1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 27 /* All Rights Reserved */ 28 29 /* 30 * University Copyright- Copyright (c) 1982, 1986, 1988 31 * The Regents of the University of California 32 * All Rights Reserved 33 * 34 * University Acknowledgment- Portions of this document are derived from 35 * software developed by the University of California, Berkeley, and its 36 * contributors. 37 */ 38 39 #pragma ident "%Z%%M% %I% %E% SMI" 40 41 /* 42 * Common code for halt(1M), poweroff(1M), and reboot(1M). We use 43 * argv[0] to determine which behavior to exhibit. 44 */ 45 46 #include <procfs.h> 47 #include <sys/types.h> 48 #include <sys/uadmin.h> 49 #include <alloca.h> 50 #include <assert.h> 51 #include <errno.h> 52 #include <fcntl.h> 53 #include <libgen.h> 54 #include <libscf.h> 55 #include <locale.h> 56 #include <libintl.h> 57 #include <syslog.h> 58 #include <signal.h> 59 #include <strings.h> 60 #include <unistd.h> 61 #include <stdlib.h> 62 #include <stdio.h> 63 #include <strings.h> 64 #include <time.h> 65 #include <utmpx.h> 66 #include <pwd.h> 67 #include <zone.h> 68 #if !defined(TEXT_DOMAIN) 69 #define TEXT_DOMAIN "SYS_TEST" 70 #endif 71 72 extern int audit_halt_setup(int, char **); 73 extern int audit_halt_success(void); 74 extern int audit_halt_fail(void); 75 76 extern int audit_reboot_setup(void); 77 extern int audit_reboot_success(void); 78 extern int audit_reboot_fail(void); 79 80 static char *cmdname; /* basename(argv[0]), the name of the command */ 81 82 typedef struct ctidlist_struct { 83 ctid_t ctid; 84 struct ctidlist_struct *next; 85 } ctidlist_t; 86 87 static ctidlist_t *ctidlist = NULL; 88 static ctid_t startdct = -1; 89 90 #define FMRI_STARTD_CONTRACT \ 91 "svc:/system/svc/restarter:default/:properties/restarter/contract" 92 93 #define ZONEADM_PROG "/usr/sbin/zoneadm" 94 95 static pid_t 96 get_initpid() 97 { 98 static int init_pid = -1; 99 100 if (init_pid == -1) { 101 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 102 sizeof (init_pid)) != sizeof (init_pid)) { 103 assert(errno == ESRCH); 104 init_pid = -1; 105 } 106 } 107 return (init_pid); 108 } 109 110 /* 111 * Quiesce or resume init using /proc. When stopping init, we can't send 112 * SIGTSTP (since init ignores it) or SIGSTOP (since the kernel won't permit 113 * it). 114 */ 115 static int 116 direct_init(long command) 117 { 118 char ctlfile[MAXPATHLEN]; 119 pid_t pid; 120 int ctlfd; 121 122 assert(command == PCDSTOP || command == PCRUN); 123 if ((pid = get_initpid()) == -1) { 124 return (-1); 125 } 126 127 (void) snprintf(ctlfile, sizeof (ctlfile), "/proc/%d/ctl", pid); 128 if ((ctlfd = open(ctlfile, O_WRONLY)) == -1) 129 return (-1); 130 131 if (command == PCDSTOP) { 132 if (write(ctlfd, &command, sizeof (long)) == -1) { 133 (void) close(ctlfd); 134 return (-1); 135 } 136 } else { /* command == PCRUN */ 137 long cmds[2]; 138 cmds[0] = command; 139 cmds[1] = 0; 140 if (write(ctlfd, cmds, sizeof (cmds)) == -1) { 141 (void) close(ctlfd); 142 return (-1); 143 } 144 } 145 (void) close(ctlfd); 146 return (0); 147 } 148 149 static void 150 stop_startd() 151 { 152 scf_handle_t *h; 153 scf_property_t *prop = NULL; 154 scf_value_t *val = NULL; 155 uint64_t uint64; 156 157 if ((h = scf_handle_create(SCF_VERSION)) == NULL) 158 return; 159 160 if ((scf_handle_bind(h) != 0) || 161 ((prop = scf_property_create(h)) == NULL) || 162 ((val = scf_value_create(h)) == NULL)) 163 goto out; 164 165 if (scf_handle_decode_fmri(h, FMRI_STARTD_CONTRACT, 166 NULL, NULL, NULL, NULL, prop, SCF_DECODE_FMRI_EXACT) != 0) 167 goto out; 168 169 if (scf_property_is_type(prop, SCF_TYPE_COUNT) != 0 || 170 scf_property_get_value(prop, val) != 0 || 171 scf_value_get_count(val, &uint64) != 0) 172 goto out; 173 174 startdct = (ctid_t)uint64; 175 (void) sigsend(P_CTID, startdct, SIGSTOP); 176 177 out: 178 scf_property_destroy(prop); 179 scf_value_destroy(val); 180 scf_handle_destroy(h); 181 } 182 183 static void 184 continue_startd() 185 { 186 if (startdct != -1) 187 (void) sigsend(P_CTID, startdct, SIGCONT); 188 } 189 190 #define FMRI_RESTARTER_PROP "/:properties/general/restarter" 191 #define FMRI_CONTRACT_PROP "/:properties/restarter/contract" 192 193 static int 194 save_ctid(ctid_t ctid) 195 { 196 ctidlist_t *next; 197 198 for (next = ctidlist; next != NULL; next = next->next) 199 if (next->ctid == ctid) 200 return (-1); 201 202 next = (ctidlist_t *)malloc(sizeof (ctidlist_t)); 203 if (next == NULL) 204 return (-1); 205 206 next->ctid = ctid; 207 next->next = ctidlist; 208 ctidlist = next; 209 return (0); 210 } 211 212 static void 213 stop_delegates() 214 { 215 ctid_t ctid; 216 scf_handle_t *h; 217 scf_scope_t *sc = NULL; 218 scf_service_t *svc = NULL; 219 scf_instance_t *inst = NULL; 220 scf_snapshot_t *snap = NULL; 221 scf_snapshot_t *isnap = NULL; 222 scf_propertygroup_t *pg = NULL; 223 scf_property_t *prop = NULL; 224 scf_value_t *val = NULL; 225 scf_iter_t *siter = NULL; 226 scf_iter_t *iiter = NULL; 227 char *fmri; 228 ssize_t length; 229 230 uint64_t uint64; 231 ssize_t bytes; 232 233 length = scf_limit(SCF_LIMIT_MAX_FMRI_LENGTH); 234 if (length <= 0) 235 return; 236 237 length++; 238 fmri = alloca(length * sizeof (char)); 239 240 if ((h = scf_handle_create(SCF_VERSION)) == NULL) 241 return; 242 243 if (scf_handle_bind(h) != 0) { 244 scf_handle_destroy(h); 245 return; 246 } 247 248 if ((sc = scf_scope_create(h)) == NULL || 249 (svc = scf_service_create(h)) == NULL || 250 (inst = scf_instance_create(h)) == NULL || 251 (snap = scf_snapshot_create(h)) == NULL || 252 (pg = scf_pg_create(h)) == NULL || 253 (prop = scf_property_create(h)) == NULL || 254 (val = scf_value_create(h)) == NULL || 255 (siter = scf_iter_create(h)) == NULL || 256 (iiter = scf_iter_create(h)) == NULL) 257 goto out; 258 259 if (scf_handle_get_scope(h, SCF_SCOPE_LOCAL, sc) != 0) 260 goto out; 261 262 if (scf_iter_scope_services(siter, sc) != 0) 263 goto out; 264 265 while (scf_iter_next_service(siter, svc) == 1) { 266 267 if (scf_iter_service_instances(iiter, svc) != 0) 268 continue; 269 270 while (scf_iter_next_instance(iiter, inst) == 1) { 271 272 if ((scf_instance_get_snapshot(inst, "running", 273 snap)) != 0) 274 isnap = NULL; 275 else 276 isnap = snap; 277 278 if (scf_instance_get_pg_composed(inst, isnap, 279 SCF_PG_GENERAL, pg) != 0) 280 continue; 281 282 if (scf_pg_get_property(pg, SCF_PROPERTY_RESTARTER, 283 prop) != 0 || 284 scf_property_get_value(prop, val) != 0) 285 continue; 286 287 bytes = scf_value_get_astring(val, fmri, length); 288 if (bytes <= 0 || bytes >= length) 289 continue; 290 291 if (strlcat(fmri, FMRI_CONTRACT_PROP, length) >= 292 length) 293 continue; 294 295 if (scf_handle_decode_fmri(h, fmri, NULL, NULL, 296 NULL, NULL, prop, SCF_DECODE_FMRI_EXACT) != 0) 297 continue; 298 299 if (scf_property_is_type(prop, SCF_TYPE_COUNT) != 0 || 300 scf_property_get_value(prop, val) != 0 || 301 scf_value_get_count(val, &uint64) != 0) 302 continue; 303 304 ctid = (ctid_t)uint64; 305 if (save_ctid(ctid) == 0) { 306 (void) sigsend(P_CTID, ctid, SIGSTOP); 307 } 308 } 309 } 310 out: 311 scf_scope_destroy(sc); 312 scf_service_destroy(svc); 313 scf_instance_destroy(inst); 314 scf_snapshot_destroy(snap); 315 scf_pg_destroy(pg); 316 scf_property_destroy(prop); 317 scf_value_destroy(val); 318 scf_iter_destroy(siter); 319 scf_iter_destroy(iiter); 320 321 (void) scf_handle_unbind(h); 322 scf_handle_destroy(h); 323 } 324 325 static void 326 continue_delegates() 327 { 328 ctidlist_t *next; 329 for (next = ctidlist; next != NULL; next = next->next) 330 (void) sigsend(P_CTID, next->ctid, SIGCONT); 331 } 332 333 static void 334 stop_restarters() 335 { 336 stop_startd(); 337 stop_delegates(); 338 } 339 340 static void 341 continue_restarters() 342 { 343 continue_startd(); 344 continue_delegates(); 345 } 346 347 /* 348 * Copy an array of strings into buf, separated by spaces. Returns 0 on 349 * success. 350 */ 351 static int 352 gather_args(char **args, char *buf, size_t buf_sz) 353 { 354 if (strlcpy(buf, *args, buf_sz) >= buf_sz) 355 return (-1); 356 357 for (++args; *args != NULL; ++args) { 358 if (strlcat(buf, " ", buf_sz) >= buf_sz) 359 return (-1); 360 if (strlcat(buf, *args, buf_sz) >= buf_sz) 361 return (-1); 362 } 363 364 return (0); 365 } 366 367 /* 368 * Halt every zone on the system. We are committed to doing a shutdown 369 * even if something goes wrong here. If something goes wrong, we just 370 * continue with the shutdown. Return non-zero if we need to wait for zones to 371 * halt later on. 372 */ 373 static int 374 halt_zones() 375 { 376 pid_t pid; 377 zoneid_t *zones; 378 size_t nz = 0, old_nz; 379 int i; 380 char zname[ZONENAME_MAX]; 381 382 /* 383 * Get a list of zones. If the number of zones changes in between the 384 * two zone_list calls, try again. 385 */ 386 387 for (;;) { 388 (void) zone_list(NULL, &nz); 389 if (nz == 1) 390 return (0); 391 old_nz = nz; 392 zones = calloc(sizeof (zoneid_t), nz); 393 if (zones == NULL) { 394 (void) fprintf(stderr, 395 gettext("%s: Could not halt zones" 396 " (out of memory).\n"), cmdname); 397 return (0); 398 } 399 400 (void) zone_list(zones, &nz); 401 if (old_nz == nz) 402 break; 403 free(zones); 404 } 405 406 if (nz == 2) { 407 (void) fprintf(stderr, gettext("%s: Halting 1 zone.\n"), 408 cmdname); 409 } else { 410 (void) fprintf(stderr, gettext("%s: Halting %i zones.\n"), 411 cmdname, nz - 1); 412 } 413 414 for (i = 0; i < nz; i++) { 415 if (zones[i] == GLOBAL_ZONEID) 416 continue; 417 if (getzonenamebyid(zones[i], zname, sizeof (zname)) < 0) { 418 /* 419 * getzonenamebyid should only fail if we raced with 420 * another process trying to shut down the zone. 421 * We assume this happened and ignore the error. 422 */ 423 if (errno != EINVAL) { 424 (void) fprintf(stderr, 425 gettext("%s: Unexpected error while " 426 "looking up zone %ul: %s.\n"), 427 cmdname, zones[i], strerror(errno)); 428 } 429 430 continue; 431 } 432 pid = fork(); 433 if (pid < 0) { 434 (void) fprintf(stderr, 435 gettext("%s: Zone \"%s\" could not be" 436 " halted (could not fork(): %s).\n"), 437 cmdname, zname, strerror(errno)); 438 continue; 439 } 440 if (pid == 0) { 441 (void) execl(ZONEADM_PROG, ZONEADM_PROG, 442 "-z", zname, "halt", NULL); 443 (void) fprintf(stderr, 444 gettext("%s: Zone \"%s\" could not be halted" 445 " (cannot exec(" ZONEADM_PROG "): %s).\n"), 446 cmdname, zname, strerror(errno)); 447 exit(0); 448 } 449 } 450 451 return (1); 452 } 453 454 /* 455 * This function tries to wait for all non-global zones to go away. 456 * It will timeout if no progress is made for 5 seconds, or a total of 457 * 30 seconds elapses. 458 */ 459 460 static void 461 check_zones_haltedness() 462 { 463 int t = 0, t_prog = 0; 464 size_t nz = 0, last_nz; 465 466 do { 467 last_nz = nz; 468 (void) zone_list(NULL, &nz); 469 if (nz == 1) 470 return; 471 472 (void) sleep(1); 473 474 if (last_nz > nz) 475 t_prog = 0; 476 477 t++; 478 t_prog++; 479 480 if (t == 10) { 481 if (nz == 2) { 482 (void) fprintf(stderr, 483 gettext("%s: Still waiting for 1 zone to " 484 "halt. Will wait up to 20 seconds.\n"), 485 cmdname); 486 } else { 487 (void) fprintf(stderr, 488 gettext("%s: Still waiting for %i zones " 489 "to halt. Will wait up to 20 seconds.\n"), 490 cmdname, nz - 1); 491 } 492 } 493 494 } while ((t < 30) && (t_prog < 5)); 495 } 496 497 int 498 main(int argc, char *argv[]) 499 { 500 char *ttyn = ttyname(STDERR_FILENO); 501 502 int qflag = 0, needlog = 1, nosync = 0; 503 uintptr_t mdep = NULL; 504 int cmd, fcn, c, aval, r; 505 const char *usage; 506 zoneid_t zoneid = getzoneid(); 507 int need_check_zones = 0; 508 509 char bootargs_buf[BOOTARGS_MAX]; 510 511 const char * const resetting = "/etc/svc/volatile/resetting"; 512 513 (void) setlocale(LC_ALL, ""); 514 (void) textdomain(TEXT_DOMAIN); 515 516 cmdname = basename(argv[0]); 517 518 if (strcmp(cmdname, "halt") == 0) { 519 (void) audit_halt_setup(argc, argv); 520 usage = gettext("usage: %s [ -dlnqy ]\n"); 521 cmd = A_SHUTDOWN; 522 fcn = AD_HALT; 523 } else if (strcmp(cmdname, "poweroff") == 0) { 524 (void) audit_halt_setup(argc, argv); 525 usage = gettext("usage: %s [ -dlnqy ]\n"); 526 cmd = A_SHUTDOWN; 527 fcn = AD_POWEROFF; 528 } else if (strcmp(cmdname, "reboot") == 0) { 529 (void) audit_reboot_setup(); 530 usage = gettext("usage: %s [ -dlnq ] [ boot args ]\n"); 531 cmd = A_SHUTDOWN; 532 fcn = AD_BOOT; 533 } else { 534 (void) fprintf(stderr, 535 gettext("%s: not installed properly\n"), cmdname); 536 return (1); 537 } 538 539 while ((c = getopt(argc, argv, "dlnqy")) != EOF) { 540 switch (c) { 541 case 'd': 542 if (zoneid == GLOBAL_ZONEID) 543 cmd = A_DUMP; 544 else { 545 (void) fprintf(stderr, 546 gettext("%s: -d only valid from global" 547 " zone\n"), cmdname); 548 return (1); 549 } 550 break; 551 case 'l': 552 needlog = 0; 553 break; 554 case 'n': 555 nosync = 1; 556 break; 557 case 'q': 558 qflag = 1; 559 break; 560 case 'y': 561 ttyn = NULL; 562 break; 563 default: 564 /* 565 * TRANSLATION_NOTE 566 * Don't translate the words "halt" or "reboot" 567 */ 568 (void) fprintf(stderr, usage, cmdname); 569 return (1); 570 } 571 } 572 573 argc -= optind; 574 argv += optind; 575 576 if (argc != 0) { 577 if (fcn != AD_BOOT) { 578 (void) fprintf(stderr, usage, cmdname); 579 return (1); 580 } 581 582 /* Gather the arguments into bootargs_buf. */ 583 if (gather_args(argv, bootargs_buf, sizeof (bootargs_buf)) != 584 0) { 585 (void) fprintf(stderr, 586 gettext("%s: Boot arguments too long.\n"), cmdname); 587 return (1); 588 } 589 mdep = (uintptr_t)bootargs_buf; 590 } 591 592 if (geteuid() != 0) { 593 (void) fprintf(stderr, 594 gettext("%s: permission denied\n"), cmdname); 595 goto fail; 596 } 597 598 if (fcn != AD_BOOT && ttyn != NULL && 599 strncmp(ttyn, "/dev/term/", strlen("/dev/term/")) == 0) { 600 /* 601 * TRANSLATION_NOTE 602 * Don't translate ``halt -y'' 603 */ 604 (void) fprintf(stderr, 605 gettext("%s: dangerous on a dialup;"), cmdname); 606 (void) fprintf(stderr, 607 gettext("use ``%s -y'' if you are really sure\n"), cmdname); 608 goto fail; 609 } 610 611 if (needlog) { 612 char *user = getlogin(); 613 struct passwd *pw; 614 char *tty; 615 616 openlog(cmdname, 0, LOG_AUTH); 617 if (user == NULL && (pw = getpwuid(getuid())) != NULL) 618 user = pw->pw_name; 619 if (user == NULL) 620 user = "root"; 621 622 tty = ttyname(1); 623 624 if (tty == NULL) 625 syslog(LOG_CRIT, "initiated by %s", user); 626 else 627 syslog(LOG_CRIT, "initiated by %s on %s", user, tty); 628 } 629 630 /* 631 * We must assume success and log it before auditd is terminated. 632 */ 633 if (fcn == AD_BOOT) 634 aval = audit_reboot_success(); 635 else 636 aval = audit_halt_success(); 637 638 if (aval == -1) { 639 (void) fprintf(stderr, 640 gettext("%s: can't turn off auditd\n"), cmdname); 641 if (needlog) 642 (void) sleep(5); /* Give syslogd time to record this */ 643 } 644 645 (void) signal(SIGHUP, SIG_IGN); /* for remote connections */ 646 647 /* 648 * We start to fork a bunch of zoneadms to halt any active zones. 649 * This will proceed with halt in parallel until we call 650 * check_zone_haltedness later on. 651 */ 652 if (zoneid == GLOBAL_ZONEID && cmd != A_DUMP) { 653 need_check_zones = halt_zones(); 654 } 655 656 657 /* sync boot archive in the global zone */ 658 if (zoneid == GLOBAL_ZONEID && !nosync) { 659 (void) system("/sbin/bootadm -a update_all"); 660 } 661 662 /* 663 * If we're not forcing a crash dump, mark the system as quiescing for 664 * smf(5)'s benefit, and idle the init process. 665 */ 666 if (cmd != A_DUMP) { 667 if (direct_init(PCDSTOP) == -1) { 668 /* 669 * TRANSLATION_NOTE 670 * Don't translate the word "init" 671 */ 672 (void) fprintf(stderr, 673 gettext("%s: can't idle init\n"), cmdname); 674 goto fail; 675 } 676 677 if (creat(resetting, 0755) == -1) 678 (void) fprintf(stderr, 679 gettext("%s: could not create %s.\n"), 680 cmdname, resetting); 681 682 /* 683 * Stop all restarters so they do not try to restart services 684 * that are terminated. 685 */ 686 stop_restarters(); 687 688 /* 689 * Wait a little while for zones to shutdown. 690 */ 691 if (need_check_zones) { 692 check_zones_haltedness(); 693 694 (void) fprintf(stderr, 695 gettext("%s: Completing system halt.\n"), 696 cmdname); 697 } 698 } 699 700 /* 701 * Make sure we don't get stopped by a jobcontrol shell 702 * once we start killing everybody. 703 */ 704 (void) signal(SIGTSTP, SIG_IGN); 705 (void) signal(SIGTTIN, SIG_IGN); 706 (void) signal(SIGTTOU, SIG_IGN); 707 (void) signal(SIGTERM, SIG_IGN); 708 709 /* 710 * If we're not forcing a crash dump, give everyone 5 seconds to 711 * handle a SIGTERM and clean up properly. 712 */ 713 if (cmd != A_DUMP) { 714 (void) kill(-1, SIGTERM); 715 (void) sleep(5); 716 } 717 718 if (!qflag && !nosync) { 719 struct utmpx wtmpx; 720 721 bzero(&wtmpx, sizeof (struct utmpx)); 722 (void) strcpy(wtmpx.ut_line, "~"); 723 (void) time(&wtmpx.ut_tv.tv_sec); 724 725 if (cmd == A_DUMP) 726 (void) strcpy(wtmpx.ut_name, "crash dump"); 727 else 728 (void) strcpy(wtmpx.ut_name, "shutdown"); 729 730 (void) updwtmpx(WTMPX_FILE, &wtmpx); 731 sync(); 732 } 733 734 if (cmd == A_DUMP && nosync != 0) 735 (void) uadmin(A_DUMP, AD_NOSYNC, NULL); 736 737 if (uadmin(cmd, fcn, mdep) == -1) 738 (void) fprintf(stderr, "%s: uadmin failed: %s\n", 739 cmdname, strerror(errno)); 740 else 741 (void) fprintf(stderr, "%s: uadmin unexpectedly returned 0\n", 742 cmdname); 743 744 do { 745 r = remove(resetting); 746 } while (r != 0 && errno == EINTR); 747 748 if (r != 0 && errno != ENOENT) 749 (void) fprintf(stderr, gettext("%s: could not remove %s.\n"), 750 cmdname, resetting); 751 752 if (direct_init(PCRUN) == -1) { 753 /* 754 * TRANSLATION_NOTE 755 * Don't translate the word "init" 756 */ 757 (void) fprintf(stderr, 758 gettext("%s: can't resume init\n"), cmdname); 759 } 760 761 continue_restarters(); 762 763 if (get_initpid() != -1) 764 /* tell init to restate current level */ 765 (void) kill(get_initpid(), SIGHUP); 766 767 fail: 768 if (fcn == AD_BOOT) 769 (void) audit_reboot_fail(); 770 else 771 (void) audit_halt_fail(); 772 773 return (1); 774 } 775