1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2021 OmniOS Community Edition (OmniOSce) Association. 24 * Copyright 2020 Oxide Computer Company 25 * Copyright (c) 2013 Gary Mills 26 * 27 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved. 28 */ 29 30 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 31 /* All Rights Reserved */ 32 33 /* 34 * University Copyright- Copyright (c) 1982, 1986, 1988 35 * The Regents of the University of California 36 * All Rights Reserved 37 * 38 * University Acknowledgment- Portions of this document are derived from 39 * software developed by the University of California, Berkeley, and its 40 * contributors. 41 */ 42 43 /* 44 * init(1M) is the general process spawning program. Its primary job is to 45 * start and restart svc.startd for smf(5). For backwards-compatibility it also 46 * spawns and respawns processes according to /etc/inittab and the current 47 * run-level. It reads /etc/default/inittab for general configuration. 48 * 49 * To change run-levels the system administrator runs init from the command 50 * line with a level name. init signals svc.startd via libscf and directs the 51 * zone's init (pid 1 in the global zone) what to do by sending it a signal; 52 * these signal numbers are commonly refered to in the code as 'states'. Valid 53 * run-levels are [sS0123456]. Additionally, init can be given directives 54 * [qQabc], which indicate actions to be taken pertaining to /etc/inittab. 55 * 56 * When init processes inittab entries, it finds processes that are to be 57 * spawned at various run-levels. inittab contains the set of the levels for 58 * which each inittab entry is valid. 59 * 60 * State File and Restartability 61 * Premature exit by init(1M) is handled as a special case by the kernel: 62 * init(1M) will be immediately re-executed, retaining its original PID. (PID 63 * 1 in the global zone.) To track the processes it has previously spawned, 64 * as well as other mutable state, init(1M) regularly updates a state file 65 * such that its subsequent invocations have knowledge of its various 66 * dependent processes and duties. 67 * 68 * Process Contracts 69 * We start svc.startd(1M) in a contract and transfer inherited contracts when 70 * restarting it. Everything else is started using the legacy contract 71 * template, and the created contracts are abandoned when they become empty. 72 * 73 * utmpx Entry Handling 74 * Because init(1M) no longer governs the startup process, its knowledge of 75 * when utmpx becomes writable is indirect. However, spawned processes 76 * expect to be constructed with valid utmpx entries. As a result, attempts 77 * to write normal entries will be retried until successful. 78 * 79 * Maintenance Mode 80 * In certain failure scenarios, init(1M) will enter a maintenance mode, in 81 * which it invokes sulogin(1M) to allow the operator an opportunity to 82 * repair the system. Normally, this operation is performed as a 83 * fork(2)-exec(2)-waitpid(3C) sequence with the parent waiting for repair or 84 * diagnosis to be completed. In the cases that fork(2) requests themselves 85 * fail, init(1M) will directly execute sulogin(1M), and allow the kernel to 86 * restart init(1M) on exit from the operator session. 87 * 88 * One scenario where init(1M) enters its maintenance mode is when 89 * svc.startd(1M) begins to fail rapidly, defined as when the average time 90 * between recent failures drops below a given threshold. 91 */ 92 93 #include <sys/contract/process.h> 94 #include <sys/ctfs.h> 95 #include <sys/stat.h> 96 #include <sys/statvfs.h> 97 #include <sys/stropts.h> 98 #include <sys/systeminfo.h> 99 #include <sys/time.h> 100 #include <sys/termios.h> 101 #include <sys/tty.h> 102 #include <sys/types.h> 103 #include <sys/utsname.h> 104 #include <sys/bootbanner.h> 105 106 #include <bsm/adt_event.h> 107 #include <bsm/libbsm.h> 108 #include <security/pam_appl.h> 109 110 #include <assert.h> 111 #include <ctype.h> 112 #include <definit.h> 113 #include <dirent.h> 114 #include <errno.h> 115 #include <fcntl.h> 116 #include <libcontract.h> 117 #include <libcontract_priv.h> 118 #include <libintl.h> 119 #include <libscf.h> 120 #include <libscf_priv.h> 121 #include <poll.h> 122 #include <procfs.h> 123 #include <signal.h> 124 #include <stdarg.h> 125 #include <stdio.h> 126 #include <stdio_ext.h> 127 #include <stdlib.h> 128 #include <string.h> 129 #include <strings.h> 130 #include <syslog.h> 131 #include <time.h> 132 #include <ulimit.h> 133 #include <unistd.h> 134 #include <utmpx.h> 135 #include <wait.h> 136 #include <zone.h> 137 #include <ucontext.h> 138 139 #undef sleep 140 141 #define fioctl(p, sptr, cmd) ioctl(fileno(p), sptr, cmd) 142 #define min(a, b) (((a) < (b)) ? (a) : (b)) 143 144 #define TRUE 1 145 #define FALSE 0 146 #define FAILURE -1 147 148 #define UT_USER_SZ 32 /* Size of a utmpx ut_user field */ 149 #define UT_LINE_SZ 32 /* Size of a utmpx ut_line field */ 150 151 /* 152 * SLEEPTIME The number of seconds "init" sleeps between wakeups if 153 * nothing else requires this "init" wakeup. 154 */ 155 #define SLEEPTIME (5 * 60) 156 157 /* 158 * MAXCMDL The maximum length of a command string in inittab. 159 */ 160 #define MAXCMDL 512 161 162 /* 163 * EXEC The length of the prefix string added to all comamnds 164 * found in inittab. 165 */ 166 #define EXEC (sizeof ("exec ") - 1) 167 168 /* 169 * TWARN The amount of time between warning signal, SIGTERM, 170 * and the fatal kill signal, SIGKILL. 171 */ 172 #define TWARN 5 173 174 #define id_eq(x, y) ((x[0] == y[0] && x[1] == y[1] && x[2] == y[2] &&\ 175 x[3] == y[3]) ? TRUE : FALSE) 176 177 /* 178 * The kernel's default umask is 022 these days; since some processes inherit 179 * their umask from init, init will set it from CMASK in /etc/default/init. 180 * init gets the default umask from the kernel, it sets it to 022 whenever 181 * it wants to create a file and reverts to CMASK afterwards. 182 */ 183 184 static int cmask; 185 186 /* 187 * The following definitions, concluding with the 'lvls' array, provide a 188 * common mapping between level-name (like 'S'), signal number (state), 189 * run-level mask, and specific properties associated with a run-level. 190 * This array should be accessed using the routines lvlname_to_state(), 191 * lvlname_to_mask(), state_to_mask(), and state_to_flags(). 192 */ 193 194 /* 195 * Correspondence of signals to init actions. 196 */ 197 #define LVLQ SIGHUP 198 #define LVL0 SIGINT 199 #define LVL1 SIGQUIT 200 #define LVL2 SIGILL 201 #define LVL3 SIGTRAP 202 #define LVL4 SIGIOT 203 #define LVL5 SIGEMT 204 #define LVL6 SIGFPE 205 #define SINGLE_USER SIGBUS 206 #define LVLa SIGSEGV 207 #define LVLb SIGSYS 208 #define LVLc SIGPIPE 209 210 /* 211 * Bit Mask for each level. Used to determine legal levels. 212 */ 213 #define MASK0 0x0001 214 #define MASK1 0x0002 215 #define MASK2 0x0004 216 #define MASK3 0x0008 217 #define MASK4 0x0010 218 #define MASK5 0x0020 219 #define MASK6 0x0040 220 #define MASKSU 0x0080 221 #define MASKa 0x0100 222 #define MASKb 0x0200 223 #define MASKc 0x0400 224 225 #define MASK_NUMERIC (MASK0 | MASK1 | MASK2 | MASK3 | MASK4 | MASK5 | MASK6) 226 #define MASK_abc (MASKa | MASKb | MASKc) 227 228 /* 229 * Flags to indicate properties of various states. 230 */ 231 #define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */ 232 233 typedef struct lvl { 234 int lvl_state; 235 int lvl_mask; 236 char lvl_name; 237 int lvl_flags; 238 } lvl_t; 239 240 static lvl_t lvls[] = { 241 { LVLQ, 0, 'Q', 0 }, 242 { LVLQ, 0, 'q', 0 }, 243 { LVL0, MASK0, '0', LSEL_RUNLEVEL }, 244 { LVL1, MASK1, '1', LSEL_RUNLEVEL }, 245 { LVL2, MASK2, '2', LSEL_RUNLEVEL }, 246 { LVL3, MASK3, '3', LSEL_RUNLEVEL }, 247 { LVL4, MASK4, '4', LSEL_RUNLEVEL }, 248 { LVL5, MASK5, '5', LSEL_RUNLEVEL }, 249 { LVL6, MASK6, '6', LSEL_RUNLEVEL }, 250 { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL }, 251 { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL }, 252 { LVLa, MASKa, 'a', 0 }, 253 { LVLb, MASKb, 'b', 0 }, 254 { LVLc, MASKc, 'c', 0 } 255 }; 256 257 #define LVL_NELEMS (sizeof (lvls) / sizeof (lvl_t)) 258 259 /* 260 * Legal action field values. 261 */ 262 #define OFF 0 /* Kill process if on, else ignore */ 263 #define RESPAWN 1 /* Continuously restart process when it dies */ 264 #define ONDEMAND RESPAWN /* Respawn for a, b, c type processes */ 265 #define ONCE 2 /* Start process, do not respawn when dead */ 266 #define WAIT 3 /* Perform once and wait to complete */ 267 #define BOOT 4 /* Start at boot time only */ 268 #define BOOTWAIT 5 /* Start at boot time and wait to complete */ 269 #define POWERFAIL 6 /* Start on powerfail */ 270 #define POWERWAIT 7 /* Start and wait for complete on powerfail */ 271 #define INITDEFAULT 8 /* Default level "init" should start at */ 272 #define SYSINIT 9 /* Actions performed before init speaks */ 273 274 #define M_OFF 0001 275 #define M_RESPAWN 0002 276 #define M_ONDEMAND M_RESPAWN 277 #define M_ONCE 0004 278 #define M_WAIT 0010 279 #define M_BOOT 0020 280 #define M_BOOTWAIT 0040 281 #define M_PF 0100 282 #define M_PWAIT 0200 283 #define M_INITDEFAULT 0400 284 #define M_SYSINIT 01000 285 286 /* States for the inittab parser in getcmd(). */ 287 #define ID 1 288 #define LEVELS 2 289 #define ACTION 3 290 #define COMMAND 4 291 #define COMMENT 5 292 293 /* 294 * inittab entry id constants 295 */ 296 #define INITTAB_ENTRY_ID_SIZE 4 297 #define INITTAB_ENTRY_ID_STR_FORMAT "%.4s" /* if INITTAB_ENTRY_ID_SIZE */ 298 /* changes, this should */ 299 /* change accordingly */ 300 301 /* 302 * Init can be in any of three main states, "normal" mode where it is 303 * processing entries for the lines file in a normal fashion, "boot" mode, 304 * where it is only interested in the boot actions, and "powerfail" mode, 305 * where it is only interested in powerfail related actions. The following 306 * masks declare the legal actions for each mode. 307 */ 308 #define NORMAL_MODES (M_OFF | M_RESPAWN | M_ONCE | M_WAIT) 309 #define BOOT_MODES (M_BOOT | M_BOOTWAIT) 310 #define PF_MODES (M_PF | M_PWAIT) 311 312 struct PROC_TABLE { 313 char p_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */ 314 /* process */ 315 pid_t p_pid; /* Process id */ 316 short p_count; /* How many respawns of this command in */ 317 /* the current series */ 318 long p_time; /* Start time for a series of respawns */ 319 short p_flags; 320 short p_exit; /* Exit status of a process which died */ 321 }; 322 323 /* 324 * Flags for the "p_flags" word of a PROC_TABLE entry: 325 * 326 * OCCUPIED This slot in init's proc table is in use. 327 * 328 * LIVING Process is alive. 329 * 330 * NOCLEANUP efork() is not allowed to cleanup this entry even 331 * if process is dead. 332 * 333 * NAMED This process has a name, i.e. came from inittab. 334 * 335 * DEMANDREQUEST Process started by a "telinit [abc]" command. Processes 336 * formed this way are respawnable and immune to level 337 * changes as long as their entry exists in inittab. 338 * 339 * TOUCHED Flag used by remv() to determine whether it has looked 340 * at an entry while checking for processes to be killed. 341 * 342 * WARNED Flag used by remv() to mark processes that have been 343 * sent the SIGTERM signal. If they don't die in 5 344 * seconds, they are sent the SIGKILL signal. 345 * 346 * KILLED Flag used by remv() to mark procs that have been sent 347 * the SIGTERM and SIGKILL signals. 348 * 349 * PF_MASK Bitwise or of legal flags, for sanity checking. 350 */ 351 #define OCCUPIED 01 352 #define LIVING 02 353 #define NOCLEANUP 04 354 #define NAMED 010 355 #define DEMANDREQUEST 020 356 #define TOUCHED 040 357 #define WARNED 0100 358 #define KILLED 0200 359 #define PF_MASK 0377 360 361 /* 362 * Respawn limits for processes that are to be respawned: 363 * 364 * SPAWN_INTERVAL The number of seconds over which "init" will try to 365 * respawn a process SPAWN_LIMIT times before it gets mad. 366 * 367 * SPAWN_LIMIT The number of respawns "init" will attempt in 368 * SPAWN_INTERVAL seconds before it generates an 369 * error message and inhibits further tries for 370 * INHIBIT seconds. 371 * 372 * INHIBIT The number of seconds "init" ignores an entry it had 373 * trouble spawning unless a "telinit Q" is received. 374 */ 375 376 #define SPAWN_INTERVAL (2*60) 377 #define SPAWN_LIMIT 10 378 #define INHIBIT (5*60) 379 380 /* 381 * The maximum number of decimal digits for an id_t. (ceil(log10 (max_id))) 382 */ 383 #define ID_MAX_STR_LEN 10 384 385 #define NULLPROC ((struct PROC_TABLE *)(0)) 386 #define NO_ROOM ((struct PROC_TABLE *)(FAILURE)) 387 388 struct CMD_LINE { 389 char c_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */ 390 /* process to be affected by */ 391 /* action */ 392 short c_levels; /* Mask of legal levels for process */ 393 short c_action; /* Mask for type of action required */ 394 char *c_command; /* Pointer to init command */ 395 }; 396 397 struct pidrec { 398 int pd_type; /* Command type */ 399 pid_t pd_pid; /* pid to add or remove */ 400 }; 401 402 /* 403 * pd_type's 404 */ 405 #define ADDPID 1 406 #define REMPID 2 407 408 static struct pidlist { 409 pid_t pl_pid; /* pid to watch for */ 410 int pl_dflag; /* Flag indicating SIGCLD from this pid */ 411 short pl_exit; /* Exit status of proc */ 412 struct pidlist *pl_next; /* Next in list */ 413 } *Plhead, *Plfree; 414 415 /* 416 * The following structure contains a set of modes for /dev/syscon 417 * and should match the default contents of /etc/ioctl.syscon. 418 */ 419 static struct termios dflt_termios = { 420 .c_iflag = BRKINT|ICRNL|IXON|IMAXBEL, 421 .c_oflag = OPOST|ONLCR|TAB3, 422 .c_cflag = CS8|CREAD|B9600, 423 .c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN, 424 .c_cc = { CINTR, CQUIT, CERASE, CKILL, CEOF, 0, 0, 0, 425 CSTART, CSTOP, CSWTCH, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT, 426 CSTATUS, CERASE2, 0 427 } 428 }; 429 430 static struct termios stored_syscon_termios; 431 static int write_ioctl = 0; /* Rewrite /etc/ioctl.syscon */ 432 433 static union WAKEUP { 434 struct WAKEFLAGS { 435 unsigned w_usersignal : 1; /* User sent signal to "init" */ 436 unsigned w_childdeath : 1; /* An "init" child died */ 437 unsigned w_powerhit : 1; /* OS experienced powerfail */ 438 } w_flags; 439 int w_mask; 440 } wakeup; 441 442 443 struct init_state { 444 int ist_runlevel; 445 int ist_num_proc; 446 int ist_utmpx_ok; 447 struct PROC_TABLE ist_proc_table[1]; 448 }; 449 450 #define cur_state (g_state->ist_runlevel) 451 #define num_proc (g_state->ist_num_proc) 452 #define proc_table (g_state->ist_proc_table) 453 #define utmpx_ok (g_state->ist_utmpx_ok) 454 455 /* Contract cookies. */ 456 #define ORDINARY_COOKIE 0 457 #define STARTD_COOKIE 1 458 459 460 #ifndef NDEBUG 461 #define bad_error(func, err) { \ 462 (void) fprintf(stderr, "%s:%d: %s() failed with unexpected " \ 463 "error %d. Aborting.\n", __FILE__, __LINE__, (func), (err)); \ 464 abort(); \ 465 } 466 #else 467 #define bad_error(func, err) abort() 468 #endif 469 470 471 /* 472 * Useful file and device names. 473 */ 474 static char *CONSOLE = "/dev/console"; /* Real system console */ 475 static char *INITPIPE_DIR = "/var/run"; 476 static char *INITPIPE = "/var/run/initpipe"; 477 478 #define INIT_STATE_DIR "/etc/svc/volatile" 479 static const char * const init_state_file = INIT_STATE_DIR "/init.state"; 480 static const char * const init_next_state_file = 481 INIT_STATE_DIR "/init-next.state"; 482 483 static const int init_num_proc = 20; /* Initial size of process table. */ 484 485 static char *UTMPX = UTMPX_FILE; /* Snapshot record file */ 486 static char *WTMPX = WTMPX_FILE; /* Long term record file */ 487 static char *INITTAB = "/etc/inittab"; /* Script file for "init" */ 488 static char *SYSTTY = "/dev/systty"; /* System Console */ 489 static char *SYSCON = "/dev/syscon"; /* Virtual System console */ 490 static char *IOCTLSYSCON = "/etc/ioctl.syscon"; /* Last syscon modes */ 491 static char *ENVFILE = DEFINIT_DEFAULT_FILE; /* Default env. */ 492 static char *SU = "/etc/sulogin"; /* Super-user program for single user */ 493 static char *SH = "/sbin/sh"; /* Standard shell */ 494 495 /* 496 * Default Path. /sbin is included in path only during sysinit phase 497 */ 498 #define DEF_PATH "PATH=/usr/sbin:/usr/bin" 499 #define INIT_PATH "PATH=/sbin:/usr/sbin:/usr/bin" 500 501 static int prior_state; 502 static int prev_state; /* State "init" was in last time it woke */ 503 static int new_state; /* State user wants "init" to go to. */ 504 static int lvlq_received; /* Explicit request to examine state */ 505 static int op_modes = BOOT_MODES; /* Current state of "init" */ 506 static int Gchild = 0; /* Flag to indicate "godchild" died, set in */ 507 /* childeath() and cleared in cleanaux() */ 508 static int Pfd = -1; /* fd to receive pids thru */ 509 static unsigned int spawncnt, pausecnt; 510 static int rsflag; /* Set if a respawn has taken place */ 511 static volatile int time_up; /* Flag set to TRUE by the alarm interrupt */ 512 /* routine each time an alarm interrupt */ 513 /* takes place. */ 514 static int sflg = 0; /* Set if we were booted -s to single user */ 515 static int rflg = 0; /* Set if booted -r, reconfigure devices */ 516 static int bflg = 0; /* Set if booted -b, don't run rc scripts */ 517 static pid_t init_pid; /* PID of "one true" init for current zone */ 518 519 static struct init_state *g_state = NULL; 520 static size_t g_state_sz; 521 static int booting = 1; /* Set while we're booting. */ 522 523 /* 524 * Array for default global environment. 525 */ 526 #define MAXENVENT 24 /* Max number of default env variables + 1 */ 527 /* init can use three itself, so this leaves */ 528 /* 20 for the administrator in ENVFILE. */ 529 static char *glob_envp[MAXENVENT]; /* Array of environment strings */ 530 static int glob_envn; /* Number of environment strings */ 531 532 533 static struct pollfd poll_fds[1]; 534 static int poll_nfds = 0; /* poll_fds is uninitialized */ 535 536 /* 537 * Contracts constants 538 */ 539 #define SVC_INIT_PREFIX "init:/" 540 #define SVC_AUX_SIZE (INITTAB_ENTRY_ID_SIZE + 1) 541 #define SVC_FMRI_SIZE (sizeof (SVC_INIT_PREFIX) + INITTAB_ENTRY_ID_SIZE) 542 543 static int legacy_tmpl = -1; /* fd for legacy contract template */ 544 static int startd_tmpl = -1; /* fd for svc.startd's template */ 545 static char startd_svc_aux[SVC_AUX_SIZE]; 546 547 static char startd_cline[256] = ""; /* svc.startd's command line */ 548 static int do_restart_startd = 1; /* Whether to restart svc.startd. */ 549 static char *smf_options = NULL; /* Options to give to startd. */ 550 static int smf_debug = 0; /* Messages for debugging smf(5) */ 551 static time_t init_boot_time; /* Substitute for kernel boot time. */ 552 553 #define NSTARTD_FAILURE_TIMES 3 /* trigger after 3 failures */ 554 #define STARTD_FAILURE_RATE_NS 5000000000LL /* 1 failure/5 seconds */ 555 556 static hrtime_t startd_failure_time[NSTARTD_FAILURE_TIMES]; 557 static uint_t startd_failure_index; 558 559 560 static char *prog_name(char *); 561 static int state_to_mask(int); 562 static int lvlname_to_mask(char, int *); 563 static void lscf_set_runlevel(char); 564 static int state_to_flags(int); 565 static char state_to_name(int); 566 static int lvlname_to_state(char); 567 static int getcmd(struct CMD_LINE *, char *); 568 static int realcon(); 569 static int spawn_processes(); 570 static int get_ioctl_syscon(); 571 static int account(short, struct PROC_TABLE *, char *); 572 static void alarmclk(); 573 static void childeath(int); 574 static void cleanaux(); 575 static void clearent(pid_t, short); 576 static void console(boolean_t, char *, ...); 577 static void init_signals(void); 578 static void setup_pipe(); 579 static void killproc(pid_t); 580 static void init_env(); 581 static void boot_init(); 582 static void powerfail(); 583 static void remv(); 584 static void write_ioctl_syscon(); 585 static void spawn(struct PROC_TABLE *, struct CMD_LINE *); 586 static void setimer(int); 587 static void siglvl(int, siginfo_t *, ucontext_t *); 588 static void sigpoll(int); 589 static void enter_maintenance(void); 590 static void timer(int); 591 static void userinit(int, char **); 592 static void notify_pam_dead(struct utmpx *); 593 static long waitproc(struct PROC_TABLE *); 594 static struct PROC_TABLE *efork(int, struct PROC_TABLE *, int); 595 static struct PROC_TABLE *findpslot(struct CMD_LINE *); 596 static void increase_proc_table_size(); 597 static void st_init(); 598 static void st_write(); 599 static void contracts_init(); 600 static void contract_event(struct pollfd *); 601 static int startd_run(const char *, int, ctid_t); 602 static void startd_record_failure(); 603 static int startd_failure_rate_critical(); 604 static char *audit_boot_msg(); 605 static int audit_put_record(int, int, char *); 606 static void update_boot_archive(int new_state); 607 static void init_bootbanner_print(const char *, uint_t); 608 609 int 610 main(int argc, char *argv[]) 611 { 612 int chg_lvl_flag = FALSE, print_banner = FALSE; 613 int may_need_audit = 1; 614 int c; 615 char *msg; 616 617 /* Get a timestamp for use as boot time, if needed. */ 618 (void) time(&init_boot_time); 619 620 /* Get the default umask */ 621 cmask = umask(022); 622 (void) umask(cmask); 623 624 /* Parse the arguments to init. Check for single user */ 625 opterr = 0; 626 while ((c = getopt(argc, argv, "brsm:")) != EOF) { 627 switch (c) { 628 case 'b': 629 rflg = 0; 630 bflg = 1; 631 if (!sflg) 632 sflg++; 633 break; 634 case 'r': 635 bflg = 0; 636 rflg++; 637 break; 638 case 's': 639 if (!bflg) 640 sflg++; 641 break; 642 case 'm': 643 smf_options = optarg; 644 smf_debug = (strstr(smf_options, "debug") != NULL); 645 break; 646 } 647 } 648 649 /* 650 * Determine if we are the main init, or a user invoked init, whose job 651 * it is to inform init to change levels or perform some other action. 652 */ 653 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 654 sizeof (init_pid)) != sizeof (init_pid)) { 655 (void) fprintf(stderr, "could not get pid for init\n"); 656 return (1); 657 } 658 659 /* 660 * If this PID is not the same as the "true" init for the zone, then we 661 * must be in 'user' mode. 662 */ 663 if (getpid() != init_pid) { 664 userinit(argc, argv); 665 } 666 667 if (getzoneid() != GLOBAL_ZONEID) { 668 print_banner = TRUE; 669 } 670 671 /* 672 * Initialize state (and set "booting"). 673 */ 674 st_init(); 675 676 if (booting && print_banner) { 677 /* 678 * We want to print the boot banner as soon as 679 * possible. In the global zone, the kernel does it, 680 * but we do not have that luxury in non-global zones, 681 * so we will print it here. 682 */ 683 #ifdef LEGACY_BANNER 684 struct utsname un; 685 char buf[BUFSIZ]; 686 const char *bits; 687 int r; 688 689 (void) uname(&un); 690 if ((r = sysinfo(SI_ADDRESS_WIDTH, buf, sizeof (buf))) > 0 && 691 r < sizeof (buf)) { 692 bits = buf; 693 } else { 694 bits = "64"; 695 } 696 697 console(B_FALSE, 698 "\n\n%s Release %s Version %s %s-bit\r\n", 699 un.sysname, un.release, un.version, bits); 700 console(B_FALSE, 701 "Copyright (c) 1983, 2010, Oracle and/or its affiliates." 702 " All rights reserved.\r\n"); 703 #else 704 bootbanner_print(init_bootbanner_print, 0); 705 #endif 706 } 707 708 /* 709 * Get the ioctl settings for /dev/syscon from /etc/ioctl.syscon 710 * so that it can be brought up in the state it was in when the 711 * system went down; or set to defaults if ioctl.syscon isn't 712 * valid. 713 * 714 * This needs to be done even if we're restarting so reset_modes() 715 * will work in case we need to go down to single user mode. 716 */ 717 write_ioctl = get_ioctl_syscon(); 718 719 /* 720 * Set up all signals to be caught or ignored as appropriate. 721 */ 722 init_signals(); 723 724 /* Load glob_envp from ENVFILE. */ 725 init_env(); 726 727 contracts_init(); 728 729 if (!booting) { 730 /* cur_state should have been read in. */ 731 732 op_modes = NORMAL_MODES; 733 734 /* Rewrite the ioctl file if it was bad. */ 735 if (write_ioctl) 736 write_ioctl_syscon(); 737 } else { 738 /* 739 * It's fine to boot up with state as zero, because 740 * startd will later tell us the real state. 741 */ 742 cur_state = 0; 743 op_modes = BOOT_MODES; 744 745 boot_init(); 746 } 747 748 prev_state = prior_state = cur_state; 749 750 setup_pipe(); 751 752 /* 753 * Here is the beginning of the main process loop. 754 */ 755 for (;;) { 756 if (lvlq_received) { 757 setup_pipe(); 758 lvlq_received = B_FALSE; 759 } 760 761 /* 762 * Clean up any accounting records for dead "godchildren". 763 */ 764 if (Gchild) 765 cleanaux(); 766 767 /* 768 * If in "normal" mode, check all living processes and initiate 769 * kill sequence on those that should not be there anymore. 770 */ 771 if (op_modes == NORMAL_MODES && cur_state != LVLa && 772 cur_state != LVLb && cur_state != LVLc) 773 remv(); 774 775 /* 776 * If a change in run levels is the reason we awoke, now do 777 * the accounting to report the change in the utmp file. 778 * Also report the change on the system console. 779 */ 780 if (chg_lvl_flag) { 781 chg_lvl_flag = FALSE; 782 783 if (state_to_flags(cur_state) & LSEL_RUNLEVEL) { 784 char rl = state_to_name(cur_state); 785 786 if (rl != -1) 787 lscf_set_runlevel(rl); 788 } 789 790 may_need_audit = 1; 791 } 792 793 /* 794 * Scan the inittab file and spawn and respawn processes that 795 * should be alive in the current state. If inittab does not 796 * exist default to single user mode. 797 */ 798 if (spawn_processes() == FAILURE) { 799 prior_state = prev_state; 800 cur_state = SINGLE_USER; 801 } 802 803 /* If any respawns occurred, take note. */ 804 if (rsflag) { 805 rsflag = 0; 806 spawncnt++; 807 } 808 809 /* 810 * If a powerfail signal was received during the last 811 * sequence, set mode to powerfail. When spawn_processes() is 812 * entered the first thing it does is to check "powerhit". If 813 * it is in PF_MODES then it clears "powerhit" and does 814 * a powerfail sequence. If it is not in PF_MODES, then it 815 * puts itself in PF_MODES and then clears "powerhit". Should 816 * "powerhit" get set again while spawn_processes() is working 817 * on a powerfail sequence, the following code will see that 818 * spawn_processes() tries to execute the powerfail sequence 819 * again. This guarantees that the powerfail sequence will be 820 * successfully completed before further processing takes 821 * place. 822 */ 823 if (wakeup.w_flags.w_powerhit) { 824 op_modes = PF_MODES; 825 /* 826 * Make sure that cur_state != prev_state so that 827 * ONCE and WAIT types work. 828 */ 829 prev_state = 0; 830 } else if (op_modes != NORMAL_MODES) { 831 /* 832 * If spawn_processes() was not just called while in 833 * normal mode, we set the mode to normal and it will 834 * be called again to check normal modes. If we have 835 * just finished a powerfail sequence with prev_state 836 * equal to zero, we set prev_state equal to cur_state 837 * before the next pass through. 838 */ 839 if (op_modes == PF_MODES) 840 prev_state = cur_state; 841 op_modes = NORMAL_MODES; 842 } else if (cur_state == LVLa || cur_state == LVLb || 843 cur_state == LVLc) { 844 /* 845 * If it was a change of levels that awakened us and the 846 * new level is one of the demand levels then reset 847 * cur_state to the previous state and do another scan 848 * to take care of the usual respawn actions. 849 */ 850 cur_state = prior_state; 851 prior_state = prev_state; 852 prev_state = cur_state; 853 } else { 854 prev_state = cur_state; 855 856 if (wakeup.w_mask == 0) { 857 int ret; 858 859 if (may_need_audit && (cur_state == LVL3)) { 860 msg = audit_boot_msg(); 861 862 may_need_audit = 0; 863 (void) audit_put_record(ADT_SUCCESS, 864 ADT_SUCCESS, msg); 865 free(msg); 866 } 867 868 /* 869 * "init" is finished with all actions for 870 * the current wakeup. 871 */ 872 ret = poll(poll_fds, poll_nfds, 873 SLEEPTIME * MILLISEC); 874 pausecnt++; 875 if (ret > 0) 876 contract_event(&poll_fds[0]); 877 else if (ret < 0 && errno != EINTR) 878 console(B_TRUE, "poll() error: %s\n", 879 strerror(errno)); 880 } 881 882 if (wakeup.w_flags.w_usersignal) { 883 /* 884 * Install the new level. This could be a real 885 * change in levels or a telinit [Q|a|b|c] or 886 * just a telinit to the same level at which 887 * we are running. 888 */ 889 if (new_state != cur_state) { 890 if (new_state == LVLa || 891 new_state == LVLb || 892 new_state == LVLc) { 893 prev_state = prior_state; 894 prior_state = cur_state; 895 cur_state = new_state; 896 } else { 897 prev_state = cur_state; 898 if (cur_state >= 0) 899 prior_state = cur_state; 900 cur_state = new_state; 901 chg_lvl_flag = TRUE; 902 } 903 } 904 905 new_state = 0; 906 } 907 908 if (wakeup.w_flags.w_powerhit) 909 op_modes = PF_MODES; 910 911 /* 912 * Clear all wakeup reasons. 913 */ 914 wakeup.w_mask = 0; 915 } 916 } 917 918 /*NOTREACHED*/ 919 } 920 921 static void 922 init_bootbanner_print(const char *line, uint_t num) 923 { 924 const char *pfx = (num == 0) ? "\n\n" : ""; 925 926 console(B_FALSE, "%s%s\r\n", pfx, line); 927 } 928 929 static void 930 update_boot_archive(int new_state) 931 { 932 if (new_state != LVL0 && new_state != LVL5 && new_state != LVL6) 933 return; 934 935 if (getzoneid() != GLOBAL_ZONEID) 936 return; 937 938 (void) system("/sbin/bootadm -ea update_all"); 939 } 940 941 /* 942 * void enter_maintenance() 943 * A simple invocation of sulogin(1M), with no baggage, in the case that we 944 * are unable to activate svc.startd(1M). We fork; the child runs sulogin; 945 * we wait for it to exit. 946 */ 947 static void 948 enter_maintenance() 949 { 950 struct PROC_TABLE *su_process; 951 952 console(B_FALSE, "Requesting maintenance mode\n" 953 "(See /lib/svc/share/README for additional information.)\n"); 954 (void) sighold(SIGCLD); 955 while ((su_process = efork(M_OFF, NULLPROC, NOCLEANUP)) == NO_ROOM) 956 (void) pause(); 957 (void) sigrelse(SIGCLD); 958 if (su_process == NULLPROC) { 959 int fd; 960 961 (void) fclose(stdin); 962 (void) fclose(stdout); 963 (void) fclose(stderr); 964 closefrom(0); 965 966 fd = open(SYSCON, O_RDWR | O_NOCTTY); 967 if (fd >= 0) { 968 (void) dup2(fd, 1); 969 (void) dup2(fd, 2); 970 } else { 971 /* 972 * Need to issue an error message somewhere. 973 */ 974 syslog(LOG_CRIT, "init[%d]: cannot open %s; %s\n", 975 getpid(), SYSCON, strerror(errno)); 976 } 977 978 /* 979 * Execute the "su" program. 980 */ 981 (void) execle(SU, SU, "-", (char *)0, glob_envp); 982 console(B_TRUE, "execle of %s failed: %s\n", SU, 983 strerror(errno)); 984 timer(5); 985 exit(1); 986 } 987 988 /* 989 * If we are the parent, wait around for the child to die 990 * or for "init" to be signaled to change levels. 991 */ 992 while (waitproc(su_process) == FAILURE) { 993 /* 994 * All other reasons for waking are ignored when in 995 * single-user mode. The only child we are interested 996 * in is being waited for explicitly by waitproc(). 997 */ 998 wakeup.w_mask = 0; 999 } 1000 } 1001 1002 /* 1003 * remv() scans through "proc_table" and performs cleanup. If 1004 * there is a process in the table, which shouldn't be here at 1005 * the current run level, then remv() kills the process. 1006 */ 1007 static void 1008 remv() 1009 { 1010 struct PROC_TABLE *process; 1011 struct CMD_LINE cmd; 1012 char cmd_string[MAXCMDL]; 1013 int change_level; 1014 1015 change_level = (cur_state != prev_state ? TRUE : FALSE); 1016 1017 /* 1018 * Clear the TOUCHED flag on all entries so that when we have 1019 * finished scanning inittab, we will be able to tell if we 1020 * have any processes for which there is no entry in inittab. 1021 */ 1022 for (process = proc_table; 1023 (process < proc_table + num_proc); process++) { 1024 process->p_flags &= ~TOUCHED; 1025 } 1026 1027 /* 1028 * Scan all inittab entries. 1029 */ 1030 while (getcmd(&cmd, &cmd_string[0]) == TRUE) { 1031 /* Scan for process which goes with this entry in inittab. */ 1032 for (process = proc_table; 1033 (process < proc_table + num_proc); process++) { 1034 if ((process->p_flags & OCCUPIED) == 0 || 1035 !id_eq(process->p_id, cmd.c_id)) 1036 continue; 1037 1038 /* 1039 * This slot contains the process we are looking for. 1040 */ 1041 1042 /* 1043 * Is the cur_state SINGLE_USER or is this process 1044 * marked as "off" or was this proc started by some 1045 * mechanism other than LVL{a|b|c} and the current level 1046 * does not support this process? 1047 */ 1048 if (cur_state == SINGLE_USER || 1049 cmd.c_action == M_OFF || 1050 ((cmd.c_levels & state_to_mask(cur_state)) == 0 && 1051 (process->p_flags & DEMANDREQUEST) == 0)) { 1052 if (process->p_flags & LIVING) { 1053 /* 1054 * Touch this entry so we know we have 1055 * treated it. Note that procs which 1056 * are already dead at this point and 1057 * should not be restarted are left 1058 * untouched. This causes their slot to 1059 * be freed later after dead accounting 1060 * is done. 1061 */ 1062 process->p_flags |= TOUCHED; 1063 1064 if ((process->p_flags & KILLED) == 0) { 1065 if (change_level) { 1066 process->p_flags 1067 |= WARNED; 1068 (void) kill( 1069 process->p_pid, 1070 SIGTERM); 1071 } else { 1072 /* 1073 * Fork a killing proc 1074 * so "init" can 1075 * continue without 1076 * having to pause for 1077 * TWARN seconds. 1078 */ 1079 killproc( 1080 process->p_pid); 1081 } 1082 process->p_flags |= KILLED; 1083 } 1084 } 1085 } else { 1086 /* 1087 * Process can exist at current level. If it is 1088 * still alive or a DEMANDREQUEST we touch it so 1089 * it will be left alone. Otherwise we leave it 1090 * untouched so it will be accounted for and 1091 * cleaned up later in remv(). Dead 1092 * DEMANDREQUESTs will be accounted but not 1093 * freed. 1094 */ 1095 if (process->p_flags & 1096 (LIVING|NOCLEANUP|DEMANDREQUEST)) 1097 process->p_flags |= TOUCHED; 1098 } 1099 1100 break; 1101 } 1102 } 1103 1104 st_write(); 1105 1106 /* 1107 * If this was a change of levels call, scan through the 1108 * process table for processes that were warned to die. If any 1109 * are found that haven't left yet, sleep for TWARN seconds and 1110 * then send final terminations to any that haven't died yet. 1111 */ 1112 if (change_level) { 1113 1114 /* 1115 * Set the alarm for TWARN seconds on the assumption 1116 * that there will be some that need to be waited for. 1117 * This won't harm anything except we are guaranteed to 1118 * wakeup in TWARN seconds whether we need to or not. 1119 */ 1120 setimer(TWARN); 1121 1122 /* 1123 * Scan for processes which should be dying. We hope they 1124 * will die without having to be sent a SIGKILL signal. 1125 */ 1126 for (process = proc_table; 1127 (process < proc_table + num_proc); process++) { 1128 /* 1129 * If this process should die, hasn't yet, and the 1130 * TWARN time hasn't expired yet, wait for process 1131 * to die or for timer to expire. 1132 */ 1133 while (time_up == FALSE && 1134 (process->p_flags & (WARNED|LIVING|OCCUPIED)) == 1135 (WARNED|LIVING|OCCUPIED)) 1136 (void) pause(); 1137 1138 if (time_up == TRUE) 1139 break; 1140 } 1141 1142 /* 1143 * If we reached the end of the table without the timer 1144 * expiring, then there are no procs which will have to be 1145 * sent the SIGKILL signal. If the timer has expired, then 1146 * it is necessary to scan the table again and send signals 1147 * to all processes which aren't going away nicely. 1148 */ 1149 if (time_up == TRUE) { 1150 for (process = proc_table; 1151 (process < proc_table + num_proc); process++) { 1152 if ((process->p_flags & 1153 (WARNED|LIVING|OCCUPIED)) == 1154 (WARNED|LIVING|OCCUPIED)) 1155 (void) kill(process->p_pid, SIGKILL); 1156 } 1157 } 1158 setimer(0); 1159 } 1160 1161 /* 1162 * Rescan the proc_table for two kinds of entry, those marked LIVING, 1163 * NAMED, which don't have an entry in inittab (haven't been TOUCHED 1164 * by the above scanning), and haven't been sent kill signals, and 1165 * those entries marked not LIVING, NAMED. The former procs are killed. 1166 * The latter have DEAD_PROCESS accounting done and the slot cleared. 1167 */ 1168 for (process = proc_table; 1169 (process < proc_table + num_proc); process++) { 1170 if ((process->p_flags & (LIVING|NAMED|TOUCHED|KILLED|OCCUPIED)) 1171 == (LIVING|NAMED|OCCUPIED)) { 1172 killproc(process->p_pid); 1173 process->p_flags |= KILLED; 1174 } else if ((process->p_flags & (LIVING|NAMED|OCCUPIED)) == 1175 (NAMED|OCCUPIED)) { 1176 (void) account(DEAD_PROCESS, process, NULL); 1177 /* 1178 * If this named proc hasn't been TOUCHED, then free the 1179 * space. It has either died of it's own accord, but 1180 * isn't respawnable or it was killed because it 1181 * shouldn't exist at this level. 1182 */ 1183 if ((process->p_flags & TOUCHED) == 0) 1184 process->p_flags = 0; 1185 } 1186 } 1187 1188 st_write(); 1189 } 1190 1191 /* 1192 * Extract the svc.startd command line and whether to restart it from its 1193 * inittab entry. 1194 */ 1195 /*ARGSUSED*/ 1196 static void 1197 process_startd_line(struct CMD_LINE *cmd, char *cmd_string) 1198 { 1199 size_t sz; 1200 1201 /* Save the command line. */ 1202 if (sflg || rflg) { 1203 /* Also append -r or -s. */ 1204 (void) strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1205 (void) strlcat(startd_cline, " -", sizeof (startd_cline)); 1206 if (sflg) 1207 sz = strlcat(startd_cline, "s", sizeof (startd_cline)); 1208 if (rflg) 1209 sz = strlcat(startd_cline, "r", sizeof (startd_cline)); 1210 } else { 1211 sz = strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1212 } 1213 1214 if (sz >= sizeof (startd_cline)) { 1215 console(B_TRUE, 1216 "svc.startd command line too long. Ignoring.\n"); 1217 startd_cline[0] = '\0'; 1218 return; 1219 } 1220 } 1221 1222 /* 1223 * spawn_processes() scans inittab for entries which should be run at this 1224 * mode. Processes which should be running but are not, are started. 1225 */ 1226 static int 1227 spawn_processes() 1228 { 1229 struct PROC_TABLE *pp; 1230 struct CMD_LINE cmd; 1231 char cmd_string[MAXCMDL]; 1232 short lvl_mask; 1233 int status; 1234 1235 /* 1236 * First check the "powerhit" flag. If it is set, make sure the modes 1237 * are PF_MODES and clear the "powerhit" flag. Avoid the possible race 1238 * on the "powerhit" flag by disallowing a new powerfail interrupt 1239 * between the test of the powerhit flag and the clearing of it. 1240 */ 1241 if (wakeup.w_flags.w_powerhit) { 1242 wakeup.w_flags.w_powerhit = 0; 1243 op_modes = PF_MODES; 1244 } 1245 lvl_mask = state_to_mask(cur_state); 1246 1247 /* 1248 * Scan through all the entries in inittab. 1249 */ 1250 while ((status = getcmd(&cmd, &cmd_string[0])) == TRUE) { 1251 if (id_eq(cmd.c_id, "smf")) { 1252 process_startd_line(&cmd, cmd_string); 1253 continue; 1254 } 1255 1256 retry_for_proc_slot: 1257 1258 /* 1259 * Find out if there is a process slot for this entry already. 1260 */ 1261 if ((pp = findpslot(&cmd)) == NULLPROC) { 1262 /* 1263 * we've run out of proc table entries 1264 * increase proc_table. 1265 */ 1266 increase_proc_table_size(); 1267 1268 /* 1269 * Retry now as we have an empty proc slot. 1270 * In case increase_proc_table_size() fails, 1271 * we will keep retrying. 1272 */ 1273 goto retry_for_proc_slot; 1274 } 1275 1276 /* 1277 * If there is an entry, and it is marked as DEMANDREQUEST, 1278 * one of the levels a, b, or c is in its levels mask, and 1279 * the action field is ONDEMAND and ONDEMAND is a permissable 1280 * mode, and the process is dead, then respawn it. 1281 */ 1282 if (((pp->p_flags & (LIVING|DEMANDREQUEST)) == DEMANDREQUEST) && 1283 (cmd.c_levels & MASK_abc) && 1284 (cmd.c_action & op_modes) == M_ONDEMAND) { 1285 spawn(pp, &cmd); 1286 continue; 1287 } 1288 1289 /* 1290 * If the action is not an action we are interested in, 1291 * skip the entry. 1292 */ 1293 if ((cmd.c_action & op_modes) == 0 || pp->p_flags & LIVING || 1294 (cmd.c_levels & lvl_mask) == 0) 1295 continue; 1296 1297 /* 1298 * If the modes are the normal modes (ONCE, WAIT, RESPAWN, OFF, 1299 * ONDEMAND) and the action field is either OFF or the action 1300 * field is ONCE or WAIT and the current level is the same as 1301 * the last level, then skip this entry. ONCE and WAIT only 1302 * get run when the level changes. 1303 */ 1304 if (op_modes == NORMAL_MODES && 1305 (cmd.c_action == M_OFF || 1306 (cmd.c_action & (M_ONCE|M_WAIT)) && 1307 cur_state == prev_state)) 1308 continue; 1309 1310 /* 1311 * At this point we are interested in performing the action for 1312 * this entry. Actions fall into two categories, spinning off 1313 * a process and not waiting, and spinning off a process and 1314 * waiting for it to die. If the action is ONCE, RESPAWN, 1315 * ONDEMAND, POWERFAIL, or BOOT we don't wait for the process 1316 * to die, for all other actions we do wait. 1317 */ 1318 if (cmd.c_action & (M_ONCE | M_RESPAWN | M_PF | M_BOOT)) { 1319 spawn(pp, &cmd); 1320 1321 } else { 1322 spawn(pp, &cmd); 1323 while (waitproc(pp) == FAILURE) 1324 ; 1325 (void) account(DEAD_PROCESS, pp, NULL); 1326 pp->p_flags = 0; 1327 } 1328 } 1329 return (status); 1330 } 1331 1332 /* 1333 * spawn() spawns a shell, inserts the information about the process 1334 * process into the proc_table, and does the startup accounting. 1335 */ 1336 static void 1337 spawn(struct PROC_TABLE *process, struct CMD_LINE *cmd) 1338 { 1339 int i; 1340 int modes, maxfiles; 1341 time_t now; 1342 struct PROC_TABLE tmproc, *oprocess; 1343 1344 /* 1345 * The modes to be sent to efork() are 0 unless we are 1346 * spawning a LVLa, LVLb, or LVLc entry or we will be 1347 * waiting for the death of the child before continuing. 1348 */ 1349 modes = NAMED; 1350 if (process->p_flags & DEMANDREQUEST || cur_state == LVLa || 1351 cur_state == LVLb || cur_state == LVLc) 1352 modes |= DEMANDREQUEST; 1353 if ((cmd->c_action & (M_SYSINIT | M_WAIT | M_BOOTWAIT | M_PWAIT)) != 0) 1354 modes |= NOCLEANUP; 1355 1356 /* 1357 * If this is a respawnable process, check the threshold 1358 * information to avoid excessive respawns. 1359 */ 1360 if (cmd->c_action & M_RESPAWN) { 1361 /* 1362 * Add NOCLEANUP to all respawnable commands so that the 1363 * information about the frequency of respawns isn't lost. 1364 */ 1365 modes |= NOCLEANUP; 1366 (void) time(&now); 1367 1368 /* 1369 * If no time is assigned, then this is the first time 1370 * this command is being processed in this series. Assign 1371 * the current time. 1372 */ 1373 if (process->p_time == 0L) 1374 process->p_time = now; 1375 1376 if (process->p_count++ == SPAWN_LIMIT) { 1377 1378 if ((now - process->p_time) < SPAWN_INTERVAL) { 1379 /* 1380 * Process is respawning too rapidly. Print 1381 * message and refuse to respawn it for now. 1382 */ 1383 console(B_TRUE, "Command is respawning too " 1384 "rapidly. Check for possible errors.\n" 1385 "id:%4s \"%s\"\n", 1386 &cmd->c_id[0], &cmd->c_command[EXEC]); 1387 return; 1388 } 1389 process->p_time = now; 1390 process->p_count = 0; 1391 1392 } else if (process->p_count > SPAWN_LIMIT) { 1393 /* 1394 * If process has been respawning too rapidly and 1395 * the inhibit time limit hasn't expired yet, we 1396 * refuse to respawn. 1397 */ 1398 if (now - process->p_time < SPAWN_INTERVAL + INHIBIT) 1399 return; 1400 process->p_time = now; 1401 process->p_count = 0; 1402 } 1403 rsflag = TRUE; 1404 } 1405 1406 /* 1407 * Spawn a child process to execute this command. 1408 */ 1409 (void) sighold(SIGCLD); 1410 oprocess = process; 1411 while ((process = efork(cmd->c_action, oprocess, modes)) == NO_ROOM) 1412 (void) pause(); 1413 1414 if (process == NULLPROC) { 1415 1416 /* 1417 * We are the child. We must make sure we get a different 1418 * file pointer for our references to utmpx. Otherwise our 1419 * seeks and reads will compete with those of the parent. 1420 */ 1421 endutxent(); 1422 1423 /* 1424 * Perform the accounting for the beginning of a process. 1425 * Note that all processes are initially "INIT_PROCESS"es. 1426 */ 1427 tmproc.p_id[0] = cmd->c_id[0]; 1428 tmproc.p_id[1] = cmd->c_id[1]; 1429 tmproc.p_id[2] = cmd->c_id[2]; 1430 tmproc.p_id[3] = cmd->c_id[3]; 1431 tmproc.p_pid = getpid(); 1432 tmproc.p_exit = 0; 1433 (void) account(INIT_PROCESS, &tmproc, 1434 prog_name(&cmd->c_command[EXEC])); 1435 maxfiles = ulimit(UL_GDESLIM, 0); 1436 for (i = 0; i < maxfiles; i++) 1437 (void) fcntl(i, F_SETFD, FD_CLOEXEC); 1438 1439 /* 1440 * Now exec a shell with the -c option and the command 1441 * from inittab. 1442 */ 1443 (void) execle(SH, "INITSH", "-c", cmd->c_command, (char *)0, 1444 glob_envp); 1445 console(B_TRUE, "Command\n\"%s\"\n failed to execute. errno " 1446 "= %d (exec of shell failed)\n", cmd->c_command, errno); 1447 1448 /* 1449 * Don't come back so quickly that "init" doesn't have a 1450 * chance to finish putting this child in "proc_table". 1451 */ 1452 timer(20); 1453 exit(1); 1454 1455 } 1456 1457 /* 1458 * We are the parent. Insert the necessary 1459 * information in the proc_table. 1460 */ 1461 process->p_id[0] = cmd->c_id[0]; 1462 process->p_id[1] = cmd->c_id[1]; 1463 process->p_id[2] = cmd->c_id[2]; 1464 process->p_id[3] = cmd->c_id[3]; 1465 1466 st_write(); 1467 1468 (void) sigrelse(SIGCLD); 1469 } 1470 1471 /* 1472 * findpslot() finds the old slot in the process table for the 1473 * command with the same id, or it finds an empty slot. 1474 */ 1475 static struct PROC_TABLE * 1476 findpslot(struct CMD_LINE *cmd) 1477 { 1478 struct PROC_TABLE *process; 1479 struct PROC_TABLE *empty = NULLPROC; 1480 1481 for (process = proc_table; 1482 (process < proc_table + num_proc); process++) { 1483 if (process->p_flags & OCCUPIED && 1484 id_eq(process->p_id, cmd->c_id)) 1485 break; 1486 1487 /* 1488 * If the entry is totally empty and "empty" is still 0, 1489 * remember where this hole is and make sure the slot is 1490 * zeroed out. 1491 */ 1492 if (empty == NULLPROC && (process->p_flags & OCCUPIED) == 0) { 1493 empty = process; 1494 process->p_id[0] = '\0'; 1495 process->p_id[1] = '\0'; 1496 process->p_id[2] = '\0'; 1497 process->p_id[3] = '\0'; 1498 process->p_pid = 0; 1499 process->p_time = 0L; 1500 process->p_count = 0; 1501 process->p_flags = 0; 1502 process->p_exit = 0; 1503 } 1504 } 1505 1506 /* 1507 * If there is no entry for this slot, then there should be an 1508 * empty slot. If there is no empty slot, then we've run out 1509 * of proc_table space. If the latter is true, empty will be 1510 * NULL and the caller will have to complain. 1511 */ 1512 if (process == (proc_table + num_proc)) 1513 process = empty; 1514 1515 return (process); 1516 } 1517 1518 /* 1519 * getcmd() parses lines from inittab. Each time it finds a command line 1520 * it will return TRUE as well as fill the passed CMD_LINE structure and 1521 * the shell command string. When the end of inittab is reached, FALSE 1522 * is returned inittab is automatically opened if it is not currently open 1523 * and is closed when the end of the file is reached. 1524 */ 1525 static FILE *fp_inittab = NULL; 1526 1527 static int 1528 getcmd(struct CMD_LINE *cmd, char *shcmd) 1529 { 1530 char *ptr; 1531 int c, lastc, state; 1532 char *ptr1; 1533 int answer, i, proceed; 1534 struct stat sbuf; 1535 static char *actions[] = { 1536 "off", "respawn", "ondemand", "once", "wait", "boot", 1537 "bootwait", "powerfail", "powerwait", "initdefault", 1538 "sysinit", 1539 }; 1540 static short act_masks[] = { 1541 M_OFF, M_RESPAWN, M_ONDEMAND, M_ONCE, M_WAIT, M_BOOT, 1542 M_BOOTWAIT, M_PF, M_PWAIT, M_INITDEFAULT, M_SYSINIT, 1543 }; 1544 /* 1545 * Only these actions will be allowed for entries which 1546 * are specified for single-user mode. 1547 */ 1548 short su_acts = M_INITDEFAULT | M_PF | M_PWAIT | M_WAIT; 1549 1550 if (fp_inittab == NULL) { 1551 /* 1552 * Before attempting to open inittab we stat it to make 1553 * sure it currently exists and is not empty. We try 1554 * several times because someone may have temporarily 1555 * unlinked or truncated the file. 1556 */ 1557 for (i = 0; i < 3; i++) { 1558 if (stat(INITTAB, &sbuf) == -1) { 1559 if (i == 2) { 1560 console(B_TRUE, 1561 "Cannot stat %s, errno: %d\n", 1562 INITTAB, errno); 1563 return (FAILURE); 1564 } else { 1565 timer(3); 1566 } 1567 } else if (sbuf.st_size < 10) { 1568 if (i == 2) { 1569 console(B_TRUE, 1570 "%s truncated or corrupted\n", 1571 INITTAB); 1572 return (FAILURE); 1573 } else { 1574 timer(3); 1575 } 1576 } else { 1577 break; 1578 } 1579 } 1580 1581 /* 1582 * If unable to open inittab, print error message and 1583 * return FAILURE to caller. 1584 */ 1585 if ((fp_inittab = fopen(INITTAB, "r")) == NULL) { 1586 console(B_TRUE, "Cannot open %s errno: %d\n", INITTAB, 1587 errno); 1588 return (FAILURE); 1589 } 1590 } 1591 1592 /* 1593 * Keep getting commands from inittab until you find a 1594 * good one or run out of file. 1595 */ 1596 for (answer = FALSE; answer == FALSE; ) { 1597 /* 1598 * Zero out the cmd itself before trying next line. 1599 */ 1600 bzero(cmd, sizeof (struct CMD_LINE)); 1601 1602 /* 1603 * Read in lines of inittab, parsing at colons, until a line is 1604 * read in which doesn't end with a backslash. Do not start if 1605 * the first character read is an EOF. Note that this means 1606 * that lines which don't end in a newline are still processed, 1607 * since the "for" will terminate normally once started, 1608 * regardless of whether line terminates with a newline or EOF. 1609 */ 1610 state = FAILURE; 1611 if ((c = fgetc(fp_inittab)) == EOF) { 1612 answer = FALSE; 1613 (void) fclose(fp_inittab); 1614 fp_inittab = NULL; 1615 break; 1616 } 1617 1618 for (proceed = TRUE, ptr = shcmd, state = ID, lastc = '\0'; 1619 proceed && c != EOF; 1620 lastc = c, c = fgetc(fp_inittab)) { 1621 /* If we're not in the FAILURE state and haven't */ 1622 /* yet reached the shell command field, process */ 1623 /* the line, otherwise just look for a real end */ 1624 /* of line. */ 1625 if (state != FAILURE && state != COMMAND) { 1626 /* 1627 * Squeeze out spaces and tabs. 1628 */ 1629 if (c == ' ' || c == '\t') 1630 continue; 1631 1632 /* 1633 * Ignore characters in a comment, except for the \n. 1634 */ 1635 if (state == COMMENT) { 1636 if (c == '\n') { 1637 lastc = ' '; 1638 break; 1639 } else { 1640 continue; 1641 } 1642 } 1643 1644 /* 1645 * Detect comments (lines whose first non-whitespace 1646 * character is '#') by checking that we're at the 1647 * beginning of a line, have seen a '#', and haven't 1648 * yet accumulated any characters. 1649 */ 1650 if (state == ID && c == '#' && ptr == shcmd) { 1651 state = COMMENT; 1652 continue; 1653 } 1654 1655 /* 1656 * If the character is a ':', then check the 1657 * previous field for correctness and advance 1658 * to the next field. 1659 */ 1660 if (c == ':') { 1661 switch (state) { 1662 1663 case ID : 1664 /* 1665 * Check to see that there are only 1666 * 1 to 4 characters for the id. 1667 */ 1668 if ((i = ptr - shcmd) < 1 || i > 4) { 1669 state = FAILURE; 1670 } else { 1671 bcopy(shcmd, &cmd->c_id[0], i); 1672 ptr = shcmd; 1673 state = LEVELS; 1674 } 1675 break; 1676 1677 case LEVELS : 1678 /* 1679 * Build a mask for all the levels for 1680 * which this command will be legal. 1681 */ 1682 for (cmd->c_levels = 0, ptr1 = shcmd; 1683 ptr1 < ptr; ptr1++) { 1684 int mask; 1685 if (lvlname_to_mask(*ptr1, 1686 &mask) == -1) { 1687 state = FAILURE; 1688 break; 1689 } 1690 cmd->c_levels |= mask; 1691 } 1692 if (state != FAILURE) { 1693 state = ACTION; 1694 ptr = shcmd; /* Reset the buffer */ 1695 } 1696 break; 1697 1698 case ACTION : 1699 /* 1700 * Null terminate the string in shcmd buffer and 1701 * then try to match against legal actions. If 1702 * the field is of length 0, then the default of 1703 * "RESPAWN" is used if the id is numeric, 1704 * otherwise the default is "OFF". 1705 */ 1706 if (ptr == shcmd) { 1707 if (isdigit(cmd->c_id[0]) && 1708 (cmd->c_id[1] == '\0' || 1709 isdigit(cmd->c_id[1])) && 1710 (cmd->c_id[2] == '\0' || 1711 isdigit(cmd->c_id[2])) && 1712 (cmd->c_id[3] == '\0' || 1713 isdigit(cmd->c_id[3]))) 1714 cmd->c_action = M_RESPAWN; 1715 else 1716 cmd->c_action = M_OFF; 1717 } else { 1718 for (cmd->c_action = 0, i = 0, 1719 *ptr = '\0'; 1720 i < 1721 sizeof (actions)/sizeof (char *); 1722 i++) { 1723 if (strcmp(shcmd, actions[i]) == 0) { 1724 if ((cmd->c_levels & MASKSU) && 1725 !(act_masks[i] & su_acts)) 1726 cmd->c_action = 0; 1727 else 1728 cmd->c_action = 1729 act_masks[i]; 1730 break; 1731 } 1732 } 1733 } 1734 1735 /* 1736 * If the action didn't match any legal action, 1737 * set state to FAILURE. 1738 */ 1739 if (cmd->c_action == 0) { 1740 state = FAILURE; 1741 } else { 1742 state = COMMAND; 1743 (void) strcpy(shcmd, "exec "); 1744 } 1745 ptr = shcmd + EXEC; 1746 break; 1747 } 1748 continue; 1749 } 1750 } 1751 1752 /* If the character is a '\n', then this is the end of a */ 1753 /* line. If the '\n' wasn't preceded by a backslash, */ 1754 /* it is also the end of an inittab command. If it was */ 1755 /* preceded by a backslash then the next line is a */ 1756 /* continuation. Note that the continuation '\n' falls */ 1757 /* through and is treated like other characters and is */ 1758 /* stored in the shell command line. */ 1759 if (c == '\n' && lastc != '\\') { 1760 proceed = FALSE; 1761 *ptr = '\0'; 1762 break; 1763 } 1764 1765 /* For all other characters just stuff them into the */ 1766 /* command as long as there aren't too many of them. */ 1767 /* Make sure there is room for a terminating '\0' also. */ 1768 if (ptr >= shcmd + MAXCMDL - 1) 1769 state = FAILURE; 1770 else 1771 *ptr++ = (char)c; 1772 1773 /* If the character we just stored was a quoted */ 1774 /* backslash, then change "c" to '\0', so that this */ 1775 /* backslash will not cause a subsequent '\n' to appear */ 1776 /* quoted. In otherwords '\' '\' '\n' is the real end */ 1777 /* of a command, while '\' '\n' is a continuation. */ 1778 if (c == '\\' && lastc == '\\') 1779 c = '\0'; 1780 } 1781 1782 /* 1783 * Make sure all the fields are properly specified 1784 * for a good command line. 1785 */ 1786 if (state == COMMAND) { 1787 answer = TRUE; 1788 cmd->c_command = shcmd; 1789 1790 /* 1791 * If no default level was supplied, insert 1792 * all numerical levels. 1793 */ 1794 if (cmd->c_levels == 0) 1795 cmd->c_levels = MASK_NUMERIC; 1796 1797 /* 1798 * If no action has been supplied, declare this 1799 * entry to be OFF. 1800 */ 1801 if (cmd->c_action == 0) 1802 cmd->c_action = M_OFF; 1803 1804 /* 1805 * If no shell command has been supplied, make sure 1806 * there is a null string in the command field. 1807 */ 1808 if (ptr == shcmd + EXEC) 1809 *shcmd = '\0'; 1810 } else 1811 answer = FALSE; 1812 1813 /* 1814 * If we have reached the end of inittab, then close it 1815 * and quit trying to find a good command line. 1816 */ 1817 if (c == EOF) { 1818 (void) fclose(fp_inittab); 1819 fp_inittab = NULL; 1820 break; 1821 } 1822 } 1823 return (answer); 1824 } 1825 1826 /* 1827 * lvlname_to_state(): convert the character name of a state to its level 1828 * (its corresponding signal number). 1829 */ 1830 static int 1831 lvlname_to_state(char name) 1832 { 1833 int i; 1834 for (i = 0; i < LVL_NELEMS; i++) { 1835 if (lvls[i].lvl_name == name) 1836 return (lvls[i].lvl_state); 1837 } 1838 return (-1); 1839 } 1840 1841 /* 1842 * state_to_name(): convert the level to the character name. 1843 */ 1844 static char 1845 state_to_name(int state) 1846 { 1847 int i; 1848 for (i = 0; i < LVL_NELEMS; i++) { 1849 if (lvls[i].lvl_state == state) 1850 return (lvls[i].lvl_name); 1851 } 1852 return (-1); 1853 } 1854 1855 /* 1856 * state_to_mask(): return the mask corresponding to a signal number 1857 */ 1858 static int 1859 state_to_mask(int state) 1860 { 1861 int i; 1862 for (i = 0; i < LVL_NELEMS; i++) { 1863 if (lvls[i].lvl_state == state) 1864 return (lvls[i].lvl_mask); 1865 } 1866 return (0); /* return 0, since that represents an empty mask */ 1867 } 1868 1869 /* 1870 * lvlname_to_mask(): return the mask corresponding to a levels character name 1871 */ 1872 static int 1873 lvlname_to_mask(char name, int *mask) 1874 { 1875 int i; 1876 for (i = 0; i < LVL_NELEMS; i++) { 1877 if (lvls[i].lvl_name == name) { 1878 *mask = lvls[i].lvl_mask; 1879 return (0); 1880 } 1881 } 1882 return (-1); 1883 } 1884 1885 /* 1886 * state_to_flags(): return the flags corresponding to a runlevel. These 1887 * indicate properties of that runlevel. 1888 */ 1889 static int 1890 state_to_flags(int state) 1891 { 1892 int i; 1893 for (i = 0; i < LVL_NELEMS; i++) { 1894 if (lvls[i].lvl_state == state) 1895 return (lvls[i].lvl_flags); 1896 } 1897 return (0); 1898 } 1899 1900 /* 1901 * killproc() creates a child which kills the process specified by pid. 1902 */ 1903 void 1904 killproc(pid_t pid) 1905 { 1906 struct PROC_TABLE *process; 1907 1908 (void) sighold(SIGCLD); 1909 while ((process = efork(M_OFF, NULLPROC, 0)) == NO_ROOM) 1910 (void) pause(); 1911 (void) sigrelse(SIGCLD); 1912 1913 if (process == NULLPROC) { 1914 /* 1915 * efork() sets all signal handlers to the default, so reset 1916 * the ALRM handler to make timer() work as expected. 1917 */ 1918 (void) sigset(SIGALRM, alarmclk); 1919 1920 /* 1921 * We are the child. Try to terminate the process nicely 1922 * first using SIGTERM and if it refuses to die in TWARN 1923 * seconds kill it with SIGKILL. 1924 */ 1925 (void) kill(pid, SIGTERM); 1926 (void) timer(TWARN); 1927 (void) kill(pid, SIGKILL); 1928 (void) exit(0); 1929 } 1930 } 1931 1932 /* 1933 * Set up the default environment for all procs to be forked from init. 1934 * Read the values from the /etc/default/init file, except for PATH. If 1935 * there is not enough room in the environment array, the environment 1936 * lines that don't fit are discarded and a message is written to the console. 1937 */ 1938 void 1939 init_env() 1940 { 1941 void *dstate; 1942 const char *tokp; 1943 1944 glob_envp[0] = malloc((unsigned)(strlen(DEF_PATH)+2)); 1945 (void) strcpy(glob_envp[0], DEF_PATH); 1946 glob_envn = 1; 1947 1948 if (rflg) { 1949 glob_envp[1] = 1950 malloc((unsigned)(strlen("_DVFS_RECONFIG=YES")+2)); 1951 (void) strcpy(glob_envp[1], "_DVFS_RECONFIG=YES"); 1952 ++glob_envn; 1953 } else if (bflg == 1) { 1954 glob_envp[1] = 1955 malloc((unsigned)(strlen("RB_NOBOOTRC=YES")+2)); 1956 (void) strcpy(glob_envp[1], "RB_NOBOOTRC=YES"); 1957 ++glob_envn; 1958 } 1959 1960 if (definit_open(ENVFILE, &dstate) != 0) { 1961 console(B_TRUE, 1962 "Cannot open %s. Environment not initialized.\n", 1963 ENVFILE); 1964 return; 1965 } 1966 1967 while ((tokp = definit_token(dstate)) != NULL && 1968 glob_envn < MAXENVENT - 2) { 1969 1970 if (strncmp(tokp, "CMASK=", sizeof ("CMASK=") - 1) == 0) { 1971 long t; 1972 1973 /* We know there's an = */ 1974 t = strtol(strchr(tokp, '=') + 1, NULL, 8); 1975 1976 /* Sanity */ 1977 if (t >= DEFINIT_MIN_UMASK && t <= DEFINIT_MAX_UMASK) 1978 cmask = (int)t; 1979 (void) umask(cmask); 1980 continue; 1981 } 1982 glob_envp[glob_envn] = strdup(tokp); 1983 if (glob_envp[glob_envn] == NULL) { 1984 console(B_TRUE, "Out of memory building environment, " 1985 "truncated.\n"); 1986 break; 1987 } 1988 if (++glob_envn >= MAXENVENT - 1) { 1989 console(B_TRUE, "Too many variables in %s; " 1990 "environment not fully initialized.\n", ENVFILE); 1991 break; 1992 } 1993 } 1994 1995 /* 1996 * Append a null pointer to the environment array to mark its end. 1997 */ 1998 glob_envp[glob_envn] = NULL; 1999 2000 definit_close(dstate); 2001 } 2002 2003 /* 2004 * boot_init(): Do initialization things that should be done at boot. 2005 */ 2006 void 2007 boot_init() 2008 { 2009 int i; 2010 struct PROC_TABLE *process, *oprocess; 2011 struct CMD_LINE cmd; 2012 char line[MAXCMDL]; 2013 char svc_aux[SVC_AUX_SIZE]; 2014 char init_svc_fmri[SVC_FMRI_SIZE]; 2015 char *old_path; 2016 int maxfiles; 2017 2018 /* Use INIT_PATH for sysinit cmds */ 2019 old_path = glob_envp[0]; 2020 glob_envp[0] = malloc((unsigned)(strlen(INIT_PATH)+2)); 2021 (void) strcpy(glob_envp[0], INIT_PATH); 2022 2023 /* 2024 * Scan inittab(4) and process the special svc.startd entry, initdefault 2025 * and sysinit entries. 2026 */ 2027 while (getcmd(&cmd, &line[0]) == TRUE) { 2028 if (startd_tmpl >= 0 && id_eq(cmd.c_id, "smf")) { 2029 process_startd_line(&cmd, line); 2030 (void) snprintf(startd_svc_aux, SVC_AUX_SIZE, 2031 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id); 2032 } else if (cmd.c_action == M_INITDEFAULT) { 2033 /* 2034 * initdefault is no longer meaningful, as the SMF 2035 * milestone controls what (legacy) run level we 2036 * boot to. 2037 */ 2038 console(B_TRUE, 2039 "Ignoring legacy \"initdefault\" entry.\n"); 2040 } else if (cmd.c_action == M_SYSINIT) { 2041 /* 2042 * Execute the "sysinit" entry and wait for it to 2043 * complete. No bookkeeping is performed on these 2044 * entries because we avoid writing to the file system 2045 * until after there has been an chance to check it. 2046 */ 2047 if (process = findpslot(&cmd)) { 2048 (void) sighold(SIGCLD); 2049 (void) snprintf(svc_aux, SVC_AUX_SIZE, 2050 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id); 2051 (void) snprintf(init_svc_fmri, SVC_FMRI_SIZE, 2052 SVC_INIT_PREFIX INITTAB_ENTRY_ID_STR_FORMAT, 2053 cmd.c_id); 2054 if (legacy_tmpl >= 0) { 2055 (void) ct_pr_tmpl_set_svc_fmri( 2056 legacy_tmpl, init_svc_fmri); 2057 (void) ct_pr_tmpl_set_svc_aux( 2058 legacy_tmpl, svc_aux); 2059 } 2060 2061 for (oprocess = process; 2062 (process = efork(M_OFF, oprocess, 2063 (NAMED|NOCLEANUP))) == NO_ROOM; 2064 /* CSTYLED */) 2065 ; 2066 (void) sigrelse(SIGCLD); 2067 2068 if (process == NULLPROC) { 2069 maxfiles = ulimit(UL_GDESLIM, 0); 2070 2071 for (i = 0; i < maxfiles; i++) 2072 (void) fcntl(i, F_SETFD, 2073 FD_CLOEXEC); 2074 (void) execle(SH, "INITSH", "-c", 2075 cmd.c_command, 2076 (char *)0, glob_envp); 2077 console(B_TRUE, 2078 "Command\n\"%s\"\n failed to execute. errno = %d (exec of shell failed)\n", 2079 cmd.c_command, errno); 2080 exit(1); 2081 } else 2082 while (waitproc(process) == FAILURE) 2083 ; 2084 process->p_flags = 0; 2085 st_write(); 2086 } 2087 } 2088 } 2089 2090 /* Restore the path. */ 2091 free(glob_envp[0]); 2092 glob_envp[0] = old_path; 2093 2094 /* 2095 * This will enable st_write() to complain about init_state_file. 2096 */ 2097 booting = 0; 2098 2099 /* 2100 * If the /etc/ioctl.syscon didn't exist or had invalid contents write 2101 * out a correct version. 2102 */ 2103 if (write_ioctl) 2104 write_ioctl_syscon(); 2105 2106 /* 2107 * Start svc.startd(1M), which does most of the work. 2108 */ 2109 if (startd_cline[0] != '\0' && startd_tmpl >= 0) { 2110 /* Start svc.startd. */ 2111 if (startd_run(startd_cline, startd_tmpl, 0) == -1) 2112 cur_state = SINGLE_USER; 2113 } else { 2114 console(B_TRUE, "Absent svc.startd entry or bad " 2115 "contract template. Not starting svc.startd.\n"); 2116 enter_maintenance(); 2117 } 2118 } 2119 2120 /* 2121 * init_signals(): Initialize all signals to either be caught or ignored. 2122 */ 2123 void 2124 init_signals(void) 2125 { 2126 struct sigaction act; 2127 int i; 2128 2129 /* 2130 * Start by ignoring all signals, then selectively re-enable some. 2131 * The SIG_IGN disposition will only affect asynchronous signals: 2132 * any signal that we trigger synchronously that doesn't end up 2133 * being handled by siglvl() will be forcibly delivered by the kernel. 2134 */ 2135 for (i = SIGHUP; i <= SIGRTMAX; i++) 2136 (void) sigset(i, SIG_IGN); 2137 2138 /* 2139 * Handle all level-changing signals using siglvl() and set sa_mask so 2140 * that all level-changing signals are blocked while in siglvl(). 2141 */ 2142 act.sa_handler = siglvl; 2143 act.sa_flags = SA_SIGINFO; 2144 (void) sigemptyset(&act.sa_mask); 2145 2146 (void) sigaddset(&act.sa_mask, LVLQ); 2147 (void) sigaddset(&act.sa_mask, LVL0); 2148 (void) sigaddset(&act.sa_mask, LVL1); 2149 (void) sigaddset(&act.sa_mask, LVL2); 2150 (void) sigaddset(&act.sa_mask, LVL3); 2151 (void) sigaddset(&act.sa_mask, LVL4); 2152 (void) sigaddset(&act.sa_mask, LVL5); 2153 (void) sigaddset(&act.sa_mask, LVL6); 2154 (void) sigaddset(&act.sa_mask, SINGLE_USER); 2155 (void) sigaddset(&act.sa_mask, LVLa); 2156 (void) sigaddset(&act.sa_mask, LVLb); 2157 (void) sigaddset(&act.sa_mask, LVLc); 2158 2159 (void) sigaction(LVLQ, &act, NULL); 2160 (void) sigaction(LVL0, &act, NULL); 2161 (void) sigaction(LVL1, &act, NULL); 2162 (void) sigaction(LVL2, &act, NULL); 2163 (void) sigaction(LVL3, &act, NULL); 2164 (void) sigaction(LVL4, &act, NULL); 2165 (void) sigaction(LVL5, &act, NULL); 2166 (void) sigaction(LVL6, &act, NULL); 2167 (void) sigaction(SINGLE_USER, &act, NULL); 2168 (void) sigaction(LVLa, &act, NULL); 2169 (void) sigaction(LVLb, &act, NULL); 2170 (void) sigaction(LVLc, &act, NULL); 2171 2172 (void) sigset(SIGALRM, alarmclk); 2173 alarmclk(); 2174 2175 (void) sigset(SIGCLD, childeath); 2176 (void) sigset(SIGPWR, powerfail); 2177 } 2178 2179 /* 2180 * Set up pipe for "godchildren". If the file exists and is a pipe just open 2181 * it. Else, if the file system is r/w create it. Otherwise, defer its 2182 * creation and open until after /var/run has been mounted. This function is 2183 * only called on startup and when explicitly requested via LVLQ. 2184 */ 2185 void 2186 setup_pipe() 2187 { 2188 struct stat stat_buf; 2189 struct statvfs statvfs_buf; 2190 struct sigaction act; 2191 2192 /* 2193 * Always close the previous pipe descriptor as the mounted filesystems 2194 * may have changed. 2195 */ 2196 if (Pfd >= 0) 2197 (void) close(Pfd); 2198 2199 if ((stat(INITPIPE, &stat_buf) == 0) && 2200 ((stat_buf.st_mode & (S_IFMT|S_IRUSR)) == (S_IFIFO|S_IRUSR))) 2201 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2202 else 2203 if ((statvfs(INITPIPE_DIR, &statvfs_buf) == 0) && 2204 ((statvfs_buf.f_flag & ST_RDONLY) == 0)) { 2205 (void) unlink(INITPIPE); 2206 (void) mknod(INITPIPE, S_IFIFO | 0600, 0); 2207 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2208 } 2209 2210 if (Pfd >= 0) { 2211 (void) ioctl(Pfd, I_SETSIG, S_INPUT); 2212 /* 2213 * Read pipe in message discard mode. 2214 */ 2215 (void) ioctl(Pfd, I_SRDOPT, RMSGD); 2216 2217 act.sa_handler = sigpoll; 2218 act.sa_flags = 0; 2219 (void) sigemptyset(&act.sa_mask); 2220 (void) sigaddset(&act.sa_mask, SIGCLD); 2221 (void) sigaction(SIGPOLL, &act, NULL); 2222 } 2223 } 2224 2225 /* 2226 * siglvl - handle an asynchronous signal from init(1M) telling us that we 2227 * should change the current run level. We set new_state accordingly. 2228 */ 2229 void 2230 siglvl(int sig, siginfo_t *sip, ucontext_t *ucp) 2231 { 2232 struct PROC_TABLE *process; 2233 struct sigaction act; 2234 2235 /* 2236 * If the signal was from the kernel (rather than init(1M)) then init 2237 * itself tripped the signal. That is, we might have a bug and tripped 2238 * a real SIGSEGV instead of receiving it as an alias for SIGLVLa. In 2239 * such a case we reset the disposition to SIG_DFL, block all signals 2240 * in uc_mask but the current one, and return to the interrupted ucp 2241 * to effect an appropriate death. The kernel will then restart us. 2242 * 2243 * The one exception to SI_FROMKERNEL() is SIGFPE (a.k.a. LVL6), which 2244 * the kernel can send us when it wants to effect an orderly reboot. 2245 * For this case we must also verify si_code is zero, rather than a 2246 * code such as FPE_INTDIV which a bug might have triggered. 2247 */ 2248 if (sip != NULL && SI_FROMKERNEL(sip) && 2249 (sig != SIGFPE || sip->si_code == 0)) { 2250 2251 (void) sigemptyset(&act.sa_mask); 2252 act.sa_handler = SIG_DFL; 2253 act.sa_flags = 0; 2254 (void) sigaction(sig, &act, NULL); 2255 2256 (void) sigfillset(&ucp->uc_sigmask); 2257 (void) sigdelset(&ucp->uc_sigmask, sig); 2258 ucp->uc_flags |= UC_SIGMASK; 2259 2260 (void) setcontext(ucp); 2261 } 2262 2263 /* 2264 * If the signal received is a LVLQ signal, do not really 2265 * change levels, just restate the current level. If the 2266 * signal is not a LVLQ, set the new level to the signal 2267 * received. 2268 */ 2269 if (sig == LVLQ) { 2270 new_state = cur_state; 2271 lvlq_received = B_TRUE; 2272 } else { 2273 new_state = sig; 2274 } 2275 2276 /* 2277 * Clear all times and repeat counts in the process table 2278 * since either the level is changing or the user has editted 2279 * the inittab file and wants us to look at it again. 2280 * If the user has fixed a typo, we don't want residual timing 2281 * data preventing the fixed command line from executing. 2282 */ 2283 for (process = proc_table; 2284 (process < proc_table + num_proc); process++) { 2285 process->p_time = 0L; 2286 process->p_count = 0; 2287 } 2288 2289 /* 2290 * Set the flag to indicate that a "user signal" was received. 2291 */ 2292 wakeup.w_flags.w_usersignal = 1; 2293 } 2294 2295 2296 /* 2297 * alarmclk 2298 */ 2299 static void 2300 alarmclk() 2301 { 2302 time_up = TRUE; 2303 } 2304 2305 /* 2306 * childeath_single(): 2307 * 2308 * This used to be the SIGCLD handler and it was set with signal() 2309 * (as opposed to sigset()). When a child exited we'd come to the 2310 * handler, wait for the child, and reenable the handler with 2311 * signal() just before returning. The implementation of signal() 2312 * checks with waitid() for waitable children and sends a SIGCLD 2313 * if there are some. If children are exiting faster than the 2314 * handler can run we keep sending signals and the handler never 2315 * gets to return and eventually the stack runs out and init dies. 2316 * To prevent that we set the handler with sigset() so the handler 2317 * doesn't need to be reset, and in childeath() (see below) we 2318 * call childeath_single() as long as there are children to be 2319 * waited for. If a child exits while init is in the handler a 2320 * SIGCLD will be pending and delivered on return from the handler. 2321 * If the child was already waited for the handler will have nothing 2322 * to do and return, otherwise the child will be waited for. 2323 */ 2324 static void 2325 childeath_single(pid_t pid, int status) 2326 { 2327 struct PROC_TABLE *process; 2328 struct pidlist *pp; 2329 2330 /* 2331 * Scan the process table to see if we are interested in this process. 2332 */ 2333 for (process = proc_table; 2334 (process < proc_table + num_proc); process++) { 2335 if ((process->p_flags & (LIVING|OCCUPIED)) == 2336 (LIVING|OCCUPIED) && process->p_pid == pid) { 2337 2338 /* 2339 * Mark this process as having died and store the exit 2340 * status. Also set the wakeup flag for a dead child 2341 * and break out of the loop. 2342 */ 2343 process->p_flags &= ~LIVING; 2344 process->p_exit = (short)status; 2345 wakeup.w_flags.w_childdeath = 1; 2346 2347 return; 2348 } 2349 } 2350 2351 /* 2352 * No process was found above, look through auxiliary list. 2353 */ 2354 (void) sighold(SIGPOLL); 2355 pp = Plhead; 2356 while (pp) { 2357 if (pid > pp->pl_pid) { 2358 /* 2359 * Keep on looking. 2360 */ 2361 pp = pp->pl_next; 2362 continue; 2363 } else if (pid < pp->pl_pid) { 2364 /* 2365 * Not in the list. 2366 */ 2367 break; 2368 } else { 2369 /* 2370 * This is a dead "godchild". 2371 */ 2372 pp->pl_dflag = 1; 2373 pp->pl_exit = (short)status; 2374 wakeup.w_flags.w_childdeath = 1; 2375 Gchild = 1; /* Notice to call cleanaux(). */ 2376 break; 2377 } 2378 } 2379 2380 (void) sigrelse(SIGPOLL); 2381 } 2382 2383 /* ARGSUSED */ 2384 static void 2385 childeath(int signo) 2386 { 2387 pid_t pid; 2388 int status; 2389 2390 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) 2391 childeath_single(pid, status); 2392 } 2393 2394 static void 2395 powerfail() 2396 { 2397 (void) nice(-19); 2398 wakeup.w_flags.w_powerhit = 1; 2399 } 2400 2401 /* 2402 * efork() forks a child and the parent inserts the process in its table 2403 * of processes that are directly a result of forks that it has performed. 2404 * The child just changes the "global" with the process id for this process 2405 * to it's new value. 2406 * If efork() is called with a pointer into the proc_table it uses that slot, 2407 * otherwise it searches for a free slot. Regardless of how it was called, 2408 * it returns the pointer to the proc_table entry 2409 * 2410 * The SIGCLD signal is blocked (held) before calling efork() 2411 * and is unblocked (released) after efork() returns. 2412 * 2413 * Ideally, this should be rewritten to use modern signal semantics. 2414 */ 2415 static struct PROC_TABLE * 2416 efork(int action, struct PROC_TABLE *process, int modes) 2417 { 2418 pid_t childpid; 2419 struct PROC_TABLE *proc; 2420 int i; 2421 /* 2422 * Freshen up the proc_table, removing any entries for dead processes 2423 * that don't have NOCLEANUP set. Perform the necessary accounting. 2424 */ 2425 for (proc = proc_table; (proc < proc_table + num_proc); proc++) { 2426 if ((proc->p_flags & (OCCUPIED|LIVING|NOCLEANUP)) == 2427 (OCCUPIED)) { 2428 /* 2429 * Is this a named process? 2430 * If so, do the necessary bookkeeping. 2431 */ 2432 if (proc->p_flags & NAMED) 2433 (void) account(DEAD_PROCESS, proc, NULL); 2434 2435 /* 2436 * Free this entry for new usage. 2437 */ 2438 proc->p_flags = 0; 2439 } 2440 } 2441 2442 while ((childpid = fork()) == FAILURE) { 2443 /* 2444 * Shorten the alarm timer in case someone else's child dies 2445 * and free up a slot in the process table. 2446 */ 2447 setimer(5); 2448 2449 /* 2450 * Wait for some children to die. Since efork() 2451 * is always called with SIGCLD blocked, unblock 2452 * it here so that child death signals can come in. 2453 */ 2454 (void) sigrelse(SIGCLD); 2455 (void) pause(); 2456 (void) sighold(SIGCLD); 2457 setimer(0); 2458 } 2459 2460 if (childpid != 0) { 2461 2462 if (process == NULLPROC) { 2463 /* 2464 * No proc table pointer specified so search 2465 * for a free slot. 2466 */ 2467 for (process = proc_table; process->p_flags != 0 && 2468 (process < proc_table + num_proc); process++) 2469 ; 2470 2471 if (process == (proc_table + num_proc)) { 2472 int old_proc_table_size = num_proc; 2473 2474 /* Increase the process table size */ 2475 increase_proc_table_size(); 2476 if (old_proc_table_size == num_proc) { 2477 /* didn't grow: memory failure */ 2478 return (NO_ROOM); 2479 } else { 2480 process = 2481 proc_table + old_proc_table_size; 2482 } 2483 } 2484 2485 process->p_time = 0L; 2486 process->p_count = 0; 2487 } 2488 process->p_id[0] = '\0'; 2489 process->p_id[1] = '\0'; 2490 process->p_id[2] = '\0'; 2491 process->p_id[3] = '\0'; 2492 process->p_pid = childpid; 2493 process->p_flags = (LIVING | OCCUPIED | modes); 2494 process->p_exit = 0; 2495 2496 st_write(); 2497 } else { 2498 if ((action & (M_WAIT | M_BOOTWAIT)) == 0) 2499 (void) setpgrp(); 2500 2501 process = NULLPROC; 2502 2503 /* 2504 * Reset all signals to the system defaults. 2505 */ 2506 for (i = SIGHUP; i <= SIGRTMAX; i++) 2507 (void) sigset(i, SIG_DFL); 2508 2509 /* 2510 * POSIX B.2.2.2 advises that init should set SIGTTOU, 2511 * SIGTTIN, and SIGTSTP to SIG_IGN. 2512 * 2513 * Make sure that SIGXCPU and SIGXFSZ also remain ignored, 2514 * for backward compatibility. 2515 */ 2516 (void) sigset(SIGTTIN, SIG_IGN); 2517 (void) sigset(SIGTTOU, SIG_IGN); 2518 (void) sigset(SIGTSTP, SIG_IGN); 2519 (void) sigset(SIGXCPU, SIG_IGN); 2520 (void) sigset(SIGXFSZ, SIG_IGN); 2521 } 2522 return (process); 2523 } 2524 2525 2526 /* 2527 * waitproc() waits for a specified process to die. For this function to 2528 * work, the specified process must already in the proc_table. waitproc() 2529 * returns the exit status of the specified process when it dies. 2530 */ 2531 static long 2532 waitproc(struct PROC_TABLE *process) 2533 { 2534 int answer; 2535 sigset_t oldmask, newmask, zeromask; 2536 2537 (void) sigemptyset(&zeromask); 2538 (void) sigemptyset(&newmask); 2539 2540 (void) sigaddset(&newmask, SIGCLD); 2541 2542 /* Block SIGCLD and save the current signal mask */ 2543 if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0) 2544 perror("SIG_BLOCK error"); 2545 2546 /* 2547 * Wait around until the process dies. 2548 */ 2549 if (process->p_flags & LIVING) 2550 (void) sigsuspend(&zeromask); 2551 2552 /* Reset signal mask to unblock SIGCLD */ 2553 if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0) 2554 perror("SIG_SETMASK error"); 2555 2556 if (process->p_flags & LIVING) 2557 return (FAILURE); 2558 2559 /* 2560 * Make sure to only return 16 bits so that answer will always 2561 * be positive whenever the process of interest really died. 2562 */ 2563 answer = (process->p_exit & 0xffff); 2564 2565 /* 2566 * Free the slot in the proc_table. 2567 */ 2568 process->p_flags = 0; 2569 return (answer); 2570 } 2571 2572 /* 2573 * notify_pam_dead(): calls into the PAM framework to close the given session. 2574 */ 2575 static void 2576 notify_pam_dead(struct utmpx *up) 2577 { 2578 pam_handle_t *pamh; 2579 char user[sizeof (up->ut_user) + 1]; 2580 char ttyn[sizeof (up->ut_line) + 1]; 2581 char host[sizeof (up->ut_host) + 1]; 2582 2583 /* 2584 * PAM does not take care of updating utmpx/wtmpx. 2585 */ 2586 (void) snprintf(user, sizeof (user), "%s", up->ut_user); 2587 (void) snprintf(ttyn, sizeof (ttyn), "%s", up->ut_line); 2588 (void) snprintf(host, sizeof (host), "%s", up->ut_host); 2589 2590 if (pam_start("init", user, NULL, &pamh) == PAM_SUCCESS) { 2591 (void) pam_set_item(pamh, PAM_TTY, ttyn); 2592 (void) pam_set_item(pamh, PAM_RHOST, host); 2593 (void) pam_close_session(pamh, 0); 2594 (void) pam_end(pamh, PAM_SUCCESS); 2595 } 2596 } 2597 2598 /* 2599 * Check you can access utmpx (As / may be read-only and 2600 * /var may not be mounted yet). 2601 */ 2602 static int 2603 access_utmpx(void) 2604 { 2605 do { 2606 utmpx_ok = (access(UTMPX, R_OK|W_OK) == 0); 2607 } while (!utmpx_ok && errno == EINTR); 2608 2609 return (utmpx_ok); 2610 } 2611 2612 /* 2613 * account() updates entries in utmpx and appends new entries to the end of 2614 * wtmpx (assuming they exist). The program argument indicates the name of 2615 * program if INIT_PROCESS, otherwise should be NULL. 2616 * 2617 * account() only blocks for INIT_PROCESS requests. 2618 * 2619 * Returns non-zero if write failed. 2620 */ 2621 static int 2622 account(short state, struct PROC_TABLE *process, char *program) 2623 { 2624 struct utmpx utmpbuf, *u, *oldu; 2625 int tmplen; 2626 char fail_buf[UT_LINE_SZ]; 2627 sigset_t block, unblock; 2628 2629 if (!utmpx_ok && !access_utmpx()) { 2630 return (-1); 2631 } 2632 2633 /* 2634 * Set up the prototype for the utmp structure we want to write. 2635 */ 2636 u = &utmpbuf; 2637 (void) memset(u, 0, sizeof (struct utmpx)); 2638 2639 /* 2640 * Fill in the various fields of the utmp structure. 2641 */ 2642 u->ut_id[0] = process->p_id[0]; 2643 u->ut_id[1] = process->p_id[1]; 2644 u->ut_id[2] = process->p_id[2]; 2645 u->ut_id[3] = process->p_id[3]; 2646 u->ut_pid = process->p_pid; 2647 2648 /* 2649 * Fill the "ut_exit" structure. 2650 */ 2651 u->ut_exit.e_termination = WTERMSIG(process->p_exit); 2652 u->ut_exit.e_exit = WEXITSTATUS(process->p_exit); 2653 u->ut_type = state; 2654 2655 (void) time(&u->ut_tv.tv_sec); 2656 2657 /* 2658 * Block signals for utmp update. 2659 */ 2660 (void) sigfillset(&block); 2661 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2662 2663 /* 2664 * See if there already is such an entry in the "utmpx" file. 2665 */ 2666 setutxent(); /* Start at beginning of utmpx file. */ 2667 2668 if ((oldu = getutxid(u)) != NULL) { 2669 /* 2670 * Copy in the old "user", "line" and "host" fields 2671 * to our new structure. 2672 */ 2673 bcopy(oldu->ut_user, u->ut_user, sizeof (u->ut_user)); 2674 bcopy(oldu->ut_line, u->ut_line, sizeof (u->ut_line)); 2675 bcopy(oldu->ut_host, u->ut_host, sizeof (u->ut_host)); 2676 u->ut_syslen = (tmplen = strlen(u->ut_host)) ? 2677 min(tmplen + 1, sizeof (u->ut_host)) : 0; 2678 2679 if (oldu->ut_type == USER_PROCESS && state == DEAD_PROCESS) { 2680 notify_pam_dead(oldu); 2681 } 2682 } 2683 2684 /* 2685 * Perform special accounting. Insert the special string into the 2686 * ut_line array. For INIT_PROCESSes put in the name of the 2687 * program in the "ut_user" field. 2688 */ 2689 switch (state) { 2690 case INIT_PROCESS: 2691 (void) strncpy(u->ut_user, program, sizeof (u->ut_user)); 2692 (void) strcpy(fail_buf, "INIT_PROCESS"); 2693 break; 2694 2695 default: 2696 (void) strlcpy(fail_buf, u->ut_id, sizeof (u->ut_id) + 1); 2697 break; 2698 } 2699 2700 /* 2701 * Write out the updated entry to utmpx file. 2702 */ 2703 if (pututxline(u) == NULL) { 2704 console(B_TRUE, "Failed write of utmpx entry: \"%s\": %s\n", 2705 fail_buf, strerror(errno)); 2706 endutxent(); 2707 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2708 return (-1); 2709 } 2710 2711 /* 2712 * If we're able to write to utmpx, then attempt to add to the 2713 * end of the wtmpx file. 2714 */ 2715 updwtmpx(WTMPX, u); 2716 2717 endutxent(); 2718 2719 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2720 2721 return (0); 2722 } 2723 2724 static void 2725 clearent(pid_t pid, short status) 2726 { 2727 struct utmpx *up; 2728 sigset_t block, unblock; 2729 2730 /* 2731 * Block signals for utmp update. 2732 */ 2733 (void) sigfillset(&block); 2734 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2735 2736 /* 2737 * No error checking for now. 2738 */ 2739 2740 setutxent(); 2741 while (up = getutxent()) { 2742 if (up->ut_pid == pid) { 2743 if (up->ut_type == DEAD_PROCESS) { 2744 /* 2745 * Cleaned up elsewhere. 2746 */ 2747 continue; 2748 } 2749 2750 notify_pam_dead(up); 2751 2752 up->ut_type = DEAD_PROCESS; 2753 up->ut_exit.e_termination = WTERMSIG(status); 2754 up->ut_exit.e_exit = WEXITSTATUS(status); 2755 (void) time(&up->ut_tv.tv_sec); 2756 2757 (void) pututxline(up); 2758 /* 2759 * Now attempt to add to the end of the 2760 * wtmp and wtmpx files. Do not create 2761 * if they don't already exist. 2762 */ 2763 updwtmpx(WTMPX, up); 2764 2765 break; 2766 } 2767 } 2768 2769 endutxent(); 2770 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2771 } 2772 2773 /* 2774 * prog_name() searches for the word or unix path name and 2775 * returns a pointer to the last element of the pathname. 2776 */ 2777 static char * 2778 prog_name(char *string) 2779 { 2780 char *ptr, *ptr2; 2781 static char word[UT_USER_SZ + 1]; 2782 2783 /* 2784 * Search for the first word skipping leading spaces and tabs. 2785 */ 2786 while (*string == ' ' || *string == '\t') 2787 string++; 2788 2789 /* 2790 * If the first non-space non-tab character is not one allowed in 2791 * a word, return a pointer to a null string, otherwise parse the 2792 * pathname. 2793 */ 2794 if (*string != '.' && *string != '/' && *string != '_' && 2795 (*string < 'a' || *string > 'z') && 2796 (*string < 'A' || * string > 'Z') && 2797 (*string < '0' || *string > '9')) 2798 return (""); 2799 2800 /* 2801 * Parse the pathname looking forward for '/', ' ', '\t', '\n' or 2802 * '\0'. Each time a '/' is found, move "ptr" to one past the 2803 * '/', thus when a ' ', '\t', '\n', or '\0' is found, "ptr" will 2804 * point to the last element of the pathname. 2805 */ 2806 for (ptr = string; *string != ' ' && *string != '\t' && 2807 *string != '\n' && *string != '\0'; string++) { 2808 if (*string == '/') 2809 ptr = string+1; 2810 } 2811 2812 /* 2813 * Copy out up to the size of the "ut_user" array into "word", 2814 * null terminate it and return a pointer to it. 2815 */ 2816 for (ptr2 = &word[0]; ptr2 < &word[UT_USER_SZ] && 2817 ptr < string; /* CSTYLED */) 2818 *ptr2++ = *ptr++; 2819 2820 *ptr2 = '\0'; 2821 return (&word[0]); 2822 } 2823 2824 2825 /* 2826 * realcon() returns a nonzero value if there is a character device 2827 * associated with SYSCON that has the same device number as CONSOLE. 2828 */ 2829 static int 2830 realcon() 2831 { 2832 struct stat sconbuf, conbuf; 2833 2834 if (stat(SYSCON, &sconbuf) != -1 && 2835 stat(CONSOLE, &conbuf) != -1 && 2836 S_ISCHR(sconbuf.st_mode) && 2837 S_ISCHR(conbuf.st_mode) && 2838 sconbuf.st_rdev == conbuf.st_rdev) { 2839 return (1); 2840 } else { 2841 return (0); 2842 } 2843 } 2844 2845 2846 /* 2847 * get_ioctl_syscon() retrieves the SYSCON settings from the IOCTLSYSCON file. 2848 * Returns true if the IOCTLSYSCON file needs to be written (with 2849 * write_ioctl_syscon() below) 2850 */ 2851 static int 2852 get_ioctl_syscon() 2853 { 2854 FILE *fp; 2855 unsigned int iflags, oflags, cflags, lflags, ldisc, cc[18]; 2856 int i, valid_format = 0; 2857 2858 /* 2859 * Read in the previous modes for SYSCON from IOCTLSYSCON. 2860 */ 2861 if ((fp = fopen(IOCTLSYSCON, "r")) == NULL) { 2862 stored_syscon_termios = dflt_termios; 2863 console(B_TRUE, 2864 "warning:%s does not exist, default settings assumed\n", 2865 IOCTLSYSCON); 2866 } else { 2867 2868 i = fscanf(fp, 2869 "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2870 &iflags, &oflags, &cflags, &lflags, 2871 &cc[0], &cc[1], &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], 2872 &cc[7], &cc[8], &cc[9], &cc[10], &cc[11], &cc[12], &cc[13], 2873 &cc[14], &cc[15], &cc[16], &cc[17]); 2874 2875 if (i == 22) { 2876 stored_syscon_termios.c_iflag = iflags; 2877 stored_syscon_termios.c_oflag = oflags; 2878 stored_syscon_termios.c_cflag = cflags; 2879 stored_syscon_termios.c_lflag = lflags; 2880 for (i = 0; i < 18; i++) 2881 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2882 valid_format = 1; 2883 } else if (i == 13) { 2884 rewind(fp); 2885 i = fscanf(fp, "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2886 &iflags, &oflags, &cflags, &lflags, &ldisc, &cc[0], &cc[1], 2887 &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], &cc[7]); 2888 2889 /* 2890 * If the file is formatted properly, use the values to 2891 * initialize the console terminal condition. 2892 */ 2893 stored_syscon_termios.c_iflag = (ushort_t)iflags; 2894 stored_syscon_termios.c_oflag = (ushort_t)oflags; 2895 stored_syscon_termios.c_cflag = (ushort_t)cflags; 2896 stored_syscon_termios.c_lflag = (ushort_t)lflags; 2897 for (i = 0; i < 8; i++) 2898 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2899 valid_format = 1; 2900 } 2901 (void) fclose(fp); 2902 2903 /* If the file is badly formatted, use the default settings. */ 2904 if (!valid_format) 2905 stored_syscon_termios = dflt_termios; 2906 } 2907 2908 /* If the file had a bad format, rewrite it later. */ 2909 return (!valid_format); 2910 } 2911 2912 2913 static void 2914 write_ioctl_syscon() 2915 { 2916 FILE *fp; 2917 int i; 2918 2919 (void) unlink(SYSCON); 2920 (void) link(SYSTTY, SYSCON); 2921 (void) umask(022); 2922 fp = fopen(IOCTLSYSCON, "w"); 2923 2924 (void) fprintf(fp, "%x:%x:%x:%x:0", stored_syscon_termios.c_iflag, 2925 stored_syscon_termios.c_oflag, stored_syscon_termios.c_cflag, 2926 stored_syscon_termios.c_lflag); 2927 for (i = 0; i < 8; ++i) 2928 (void) fprintf(fp, ":%x", stored_syscon_termios.c_cc[i]); 2929 (void) putc('\n', fp); 2930 2931 (void) fflush(fp); 2932 (void) fsync(fileno(fp)); 2933 (void) fclose(fp); 2934 (void) umask(cmask); 2935 } 2936 2937 2938 /* 2939 * void console(boolean_t, char *, ...) 2940 * Outputs the requested message to the system console. Note that the number 2941 * of arguments passed to console() should be determined by the print format. 2942 * 2943 * The "prefix" parameter indicates whether or not "INIT: " should precede the 2944 * message. 2945 * 2946 * To make sure we write to the console in a sane fashion, we use the modes 2947 * we keep in stored_syscon_termios (which we read out of /etc/ioctl.syscon). 2948 * Afterwards we restore whatever modes were already there. 2949 */ 2950 /* PRINTFLIKE2 */ 2951 static void 2952 console(boolean_t prefix, char *format, ...) 2953 { 2954 char outbuf[BUFSIZ]; 2955 va_list args; 2956 int fd, getret; 2957 struct termios old_syscon_termios; 2958 FILE *f; 2959 2960 /* 2961 * We open SYSCON anew each time in case it has changed (see 2962 * userinit()). 2963 */ 2964 if ((fd = open(SYSCON, O_RDWR | O_NOCTTY)) < 0 || 2965 (f = fdopen(fd, "r+")) == NULL) { 2966 if (prefix) 2967 syslog(LOG_WARNING, "INIT: "); 2968 va_start(args, format); 2969 vsyslog(LOG_WARNING, format, args); 2970 va_end(args); 2971 if (fd >= 0) 2972 (void) close(fd); 2973 return; 2974 } 2975 setbuf(f, &outbuf[0]); 2976 2977 getret = tcgetattr(fd, &old_syscon_termios); 2978 old_syscon_termios.c_cflag &= ~HUPCL; 2979 if (realcon()) 2980 /* Don't overwrite cflag of real console. */ 2981 stored_syscon_termios.c_cflag = old_syscon_termios.c_cflag; 2982 2983 stored_syscon_termios.c_cflag &= ~HUPCL; 2984 2985 (void) tcsetattr(fd, TCSANOW, &stored_syscon_termios); 2986 2987 if (prefix) 2988 (void) fprintf(f, "\nINIT: "); 2989 va_start(args, format); 2990 (void) vfprintf(f, format, args); 2991 va_end(args); 2992 2993 if (getret == 0) 2994 (void) tcsetattr(fd, TCSADRAIN, &old_syscon_termios); 2995 2996 (void) fclose(f); 2997 } 2998 2999 /* 3000 * timer() is a substitute for sleep() which uses alarm() and pause(). 3001 */ 3002 static void 3003 timer(int waitime) 3004 { 3005 setimer(waitime); 3006 while (time_up == FALSE) 3007 (void) pause(); 3008 } 3009 3010 static void 3011 setimer(int timelimit) 3012 { 3013 alarmclk(); 3014 (void) alarm(timelimit); 3015 time_up = (timelimit ? FALSE : TRUE); 3016 } 3017 3018 /* 3019 * Fails with 3020 * ENOMEM - out of memory 3021 * ECONNABORTED - repository connection broken 3022 * EPERM - permission denied 3023 * EACCES - backend access denied 3024 * EROFS - backend readonly 3025 */ 3026 static int 3027 get_or_add_startd(scf_instance_t *inst) 3028 { 3029 scf_handle_t *h; 3030 scf_scope_t *scope = NULL; 3031 scf_service_t *svc = NULL; 3032 int ret = 0; 3033 3034 h = scf_instance_handle(inst); 3035 3036 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 3037 NULL, NULL, SCF_DECODE_FMRI_EXACT) == 0) 3038 return (0); 3039 3040 switch (scf_error()) { 3041 case SCF_ERROR_CONNECTION_BROKEN: 3042 return (ECONNABORTED); 3043 3044 case SCF_ERROR_NOT_FOUND: 3045 break; 3046 3047 case SCF_ERROR_HANDLE_MISMATCH: 3048 case SCF_ERROR_INVALID_ARGUMENT: 3049 case SCF_ERROR_CONSTRAINT_VIOLATED: 3050 default: 3051 bad_error("scf_handle_decode_fmri", scf_error()); 3052 } 3053 3054 /* Make sure we're right, since we're adding piece-by-piece. */ 3055 assert(strcmp(SCF_SERVICE_STARTD, 3056 "svc:/system/svc/restarter:default") == 0); 3057 3058 if ((scope = scf_scope_create(h)) == NULL || 3059 (svc = scf_service_create(h)) == NULL) { 3060 ret = ENOMEM; 3061 goto out; 3062 } 3063 3064 get_scope: 3065 if (scf_handle_get_scope(h, SCF_SCOPE_LOCAL, scope) != 0) { 3066 switch (scf_error()) { 3067 case SCF_ERROR_CONNECTION_BROKEN: 3068 ret = ECONNABORTED; 3069 goto out; 3070 3071 case SCF_ERROR_NOT_FOUND: 3072 (void) fputs(gettext( 3073 "smf(5) repository missing local scope.\n"), 3074 stderr); 3075 exit(1); 3076 /* NOTREACHED */ 3077 3078 case SCF_ERROR_HANDLE_MISMATCH: 3079 case SCF_ERROR_INVALID_ARGUMENT: 3080 default: 3081 bad_error("scf_handle_get_scope", scf_error()); 3082 } 3083 } 3084 3085 get_svc: 3086 if (scf_scope_get_service(scope, "system/svc/restarter", svc) != 0) { 3087 switch (scf_error()) { 3088 case SCF_ERROR_CONNECTION_BROKEN: 3089 ret = ECONNABORTED; 3090 goto out; 3091 3092 case SCF_ERROR_DELETED: 3093 goto get_scope; 3094 3095 case SCF_ERROR_NOT_FOUND: 3096 break; 3097 3098 case SCF_ERROR_HANDLE_MISMATCH: 3099 case SCF_ERROR_INVALID_ARGUMENT: 3100 case SCF_ERROR_NOT_SET: 3101 default: 3102 bad_error("scf_scope_get_service", scf_error()); 3103 } 3104 3105 add_svc: 3106 if (scf_scope_add_service(scope, "system/svc/restarter", svc) != 3107 0) { 3108 switch (scf_error()) { 3109 case SCF_ERROR_CONNECTION_BROKEN: 3110 ret = ECONNABORTED; 3111 goto out; 3112 3113 case SCF_ERROR_EXISTS: 3114 goto get_svc; 3115 3116 case SCF_ERROR_PERMISSION_DENIED: 3117 ret = EPERM; 3118 goto out; 3119 3120 case SCF_ERROR_BACKEND_ACCESS: 3121 ret = EACCES; 3122 goto out; 3123 3124 case SCF_ERROR_BACKEND_READONLY: 3125 ret = EROFS; 3126 goto out; 3127 3128 case SCF_ERROR_HANDLE_MISMATCH: 3129 case SCF_ERROR_INVALID_ARGUMENT: 3130 case SCF_ERROR_NOT_SET: 3131 default: 3132 bad_error("scf_scope_add_service", scf_error()); 3133 } 3134 } 3135 } 3136 3137 get_inst: 3138 if (scf_service_get_instance(svc, "default", inst) != 0) { 3139 switch (scf_error()) { 3140 case SCF_ERROR_CONNECTION_BROKEN: 3141 ret = ECONNABORTED; 3142 goto out; 3143 3144 case SCF_ERROR_DELETED: 3145 goto add_svc; 3146 3147 case SCF_ERROR_NOT_FOUND: 3148 break; 3149 3150 case SCF_ERROR_HANDLE_MISMATCH: 3151 case SCF_ERROR_INVALID_ARGUMENT: 3152 case SCF_ERROR_NOT_SET: 3153 default: 3154 bad_error("scf_service_get_instance", scf_error()); 3155 } 3156 3157 if (scf_service_add_instance(svc, "default", inst) != 3158 0) { 3159 switch (scf_error()) { 3160 case SCF_ERROR_CONNECTION_BROKEN: 3161 ret = ECONNABORTED; 3162 goto out; 3163 3164 case SCF_ERROR_DELETED: 3165 goto add_svc; 3166 3167 case SCF_ERROR_EXISTS: 3168 goto get_inst; 3169 3170 case SCF_ERROR_PERMISSION_DENIED: 3171 ret = EPERM; 3172 goto out; 3173 3174 case SCF_ERROR_BACKEND_ACCESS: 3175 ret = EACCES; 3176 goto out; 3177 3178 case SCF_ERROR_BACKEND_READONLY: 3179 ret = EROFS; 3180 goto out; 3181 3182 case SCF_ERROR_HANDLE_MISMATCH: 3183 case SCF_ERROR_INVALID_ARGUMENT: 3184 case SCF_ERROR_NOT_SET: 3185 default: 3186 bad_error("scf_service_add_instance", 3187 scf_error()); 3188 } 3189 } 3190 } 3191 3192 ret = 0; 3193 3194 out: 3195 scf_service_destroy(svc); 3196 scf_scope_destroy(scope); 3197 return (ret); 3198 } 3199 3200 /* 3201 * Fails with 3202 * ECONNABORTED - repository connection broken 3203 * ECANCELED - the transaction's property group was deleted 3204 */ 3205 static int 3206 transaction_add_set(scf_transaction_t *tx, scf_transaction_entry_t *ent, 3207 const char *pname, scf_type_t type) 3208 { 3209 change_type: 3210 if (scf_transaction_property_change_type(tx, ent, pname, type) == 0) 3211 return (0); 3212 3213 switch (scf_error()) { 3214 case SCF_ERROR_CONNECTION_BROKEN: 3215 return (ECONNABORTED); 3216 3217 case SCF_ERROR_DELETED: 3218 return (ECANCELED); 3219 3220 case SCF_ERROR_NOT_FOUND: 3221 goto new; 3222 3223 case SCF_ERROR_HANDLE_MISMATCH: 3224 case SCF_ERROR_INVALID_ARGUMENT: 3225 case SCF_ERROR_NOT_BOUND: 3226 case SCF_ERROR_NOT_SET: 3227 default: 3228 bad_error("scf_transaction_property_change_type", scf_error()); 3229 } 3230 3231 new: 3232 if (scf_transaction_property_new(tx, ent, pname, type) == 0) 3233 return (0); 3234 3235 switch (scf_error()) { 3236 case SCF_ERROR_CONNECTION_BROKEN: 3237 return (ECONNABORTED); 3238 3239 case SCF_ERROR_DELETED: 3240 return (ECANCELED); 3241 3242 case SCF_ERROR_EXISTS: 3243 goto change_type; 3244 3245 case SCF_ERROR_HANDLE_MISMATCH: 3246 case SCF_ERROR_INVALID_ARGUMENT: 3247 case SCF_ERROR_NOT_BOUND: 3248 case SCF_ERROR_NOT_SET: 3249 default: 3250 bad_error("scf_transaction_property_new", scf_error()); 3251 /* NOTREACHED */ 3252 } 3253 } 3254 3255 static void 3256 scferr(void) 3257 { 3258 switch (scf_error()) { 3259 case SCF_ERROR_NO_MEMORY: 3260 console(B_TRUE, gettext("Out of memory.\n")); 3261 break; 3262 3263 case SCF_ERROR_CONNECTION_BROKEN: 3264 console(B_TRUE, gettext( 3265 "Connection to smf(5) repository server broken.\n")); 3266 break; 3267 3268 case SCF_ERROR_NO_RESOURCES: 3269 console(B_TRUE, gettext( 3270 "smf(5) repository server is out of memory.\n")); 3271 break; 3272 3273 case SCF_ERROR_PERMISSION_DENIED: 3274 console(B_TRUE, gettext("Insufficient privileges.\n")); 3275 break; 3276 3277 default: 3278 console(B_TRUE, gettext("libscf error: %s\n"), 3279 scf_strerror(scf_error())); 3280 } 3281 } 3282 3283 static void 3284 lscf_set_runlevel(char rl) 3285 { 3286 scf_handle_t *h; 3287 scf_instance_t *inst = NULL; 3288 scf_propertygroup_t *pg = NULL; 3289 scf_transaction_t *tx = NULL; 3290 scf_transaction_entry_t *ent = NULL; 3291 scf_value_t *val = NULL; 3292 char buf[2]; 3293 int r; 3294 3295 h = scf_handle_create(SCF_VERSION); 3296 if (h == NULL) { 3297 scferr(); 3298 return; 3299 } 3300 3301 if (scf_handle_bind(h) != 0) { 3302 switch (scf_error()) { 3303 case SCF_ERROR_NO_SERVER: 3304 console(B_TRUE, 3305 gettext("smf(5) repository server not running.\n")); 3306 goto bail; 3307 3308 default: 3309 scferr(); 3310 goto bail; 3311 } 3312 } 3313 3314 if ((inst = scf_instance_create(h)) == NULL || 3315 (pg = scf_pg_create(h)) == NULL || 3316 (val = scf_value_create(h)) == NULL || 3317 (tx = scf_transaction_create(h)) == NULL || 3318 (ent = scf_entry_create(h)) == NULL) { 3319 scferr(); 3320 goto bail; 3321 } 3322 3323 get_inst: 3324 r = get_or_add_startd(inst); 3325 switch (r) { 3326 case 0: 3327 break; 3328 3329 case ENOMEM: 3330 case ECONNABORTED: 3331 case EPERM: 3332 case EACCES: 3333 case EROFS: 3334 scferr(); 3335 goto bail; 3336 default: 3337 bad_error("get_or_add_startd", r); 3338 } 3339 3340 get_pg: 3341 if (scf_instance_get_pg(inst, SCF_PG_OPTIONS_OVR, pg) != 0) { 3342 switch (scf_error()) { 3343 case SCF_ERROR_CONNECTION_BROKEN: 3344 scferr(); 3345 goto bail; 3346 3347 case SCF_ERROR_DELETED: 3348 goto get_inst; 3349 3350 case SCF_ERROR_NOT_FOUND: 3351 break; 3352 3353 case SCF_ERROR_HANDLE_MISMATCH: 3354 case SCF_ERROR_INVALID_ARGUMENT: 3355 case SCF_ERROR_NOT_SET: 3356 default: 3357 bad_error("scf_instance_get_pg", scf_error()); 3358 } 3359 3360 add_pg: 3361 if (scf_instance_add_pg(inst, SCF_PG_OPTIONS_OVR, 3362 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, pg) != 3363 0) { 3364 switch (scf_error()) { 3365 case SCF_ERROR_CONNECTION_BROKEN: 3366 case SCF_ERROR_PERMISSION_DENIED: 3367 case SCF_ERROR_BACKEND_ACCESS: 3368 scferr(); 3369 goto bail; 3370 3371 case SCF_ERROR_DELETED: 3372 goto get_inst; 3373 3374 case SCF_ERROR_EXISTS: 3375 goto get_pg; 3376 3377 case SCF_ERROR_HANDLE_MISMATCH: 3378 case SCF_ERROR_INVALID_ARGUMENT: 3379 case SCF_ERROR_NOT_SET: 3380 default: 3381 bad_error("scf_instance_add_pg", scf_error()); 3382 } 3383 } 3384 } 3385 3386 buf[0] = rl; 3387 buf[1] = '\0'; 3388 r = scf_value_set_astring(val, buf); 3389 assert(r == 0); 3390 3391 for (;;) { 3392 if (scf_transaction_start(tx, pg) != 0) { 3393 switch (scf_error()) { 3394 case SCF_ERROR_CONNECTION_BROKEN: 3395 case SCF_ERROR_PERMISSION_DENIED: 3396 case SCF_ERROR_BACKEND_ACCESS: 3397 scferr(); 3398 goto bail; 3399 3400 case SCF_ERROR_DELETED: 3401 goto add_pg; 3402 3403 case SCF_ERROR_HANDLE_MISMATCH: 3404 case SCF_ERROR_NOT_BOUND: 3405 case SCF_ERROR_IN_USE: 3406 case SCF_ERROR_NOT_SET: 3407 default: 3408 bad_error("scf_transaction_start", scf_error()); 3409 } 3410 } 3411 3412 r = transaction_add_set(tx, ent, "runlevel", SCF_TYPE_ASTRING); 3413 switch (r) { 3414 case 0: 3415 break; 3416 3417 case ECONNABORTED: 3418 scferr(); 3419 goto bail; 3420 3421 case ECANCELED: 3422 scf_transaction_reset(tx); 3423 goto add_pg; 3424 3425 default: 3426 bad_error("transaction_add_set", r); 3427 } 3428 3429 r = scf_entry_add_value(ent, val); 3430 assert(r == 0); 3431 3432 r = scf_transaction_commit(tx); 3433 if (r == 1) 3434 break; 3435 3436 if (r != 0) { 3437 switch (scf_error()) { 3438 case SCF_ERROR_CONNECTION_BROKEN: 3439 case SCF_ERROR_PERMISSION_DENIED: 3440 case SCF_ERROR_BACKEND_ACCESS: 3441 case SCF_ERROR_BACKEND_READONLY: 3442 scferr(); 3443 goto bail; 3444 3445 case SCF_ERROR_DELETED: 3446 scf_transaction_reset(tx); 3447 goto add_pg; 3448 3449 case SCF_ERROR_INVALID_ARGUMENT: 3450 case SCF_ERROR_NOT_BOUND: 3451 case SCF_ERROR_NOT_SET: 3452 default: 3453 bad_error("scf_transaction_commit", 3454 scf_error()); 3455 } 3456 } 3457 3458 scf_transaction_reset(tx); 3459 (void) scf_pg_update(pg); 3460 } 3461 3462 bail: 3463 scf_transaction_destroy(tx); 3464 scf_entry_destroy(ent); 3465 scf_value_destroy(val); 3466 scf_pg_destroy(pg); 3467 scf_instance_destroy(inst); 3468 3469 (void) scf_handle_unbind(h); 3470 scf_handle_destroy(h); 3471 } 3472 3473 /* 3474 * Function to handle requests from users to main init running as process 1. 3475 */ 3476 static void 3477 userinit(int argc, char **argv) 3478 { 3479 FILE *fp; 3480 char *ln; 3481 int init_signal; 3482 struct stat sconbuf, conbuf; 3483 const char *usage_msg = "Usage: init [0123456SsQqabc]\n"; 3484 3485 /* 3486 * We are a user invoked init. Is there an argument and is it 3487 * a single character? If not, print usage message and quit. 3488 */ 3489 if (argc != 2 || argv[1][1] != '\0') { 3490 (void) fprintf(stderr, usage_msg); 3491 exit(0); 3492 } 3493 3494 if ((init_signal = lvlname_to_state((char)argv[1][0])) == -1) { 3495 (void) fprintf(stderr, usage_msg); 3496 (void) audit_put_record(ADT_FAILURE, ADT_FAIL_VALUE_BAD_CMD, 3497 argv[1]); 3498 exit(1); 3499 } 3500 3501 if (init_signal == SINGLE_USER) { 3502 /* 3503 * Make sure this process is talking to a legal tty line 3504 * and that /dev/syscon is linked to this line. 3505 */ 3506 ln = ttyname(0); /* Get the name of tty */ 3507 if (ln == NULL) { 3508 (void) fprintf(stderr, 3509 "Standard input not a tty line\n"); 3510 (void) audit_put_record(ADT_FAILURE, 3511 ADT_FAIL_VALUE_BAD_TTY, argv[1]); 3512 exit(1); 3513 } 3514 3515 if ((stat(ln, &sconbuf) != -1) && 3516 (stat(SYSCON, &conbuf) == -1 || 3517 sconbuf.st_rdev != conbuf.st_rdev)) { 3518 /* 3519 * /dev/syscon needs to change. 3520 * Unlink /dev/syscon and relink it to the current line. 3521 */ 3522 if (lstat(SYSCON, &conbuf) != -1 && 3523 unlink(SYSCON) == FAILURE) { 3524 perror("Can't unlink /dev/syscon"); 3525 (void) fprintf(stderr, 3526 "Run command on the system console.\n"); 3527 (void) audit_put_record(ADT_FAILURE, 3528 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3529 exit(1); 3530 } 3531 if (symlink(ln, SYSCON) == FAILURE) { 3532 (void) fprintf(stderr, 3533 "Can't symlink /dev/syscon to %s: %s", ln, 3534 strerror(errno)); 3535 3536 /* Try to leave a syscon */ 3537 (void) link(SYSTTY, SYSCON); 3538 (void) audit_put_record(ADT_FAILURE, 3539 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3540 exit(1); 3541 } 3542 3543 /* 3544 * Try to leave a message on system console saying where 3545 * /dev/syscon is currently connected. 3546 */ 3547 if ((fp = fopen(SYSTTY, "r+")) != NULL) { 3548 (void) fprintf(fp, 3549 "\n**** SYSCON CHANGED TO %s ****\n", 3550 ln); 3551 (void) fclose(fp); 3552 } 3553 } 3554 } 3555 3556 update_boot_archive(init_signal); 3557 3558 (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]); 3559 3560 /* 3561 * Signal init; init will take care of telling svc.startd. 3562 */ 3563 if (kill(init_pid, init_signal) == FAILURE) { 3564 (void) fprintf(stderr, "Must be super-user\n"); 3565 (void) audit_put_record(ADT_FAILURE, 3566 ADT_FAIL_VALUE_AUTH, argv[1]); 3567 exit(1); 3568 } 3569 3570 exit(0); 3571 } 3572 3573 3574 #define DELTA 25 /* Number of pidlist elements to allocate at a time */ 3575 3576 /* ARGSUSED */ 3577 void 3578 sigpoll(int n) 3579 { 3580 struct pidrec prec; 3581 struct pidrec *p = ≺ 3582 struct pidlist *plp; 3583 struct pidlist *tp, *savetp; 3584 int i; 3585 3586 if (Pfd < 0) { 3587 return; 3588 } 3589 3590 for (;;) { 3591 /* 3592 * Important Note: Either read will really fail (in which case 3593 * return is all we can do) or will get EAGAIN (Pfd was opened 3594 * O_NDELAY), in which case we also want to return. 3595 * Always return from here! 3596 */ 3597 if (read(Pfd, p, sizeof (struct pidrec)) != 3598 sizeof (struct pidrec)) { 3599 return; 3600 } 3601 switch (p->pd_type) { 3602 3603 case ADDPID: 3604 /* 3605 * New "godchild", add to list. 3606 */ 3607 if (Plfree == NULL) { 3608 plp = (struct pidlist *)calloc(DELTA, 3609 sizeof (struct pidlist)); 3610 if (plp == NULL) { 3611 /* Can't save pid */ 3612 break; 3613 } 3614 /* 3615 * Point at 2nd record allocated, we'll use plp. 3616 */ 3617 tp = plp + 1; 3618 /* 3619 * Link them into a chain. 3620 */ 3621 Plfree = tp; 3622 for (i = 0; i < DELTA - 2; i++) { 3623 tp->pl_next = tp + 1; 3624 tp++; 3625 } 3626 } else { 3627 plp = Plfree; 3628 Plfree = plp->pl_next; 3629 } 3630 plp->pl_pid = p->pd_pid; 3631 plp->pl_dflag = 0; 3632 plp->pl_next = NULL; 3633 /* 3634 * Note - pid list is kept in increasing order of pids. 3635 */ 3636 if (Plhead == NULL) { 3637 Plhead = plp; 3638 /* Back up to read next record */ 3639 break; 3640 } else { 3641 savetp = tp = Plhead; 3642 while (tp) { 3643 if (plp->pl_pid > tp->pl_pid) { 3644 savetp = tp; 3645 tp = tp->pl_next; 3646 continue; 3647 } else if (plp->pl_pid < tp->pl_pid) { 3648 if (tp == Plhead) { 3649 plp->pl_next = Plhead; 3650 Plhead = plp; 3651 } else { 3652 plp->pl_next = 3653 savetp->pl_next; 3654 savetp->pl_next = plp; 3655 } 3656 break; 3657 } else { 3658 /* Already in list! */ 3659 plp->pl_next = Plfree; 3660 Plfree = plp; 3661 break; 3662 } 3663 } 3664 if (tp == NULL) { 3665 /* Add to end of list */ 3666 savetp->pl_next = plp; 3667 } 3668 } 3669 /* Back up to read next record. */ 3670 break; 3671 3672 case REMPID: 3673 /* 3674 * This one was handled by someone else, 3675 * purge it from the list. 3676 */ 3677 if (Plhead == NULL) { 3678 /* Back up to read next record. */ 3679 break; 3680 } 3681 savetp = tp = Plhead; 3682 while (tp) { 3683 if (p->pd_pid > tp->pl_pid) { 3684 /* Keep on looking. */ 3685 savetp = tp; 3686 tp = tp->pl_next; 3687 continue; 3688 } else if (p->pd_pid < tp->pl_pid) { 3689 /* Not in list. */ 3690 break; 3691 } else { 3692 /* Found it. */ 3693 if (tp == Plhead) 3694 Plhead = tp->pl_next; 3695 else 3696 savetp->pl_next = tp->pl_next; 3697 tp->pl_next = Plfree; 3698 Plfree = tp; 3699 break; 3700 } 3701 } 3702 /* Back up to read next record. */ 3703 break; 3704 default: 3705 console(B_TRUE, "Bad message on initpipe\n"); 3706 break; 3707 } 3708 } 3709 } 3710 3711 3712 static void 3713 cleanaux() 3714 { 3715 struct pidlist *savep, *p; 3716 pid_t pid; 3717 short status; 3718 3719 (void) sighold(SIGCLD); 3720 Gchild = 0; /* Note - Safe to do this here since no SIGCLDs */ 3721 (void) sighold(SIGPOLL); 3722 savep = p = Plhead; 3723 while (p) { 3724 if (p->pl_dflag) { 3725 /* 3726 * Found an entry to delete, 3727 * remove it from list first. 3728 */ 3729 pid = p->pl_pid; 3730 status = p->pl_exit; 3731 if (p == Plhead) { 3732 Plhead = p->pl_next; 3733 p->pl_next = Plfree; 3734 Plfree = p; 3735 savep = p = Plhead; 3736 } else { 3737 savep->pl_next = p->pl_next; 3738 p->pl_next = Plfree; 3739 Plfree = p; 3740 p = savep->pl_next; 3741 } 3742 clearent(pid, status); 3743 continue; 3744 } 3745 savep = p; 3746 p = p->pl_next; 3747 } 3748 (void) sigrelse(SIGPOLL); 3749 (void) sigrelse(SIGCLD); 3750 } 3751 3752 3753 /* 3754 * /etc/inittab has more entries and we have run out of room in the proc_table 3755 * array. Double the size of proc_table to accomodate the extra entries. 3756 */ 3757 static void 3758 increase_proc_table_size() 3759 { 3760 sigset_t block, unblock; 3761 void *ptr; 3762 size_t delta = num_proc * sizeof (struct PROC_TABLE); 3763 3764 3765 /* 3766 * Block signals for realloc. 3767 */ 3768 (void) sigfillset(&block); 3769 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 3770 3771 3772 /* 3773 * On failure we just return because callers of this function check 3774 * for failure. 3775 */ 3776 do 3777 ptr = realloc(g_state, g_state_sz + delta); 3778 while (ptr == NULL && errno == EAGAIN) 3779 ; 3780 3781 if (ptr != NULL) { 3782 /* ensure that the new part is initialized to zero */ 3783 bzero((caddr_t)ptr + g_state_sz, delta); 3784 3785 g_state = ptr; 3786 g_state_sz += delta; 3787 num_proc <<= 1; 3788 } 3789 3790 3791 /* unblock our signals before returning */ 3792 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 3793 } 3794 3795 3796 3797 /* 3798 * Sanity check g_state. 3799 */ 3800 static int 3801 st_sane() 3802 { 3803 int i; 3804 struct PROC_TABLE *ptp; 3805 3806 3807 /* Note: cur_state is encoded as a signal number */ 3808 if (cur_state < 1 || cur_state == 9 || cur_state > 13) 3809 return (0); 3810 3811 /* Check num_proc */ 3812 if (g_state_sz != sizeof (struct init_state) + (num_proc - 1) * 3813 sizeof (struct PROC_TABLE)) 3814 return (0); 3815 3816 /* Check proc_table */ 3817 for (i = 0, ptp = proc_table; i < num_proc; ++i, ++ptp) { 3818 /* skip unoccupied entries */ 3819 if (!(ptp->p_flags & OCCUPIED)) 3820 continue; 3821 3822 /* p_flags has no bits outside of PF_MASK */ 3823 if (ptp->p_flags & ~(PF_MASK)) 3824 return (0); 3825 3826 /* 5 <= pid <= MAXPID */ 3827 if (ptp->p_pid < 5 || ptp->p_pid > MAXPID) 3828 return (0); 3829 3830 /* p_count >= 0 */ 3831 if (ptp->p_count < 0) 3832 return (0); 3833 3834 /* p_time >= 0 */ 3835 if (ptp->p_time < 0) 3836 return (0); 3837 } 3838 3839 return (1); 3840 } 3841 3842 /* 3843 * Initialize our state. 3844 * 3845 * If the system just booted, then init_state_file, which is located on an 3846 * everpresent tmpfs filesystem, should not exist. 3847 * 3848 * If we were restarted, then init_state_file should exist, in 3849 * which case we'll read it in, sanity check it, and use it. 3850 * 3851 * Note: You can't call console() until proc_table is ready. 3852 */ 3853 void 3854 st_init() 3855 { 3856 struct stat stb; 3857 int ret, st_fd, insane = 0; 3858 size_t to_be_read; 3859 char *ptr; 3860 3861 3862 booting = 1; 3863 3864 do { 3865 /* 3866 * If we can exclusively create the file, then we're the 3867 * initial invocation of init(1M). 3868 */ 3869 st_fd = open(init_state_file, O_RDWR | O_CREAT | O_EXCL, 3870 S_IRUSR | S_IWUSR); 3871 } while (st_fd == -1 && errno == EINTR); 3872 if (st_fd != -1) 3873 goto new_state; 3874 3875 booting = 0; 3876 3877 do { 3878 st_fd = open(init_state_file, O_RDWR, S_IRUSR | S_IWUSR); 3879 } while (st_fd == -1 && errno == EINTR); 3880 if (st_fd == -1) 3881 goto new_state; 3882 3883 /* Get the size of the file. */ 3884 do 3885 ret = fstat(st_fd, &stb); 3886 while (ret == -1 && errno == EINTR) 3887 ; 3888 if (ret == -1) 3889 goto new_state; 3890 3891 do 3892 g_state = malloc(stb.st_size); 3893 while (g_state == NULL && errno == EAGAIN) 3894 ; 3895 if (g_state == NULL) 3896 goto new_state; 3897 3898 to_be_read = stb.st_size; 3899 ptr = (char *)g_state; 3900 while (to_be_read > 0) { 3901 ssize_t read_ret; 3902 3903 read_ret = read(st_fd, ptr, to_be_read); 3904 if (read_ret < 0) { 3905 if (errno == EINTR) 3906 continue; 3907 3908 goto new_state; 3909 } 3910 3911 to_be_read -= read_ret; 3912 ptr += read_ret; 3913 } 3914 3915 (void) close(st_fd); 3916 3917 g_state_sz = stb.st_size; 3918 3919 if (st_sane()) { 3920 console(B_TRUE, "Restarting.\n"); 3921 return; 3922 } 3923 3924 insane = 1; 3925 3926 new_state: 3927 if (st_fd >= 0) 3928 (void) close(st_fd); 3929 else 3930 (void) unlink(init_state_file); 3931 3932 if (g_state != NULL) 3933 free(g_state); 3934 3935 /* Something went wrong, so allocate new state. */ 3936 g_state_sz = sizeof (struct init_state) + 3937 ((init_num_proc - 1) * sizeof (struct PROC_TABLE)); 3938 do 3939 g_state = calloc(1, g_state_sz); 3940 while (g_state == NULL && errno == EAGAIN) 3941 ; 3942 if (g_state == NULL) { 3943 /* Fatal error! */ 3944 exit(errno); 3945 } 3946 3947 g_state->ist_runlevel = -1; 3948 num_proc = init_num_proc; 3949 3950 if (!booting) { 3951 console(B_TRUE, "Restarting.\n"); 3952 3953 /* Overwrite the bad state file. */ 3954 st_write(); 3955 3956 if (!insane) { 3957 console(B_TRUE, 3958 "Error accessing persistent state file `%s'. " 3959 "Ignored.\n", init_state_file); 3960 } else { 3961 console(B_TRUE, 3962 "Persistent state file `%s' is invalid and was " 3963 "ignored.\n", init_state_file); 3964 } 3965 } 3966 } 3967 3968 /* 3969 * Write g_state out to the state file. 3970 */ 3971 void 3972 st_write() 3973 { 3974 static int complained = 0; 3975 3976 int st_fd; 3977 char *cp; 3978 size_t sz; 3979 ssize_t ret; 3980 3981 3982 do { 3983 st_fd = open(init_next_state_file, 3984 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); 3985 } while (st_fd < 0 && errno == EINTR); 3986 if (st_fd < 0) 3987 goto err; 3988 3989 cp = (char *)g_state; 3990 sz = g_state_sz; 3991 while (sz > 0) { 3992 ret = write(st_fd, cp, sz); 3993 if (ret < 0) { 3994 if (errno == EINTR) 3995 continue; 3996 3997 goto err; 3998 } 3999 4000 sz -= ret; 4001 cp += ret; 4002 } 4003 4004 (void) close(st_fd); 4005 st_fd = -1; 4006 if (rename(init_next_state_file, init_state_file)) { 4007 (void) unlink(init_next_state_file); 4008 goto err; 4009 } 4010 complained = 0; 4011 4012 return; 4013 4014 err: 4015 if (st_fd >= 0) 4016 (void) close(st_fd); 4017 4018 if (!booting && !complained) { 4019 /* 4020 * Only complain after the filesystem should have come up. 4021 * And only do it once so we don't loop between console() 4022 * & efork(). 4023 */ 4024 complained = 1; 4025 if (st_fd) 4026 console(B_TRUE, "Couldn't write persistent state " 4027 "file `%s'.\n", init_state_file); 4028 else 4029 console(B_TRUE, "Couldn't move persistent state " 4030 "file `%s' to `%s'.\n", init_next_state_file, 4031 init_state_file); 4032 } 4033 } 4034 4035 /* 4036 * Create a contract with these parameters. 4037 */ 4038 static int 4039 contract_make_template(uint_t info, uint_t critical, uint_t fatal, 4040 uint64_t cookie) 4041 { 4042 int fd, err; 4043 4044 char *ioctl_tset_emsg = 4045 "Couldn't set \"%s\" contract template parameter: %s.\n"; 4046 4047 do 4048 fd = open64(CTFS_ROOT "/process/template", O_RDWR); 4049 while (fd < 0 && errno == EINTR) 4050 ; 4051 if (fd < 0) { 4052 console(B_TRUE, "Couldn't create process template: %s.\n", 4053 strerror(errno)); 4054 return (-1); 4055 } 4056 4057 if (err = ct_pr_tmpl_set_param(fd, CT_PR_INHERIT | CT_PR_REGENT)) 4058 console(B_TRUE, "Contract set template inherit, regent " 4059 "failed: %s.\n", strerror(err)); 4060 4061 /* 4062 * These errors result in a misconfigured template, which is better 4063 * than no template at all, so warn but don't abort. 4064 */ 4065 if (err = ct_tmpl_set_informative(fd, info)) 4066 console(B_TRUE, ioctl_tset_emsg, "informative", strerror(err)); 4067 4068 if (err = ct_tmpl_set_critical(fd, critical)) 4069 console(B_TRUE, ioctl_tset_emsg, "critical", strerror(err)); 4070 4071 if (err = ct_pr_tmpl_set_fatal(fd, fatal)) 4072 console(B_TRUE, ioctl_tset_emsg, "fatal", strerror(err)); 4073 4074 if (err = ct_tmpl_set_cookie(fd, cookie)) 4075 console(B_TRUE, ioctl_tset_emsg, "cookie", strerror(err)); 4076 4077 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4078 4079 return (fd); 4080 } 4081 4082 /* 4083 * Create the templates and open an event file descriptor. We use dup2(2) to 4084 * get these descriptors away from the stdin/stdout/stderr group. 4085 */ 4086 static void 4087 contracts_init() 4088 { 4089 int err, fd; 4090 4091 /* 4092 * Create & configure a legacy template. We only want empty events so 4093 * we know when to abandon them. 4094 */ 4095 legacy_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, CT_PR_EV_HWERR, 4096 ORDINARY_COOKIE); 4097 if (legacy_tmpl >= 0) { 4098 err = ct_tmpl_activate(legacy_tmpl); 4099 if (err != 0) { 4100 (void) close(legacy_tmpl); 4101 legacy_tmpl = -1; 4102 console(B_TRUE, 4103 "Couldn't activate legacy template (%s); " 4104 "legacy services will be in init's contract.\n", 4105 strerror(err)); 4106 } 4107 } else 4108 console(B_TRUE, 4109 "Legacy services will be in init's contract.\n"); 4110 4111 if (dup2(legacy_tmpl, 255) == -1) { 4112 console(B_TRUE, "Could not duplicate legacy template: %s.\n", 4113 strerror(errno)); 4114 } else { 4115 (void) close(legacy_tmpl); 4116 legacy_tmpl = 255; 4117 } 4118 4119 (void) fcntl(legacy_tmpl, F_SETFD, FD_CLOEXEC); 4120 4121 startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4122 CT_PR_EV_HWERR | CT_PR_EV_SIGNAL | CT_PR_EV_CORE, STARTD_COOKIE); 4123 4124 if (dup2(startd_tmpl, 254) == -1) { 4125 console(B_TRUE, "Could not duplicate startd template: %s.\n", 4126 strerror(errno)); 4127 } else { 4128 (void) close(startd_tmpl); 4129 startd_tmpl = 254; 4130 } 4131 4132 (void) fcntl(startd_tmpl, F_SETFD, FD_CLOEXEC); 4133 4134 if (legacy_tmpl < 0 && startd_tmpl < 0) { 4135 /* The creation errors have already been reported. */ 4136 console(B_TRUE, 4137 "Ignoring contract events. Core smf(5) services will not " 4138 "be restarted.\n"); 4139 return; 4140 } 4141 4142 /* 4143 * Open an event endpoint. 4144 */ 4145 do 4146 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY); 4147 while (fd < 0 && errno == EINTR) 4148 ; 4149 if (fd < 0) { 4150 console(B_TRUE, 4151 "Couldn't open process pbundle: %s. Core smf(5) services " 4152 "will not be restarted.\n", strerror(errno)); 4153 return; 4154 } 4155 4156 if (dup2(fd, 253) == -1) { 4157 console(B_TRUE, "Could not duplicate process bundle: %s.\n", 4158 strerror(errno)); 4159 } else { 4160 (void) close(fd); 4161 fd = 253; 4162 } 4163 4164 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4165 4166 /* Reset in case we've been restarted. */ 4167 (void) ct_event_reset(fd); 4168 4169 poll_fds[0].fd = fd; 4170 poll_fds[0].events = POLLIN; 4171 poll_nfds = 1; 4172 } 4173 4174 static int 4175 contract_getfile(ctid_t id, const char *name, int oflag) 4176 { 4177 int fd; 4178 4179 do 4180 fd = contract_open(id, "process", name, oflag); 4181 while (fd < 0 && errno == EINTR) 4182 ; 4183 4184 if (fd < 0) 4185 console(B_TRUE, "Couldn't open %s for contract %ld: %s.\n", 4186 name, id, strerror(errno)); 4187 4188 return (fd); 4189 } 4190 4191 static int 4192 contract_cookie(ctid_t id, uint64_t *cp) 4193 { 4194 int fd, err; 4195 ct_stathdl_t sh; 4196 4197 fd = contract_getfile(id, "status", O_RDONLY); 4198 if (fd < 0) 4199 return (-1); 4200 4201 err = ct_status_read(fd, CTD_COMMON, &sh); 4202 if (err != 0) { 4203 console(B_TRUE, "Couldn't read status of contract %ld: %s.\n", 4204 id, strerror(err)); 4205 (void) close(fd); 4206 return (-1); 4207 } 4208 4209 (void) close(fd); 4210 4211 *cp = ct_status_get_cookie(sh); 4212 4213 ct_status_free(sh); 4214 return (0); 4215 } 4216 4217 static void 4218 contract_ack(ct_evthdl_t e) 4219 { 4220 int fd; 4221 4222 if (ct_event_get_flags(e) & CTE_INFO) 4223 return; 4224 4225 fd = contract_getfile(ct_event_get_ctid(e), "ctl", O_WRONLY); 4226 if (fd < 0) 4227 return; 4228 4229 (void) ct_ctl_ack(fd, ct_event_get_evid(e)); 4230 (void) close(fd); 4231 } 4232 4233 /* 4234 * Process a contract event. 4235 */ 4236 static void 4237 contract_event(struct pollfd *poll) 4238 { 4239 ct_evthdl_t e; 4240 int err; 4241 ctid_t ctid; 4242 4243 if (!(poll->revents & POLLIN)) { 4244 if (poll->revents & POLLERR) 4245 console(B_TRUE, 4246 "Unknown poll error on my process contract " 4247 "pbundle.\n"); 4248 return; 4249 } 4250 4251 err = ct_event_read(poll->fd, &e); 4252 if (err != 0) { 4253 console(B_TRUE, "Error retrieving contract event: %s.\n", 4254 strerror(err)); 4255 return; 4256 } 4257 4258 ctid = ct_event_get_ctid(e); 4259 4260 if (ct_event_get_type(e) == CT_PR_EV_EMPTY) { 4261 uint64_t cookie; 4262 int ret, abandon = 1; 4263 4264 /* If it's svc.startd, restart it. Else, abandon. */ 4265 ret = contract_cookie(ctid, &cookie); 4266 4267 if (ret == 0) { 4268 if (cookie == STARTD_COOKIE && 4269 do_restart_startd) { 4270 if (smf_debug) 4271 console(B_TRUE, "Restarting " 4272 "svc.startd.\n"); 4273 4274 /* 4275 * Account for the failure. If the failure rate 4276 * exceeds a threshold, then drop to maintenance 4277 * mode. 4278 */ 4279 startd_record_failure(); 4280 if (startd_failure_rate_critical()) 4281 enter_maintenance(); 4282 4283 if (startd_tmpl < 0) 4284 console(B_TRUE, 4285 "Restarting svc.startd in " 4286 "improper contract (bad " 4287 "template).\n"); 4288 4289 (void) startd_run(startd_cline, startd_tmpl, 4290 ctid); 4291 4292 abandon = 0; 4293 } 4294 } 4295 4296 if (abandon && (err = contract_abandon_id(ctid))) { 4297 console(B_TRUE, "Couldn't abandon contract %ld: %s.\n", 4298 ctid, strerror(err)); 4299 } 4300 4301 /* 4302 * No need to acknowledge the event since either way the 4303 * originating contract should be abandoned. 4304 */ 4305 } else { 4306 console(B_TRUE, 4307 "Received contract event of unexpected type %d from " 4308 "contract %ld.\n", ct_event_get_type(e), ctid); 4309 4310 if ((ct_event_get_flags(e) & (CTE_INFO | CTE_ACK)) == 0) 4311 /* Allow unexpected critical events to be released. */ 4312 contract_ack(e); 4313 } 4314 4315 ct_event_free(e); 4316 } 4317 4318 /* 4319 * svc.startd(1M) Management 4320 */ 4321 4322 /* 4323 * (Re)start svc.startd(1M). old_ctid should be the contract ID of the old 4324 * contract, or 0 if we're starting it for the first time. If wait is true 4325 * we'll wait for and return the exit value of the child. 4326 */ 4327 static int 4328 startd_run(const char *cline, int tmpl, ctid_t old_ctid) 4329 { 4330 int err, i, ret, did_activate; 4331 pid_t pid; 4332 struct stat sb; 4333 4334 if (cline[0] == '\0') 4335 return (-1); 4336 4337 /* 4338 * Don't restart startd if the system is rebooting or shutting down. 4339 */ 4340 do { 4341 ret = stat("/etc/svc/volatile/resetting", &sb); 4342 } while (ret == -1 && errno == EINTR); 4343 4344 if (ret == 0) { 4345 if (smf_debug) 4346 console(B_TRUE, "Quiescing for reboot.\n"); 4347 (void) pause(); 4348 return (-1); 4349 } 4350 4351 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4352 if (err == EINVAL) { 4353 console(B_TRUE, "Remake startd_tmpl; reattempt transfer.\n"); 4354 tmpl = startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4355 CT_PR_EV_HWERR, STARTD_COOKIE); 4356 4357 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4358 } 4359 if (err != 0) { 4360 console(B_TRUE, 4361 "Couldn't set transfer parameter of contract template: " 4362 "%s.\n", strerror(err)); 4363 } 4364 4365 if ((err = ct_pr_tmpl_set_svc_fmri(startd_tmpl, 4366 SCF_SERVICE_STARTD)) != 0) 4367 console(B_TRUE, 4368 "Can not set svc_fmri in contract template: %s\n", 4369 strerror(err)); 4370 if ((err = ct_pr_tmpl_set_svc_aux(startd_tmpl, 4371 startd_svc_aux)) != 0) 4372 console(B_TRUE, 4373 "Can not set svc_aux in contract template: %s\n", 4374 strerror(err)); 4375 did_activate = !(ct_tmpl_activate(tmpl)); 4376 if (!did_activate) 4377 console(B_TRUE, 4378 "Template activation failed; not starting \"%s\" in " 4379 "proper contract.\n", cline); 4380 4381 /* Hold SIGCLD so we can wait if necessary. */ 4382 (void) sighold(SIGCLD); 4383 4384 while ((pid = fork()) < 0) { 4385 if (errno == EPERM) { 4386 console(B_TRUE, "Insufficient permission to fork.\n"); 4387 4388 /* Now that's a doozy. */ 4389 exit(1); 4390 } 4391 4392 console(B_TRUE, 4393 "fork() for svc.startd failed: %s. Will retry in 1 " 4394 "second...\n", strerror(errno)); 4395 4396 (void) sleep(1); 4397 4398 /* Eventually give up? */ 4399 } 4400 4401 if (pid == 0) { 4402 /* child */ 4403 4404 /* See the comment in efork() */ 4405 for (i = SIGHUP; i <= SIGRTMAX; ++i) { 4406 if (i == SIGTTOU || i == SIGTTIN || i == SIGTSTP) 4407 (void) sigset(i, SIG_IGN); 4408 else 4409 (void) sigset(i, SIG_DFL); 4410 } 4411 4412 if (smf_options != NULL) { 4413 /* Put smf_options in the environment. */ 4414 glob_envp[glob_envn] = 4415 malloc(sizeof ("SMF_OPTIONS=") - 1 + 4416 strlen(smf_options) + 1); 4417 4418 if (glob_envp[glob_envn] != NULL) { 4419 /* LINTED */ 4420 (void) sprintf(glob_envp[glob_envn], 4421 "SMF_OPTIONS=%s", smf_options); 4422 glob_envp[glob_envn+1] = NULL; 4423 } else { 4424 console(B_TRUE, 4425 "Could not set SMF_OPTIONS (%s).\n", 4426 strerror(errno)); 4427 } 4428 } 4429 4430 if (smf_debug) 4431 console(B_TRUE, "Executing svc.startd\n"); 4432 4433 (void) execle(SH, "INITSH", "-c", cline, NULL, glob_envp); 4434 4435 console(B_TRUE, "Could not exec \"%s\" (%s).\n", SH, 4436 strerror(errno)); 4437 4438 exit(1); 4439 } 4440 4441 /* parent */ 4442 4443 if (did_activate) { 4444 if (legacy_tmpl < 0 || ct_tmpl_activate(legacy_tmpl) != 0) 4445 (void) ct_tmpl_clear(tmpl); 4446 } 4447 4448 /* Clear the old_ctid reference so the kernel can reclaim it. */ 4449 if (old_ctid != 0) 4450 (void) ct_pr_tmpl_set_transfer(tmpl, 0); 4451 4452 (void) sigrelse(SIGCLD); 4453 4454 return (0); 4455 } 4456 4457 /* 4458 * void startd_record_failure(void) 4459 * Place the current time in our circular array of svc.startd failures. 4460 */ 4461 void 4462 startd_record_failure() 4463 { 4464 int index = startd_failure_index++ % NSTARTD_FAILURE_TIMES; 4465 4466 startd_failure_time[index] = gethrtime(); 4467 } 4468 4469 /* 4470 * int startd_failure_rate_critical(void) 4471 * Return true if the average failure interval is less than the permitted 4472 * interval. Implicit success if insufficient measurements for an average 4473 * exist. 4474 */ 4475 int 4476 startd_failure_rate_critical() 4477 { 4478 int n = startd_failure_index; 4479 hrtime_t avg_ns = 0; 4480 4481 if (startd_failure_index < NSTARTD_FAILURE_TIMES) 4482 return (0); 4483 4484 avg_ns = 4485 (startd_failure_time[(n - 1) % NSTARTD_FAILURE_TIMES] - 4486 startd_failure_time[n % NSTARTD_FAILURE_TIMES]) / 4487 NSTARTD_FAILURE_TIMES; 4488 4489 return (avg_ns < STARTD_FAILURE_RATE_NS); 4490 } 4491 4492 /* 4493 * returns string that must be free'd 4494 */ 4495 4496 static char 4497 *audit_boot_msg() 4498 { 4499 char *b, *p; 4500 char desc[] = "booted"; 4501 zoneid_t zid = getzoneid(); 4502 4503 b = malloc(sizeof (desc) + MAXNAMELEN + 3); 4504 if (b == NULL) 4505 return (b); 4506 4507 p = b; 4508 p += strlcpy(p, desc, sizeof (desc)); 4509 if (zid != GLOBAL_ZONEID) { 4510 p += strlcpy(p, ": ", 3); 4511 (void) getzonenamebyid(zid, p, MAXNAMELEN); 4512 } 4513 return (b); 4514 } 4515 4516 /* 4517 * Generate AUE_init_solaris audit record. Return 1 if 4518 * auditing is enabled in case the caller cares. 4519 * 4520 * In the case of userint() or a local zone invocation of 4521 * one_true_init, the process initially contains the audit 4522 * characteristics of the process that invoked init. The first pass 4523 * through here uses those characteristics then for the case of 4524 * one_true_init in a local zone, clears them so subsequent system 4525 * state changes won't be attributed to the person who booted the 4526 * zone. 4527 */ 4528 static int 4529 audit_put_record(int pass_fail, int status, char *msg) 4530 { 4531 adt_session_data_t *ah; 4532 adt_event_data_t *event; 4533 4534 if (!adt_audit_enabled()) 4535 return (0); 4536 4537 /* 4538 * the PROC_DATA picks up the context to tell whether this is 4539 * an attributed record (auid = -2 is unattributed) 4540 */ 4541 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) { 4542 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4543 return (1); 4544 } 4545 event = adt_alloc_event(ah, ADT_init_solaris); 4546 if (event == NULL) { 4547 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4548 (void) adt_end_session(ah); 4549 return (1); 4550 } 4551 event->adt_init_solaris.info = msg; /* NULL is ok here */ 4552 4553 if (adt_put_event(event, pass_fail, status)) { 4554 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4555 (void) adt_end_session(ah); 4556 return (1); 4557 } 4558 adt_free_event(event); 4559 4560 (void) adt_end_session(ah); 4561 4562 return (1); 4563 } 4564