command on the system console.\n"); 3576 (void) audit_put_record(ADT_FAILURE, 3577 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3578 exit(1); 3579 } 3580 if (symlink(ln, SYSCON) == FAILURE) { 3581 (void) fprintf(stderr, 3582 "Can't symlink /dev/syscon to %s: %s", ln, 3583 strerror(errno)); 3584 3585 /* Try to leave a syscon */ 3586 (void) link(SYSTTY, SYSCON); 3587 (void) audit_put_record(ADT_FAILURE, 3588 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3589 exit(1); 3590 } 3591 3592 /* 3593 * Try to leave a message on system console saying where 3594 * /dev/syscon is currently connected. 3595 */ 3596 if ((fp = fopen(SYSTTY, "r+")) != NULL) { 3597 (void) fprintf(fp, 3598 "\n**** SYSCON CHANGED TO %s ****\n", 3599 ln); 3600 (void) fclose(fp); 3601 } 3602 } 3603 } 3604 3605 update_boot_archive(init_signal); 3606 3607 (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]); 3608 3609 /* 3610 * Signal init; init will take care of telling svc.startd. 3611 */ 3612 if (kill(init_pid, init_signal) == FAILURE) { 3613 (void) fprintf(stderr, "Must be super-user\n"); 3614 (void) audit_put_record(ADT_FAILURE, 3615 ADT_FAIL_VALUE_AUTH, argv[1]); 3616 exit(1); 3617 } 3618 3619 exit(0); 3620 } 3621 3622 3623 #define DELTA 25 /* Number of pidlist elements to allocate at a time */ 3624 3625 /* ARGSUSED */ 3626 void 3627 sigpoll(int n) 3628 { 3629 struct pidrec prec; 3630 struct pidrec *p = ≺ 3631 struct pidlist *plp; 3632 struct pidlist *tp, *savetp; 3633 int i; 3634 3635 if (Pfd < 0) { 3636 return; 3637 } 3638 3639 for (;;) { 3640 /* 3641 * Important Note: Either read will really fail (in which case 3642 * return is all we can do) or will get EAGAIN (Pfd was opened 3643 * O_NDELAY), in which case we also want to return. 3644 * Always return from here! 3645 */ 3646 if (read(Pfd, p, sizeof (struct pidrec)) != 3647 sizeof (struct pidrec)) { 3648 return; 3649 } 3650 switch (p->pd_type) { 3651 3652 case ADDPID: 3653 /* 3654 * New "godchild", add to list. 3655 */ 3656 if (Plfree == NULL) { 3657 plp = (struct pidlist *)calloc(DELTA, 3658 sizeof (struct pidlist)); 3659 if (plp == NULL) { 3660 /* Can't save pid */ 3661 break; 3662 } 3663 /* 3664 * Point at 2nd record allocated, we'll use plp. 3665 */ 3666 tp = plp + 1; 3667 /* 3668 * Link them into a chain. 3669 */ 3670 Plfree = tp; 3671 for (i = 0; i < DELTA - 2; i++) { 3672 tp->pl_next = tp + 1; 3673 tp++; 3674 } 3675 } else { 3676 plp = Plfree; 3677 Plfree = plp->pl_next; 3678 } 3679 plp->pl_pid = p->pd_pid; 3680 plp->pl_dflag = 0; 3681 plp->pl_next = NULL; 3682 /* 3683 * Note - pid list is kept in increasing order of pids. 3684 */ 3685 if (Plhead == NULL) { 3686 Plhead = plp; 3687 /* Back up to read next record */ 3688 break; 3689 } else { 3690 savetp = tp = Plhead; 3691 while (tp) { 3692 if (plp->pl_pid > tp->pl_pid) { 3693 savetp = tp; 3694 tp = tp->pl_next; 3695 continue; 3696 } else if (plp->pl_pid < tp->pl_pid) { 3697 if (tp == Plhead) { 3698 plp->pl_next = Plhead; 3699 Plhead = plp; 3700 } else { 3701 plp->pl_next = 3702 savetp->pl_next; 3703 savetp->pl_next = plp; 3704 } 3705 break; 3706 } else { 3707 /* Already in list! */ 3708 plp->pl_next = Plfree; 3709 Plfree = plp; 3710 break; 3711 } 3712 } 3713 if (tp == NULL) { 3714 /* Add to end of list */ 3715 savetp->pl_next = plp; 3716 } 3717 } 3718 /* Back up to read next record. */ 3719 break; 3720 3721 case REMPID: 3722 /* 3723 * This one was handled by someone else, 3724 * purge it from the list. 3725 */ 3726 if (Plhead == NULL) { 3727 /* Back up to read next record. */ 3728 break; 3729 } 3730 savetp = tp = Plhead; 3731 while (tp) { 3732 if (p->pd_pid > tp->pl_pid) { 3733 /* Keep on looking. */ 3734 savetp = tp; 3735 tp = tp->pl_next; 3736 continue; 3737 } else if (p->pd_pid < tp->pl_pid) { 3738 /* Not in list. */ 3739 break; 3740 } else { 3741 /* Found it. */ 3742 if (tp == Plhead) 3743 Plhead = tp->pl_next; 3744 else 3745 savetp->pl_next = tp->pl_next; 3746 tp->pl_next = Plfree; 3747 Plfree = tp; 3748 break; 3749 } 3750 } 3751 /* Back up to read next record. */ 3752 break; 3753 default: 3754 console(B_TRUE, "Bad message on initpipe\n"); 3755 break; 3756 } 3757 } 3758 } 3759 3760 3761 static void 3762 cleanaux() 3763 { 3764 struct pidlist *savep, *p; 3765 pid_t pid; 3766 short status; 3767 3768 (void) sigset(SIGCLD, SIG_DFL); 3769 Gchild = 0; /* Note - Safe to do this here since no SIGCLDs */ 3770 (void) sighold(SIGPOLL); 3771 savep = p = Plhead; 3772 while (p) { 3773 if (p->pl_dflag) { 3774 /* 3775 * Found an entry to delete, 3776 * remove it from list first. 3777 */ 3778 pid = p->pl_pid; 3779 status = p->pl_exit; 3780 if (p == Plhead) { 3781 Plhead = p->pl_next; 3782 p->pl_next = Plfree; 3783 Plfree = p; 3784 savep = p = Plhead; 3785 } else { 3786 savep->pl_next = p->pl_next; 3787 p->pl_next = Plfree; 3788 Plfree = p; 3789 p = savep->pl_next; 3790 } 3791 clearent(pid, status); 3792 continue; 3793 } 3794 savep = p; 3795 p = p->pl_next; 3796 } 3797 (void) sigrelse(SIGPOLL); 3798 (void) sigset(SIGCLD, childeath); 3799 } 3800 3801 3802 /* 3803 * /etc/inittab has more entries and we have run out of room in the proc_table 3804 * array. Double the size of proc_table to accomodate the extra entries. 3805 */ 3806 static void 3807 increase_proc_table_size() 3808 { 3809 sigset_t block, unblock; 3810 void *ptr; 3811 size_t delta = num_proc * sizeof (struct PROC_TABLE); 3812 3813 3814 /* 3815 * Block signals for realloc. 3816 */ 3817 (void) sigfillset(&block); 3818 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 3819 3820 3821 /* 3822 * On failure we just return because callers of this function check 3823 * for failure. 3824 */ 3825 do 3826 ptr = realloc(g_state, g_state_sz + delta); 3827 while (ptr == NULL && errno == EAGAIN); 3828 3829 if (ptr != NULL) { 3830 /* ensure that the new part is initialized to zero */ 3831 bzero((caddr_t)ptr + g_state_sz, delta); 3832 3833 g_state = ptr; 3834 g_state_sz += delta; 3835 num_proc <<= 1; 3836 } 3837 3838 3839 /* unblock our signals before returning */ 3840 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 3841 } 3842 3843 3844 3845 /* 3846 * Sanity check g_state. 3847 */ 3848 static int 3849 st_sane() 3850 { 3851 int i; 3852 struct PROC_TABLE *ptp; 3853 3854 3855 /* Note: cur_state is encoded as a signal number */ 3856 if (cur_state < 1 || cur_state == 9 || cur_state > 13) 3857 return (0); 3858 3859 /* Check num_proc */ 3860 if (g_state_sz != sizeof (struct init_state) + (num_proc - 1) * 3861 sizeof (struct PROC_TABLE)) 3862 return (0); 3863 3864 /* Check proc_table */ 3865 for (i = 0, ptp = proc_table; i < num_proc; ++i, ++ptp) { 3866 /* skip unoccupied entries */ 3867 if (!(ptp->p_flags & OCCUPIED)) 3868 continue; 3869 3870 /* p_flags has no bits outside of PF_MASK */ 3871 if (ptp->p_flags & ~(PF_MASK)) 3872 return (0); 3873 3874 /* 5 <= pid <= MAXPID */ 3875 if (ptp->p_pid < 5 || ptp->p_pid > MAXPID) 3876 return (0); 3877 3878 /* p_count >= 0 */ 3879 if (ptp->p_count < 0) 3880 return (0); 3881 3882 /* p_time >= 0 */ 3883 if (ptp->p_time < 0) 3884 return (0); 3885 } 3886 3887 return (1); 3888 } 3889 3890 /* 3891 * Initialize our state. 3892 * 3893 * If the system just booted, then init_state_file, which is located on an 3894 * everpresent tmpfs filesystem, should not exist. 3895 * 3896 * If we were restarted, then init_state_file should exist, in 3897 * which case we'll read it in, sanity check it, and use it. 3898 * 3899 * Note: You can't call console() until proc_table is ready. 3900 */ 3901 void 3902 st_init() 3903 { 3904 struct stat stb; 3905 int ret, st_fd, insane = 0; 3906 size_t to_be_read; 3907 char *ptr; 3908 3909 3910 booting = 1; 3911 3912 do { 3913 /* 3914 * If we can exclusively create the file, then we're the 3915 * initial invocation of init(1M). 3916 */ 3917 st_fd = open(init_state_file, O_RDWR | O_CREAT | O_EXCL, 3918 S_IRUSR | S_IWUSR); 3919 } while (st_fd == -1 && errno == EINTR); 3920 if (st_fd != -1) 3921 goto new_state; 3922 3923 booting = 0; 3924 3925 do { 3926 st_fd = open(init_state_file, O_RDWR, S_IRUSR | S_IWUSR); 3927 } while (st_fd == -1 && errno == EINTR); 3928 if (st_fd == -1) 3929 goto new_state; 3930 3931 /* Get the size of the file. */ 3932 do 3933 ret = fstat(st_fd, &stb); 3934 while (ret == -1 && errno == EINTR); 3935 if (ret == -1) 3936 goto new_state; 3937 3938 do 3939 g_state = malloc(stb.st_size); 3940 while (g_state == NULL && errno == EAGAIN); 3941 if (g_state == NULL) 3942 goto new_state; 3943 3944 to_be_read = stb.st_size; 3945 ptr = (char *)g_state; 3946 while (to_be_read > 0) { 3947 ssize_t read_ret; 3948 3949 read_ret = read(st_fd, ptr, to_be_read); 3950 if (read_ret < 0) { 3951 if (errno == EINTR) 3952 continue; 3953 3954 goto new_state; 3955 } 3956 3957 to_be_read -= read_ret; 3958 ptr += read_ret; 3959 } 3960 3961 (void) close(st_fd); 3962 3963 g_state_sz = stb.st_size; 3964 3965 if (st_sane()) { 3966 console(B_TRUE, "Restarting.\n"); 3967 return; 3968 } 3969 3970 insane = 1; 3971 3972 new_state: 3973 if (st_fd >= 0) 3974 (void) close(st_fd); 3975 else 3976 (void) unlink(init_state_file); 3977 3978 if (g_state != NULL) 3979 free(g_state); 3980 3981 /* Something went wrong, so allocate new state. */ 3982 g_state_sz = sizeof (struct init_state) + 3983 ((init_num_proc - 1) * sizeof (struct PROC_TABLE)); 3984 do 3985 g_state = calloc(1, g_state_sz); 3986 while (g_state == NULL && errno == EAGAIN); 3987 if (g_state == NULL) { 3988 /* Fatal error! */ 3989 exit(errno); 3990 } 3991 3992 g_state->ist_runlevel = -1; 3993 num_proc = init_num_proc; 3994 3995 if (!booting) { 3996 console(B_TRUE, "Restarting.\n"); 3997 3998 /* Overwrite the bad state file. */ 3999 st_write(); 4000 4001 if (!insane) { 4002 console(B_TRUE, 4003 "Error accessing persistent state file `%s'. " 4004 "Ignored.\n", init_state_file); 4005 } else { 4006 console(B_TRUE, 4007 "Persistent state file `%s' is invalid and was " 4008 "ignored.\n", init_state_file); 4009 } 4010 } 4011 } 4012 4013 /* 4014 * Write g_state out to the state file. 4015 */ 4016 void 4017 st_write() 4018 { 4019 static int complained = 0; 4020 4021 int st_fd; 4022 char *cp; 4023 size_t sz; 4024 ssize_t ret; 4025 4026 4027 do { 4028 st_fd = open(init_next_state_file, 4029 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); 4030 } while (st_fd < 0 && errno == EINTR); 4031 if (st_fd < 0) 4032 goto err; 4033 4034 cp = (char *)g_state; 4035 sz = g_state_sz; 4036 while (sz > 0) { 4037 ret = write(st_fd, cp, sz); 4038 if (ret < 0) { 4039 if (errno == EINTR) 4040 continue; 4041 4042 goto err; 4043 } 4044 4045 sz -= ret; 4046 cp += ret; 4047 } 4048 4049 (void) close(st_fd); 4050 st_fd = -1; 4051 if (rename(init_next_state_file, init_state_file)) { 4052 (void) unlink(init_next_state_file); 4053 goto err; 4054 } 4055 complained = 0; 4056 4057 return; 4058 4059 err: 4060 if (st_fd >= 0) 4061 (void) close(st_fd); 4062 4063 if (!booting && !complained) { 4064 /* 4065 * Only complain after the filesystem should have come up. 4066 * And only do it once so we don't loop between console() 4067 * & efork(). 4068 */ 4069 complained = 1; 4070 if (st_fd) 4071 console(B_TRUE, "Couldn't write persistent state " 4072 "file `%s'.\n", init_state_file); 4073 else 4074 console(B_TRUE, "Couldn't move persistent state " 4075 "file `%s' to `%s'.\n", init_next_state_file, 4076 init_state_file); 4077 } 4078 } 4079 4080 /* 4081 * Create a contract with these parameters. 4082 */ 4083 static int 4084 contract_make_template(uint_t info, uint_t critical, uint_t fatal, 4085 uint64_t cookie) 4086 { 4087 int fd, err; 4088 4089 char *ioctl_tset_emsg = 4090 "Couldn't set \"%s\" contract template parameter: %s.\n"; 4091 4092 do 4093 fd = open64(CTFS_ROOT "/process/template", O_RDWR); 4094 while (fd < 0 && errno == EINTR); 4095 if (fd < 0) { 4096 console(B_TRUE, "Couldn't create process template: %s.\n", 4097 strerror(errno)); 4098 return (-1); 4099 } 4100 4101 if (err = ct_pr_tmpl_set_param(fd, CT_PR_INHERIT | CT_PR_REGENT)) 4102 console(B_TRUE, "Contract set template inherit, regent " 4103 "failed: %s.\n", strerror(err)); 4104 4105 /* 4106 * These errors result in a misconfigured template, which is better 4107 * than no template at all, so warn but don't abort. 4108 */ 4109 if (err = ct_tmpl_set_informative(fd, info)) 4110 console(B_TRUE, ioctl_tset_emsg, "informative", strerror(err)); 4111 4112 if (err = ct_tmpl_set_critical(fd, critical)) 4113 console(B_TRUE, ioctl_tset_emsg, "critical", strerror(err)); 4114 4115 if (err = ct_pr_tmpl_set_fatal(fd, fatal)) 4116 console(B_TRUE, ioctl_tset_emsg, "fatal", strerror(err)); 4117 4118 if (err = ct_tmpl_set_cookie(fd, cookie)) 4119 console(B_TRUE, ioctl_tset_emsg, "cookie", strerror(err)); 4120 4121 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4122 4123 return (fd); 4124 } 4125 4126 /* 4127 * Create the templates and open an event file descriptor. We use dup2(2) to 4128 * get these descriptors away from the stdin/stdout/stderr group. 4129 */ 4130 static void 4131 contracts_init() 4132 { 4133 int err, fd; 4134 4135 /* 4136 * Create & configure a legacy template. We only want empty events so 4137 * we know when to abandon them. 4138 */ 4139 legacy_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, CT_PR_EV_HWERR, 4140 ORDINARY_COOKIE); 4141 if (legacy_tmpl >= 0) { 4142 err = ct_tmpl_activate(legacy_tmpl); 4143 if (err != 0) { 4144 (void) close(legacy_tmpl); 4145 legacy_tmpl = -1; 4146 console(B_TRUE, 4147 "Couldn't activate legacy template (%s); " 4148 "legacy services will be in init's contract.\n", 4149 strerror(err)); 4150 } 4151 } else 4152 console(B_TRUE, 4153 "Legacy services will be in init's contract.\n"); 4154 4155 if (dup2(legacy_tmpl, 255) == -1) { 4156 console(B_TRUE, "Could not duplicate legacy template: %s.\n", 4157 strerror(errno)); 4158 } else { 4159 (void) close(legacy_tmpl); 4160 legacy_tmpl = 255; 4161 } 4162 4163 (void) fcntl(legacy_tmpl, F_SETFD, FD_CLOEXEC); 4164 4165 startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4166 CT_PR_EV_HWERR | CT_PR_EV_SIGNAL | CT_PR_EV_CORE, STARTD_COOKIE); 4167 4168 if (dup2(startd_tmpl, 254) == -1) { 4169 console(B_TRUE, "Could not duplicate startd template: %s.\n", 4170 strerror(errno)); 4171 } else { 4172 (void) close(startd_tmpl); 4173 startd_tmpl = 254; 4174 } 4175 4176 (void) fcntl(startd_tmpl, F_SETFD, FD_CLOEXEC); 4177 4178 if (legacy_tmpl < 0 && startd_tmpl < 0) { 4179 /* The creation errors have already been reported. */ 4180 console(B_TRUE, 4181 "Ignoring contract events. Core smf(5) services will not " 4182 "be restarted.\n"); 4183 return; 4184 } 4185 4186 /* 4187 * Open an event endpoint. 4188 */ 4189 do 4190 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY); 4191 while (fd < 0 && errno == EINTR); 4192 if (fd < 0) { 4193 console(B_TRUE, 4194 "Couldn't open process pbundle: %s. Core smf(5) services " 4195 "will not be restarted.\n", strerror(errno)); 4196 return; 4197 } 4198 4199 if (dup2(fd, 253) == -1) { 4200 console(B_TRUE, "Could not duplicate process bundle: %s.\n", 4201 strerror(errno)); 4202 } else { 4203 (void) close(fd); 4204 fd = 253; 4205 } 4206 4207 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4208 4209 /* Reset in case we've been restarted. */ 4210 (void) ct_event_reset(fd); 4211 4212 poll_fds[0].fd = fd; 4213 poll_fds[0].events = POLLIN; 4214 poll_nfds = 1; 4215 } 4216 4217 static int 4218 contract_getfile(ctid_t id, const char *name, int oflag) 4219 { 4220 int fd; 4221 4222 do 4223 fd = contract_open(id, "process", name, oflag); 4224 while (fd < 0 && errno == EINTR); 4225 4226 if (fd < 0) 4227 console(B_TRUE, "Couldn't open %s for contract %ld: %s.\n", 4228 name, id, strerror(errno)); 4229 4230 return (fd); 4231 } 4232 4233 static int 4234 contract_cookie(ctid_t id, uint64_t *cp) 4235 { 4236 int fd, err; 4237 ct_stathdl_t sh; 4238 4239 fd = contract_getfile(id, "status", O_RDONLY); 4240 if (fd < 0) 4241 return (-1); 4242 4243 err = ct_status_read(fd, CTD_COMMON, &sh); 4244 if (err != 0) { 4245 console(B_TRUE, "Couldn't read status of contract %ld: %s.\n", 4246 id, strerror(err)); 4247 (void) close(fd); 4248 return (-1); 4249 } 4250 4251 (void) close(fd); 4252 4253 *cp = ct_status_get_cookie(sh); 4254 4255 ct_status_free(sh); 4256 return (0); 4257 } 4258 4259 static void 4260 contract_ack(ct_evthdl_t e) 4261 { 4262 int fd; 4263 4264 if (ct_event_get_flags(e) & CTE_INFO) 4265 return; 4266 4267 fd = contract_getfile(ct_event_get_ctid(e), "ctl", O_WRONLY); 4268 if (fd < 0) 4269 return; 4270 4271 (void) ct_ctl_ack(fd, ct_event_get_evid(e)); 4272 (void) close(fd); 4273 } 4274 4275 /* 4276 * Process a contract event. 4277 */ 4278 static void 4279 contract_event(struct pollfd *poll) 4280 { 4281 ct_evthdl_t e; 4282 int err; 4283 ctid_t ctid; 4284 4285 if (!(poll->revents & POLLIN)) { 4286 if (poll->revents & POLLERR) 4287 console(B_TRUE, 4288 "Unknown poll error on my process contract " 4289 "pbundle.\n"); 4290 return; 4291 } 4292 4293 err = ct_event_read(poll->fd, &e); 4294 if (err != 0) { 4295 console(B_TRUE, "Error retrieving contract event: %s.\n", 4296 strerror(err)); 4297 return; 4298 } 4299 4300 ctid = ct_event_get_ctid(e); 4301 4302 if (ct_event_get_type(e) == CT_PR_EV_EMPTY) { 4303 uint64_t cookie; 4304 int ret, abandon = 1; 4305 4306 /* If it's svc.startd, restart it. Else, abandon. */ 4307 ret = contract_cookie(ctid, &cookie); 4308 4309 if (ret == 0) { 4310 if (cookie == STARTD_COOKIE && 4311 do_restart_startd) { 4312 if (smf_debug) 4313 console(B_TRUE, "Restarting " 4314 "svc.startd.\n"); 4315 4316 /* 4317 * Account for the failure. If the failure rate 4318 * exceeds a threshold, then drop to maintenance 4319 * mode. 4320 */ 4321 startd_record_failure(); 4322 if (startd_failure_rate_critical()) 4323 enter_maintenance(); 4324 4325 if (startd_tmpl < 0) 4326 console(B_TRUE, 4327 "Restarting svc.startd in " 4328 "improper contract (bad " 4329 "template).\n"); 4330 4331 (void) startd_run(startd_cline, startd_tmpl, 4332 ctid); 4333 4334 abandon = 0; 4335 } 4336 } 4337 4338 if (abandon && (err = contract_abandon_id(ctid))) { 4339 console(B_TRUE, "Couldn't abandon contract %ld: %s.\n", 4340 ctid, strerror(err)); 4341 } 4342 4343 /* 4344 * No need to acknowledge the event since either way the 4345 * originating contract should be abandoned. 4346 */ 4347 } else { 4348 console(B_TRUE, 4349 "Received contract event of unexpected type %d from " 4350 "contract %ld.\n", ct_event_get_type(e), ctid); 4351 4352 if ((ct_event_get_flags(e) & (CTE_INFO | CTE_ACK)) == 0) 4353 /* Allow unexpected critical events to be released. */ 4354 contract_ack(e); 4355 } 4356 4357 ct_event_free(e); 4358 } 4359 4360 /* 4361 * svc.startd(1M) Management 4362 */ 4363 4364 /* 4365 * (Re)start svc.startd(1M). old_ctid should be the contract ID of the old 4366 * contract, or 0 if we're starting it for the first time. If wait is true 4367 * we'll wait for and return the exit value of the child. 4368 */ 4369 static int 4370 startd_run(const char *cline, int tmpl, ctid_t old_ctid) 4371 { 4372 int err, i, ret, did_activate; 4373 pid_t pid; 4374 struct stat sb; 4375 4376 if (cline[0] == '\0') 4377 return (-1); 4378 4379 /* 4380 * Don't restart startd if the system is rebooting or shutting down. 4381 */ 4382 do { 4383 ret = stat("/etc/svc/volatile/resetting", &sb); 4384 } while (ret == -1 && errno == EINTR); 4385 4386 if (ret == 0) { 4387 if (smf_debug) 4388 console(B_TRUE, "Quiescing for reboot.\n"); 4389 (void) pause(); 4390 return (-1); 4391 } 4392 4393 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4394 if (err == EINVAL) { 4395 console(B_TRUE, "Remake startd_tmpl; reattempt transfer.\n"); 4396 tmpl = startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4397 CT_PR_EV_HWERR, STARTD_COOKIE); 4398 4399 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4400 } 4401 if (err != 0) { 4402 console(B_TRUE, 4403 "Couldn't set transfer parameter of contract template: " 4404 "%s.\n", strerror(err)); 4405 } 4406 4407 if ((err = ct_pr_tmpl_set_svc_fmri(startd_tmpl, 4408 SCF_SERVICE_STARTD)) != 0) 4409 console(B_TRUE, 4410 "Can not set svc_fmri in contract template: %s\n", 4411 strerror(err)); 4412 if ((err = ct_pr_tmpl_set_svc_aux(startd_tmpl, 4413 startd_svc_aux)) != 0) 4414 console(B_TRUE, 4415 "Can not set svc_aux in contract template: %s\n", 4416 strerror(err)); 4417 did_activate = !(ct_tmpl_activate(tmpl)); 4418 if (!did_activate) 4419 console(B_TRUE, 4420 "Template activation failed; not starting \"%s\" in " 4421 "proper contract.\n", cline); 4422 4423 /* Hold SIGCHLD so we can wait if necessary. */ 4424 (void) sighold(SIGCHLD); 4425 4426 while ((pid = fork()) < 0) { 4427 if (errno == EPERM) { 4428 console(B_TRUE, "Insufficient permission to fork.\n"); 4429 4430 /* Now that's a doozy. */ 4431 exit(1); 4432 } 4433 4434 console(B_TRUE, 4435 "fork() for svc.startd failed: %s. Will retry in 1 " 4436 "second...\n", strerror(errno)); 4437 4438 (void) sleep(1); 4439 4440 /* Eventually give up? */ 4441 } 4442 4443 if (pid == 0) { 4444 /* child */ 4445 4446 /* See the comment in efork() */ 4447 for (i = SIGHUP; i <= SIGRTMAX; ++i) { 4448 if (i == SIGTTOU || i == SIGTTIN || i == SIGTSTP) 4449 (void) sigset(i, SIG_IGN); 4450 else 4451 (void) sigset(i, SIG_DFL); 4452 } 4453 4454 if (smf_options != NULL) { 4455 /* Put smf_options in the environment. */ 4456 glob_envp[glob_envn] = 4457 malloc(sizeof ("SMF_OPTIONS=") - 1 + 4458 strlen(smf_options) + 1); 4459 4460 if (glob_envp[glob_envn] != NULL) { 4461 /* LINTED */ 4462 (void) sprintf(glob_envp[glob_envn], 4463 "SMF_OPTIONS=%s", smf_options); 4464 glob_envp[glob_envn+1] = NULL; 4465 } else { 4466 console(B_TRUE, 4467 "Could not set SMF_OPTIONS (%s).\n", 4468 strerror(errno)); 4469 } 4470 } 4471 4472 if (smf_debug) 4473 console(B_TRUE, "Executing svc.startd\n"); 4474 4475 (void) execle(SH, "INITSH", "-c", cline, NULL, glob_envp); 4476 4477 console(B_TRUE, "Could not exec \"%s\" (%s).\n", SH, 4478 strerror(errno)); 4479 4480 exit(1); 4481 } 4482 4483 /* parent */ 4484 4485 if (did_activate) { 4486 if (legacy_tmpl < 0 || ct_tmpl_activate(legacy_tmpl) != 0) 4487 (void) ct_tmpl_clear(tmpl); 4488 } 4489 4490 /* Clear the old_ctid reference so the kernel can reclaim it. */ 4491 if (old_ctid != 0) 4492 (void) ct_pr_tmpl_set_transfer(tmpl, 0); 4493 4494 (void) sigrelse(SIGCHLD); 4495 4496 return (0); 4497 } 4498 4499 /* 4500 * void startd_record_failure(void) 4501 * Place the current time in our circular array of svc.startd failures. 4502 */ 4503 void 4504 startd_record_failure() 4505 { 4506 int index = startd_failure_index++ % NSTARTD_FAILURE_TIMES; 4507 4508 startd_failure_time[index] = gethrtime(); 4509 } 4510 4511 /* 4512 * int startd_failure_rate_critical(void) 4513 * Return true if the average failure interval is less than the permitted 4514 * interval. Implicit success if insufficient measurements for an average 4515 * exist. 4516 */ 4517 int 4518 startd_failure_rate_critical() 4519 { 4520 int n = startd_failure_index; 4521 hrtime_t avg_ns = 0; 4522 4523 if (startd_failure_index < NSTARTD_FAILURE_TIMES) 4524 return (0); 4525 4526 avg_ns = 4527 (startd_failure_time[(n - 1) % NSTARTD_FAILURE_TIMES] - 4528 startd_failure_time[n % NSTARTD_FAILURE_TIMES]) / 4529 NSTARTD_FAILURE_TIMES; 4530 4531 return (avg_ns < STARTD_FAILURE_RATE_NS); 4532 } 4533 4534 /* 4535 * returns string that must be free'd 4536 */ 4537 4538 static char 4539 *audit_boot_msg() 4540 { 4541 char *b, *p; 4542 char desc[] = "booted"; 4543 zoneid_t zid = getzoneid(); 4544 4545 b = malloc(sizeof (desc) + MAXNAMELEN + 3); 4546 if (b == NULL) 4547 return (b); 4548 4549 p = b; 4550 p += strlcpy(p, desc, sizeof (desc)); 4551 if (zid != GLOBAL_ZONEID) { 4552 p += strlcpy(p, ": ", 3); 4553 (void) getzonenamebyid(zid, p, MAXNAMELEN); 4554 } 4555 return (b); 4556 } 4557 4558 /* 4559 * Generate AUE_init_solaris audit record. Return 1 if 4560 * auditing is enabled in case the caller cares. 4561 * 4562 * In the case of userint() or a local zone invocation of 4563 * one_true_init, the process initially contains the audit 4564 * characteristics of the process that invoked init. The first pass 4565 * through here uses those characteristics then for the case of 4566 * one_true_init in a local zone, clears them so subsequent system 4567 * state changes won't be attributed to the person who booted the 4568 * zone. 4569 */ 4570 static int 4571 audit_put_record(int pass_fail, int status, char *msg) 4572 { 4573 adt_session_data_t *ah; 4574 adt_event_data_t *event; 4575 4576 if (!adt_audit_enabled()) 4577 return (0); 4578 4579 /* 4580 * the PROC_DATA picks up the context to tell whether this is 4581 * an attributed record (auid = -2 is unattributed) 4582 */ 4583 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) { 4584 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4585 return (1); 4586 } 4587 event = adt_alloc_event(ah, ADT_init_solaris); 4588 if (event == NULL) { 4589 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4590 (void) adt_end_session(ah); 4591 return (1); 4592 } 4593 event->adt_init_solaris.info = msg; /* NULL is ok here */ 4594 4595 if (adt_put_event(event, pass_fail, status)) { 4596 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4597 (void) adt_end_session(ah); 4598 return (1); 4599 } 4600 adt_free_event(event); 4601 4602 (void) adt_end_session(ah); 4603 4604 return (1); 4605 } 4606