1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 #include <libintl.h> 27 #include <librestart.h> 28 #include <librestart_priv.h> 29 #include <libscf.h> 30 #include <libscf_priv.h> 31 32 #include <assert.h> 33 #include <ctype.h> 34 #include <dlfcn.h> 35 #include <errno.h> 36 #include <exec_attr.h> 37 #include <grp.h> 38 #include <libsysevent.h> 39 #include <libuutil.h> 40 #include <limits.h> 41 #include <link.h> 42 #include <malloc.h> 43 #include <pool.h> 44 #include <priv.h> 45 #include <project.h> 46 #include <pthread.h> 47 #include <pwd.h> 48 #include <secdb.h> 49 #include <signal.h> 50 #include <stdlib.h> 51 #include <string.h> 52 #include <syslog.h> 53 #include <sys/corectl.h> 54 #include <sys/machelf.h> 55 #include <sys/task.h> 56 #include <sys/types.h> 57 #include <time.h> 58 #include <unistd.h> 59 #include <ucontext.h> 60 61 #define min(a, b) ((a) > (b) ? (b) : (a)) 62 63 #define MKW_TRUE ":true" 64 #define MKW_KILL ":kill" 65 #define MKW_KILL_PROC ":kill_process" 66 67 #define ALLOCFAIL ((char *)"Allocation failure.") 68 #define RCBROKEN ((char *)"Repository connection broken.") 69 70 #define MAX_COMMIT_RETRIES 10 71 #define MAX_COMMIT_RETRY_INT (5 * 1000000) /* 5 seconds */ 72 #define INITIAL_COMMIT_RETRY_INT (10000) /* 1/100th second */ 73 74 /* 75 * bad_fail() catches bugs in this and lower layers by reporting supposedly 76 * impossible function failures. The NDEBUG case keeps the strings out of the 77 * library but still calls abort() so we can root-cause from the coredump. 78 */ 79 #ifndef NDEBUG 80 #define bad_fail(func, err) { \ 81 (void) fprintf(stderr, \ 82 "At %s:%d, %s() failed with unexpected error %d. Aborting.\n", \ 83 __FILE__, __LINE__, (func), (err)); \ 84 abort(); \ 85 } 86 #else 87 #define bad_fail(func, err) abort() 88 #endif 89 90 struct restarter_event_handle { 91 char *reh_restarter_name; 92 char *reh_delegate_channel_name; 93 evchan_t *reh_delegate_channel; 94 char *reh_delegate_subscriber_id; 95 char *reh_master_channel_name; 96 evchan_t *reh_master_channel; 97 char *reh_master_subscriber_id; 98 int (*reh_handler)(restarter_event_t *); 99 }; 100 101 struct restarter_event { 102 sysevent_t *re_sysevent; 103 restarter_event_type_t re_type; 104 char *re_instance_name; 105 restarter_event_handle_t *re_event_handle; 106 restarter_instance_state_t re_state; 107 restarter_instance_state_t re_next_state; 108 }; 109 110 /* 111 * Long reasons must all parse/read correctly in the following contexts: 112 * 113 * "A service instance transitioned state: %s." 114 * "A service failed: %s." 115 * "Reason: %s." 116 * "The service transitioned state (%s) and ..." 117 * 118 * With the exception of restart_str_none they must also fit the following 119 * moulds: 120 * 121 * "An instance transitioned because %s, and ..." 122 * "An instance transitioned to <new-state> because %s, and ..." 123 * 124 * Note that whoever is rendering the long message must provide the 125 * terminal punctuation - don't include it here. Similarly, do not 126 * provide an initial capital letter in reason-long. 127 * 128 * The long reason strings are Volatile - within the grammatical constraints 129 * above we may improve them as need be. The intention is that a consumer 130 * may blindly render the string along the lines of the above examples, 131 * but has no other guarantees as to the exact wording. Long reasons 132 * are localized. 133 * 134 * We define revisions of the set of short reason strings in use. Within 135 * a given revision, all short reasons are Committed. Consumers must check 136 * the revision in use before relying on the semantics of the short reason 137 * codes - if the version exceeds that which they are familiar with they should 138 * fail gracefully. Having checked for version compatability, a consumer 139 * is assured that 140 * 141 * "short_reason_A iff semantic_A", provided: 142 * 143 * . the restarter uses this short reason code at all, 144 * . the short reason is not "none" (which a restarter could 145 * specifiy for any transition semantics) 146 * 147 * To split/refine such a Committed semantic_A into further cases, 148 * we are required to bump the revision number. This should be an 149 * infrequent occurence. If you bump the revision number you may 150 * need to make corresponding changes in any source that calls 151 * restarter_str_version (e.g., FMA event generation). 152 * 153 * To add additional reasons to the set you must also bump the version 154 * number. 155 */ 156 157 /* 158 * The following describes revision 0 of the set of transition reasons. 159 * Read the preceding block comment before making any changes. 160 */ 161 static const struct restarter_state_transition_reason restarter_str[] = { 162 /* 163 * Any transition for which the restarter has not provided a reason. 164 */ 165 { 166 restarter_str_none, 167 "none", 168 "the restarter gave no reason" 169 }, 170 171 /* 172 * A transition to maintenance state due to a 173 * 'svcadm mark maintenance <fmri>'. *Not* used if the libscf 174 * interface smf_maintain_instance(3SCF) is used to request maintenance. 175 */ 176 { 177 restarter_str_administrative_request, 178 "administrative_request", 179 "maintenance was requested by an administrator" 180 }, 181 182 /* 183 * A transition to maintenance state if a repository inconsistency 184 * exists when the service/instance state is first read by startd 185 * into the graph engine (this can also happen during startd restart). 186 */ 187 { 188 restarter_str_bad_repo_state, 189 "bad_repo_state", 190 "an SMF repository inconsistecy exists" 191 }, 192 193 /* 194 * A transition 'maintenance -> uninitialized' resulting always 195 * from 'svcadm clear <fmri>'. *Not* used if the libscf interface 196 * smf_restore_instance(3SCF) is used. 197 */ 198 { 199 restarter_str_clear_request, 200 "clear_request", 201 "maintenance clear was requested by an administrator" 202 }, 203 204 /* 205 * A transition 'online -> offline' due to a process core dump. 206 */ 207 { 208 restarter_str_ct_ev_core, 209 "ct_ev_core", 210 "a process dumped core" 211 }, 212 213 /* 214 * A transition 'online -> offline' due to an empty process contract, 215 * i.e., the last process in a contract type service has exited. 216 */ 217 { 218 restarter_str_ct_ev_exit, 219 "ct_ev_exit", 220 "all processes in the service have exited" 221 }, 222 223 /* 224 * A transition 'online -> offline' due to a hardware error. 225 */ 226 { 227 restarter_str_ct_ev_hwerr, 228 "ct_ev_hwerr", 229 "a process was killed due to uncorrectable hardware error" 230 }, 231 232 /* 233 * A transition 'online -> offline' due to a process in the service 234 * having received a fatal signal originating from outside the 235 * service process contract. 236 */ 237 { 238 restarter_str_ct_ev_signal, 239 "ct_ev_signal", 240 "a process received a fatal signal from outside the service" 241 }, 242 243 /* 244 * A transition 'offline -> online' when all dependencies for the 245 * service have been met. 246 */ 247 { 248 restarter_str_dependencies_satisfied, 249 "dependencies_satisfied", 250 "all dependencies have been satisfied" 251 }, 252 253 /* 254 * A transition 'online -> offline' because some dependency for the 255 * service is no-longer met. 256 */ 257 { 258 restarter_str_dependency_activity, 259 "dependency_activity", 260 "a dependency activity required a stop" 261 }, 262 263 /* 264 * A transition to maintenance state due to a cycle in the 265 * service dependencies. 266 */ 267 { 268 restarter_str_dependency_cycle, 269 "dependency_cycle", 270 "a dependency cycle exists" 271 }, 272 273 /* 274 * A transition 'online -> offline -> disabled' due to a 275 * 'svcadm disable [-t] <fmri>' or smf_disable_instance(3SCF) call. 276 */ 277 { 278 restarter_str_disable_request, 279 "disable_request", 280 "a disable was requested" 281 }, 282 283 /* 284 * A transition 'disabled -> offline' due to a 285 * 'svcadm enable [-t] <fmri>' or smf_enable_instance(3SCF) call. 286 */ 287 { 288 restarter_str_enable_request, 289 "enable_request", 290 "an enable was requested" 291 }, 292 293 /* 294 * A transition to maintenance state when a method fails 295 * repeatedly for a retryable reason. 296 */ 297 { 298 restarter_str_fault_threshold_reached, 299 "fault_threshold_reached", 300 "a method is failing in a retryable manner but too often" 301 }, 302 303 /* 304 * A transition to uninitialized state when startd reads the service 305 * configuration and inserts it into the graph engine. 306 */ 307 { 308 restarter_str_insert_in_graph, 309 "insert_in_graph", 310 "the instance was inserted in the graph" 311 }, 312 313 /* 314 * A transition to maintenance state due to an invalid dependency 315 * declared for the service. 316 */ 317 { 318 restarter_str_invalid_dependency, 319 "invalid_dependency", 320 "a service has an invalid dependency" 321 }, 322 323 /* 324 * A transition to maintenance state because the service-declared 325 * restarter is invalid. 326 */ 327 { 328 restarter_str_invalid_restarter, 329 "invalid_restarter", 330 "the service restarter is invalid" 331 }, 332 333 /* 334 * A transition to maintenance state because a restarter method 335 * exited with one of SMF_EXIT_ERR_CONFIG, SMF_EXIT_ERR_NOSMF, 336 * SMF_EXIT_ERR_PERM, or SMF_EXIT_ERR_FATAL. 337 */ 338 { 339 restarter_str_method_failed, 340 "method_failed", 341 "a start, stop or refresh method failed" 342 }, 343 344 /* 345 * A transition 'uninitialized -> {disabled|offline}' after 346 * "insert_in_graph" to match the state configured in the 347 * repository. 348 */ 349 { 350 restarter_str_per_configuration, 351 "per_configuration", 352 "the SMF repository configuration specifies this state" 353 }, 354 355 /* 356 * Refresh requested - no state change. 357 */ 358 { 359 restarter_str_refresh, 360 NULL, 361 "a refresh was requested (no change of state)" 362 }, 363 364 /* 365 * A transition 'online -> offline -> online' due to a 366 * 'svcadm restart <fmri> or equivlaent libscf API call. 367 * Both the 'online -> offline' and 'offline -> online' transtions 368 * specify this reason. 369 */ 370 { 371 restarter_str_restart_request, 372 "restart_request", 373 "a restart was requested" 374 }, 375 376 /* 377 * A transition to maintenance state because the start method is 378 * being executed successfully but too frequently. 379 */ 380 { 381 restarter_str_restarting_too_quickly, 382 "restarting_too_quickly", 383 "the instance is restarting too quickly" 384 }, 385 386 /* 387 * A transition to maintenance state due a service requesting 388 * 'svcadm mark maintenance <fmri>' or equivalent libscf API call. 389 * A command line 'svcadm mark maintenance <fmri>' does not produce 390 * this reason - it produces administrative_request instead. 391 */ 392 { 393 restarter_str_service_request, 394 "service_request", 395 "maintenance was requested by another service" 396 }, 397 398 /* 399 * An instanced inserted into the graph at its existing state 400 * during a startd restart - no state change. 401 */ 402 { 403 restarter_str_startd_restart, 404 NULL, 405 "the instance was inserted in the graph due to startd restart" 406 } 407 }; 408 409 uint32_t 410 restarter_str_version(void) 411 { 412 return (RESTARTER_STRING_VERSION); 413 } 414 415 const char * 416 restarter_get_str_short(restarter_str_t key) 417 { 418 int i; 419 for (i = 0; i < sizeof (restarter_str) / 420 sizeof (struct restarter_state_transition_reason); i++) 421 if (key == restarter_str[i].str_key) 422 return (restarter_str[i].str_short); 423 return (NULL); 424 } 425 426 const char * 427 restarter_get_str_long(restarter_str_t key) 428 { 429 int i; 430 for (i = 0; i < sizeof (restarter_str) / 431 sizeof (struct restarter_state_transition_reason); i++) 432 if (key == restarter_str[i].str_key) 433 return (dgettext(TEXT_DOMAIN, 434 restarter_str[i].str_long)); 435 return (NULL); 436 } 437 438 /* 439 * A static no memory error message mc_error_t structure 440 * to be used in cases when memory errors are to be returned 441 * This avoids the need to attempt to allocate memory for the 442 * message, therefore getting into a cycle of no memory failures. 443 */ 444 mc_error_t mc_nomem_err = { 445 0, ENOMEM, sizeof ("Out of memory") - 1, "Out of memory" 446 }; 447 448 static const char * const allocfail = "Allocation failure.\n"; 449 static const char * const rcbroken = "Repository connection broken.\n"; 450 451 static int method_context_safety = 0; /* Can safely call pools/projects. */ 452 453 int ndebug = 1; 454 455 /* PRINTFLIKE3 */ 456 static mc_error_t * 457 mc_error_create(mc_error_t *e, int type, const char *format, ...) 458 { 459 mc_error_t *le; 460 va_list args; 461 int size; 462 463 /* 464 * If the type is ENOMEM and format is NULL, then 465 * go ahead and return the default nomem error. 466 * Otherwise, attempt to allocate the memory and if 467 * that fails then there is no reason to continue. 468 */ 469 if (type == ENOMEM && format == NULL) 470 return (&mc_nomem_err); 471 472 if (e == NULL && (le = malloc(sizeof (mc_error_t))) == NULL) 473 return (&mc_nomem_err); 474 else 475 le = e; 476 477 le->type = type; 478 le->destroy = 1; 479 va_start(args, format); 480 size = vsnprintf(NULL, 0, format, args) + 1; 481 if (size >= RESTARTER_ERRMSGSZ) { 482 if ((le = realloc(e, sizeof (mc_error_t) + 483 (size - RESTARTER_ERRMSGSZ))) == NULL) { 484 size = RESTARTER_ERRMSGSZ - 1; 485 le = e; 486 } 487 } 488 489 le->size = size; 490 (void) vsnprintf(le->msg, le->size, format, args); 491 va_end(args); 492 493 return (le); 494 } 495 496 void 497 restarter_mc_error_destroy(mc_error_t *mc_err) 498 { 499 if (mc_err == NULL) 500 return; 501 502 /* 503 * If the error messages was allocated then free. 504 */ 505 if (mc_err->destroy) { 506 free(mc_err); 507 } 508 } 509 510 static void 511 free_restarter_event_handle(struct restarter_event_handle *h) 512 { 513 if (h == NULL) 514 return; 515 516 /* 517 * Just free the memory -- don't unbind the sysevent handle, 518 * as otherwise events may be lost if this is just a restarter 519 * restart. 520 */ 521 522 if (h->reh_restarter_name != NULL) 523 free(h->reh_restarter_name); 524 if (h->reh_delegate_channel_name != NULL) 525 free(h->reh_delegate_channel_name); 526 if (h->reh_delegate_subscriber_id != NULL) 527 free(h->reh_delegate_subscriber_id); 528 if (h->reh_master_channel_name != NULL) 529 free(h->reh_master_channel_name); 530 if (h->reh_master_subscriber_id != NULL) 531 free(h->reh_master_subscriber_id); 532 533 free(h); 534 } 535 536 char * 537 _restarter_get_channel_name(const char *fmri, int type) 538 { 539 char *name; 540 char *chan_name = malloc(MAX_CHNAME_LEN); 541 char prefix_name[3]; 542 int i; 543 544 if (chan_name == NULL) 545 return (NULL); 546 547 if (type == RESTARTER_CHANNEL_DELEGATE) 548 (void) strcpy(prefix_name, "d_"); 549 else if (type == RESTARTER_CHANNEL_MASTER) 550 (void) strcpy(prefix_name, "m_"); 551 else { 552 free(chan_name); 553 return (NULL); 554 } 555 556 /* 557 * Create a unique name 558 * 559 * Use the entire name, using a replacement of the / 560 * characters to get a better name. 561 * 562 * Remove the svc:/ from the beginning as this really 563 * isn't going to provide any uniqueness... 564 * 565 * An fmri name greater than MAX_CHNAME_LEN is going 566 * to be rejected as too long for the chan_name below 567 * in the snprintf call. 568 */ 569 if ((name = strdup(strchr(fmri, '/') + 1)) == NULL) { 570 free(chan_name); 571 return (NULL); 572 } 573 i = 0; 574 while (name[i]) { 575 if (name[i] == '/') { 576 name[i] = '_'; 577 } 578 579 i++; 580 } 581 582 /* 583 * Should check for [a-z],[A-Z],[0-9],.,_,-,: 584 */ 585 586 if (snprintf(chan_name, MAX_CHNAME_LEN, "com.sun:scf:%s%s", 587 prefix_name, name) > MAX_CHNAME_LEN) { 588 free(chan_name); 589 chan_name = NULL; 590 } 591 592 free(name); 593 return (chan_name); 594 } 595 596 int 597 cb(sysevent_t *syse, void *cookie) 598 { 599 restarter_event_handle_t *h = (restarter_event_handle_t *)cookie; 600 restarter_event_t *e; 601 nvlist_t *attr_list = NULL; 602 int ret = 0; 603 604 e = uu_zalloc(sizeof (restarter_event_t)); 605 if (e == NULL) 606 uu_die(allocfail); 607 e->re_event_handle = h; 608 e->re_sysevent = syse; 609 610 if (sysevent_get_attr_list(syse, &attr_list) != 0) 611 uu_die(allocfail); 612 613 if ((nvlist_lookup_uint32(attr_list, RESTARTER_NAME_TYPE, 614 &(e->re_type)) != 0) || 615 (nvlist_lookup_string(attr_list, 616 RESTARTER_NAME_INSTANCE, &(e->re_instance_name)) != 0)) { 617 uu_warn("%s: Can't decode nvlist for event %p\n", 618 h->reh_restarter_name, (void *)syse); 619 620 ret = 0; 621 } else { 622 ret = h->reh_handler(e); 623 } 624 625 uu_free(e); 626 nvlist_free(attr_list); 627 return (ret); 628 } 629 630 /* 631 * restarter_bind_handle(uint32_t, char *, int (*)(restarter_event_t *), int, 632 * restarter_event_handle_t **) 633 * 634 * Bind to a delegated restarter event channel. 635 * Each delegated restarter gets its own channel for resource management. 636 * 637 * Returns 0 on success or 638 * ENOTSUP version mismatch 639 * EINVAL restarter_name or event_handle is NULL 640 * ENOMEM out of memory, too many channels, or too many subscriptions 641 * EBUSY sysevent_evc_bind() could not establish binding 642 * EFAULT internal sysevent_evc_bind()/sysevent_evc_subscribe() error 643 * EMFILE out of file descriptors 644 * EPERM insufficient privilege for sysevent_evc_bind() 645 * EEXIST already subscribed 646 */ 647 int 648 restarter_bind_handle(uint32_t version, const char *restarter_name, 649 int (*event_handler)(restarter_event_t *), int flags, 650 restarter_event_handle_t **rehp) 651 { 652 restarter_event_handle_t *h; 653 size_t sz; 654 int err; 655 656 if (version != RESTARTER_EVENT_VERSION) 657 return (ENOTSUP); 658 659 if (restarter_name == NULL || event_handler == NULL) 660 return (EINVAL); 661 662 if (flags & RESTARTER_FLAG_DEBUG) 663 ndebug++; 664 665 if ((h = uu_zalloc(sizeof (restarter_event_handle_t))) == NULL) 666 return (ENOMEM); 667 668 h->reh_delegate_subscriber_id = malloc(MAX_SUBID_LEN); 669 h->reh_master_subscriber_id = malloc(MAX_SUBID_LEN); 670 h->reh_restarter_name = strdup(restarter_name); 671 if (h->reh_delegate_subscriber_id == NULL || 672 h->reh_master_subscriber_id == NULL || 673 h->reh_restarter_name == NULL) { 674 free_restarter_event_handle(h); 675 return (ENOMEM); 676 } 677 678 sz = strlcpy(h->reh_delegate_subscriber_id, "del", MAX_SUBID_LEN); 679 assert(sz < MAX_SUBID_LEN); 680 sz = strlcpy(h->reh_master_subscriber_id, "master", MAX_SUBID_LEN); 681 assert(sz < MAX_SUBID_LEN); 682 683 h->reh_delegate_channel_name = 684 _restarter_get_channel_name(restarter_name, 685 RESTARTER_CHANNEL_DELEGATE); 686 h->reh_master_channel_name = 687 _restarter_get_channel_name(restarter_name, 688 RESTARTER_CHANNEL_MASTER); 689 690 if (h->reh_delegate_channel_name == NULL || 691 h->reh_master_channel_name == NULL) { 692 free_restarter_event_handle(h); 693 return (ENOMEM); 694 } 695 696 if (sysevent_evc_bind(h->reh_delegate_channel_name, 697 &h->reh_delegate_channel, EVCH_CREAT|EVCH_HOLD_PEND) != 0) { 698 err = errno; 699 assert(err != EINVAL); 700 assert(err != ENOENT); 701 free_restarter_event_handle(h); 702 return (err); 703 } 704 705 if (sysevent_evc_bind(h->reh_master_channel_name, 706 &h->reh_master_channel, EVCH_CREAT|EVCH_HOLD_PEND) != 0) { 707 err = errno; 708 assert(err != EINVAL); 709 assert(err != ENOENT); 710 free_restarter_event_handle(h); 711 return (err); 712 } 713 714 h->reh_handler = event_handler; 715 716 assert(strlen(restarter_name) <= MAX_CLASS_LEN - 1); 717 assert(strlen(h->reh_delegate_subscriber_id) <= MAX_SUBID_LEN - 1); 718 assert(strlen(h->reh_master_subscriber_id) <= MAX_SUBID_LEN - 1); 719 720 if (sysevent_evc_subscribe(h->reh_delegate_channel, 721 h->reh_delegate_subscriber_id, EC_ALL, cb, h, EVCH_SUB_KEEP) != 0) { 722 err = errno; 723 assert(err != EINVAL); 724 free_restarter_event_handle(h); 725 return (err); 726 } 727 728 *rehp = h; 729 return (0); 730 } 731 732 restarter_event_handle_t * 733 restarter_event_get_handle(restarter_event_t *e) 734 { 735 assert(e != NULL && e->re_event_handle != NULL); 736 return (e->re_event_handle); 737 } 738 739 restarter_event_type_t 740 restarter_event_get_type(restarter_event_t *e) 741 { 742 assert(e != NULL); 743 return (e->re_type); 744 } 745 746 ssize_t 747 restarter_event_get_instance(restarter_event_t *e, char *inst, size_t sz) 748 { 749 assert(e != NULL && inst != NULL); 750 return ((ssize_t)strlcpy(inst, e->re_instance_name, sz)); 751 } 752 753 int 754 restarter_event_get_current_states(restarter_event_t *e, 755 restarter_instance_state_t *state, restarter_instance_state_t *next_state) 756 { 757 if (e == NULL) 758 return (-1); 759 *state = e->re_state; 760 *next_state = e->re_next_state; 761 return (0); 762 } 763 764 /* 765 * restarter_event_publish_retry() is a wrapper around sysevent_evc_publish(). 766 * In case, the event cannot be sent at the first attempt (sysevent_evc_publish 767 * returned EAGAIN - sysevent queue full), this function retries a few time 768 * and return ENOSPC if it reaches the retry limit. 769 * 770 * The arguments to this function map the arguments of sysevent_evc_publish(). 771 * 772 * On success, return 0. On error, return 773 * 774 * EFAULT - internal sysevent_evc_publish() error 775 * ENOMEM - internal sysevent_evc_publish() error 776 * EBADF - scp is invalid (sysevent_evc_publish() returned EINVAL) 777 * ENOSPC - sysevent queue full (sysevent_evc_publish() returned EAGAIN) 778 */ 779 int 780 restarter_event_publish_retry(evchan_t *scp, const char *class, 781 const char *subclass, const char *vendor, const char *pub_name, 782 nvlist_t *attr_list, uint32_t flags) 783 { 784 int retries, ret; 785 useconds_t retry_int = INITIAL_COMMIT_RETRY_INT; 786 787 for (retries = 0; retries < MAX_COMMIT_RETRIES; retries++) { 788 ret = sysevent_evc_publish(scp, class, subclass, vendor, 789 pub_name, attr_list, flags); 790 if (ret == 0) 791 break; 792 793 switch (ret) { 794 case EAGAIN: 795 /* Queue is full */ 796 (void) usleep(retry_int); 797 798 retry_int = min(retry_int * 2, MAX_COMMIT_RETRY_INT); 799 break; 800 801 case EINVAL: 802 ret = EBADF; 803 /* FALLTHROUGH */ 804 805 case EFAULT: 806 case ENOMEM: 807 return (ret); 808 809 case EOVERFLOW: 810 default: 811 /* internal error - abort */ 812 bad_fail("sysevent_evc_publish", ret); 813 } 814 } 815 816 if (retries == MAX_COMMIT_RETRIES) 817 ret = ENOSPC; 818 819 return (ret); 820 } 821 822 /* 823 * Commit the state, next state, and auxiliary state into the repository. 824 * Let the graph engine know about the state change and error. On success, 825 * return 0. On error, return 826 * EPROTO - librestart compiled against different libscf 827 * ENOMEM - out of memory 828 * - repository server out of resources 829 * ENOTACTIVE - repository server not running 830 * ECONNABORTED - repository connection established, but then broken 831 * - unknown libscf error 832 * ENOENT - inst does not exist in the repository 833 * EPERM - insufficient permissions 834 * EACCESS - backend access denied 835 * EROFS - backend is readonly 836 * EFAULT - internal sysevent_evc_publish() error 837 * EBADF - h is invalid (sysevent_evc_publish() returned EINVAL) 838 * ENOSPC - sysevent queue full (sysevent_evc_publish() returned EAGAIN) 839 */ 840 int 841 restarter_set_states(restarter_event_handle_t *h, const char *inst, 842 restarter_instance_state_t cur_state, 843 restarter_instance_state_t new_cur_state, 844 restarter_instance_state_t next_state, 845 restarter_instance_state_t new_next_state, restarter_error_t e, 846 restarter_str_t aux) 847 { 848 nvlist_t *attr; 849 scf_handle_t *scf_h; 850 instance_data_t id; 851 int ret = 0; 852 const char *p = restarter_get_str_short(aux); 853 854 assert(h->reh_master_channel != NULL); 855 assert(h->reh_master_channel_name != NULL); 856 assert(h->reh_master_subscriber_id != NULL); 857 858 if ((scf_h = scf_handle_create(SCF_VERSION)) == NULL) { 859 switch (scf_error()) { 860 case SCF_ERROR_VERSION_MISMATCH: 861 return (EPROTO); 862 863 case SCF_ERROR_NO_MEMORY: 864 return (ENOMEM); 865 866 default: 867 bad_fail("scf_handle_create", scf_error()); 868 } 869 } 870 871 if (scf_handle_bind(scf_h) == -1) { 872 scf_handle_destroy(scf_h); 873 switch (scf_error()) { 874 case SCF_ERROR_NO_SERVER: 875 return (ENOTACTIVE); 876 877 case SCF_ERROR_NO_RESOURCES: 878 return (ENOMEM); 879 880 case SCF_ERROR_INVALID_ARGUMENT: 881 case SCF_ERROR_IN_USE: 882 default: 883 bad_fail("scf_handle_bind", scf_error()); 884 } 885 } 886 887 if (nvlist_alloc(&attr, NV_UNIQUE_NAME, 0) != 0 || 888 nvlist_add_int32(attr, RESTARTER_NAME_STATE, new_cur_state) != 0 || 889 nvlist_add_int32(attr, RESTARTER_NAME_NEXT_STATE, new_next_state) 890 != 0 || 891 nvlist_add_int32(attr, RESTARTER_NAME_ERROR, e) != 0 || 892 nvlist_add_string(attr, RESTARTER_NAME_INSTANCE, inst) != 0 || 893 nvlist_add_int32(attr, RESTARTER_NAME_REASON, aux) != 0) { 894 ret = ENOMEM; 895 } else { 896 id.i_fmri = inst; 897 id.i_state = cur_state; 898 id.i_next_state = next_state; 899 900 ret = _restarter_commit_states(scf_h, &id, new_cur_state, 901 new_next_state, p); 902 903 if (ret == 0) { 904 ret = restarter_event_publish_retry( 905 h->reh_master_channel, "master", "state_change", 906 "com.sun", "librestart", attr, EVCH_NOSLEEP); 907 } 908 } 909 910 nvlist_free(attr); 911 (void) scf_handle_unbind(scf_h); 912 scf_handle_destroy(scf_h); 913 914 return (ret); 915 } 916 917 restarter_instance_state_t 918 restarter_string_to_state(char *string) 919 { 920 assert(string != NULL); 921 922 if (strcmp(string, SCF_STATE_STRING_NONE) == 0) 923 return (RESTARTER_STATE_NONE); 924 else if (strcmp(string, SCF_STATE_STRING_UNINIT) == 0) 925 return (RESTARTER_STATE_UNINIT); 926 else if (strcmp(string, SCF_STATE_STRING_MAINT) == 0) 927 return (RESTARTER_STATE_MAINT); 928 else if (strcmp(string, SCF_STATE_STRING_OFFLINE) == 0) 929 return (RESTARTER_STATE_OFFLINE); 930 else if (strcmp(string, SCF_STATE_STRING_DISABLED) == 0) 931 return (RESTARTER_STATE_DISABLED); 932 else if (strcmp(string, SCF_STATE_STRING_ONLINE) == 0) 933 return (RESTARTER_STATE_ONLINE); 934 else if (strcmp(string, SCF_STATE_STRING_DEGRADED) == 0) 935 return (RESTARTER_STATE_DEGRADED); 936 else { 937 return (RESTARTER_STATE_NONE); 938 } 939 } 940 941 ssize_t 942 restarter_state_to_string(restarter_instance_state_t state, char *string, 943 size_t len) 944 { 945 assert(string != NULL); 946 947 if (state == RESTARTER_STATE_NONE) 948 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_NONE, len)); 949 else if (state == RESTARTER_STATE_UNINIT) 950 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_UNINIT, len)); 951 else if (state == RESTARTER_STATE_MAINT) 952 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_MAINT, len)); 953 else if (state == RESTARTER_STATE_OFFLINE) 954 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_OFFLINE, 955 len)); 956 else if (state == RESTARTER_STATE_DISABLED) 957 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_DISABLED, 958 len)); 959 else if (state == RESTARTER_STATE_ONLINE) 960 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_ONLINE, len)); 961 else if (state == RESTARTER_STATE_DEGRADED) 962 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_DEGRADED, 963 len)); 964 else 965 return ((ssize_t)strlcpy(string, "unknown", len)); 966 } 967 968 /* 969 * Sets pg to the name property group of s_inst. If it doesn't exist, it is 970 * added. 971 * 972 * Fails with 973 * ECONNABORTED - repository disconnection or unknown libscf error 974 * EBADF - inst is not set 975 * ECANCELED - inst is deleted 976 * EPERM - permission is denied 977 * EACCES - backend denied access 978 * EROFS - backend readonly 979 */ 980 static int 981 instance_get_or_add_pg(scf_instance_t *inst, const char *name, 982 const char *type, uint32_t flags, scf_propertygroup_t *pg) 983 { 984 again: 985 if (scf_instance_get_pg(inst, name, pg) == 0) 986 return (0); 987 988 switch (scf_error()) { 989 case SCF_ERROR_CONNECTION_BROKEN: 990 default: 991 return (ECONNABORTED); 992 993 case SCF_ERROR_NOT_SET: 994 return (EBADF); 995 996 case SCF_ERROR_DELETED: 997 return (ECANCELED); 998 999 case SCF_ERROR_NOT_FOUND: 1000 break; 1001 1002 case SCF_ERROR_HANDLE_MISMATCH: 1003 case SCF_ERROR_INVALID_ARGUMENT: 1004 bad_fail("scf_instance_get_pg", scf_error()); 1005 } 1006 1007 if (scf_instance_add_pg(inst, name, type, flags, pg) == 0) 1008 return (0); 1009 1010 switch (scf_error()) { 1011 case SCF_ERROR_CONNECTION_BROKEN: 1012 default: 1013 return (ECONNABORTED); 1014 1015 case SCF_ERROR_DELETED: 1016 return (ECANCELED); 1017 1018 case SCF_ERROR_EXISTS: 1019 goto again; 1020 1021 case SCF_ERROR_PERMISSION_DENIED: 1022 return (EPERM); 1023 1024 case SCF_ERROR_BACKEND_ACCESS: 1025 return (EACCES); 1026 1027 case SCF_ERROR_BACKEND_READONLY: 1028 return (EROFS); 1029 1030 case SCF_ERROR_HANDLE_MISMATCH: 1031 case SCF_ERROR_INVALID_ARGUMENT: 1032 case SCF_ERROR_NOT_SET: /* should be caught above */ 1033 bad_fail("scf_instance_add_pg", scf_error()); 1034 } 1035 1036 return (0); 1037 } 1038 1039 /* 1040 * Fails with 1041 * ECONNABORTED 1042 * ECANCELED - pg was deleted 1043 */ 1044 static int 1045 tx_set_value(scf_transaction_t *tx, scf_transaction_entry_t *ent, 1046 const char *pname, scf_type_t ty, scf_value_t *val) 1047 { 1048 int r; 1049 1050 for (;;) { 1051 if (scf_transaction_property_change_type(tx, ent, pname, 1052 ty) == 0) 1053 break; 1054 1055 switch (scf_error()) { 1056 case SCF_ERROR_CONNECTION_BROKEN: 1057 default: 1058 return (ECONNABORTED); 1059 1060 case SCF_ERROR_DELETED: 1061 return (ECANCELED); 1062 1063 case SCF_ERROR_NOT_FOUND: 1064 break; 1065 1066 case SCF_ERROR_HANDLE_MISMATCH: 1067 case SCF_ERROR_INVALID_ARGUMENT: 1068 case SCF_ERROR_IN_USE: 1069 case SCF_ERROR_NOT_SET: 1070 bad_fail("scf_transaction_property_change_type", 1071 scf_error()); 1072 } 1073 1074 if (scf_transaction_property_new(tx, ent, pname, ty) == 0) 1075 break; 1076 1077 switch (scf_error()) { 1078 case SCF_ERROR_CONNECTION_BROKEN: 1079 default: 1080 return (ECONNABORTED); 1081 1082 case SCF_ERROR_DELETED: 1083 return (ECANCELED); 1084 1085 case SCF_ERROR_EXISTS: 1086 break; 1087 1088 case SCF_ERROR_HANDLE_MISMATCH: 1089 case SCF_ERROR_INVALID_ARGUMENT: 1090 case SCF_ERROR_IN_USE: 1091 case SCF_ERROR_NOT_SET: 1092 bad_fail("scf_transaction_property_new", scf_error()); 1093 } 1094 } 1095 1096 r = scf_entry_add_value(ent, val); 1097 assert(r == 0); 1098 1099 return (0); 1100 } 1101 1102 /* 1103 * Commit new_state, new_next_state, and aux to the repository for id. If 1104 * successful, also set id's state and next-state as given, and return 0. 1105 * Fails with 1106 * ENOMEM - out of memory 1107 * ECONNABORTED - repository connection broken 1108 * - unknown libscf error 1109 * EINVAL - id->i_fmri is invalid or not an instance FMRI 1110 * ENOENT - id->i_fmri does not exist 1111 * EPERM - insufficient permissions 1112 * EACCES - backend access denied 1113 * EROFS - backend is readonly 1114 */ 1115 int 1116 _restarter_commit_states(scf_handle_t *h, instance_data_t *id, 1117 restarter_instance_state_t new_state, 1118 restarter_instance_state_t new_state_next, const char *aux) 1119 { 1120 char str_state[MAX_SCF_STATE_STRING_SZ]; 1121 char str_new_state[MAX_SCF_STATE_STRING_SZ]; 1122 char str_state_next[MAX_SCF_STATE_STRING_SZ]; 1123 char str_new_state_next[MAX_SCF_STATE_STRING_SZ]; 1124 int ret = 0, r; 1125 struct timeval now; 1126 ssize_t sz; 1127 1128 scf_transaction_t *t = NULL; 1129 scf_transaction_entry_t *t_state = NULL, *t_state_next = NULL; 1130 scf_transaction_entry_t *t_stime = NULL, *t_aux = NULL; 1131 scf_value_t *v_state = NULL, *v_state_next = NULL, *v_stime = NULL; 1132 scf_value_t *v_aux = NULL; 1133 scf_instance_t *s_inst = NULL; 1134 scf_propertygroup_t *pg = NULL; 1135 1136 assert(new_state != RESTARTER_STATE_NONE); 1137 1138 if ((s_inst = scf_instance_create(h)) == NULL || 1139 (pg = scf_pg_create(h)) == NULL || 1140 (t = scf_transaction_create(h)) == NULL || 1141 (t_state = scf_entry_create(h)) == NULL || 1142 (t_state_next = scf_entry_create(h)) == NULL || 1143 (t_stime = scf_entry_create(h)) == NULL || 1144 (t_aux = scf_entry_create(h)) == NULL || 1145 (v_state = scf_value_create(h)) == NULL || 1146 (v_state_next = scf_value_create(h)) == NULL || 1147 (v_stime = scf_value_create(h)) == NULL || 1148 (v_aux = scf_value_create(h)) == NULL) { 1149 ret = ENOMEM; 1150 goto out; 1151 } 1152 1153 sz = restarter_state_to_string(new_state, str_new_state, 1154 sizeof (str_new_state)); 1155 assert(sz < sizeof (str_new_state)); 1156 sz = restarter_state_to_string(new_state_next, str_new_state_next, 1157 sizeof (str_new_state_next)); 1158 assert(sz < sizeof (str_new_state_next)); 1159 sz = restarter_state_to_string(id->i_state, str_state, 1160 sizeof (str_state)); 1161 assert(sz < sizeof (str_state)); 1162 sz = restarter_state_to_string(id->i_next_state, str_state_next, 1163 sizeof (str_state_next)); 1164 assert(sz < sizeof (str_state_next)); 1165 1166 ret = gettimeofday(&now, NULL); 1167 assert(ret != -1); 1168 1169 if (scf_handle_decode_fmri(h, id->i_fmri, NULL, NULL, s_inst, 1170 NULL, NULL, SCF_DECODE_FMRI_EXACT) == -1) { 1171 switch (scf_error()) { 1172 case SCF_ERROR_CONNECTION_BROKEN: 1173 default: 1174 ret = ECONNABORTED; 1175 break; 1176 1177 case SCF_ERROR_INVALID_ARGUMENT: 1178 case SCF_ERROR_CONSTRAINT_VIOLATED: 1179 ret = EINVAL; 1180 break; 1181 1182 case SCF_ERROR_NOT_FOUND: 1183 ret = ENOENT; 1184 break; 1185 1186 case SCF_ERROR_HANDLE_MISMATCH: 1187 bad_fail("scf_handle_decode_fmri", scf_error()); 1188 } 1189 goto out; 1190 } 1191 1192 1193 if (scf_value_set_astring(v_state, str_new_state) != 0 || 1194 scf_value_set_astring(v_state_next, str_new_state_next) != 0) 1195 bad_fail("scf_value_set_astring", scf_error()); 1196 1197 if (aux) { 1198 if (scf_value_set_astring(v_aux, aux) != 0) 1199 bad_fail("scf_value_set_astring", scf_error()); 1200 } 1201 1202 if (scf_value_set_time(v_stime, now.tv_sec, now.tv_usec * 1000) != 0) 1203 bad_fail("scf_value_set_time", scf_error()); 1204 1205 add_pg: 1206 switch (r = instance_get_or_add_pg(s_inst, SCF_PG_RESTARTER, 1207 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, pg)) { 1208 case 0: 1209 break; 1210 1211 case ECONNABORTED: 1212 case EPERM: 1213 case EACCES: 1214 case EROFS: 1215 ret = r; 1216 goto out; 1217 1218 case ECANCELED: 1219 ret = ENOENT; 1220 goto out; 1221 1222 case EBADF: 1223 default: 1224 bad_fail("instance_get_or_add_pg", r); 1225 } 1226 1227 for (;;) { 1228 if (scf_transaction_start(t, pg) != 0) { 1229 switch (scf_error()) { 1230 case SCF_ERROR_CONNECTION_BROKEN: 1231 default: 1232 ret = ECONNABORTED; 1233 goto out; 1234 1235 case SCF_ERROR_NOT_SET: 1236 goto add_pg; 1237 1238 case SCF_ERROR_PERMISSION_DENIED: 1239 ret = EPERM; 1240 goto out; 1241 1242 case SCF_ERROR_BACKEND_ACCESS: 1243 ret = EACCES; 1244 goto out; 1245 1246 case SCF_ERROR_BACKEND_READONLY: 1247 ret = EROFS; 1248 goto out; 1249 1250 case SCF_ERROR_HANDLE_MISMATCH: 1251 case SCF_ERROR_IN_USE: 1252 bad_fail("scf_transaction_start", scf_error()); 1253 } 1254 } 1255 1256 if ((r = tx_set_value(t, t_state, SCF_PROPERTY_STATE, 1257 SCF_TYPE_ASTRING, v_state)) != 0 || 1258 (r = tx_set_value(t, t_state_next, SCF_PROPERTY_NEXT_STATE, 1259 SCF_TYPE_ASTRING, v_state_next)) != 0 || 1260 (r = tx_set_value(t, t_stime, SCF_PROPERTY_STATE_TIMESTAMP, 1261 SCF_TYPE_TIME, v_stime)) != 0) { 1262 switch (r) { 1263 case ECONNABORTED: 1264 ret = ECONNABORTED; 1265 goto out; 1266 1267 case ECANCELED: 1268 scf_transaction_reset(t); 1269 goto add_pg; 1270 1271 default: 1272 bad_fail("tx_set_value", r); 1273 } 1274 } 1275 1276 if (aux) { 1277 if ((r = tx_set_value(t, t_aux, SCF_PROPERTY_AUX_STATE, 1278 SCF_TYPE_ASTRING, v_aux)) != 0) { 1279 switch (r) { 1280 case ECONNABORTED: 1281 ret = ECONNABORTED; 1282 goto out; 1283 1284 case ECANCELED: 1285 scf_transaction_reset(t); 1286 goto add_pg; 1287 1288 default: 1289 bad_fail("tx_set_value", r); 1290 } 1291 } 1292 } 1293 1294 ret = scf_transaction_commit(t); 1295 if (ret == 1) 1296 break; 1297 if (ret == -1) { 1298 switch (scf_error()) { 1299 case SCF_ERROR_CONNECTION_BROKEN: 1300 default: 1301 ret = ECONNABORTED; 1302 goto out; 1303 1304 case SCF_ERROR_PERMISSION_DENIED: 1305 ret = EPERM; 1306 goto out; 1307 1308 case SCF_ERROR_BACKEND_ACCESS: 1309 ret = EACCES; 1310 goto out; 1311 1312 case SCF_ERROR_BACKEND_READONLY: 1313 ret = EROFS; 1314 goto out; 1315 1316 case SCF_ERROR_NOT_SET: 1317 bad_fail("scf_transaction_commit", scf_error()); 1318 } 1319 } 1320 1321 scf_transaction_reset(t); 1322 if (scf_pg_update(pg) == -1) { 1323 switch (scf_error()) { 1324 case SCF_ERROR_CONNECTION_BROKEN: 1325 default: 1326 ret = ECONNABORTED; 1327 goto out; 1328 1329 case SCF_ERROR_NOT_SET: 1330 goto add_pg; 1331 } 1332 } 1333 } 1334 1335 id->i_state = new_state; 1336 id->i_next_state = new_state_next; 1337 ret = 0; 1338 1339 out: 1340 scf_transaction_destroy(t); 1341 scf_entry_destroy(t_state); 1342 scf_entry_destroy(t_state_next); 1343 scf_entry_destroy(t_stime); 1344 scf_entry_destroy(t_aux); 1345 scf_value_destroy(v_state); 1346 scf_value_destroy(v_state_next); 1347 scf_value_destroy(v_stime); 1348 scf_value_destroy(v_aux); 1349 scf_pg_destroy(pg); 1350 scf_instance_destroy(s_inst); 1351 1352 return (ret); 1353 } 1354 1355 /* 1356 * Fails with 1357 * EINVAL - type is invalid 1358 * ENOMEM 1359 * ECONNABORTED - repository connection broken 1360 * EBADF - s_inst is not set 1361 * ECANCELED - s_inst is deleted 1362 * EPERM - permission denied 1363 * EACCES - backend access denied 1364 * EROFS - backend readonly 1365 */ 1366 int 1367 restarter_remove_contract(scf_instance_t *s_inst, ctid_t contract_id, 1368 restarter_contract_type_t type) 1369 { 1370 scf_handle_t *h; 1371 scf_transaction_t *t = NULL; 1372 scf_transaction_entry_t *t_cid = NULL; 1373 scf_propertygroup_t *pg = NULL; 1374 scf_property_t *prop = NULL; 1375 scf_value_t *val; 1376 scf_iter_t *iter = NULL; 1377 const char *pname; 1378 int ret = 0, primary; 1379 uint64_t c; 1380 1381 switch (type) { 1382 case RESTARTER_CONTRACT_PRIMARY: 1383 primary = 1; 1384 break; 1385 case RESTARTER_CONTRACT_TRANSIENT: 1386 primary = 0; 1387 break; 1388 default: 1389 return (EINVAL); 1390 } 1391 1392 h = scf_instance_handle(s_inst); 1393 1394 pg = scf_pg_create(h); 1395 prop = scf_property_create(h); 1396 iter = scf_iter_create(h); 1397 t = scf_transaction_create(h); 1398 1399 if (pg == NULL || prop == NULL || iter == NULL || t == NULL) { 1400 ret = ENOMEM; 1401 goto remove_contract_cleanup; 1402 } 1403 1404 add: 1405 scf_transaction_destroy_children(t); 1406 ret = instance_get_or_add_pg(s_inst, SCF_PG_RESTARTER, 1407 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, pg); 1408 if (ret != 0) 1409 goto remove_contract_cleanup; 1410 1411 pname = primary? SCF_PROPERTY_CONTRACT : 1412 SCF_PROPERTY_TRANSIENT_CONTRACT; 1413 1414 for (;;) { 1415 if (scf_transaction_start(t, pg) != 0) { 1416 switch (scf_error()) { 1417 case SCF_ERROR_CONNECTION_BROKEN: 1418 default: 1419 ret = ECONNABORTED; 1420 goto remove_contract_cleanup; 1421 1422 case SCF_ERROR_DELETED: 1423 goto add; 1424 1425 case SCF_ERROR_PERMISSION_DENIED: 1426 ret = EPERM; 1427 goto remove_contract_cleanup; 1428 1429 case SCF_ERROR_BACKEND_ACCESS: 1430 ret = EACCES; 1431 goto remove_contract_cleanup; 1432 1433 case SCF_ERROR_BACKEND_READONLY: 1434 ret = EROFS; 1435 goto remove_contract_cleanup; 1436 1437 case SCF_ERROR_HANDLE_MISMATCH: 1438 case SCF_ERROR_IN_USE: 1439 case SCF_ERROR_NOT_SET: 1440 bad_fail("scf_transaction_start", scf_error()); 1441 } 1442 } 1443 1444 t_cid = scf_entry_create(h); 1445 1446 if (scf_pg_get_property(pg, pname, prop) == 0) { 1447 replace: 1448 if (scf_transaction_property_change_type(t, t_cid, 1449 pname, SCF_TYPE_COUNT) != 0) { 1450 switch (scf_error()) { 1451 case SCF_ERROR_CONNECTION_BROKEN: 1452 default: 1453 ret = ECONNABORTED; 1454 goto remove_contract_cleanup; 1455 1456 case SCF_ERROR_DELETED: 1457 scf_entry_destroy(t_cid); 1458 goto add; 1459 1460 case SCF_ERROR_NOT_FOUND: 1461 goto new; 1462 1463 case SCF_ERROR_HANDLE_MISMATCH: 1464 case SCF_ERROR_INVALID_ARGUMENT: 1465 case SCF_ERROR_IN_USE: 1466 case SCF_ERROR_NOT_SET: 1467 bad_fail( 1468 "scf_transaction_property_changetype", 1469 scf_error()); 1470 } 1471 } 1472 1473 if (scf_property_is_type(prop, SCF_TYPE_COUNT) == 0) { 1474 if (scf_iter_property_values(iter, prop) != 0) { 1475 switch (scf_error()) { 1476 case SCF_ERROR_CONNECTION_BROKEN: 1477 default: 1478 ret = ECONNABORTED; 1479 goto remove_contract_cleanup; 1480 1481 case SCF_ERROR_NOT_SET: 1482 case SCF_ERROR_HANDLE_MISMATCH: 1483 bad_fail( 1484 "scf_iter_property_values", 1485 scf_error()); 1486 } 1487 } 1488 1489 next_val: 1490 val = scf_value_create(h); 1491 if (val == NULL) { 1492 assert(scf_error() == 1493 SCF_ERROR_NO_MEMORY); 1494 ret = ENOMEM; 1495 goto remove_contract_cleanup; 1496 } 1497 1498 ret = scf_iter_next_value(iter, val); 1499 if (ret == -1) { 1500 switch (scf_error()) { 1501 case SCF_ERROR_CONNECTION_BROKEN: 1502 ret = ECONNABORTED; 1503 goto remove_contract_cleanup; 1504 1505 case SCF_ERROR_DELETED: 1506 scf_value_destroy(val); 1507 goto add; 1508 1509 case SCF_ERROR_HANDLE_MISMATCH: 1510 case SCF_ERROR_INVALID_ARGUMENT: 1511 case SCF_ERROR_PERMISSION_DENIED: 1512 default: 1513 bad_fail("scf_iter_next_value", 1514 scf_error()); 1515 } 1516 } 1517 1518 if (ret == 1) { 1519 ret = scf_value_get_count(val, &c); 1520 assert(ret == 0); 1521 1522 if (c != contract_id) { 1523 ret = scf_entry_add_value(t_cid, 1524 val); 1525 assert(ret == 0); 1526 } else { 1527 scf_value_destroy(val); 1528 } 1529 1530 goto next_val; 1531 } 1532 1533 scf_value_destroy(val); 1534 } else { 1535 switch (scf_error()) { 1536 case SCF_ERROR_CONNECTION_BROKEN: 1537 default: 1538 ret = ECONNABORTED; 1539 goto remove_contract_cleanup; 1540 1541 case SCF_ERROR_TYPE_MISMATCH: 1542 break; 1543 1544 case SCF_ERROR_INVALID_ARGUMENT: 1545 case SCF_ERROR_NOT_SET: 1546 bad_fail("scf_property_is_type", 1547 scf_error()); 1548 } 1549 } 1550 } else { 1551 switch (scf_error()) { 1552 case SCF_ERROR_CONNECTION_BROKEN: 1553 default: 1554 ret = ECONNABORTED; 1555 goto remove_contract_cleanup; 1556 1557 case SCF_ERROR_DELETED: 1558 scf_entry_destroy(t_cid); 1559 goto add; 1560 1561 case SCF_ERROR_NOT_FOUND: 1562 break; 1563 1564 case SCF_ERROR_HANDLE_MISMATCH: 1565 case SCF_ERROR_INVALID_ARGUMENT: 1566 case SCF_ERROR_NOT_SET: 1567 bad_fail("scf_pg_get_property", scf_error()); 1568 } 1569 1570 new: 1571 if (scf_transaction_property_new(t, t_cid, pname, 1572 SCF_TYPE_COUNT) != 0) { 1573 switch (scf_error()) { 1574 case SCF_ERROR_CONNECTION_BROKEN: 1575 default: 1576 ret = ECONNABORTED; 1577 goto remove_contract_cleanup; 1578 1579 case SCF_ERROR_DELETED: 1580 scf_entry_destroy(t_cid); 1581 goto add; 1582 1583 case SCF_ERROR_EXISTS: 1584 goto replace; 1585 1586 case SCF_ERROR_HANDLE_MISMATCH: 1587 case SCF_ERROR_INVALID_ARGUMENT: 1588 case SCF_ERROR_NOT_SET: 1589 bad_fail("scf_transaction_property_new", 1590 scf_error()); 1591 } 1592 } 1593 } 1594 1595 ret = scf_transaction_commit(t); 1596 if (ret == -1) { 1597 switch (scf_error()) { 1598 case SCF_ERROR_CONNECTION_BROKEN: 1599 default: 1600 ret = ECONNABORTED; 1601 goto remove_contract_cleanup; 1602 1603 case SCF_ERROR_DELETED: 1604 goto add; 1605 1606 case SCF_ERROR_PERMISSION_DENIED: 1607 ret = EPERM; 1608 goto remove_contract_cleanup; 1609 1610 case SCF_ERROR_BACKEND_ACCESS: 1611 ret = EACCES; 1612 goto remove_contract_cleanup; 1613 1614 case SCF_ERROR_BACKEND_READONLY: 1615 ret = EROFS; 1616 goto remove_contract_cleanup; 1617 1618 case SCF_ERROR_NOT_SET: 1619 bad_fail("scf_transaction_commit", scf_error()); 1620 } 1621 } 1622 if (ret == 1) { 1623 ret = 0; 1624 break; 1625 } 1626 1627 scf_transaction_destroy_children(t); 1628 if (scf_pg_update(pg) == -1) { 1629 switch (scf_error()) { 1630 case SCF_ERROR_CONNECTION_BROKEN: 1631 default: 1632 ret = ECONNABORTED; 1633 goto remove_contract_cleanup; 1634 1635 case SCF_ERROR_DELETED: 1636 goto add; 1637 1638 case SCF_ERROR_NOT_SET: 1639 bad_fail("scf_pg_update", scf_error()); 1640 } 1641 } 1642 } 1643 1644 remove_contract_cleanup: 1645 scf_transaction_destroy_children(t); 1646 scf_transaction_destroy(t); 1647 scf_iter_destroy(iter); 1648 scf_property_destroy(prop); 1649 scf_pg_destroy(pg); 1650 1651 return (ret); 1652 } 1653 1654 /* 1655 * Fails with 1656 * EINVAL - type is invalid 1657 * ENOMEM 1658 * ECONNABORTED - repository disconnection 1659 * EBADF - s_inst is not set 1660 * ECANCELED - s_inst is deleted 1661 * EPERM 1662 * EACCES 1663 * EROFS 1664 */ 1665 int 1666 restarter_store_contract(scf_instance_t *s_inst, ctid_t contract_id, 1667 restarter_contract_type_t type) 1668 { 1669 scf_handle_t *h; 1670 scf_transaction_t *t = NULL; 1671 scf_transaction_entry_t *t_cid = NULL; 1672 scf_value_t *val; 1673 scf_propertygroup_t *pg = NULL; 1674 scf_property_t *prop = NULL; 1675 scf_iter_t *iter = NULL; 1676 const char *pname; 1677 int ret = 0, primary; 1678 1679 if (type == RESTARTER_CONTRACT_PRIMARY) 1680 primary = 1; 1681 else if (type == RESTARTER_CONTRACT_TRANSIENT) 1682 primary = 0; 1683 else 1684 return (EINVAL); 1685 1686 h = scf_instance_handle(s_inst); 1687 1688 pg = scf_pg_create(h); 1689 prop = scf_property_create(h); 1690 iter = scf_iter_create(h); 1691 t = scf_transaction_create(h); 1692 1693 if (pg == NULL || prop == NULL || iter == NULL || t == NULL) { 1694 ret = ENOMEM; 1695 goto out; 1696 } 1697 1698 add: 1699 scf_transaction_destroy_children(t); 1700 ret = instance_get_or_add_pg(s_inst, SCF_PG_RESTARTER, 1701 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, pg); 1702 if (ret != 0) 1703 goto out; 1704 1705 pname = primary ? SCF_PROPERTY_CONTRACT : 1706 SCF_PROPERTY_TRANSIENT_CONTRACT; 1707 1708 for (;;) { 1709 if (scf_transaction_start(t, pg) != 0) { 1710 switch (scf_error()) { 1711 case SCF_ERROR_CONNECTION_BROKEN: 1712 default: 1713 ret = ECONNABORTED; 1714 goto out; 1715 1716 case SCF_ERROR_DELETED: 1717 goto add; 1718 1719 case SCF_ERROR_PERMISSION_DENIED: 1720 ret = EPERM; 1721 goto out; 1722 1723 case SCF_ERROR_BACKEND_ACCESS: 1724 ret = EACCES; 1725 goto out; 1726 1727 case SCF_ERROR_BACKEND_READONLY: 1728 ret = EROFS; 1729 goto out; 1730 1731 case SCF_ERROR_HANDLE_MISMATCH: 1732 case SCF_ERROR_IN_USE: 1733 case SCF_ERROR_NOT_SET: 1734 bad_fail("scf_transaction_start", scf_error()); 1735 } 1736 } 1737 1738 t_cid = scf_entry_create(h); 1739 if (t_cid == NULL) { 1740 ret = ENOMEM; 1741 goto out; 1742 } 1743 1744 if (scf_pg_get_property(pg, pname, prop) == 0) { 1745 replace: 1746 if (scf_transaction_property_change_type(t, t_cid, 1747 pname, SCF_TYPE_COUNT) != 0) { 1748 switch (scf_error()) { 1749 case SCF_ERROR_CONNECTION_BROKEN: 1750 default: 1751 ret = ECONNABORTED; 1752 goto out; 1753 1754 case SCF_ERROR_DELETED: 1755 scf_entry_destroy(t_cid); 1756 goto add; 1757 1758 case SCF_ERROR_NOT_FOUND: 1759 goto new; 1760 1761 case SCF_ERROR_HANDLE_MISMATCH: 1762 case SCF_ERROR_INVALID_ARGUMENT: 1763 case SCF_ERROR_IN_USE: 1764 case SCF_ERROR_NOT_SET: 1765 bad_fail( 1766 "scf_transaction_propert_change_type", 1767 scf_error()); 1768 } 1769 } 1770 1771 if (scf_property_is_type(prop, SCF_TYPE_COUNT) == 0) { 1772 if (scf_iter_property_values(iter, prop) != 0) { 1773 switch (scf_error()) { 1774 case SCF_ERROR_CONNECTION_BROKEN: 1775 default: 1776 ret = ECONNABORTED; 1777 goto out; 1778 1779 case SCF_ERROR_NOT_SET: 1780 case SCF_ERROR_HANDLE_MISMATCH: 1781 bad_fail( 1782 "scf_iter_property_values", 1783 scf_error()); 1784 } 1785 } 1786 1787 next_val: 1788 val = scf_value_create(h); 1789 if (val == NULL) { 1790 assert(scf_error() == 1791 SCF_ERROR_NO_MEMORY); 1792 ret = ENOMEM; 1793 goto out; 1794 } 1795 1796 ret = scf_iter_next_value(iter, val); 1797 if (ret == -1) { 1798 switch (scf_error()) { 1799 case SCF_ERROR_CONNECTION_BROKEN: 1800 default: 1801 ret = ECONNABORTED; 1802 goto out; 1803 1804 case SCF_ERROR_DELETED: 1805 scf_value_destroy(val); 1806 goto add; 1807 1808 case SCF_ERROR_HANDLE_MISMATCH: 1809 case SCF_ERROR_INVALID_ARGUMENT: 1810 case SCF_ERROR_PERMISSION_DENIED: 1811 bad_fail( 1812 "scf_iter_next_value", 1813 scf_error()); 1814 } 1815 } 1816 1817 if (ret == 1) { 1818 ret = scf_entry_add_value(t_cid, val); 1819 assert(ret == 0); 1820 1821 goto next_val; 1822 } 1823 1824 scf_value_destroy(val); 1825 } else { 1826 switch (scf_error()) { 1827 case SCF_ERROR_CONNECTION_BROKEN: 1828 default: 1829 ret = ECONNABORTED; 1830 goto out; 1831 1832 case SCF_ERROR_TYPE_MISMATCH: 1833 break; 1834 1835 case SCF_ERROR_INVALID_ARGUMENT: 1836 case SCF_ERROR_NOT_SET: 1837 bad_fail("scf_property_is_type", 1838 scf_error()); 1839 } 1840 } 1841 } else { 1842 switch (scf_error()) { 1843 case SCF_ERROR_CONNECTION_BROKEN: 1844 default: 1845 ret = ECONNABORTED; 1846 goto out; 1847 1848 case SCF_ERROR_DELETED: 1849 scf_entry_destroy(t_cid); 1850 goto add; 1851 1852 case SCF_ERROR_NOT_FOUND: 1853 break; 1854 1855 case SCF_ERROR_HANDLE_MISMATCH: 1856 case SCF_ERROR_INVALID_ARGUMENT: 1857 case SCF_ERROR_NOT_SET: 1858 bad_fail("scf_pg_get_property", scf_error()); 1859 } 1860 1861 new: 1862 if (scf_transaction_property_new(t, t_cid, pname, 1863 SCF_TYPE_COUNT) != 0) { 1864 switch (scf_error()) { 1865 case SCF_ERROR_CONNECTION_BROKEN: 1866 default: 1867 ret = ECONNABORTED; 1868 goto out; 1869 1870 case SCF_ERROR_DELETED: 1871 scf_entry_destroy(t_cid); 1872 goto add; 1873 1874 case SCF_ERROR_EXISTS: 1875 goto replace; 1876 1877 case SCF_ERROR_HANDLE_MISMATCH: 1878 case SCF_ERROR_INVALID_ARGUMENT: 1879 case SCF_ERROR_NOT_SET: 1880 bad_fail("scf_transaction_property_new", 1881 scf_error()); 1882 } 1883 } 1884 } 1885 1886 val = scf_value_create(h); 1887 if (val == NULL) { 1888 assert(scf_error() == SCF_ERROR_NO_MEMORY); 1889 ret = ENOMEM; 1890 goto out; 1891 } 1892 1893 scf_value_set_count(val, contract_id); 1894 ret = scf_entry_add_value(t_cid, val); 1895 assert(ret == 0); 1896 1897 ret = scf_transaction_commit(t); 1898 if (ret == -1) { 1899 switch (scf_error()) { 1900 case SCF_ERROR_CONNECTION_BROKEN: 1901 default: 1902 ret = ECONNABORTED; 1903 goto out; 1904 1905 case SCF_ERROR_DELETED: 1906 goto add; 1907 1908 case SCF_ERROR_PERMISSION_DENIED: 1909 ret = EPERM; 1910 goto out; 1911 1912 case SCF_ERROR_BACKEND_ACCESS: 1913 ret = EACCES; 1914 goto out; 1915 1916 case SCF_ERROR_BACKEND_READONLY: 1917 ret = EROFS; 1918 goto out; 1919 1920 case SCF_ERROR_NOT_SET: 1921 bad_fail("scf_transaction_commit", scf_error()); 1922 } 1923 } 1924 if (ret == 1) { 1925 ret = 0; 1926 break; 1927 } 1928 1929 scf_transaction_destroy_children(t); 1930 if (scf_pg_update(pg) == -1) { 1931 switch (scf_error()) { 1932 case SCF_ERROR_CONNECTION_BROKEN: 1933 default: 1934 ret = ECONNABORTED; 1935 goto out; 1936 1937 case SCF_ERROR_DELETED: 1938 goto add; 1939 1940 case SCF_ERROR_NOT_SET: 1941 bad_fail("scf_pg_update", scf_error()); 1942 } 1943 } 1944 } 1945 1946 out: 1947 scf_transaction_destroy_children(t); 1948 scf_transaction_destroy(t); 1949 scf_iter_destroy(iter); 1950 scf_property_destroy(prop); 1951 scf_pg_destroy(pg); 1952 1953 return (ret); 1954 } 1955 1956 int 1957 restarter_rm_libs_loadable() 1958 { 1959 void *libhndl; 1960 1961 if (method_context_safety) 1962 return (1); 1963 1964 if ((libhndl = dlopen("libpool.so", RTLD_LAZY | RTLD_LOCAL)) == NULL) 1965 return (0); 1966 1967 (void) dlclose(libhndl); 1968 1969 if ((libhndl = dlopen("libproject.so", RTLD_LAZY | RTLD_LOCAL)) == NULL) 1970 return (0); 1971 1972 (void) dlclose(libhndl); 1973 1974 method_context_safety = 1; 1975 1976 return (1); 1977 } 1978 1979 static int 1980 get_astring_val(scf_propertygroup_t *pg, const char *name, char *buf, 1981 size_t bufsz, scf_property_t *prop, scf_value_t *val) 1982 { 1983 ssize_t szret; 1984 1985 if (pg == NULL) 1986 return (-1); 1987 1988 if (scf_pg_get_property(pg, name, prop) != SCF_SUCCESS) { 1989 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) 1990 uu_die(rcbroken); 1991 return (-1); 1992 } 1993 1994 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 1995 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) 1996 uu_die(rcbroken); 1997 return (-1); 1998 } 1999 2000 szret = scf_value_get_astring(val, buf, bufsz); 2001 2002 return (szret >= 0 ? 0 : -1); 2003 } 2004 2005 static int 2006 get_boolean_val(scf_propertygroup_t *pg, const char *name, uint8_t *b, 2007 scf_property_t *prop, scf_value_t *val) 2008 { 2009 if (scf_pg_get_property(pg, name, prop) != SCF_SUCCESS) { 2010 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) 2011 uu_die(rcbroken); 2012 return (-1); 2013 } 2014 2015 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 2016 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) 2017 uu_die(rcbroken); 2018 return (-1); 2019 } 2020 2021 if (scf_value_get_boolean(val, b)) 2022 return (-1); 2023 2024 return (0); 2025 } 2026 2027 /* 2028 * Try to load mcp->pwd, if it isn't already. 2029 * Fails with 2030 * ENOMEM - malloc() failed 2031 * ENOENT - no entry found 2032 * EIO - I/O error 2033 * EMFILE - process out of file descriptors 2034 * ENFILE - system out of file handles 2035 */ 2036 static int 2037 lookup_pwd(struct method_context *mcp) 2038 { 2039 struct passwd *pwdp; 2040 2041 if (mcp->pwbuf != NULL && mcp->pwd.pw_uid == mcp->uid) 2042 return (0); 2043 2044 if (mcp->pwbuf == NULL) { 2045 mcp->pwbufsz = sysconf(_SC_GETPW_R_SIZE_MAX); 2046 assert(mcp->pwbufsz >= 0); 2047 mcp->pwbuf = malloc(mcp->pwbufsz); 2048 if (mcp->pwbuf == NULL) 2049 return (ENOMEM); 2050 } 2051 2052 do { 2053 errno = 0; 2054 pwdp = getpwuid_r(mcp->uid, &mcp->pwd, mcp->pwbuf, 2055 mcp->pwbufsz); 2056 } while (pwdp == NULL && errno == EINTR); 2057 if (pwdp != NULL) 2058 return (0); 2059 2060 free(mcp->pwbuf); 2061 mcp->pwbuf = NULL; 2062 2063 switch (errno) { 2064 case 0: 2065 default: 2066 /* 2067 * Until bug 5065780 is fixed, getpwuid_r() can fail with 2068 * ENOENT, particularly on the miniroot. Since the 2069 * documentation is inaccurate, we'll return ENOENT for unknown 2070 * errors. 2071 */ 2072 return (ENOENT); 2073 2074 case EIO: 2075 case EMFILE: 2076 case ENFILE: 2077 return (errno); 2078 2079 case ERANGE: 2080 bad_fail("getpwuid_r", errno); 2081 /* NOTREACHED */ 2082 } 2083 } 2084 2085 /* 2086 * Get the user id for str. Returns 0 on success or 2087 * ERANGE the uid is too big 2088 * EINVAL the string starts with a digit, but is not a valid uid 2089 * ENOMEM out of memory 2090 * ENOENT no passwd entry for str 2091 * EIO an I/O error has occurred 2092 * EMFILE/ENFILE out of file descriptors 2093 */ 2094 int 2095 get_uid(const char *str, struct method_context *ci, uid_t *uidp) 2096 { 2097 if (isdigit(str[0])) { 2098 uid_t uid; 2099 char *cp; 2100 2101 errno = 0; 2102 uid = strtol(str, &cp, 10); 2103 2104 if (uid == 0 && errno != 0) { 2105 assert(errno != EINVAL); 2106 return (errno); 2107 } 2108 2109 for (; *cp != '\0'; ++cp) 2110 if (*cp != ' ' || *cp != '\t') 2111 return (EINVAL); 2112 2113 if (uid > UID_MAX) 2114 return (EINVAL); 2115 2116 *uidp = uid; 2117 return (0); 2118 } else { 2119 struct passwd *pwdp; 2120 2121 if (ci->pwbuf == NULL) { 2122 ci->pwbufsz = sysconf(_SC_GETPW_R_SIZE_MAX); 2123 ci->pwbuf = malloc(ci->pwbufsz); 2124 if (ci->pwbuf == NULL) 2125 return (ENOMEM); 2126 } 2127 2128 do { 2129 errno = 0; 2130 pwdp = 2131 getpwnam_r(str, &ci->pwd, ci->pwbuf, ci->pwbufsz); 2132 } while (pwdp == NULL && errno == EINTR); 2133 2134 if (pwdp != NULL) { 2135 *uidp = ci->pwd.pw_uid; 2136 return (0); 2137 } else { 2138 free(ci->pwbuf); 2139 ci->pwbuf = NULL; 2140 switch (errno) { 2141 case 0: 2142 return (ENOENT); 2143 2144 case ENOENT: 2145 case EIO: 2146 case EMFILE: 2147 case ENFILE: 2148 return (errno); 2149 2150 case ERANGE: 2151 default: 2152 bad_fail("getpwnam_r", errno); 2153 /* NOTREACHED */ 2154 } 2155 } 2156 } 2157 } 2158 2159 gid_t 2160 get_gid(const char *str) 2161 { 2162 if (isdigit(str[0])) { 2163 gid_t gid; 2164 char *cp; 2165 2166 errno = 0; 2167 gid = strtol(str, &cp, 10); 2168 2169 if (gid == 0 && errno != 0) 2170 return ((gid_t)-1); 2171 2172 for (; *cp != '\0'; ++cp) 2173 if (*cp != ' ' || *cp != '\t') 2174 return ((gid_t)-1); 2175 2176 return (gid); 2177 } else { 2178 struct group grp, *ret; 2179 char *buffer; 2180 size_t buflen; 2181 2182 buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 2183 buffer = malloc(buflen); 2184 if (buffer == NULL) 2185 uu_die(allocfail); 2186 2187 errno = 0; 2188 ret = getgrnam_r(str, &grp, buffer, buflen); 2189 free(buffer); 2190 2191 return (ret == NULL ? (gid_t)-1 : grp.gr_gid); 2192 } 2193 } 2194 2195 /* 2196 * Fails with 2197 * ENOMEM - out of memory 2198 * ENOENT - no passwd entry 2199 * no project entry 2200 * EIO - an I/O error occurred 2201 * EMFILE - the process is out of file descriptors 2202 * ENFILE - the system is out of file handles 2203 * ERANGE - the project id is out of range 2204 * EINVAL - str is invalid 2205 * E2BIG - the project entry was too big 2206 * -1 - the name service switch is misconfigured 2207 */ 2208 int 2209 get_projid(const char *str, struct method_context *cip) 2210 { 2211 int ret; 2212 void *buf; 2213 const size_t bufsz = PROJECT_BUFSZ; 2214 struct project proj, *pp; 2215 2216 if (strcmp(str, ":default") == 0) { 2217 if (cip->uid == 0) { 2218 /* Don't change project for root services */ 2219 cip->project = NULL; 2220 return (0); 2221 } 2222 2223 switch (ret = lookup_pwd(cip)) { 2224 case 0: 2225 break; 2226 2227 case ENOMEM: 2228 case ENOENT: 2229 case EIO: 2230 case EMFILE: 2231 case ENFILE: 2232 return (ret); 2233 2234 default: 2235 bad_fail("lookup_pwd", ret); 2236 } 2237 2238 buf = malloc(bufsz); 2239 if (buf == NULL) 2240 return (ENOMEM); 2241 2242 do { 2243 errno = 0; 2244 pp = getdefaultproj(cip->pwd.pw_name, &proj, buf, 2245 bufsz); 2246 } while (pp == NULL && errno == EINTR); 2247 2248 /* to be continued ... */ 2249 } else { 2250 projid_t projid; 2251 char *cp; 2252 2253 if (!isdigit(str[0])) { 2254 cip->project = strdup(str); 2255 return (cip->project != NULL ? 0 : ENOMEM); 2256 } 2257 2258 errno = 0; 2259 projid = strtol(str, &cp, 10); 2260 2261 if (projid == 0 && errno != 0) { 2262 assert(errno == ERANGE); 2263 return (errno); 2264 } 2265 2266 for (; *cp != '\0'; ++cp) 2267 if (*cp != ' ' || *cp != '\t') 2268 return (EINVAL); 2269 2270 if (projid > MAXPROJID) 2271 return (ERANGE); 2272 2273 buf = malloc(bufsz); 2274 if (buf == NULL) 2275 return (ENOMEM); 2276 2277 do { 2278 errno = 0; 2279 pp = getprojbyid(projid, &proj, buf, bufsz); 2280 } while (pp == NULL && errno == EINTR); 2281 } 2282 2283 if (pp) { 2284 cip->project = strdup(pp->pj_name); 2285 free(buf); 2286 return (cip->project != NULL ? 0 : ENOMEM); 2287 } 2288 2289 free(buf); 2290 2291 switch (errno) { 2292 case 0: 2293 return (ENOENT); 2294 2295 case EIO: 2296 case EMFILE: 2297 case ENFILE: 2298 return (errno); 2299 2300 case ERANGE: 2301 return (E2BIG); 2302 2303 default: 2304 return (-1); 2305 } 2306 } 2307 2308 /* 2309 * Parse the supp_groups property value and populate ci->groups. Returns 2310 * EINVAL (get_gid() failed for one of the components), E2BIG (the property has 2311 * more than NGROUPS_MAX-1 groups), or 0 on success. 2312 */ 2313 int 2314 get_groups(char *str, struct method_context *ci) 2315 { 2316 char *cp, *end, *next; 2317 uint_t i; 2318 2319 const char * const whitespace = " \t"; 2320 const char * const illegal = ", \t"; 2321 2322 if (str[0] == '\0') { 2323 ci->ngroups = 0; 2324 return (0); 2325 } 2326 2327 for (cp = str, i = 0; *cp != '\0'; ) { 2328 /* skip whitespace */ 2329 cp += strspn(cp, whitespace); 2330 2331 /* find the end */ 2332 end = cp + strcspn(cp, illegal); 2333 2334 /* skip whitespace after end */ 2335 next = end + strspn(end, whitespace); 2336 2337 /* if there's a comma, it separates the fields */ 2338 if (*next == ',') 2339 ++next; 2340 2341 *end = '\0'; 2342 2343 if ((ci->groups[i] = get_gid(cp)) == (gid_t)-1) { 2344 ci->ngroups = 0; 2345 return (EINVAL); 2346 } 2347 2348 ++i; 2349 if (i > NGROUPS_MAX - 1) { 2350 ci->ngroups = 0; 2351 return (E2BIG); 2352 } 2353 2354 cp = next; 2355 } 2356 2357 ci->ngroups = i; 2358 return (0); 2359 } 2360 2361 2362 /* 2363 * Return an error message structure containing the error message 2364 * with context, and the error so the caller can make a decision 2365 * on what to do next. 2366 * 2367 * Because get_ids uses the mc_error_create() function which can 2368 * reallocate the merr, this function must return the merr pointer 2369 * in case it was reallocated. 2370 */ 2371 static mc_error_t * 2372 get_profile(scf_propertygroup_t *methpg, scf_propertygroup_t *instpg, 2373 scf_property_t *prop, scf_value_t *val, const char *cmdline, 2374 struct method_context *ci, mc_error_t *merr) 2375 { 2376 char *buf = ci->vbuf; 2377 ssize_t buf_sz = ci->vbuf_sz; 2378 char cmd[PATH_MAX]; 2379 char *cp, *value; 2380 const char *cmdp; 2381 execattr_t *eap; 2382 mc_error_t *err = merr; 2383 int r; 2384 2385 if (!(get_astring_val(methpg, SCF_PROPERTY_PROFILE, buf, buf_sz, prop, 2386 val) == 0 || get_astring_val(instpg, SCF_PROPERTY_PROFILE, buf, 2387 buf_sz, prop, val) == 0)) 2388 return (mc_error_create(merr, scf_error(), 2389 "Method context requires a profile, but the \"%s\" " 2390 "property could not be read. scf_error is %s", 2391 SCF_PROPERTY_PROFILE, scf_strerror(scf_error()))); 2392 2393 /* Extract the command from the command line. */ 2394 cp = strpbrk(cmdline, " \t"); 2395 2396 if (cp == NULL) { 2397 cmdp = cmdline; 2398 } else { 2399 (void) strncpy(cmd, cmdline, cp - cmdline); 2400 cmd[cp - cmdline] = '\0'; 2401 cmdp = cmd; 2402 } 2403 2404 /* Require that cmdp[0] == '/'? */ 2405 2406 eap = getexecprof(buf, KV_COMMAND, cmdp, GET_ONE); 2407 if (eap == NULL) 2408 return (mc_error_create(merr, ENOENT, 2409 "Could not find the execution profile \"%s\", " 2410 "command %s.", buf, cmdp)); 2411 2412 /* Based on pfexec.c */ 2413 2414 /* Get the euid first so we don't override ci->pwd for the uid. */ 2415 if ((value = kva_match(eap->attr, EXECATTR_EUID_KW)) != NULL) { 2416 if ((r = get_uid(value, ci, &ci->euid)) != 0) { 2417 ci->euid = (uid_t)-1; 2418 err = mc_error_create(merr, r, 2419 "Could not interpret profile euid value \"%s\", " 2420 "from the execution profile \"%s\", error %d.", 2421 value, buf, r); 2422 goto out; 2423 } 2424 } 2425 2426 if ((value = kva_match(eap->attr, EXECATTR_UID_KW)) != NULL) { 2427 if ((r = get_uid(value, ci, &ci->uid)) != 0) { 2428 ci->euid = ci->uid = (uid_t)-1; 2429 err = mc_error_create(merr, r, 2430 "Could not interpret profile uid value \"%s\", " 2431 "from the execution profile \"%s\", error %d.", 2432 value, buf, r); 2433 goto out; 2434 } 2435 ci->euid = ci->uid; 2436 } 2437 2438 if ((value = kva_match(eap->attr, EXECATTR_GID_KW)) != NULL) { 2439 ci->egid = ci->gid = get_gid(value); 2440 if (ci->gid == (gid_t)-1) { 2441 err = mc_error_create(merr, EINVAL, 2442 "Could not interpret profile gid value \"%s\", " 2443 "from the execution profile \"%s\".", value, buf); 2444 goto out; 2445 } 2446 } 2447 2448 if ((value = kva_match(eap->attr, EXECATTR_EGID_KW)) != NULL) { 2449 ci->egid = get_gid(value); 2450 if (ci->egid == (gid_t)-1) { 2451 err = mc_error_create(merr, EINVAL, 2452 "Could not interpret profile egid value \"%s\", " 2453 "from the execution profile \"%s\".", value, buf); 2454 goto out; 2455 } 2456 } 2457 2458 if ((value = kva_match(eap->attr, EXECATTR_LPRIV_KW)) != NULL) { 2459 ci->lpriv_set = priv_str_to_set(value, ",", NULL); 2460 if (ci->lpriv_set == NULL) { 2461 if (errno != EINVAL) 2462 err = mc_error_create(merr, ENOMEM, 2463 ALLOCFAIL); 2464 else 2465 err = mc_error_create(merr, EINVAL, 2466 "Could not interpret profile " 2467 "limitprivs value \"%s\", from " 2468 "the execution profile \"%s\".", 2469 value, buf); 2470 goto out; 2471 } 2472 } 2473 2474 if ((value = kva_match(eap->attr, EXECATTR_IPRIV_KW)) != NULL) { 2475 ci->priv_set = priv_str_to_set(value, ",", NULL); 2476 if (ci->priv_set == NULL) { 2477 if (errno != EINVAL) 2478 err = mc_error_create(merr, ENOMEM, 2479 ALLOCFAIL); 2480 else 2481 err = mc_error_create(merr, EINVAL, 2482 "Could not interpret profile privs value " 2483 "\"%s\", from the execution profile " 2484 "\"%s\".", value, buf); 2485 goto out; 2486 } 2487 } 2488 2489 out: 2490 free_execattr(eap); 2491 2492 return (err); 2493 } 2494 2495 /* 2496 * Return an error message structure containing the error message 2497 * with context, and the error so the caller can make a decision 2498 * on what to do next. 2499 * 2500 * Because get_ids uses the mc_error_create() function which can 2501 * reallocate the merr, this function must return the merr pointer 2502 * in case it was reallocated. 2503 */ 2504 static mc_error_t * 2505 get_ids(scf_propertygroup_t *methpg, scf_propertygroup_t *instpg, 2506 scf_property_t *prop, scf_value_t *val, struct method_context *ci, 2507 mc_error_t *merr) 2508 { 2509 char *vbuf = ci->vbuf; 2510 ssize_t vbuf_sz = ci->vbuf_sz; 2511 int r; 2512 2513 /* 2514 * This should never happen because the caller should fall through 2515 * another path of just setting the ids to defaults, instead of 2516 * attempting to get the ids here. 2517 */ 2518 if (methpg == NULL && instpg == NULL) 2519 return (mc_error_create(merr, ENOENT, 2520 "No property groups to get ids from.")); 2521 2522 if (!(get_astring_val(methpg, SCF_PROPERTY_USER, 2523 vbuf, vbuf_sz, prop, val) == 0 || get_astring_val(instpg, 2524 SCF_PROPERTY_USER, vbuf, vbuf_sz, prop, 2525 val) == 0)) 2526 return (mc_error_create(merr, ENOENT, 2527 "Could not get \"%s\" property.", SCF_PROPERTY_USER)); 2528 2529 if ((r = get_uid(vbuf, ci, &ci->uid)) != 0) { 2530 ci->uid = (uid_t)-1; 2531 return (mc_error_create(merr, r, 2532 "Could not interpret \"%s\" property value \"%s\", " 2533 "error %d.", SCF_PROPERTY_USER, vbuf, r)); 2534 } 2535 2536 if (!(get_astring_val(methpg, SCF_PROPERTY_GROUP, vbuf, vbuf_sz, prop, 2537 val) == 0 || get_astring_val(instpg, SCF_PROPERTY_GROUP, vbuf, 2538 vbuf_sz, prop, val) == 0)) { 2539 if (scf_error() == SCF_ERROR_NOT_FOUND) { 2540 (void) strcpy(vbuf, ":default"); 2541 } else { 2542 return (mc_error_create(merr, ENOENT, 2543 "Could not get \"%s\" property.", 2544 SCF_PROPERTY_GROUP)); 2545 } 2546 } 2547 2548 if (strcmp(vbuf, ":default") != 0) { 2549 ci->gid = get_gid(vbuf); 2550 if (ci->gid == (gid_t)-1) { 2551 return (mc_error_create(merr, ENOENT, 2552 "Could not interpret \"%s\" property value \"%s\".", 2553 SCF_PROPERTY_GROUP, vbuf)); 2554 } 2555 } else { 2556 switch (r = lookup_pwd(ci)) { 2557 case 0: 2558 ci->gid = ci->pwd.pw_gid; 2559 break; 2560 2561 case ENOENT: 2562 ci->gid = (gid_t)-1; 2563 return (mc_error_create(merr, ENOENT, 2564 "No passwd entry for uid \"%d\".", ci->uid)); 2565 2566 case ENOMEM: 2567 return (mc_error_create(merr, ENOMEM, 2568 "Out of memory.")); 2569 2570 case EIO: 2571 case EMFILE: 2572 case ENFILE: 2573 return (mc_error_create(merr, ENFILE, 2574 "getpwuid_r() failed, error %d.", r)); 2575 2576 default: 2577 bad_fail("lookup_pwd", r); 2578 } 2579 } 2580 2581 if (!(get_astring_val(methpg, SCF_PROPERTY_SUPP_GROUPS, vbuf, vbuf_sz, 2582 prop, val) == 0 || get_astring_val(instpg, 2583 SCF_PROPERTY_SUPP_GROUPS, vbuf, vbuf_sz, prop, val) == 0)) { 2584 if (scf_error() == SCF_ERROR_NOT_FOUND) { 2585 (void) strcpy(vbuf, ":default"); 2586 } else { 2587 return (mc_error_create(merr, ENOENT, 2588 "Could not get supplemental groups (\"%s\") " 2589 "property.", SCF_PROPERTY_SUPP_GROUPS)); 2590 } 2591 } 2592 2593 if (strcmp(vbuf, ":default") != 0) { 2594 switch (r = get_groups(vbuf, ci)) { 2595 case 0: 2596 break; 2597 2598 case EINVAL: 2599 return (mc_error_create(merr, EINVAL, 2600 "Could not interpret supplemental groups (\"%s\") " 2601 "property value \"%s\".", SCF_PROPERTY_SUPP_GROUPS, 2602 vbuf)); 2603 2604 case E2BIG: 2605 return (mc_error_create(merr, E2BIG, 2606 "Too many supplemental groups values in \"%s\".", 2607 vbuf)); 2608 2609 default: 2610 bad_fail("get_groups", r); 2611 } 2612 } else { 2613 ci->ngroups = -1; 2614 } 2615 2616 if (!(get_astring_val(methpg, SCF_PROPERTY_PRIVILEGES, vbuf, vbuf_sz, 2617 prop, val) == 0 || get_astring_val(instpg, SCF_PROPERTY_PRIVILEGES, 2618 vbuf, vbuf_sz, prop, val) == 0)) { 2619 if (scf_error() == SCF_ERROR_NOT_FOUND) { 2620 (void) strcpy(vbuf, ":default"); 2621 } else { 2622 return (mc_error_create(merr, ENOENT, 2623 "Could not get \"%s\" property.", 2624 SCF_PROPERTY_PRIVILEGES)); 2625 } 2626 } 2627 2628 /* 2629 * For default privs, we need to keep priv_set == NULL, as 2630 * we use this test elsewhere. 2631 */ 2632 if (strcmp(vbuf, ":default") != 0) { 2633 ci->priv_set = priv_str_to_set(vbuf, ",", NULL); 2634 if (ci->priv_set == NULL) { 2635 if (errno != EINVAL) { 2636 return (mc_error_create(merr, ENOMEM, 2637 ALLOCFAIL)); 2638 } else { 2639 return (mc_error_create(merr, EINVAL, 2640 "Could not interpret \"%s\" " 2641 "property value \"%s\".", 2642 SCF_PROPERTY_PRIVILEGES, vbuf)); 2643 } 2644 } 2645 } 2646 2647 if (!(get_astring_val(methpg, SCF_PROPERTY_LIMIT_PRIVILEGES, vbuf, 2648 vbuf_sz, prop, val) == 0 || get_astring_val(instpg, 2649 SCF_PROPERTY_LIMIT_PRIVILEGES, vbuf, vbuf_sz, prop, val) == 0)) { 2650 if (scf_error() == SCF_ERROR_NOT_FOUND) { 2651 (void) strcpy(vbuf, ":default"); 2652 } else { 2653 return (mc_error_create(merr, ENOENT, 2654 "Could not get \"%s\" property.", 2655 SCF_PROPERTY_LIMIT_PRIVILEGES)); 2656 } 2657 } 2658 2659 if (strcmp(vbuf, ":default") == 0) 2660 /* 2661 * L must default to all privileges so root NPA services see 2662 * iE = all. "zone" is all privileges available in the current 2663 * zone, equivalent to "all" in the global zone. 2664 */ 2665 (void) strcpy(vbuf, "zone"); 2666 2667 ci->lpriv_set = priv_str_to_set(vbuf, ",", NULL); 2668 if (ci->lpriv_set == NULL) { 2669 if (errno != EINVAL) { 2670 return (mc_error_create(merr, ENOMEM, ALLOCFAIL)); 2671 } else { 2672 return (mc_error_create(merr, EINVAL, 2673 "Could not interpret \"%s\" property value \"%s\".", 2674 SCF_PROPERTY_LIMIT_PRIVILEGES, vbuf)); 2675 } 2676 } 2677 2678 return (merr); 2679 } 2680 2681 static int 2682 get_environment(scf_handle_t *h, scf_propertygroup_t *pg, 2683 struct method_context *mcp, scf_property_t *prop, scf_value_t *val) 2684 { 2685 scf_iter_t *iter; 2686 scf_type_t type; 2687 size_t i = 0; 2688 int ret; 2689 2690 if (scf_pg_get_property(pg, SCF_PROPERTY_ENVIRONMENT, prop) != 0) { 2691 if (scf_error() == SCF_ERROR_NOT_FOUND) 2692 return (ENOENT); 2693 return (scf_error()); 2694 } 2695 if (scf_property_type(prop, &type) != 0) 2696 return (scf_error()); 2697 if (type != SCF_TYPE_ASTRING) 2698 return (EINVAL); 2699 if ((iter = scf_iter_create(h)) == NULL) 2700 return (scf_error()); 2701 2702 if (scf_iter_property_values(iter, prop) != 0) { 2703 ret = scf_error(); 2704 scf_iter_destroy(iter); 2705 return (ret); 2706 } 2707 2708 mcp->env_sz = 10; 2709 2710 if ((mcp->env = uu_zalloc(sizeof (*mcp->env) * mcp->env_sz)) == NULL) { 2711 ret = ENOMEM; 2712 goto out; 2713 } 2714 2715 while ((ret = scf_iter_next_value(iter, val)) == 1) { 2716 ret = scf_value_get_as_string(val, mcp->vbuf, mcp->vbuf_sz); 2717 if (ret == -1) { 2718 ret = scf_error(); 2719 goto out; 2720 } 2721 2722 if ((mcp->env[i] = strdup(mcp->vbuf)) == NULL) { 2723 ret = ENOMEM; 2724 goto out; 2725 } 2726 2727 if (++i == mcp->env_sz) { 2728 char **env; 2729 mcp->env_sz *= 2; 2730 env = uu_zalloc(sizeof (*mcp->env) * mcp->env_sz); 2731 if (env == NULL) { 2732 ret = ENOMEM; 2733 goto out; 2734 } 2735 (void) memcpy(env, mcp->env, 2736 sizeof (*mcp->env) * (mcp->env_sz / 2)); 2737 free(mcp->env); 2738 mcp->env = env; 2739 } 2740 } 2741 2742 if (ret == -1) 2743 ret = scf_error(); 2744 2745 out: 2746 scf_iter_destroy(iter); 2747 return (ret); 2748 } 2749 2750 /* 2751 * Fetch method context information from the repository, allocate and fill 2752 * a method_context structure, return it in *mcpp, and return NULL. 2753 * 2754 * If no method_context is defined, original init context is provided, where 2755 * the working directory is '/', and uid/gid are 0/0. But if a method_context 2756 * is defined at any level the smf_method(5) method_context defaults are used. 2757 * 2758 * Return an error message structure containing the error message 2759 * with context, and the error so the caller can make a decision 2760 * on what to do next. 2761 * 2762 * Error Types : 2763 * E2BIG Too many values or entry is too big 2764 * EINVAL Invalid value 2765 * EIO an I/O error has occured 2766 * ENOENT no entry for value 2767 * ENOMEM out of memory 2768 * ENOTSUP Version mismatch 2769 * ERANGE value is out of range 2770 * EMFILE/ENFILE out of file descriptors 2771 * 2772 * SCF_ERROR_BACKEND_ACCESS 2773 * SCF_ERROR_CONNECTION_BROKEN 2774 * SCF_ERROR_DELETED 2775 * SCF_ERROR_CONSTRAINT_VIOLATED 2776 * SCF_ERROR_HANDLE_DESTROYED 2777 * SCF_ERROR_INTERNAL 2778 * SCF_ERROR_INVALID_ARGUMENT 2779 * SCF_ERROR_NO_MEMORY 2780 * SCF_ERROR_NO_RESOURCES 2781 * SCF_ERROR_NOT_BOUND 2782 * SCF_ERROR_NOT_FOUND 2783 * SCF_ERROR_NOT_SET 2784 * SCF_ERROR_TYPE_MISMATCH 2785 * 2786 */ 2787 mc_error_t * 2788 restarter_get_method_context(uint_t version, scf_instance_t *inst, 2789 scf_snapshot_t *snap, const char *mname, const char *cmdline, 2790 struct method_context **mcpp) 2791 { 2792 scf_handle_t *h; 2793 scf_propertygroup_t *methpg = NULL; 2794 scf_propertygroup_t *instpg = NULL; 2795 scf_propertygroup_t *pg = NULL; 2796 scf_property_t *prop = NULL; 2797 scf_value_t *val = NULL; 2798 scf_type_t ty; 2799 uint8_t use_profile; 2800 int ret = 0; 2801 int mc_used = 0; 2802 mc_error_t *err = NULL; 2803 struct method_context *cip; 2804 2805 if ((err = malloc(sizeof (mc_error_t))) == NULL) 2806 return (mc_error_create(NULL, ENOMEM, NULL)); 2807 2808 /* Set the type to zero to track if an error occured. */ 2809 err->type = 0; 2810 2811 if (version != RESTARTER_METHOD_CONTEXT_VERSION) 2812 return (mc_error_create(err, ENOTSUP, 2813 "Invalid client version %d. (Expected %d)", 2814 version, RESTARTER_METHOD_CONTEXT_VERSION)); 2815 2816 /* Get the handle before we allocate anything. */ 2817 h = scf_instance_handle(inst); 2818 if (h == NULL) 2819 return (mc_error_create(err, scf_error(), 2820 scf_strerror(scf_error()))); 2821 2822 cip = malloc(sizeof (*cip)); 2823 if (cip == NULL) 2824 return (mc_error_create(err, ENOMEM, ALLOCFAIL)); 2825 2826 (void) memset(cip, 0, sizeof (*cip)); 2827 cip->uid = (uid_t)-1; 2828 cip->euid = (uid_t)-1; 2829 cip->gid = (gid_t)-1; 2830 cip->egid = (gid_t)-1; 2831 2832 cip->vbuf_sz = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH); 2833 assert(cip->vbuf_sz >= 0); 2834 cip->vbuf = malloc(cip->vbuf_sz); 2835 if (cip->vbuf == NULL) { 2836 free(cip); 2837 return (mc_error_create(err, ENOMEM, ALLOCFAIL)); 2838 } 2839 2840 if ((instpg = scf_pg_create(h)) == NULL || 2841 (methpg = scf_pg_create(h)) == NULL || 2842 (prop = scf_property_create(h)) == NULL || 2843 (val = scf_value_create(h)) == NULL) { 2844 err = mc_error_create(err, scf_error(), 2845 "Failed to create repository object: %s\n", 2846 scf_strerror(scf_error())); 2847 goto out; 2848 } 2849 2850 /* 2851 * The method environment, and the credentials/profile data, 2852 * may be found either in the pg for the method (methpg), 2853 * or in the instance/service SCF_PG_METHOD_CONTEXT pg (named 2854 * instpg below). 2855 */ 2856 2857 if (scf_instance_get_pg_composed(inst, snap, mname, methpg) != 2858 SCF_SUCCESS) { 2859 err = mc_error_create(err, scf_error(), "Unable to get the " 2860 "\"%s\" method, %s", mname, scf_strerror(scf_error())); 2861 goto out; 2862 } 2863 2864 if (scf_instance_get_pg_composed(inst, snap, SCF_PG_METHOD_CONTEXT, 2865 instpg) != SCF_SUCCESS) { 2866 if (scf_error() != SCF_ERROR_NOT_FOUND) { 2867 err = mc_error_create(err, scf_error(), 2868 "Unable to retrieve the \"%s\" property group, %s", 2869 SCF_PG_METHOD_CONTEXT, scf_strerror(scf_error())); 2870 goto out; 2871 } 2872 scf_pg_destroy(instpg); 2873 instpg = NULL; 2874 } else { 2875 mc_used++; 2876 } 2877 2878 ret = get_environment(h, methpg, cip, prop, val); 2879 if (ret == ENOENT && instpg != NULL) { 2880 ret = get_environment(h, instpg, cip, prop, val); 2881 } 2882 2883 switch (ret) { 2884 case 0: 2885 mc_used++; 2886 break; 2887 case ENOENT: 2888 break; 2889 case ENOMEM: 2890 err = mc_error_create(err, ret, "Out of memory."); 2891 goto out; 2892 case EINVAL: 2893 err = mc_error_create(err, ret, "Invalid method environment."); 2894 goto out; 2895 default: 2896 err = mc_error_create(err, ret, 2897 "Get method environment failed : %s\n", scf_strerror(ret)); 2898 goto out; 2899 } 2900 2901 pg = methpg; 2902 2903 ret = scf_pg_get_property(pg, SCF_PROPERTY_USE_PROFILE, prop); 2904 if (ret && scf_error() == SCF_ERROR_NOT_FOUND && instpg != NULL) { 2905 pg = NULL; 2906 ret = scf_pg_get_property(instpg, SCF_PROPERTY_USE_PROFILE, 2907 prop); 2908 } 2909 2910 if (ret) { 2911 switch (scf_error()) { 2912 case SCF_ERROR_NOT_FOUND: 2913 /* No profile context: use default credentials */ 2914 cip->uid = 0; 2915 cip->gid = 0; 2916 break; 2917 2918 case SCF_ERROR_CONNECTION_BROKEN: 2919 err = mc_error_create(err, SCF_ERROR_CONNECTION_BROKEN, 2920 RCBROKEN); 2921 goto out; 2922 2923 case SCF_ERROR_DELETED: 2924 err = mc_error_create(err, SCF_ERROR_NOT_FOUND, 2925 "Could not find property group \"%s\"", 2926 pg == NULL ? SCF_PG_METHOD_CONTEXT : mname); 2927 goto out; 2928 2929 case SCF_ERROR_HANDLE_MISMATCH: 2930 case SCF_ERROR_INVALID_ARGUMENT: 2931 case SCF_ERROR_NOT_SET: 2932 default: 2933 bad_fail("scf_pg_get_property", scf_error()); 2934 } 2935 } else { 2936 if (scf_property_type(prop, &ty) != SCF_SUCCESS) { 2937 ret = scf_error(); 2938 switch (ret) { 2939 case SCF_ERROR_CONNECTION_BROKEN: 2940 err = mc_error_create(err, 2941 SCF_ERROR_CONNECTION_BROKEN, RCBROKEN); 2942 break; 2943 2944 case SCF_ERROR_DELETED: 2945 err = mc_error_create(err, 2946 SCF_ERROR_NOT_FOUND, 2947 "Could not find property group \"%s\"", 2948 pg == NULL ? SCF_PG_METHOD_CONTEXT : mname); 2949 break; 2950 2951 case SCF_ERROR_NOT_SET: 2952 default: 2953 bad_fail("scf_property_type", ret); 2954 } 2955 2956 goto out; 2957 } 2958 2959 if (ty != SCF_TYPE_BOOLEAN) { 2960 err = mc_error_create(err, 2961 SCF_ERROR_TYPE_MISMATCH, 2962 "\"%s\" property is not boolean in property group " 2963 "\"%s\".", SCF_PROPERTY_USE_PROFILE, 2964 pg == NULL ? SCF_PG_METHOD_CONTEXT : mname); 2965 goto out; 2966 } 2967 2968 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 2969 ret = scf_error(); 2970 switch (ret) { 2971 case SCF_ERROR_CONNECTION_BROKEN: 2972 err = mc_error_create(err, 2973 SCF_ERROR_CONNECTION_BROKEN, RCBROKEN); 2974 break; 2975 2976 case SCF_ERROR_CONSTRAINT_VIOLATED: 2977 err = mc_error_create(err, 2978 SCF_ERROR_CONSTRAINT_VIOLATED, 2979 "\"%s\" property has multiple values.", 2980 SCF_PROPERTY_USE_PROFILE); 2981 break; 2982 2983 case SCF_ERROR_NOT_FOUND: 2984 err = mc_error_create(err, 2985 SCF_ERROR_NOT_FOUND, 2986 "\"%s\" property has no values.", 2987 SCF_PROPERTY_USE_PROFILE); 2988 break; 2989 default: 2990 bad_fail("scf_property_get_value", ret); 2991 } 2992 2993 goto out; 2994 } 2995 2996 mc_used++; 2997 ret = scf_value_get_boolean(val, &use_profile); 2998 assert(ret == SCF_SUCCESS); 2999 3000 /* get ids & privileges */ 3001 if (use_profile) 3002 err = get_profile(pg, instpg, prop, val, cmdline, 3003 cip, err); 3004 else 3005 err = get_ids(pg, instpg, prop, val, cip, err); 3006 3007 if (err->type != 0) 3008 goto out; 3009 } 3010 3011 /* get working directory */ 3012 if ((methpg != NULL && scf_pg_get_property(methpg, 3013 SCF_PROPERTY_WORKING_DIRECTORY, prop) == SCF_SUCCESS) || 3014 (instpg != NULL && scf_pg_get_property(instpg, 3015 SCF_PROPERTY_WORKING_DIRECTORY, prop) == SCF_SUCCESS)) { 3016 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 3017 ret = scf_error(); 3018 switch (ret) { 3019 case SCF_ERROR_CONNECTION_BROKEN: 3020 err = mc_error_create(err, ret, RCBROKEN); 3021 break; 3022 3023 case SCF_ERROR_CONSTRAINT_VIOLATED: 3024 err = mc_error_create(err, ret, 3025 "\"%s\" property has multiple values.", 3026 SCF_PROPERTY_WORKING_DIRECTORY); 3027 break; 3028 3029 case SCF_ERROR_NOT_FOUND: 3030 err = mc_error_create(err, ret, 3031 "\"%s\" property has no values.", 3032 SCF_PROPERTY_WORKING_DIRECTORY); 3033 break; 3034 3035 default: 3036 bad_fail("scf_property_get_value", ret); 3037 } 3038 3039 goto out; 3040 } 3041 3042 mc_used++; 3043 ret = scf_value_get_astring(val, cip->vbuf, cip->vbuf_sz); 3044 assert(ret != -1); 3045 } else { 3046 ret = scf_error(); 3047 switch (ret) { 3048 case SCF_ERROR_NOT_FOUND: 3049 /* okay if missing. */ 3050 (void) strcpy(cip->vbuf, ":default"); 3051 break; 3052 3053 case SCF_ERROR_CONNECTION_BROKEN: 3054 err = mc_error_create(err, ret, RCBROKEN); 3055 goto out; 3056 3057 case SCF_ERROR_DELETED: 3058 err = mc_error_create(err, ret, 3059 "Property group could not be found"); 3060 goto out; 3061 3062 case SCF_ERROR_HANDLE_MISMATCH: 3063 case SCF_ERROR_INVALID_ARGUMENT: 3064 case SCF_ERROR_NOT_SET: 3065 default: 3066 bad_fail("scf_pg_get_property", ret); 3067 } 3068 } 3069 3070 if (strcmp(cip->vbuf, ":default") == 0 || 3071 strcmp(cip->vbuf, ":home") == 0) { 3072 switch (ret = lookup_pwd(cip)) { 3073 case 0: 3074 break; 3075 3076 case ENOMEM: 3077 err = mc_error_create(err, ret, "Out of memory."); 3078 goto out; 3079 3080 case ENOENT: 3081 case EIO: 3082 case EMFILE: 3083 case ENFILE: 3084 err = mc_error_create(err, ret, 3085 "Could not get passwd entry."); 3086 goto out; 3087 3088 default: 3089 bad_fail("lookup_pwd", ret); 3090 } 3091 3092 cip->working_dir = strdup(cip->pwd.pw_dir); 3093 if (cip->working_dir == NULL) { 3094 err = mc_error_create(err, ENOMEM, ALLOCFAIL); 3095 goto out; 3096 } 3097 } else { 3098 cip->working_dir = strdup(cip->vbuf); 3099 if (cip->working_dir == NULL) { 3100 err = mc_error_create(err, ENOMEM, ALLOCFAIL); 3101 goto out; 3102 } 3103 } 3104 3105 /* get (optional) corefile pattern */ 3106 if ((methpg != NULL && scf_pg_get_property(methpg, 3107 SCF_PROPERTY_COREFILE_PATTERN, prop) == SCF_SUCCESS) || 3108 (instpg != NULL && scf_pg_get_property(instpg, 3109 SCF_PROPERTY_COREFILE_PATTERN, prop) == SCF_SUCCESS)) { 3110 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 3111 ret = scf_error(); 3112 switch (ret) { 3113 case SCF_ERROR_CONNECTION_BROKEN: 3114 err = mc_error_create(err, ret, RCBROKEN); 3115 break; 3116 3117 case SCF_ERROR_CONSTRAINT_VIOLATED: 3118 err = mc_error_create(err, ret, 3119 "\"%s\" property has multiple values.", 3120 SCF_PROPERTY_COREFILE_PATTERN); 3121 break; 3122 3123 case SCF_ERROR_NOT_FOUND: 3124 err = mc_error_create(err, ret, 3125 "\"%s\" property has no values.", 3126 SCF_PROPERTY_COREFILE_PATTERN); 3127 break; 3128 3129 default: 3130 bad_fail("scf_property_get_value", ret); 3131 } 3132 3133 } else { 3134 3135 ret = scf_value_get_astring(val, cip->vbuf, 3136 cip->vbuf_sz); 3137 assert(ret != -1); 3138 3139 cip->corefile_pattern = strdup(cip->vbuf); 3140 if (cip->corefile_pattern == NULL) { 3141 err = mc_error_create(err, ENOMEM, ALLOCFAIL); 3142 goto out; 3143 } 3144 } 3145 3146 mc_used++; 3147 } else { 3148 ret = scf_error(); 3149 switch (ret) { 3150 case SCF_ERROR_NOT_FOUND: 3151 /* okay if missing. */ 3152 break; 3153 3154 case SCF_ERROR_CONNECTION_BROKEN: 3155 err = mc_error_create(err, ret, RCBROKEN); 3156 goto out; 3157 3158 case SCF_ERROR_DELETED: 3159 err = mc_error_create(err, ret, 3160 "Property group could not be found"); 3161 goto out; 3162 3163 case SCF_ERROR_HANDLE_MISMATCH: 3164 case SCF_ERROR_INVALID_ARGUMENT: 3165 case SCF_ERROR_NOT_SET: 3166 default: 3167 bad_fail("scf_pg_get_property", ret); 3168 } 3169 } 3170 3171 if (restarter_rm_libs_loadable()) { 3172 /* get project */ 3173 if ((methpg != NULL && scf_pg_get_property(methpg, 3174 SCF_PROPERTY_PROJECT, prop) == SCF_SUCCESS) || 3175 (instpg != NULL && scf_pg_get_property(instpg, 3176 SCF_PROPERTY_PROJECT, prop) == SCF_SUCCESS)) { 3177 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 3178 ret = scf_error(); 3179 switch (ret) { 3180 case SCF_ERROR_CONNECTION_BROKEN: 3181 err = mc_error_create(err, ret, 3182 RCBROKEN); 3183 break; 3184 3185 case SCF_ERROR_CONSTRAINT_VIOLATED: 3186 err = mc_error_create(err, ret, 3187 "\"%s\" property has multiple " 3188 "values.", SCF_PROPERTY_PROJECT); 3189 break; 3190 3191 case SCF_ERROR_NOT_FOUND: 3192 err = mc_error_create(err, ret, 3193 "\"%s\" property has no values.", 3194 SCF_PROPERTY_PROJECT); 3195 break; 3196 3197 default: 3198 bad_fail("scf_property_get_value", ret); 3199 } 3200 3201 (void) strcpy(cip->vbuf, ":default"); 3202 } else { 3203 ret = scf_value_get_astring(val, cip->vbuf, 3204 cip->vbuf_sz); 3205 assert(ret != -1); 3206 } 3207 3208 mc_used++; 3209 } else { 3210 (void) strcpy(cip->vbuf, ":default"); 3211 } 3212 3213 switch (ret = get_projid(cip->vbuf, cip)) { 3214 case 0: 3215 break; 3216 3217 case ENOMEM: 3218 err = mc_error_create(err, ret, "Out of memory."); 3219 goto out; 3220 3221 case ENOENT: 3222 err = mc_error_create(err, ret, 3223 "Missing passwd or project entry for \"%s\".", 3224 cip->vbuf); 3225 goto out; 3226 3227 case EIO: 3228 err = mc_error_create(err, ret, "I/O error."); 3229 goto out; 3230 3231 case EMFILE: 3232 case ENFILE: 3233 err = mc_error_create(err, ret, 3234 "Out of file descriptors."); 3235 goto out; 3236 3237 case -1: 3238 err = mc_error_create(err, ret, 3239 "Name service switch is misconfigured."); 3240 goto out; 3241 3242 case ERANGE: 3243 case E2BIG: 3244 err = mc_error_create(err, ret, 3245 "Project ID \"%s\" too big.", cip->vbuf); 3246 goto out; 3247 3248 case EINVAL: 3249 err = mc_error_create(err, ret, 3250 "Project ID \"%s\" is invalid.", cip->vbuf); 3251 goto out; 3252 3253 default: 3254 bad_fail("get_projid", ret); 3255 } 3256 3257 /* get resource pool */ 3258 if ((methpg != NULL && scf_pg_get_property(methpg, 3259 SCF_PROPERTY_RESOURCE_POOL, prop) == SCF_SUCCESS) || 3260 (instpg != NULL && scf_pg_get_property(instpg, 3261 SCF_PROPERTY_RESOURCE_POOL, prop) == SCF_SUCCESS)) { 3262 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 3263 ret = scf_error(); 3264 switch (ret) { 3265 case SCF_ERROR_CONNECTION_BROKEN: 3266 err = mc_error_create(err, ret, 3267 RCBROKEN); 3268 break; 3269 3270 case SCF_ERROR_CONSTRAINT_VIOLATED: 3271 err = mc_error_create(err, ret, 3272 "\"%s\" property has multiple " 3273 "values.", 3274 SCF_PROPERTY_RESOURCE_POOL); 3275 break; 3276 3277 case SCF_ERROR_NOT_FOUND: 3278 err = mc_error_create(err, ret, 3279 "\"%s\" property has no " 3280 "values.", 3281 SCF_PROPERTY_RESOURCE_POOL); 3282 break; 3283 3284 default: 3285 bad_fail("scf_property_get_value", ret); 3286 } 3287 3288 (void) strcpy(cip->vbuf, ":default"); 3289 } else { 3290 ret = scf_value_get_astring(val, cip->vbuf, 3291 cip->vbuf_sz); 3292 assert(ret != -1); 3293 } 3294 3295 mc_used++; 3296 } else { 3297 ret = scf_error(); 3298 switch (ret) { 3299 case SCF_ERROR_NOT_FOUND: 3300 /* okay if missing. */ 3301 (void) strcpy(cip->vbuf, ":default"); 3302 break; 3303 3304 case SCF_ERROR_CONNECTION_BROKEN: 3305 err = mc_error_create(err, ret, RCBROKEN); 3306 goto out; 3307 3308 case SCF_ERROR_DELETED: 3309 err = mc_error_create(err, ret, 3310 "property group could not be found."); 3311 goto out; 3312 3313 case SCF_ERROR_HANDLE_MISMATCH: 3314 case SCF_ERROR_INVALID_ARGUMENT: 3315 case SCF_ERROR_NOT_SET: 3316 default: 3317 bad_fail("scf_pg_get_property", ret); 3318 } 3319 } 3320 3321 if (strcmp(cip->vbuf, ":default") != 0) { 3322 cip->resource_pool = strdup(cip->vbuf); 3323 if (cip->resource_pool == NULL) { 3324 err = mc_error_create(err, ENOMEM, ALLOCFAIL); 3325 goto out; 3326 } 3327 } 3328 } 3329 3330 /* 3331 * A method_context was not used for any configurable 3332 * elements or attributes, so reset and use the simple 3333 * defaults that provide historic init behavior. 3334 */ 3335 if (mc_used == 0) { 3336 (void) memset(cip, 0, sizeof (*cip)); 3337 cip->uid = 0; 3338 cip->gid = 0; 3339 cip->euid = (uid_t)-1; 3340 cip->egid = (gid_t)-1; 3341 } 3342 3343 *mcpp = cip; 3344 3345 out: 3346 (void) scf_value_destroy(val); 3347 scf_property_destroy(prop); 3348 scf_pg_destroy(instpg); 3349 scf_pg_destroy(methpg); 3350 3351 if (cip->pwbuf != NULL) 3352 free(cip->pwbuf); 3353 free(cip->vbuf); 3354 3355 if (err->type != 0) { 3356 restarter_free_method_context(cip); 3357 } else { 3358 restarter_mc_error_destroy(err); 3359 err = NULL; 3360 } 3361 3362 return (err); 3363 } 3364 3365 /* 3366 * Modify the current process per the given method_context. On success, returns 3367 * 0. Note that the environment is not modified by this function to include the 3368 * environment variables in cip->env. 3369 * 3370 * On failure, sets *fp to NULL or the name of the function which failed, 3371 * and returns one of the following error codes. The words in parentheses are 3372 * the values to which *fp may be set for the error case. 3373 * ENOMEM - malloc() failed 3374 * EIO - an I/O error occurred (getpwuid_r, chdir) 3375 * EMFILE - process is out of file descriptors (getpwuid_r) 3376 * ENFILE - system is out of file handles (getpwuid_r) 3377 * EINVAL - gid or egid is out of range (setregid) 3378 * ngroups is too big (setgroups) 3379 * project's project id is bad (setproject) 3380 * uid or euid is out of range (setreuid) 3381 * poolname is invalid (pool_set_binding) 3382 * EPERM - insufficient privilege (setregid, initgroups, setgroups, setppriv, 3383 * setproject, setreuid, settaskid) 3384 * ENOENT - uid has a passwd entry but no shadow entry 3385 * working_dir does not exist (chdir) 3386 * uid has no passwd entry 3387 * the pool could not be found (pool_set_binding) 3388 * EFAULT - lpriv_set or priv_set has a bad address (setppriv) 3389 * working_dir has a bad address (chdir) 3390 * EACCES - could not access working_dir (chdir) 3391 * in a TASK_FINAL task (setproject, settaskid) 3392 * no resource pool accepting default binding exists (setproject) 3393 * ELOOP - too many symbolic links in working_dir (chdir) 3394 * ENAMETOOLONG - working_dir is too long (chdir) 3395 * ENOLINK - working_dir is on an inaccessible remote machine (chdir) 3396 * ENOTDIR - working_dir is not a directory (chdir) 3397 * ESRCH - uid is not a user of project (setproject) 3398 * project is invalid (setproject) 3399 * the resource pool specified for project is unknown (setproject) 3400 * EBADF - the configuration for the pool is invalid (pool_set_binding) 3401 * -1 - core_set_process_path() failed (core_set_process_path) 3402 * a resource control assignment failed (setproject) 3403 * a system error occurred during pool_set_binding (pool_set_binding) 3404 */ 3405 int 3406 restarter_set_method_context(struct method_context *cip, const char **fp) 3407 { 3408 pid_t mypid = -1; 3409 int r, ret; 3410 3411 cip->pwbuf = NULL; 3412 *fp = NULL; 3413 3414 if (cip->gid != (gid_t)-1) { 3415 if (setregid(cip->gid, 3416 cip->egid != (gid_t)-1 ? cip->egid : cip->gid) != 0) { 3417 *fp = "setregid"; 3418 3419 ret = errno; 3420 assert(ret == EINVAL || ret == EPERM); 3421 goto out; 3422 } 3423 } else { 3424 if (cip->pwbuf == NULL) { 3425 switch (ret = lookup_pwd(cip)) { 3426 case 0: 3427 break; 3428 3429 case ENOMEM: 3430 case ENOENT: 3431 *fp = NULL; 3432 goto out; 3433 3434 case EIO: 3435 case EMFILE: 3436 case ENFILE: 3437 *fp = "getpwuid_r"; 3438 goto out; 3439 3440 default: 3441 bad_fail("lookup_pwd", ret); 3442 } 3443 } 3444 3445 if (setregid(cip->pwd.pw_gid, 3446 cip->egid != (gid_t)-1 ? 3447 cip->egid : cip->pwd.pw_gid) != 0) { 3448 *fp = "setregid"; 3449 3450 ret = errno; 3451 assert(ret == EINVAL || ret == EPERM); 3452 goto out; 3453 } 3454 } 3455 3456 if (cip->ngroups == -1) { 3457 if (cip->pwbuf == NULL) { 3458 switch (ret = lookup_pwd(cip)) { 3459 case 0: 3460 break; 3461 3462 case ENOMEM: 3463 case ENOENT: 3464 *fp = NULL; 3465 goto out; 3466 3467 case EIO: 3468 case EMFILE: 3469 case ENFILE: 3470 *fp = "getpwuid_r"; 3471 goto out; 3472 3473 default: 3474 bad_fail("lookup_pwd", ret); 3475 } 3476 } 3477 3478 /* Ok if cip->gid == -1 */ 3479 if (initgroups(cip->pwd.pw_name, cip->gid) != 0) { 3480 *fp = "initgroups"; 3481 ret = errno; 3482 assert(ret == EPERM); 3483 goto out; 3484 } 3485 } else if (cip->ngroups > 0 && 3486 setgroups(cip->ngroups, cip->groups) != 0) { 3487 *fp = "setgroups"; 3488 3489 ret = errno; 3490 assert(ret == EINVAL || ret == EPERM); 3491 goto out; 3492 } 3493 3494 if (cip->corefile_pattern != NULL) { 3495 mypid = getpid(); 3496 3497 if (core_set_process_path(cip->corefile_pattern, 3498 strlen(cip->corefile_pattern) + 1, mypid) != 0) { 3499 *fp = "core_set_process_path"; 3500 ret = -1; 3501 goto out; 3502 } 3503 } 3504 3505 if (restarter_rm_libs_loadable()) { 3506 if (cip->project == NULL) { 3507 if (settaskid(getprojid(), TASK_NORMAL) == -1) { 3508 switch (errno) { 3509 case EACCES: 3510 case EPERM: 3511 *fp = "settaskid"; 3512 ret = errno; 3513 goto out; 3514 3515 case EINVAL: 3516 default: 3517 bad_fail("settaskid", errno); 3518 } 3519 } 3520 } else { 3521 switch (ret = lookup_pwd(cip)) { 3522 case 0: 3523 break; 3524 3525 case ENOMEM: 3526 case ENOENT: 3527 *fp = NULL; 3528 goto out; 3529 3530 case EIO: 3531 case EMFILE: 3532 case ENFILE: 3533 *fp = "getpwuid_r"; 3534 goto out; 3535 3536 default: 3537 bad_fail("lookup_pwd", ret); 3538 } 3539 3540 *fp = "setproject"; 3541 3542 switch (setproject(cip->project, cip->pwd.pw_name, 3543 TASK_NORMAL)) { 3544 case 0: 3545 break; 3546 3547 case SETPROJ_ERR_TASK: 3548 case SETPROJ_ERR_POOL: 3549 ret = errno; 3550 goto out; 3551 3552 default: 3553 ret = -1; 3554 goto out; 3555 } 3556 } 3557 3558 if (cip->resource_pool != NULL) { 3559 if (mypid == -1) 3560 mypid = getpid(); 3561 3562 *fp = "pool_set_binding"; 3563 3564 if (pool_set_binding(cip->resource_pool, P_PID, 3565 mypid) != PO_SUCCESS) { 3566 switch (pool_error()) { 3567 case POE_INVALID_SEARCH: 3568 ret = ENOENT; 3569 break; 3570 3571 case POE_BADPARAM: 3572 ret = EINVAL; 3573 break; 3574 3575 case POE_INVALID_CONF: 3576 ret = EBADF; 3577 break; 3578 3579 case POE_SYSTEM: 3580 ret = -1; 3581 break; 3582 3583 default: 3584 bad_fail("pool_set_binding", 3585 pool_error()); 3586 } 3587 3588 goto out; 3589 } 3590 } 3591 } 3592 3593 /* 3594 * Now, we have to assume our ID. If the UID is 0, we want it to be 3595 * privilege-aware, otherwise the limit set gets used instead of E/P. 3596 * We can do this by setting P as well, which keeps 3597 * PA status (see priv_can_clear_PA()). 3598 */ 3599 3600 *fp = "setppriv"; 3601 3602 if (cip->lpriv_set != NULL) { 3603 if (setppriv(PRIV_SET, PRIV_LIMIT, cip->lpriv_set) != 0) { 3604 ret = errno; 3605 assert(ret == EFAULT || ret == EPERM); 3606 goto out; 3607 } 3608 } 3609 if (cip->priv_set != NULL) { 3610 if (setppriv(PRIV_SET, PRIV_INHERITABLE, cip->priv_set) != 0) { 3611 ret = errno; 3612 assert(ret == EFAULT || ret == EPERM); 3613 goto out; 3614 } 3615 } 3616 3617 /* 3618 * If the limit privset is already set, then must be privilege 3619 * aware. Otherwise, don't assume anything, and force privilege 3620 * aware status. 3621 */ 3622 3623 if (cip->lpriv_set == NULL && cip->priv_set != NULL) { 3624 ret = setpflags(PRIV_AWARE, 1); 3625 assert(ret == 0); 3626 } 3627 3628 *fp = "setreuid"; 3629 if (setreuid(cip->uid, 3630 cip->euid != (uid_t)-1 ? cip->euid : cip->uid) != 0) { 3631 ret = errno; 3632 assert(ret == EINVAL || ret == EPERM); 3633 goto out; 3634 } 3635 3636 *fp = "setppriv"; 3637 if (cip->priv_set != NULL) { 3638 if (setppriv(PRIV_SET, PRIV_PERMITTED, cip->priv_set) != 0) { 3639 ret = errno; 3640 assert(ret == EFAULT || ret == EPERM); 3641 goto out; 3642 } 3643 } 3644 3645 /* 3646 * The last thing to do is chdir to the specified working directory. 3647 * This should come after the uid switching as only the user might 3648 * have access to the specified directory. 3649 */ 3650 if (cip->working_dir != NULL) { 3651 do { 3652 r = chdir(cip->working_dir); 3653 } while (r != 0 && errno == EINTR); 3654 if (r != 0) { 3655 *fp = "chdir"; 3656 ret = errno; 3657 goto out; 3658 } 3659 } 3660 3661 ret = 0; 3662 out: 3663 free(cip->pwbuf); 3664 cip->pwbuf = NULL; 3665 return (ret); 3666 } 3667 3668 void 3669 restarter_free_method_context(struct method_context *mcp) 3670 { 3671 size_t i; 3672 3673 if (mcp->lpriv_set != NULL) 3674 priv_freeset(mcp->lpriv_set); 3675 if (mcp->priv_set != NULL) 3676 priv_freeset(mcp->priv_set); 3677 3678 if (mcp->env != NULL) { 3679 for (i = 0; i < mcp->env_sz; i++) 3680 free(mcp->env[i]); 3681 free(mcp->env); 3682 } 3683 3684 free(mcp->working_dir); 3685 free(mcp->corefile_pattern); 3686 free(mcp->project); 3687 free(mcp->resource_pool); 3688 free(mcp); 3689 } 3690 3691 /* 3692 * Method keyword functions 3693 */ 3694 3695 int 3696 restarter_is_null_method(const char *meth) 3697 { 3698 return (strcmp(meth, MKW_TRUE) == 0); 3699 } 3700 3701 static int 3702 is_kill_method(const char *method, const char *kill_str, 3703 size_t kill_str_len) 3704 { 3705 const char *cp; 3706 int sig; 3707 3708 if (strncmp(method, kill_str, kill_str_len) != 0 || 3709 (method[kill_str_len] != '\0' && 3710 !isspace(method[kill_str_len]))) 3711 return (-1); 3712 3713 cp = method + kill_str_len; 3714 while (*cp != '\0' && isspace(*cp)) 3715 ++cp; 3716 3717 if (*cp == '\0') 3718 return (SIGTERM); 3719 3720 if (*cp != '-') 3721 return (-1); 3722 3723 return (str2sig(cp + 1, &sig) == 0 ? sig : -1); 3724 } 3725 3726 int 3727 restarter_is_kill_proc_method(const char *method) 3728 { 3729 return (is_kill_method(method, MKW_KILL_PROC, 3730 sizeof (MKW_KILL_PROC) - 1)); 3731 } 3732 3733 int 3734 restarter_is_kill_method(const char *method) 3735 { 3736 return (is_kill_method(method, MKW_KILL, sizeof (MKW_KILL) - 1)); 3737 } 3738 3739 /* 3740 * Stubs for now. 3741 */ 3742 3743 /* ARGSUSED */ 3744 int 3745 restarter_event_get_enabled(restarter_event_t *e) 3746 { 3747 return (-1); 3748 } 3749 3750 /* ARGSUSED */ 3751 uint64_t 3752 restarter_event_get_seq(restarter_event_t *e) 3753 { 3754 return (-1); 3755 } 3756 3757 /* ARGSUSED */ 3758 void 3759 restarter_event_get_time(restarter_event_t *e, hrtime_t *time) 3760 { 3761 } 3762 3763 /* 3764 * Check for and validate fmri specified in restarter_actions/auxiliary_fmri 3765 * 0 - Success 3766 * 1 - Failure 3767 */ 3768 int 3769 restarter_inst_validate_ractions_aux_fmri(scf_instance_t *inst) 3770 { 3771 scf_handle_t *h; 3772 scf_propertygroup_t *pg; 3773 scf_property_t *prop; 3774 scf_value_t *val; 3775 char *aux_fmri; 3776 size_t size = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH); 3777 int ret = 1; 3778 3779 if ((aux_fmri = malloc(size)) == NULL) 3780 return (1); 3781 3782 h = scf_instance_handle(inst); 3783 3784 pg = scf_pg_create(h); 3785 prop = scf_property_create(h); 3786 val = scf_value_create(h); 3787 if (pg == NULL || prop == NULL || val == NULL) 3788 goto out; 3789 3790 if (instance_get_or_add_pg(inst, SCF_PG_RESTARTER_ACTIONS, 3791 SCF_PG_RESTARTER_ACTIONS_TYPE, SCF_PG_RESTARTER_ACTIONS_FLAGS, 3792 pg) != SCF_SUCCESS) 3793 goto out; 3794 3795 if (get_astring_val(pg, SCF_PROPERTY_AUX_FMRI, aux_fmri, size, 3796 prop, val) != SCF_SUCCESS) 3797 goto out; 3798 3799 if (scf_parse_fmri(aux_fmri, NULL, NULL, NULL, NULL, NULL, 3800 NULL) != SCF_SUCCESS) 3801 goto out; 3802 3803 ret = 0; 3804 3805 out: 3806 free(aux_fmri); 3807 scf_value_destroy(val); 3808 scf_property_destroy(prop); 3809 scf_pg_destroy(pg); 3810 return (ret); 3811 } 3812 3813 /* 3814 * Get instance's boolean value in restarter_actions/auxiliary_tty 3815 * Return -1 on failure 3816 */ 3817 int 3818 restarter_inst_ractions_from_tty(scf_instance_t *inst) 3819 { 3820 scf_handle_t *h; 3821 scf_propertygroup_t *pg; 3822 scf_property_t *prop; 3823 scf_value_t *val; 3824 uint8_t has_tty; 3825 int ret = -1; 3826 3827 h = scf_instance_handle(inst); 3828 pg = scf_pg_create(h); 3829 prop = scf_property_create(h); 3830 val = scf_value_create(h); 3831 if (pg == NULL || prop == NULL || val == NULL) 3832 goto out; 3833 3834 if (instance_get_or_add_pg(inst, SCF_PG_RESTARTER_ACTIONS, 3835 SCF_PG_RESTARTER_ACTIONS_TYPE, SCF_PG_RESTARTER_ACTIONS_FLAGS, 3836 pg) != SCF_SUCCESS) 3837 goto out; 3838 3839 if (get_boolean_val(pg, SCF_PROPERTY_AUX_TTY, &has_tty, prop, 3840 val) != SCF_SUCCESS) 3841 goto out; 3842 3843 ret = has_tty; 3844 3845 out: 3846 scf_value_destroy(val); 3847 scf_property_destroy(prop); 3848 scf_pg_destroy(pg); 3849 return (ret); 3850 } 3851 3852 static int 3853 restarter_inst_set_astring_prop(scf_instance_t *inst, const char *pgname, 3854 const char *pgtype, uint32_t pgflags, const char *pname, const char *str) 3855 { 3856 scf_handle_t *h; 3857 scf_propertygroup_t *pg; 3858 scf_transaction_t *t; 3859 scf_transaction_entry_t *e; 3860 scf_value_t *v; 3861 int ret = 1, r; 3862 3863 h = scf_instance_handle(inst); 3864 3865 pg = scf_pg_create(h); 3866 t = scf_transaction_create(h); 3867 e = scf_entry_create(h); 3868 v = scf_value_create(h); 3869 if (pg == NULL || t == NULL || e == NULL || v == NULL) 3870 goto out; 3871 3872 if (instance_get_or_add_pg(inst, pgname, pgtype, pgflags, pg)) 3873 goto out; 3874 3875 if (scf_value_set_astring(v, str) != SCF_SUCCESS) 3876 goto out; 3877 3878 for (;;) { 3879 if (scf_transaction_start(t, pg) != 0) 3880 goto out; 3881 3882 if (tx_set_value(t, e, pname, SCF_TYPE_ASTRING, v) != 0) 3883 goto out; 3884 3885 if ((r = scf_transaction_commit(t)) == 1) 3886 break; 3887 3888 if (r == -1) 3889 goto out; 3890 3891 scf_transaction_reset(t); 3892 if (scf_pg_update(pg) == -1) 3893 goto out; 3894 } 3895 ret = 0; 3896 3897 out: 3898 scf_transaction_destroy(t); 3899 scf_entry_destroy(e); 3900 scf_value_destroy(v); 3901 scf_pg_destroy(pg); 3902 3903 return (ret); 3904 } 3905 3906 int 3907 restarter_inst_set_aux_fmri(scf_instance_t *inst) 3908 { 3909 scf_handle_t *h; 3910 scf_propertygroup_t *pg; 3911 scf_property_t *prop; 3912 scf_value_t *val; 3913 char *aux_fmri; 3914 size_t size = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH); 3915 int ret = 1; 3916 3917 if ((aux_fmri = malloc(size)) == NULL) 3918 return (1); 3919 3920 h = scf_instance_handle(inst); 3921 3922 pg = scf_pg_create(h); 3923 prop = scf_property_create(h); 3924 val = scf_value_create(h); 3925 if (pg == NULL || prop == NULL || val == NULL) 3926 goto out; 3927 3928 /* 3929 * Get auxiliary_fmri value from restarter_actions pg 3930 */ 3931 if (instance_get_or_add_pg(inst, SCF_PG_RESTARTER_ACTIONS, 3932 SCF_PG_RESTARTER_ACTIONS_TYPE, SCF_PG_RESTARTER_ACTIONS_FLAGS, 3933 pg) != SCF_SUCCESS) 3934 goto out; 3935 3936 if (get_astring_val(pg, SCF_PROPERTY_AUX_FMRI, aux_fmri, size, 3937 prop, val) != SCF_SUCCESS) 3938 goto out; 3939 3940 /* 3941 * Populate restarter/auxiliary_fmri with the obtained fmri. 3942 */ 3943 ret = restarter_inst_set_astring_prop(inst, SCF_PG_RESTARTER, 3944 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, 3945 SCF_PROPERTY_AUX_FMRI, aux_fmri); 3946 3947 out: 3948 free(aux_fmri); 3949 scf_value_destroy(val); 3950 scf_property_destroy(prop); 3951 scf_pg_destroy(pg); 3952 return (ret); 3953 } 3954 3955 int 3956 restarter_inst_reset_aux_fmri(scf_instance_t *inst) 3957 { 3958 return (scf_instance_delete_prop(inst, 3959 SCF_PG_RESTARTER, SCF_PROPERTY_AUX_FMRI)); 3960 } 3961 3962 int 3963 restarter_inst_reset_ractions_aux_fmri(scf_instance_t *inst) 3964 { 3965 return (scf_instance_delete_prop(inst, 3966 SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_AUX_FMRI)); 3967 } 3968