1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 27 /* All Rights Reserved */ 28 29 /* 30 * University Copyright- Copyright (c) 1982, 1986, 1988 31 * The Regents of the University of California 32 * All Rights Reserved 33 * 34 * University Acknowledgment- Portions of this document are derived from 35 * software developed by the University of California, Berkeley, and its 36 * contributors. 37 */ 38 39 /* 40 * init(1M) is the general process spawning program. Its primary job is to 41 * start and restart svc.startd for smf(5). For backwards-compatibility it also 42 * spawns and respawns processes according to /etc/inittab and the current 43 * run-level. It reads /etc/default/inittab for general configuration. 44 * 45 * To change run-levels the system administrator runs init from the command 46 * line with a level name. init signals svc.startd via libscf and directs the 47 * zone's init (pid 1 in the global zone) what to do by sending it a signal; 48 * these signal numbers are commonly refered to in the code as 'states'. Valid 49 * run-levels are [sS0123456]. Additionally, init can be given directives 50 * [qQabc], which indicate actions to be taken pertaining to /etc/inittab. 51 * 52 * When init processes inittab entries, it finds processes that are to be 53 * spawned at various run-levels. inittab contains the set of the levels for 54 * which each inittab entry is valid. 55 * 56 * State File and Restartability 57 * Premature exit by init(1M) is handled as a special case by the kernel: 58 * init(1M) will be immediately re-executed, retaining its original PID. (PID 59 * 1 in the global zone.) To track the processes it has previously spawned, 60 * as well as other mutable state, init(1M) regularly updates a state file 61 * such that its subsequent invocations have knowledge of its various 62 * dependent processes and duties. 63 * 64 * Process Contracts 65 * We start svc.startd(1M) in a contract and transfer inherited contracts when 66 * restarting it. Everything else is started using the legacy contract 67 * template, and the created contracts are abandoned when they become empty. 68 * 69 * utmpx Entry Handling 70 * Because init(1M) no longer governs the startup process, its knowledge of 71 * when utmpx becomes writable is indirect. However, spawned processes 72 * expect to be constructed with valid utmpx entries. As a result, attempts 73 * to write normal entries will be retried until successful. 74 * 75 * Maintenance Mode 76 * In certain failure scenarios, init(1M) will enter a maintenance mode, in 77 * which it invokes sulogin(1M) to allow the operator an opportunity to 78 * repair the system. Normally, this operation is performed as a 79 * fork(2)-exec(2)-waitpid(3C) sequence with the parent waiting for repair or 80 * diagnosis to be completed. In the cases that fork(2) requests themselves 81 * fail, init(1M) will directly execute sulogin(1M), and allow the kernel to 82 * restart init(1M) on exit from the operator session. 83 * 84 * One scenario where init(1M) enters its maintenance mode is when 85 * svc.startd(1M) begins to fail rapidly, defined as when the average time 86 * between recent failures drops below a given threshold. 87 */ 88 89 #include <sys/contract/process.h> 90 #include <sys/ctfs.h> 91 #include <sys/stat.h> 92 #include <sys/statvfs.h> 93 #include <sys/stropts.h> 94 #include <sys/systeminfo.h> 95 #include <sys/time.h> 96 #include <sys/termios.h> 97 #include <sys/tty.h> 98 #include <sys/types.h> 99 #include <sys/utsname.h> 100 101 #include <bsm/adt_event.h> 102 #include <bsm/libbsm.h> 103 #include <security/pam_appl.h> 104 105 #include <assert.h> 106 #include <ctype.h> 107 #include <dirent.h> 108 #include <errno.h> 109 #include <fcntl.h> 110 #include <libcontract.h> 111 #include <libcontract_priv.h> 112 #include <libintl.h> 113 #include <libscf.h> 114 #include <libscf_priv.h> 115 #include <poll.h> 116 #include <procfs.h> 117 #include <signal.h> 118 #include <stdarg.h> 119 #include <stdio.h> 120 #include <stdio_ext.h> 121 #include <stdlib.h> 122 #include <string.h> 123 #include <strings.h> 124 #include <syslog.h> 125 #include <time.h> 126 #include <ulimit.h> 127 #include <unistd.h> 128 #include <utmpx.h> 129 #include <wait.h> 130 #include <zone.h> 131 #include <ucontext.h> 132 133 #undef sleep 134 135 #define fioctl(p, sptr, cmd) ioctl(fileno(p), sptr, cmd) 136 #define min(a, b) (((a) < (b)) ? (a) : (b)) 137 138 #define TRUE 1 139 #define FALSE 0 140 #define FAILURE -1 141 142 #define UT_LINE_SZ 32 /* Size of a utmpx ut_line field */ 143 144 /* 145 * SLEEPTIME The number of seconds "init" sleeps between wakeups if 146 * nothing else requires this "init" wakeup. 147 */ 148 #define SLEEPTIME (5 * 60) 149 150 /* 151 * MAXCMDL The maximum length of a command string in inittab. 152 */ 153 #define MAXCMDL 512 154 155 /* 156 * EXEC The length of the prefix string added to all comamnds 157 * found in inittab. 158 */ 159 #define EXEC (sizeof ("exec ") - 1) 160 161 /* 162 * TWARN The amount of time between warning signal, SIGTERM, 163 * and the fatal kill signal, SIGKILL. 164 */ 165 #define TWARN 5 166 167 #define id_eq(x, y) ((x[0] == y[0] && x[1] == y[1] && x[2] == y[2] &&\ 168 x[3] == y[3]) ? TRUE : FALSE) 169 170 /* 171 * The kernel's default umask is 022 these days; since some processes inherit 172 * their umask from init, init will set it from CMASK in /etc/default/init. 173 * init gets the default umask from the kernel, it sets it to 022 whenever 174 * it wants to create a file and reverts to CMASK afterwards. 175 */ 176 177 static int cmask; 178 179 /* 180 * The following definitions, concluding with the 'lvls' array, provide a 181 * common mapping between level-name (like 'S'), signal number (state), 182 * run-level mask, and specific properties associated with a run-level. 183 * This array should be accessed using the routines lvlname_to_state(), 184 * lvlname_to_mask(), state_to_mask(), and state_to_flags(). 185 */ 186 187 /* 188 * Correspondence of signals to init actions. 189 */ 190 #define LVLQ SIGHUP 191 #define LVL0 SIGINT 192 #define LVL1 SIGQUIT 193 #define LVL2 SIGILL 194 #define LVL3 SIGTRAP 195 #define LVL4 SIGIOT 196 #define LVL5 SIGEMT 197 #define LVL6 SIGFPE 198 #define SINGLE_USER SIGBUS 199 #define LVLa SIGSEGV 200 #define LVLb SIGSYS 201 #define LVLc SIGPIPE 202 203 /* 204 * Bit Mask for each level. Used to determine legal levels. 205 */ 206 #define MASK0 0x0001 207 #define MASK1 0x0002 208 #define MASK2 0x0004 209 #define MASK3 0x0008 210 #define MASK4 0x0010 211 #define MASK5 0x0020 212 #define MASK6 0x0040 213 #define MASKSU 0x0080 214 #define MASKa 0x0100 215 #define MASKb 0x0200 216 #define MASKc 0x0400 217 218 #define MASK_NUMERIC (MASK0 | MASK1 | MASK2 | MASK3 | MASK4 | MASK5 | MASK6) 219 #define MASK_abc (MASKa | MASKb | MASKc) 220 221 /* 222 * Flags to indicate properties of various states. 223 */ 224 #define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */ 225 226 typedef struct lvl { 227 int lvl_state; 228 int lvl_mask; 229 char lvl_name; 230 int lvl_flags; 231 } lvl_t; 232 233 static lvl_t lvls[] = { 234 { LVLQ, 0, 'Q', 0 }, 235 { LVLQ, 0, 'q', 0 }, 236 { LVL0, MASK0, '0', LSEL_RUNLEVEL }, 237 { LVL1, MASK1, '1', LSEL_RUNLEVEL }, 238 { LVL2, MASK2, '2', LSEL_RUNLEVEL }, 239 { LVL3, MASK3, '3', LSEL_RUNLEVEL }, 240 { LVL4, MASK4, '4', LSEL_RUNLEVEL }, 241 { LVL5, MASK5, '5', LSEL_RUNLEVEL }, 242 { LVL6, MASK6, '6', LSEL_RUNLEVEL }, 243 { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL }, 244 { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL }, 245 { LVLa, MASKa, 'a', 0 }, 246 { LVLb, MASKb, 'b', 0 }, 247 { LVLc, MASKc, 'c', 0 } 248 }; 249 250 #define LVL_NELEMS (sizeof (lvls) / sizeof (lvl_t)) 251 252 /* 253 * Legal action field values. 254 */ 255 #define OFF 0 /* Kill process if on, else ignore */ 256 #define RESPAWN 1 /* Continuously restart process when it dies */ 257 #define ONDEMAND RESPAWN /* Respawn for a, b, c type processes */ 258 #define ONCE 2 /* Start process, do not respawn when dead */ 259 #define WAIT 3 /* Perform once and wait to complete */ 260 #define BOOT 4 /* Start at boot time only */ 261 #define BOOTWAIT 5 /* Start at boot time and wait to complete */ 262 #define POWERFAIL 6 /* Start on powerfail */ 263 #define POWERWAIT 7 /* Start and wait for complete on powerfail */ 264 #define INITDEFAULT 8 /* Default level "init" should start at */ 265 #define SYSINIT 9 /* Actions performed before init speaks */ 266 267 #define M_OFF 0001 268 #define M_RESPAWN 0002 269 #define M_ONDEMAND M_RESPAWN 270 #define M_ONCE 0004 271 #define M_WAIT 0010 272 #define M_BOOT 0020 273 #define M_BOOTWAIT 0040 274 #define M_PF 0100 275 #define M_PWAIT 0200 276 #define M_INITDEFAULT 0400 277 #define M_SYSINIT 01000 278 279 /* States for the inittab parser in getcmd(). */ 280 #define ID 1 281 #define LEVELS 2 282 #define ACTION 3 283 #define COMMAND 4 284 #define COMMENT 5 285 286 /* 287 * inittab entry id constants 288 */ 289 #define INITTAB_ENTRY_ID_SIZE 4 290 #define INITTAB_ENTRY_ID_STR_FORMAT "%.4s" /* if INITTAB_ENTRY_ID_SIZE */ 291 /* changes, this should */ 292 /* change accordingly */ 293 294 /* 295 * Init can be in any of three main states, "normal" mode where it is 296 * processing entries for the lines file in a normal fashion, "boot" mode, 297 * where it is only interested in the boot actions, and "powerfail" mode, 298 * where it is only interested in powerfail related actions. The following 299 * masks declare the legal actions for each mode. 300 */ 301 #define NORMAL_MODES (M_OFF | M_RESPAWN | M_ONCE | M_WAIT) 302 #define BOOT_MODES (M_BOOT | M_BOOTWAIT) 303 #define PF_MODES (M_PF | M_PWAIT) 304 305 struct PROC_TABLE { 306 char p_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */ 307 /* process */ 308 pid_t p_pid; /* Process id */ 309 short p_count; /* How many respawns of this command in */ 310 /* the current series */ 311 long p_time; /* Start time for a series of respawns */ 312 short p_flags; 313 short p_exit; /* Exit status of a process which died */ 314 }; 315 316 /* 317 * Flags for the "p_flags" word of a PROC_TABLE entry: 318 * 319 * OCCUPIED This slot in init's proc table is in use. 320 * 321 * LIVING Process is alive. 322 * 323 * NOCLEANUP efork() is not allowed to cleanup this entry even 324 * if process is dead. 325 * 326 * NAMED This process has a name, i.e. came from inittab. 327 * 328 * DEMANDREQUEST Process started by a "telinit [abc]" command. Processes 329 * formed this way are respawnable and immune to level 330 * changes as long as their entry exists in inittab. 331 * 332 * TOUCHED Flag used by remv() to determine whether it has looked 333 * at an entry while checking for processes to be killed. 334 * 335 * WARNED Flag used by remv() to mark processes that have been 336 * sent the SIGTERM signal. If they don't die in 5 337 * seconds, they are sent the SIGKILL signal. 338 * 339 * KILLED Flag used by remv() to mark procs that have been sent 340 * the SIGTERM and SIGKILL signals. 341 * 342 * PF_MASK Bitwise or of legal flags, for sanity checking. 343 */ 344 #define OCCUPIED 01 345 #define LIVING 02 346 #define NOCLEANUP 04 347 #define NAMED 010 348 #define DEMANDREQUEST 020 349 #define TOUCHED 040 350 #define WARNED 0100 351 #define KILLED 0200 352 #define PF_MASK 0377 353 354 /* 355 * Respawn limits for processes that are to be respawned: 356 * 357 * SPAWN_INTERVAL The number of seconds over which "init" will try to 358 * respawn a process SPAWN_LIMIT times before it gets mad. 359 * 360 * SPAWN_LIMIT The number of respawns "init" will attempt in 361 * SPAWN_INTERVAL seconds before it generates an 362 * error message and inhibits further tries for 363 * INHIBIT seconds. 364 * 365 * INHIBIT The number of seconds "init" ignores an entry it had 366 * trouble spawning unless a "telinit Q" is received. 367 */ 368 369 #define SPAWN_INTERVAL (2*60) 370 #define SPAWN_LIMIT 10 371 #define INHIBIT (5*60) 372 373 /* 374 * The maximum number of decimal digits for an id_t. (ceil(log10 (max_id))) 375 */ 376 #define ID_MAX_STR_LEN 10 377 378 #define NULLPROC ((struct PROC_TABLE *)(0)) 379 #define NO_ROOM ((struct PROC_TABLE *)(FAILURE)) 380 381 struct CMD_LINE { 382 char c_id[INITTAB_ENTRY_ID_SIZE]; /* Four letter unique id of */ 383 /* process to be affected by */ 384 /* action */ 385 short c_levels; /* Mask of legal levels for process */ 386 short c_action; /* Mask for type of action required */ 387 char *c_command; /* Pointer to init command */ 388 }; 389 390 struct pidrec { 391 int pd_type; /* Command type */ 392 pid_t pd_pid; /* pid to add or remove */ 393 }; 394 395 /* 396 * pd_type's 397 */ 398 #define ADDPID 1 399 #define REMPID 2 400 401 static struct pidlist { 402 pid_t pl_pid; /* pid to watch for */ 403 int pl_dflag; /* Flag indicating SIGCLD from this pid */ 404 short pl_exit; /* Exit status of proc */ 405 struct pidlist *pl_next; /* Next in list */ 406 } *Plhead, *Plfree; 407 408 /* 409 * The following structure contains a set of modes for /dev/syscon 410 * and should match the default contents of /etc/ioctl.syscon. It should also 411 * be kept in-sync with base_termios in uts/common/io/ttcompat.c. 412 */ 413 static struct termios dflt_termios = { 414 BRKINT|ICRNL|IXON|IMAXBEL, /* iflag */ 415 OPOST|ONLCR|TAB3, /* oflag */ 416 CS8|CREAD|B9600, /* cflag */ 417 ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN, /* lflag */ 418 CINTR, CQUIT, CERASE, CKILL, CEOF, 0, 0, 0, 419 0, 0, 0, 0, 0, 0, 0, 0, 420 0, 0, 0 421 }; 422 423 static struct termios stored_syscon_termios; 424 static int write_ioctl = 0; /* Rewrite /etc/ioctl.syscon */ 425 426 static union WAKEUP { 427 struct WAKEFLAGS { 428 unsigned w_usersignal : 1; /* User sent signal to "init" */ 429 unsigned w_childdeath : 1; /* An "init" child died */ 430 unsigned w_powerhit : 1; /* OS experienced powerfail */ 431 } w_flags; 432 int w_mask; 433 } wakeup; 434 435 436 struct init_state { 437 int ist_runlevel; 438 int ist_num_proc; 439 int ist_utmpx_ok; 440 struct PROC_TABLE ist_proc_table[1]; 441 }; 442 443 #define cur_state (g_state->ist_runlevel) 444 #define num_proc (g_state->ist_num_proc) 445 #define proc_table (g_state->ist_proc_table) 446 #define utmpx_ok (g_state->ist_utmpx_ok) 447 448 /* Contract cookies. */ 449 #define ORDINARY_COOKIE 0 450 #define STARTD_COOKIE 1 451 452 453 #ifndef NDEBUG 454 #define bad_error(func, err) { \ 455 (void) fprintf(stderr, "%s:%d: %s() failed with unexpected " \ 456 "error %d. Aborting.\n", __FILE__, __LINE__, (func), (err)); \ 457 abort(); \ 458 } 459 #else 460 #define bad_error(func, err) abort() 461 #endif 462 463 464 /* 465 * Useful file and device names. 466 */ 467 static char *CONSOLE = "/dev/console"; /* Real system console */ 468 static char *INITPIPE_DIR = "/var/run"; 469 static char *INITPIPE = "/var/run/initpipe"; 470 471 #define INIT_STATE_DIR "/etc/svc/volatile" 472 static const char * const init_state_file = INIT_STATE_DIR "/init.state"; 473 static const char * const init_next_state_file = 474 INIT_STATE_DIR "/init-next.state"; 475 476 static const int init_num_proc = 20; /* Initial size of process table. */ 477 478 static char *UTMPX = UTMPX_FILE; /* Snapshot record file */ 479 static char *WTMPX = WTMPX_FILE; /* Long term record file */ 480 static char *INITTAB = "/etc/inittab"; /* Script file for "init" */ 481 static char *SYSTTY = "/dev/systty"; /* System Console */ 482 static char *SYSCON = "/dev/syscon"; /* Virtual System console */ 483 static char *IOCTLSYSCON = "/etc/ioctl.syscon"; /* Last syscon modes */ 484 static char *ENVFILE = "/etc/default/init"; /* Default env. */ 485 static char *SU = "/etc/sulogin"; /* Super-user program for single user */ 486 static char *SH = "/sbin/sh"; /* Standard shell */ 487 488 /* 489 * Default Path. /sbin is included in path only during sysinit phase 490 */ 491 #define DEF_PATH "PATH=/usr/sbin:/usr/bin" 492 #define INIT_PATH "PATH=/sbin:/usr/sbin:/usr/bin" 493 494 static int prior_state; 495 static int prev_state; /* State "init" was in last time it woke */ 496 static int new_state; /* State user wants "init" to go to. */ 497 static int lvlq_received; /* Explicit request to examine state */ 498 static int op_modes = BOOT_MODES; /* Current state of "init" */ 499 static int Gchild = 0; /* Flag to indicate "godchild" died, set in */ 500 /* childeath() and cleared in cleanaux() */ 501 static int Pfd = -1; /* fd to receive pids thru */ 502 static unsigned int spawncnt, pausecnt; 503 static int rsflag; /* Set if a respawn has taken place */ 504 static volatile int time_up; /* Flag set to TRUE by the alarm interrupt */ 505 /* routine each time an alarm interrupt */ 506 /* takes place. */ 507 static int sflg = 0; /* Set if we were booted -s to single user */ 508 static int rflg = 0; /* Set if booted -r, reconfigure devices */ 509 static int bflg = 0; /* Set if booted -b, don't run rc scripts */ 510 static pid_t init_pid; /* PID of "one true" init for current zone */ 511 512 static struct init_state *g_state = NULL; 513 static size_t g_state_sz; 514 static int booting = 1; /* Set while we're booting. */ 515 516 /* 517 * Array for default global environment. 518 */ 519 #define MAXENVENT 24 /* Max number of default env variables + 1 */ 520 /* init can use three itself, so this leaves */ 521 /* 20 for the administrator in ENVFILE. */ 522 static char *glob_envp[MAXENVENT]; /* Array of environment strings */ 523 static int glob_envn; /* Number of environment strings */ 524 525 526 static struct pollfd poll_fds[1]; 527 static int poll_nfds = 0; /* poll_fds is uninitialized */ 528 529 /* 530 * Contracts constants 531 */ 532 #define SVC_INIT_PREFIX "init:/" 533 #define SVC_AUX_SIZE (INITTAB_ENTRY_ID_SIZE + 1) 534 #define SVC_FMRI_SIZE (sizeof (SVC_INIT_PREFIX) + INITTAB_ENTRY_ID_SIZE) 535 536 static int legacy_tmpl = -1; /* fd for legacy contract template */ 537 static int startd_tmpl = -1; /* fd for svc.startd's template */ 538 static char startd_svc_aux[SVC_AUX_SIZE]; 539 540 static char startd_cline[256] = ""; /* svc.startd's command line */ 541 static int do_restart_startd = 1; /* Whether to restart svc.startd. */ 542 static char *smf_options = NULL; /* Options to give to startd. */ 543 static int smf_debug = 0; /* Messages for debugging smf(5) */ 544 static time_t init_boot_time; /* Substitute for kernel boot time. */ 545 546 #define NSTARTD_FAILURE_TIMES 3 /* trigger after 3 failures */ 547 #define STARTD_FAILURE_RATE_NS 5000000000LL /* 1 failure/5 seconds */ 548 549 static hrtime_t startd_failure_time[NSTARTD_FAILURE_TIMES]; 550 static uint_t startd_failure_index; 551 552 553 static char *prog_name(char *); 554 static int state_to_mask(int); 555 static int lvlname_to_mask(char, int *); 556 static void lscf_set_runlevel(char); 557 static int state_to_flags(int); 558 static char state_to_name(int); 559 static int lvlname_to_state(char); 560 static int getcmd(struct CMD_LINE *, char *); 561 static int realcon(); 562 static int spawn_processes(); 563 static int get_ioctl_syscon(); 564 static int account(short, struct PROC_TABLE *, char *); 565 static void alarmclk(); 566 static void childeath(int); 567 static void cleanaux(); 568 static void clearent(pid_t, short); 569 static void console(boolean_t, char *, ...); 570 static void init_signals(void); 571 static void setup_pipe(); 572 static void killproc(pid_t); 573 static void init_env(); 574 static void boot_init(); 575 static void powerfail(); 576 static void remv(); 577 static void write_ioctl_syscon(); 578 static void spawn(struct PROC_TABLE *, struct CMD_LINE *); 579 static void setimer(int); 580 static void siglvl(int, siginfo_t *, ucontext_t *); 581 static void sigpoll(int); 582 static void enter_maintenance(void); 583 static void timer(int); 584 static void userinit(int, char **); 585 static void notify_pam_dead(struct utmpx *); 586 static long waitproc(struct PROC_TABLE *); 587 static struct PROC_TABLE *efork(int, struct PROC_TABLE *, int); 588 static struct PROC_TABLE *findpslot(struct CMD_LINE *); 589 static void increase_proc_table_size(); 590 static void st_init(); 591 static void st_write(); 592 static void contracts_init(); 593 static void contract_event(struct pollfd *); 594 static int startd_run(const char *, int, ctid_t); 595 static void startd_record_failure(); 596 static int startd_failure_rate_critical(); 597 static char *audit_boot_msg(); 598 static int audit_put_record(int, int, char *); 599 static void update_boot_archive(int new_state); 600 601 int 602 main(int argc, char *argv[]) 603 { 604 int chg_lvl_flag = FALSE, print_banner = FALSE; 605 int may_need_audit = 1; 606 int c; 607 char *msg; 608 609 /* Get a timestamp for use as boot time, if needed. */ 610 (void) time(&init_boot_time); 611 612 /* Get the default umask */ 613 cmask = umask(022); 614 (void) umask(cmask); 615 616 /* Parse the arguments to init. Check for single user */ 617 opterr = 0; 618 while ((c = getopt(argc, argv, "brsm:")) != EOF) { 619 switch (c) { 620 case 'b': 621 rflg = 0; 622 bflg = 1; 623 if (!sflg) 624 sflg++; 625 break; 626 case 'r': 627 bflg = 0; 628 rflg++; 629 break; 630 case 's': 631 if (!bflg) 632 sflg++; 633 break; 634 case 'm': 635 smf_options = optarg; 636 smf_debug = (strstr(smf_options, "debug") != NULL); 637 break; 638 } 639 } 640 641 /* 642 * Determine if we are the main init, or a user invoked init, whose job 643 * it is to inform init to change levels or perform some other action. 644 */ 645 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 646 sizeof (init_pid)) != sizeof (init_pid)) { 647 (void) fprintf(stderr, "could not get pid for init\n"); 648 return (1); 649 } 650 651 /* 652 * If this PID is not the same as the "true" init for the zone, then we 653 * must be in 'user' mode. 654 */ 655 if (getpid() != init_pid) { 656 userinit(argc, argv); 657 } 658 659 if (getzoneid() != GLOBAL_ZONEID) { 660 print_banner = TRUE; 661 } 662 663 /* 664 * Initialize state (and set "booting"). 665 */ 666 st_init(); 667 668 if (booting && print_banner) { 669 struct utsname un; 670 char buf[BUFSIZ], *isa; 671 long ret; 672 int bits = 32; 673 674 /* 675 * We want to print the boot banner as soon as 676 * possible. In the global zone, the kernel does it, 677 * but we do not have that luxury in non-global zones, 678 * so we will print it here. 679 */ 680 (void) uname(&un); 681 ret = sysinfo(SI_ISALIST, buf, sizeof (buf)); 682 if (ret != -1L && ret <= sizeof (buf)) { 683 for (isa = strtok(buf, " "); isa; 684 isa = strtok(NULL, " ")) { 685 if (strcmp(isa, "sparcv9") == 0 || 686 strcmp(isa, "amd64") == 0) { 687 bits = 64; 688 break; 689 } 690 } 691 } 692 693 console(B_FALSE, 694 "\n\n%s Release %s Version %s %d-bit\r\n", 695 un.sysname, un.release, un.version, bits); 696 console(B_FALSE, 697 "Copyright (c) 1983, 2010, Oracle and/or its affiliates." 698 " All rights reserved.\r\n"); 699 } 700 701 /* 702 * Get the ioctl settings for /dev/syscon from /etc/ioctl.syscon 703 * so that it can be brought up in the state it was in when the 704 * system went down; or set to defaults if ioctl.syscon isn't 705 * valid. 706 * 707 * This needs to be done even if we're restarting so reset_modes() 708 * will work in case we need to go down to single user mode. 709 */ 710 write_ioctl = get_ioctl_syscon(); 711 712 /* 713 * Set up all signals to be caught or ignored as appropriate. 714 */ 715 init_signals(); 716 717 /* Load glob_envp from ENVFILE. */ 718 init_env(); 719 720 contracts_init(); 721 722 if (!booting) { 723 /* cur_state should have been read in. */ 724 725 op_modes = NORMAL_MODES; 726 727 /* Rewrite the ioctl file if it was bad. */ 728 if (write_ioctl) 729 write_ioctl_syscon(); 730 } else { 731 /* 732 * It's fine to boot up with state as zero, because 733 * startd will later tell us the real state. 734 */ 735 cur_state = 0; 736 op_modes = BOOT_MODES; 737 738 boot_init(); 739 } 740 741 prev_state = prior_state = cur_state; 742 743 setup_pipe(); 744 745 /* 746 * Here is the beginning of the main process loop. 747 */ 748 for (;;) { 749 if (lvlq_received) { 750 setup_pipe(); 751 lvlq_received = B_FALSE; 752 } 753 754 /* 755 * Clean up any accounting records for dead "godchildren". 756 */ 757 if (Gchild) 758 cleanaux(); 759 760 /* 761 * If in "normal" mode, check all living processes and initiate 762 * kill sequence on those that should not be there anymore. 763 */ 764 if (op_modes == NORMAL_MODES && cur_state != LVLa && 765 cur_state != LVLb && cur_state != LVLc) 766 remv(); 767 768 /* 769 * If a change in run levels is the reason we awoke, now do 770 * the accounting to report the change in the utmp file. 771 * Also report the change on the system console. 772 */ 773 if (chg_lvl_flag) { 774 chg_lvl_flag = FALSE; 775 776 if (state_to_flags(cur_state) & LSEL_RUNLEVEL) { 777 char rl = state_to_name(cur_state); 778 779 if (rl != -1) 780 lscf_set_runlevel(rl); 781 } 782 783 may_need_audit = 1; 784 } 785 786 /* 787 * Scan the inittab file and spawn and respawn processes that 788 * should be alive in the current state. If inittab does not 789 * exist default to single user mode. 790 */ 791 if (spawn_processes() == FAILURE) { 792 prior_state = prev_state; 793 cur_state = SINGLE_USER; 794 } 795 796 /* If any respawns occurred, take note. */ 797 if (rsflag) { 798 rsflag = 0; 799 spawncnt++; 800 } 801 802 /* 803 * If a powerfail signal was received during the last 804 * sequence, set mode to powerfail. When spawn_processes() is 805 * entered the first thing it does is to check "powerhit". If 806 * it is in PF_MODES then it clears "powerhit" and does 807 * a powerfail sequence. If it is not in PF_MODES, then it 808 * puts itself in PF_MODES and then clears "powerhit". Should 809 * "powerhit" get set again while spawn_processes() is working 810 * on a powerfail sequence, the following code will see that 811 * spawn_processes() tries to execute the powerfail sequence 812 * again. This guarantees that the powerfail sequence will be 813 * successfully completed before further processing takes 814 * place. 815 */ 816 if (wakeup.w_flags.w_powerhit) { 817 op_modes = PF_MODES; 818 /* 819 * Make sure that cur_state != prev_state so that 820 * ONCE and WAIT types work. 821 */ 822 prev_state = 0; 823 } else if (op_modes != NORMAL_MODES) { 824 /* 825 * If spawn_processes() was not just called while in 826 * normal mode, we set the mode to normal and it will 827 * be called again to check normal modes. If we have 828 * just finished a powerfail sequence with prev_state 829 * equal to zero, we set prev_state equal to cur_state 830 * before the next pass through. 831 */ 832 if (op_modes == PF_MODES) 833 prev_state = cur_state; 834 op_modes = NORMAL_MODES; 835 } else if (cur_state == LVLa || cur_state == LVLb || 836 cur_state == LVLc) { 837 /* 838 * If it was a change of levels that awakened us and the 839 * new level is one of the demand levels then reset 840 * cur_state to the previous state and do another scan 841 * to take care of the usual respawn actions. 842 */ 843 cur_state = prior_state; 844 prior_state = prev_state; 845 prev_state = cur_state; 846 } else { 847 prev_state = cur_state; 848 849 if (wakeup.w_mask == 0) { 850 int ret; 851 852 if (may_need_audit && (cur_state == LVL3)) { 853 msg = audit_boot_msg(); 854 855 may_need_audit = 0; 856 (void) audit_put_record(ADT_SUCCESS, 857 ADT_SUCCESS, msg); 858 free(msg); 859 } 860 861 /* 862 * "init" is finished with all actions for 863 * the current wakeup. 864 */ 865 ret = poll(poll_fds, poll_nfds, 866 SLEEPTIME * MILLISEC); 867 pausecnt++; 868 if (ret > 0) 869 contract_event(&poll_fds[0]); 870 else if (ret < 0 && errno != EINTR) 871 console(B_TRUE, "poll() error: %s\n", 872 strerror(errno)); 873 } 874 875 if (wakeup.w_flags.w_usersignal) { 876 /* 877 * Install the new level. This could be a real 878 * change in levels or a telinit [Q|a|b|c] or 879 * just a telinit to the same level at which 880 * we are running. 881 */ 882 if (new_state != cur_state) { 883 if (new_state == LVLa || 884 new_state == LVLb || 885 new_state == LVLc) { 886 prev_state = prior_state; 887 prior_state = cur_state; 888 cur_state = new_state; 889 } else { 890 prev_state = cur_state; 891 if (cur_state >= 0) 892 prior_state = cur_state; 893 cur_state = new_state; 894 chg_lvl_flag = TRUE; 895 } 896 } 897 898 new_state = 0; 899 } 900 901 if (wakeup.w_flags.w_powerhit) 902 op_modes = PF_MODES; 903 904 /* 905 * Clear all wakeup reasons. 906 */ 907 wakeup.w_mask = 0; 908 } 909 } 910 911 /*NOTREACHED*/ 912 } 913 914 static void 915 update_boot_archive(int new_state) 916 { 917 if (new_state != LVL0 && new_state != LVL5 && new_state != LVL6) 918 return; 919 920 if (getzoneid() != GLOBAL_ZONEID) 921 return; 922 923 (void) system("/sbin/bootadm -ea update_all"); 924 } 925 926 /* 927 * void enter_maintenance() 928 * A simple invocation of sulogin(1M), with no baggage, in the case that we 929 * are unable to activate svc.startd(1M). We fork; the child runs sulogin; 930 * we wait for it to exit. 931 */ 932 static void 933 enter_maintenance() 934 { 935 struct PROC_TABLE *su_process; 936 937 console(B_FALSE, "Requesting maintenance mode\n" 938 "(See /lib/svc/share/README for additional information.)\n"); 939 (void) sighold(SIGCLD); 940 while ((su_process = efork(M_OFF, NULLPROC, NOCLEANUP)) == NO_ROOM) 941 (void) pause(); 942 (void) sigrelse(SIGCLD); 943 if (su_process == NULLPROC) { 944 int fd; 945 946 (void) fclose(stdin); 947 (void) fclose(stdout); 948 (void) fclose(stderr); 949 closefrom(0); 950 951 fd = open(SYSCON, O_RDWR | O_NOCTTY); 952 if (fd >= 0) { 953 (void) dup2(fd, 1); 954 (void) dup2(fd, 2); 955 } else { 956 /* 957 * Need to issue an error message somewhere. 958 */ 959 syslog(LOG_CRIT, "init[%d]: cannot open %s; %s\n", 960 getpid(), SYSCON, strerror(errno)); 961 } 962 963 /* 964 * Execute the "su" program. 965 */ 966 (void) execle(SU, SU, "-", (char *)0, glob_envp); 967 console(B_TRUE, "execle of %s failed: %s\n", SU, 968 strerror(errno)); 969 timer(5); 970 exit(1); 971 } 972 973 /* 974 * If we are the parent, wait around for the child to die 975 * or for "init" to be signaled to change levels. 976 */ 977 while (waitproc(su_process) == FAILURE) { 978 /* 979 * All other reasons for waking are ignored when in 980 * single-user mode. The only child we are interested 981 * in is being waited for explicitly by waitproc(). 982 */ 983 wakeup.w_mask = 0; 984 } 985 } 986 987 /* 988 * remv() scans through "proc_table" and performs cleanup. If 989 * there is a process in the table, which shouldn't be here at 990 * the current run level, then remv() kills the process. 991 */ 992 static void 993 remv() 994 { 995 struct PROC_TABLE *process; 996 struct CMD_LINE cmd; 997 char cmd_string[MAXCMDL]; 998 int change_level; 999 1000 change_level = (cur_state != prev_state ? TRUE : FALSE); 1001 1002 /* 1003 * Clear the TOUCHED flag on all entries so that when we have 1004 * finished scanning inittab, we will be able to tell if we 1005 * have any processes for which there is no entry in inittab. 1006 */ 1007 for (process = proc_table; 1008 (process < proc_table + num_proc); process++) { 1009 process->p_flags &= ~TOUCHED; 1010 } 1011 1012 /* 1013 * Scan all inittab entries. 1014 */ 1015 while (getcmd(&cmd, &cmd_string[0]) == TRUE) { 1016 /* Scan for process which goes with this entry in inittab. */ 1017 for (process = proc_table; 1018 (process < proc_table + num_proc); process++) { 1019 if ((process->p_flags & OCCUPIED) == 0 || 1020 !id_eq(process->p_id, cmd.c_id)) 1021 continue; 1022 1023 /* 1024 * This slot contains the process we are looking for. 1025 */ 1026 1027 /* 1028 * Is the cur_state SINGLE_USER or is this process 1029 * marked as "off" or was this proc started by some 1030 * mechanism other than LVL{a|b|c} and the current level 1031 * does not support this process? 1032 */ 1033 if (cur_state == SINGLE_USER || 1034 cmd.c_action == M_OFF || 1035 ((cmd.c_levels & state_to_mask(cur_state)) == 0 && 1036 (process->p_flags & DEMANDREQUEST) == 0)) { 1037 if (process->p_flags & LIVING) { 1038 /* 1039 * Touch this entry so we know we have 1040 * treated it. Note that procs which 1041 * are already dead at this point and 1042 * should not be restarted are left 1043 * untouched. This causes their slot to 1044 * be freed later after dead accounting 1045 * is done. 1046 */ 1047 process->p_flags |= TOUCHED; 1048 1049 if ((process->p_flags & KILLED) == 0) { 1050 if (change_level) { 1051 process->p_flags 1052 |= WARNED; 1053 (void) kill( 1054 process->p_pid, 1055 SIGTERM); 1056 } else { 1057 /* 1058 * Fork a killing proc 1059 * so "init" can 1060 * continue without 1061 * having to pause for 1062 * TWARN seconds. 1063 */ 1064 killproc( 1065 process->p_pid); 1066 } 1067 process->p_flags |= KILLED; 1068 } 1069 } 1070 } else { 1071 /* 1072 * Process can exist at current level. If it is 1073 * still alive or a DEMANDREQUEST we touch it so 1074 * it will be left alone. Otherwise we leave it 1075 * untouched so it will be accounted for and 1076 * cleaned up later in remv(). Dead 1077 * DEMANDREQUESTs will be accounted but not 1078 * freed. 1079 */ 1080 if (process->p_flags & 1081 (LIVING|NOCLEANUP|DEMANDREQUEST)) 1082 process->p_flags |= TOUCHED; 1083 } 1084 1085 break; 1086 } 1087 } 1088 1089 st_write(); 1090 1091 /* 1092 * If this was a change of levels call, scan through the 1093 * process table for processes that were warned to die. If any 1094 * are found that haven't left yet, sleep for TWARN seconds and 1095 * then send final terminations to any that haven't died yet. 1096 */ 1097 if (change_level) { 1098 1099 /* 1100 * Set the alarm for TWARN seconds on the assumption 1101 * that there will be some that need to be waited for. 1102 * This won't harm anything except we are guaranteed to 1103 * wakeup in TWARN seconds whether we need to or not. 1104 */ 1105 setimer(TWARN); 1106 1107 /* 1108 * Scan for processes which should be dying. We hope they 1109 * will die without having to be sent a SIGKILL signal. 1110 */ 1111 for (process = proc_table; 1112 (process < proc_table + num_proc); process++) { 1113 /* 1114 * If this process should die, hasn't yet, and the 1115 * TWARN time hasn't expired yet, wait for process 1116 * to die or for timer to expire. 1117 */ 1118 while (time_up == FALSE && 1119 (process->p_flags & (WARNED|LIVING|OCCUPIED)) == 1120 (WARNED|LIVING|OCCUPIED)) 1121 (void) pause(); 1122 1123 if (time_up == TRUE) 1124 break; 1125 } 1126 1127 /* 1128 * If we reached the end of the table without the timer 1129 * expiring, then there are no procs which will have to be 1130 * sent the SIGKILL signal. If the timer has expired, then 1131 * it is necessary to scan the table again and send signals 1132 * to all processes which aren't going away nicely. 1133 */ 1134 if (time_up == TRUE) { 1135 for (process = proc_table; 1136 (process < proc_table + num_proc); process++) { 1137 if ((process->p_flags & 1138 (WARNED|LIVING|OCCUPIED)) == 1139 (WARNED|LIVING|OCCUPIED)) 1140 (void) kill(process->p_pid, SIGKILL); 1141 } 1142 } 1143 setimer(0); 1144 } 1145 1146 /* 1147 * Rescan the proc_table for two kinds of entry, those marked LIVING, 1148 * NAMED, which don't have an entry in inittab (haven't been TOUCHED 1149 * by the above scanning), and haven't been sent kill signals, and 1150 * those entries marked not LIVING, NAMED. The former procs are killed. 1151 * The latter have DEAD_PROCESS accounting done and the slot cleared. 1152 */ 1153 for (process = proc_table; 1154 (process < proc_table + num_proc); process++) { 1155 if ((process->p_flags & (LIVING|NAMED|TOUCHED|KILLED|OCCUPIED)) 1156 == (LIVING|NAMED|OCCUPIED)) { 1157 killproc(process->p_pid); 1158 process->p_flags |= KILLED; 1159 } else if ((process->p_flags & (LIVING|NAMED|OCCUPIED)) == 1160 (NAMED|OCCUPIED)) { 1161 (void) account(DEAD_PROCESS, process, NULL); 1162 /* 1163 * If this named proc hasn't been TOUCHED, then free the 1164 * space. It has either died of it's own accord, but 1165 * isn't respawnable or it was killed because it 1166 * shouldn't exist at this level. 1167 */ 1168 if ((process->p_flags & TOUCHED) == 0) 1169 process->p_flags = 0; 1170 } 1171 } 1172 1173 st_write(); 1174 } 1175 1176 /* 1177 * Extract the svc.startd command line and whether to restart it from its 1178 * inittab entry. 1179 */ 1180 /*ARGSUSED*/ 1181 static void 1182 process_startd_line(struct CMD_LINE *cmd, char *cmd_string) 1183 { 1184 size_t sz; 1185 1186 /* Save the command line. */ 1187 if (sflg || rflg) { 1188 /* Also append -r or -s. */ 1189 (void) strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1190 (void) strlcat(startd_cline, " -", sizeof (startd_cline)); 1191 if (sflg) 1192 sz = strlcat(startd_cline, "s", sizeof (startd_cline)); 1193 if (rflg) 1194 sz = strlcat(startd_cline, "r", sizeof (startd_cline)); 1195 } else { 1196 sz = strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1197 } 1198 1199 if (sz >= sizeof (startd_cline)) { 1200 console(B_TRUE, 1201 "svc.startd command line too long. Ignoring.\n"); 1202 startd_cline[0] = '\0'; 1203 return; 1204 } 1205 } 1206 1207 /* 1208 * spawn_processes() scans inittab for entries which should be run at this 1209 * mode. Processes which should be running but are not, are started. 1210 */ 1211 static int 1212 spawn_processes() 1213 { 1214 struct PROC_TABLE *pp; 1215 struct CMD_LINE cmd; 1216 char cmd_string[MAXCMDL]; 1217 short lvl_mask; 1218 int status; 1219 1220 /* 1221 * First check the "powerhit" flag. If it is set, make sure the modes 1222 * are PF_MODES and clear the "powerhit" flag. Avoid the possible race 1223 * on the "powerhit" flag by disallowing a new powerfail interrupt 1224 * between the test of the powerhit flag and the clearing of it. 1225 */ 1226 if (wakeup.w_flags.w_powerhit) { 1227 wakeup.w_flags.w_powerhit = 0; 1228 op_modes = PF_MODES; 1229 } 1230 lvl_mask = state_to_mask(cur_state); 1231 1232 /* 1233 * Scan through all the entries in inittab. 1234 */ 1235 while ((status = getcmd(&cmd, &cmd_string[0])) == TRUE) { 1236 if (id_eq(cmd.c_id, "smf")) { 1237 process_startd_line(&cmd, cmd_string); 1238 continue; 1239 } 1240 1241 retry_for_proc_slot: 1242 1243 /* 1244 * Find out if there is a process slot for this entry already. 1245 */ 1246 if ((pp = findpslot(&cmd)) == NULLPROC) { 1247 /* 1248 * we've run out of proc table entries 1249 * increase proc_table. 1250 */ 1251 increase_proc_table_size(); 1252 1253 /* 1254 * Retry now as we have an empty proc slot. 1255 * In case increase_proc_table_size() fails, 1256 * we will keep retrying. 1257 */ 1258 goto retry_for_proc_slot; 1259 } 1260 1261 /* 1262 * If there is an entry, and it is marked as DEMANDREQUEST, 1263 * one of the levels a, b, or c is in its levels mask, and 1264 * the action field is ONDEMAND and ONDEMAND is a permissable 1265 * mode, and the process is dead, then respawn it. 1266 */ 1267 if (((pp->p_flags & (LIVING|DEMANDREQUEST)) == DEMANDREQUEST) && 1268 (cmd.c_levels & MASK_abc) && 1269 (cmd.c_action & op_modes) == M_ONDEMAND) { 1270 spawn(pp, &cmd); 1271 continue; 1272 } 1273 1274 /* 1275 * If the action is not an action we are interested in, 1276 * skip the entry. 1277 */ 1278 if ((cmd.c_action & op_modes) == 0 || pp->p_flags & LIVING || 1279 (cmd.c_levels & lvl_mask) == 0) 1280 continue; 1281 1282 /* 1283 * If the modes are the normal modes (ONCE, WAIT, RESPAWN, OFF, 1284 * ONDEMAND) and the action field is either OFF or the action 1285 * field is ONCE or WAIT and the current level is the same as 1286 * the last level, then skip this entry. ONCE and WAIT only 1287 * get run when the level changes. 1288 */ 1289 if (op_modes == NORMAL_MODES && 1290 (cmd.c_action == M_OFF || 1291 (cmd.c_action & (M_ONCE|M_WAIT)) && 1292 cur_state == prev_state)) 1293 continue; 1294 1295 /* 1296 * At this point we are interested in performing the action for 1297 * this entry. Actions fall into two categories, spinning off 1298 * a process and not waiting, and spinning off a process and 1299 * waiting for it to die. If the action is ONCE, RESPAWN, 1300 * ONDEMAND, POWERFAIL, or BOOT we don't wait for the process 1301 * to die, for all other actions we do wait. 1302 */ 1303 if (cmd.c_action & (M_ONCE | M_RESPAWN | M_PF | M_BOOT)) { 1304 spawn(pp, &cmd); 1305 1306 } else { 1307 spawn(pp, &cmd); 1308 while (waitproc(pp) == FAILURE) 1309 ; 1310 (void) account(DEAD_PROCESS, pp, NULL); 1311 pp->p_flags = 0; 1312 } 1313 } 1314 return (status); 1315 } 1316 1317 /* 1318 * spawn() spawns a shell, inserts the information about the process 1319 * process into the proc_table, and does the startup accounting. 1320 */ 1321 static void 1322 spawn(struct PROC_TABLE *process, struct CMD_LINE *cmd) 1323 { 1324 int i; 1325 int modes, maxfiles; 1326 time_t now; 1327 struct PROC_TABLE tmproc, *oprocess; 1328 1329 /* 1330 * The modes to be sent to efork() are 0 unless we are 1331 * spawning a LVLa, LVLb, or LVLc entry or we will be 1332 * waiting for the death of the child before continuing. 1333 */ 1334 modes = NAMED; 1335 if (process->p_flags & DEMANDREQUEST || cur_state == LVLa || 1336 cur_state == LVLb || cur_state == LVLc) 1337 modes |= DEMANDREQUEST; 1338 if ((cmd->c_action & (M_SYSINIT | M_WAIT | M_BOOTWAIT | M_PWAIT)) != 0) 1339 modes |= NOCLEANUP; 1340 1341 /* 1342 * If this is a respawnable process, check the threshold 1343 * information to avoid excessive respawns. 1344 */ 1345 if (cmd->c_action & M_RESPAWN) { 1346 /* 1347 * Add NOCLEANUP to all respawnable commands so that the 1348 * information about the frequency of respawns isn't lost. 1349 */ 1350 modes |= NOCLEANUP; 1351 (void) time(&now); 1352 1353 /* 1354 * If no time is assigned, then this is the first time 1355 * this command is being processed in this series. Assign 1356 * the current time. 1357 */ 1358 if (process->p_time == 0L) 1359 process->p_time = now; 1360 1361 if (process->p_count++ == SPAWN_LIMIT) { 1362 1363 if ((now - process->p_time) < SPAWN_INTERVAL) { 1364 /* 1365 * Process is respawning too rapidly. Print 1366 * message and refuse to respawn it for now. 1367 */ 1368 console(B_TRUE, "Command is respawning too " 1369 "rapidly. Check for possible errors.\n" 1370 "id:%4s \"%s\"\n", 1371 &cmd->c_id[0], &cmd->c_command[EXEC]); 1372 return; 1373 } 1374 process->p_time = now; 1375 process->p_count = 0; 1376 1377 } else if (process->p_count > SPAWN_LIMIT) { 1378 /* 1379 * If process has been respawning too rapidly and 1380 * the inhibit time limit hasn't expired yet, we 1381 * refuse to respawn. 1382 */ 1383 if (now - process->p_time < SPAWN_INTERVAL + INHIBIT) 1384 return; 1385 process->p_time = now; 1386 process->p_count = 0; 1387 } 1388 rsflag = TRUE; 1389 } 1390 1391 /* 1392 * Spawn a child process to execute this command. 1393 */ 1394 (void) sighold(SIGCLD); 1395 oprocess = process; 1396 while ((process = efork(cmd->c_action, oprocess, modes)) == NO_ROOM) 1397 (void) pause(); 1398 1399 if (process == NULLPROC) { 1400 1401 /* 1402 * We are the child. We must make sure we get a different 1403 * file pointer for our references to utmpx. Otherwise our 1404 * seeks and reads will compete with those of the parent. 1405 */ 1406 endutxent(); 1407 1408 /* 1409 * Perform the accounting for the beginning of a process. 1410 * Note that all processes are initially "INIT_PROCESS"es. 1411 */ 1412 tmproc.p_id[0] = cmd->c_id[0]; 1413 tmproc.p_id[1] = cmd->c_id[1]; 1414 tmproc.p_id[2] = cmd->c_id[2]; 1415 tmproc.p_id[3] = cmd->c_id[3]; 1416 tmproc.p_pid = getpid(); 1417 tmproc.p_exit = 0; 1418 (void) account(INIT_PROCESS, &tmproc, 1419 prog_name(&cmd->c_command[EXEC])); 1420 maxfiles = ulimit(UL_GDESLIM, 0); 1421 for (i = 0; i < maxfiles; i++) 1422 (void) fcntl(i, F_SETFD, FD_CLOEXEC); 1423 1424 /* 1425 * Now exec a shell with the -c option and the command 1426 * from inittab. 1427 */ 1428 (void) execle(SH, "INITSH", "-c", cmd->c_command, (char *)0, 1429 glob_envp); 1430 console(B_TRUE, "Command\n\"%s\"\n failed to execute. errno " 1431 "= %d (exec of shell failed)\n", cmd->c_command, errno); 1432 1433 /* 1434 * Don't come back so quickly that "init" doesn't have a 1435 * chance to finish putting this child in "proc_table". 1436 */ 1437 timer(20); 1438 exit(1); 1439 1440 } 1441 1442 /* 1443 * We are the parent. Insert the necessary 1444 * information in the proc_table. 1445 */ 1446 process->p_id[0] = cmd->c_id[0]; 1447 process->p_id[1] = cmd->c_id[1]; 1448 process->p_id[2] = cmd->c_id[2]; 1449 process->p_id[3] = cmd->c_id[3]; 1450 1451 st_write(); 1452 1453 (void) sigrelse(SIGCLD); 1454 } 1455 1456 /* 1457 * findpslot() finds the old slot in the process table for the 1458 * command with the same id, or it finds an empty slot. 1459 */ 1460 static struct PROC_TABLE * 1461 findpslot(struct CMD_LINE *cmd) 1462 { 1463 struct PROC_TABLE *process; 1464 struct PROC_TABLE *empty = NULLPROC; 1465 1466 for (process = proc_table; 1467 (process < proc_table + num_proc); process++) { 1468 if (process->p_flags & OCCUPIED && 1469 id_eq(process->p_id, cmd->c_id)) 1470 break; 1471 1472 /* 1473 * If the entry is totally empty and "empty" is still 0, 1474 * remember where this hole is and make sure the slot is 1475 * zeroed out. 1476 */ 1477 if (empty == NULLPROC && (process->p_flags & OCCUPIED) == 0) { 1478 empty = process; 1479 process->p_id[0] = '\0'; 1480 process->p_id[1] = '\0'; 1481 process->p_id[2] = '\0'; 1482 process->p_id[3] = '\0'; 1483 process->p_pid = 0; 1484 process->p_time = 0L; 1485 process->p_count = 0; 1486 process->p_flags = 0; 1487 process->p_exit = 0; 1488 } 1489 } 1490 1491 /* 1492 * If there is no entry for this slot, then there should be an 1493 * empty slot. If there is no empty slot, then we've run out 1494 * of proc_table space. If the latter is true, empty will be 1495 * NULL and the caller will have to complain. 1496 */ 1497 if (process == (proc_table + num_proc)) 1498 process = empty; 1499 1500 return (process); 1501 } 1502 1503 /* 1504 * getcmd() parses lines from inittab. Each time it finds a command line 1505 * it will return TRUE as well as fill the passed CMD_LINE structure and 1506 * the shell command string. When the end of inittab is reached, FALSE 1507 * is returned inittab is automatically opened if it is not currently open 1508 * and is closed when the end of the file is reached. 1509 */ 1510 static FILE *fp_inittab = NULL; 1511 1512 static int 1513 getcmd(struct CMD_LINE *cmd, char *shcmd) 1514 { 1515 char *ptr; 1516 int c, lastc, state; 1517 char *ptr1; 1518 int answer, i, proceed; 1519 struct stat sbuf; 1520 static char *actions[] = { 1521 "off", "respawn", "ondemand", "once", "wait", "boot", 1522 "bootwait", "powerfail", "powerwait", "initdefault", 1523 "sysinit", 1524 }; 1525 static short act_masks[] = { 1526 M_OFF, M_RESPAWN, M_ONDEMAND, M_ONCE, M_WAIT, M_BOOT, 1527 M_BOOTWAIT, M_PF, M_PWAIT, M_INITDEFAULT, M_SYSINIT, 1528 }; 1529 /* 1530 * Only these actions will be allowed for entries which 1531 * are specified for single-user mode. 1532 */ 1533 short su_acts = M_INITDEFAULT | M_PF | M_PWAIT | M_WAIT; 1534 1535 if (fp_inittab == NULL) { 1536 /* 1537 * Before attempting to open inittab we stat it to make 1538 * sure it currently exists and is not empty. We try 1539 * several times because someone may have temporarily 1540 * unlinked or truncated the file. 1541 */ 1542 for (i = 0; i < 3; i++) { 1543 if (stat(INITTAB, &sbuf) == -1) { 1544 if (i == 2) { 1545 console(B_TRUE, 1546 "Cannot stat %s, errno: %d\n", 1547 INITTAB, errno); 1548 return (FAILURE); 1549 } else { 1550 timer(3); 1551 } 1552 } else if (sbuf.st_size < 10) { 1553 if (i == 2) { 1554 console(B_TRUE, 1555 "%s truncated or corrupted\n", 1556 INITTAB); 1557 return (FAILURE); 1558 } else { 1559 timer(3); 1560 } 1561 } else { 1562 break; 1563 } 1564 } 1565 1566 /* 1567 * If unable to open inittab, print error message and 1568 * return FAILURE to caller. 1569 */ 1570 if ((fp_inittab = fopen(INITTAB, "r")) == NULL) { 1571 console(B_TRUE, "Cannot open %s errno: %d\n", INITTAB, 1572 errno); 1573 return (FAILURE); 1574 } 1575 } 1576 1577 /* 1578 * Keep getting commands from inittab until you find a 1579 * good one or run out of file. 1580 */ 1581 for (answer = FALSE; answer == FALSE; ) { 1582 /* 1583 * Zero out the cmd itself before trying next line. 1584 */ 1585 bzero(cmd, sizeof (struct CMD_LINE)); 1586 1587 /* 1588 * Read in lines of inittab, parsing at colons, until a line is 1589 * read in which doesn't end with a backslash. Do not start if 1590 * the first character read is an EOF. Note that this means 1591 * that lines which don't end in a newline are still processed, 1592 * since the "for" will terminate normally once started, 1593 * regardless of whether line terminates with a newline or EOF. 1594 */ 1595 state = FAILURE; 1596 if ((c = fgetc(fp_inittab)) == EOF) { 1597 answer = FALSE; 1598 (void) fclose(fp_inittab); 1599 fp_inittab = NULL; 1600 break; 1601 } 1602 1603 for (proceed = TRUE, ptr = shcmd, state = ID, lastc = '\0'; 1604 proceed && c != EOF; 1605 lastc = c, c = fgetc(fp_inittab)) { 1606 /* If we're not in the FAILURE state and haven't */ 1607 /* yet reached the shell command field, process */ 1608 /* the line, otherwise just look for a real end */ 1609 /* of line. */ 1610 if (state != FAILURE && state != COMMAND) { 1611 /* 1612 * Squeeze out spaces and tabs. 1613 */ 1614 if (c == ' ' || c == '\t') 1615 continue; 1616 1617 /* 1618 * Ignore characters in a comment, except for the \n. 1619 */ 1620 if (state == COMMENT) { 1621 if (c == '\n') { 1622 lastc = ' '; 1623 break; 1624 } else { 1625 continue; 1626 } 1627 } 1628 1629 /* 1630 * Detect comments (lines whose first non-whitespace 1631 * character is '#') by checking that we're at the 1632 * beginning of a line, have seen a '#', and haven't 1633 * yet accumulated any characters. 1634 */ 1635 if (state == ID && c == '#' && ptr == shcmd) { 1636 state = COMMENT; 1637 continue; 1638 } 1639 1640 /* 1641 * If the character is a ':', then check the 1642 * previous field for correctness and advance 1643 * to the next field. 1644 */ 1645 if (c == ':') { 1646 switch (state) { 1647 1648 case ID : 1649 /* 1650 * Check to see that there are only 1651 * 1 to 4 characters for the id. 1652 */ 1653 if ((i = ptr - shcmd) < 1 || i > 4) { 1654 state = FAILURE; 1655 } else { 1656 bcopy(shcmd, &cmd->c_id[0], i); 1657 ptr = shcmd; 1658 state = LEVELS; 1659 } 1660 break; 1661 1662 case LEVELS : 1663 /* 1664 * Build a mask for all the levels for 1665 * which this command will be legal. 1666 */ 1667 for (cmd->c_levels = 0, ptr1 = shcmd; 1668 ptr1 < ptr; ptr1++) { 1669 int mask; 1670 if (lvlname_to_mask(*ptr1, 1671 &mask) == -1) { 1672 state = FAILURE; 1673 break; 1674 } 1675 cmd->c_levels |= mask; 1676 } 1677 if (state != FAILURE) { 1678 state = ACTION; 1679 ptr = shcmd; /* Reset the buffer */ 1680 } 1681 break; 1682 1683 case ACTION : 1684 /* 1685 * Null terminate the string in shcmd buffer and 1686 * then try to match against legal actions. If 1687 * the field is of length 0, then the default of 1688 * "RESPAWN" is used if the id is numeric, 1689 * otherwise the default is "OFF". 1690 */ 1691 if (ptr == shcmd) { 1692 if (isdigit(cmd->c_id[0]) && 1693 (cmd->c_id[1] == '\0' || 1694 isdigit(cmd->c_id[1])) && 1695 (cmd->c_id[2] == '\0' || 1696 isdigit(cmd->c_id[2])) && 1697 (cmd->c_id[3] == '\0' || 1698 isdigit(cmd->c_id[3]))) 1699 cmd->c_action = M_RESPAWN; 1700 else 1701 cmd->c_action = M_OFF; 1702 } else { 1703 for (cmd->c_action = 0, i = 0, *ptr = '\0'; 1704 i < sizeof (actions)/sizeof (char *); 1705 i++) { 1706 if (strcmp(shcmd, actions[i]) == 0) { 1707 if ((cmd->c_levels & MASKSU) && 1708 !(act_masks[i] & su_acts)) 1709 cmd->c_action = 0; 1710 else 1711 cmd->c_action = act_masks[i]; 1712 break; 1713 } 1714 } 1715 } 1716 1717 /* 1718 * If the action didn't match any legal action, 1719 * set state to FAILURE. 1720 */ 1721 if (cmd->c_action == 0) { 1722 state = FAILURE; 1723 } else { 1724 state = COMMAND; 1725 (void) strcpy(shcmd, "exec "); 1726 } 1727 ptr = shcmd + EXEC; 1728 break; 1729 } 1730 continue; 1731 } 1732 } 1733 1734 /* If the character is a '\n', then this is the end of a */ 1735 /* line. If the '\n' wasn't preceded by a backslash, */ 1736 /* it is also the end of an inittab command. If it was */ 1737 /* preceded by a backslash then the next line is a */ 1738 /* continuation. Note that the continuation '\n' falls */ 1739 /* through and is treated like other characters and is */ 1740 /* stored in the shell command line. */ 1741 if (c == '\n' && lastc != '\\') { 1742 proceed = FALSE; 1743 *ptr = '\0'; 1744 break; 1745 } 1746 1747 /* For all other characters just stuff them into the */ 1748 /* command as long as there aren't too many of them. */ 1749 /* Make sure there is room for a terminating '\0' also. */ 1750 if (ptr >= shcmd + MAXCMDL - 1) 1751 state = FAILURE; 1752 else 1753 *ptr++ = (char)c; 1754 1755 /* If the character we just stored was a quoted */ 1756 /* backslash, then change "c" to '\0', so that this */ 1757 /* backslash will not cause a subsequent '\n' to appear */ 1758 /* quoted. In otherwords '\' '\' '\n' is the real end */ 1759 /* of a command, while '\' '\n' is a continuation. */ 1760 if (c == '\\' && lastc == '\\') 1761 c = '\0'; 1762 } 1763 1764 /* 1765 * Make sure all the fields are properly specified 1766 * for a good command line. 1767 */ 1768 if (state == COMMAND) { 1769 answer = TRUE; 1770 cmd->c_command = shcmd; 1771 1772 /* 1773 * If no default level was supplied, insert 1774 * all numerical levels. 1775 */ 1776 if (cmd->c_levels == 0) 1777 cmd->c_levels = MASK_NUMERIC; 1778 1779 /* 1780 * If no action has been supplied, declare this 1781 * entry to be OFF. 1782 */ 1783 if (cmd->c_action == 0) 1784 cmd->c_action = M_OFF; 1785 1786 /* 1787 * If no shell command has been supplied, make sure 1788 * there is a null string in the command field. 1789 */ 1790 if (ptr == shcmd + EXEC) 1791 *shcmd = '\0'; 1792 } else 1793 answer = FALSE; 1794 1795 /* 1796 * If we have reached the end of inittab, then close it 1797 * and quit trying to find a good command line. 1798 */ 1799 if (c == EOF) { 1800 (void) fclose(fp_inittab); 1801 fp_inittab = NULL; 1802 break; 1803 } 1804 } 1805 return (answer); 1806 } 1807 1808 /* 1809 * lvlname_to_state(): convert the character name of a state to its level 1810 * (its corresponding signal number). 1811 */ 1812 static int 1813 lvlname_to_state(char name) 1814 { 1815 int i; 1816 for (i = 0; i < LVL_NELEMS; i++) { 1817 if (lvls[i].lvl_name == name) 1818 return (lvls[i].lvl_state); 1819 } 1820 return (-1); 1821 } 1822 1823 /* 1824 * state_to_name(): convert the level to the character name. 1825 */ 1826 static char 1827 state_to_name(int state) 1828 { 1829 int i; 1830 for (i = 0; i < LVL_NELEMS; i++) { 1831 if (lvls[i].lvl_state == state) 1832 return (lvls[i].lvl_name); 1833 } 1834 return (-1); 1835 } 1836 1837 /* 1838 * state_to_mask(): return the mask corresponding to a signal number 1839 */ 1840 static int 1841 state_to_mask(int state) 1842 { 1843 int i; 1844 for (i = 0; i < LVL_NELEMS; i++) { 1845 if (lvls[i].lvl_state == state) 1846 return (lvls[i].lvl_mask); 1847 } 1848 return (0); /* return 0, since that represents an empty mask */ 1849 } 1850 1851 /* 1852 * lvlname_to_mask(): return the mask corresponding to a levels character name 1853 */ 1854 static int 1855 lvlname_to_mask(char name, int *mask) 1856 { 1857 int i; 1858 for (i = 0; i < LVL_NELEMS; i++) { 1859 if (lvls[i].lvl_name == name) { 1860 *mask = lvls[i].lvl_mask; 1861 return (0); 1862 } 1863 } 1864 return (-1); 1865 } 1866 1867 /* 1868 * state_to_flags(): return the flags corresponding to a runlevel. These 1869 * indicate properties of that runlevel. 1870 */ 1871 static int 1872 state_to_flags(int state) 1873 { 1874 int i; 1875 for (i = 0; i < LVL_NELEMS; i++) { 1876 if (lvls[i].lvl_state == state) 1877 return (lvls[i].lvl_flags); 1878 } 1879 return (0); 1880 } 1881 1882 /* 1883 * killproc() creates a child which kills the process specified by pid. 1884 */ 1885 void 1886 killproc(pid_t pid) 1887 { 1888 struct PROC_TABLE *process; 1889 1890 (void) sighold(SIGCLD); 1891 while ((process = efork(M_OFF, NULLPROC, 0)) == NO_ROOM) 1892 (void) pause(); 1893 (void) sigrelse(SIGCLD); 1894 1895 if (process == NULLPROC) { 1896 /* 1897 * efork() sets all signal handlers to the default, so reset 1898 * the ALRM handler to make timer() work as expected. 1899 */ 1900 (void) sigset(SIGALRM, alarmclk); 1901 1902 /* 1903 * We are the child. Try to terminate the process nicely 1904 * first using SIGTERM and if it refuses to die in TWARN 1905 * seconds kill it with SIGKILL. 1906 */ 1907 (void) kill(pid, SIGTERM); 1908 (void) timer(TWARN); 1909 (void) kill(pid, SIGKILL); 1910 (void) exit(0); 1911 } 1912 } 1913 1914 /* 1915 * Set up the default environment for all procs to be forked from init. 1916 * Read the values from the /etc/default/init file, except for PATH. If 1917 * there's not enough room in the environment array, the environment 1918 * lines that don't fit are silently discarded. 1919 */ 1920 void 1921 init_env() 1922 { 1923 char line[MAXCMDL]; 1924 FILE *fp; 1925 int inquotes, length, wslength; 1926 char *tokp, *cp1, *cp2; 1927 1928 glob_envp[0] = malloc((unsigned)(strlen(DEF_PATH)+2)); 1929 (void) strcpy(glob_envp[0], DEF_PATH); 1930 glob_envn = 1; 1931 1932 if (rflg) { 1933 glob_envp[1] = 1934 malloc((unsigned)(strlen("_DVFS_RECONFIG=YES")+2)); 1935 (void) strcpy(glob_envp[1], "_DVFS_RECONFIG=YES"); 1936 ++glob_envn; 1937 } else if (bflg == 1) { 1938 glob_envp[1] = 1939 malloc((unsigned)(strlen("RB_NOBOOTRC=YES")+2)); 1940 (void) strcpy(glob_envp[1], "RB_NOBOOTRC=YES"); 1941 ++glob_envn; 1942 } 1943 1944 if ((fp = fopen(ENVFILE, "r")) == NULL) { 1945 console(B_TRUE, 1946 "Cannot open %s. Environment not initialized.\n", 1947 ENVFILE); 1948 } else { 1949 while (fgets(line, MAXCMDL - 1, fp) != NULL && 1950 glob_envn < MAXENVENT - 2) { 1951 /* 1952 * Toss newline 1953 */ 1954 length = strlen(line); 1955 if (line[length - 1] == '\n') 1956 line[length - 1] = '\0'; 1957 1958 /* 1959 * Ignore blank or comment lines. 1960 */ 1961 if (line[0] == '#' || line[0] == '\0' || 1962 (wslength = strspn(line, " \t\n")) == 1963 strlen(line) || 1964 strchr(line, '#') == line + wslength) 1965 continue; 1966 1967 /* 1968 * First make a pass through the line and change 1969 * any non-quoted semi-colons to blanks so they 1970 * will be treated as token separators below. 1971 */ 1972 inquotes = 0; 1973 for (cp1 = line; *cp1 != '\0'; cp1++) { 1974 if (*cp1 == '"') { 1975 if (inquotes == 0) 1976 inquotes = 1; 1977 else 1978 inquotes = 0; 1979 } else if (*cp1 == ';') { 1980 if (inquotes == 0) 1981 *cp1 = ' '; 1982 } 1983 } 1984 1985 /* 1986 * Tokens within the line are separated by blanks 1987 * and tabs. For each token in the line which 1988 * contains a '=' we strip out any quotes and then 1989 * stick the token in the environment array. 1990 */ 1991 if ((tokp = strtok(line, " \t")) == NULL) 1992 continue; 1993 do { 1994 if (strchr(tokp, '=') == NULL) 1995 continue; 1996 length = strlen(tokp); 1997 while ((cp1 = strpbrk(tokp, "\"\'")) != NULL) { 1998 for (cp2 = cp1; 1999 cp2 < &tokp[length]; cp2++) 2000 *cp2 = *(cp2 + 1); 2001 length--; 2002 } 2003 2004 if (strncmp(tokp, "CMASK=", 2005 sizeof ("CMASK=") - 1) == 0) { 2006 long t; 2007 2008 /* We know there's an = */ 2009 t = strtol(strchr(tokp, '=') + 1, NULL, 2010 8); 2011 2012 /* Sanity */ 2013 if (t <= 077 && t >= 0) 2014 cmask = (int)t; 2015 (void) umask(cmask); 2016 continue; 2017 } 2018 glob_envp[glob_envn] = 2019 malloc((unsigned)(length + 1)); 2020 (void) strcpy(glob_envp[glob_envn], tokp); 2021 if (++glob_envn >= MAXENVENT - 1) 2022 break; 2023 } while ((tokp = strtok(NULL, " \t")) != NULL); 2024 } 2025 2026 /* 2027 * Append a null pointer to the environment array 2028 * to mark its end. 2029 */ 2030 glob_envp[glob_envn] = NULL; 2031 (void) fclose(fp); 2032 } 2033 } 2034 2035 /* 2036 * boot_init(): Do initialization things that should be done at boot. 2037 */ 2038 void 2039 boot_init() 2040 { 2041 int i; 2042 struct PROC_TABLE *process, *oprocess; 2043 struct CMD_LINE cmd; 2044 char line[MAXCMDL]; 2045 char svc_aux[SVC_AUX_SIZE]; 2046 char init_svc_fmri[SVC_FMRI_SIZE]; 2047 char *old_path; 2048 int maxfiles; 2049 2050 /* Use INIT_PATH for sysinit cmds */ 2051 old_path = glob_envp[0]; 2052 glob_envp[0] = malloc((unsigned)(strlen(INIT_PATH)+2)); 2053 (void) strcpy(glob_envp[0], INIT_PATH); 2054 2055 /* 2056 * Scan inittab(4) and process the special svc.startd entry, initdefault 2057 * and sysinit entries. 2058 */ 2059 while (getcmd(&cmd, &line[0]) == TRUE) { 2060 if (startd_tmpl >= 0 && id_eq(cmd.c_id, "smf")) { 2061 process_startd_line(&cmd, line); 2062 (void) snprintf(startd_svc_aux, SVC_AUX_SIZE, 2063 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id); 2064 } else if (cmd.c_action == M_INITDEFAULT) { 2065 /* 2066 * initdefault is no longer meaningful, as the SMF 2067 * milestone controls what (legacy) run level we 2068 * boot to. 2069 */ 2070 console(B_TRUE, 2071 "Ignoring legacy \"initdefault\" entry.\n"); 2072 } else if (cmd.c_action == M_SYSINIT) { 2073 /* 2074 * Execute the "sysinit" entry and wait for it to 2075 * complete. No bookkeeping is performed on these 2076 * entries because we avoid writing to the file system 2077 * until after there has been an chance to check it. 2078 */ 2079 if (process = findpslot(&cmd)) { 2080 (void) sighold(SIGCLD); 2081 (void) snprintf(svc_aux, SVC_AUX_SIZE, 2082 INITTAB_ENTRY_ID_STR_FORMAT, cmd.c_id); 2083 (void) snprintf(init_svc_fmri, SVC_FMRI_SIZE, 2084 SVC_INIT_PREFIX INITTAB_ENTRY_ID_STR_FORMAT, 2085 cmd.c_id); 2086 if (legacy_tmpl >= 0) { 2087 (void) ct_pr_tmpl_set_svc_fmri( 2088 legacy_tmpl, init_svc_fmri); 2089 (void) ct_pr_tmpl_set_svc_aux( 2090 legacy_tmpl, svc_aux); 2091 } 2092 2093 for (oprocess = process; 2094 (process = efork(M_OFF, oprocess, 2095 (NAMED|NOCLEANUP))) == NO_ROOM; 2096 /* CSTYLED */) 2097 ; 2098 (void) sigrelse(SIGCLD); 2099 2100 if (process == NULLPROC) { 2101 maxfiles = ulimit(UL_GDESLIM, 0); 2102 2103 for (i = 0; i < maxfiles; i++) 2104 (void) fcntl(i, F_SETFD, 2105 FD_CLOEXEC); 2106 (void) execle(SH, "INITSH", "-c", 2107 cmd.c_command, 2108 (char *)0, glob_envp); 2109 console(B_TRUE, 2110 "Command\n\"%s\"\n failed to execute. errno = %d (exec of shell failed)\n", 2111 cmd.c_command, errno); 2112 exit(1); 2113 } else while (waitproc(process) == FAILURE); 2114 process->p_flags = 0; 2115 st_write(); 2116 } 2117 } 2118 } 2119 2120 /* Restore the path. */ 2121 free(glob_envp[0]); 2122 glob_envp[0] = old_path; 2123 2124 /* 2125 * This will enable st_write() to complain about init_state_file. 2126 */ 2127 booting = 0; 2128 2129 /* 2130 * If the /etc/ioctl.syscon didn't exist or had invalid contents write 2131 * out a correct version. 2132 */ 2133 if (write_ioctl) 2134 write_ioctl_syscon(); 2135 2136 /* 2137 * Start svc.startd(1M), which does most of the work. 2138 */ 2139 if (startd_cline[0] != '\0' && startd_tmpl >= 0) { 2140 /* Start svc.startd. */ 2141 if (startd_run(startd_cline, startd_tmpl, 0) == -1) 2142 cur_state = SINGLE_USER; 2143 } else { 2144 console(B_TRUE, "Absent svc.startd entry or bad " 2145 "contract template. Not starting svc.startd.\n"); 2146 enter_maintenance(); 2147 } 2148 } 2149 2150 /* 2151 * init_signals(): Initialize all signals to either be caught or ignored. 2152 */ 2153 void 2154 init_signals(void) 2155 { 2156 struct sigaction act; 2157 int i; 2158 2159 /* 2160 * Start by ignoring all signals, then selectively re-enable some. 2161 * The SIG_IGN disposition will only affect asynchronous signals: 2162 * any signal that we trigger synchronously that doesn't end up 2163 * being handled by siglvl() will be forcibly delivered by the kernel. 2164 */ 2165 for (i = SIGHUP; i <= SIGRTMAX; i++) 2166 (void) sigset(i, SIG_IGN); 2167 2168 /* 2169 * Handle all level-changing signals using siglvl() and set sa_mask so 2170 * that all level-changing signals are blocked while in siglvl(). 2171 */ 2172 act.sa_handler = siglvl; 2173 act.sa_flags = SA_SIGINFO; 2174 (void) sigemptyset(&act.sa_mask); 2175 2176 (void) sigaddset(&act.sa_mask, LVLQ); 2177 (void) sigaddset(&act.sa_mask, LVL0); 2178 (void) sigaddset(&act.sa_mask, LVL1); 2179 (void) sigaddset(&act.sa_mask, LVL2); 2180 (void) sigaddset(&act.sa_mask, LVL3); 2181 (void) sigaddset(&act.sa_mask, LVL4); 2182 (void) sigaddset(&act.sa_mask, LVL5); 2183 (void) sigaddset(&act.sa_mask, LVL6); 2184 (void) sigaddset(&act.sa_mask, SINGLE_USER); 2185 (void) sigaddset(&act.sa_mask, LVLa); 2186 (void) sigaddset(&act.sa_mask, LVLb); 2187 (void) sigaddset(&act.sa_mask, LVLc); 2188 2189 (void) sigaction(LVLQ, &act, NULL); 2190 (void) sigaction(LVL0, &act, NULL); 2191 (void) sigaction(LVL1, &act, NULL); 2192 (void) sigaction(LVL2, &act, NULL); 2193 (void) sigaction(LVL3, &act, NULL); 2194 (void) sigaction(LVL4, &act, NULL); 2195 (void) sigaction(LVL5, &act, NULL); 2196 (void) sigaction(LVL6, &act, NULL); 2197 (void) sigaction(SINGLE_USER, &act, NULL); 2198 (void) sigaction(LVLa, &act, NULL); 2199 (void) sigaction(LVLb, &act, NULL); 2200 (void) sigaction(LVLc, &act, NULL); 2201 2202 (void) sigset(SIGALRM, alarmclk); 2203 alarmclk(); 2204 2205 (void) sigset(SIGCLD, childeath); 2206 (void) sigset(SIGPWR, powerfail); 2207 } 2208 2209 /* 2210 * Set up pipe for "godchildren". If the file exists and is a pipe just open 2211 * it. Else, if the file system is r/w create it. Otherwise, defer its 2212 * creation and open until after /var/run has been mounted. This function is 2213 * only called on startup and when explicitly requested via LVLQ. 2214 */ 2215 void 2216 setup_pipe() 2217 { 2218 struct stat stat_buf; 2219 struct statvfs statvfs_buf; 2220 struct sigaction act; 2221 2222 /* 2223 * Always close the previous pipe descriptor as the mounted filesystems 2224 * may have changed. 2225 */ 2226 if (Pfd >= 0) 2227 (void) close(Pfd); 2228 2229 if ((stat(INITPIPE, &stat_buf) == 0) && 2230 ((stat_buf.st_mode & (S_IFMT|S_IRUSR)) == (S_IFIFO|S_IRUSR))) 2231 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2232 else 2233 if ((statvfs(INITPIPE_DIR, &statvfs_buf) == 0) && 2234 ((statvfs_buf.f_flag & ST_RDONLY) == 0)) { 2235 (void) unlink(INITPIPE); 2236 (void) mknod(INITPIPE, S_IFIFO | 0600, 0); 2237 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2238 } 2239 2240 if (Pfd >= 0) { 2241 (void) ioctl(Pfd, I_SETSIG, S_INPUT); 2242 /* 2243 * Read pipe in message discard mode. 2244 */ 2245 (void) ioctl(Pfd, I_SRDOPT, RMSGD); 2246 2247 act.sa_handler = sigpoll; 2248 act.sa_flags = 0; 2249 (void) sigemptyset(&act.sa_mask); 2250 (void) sigaddset(&act.sa_mask, SIGCLD); 2251 (void) sigaction(SIGPOLL, &act, NULL); 2252 } 2253 } 2254 2255 /* 2256 * siglvl - handle an asynchronous signal from init(1M) telling us that we 2257 * should change the current run level. We set new_state accordingly. 2258 */ 2259 void 2260 siglvl(int sig, siginfo_t *sip, ucontext_t *ucp) 2261 { 2262 struct PROC_TABLE *process; 2263 struct sigaction act; 2264 2265 /* 2266 * If the signal was from the kernel (rather than init(1M)) then init 2267 * itself tripped the signal. That is, we might have a bug and tripped 2268 * a real SIGSEGV instead of receiving it as an alias for SIGLVLa. In 2269 * such a case we reset the disposition to SIG_DFL, block all signals 2270 * in uc_mask but the current one, and return to the interrupted ucp 2271 * to effect an appropriate death. The kernel will then restart us. 2272 * 2273 * The one exception to SI_FROMKERNEL() is SIGFPE (a.k.a. LVL6), which 2274 * the kernel can send us when it wants to effect an orderly reboot. 2275 * For this case we must also verify si_code is zero, rather than a 2276 * code such as FPE_INTDIV which a bug might have triggered. 2277 */ 2278 if (sip != NULL && SI_FROMKERNEL(sip) && 2279 (sig != SIGFPE || sip->si_code == 0)) { 2280 2281 (void) sigemptyset(&act.sa_mask); 2282 act.sa_handler = SIG_DFL; 2283 act.sa_flags = 0; 2284 (void) sigaction(sig, &act, NULL); 2285 2286 (void) sigfillset(&ucp->uc_sigmask); 2287 (void) sigdelset(&ucp->uc_sigmask, sig); 2288 ucp->uc_flags |= UC_SIGMASK; 2289 2290 (void) setcontext(ucp); 2291 } 2292 2293 /* 2294 * If the signal received is a LVLQ signal, do not really 2295 * change levels, just restate the current level. If the 2296 * signal is not a LVLQ, set the new level to the signal 2297 * received. 2298 */ 2299 if (sig == LVLQ) { 2300 new_state = cur_state; 2301 lvlq_received = B_TRUE; 2302 } else { 2303 new_state = sig; 2304 } 2305 2306 /* 2307 * Clear all times and repeat counts in the process table 2308 * since either the level is changing or the user has editted 2309 * the inittab file and wants us to look at it again. 2310 * If the user has fixed a typo, we don't want residual timing 2311 * data preventing the fixed command line from executing. 2312 */ 2313 for (process = proc_table; 2314 (process < proc_table + num_proc); process++) { 2315 process->p_time = 0L; 2316 process->p_count = 0; 2317 } 2318 2319 /* 2320 * Set the flag to indicate that a "user signal" was received. 2321 */ 2322 wakeup.w_flags.w_usersignal = 1; 2323 } 2324 2325 2326 /* 2327 * alarmclk 2328 */ 2329 static void 2330 alarmclk() 2331 { 2332 time_up = TRUE; 2333 } 2334 2335 /* 2336 * childeath_single(): 2337 * 2338 * This used to be the SIGCLD handler and it was set with signal() 2339 * (as opposed to sigset()). When a child exited we'd come to the 2340 * handler, wait for the child, and reenable the handler with 2341 * signal() just before returning. The implementation of signal() 2342 * checks with waitid() for waitable children and sends a SIGCLD 2343 * if there are some. If children are exiting faster than the 2344 * handler can run we keep sending signals and the handler never 2345 * gets to return and eventually the stack runs out and init dies. 2346 * To prevent that we set the handler with sigset() so the handler 2347 * doesn't need to be reset, and in childeath() (see below) we 2348 * call childeath_single() as long as there are children to be 2349 * waited for. If a child exits while init is in the handler a 2350 * SIGCLD will be pending and delivered on return from the handler. 2351 * If the child was already waited for the handler will have nothing 2352 * to do and return, otherwise the child will be waited for. 2353 */ 2354 static void 2355 childeath_single(pid_t pid, int status) 2356 { 2357 struct PROC_TABLE *process; 2358 struct pidlist *pp; 2359 2360 /* 2361 * Scan the process table to see if we are interested in this process. 2362 */ 2363 for (process = proc_table; 2364 (process < proc_table + num_proc); process++) { 2365 if ((process->p_flags & (LIVING|OCCUPIED)) == 2366 (LIVING|OCCUPIED) && process->p_pid == pid) { 2367 2368 /* 2369 * Mark this process as having died and store the exit 2370 * status. Also set the wakeup flag for a dead child 2371 * and break out of the loop. 2372 */ 2373 process->p_flags &= ~LIVING; 2374 process->p_exit = (short)status; 2375 wakeup.w_flags.w_childdeath = 1; 2376 2377 return; 2378 } 2379 } 2380 2381 /* 2382 * No process was found above, look through auxiliary list. 2383 */ 2384 (void) sighold(SIGPOLL); 2385 pp = Plhead; 2386 while (pp) { 2387 if (pid > pp->pl_pid) { 2388 /* 2389 * Keep on looking. 2390 */ 2391 pp = pp->pl_next; 2392 continue; 2393 } else if (pid < pp->pl_pid) { 2394 /* 2395 * Not in the list. 2396 */ 2397 break; 2398 } else { 2399 /* 2400 * This is a dead "godchild". 2401 */ 2402 pp->pl_dflag = 1; 2403 pp->pl_exit = (short)status; 2404 wakeup.w_flags.w_childdeath = 1; 2405 Gchild = 1; /* Notice to call cleanaux(). */ 2406 break; 2407 } 2408 } 2409 2410 (void) sigrelse(SIGPOLL); 2411 } 2412 2413 /* ARGSUSED */ 2414 static void 2415 childeath(int signo) 2416 { 2417 pid_t pid; 2418 int status; 2419 2420 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) 2421 childeath_single(pid, status); 2422 } 2423 2424 static void 2425 powerfail() 2426 { 2427 (void) nice(-19); 2428 wakeup.w_flags.w_powerhit = 1; 2429 } 2430 2431 /* 2432 * efork() forks a child and the parent inserts the process in its table 2433 * of processes that are directly a result of forks that it has performed. 2434 * The child just changes the "global" with the process id for this process 2435 * to it's new value. 2436 * If efork() is called with a pointer into the proc_table it uses that slot, 2437 * otherwise it searches for a free slot. Regardless of how it was called, 2438 * it returns the pointer to the proc_table entry 2439 * 2440 * The SIGCLD signal is blocked (held) before calling efork() 2441 * and is unblocked (released) after efork() returns. 2442 * 2443 * Ideally, this should be rewritten to use modern signal semantics. 2444 */ 2445 static struct PROC_TABLE * 2446 efork(int action, struct PROC_TABLE *process, int modes) 2447 { 2448 pid_t childpid; 2449 struct PROC_TABLE *proc; 2450 int i; 2451 /* 2452 * Freshen up the proc_table, removing any entries for dead processes 2453 * that don't have NOCLEANUP set. Perform the necessary accounting. 2454 */ 2455 for (proc = proc_table; (proc < proc_table + num_proc); proc++) { 2456 if ((proc->p_flags & (OCCUPIED|LIVING|NOCLEANUP)) == 2457 (OCCUPIED)) { 2458 /* 2459 * Is this a named process? 2460 * If so, do the necessary bookkeeping. 2461 */ 2462 if (proc->p_flags & NAMED) 2463 (void) account(DEAD_PROCESS, proc, NULL); 2464 2465 /* 2466 * Free this entry for new usage. 2467 */ 2468 proc->p_flags = 0; 2469 } 2470 } 2471 2472 while ((childpid = fork()) == FAILURE) { 2473 /* 2474 * Shorten the alarm timer in case someone else's child dies 2475 * and free up a slot in the process table. 2476 */ 2477 setimer(5); 2478 2479 /* 2480 * Wait for some children to die. Since efork() 2481 * is always called with SIGCLD blocked, unblock 2482 * it here so that child death signals can come in. 2483 */ 2484 (void) sigrelse(SIGCLD); 2485 (void) pause(); 2486 (void) sighold(SIGCLD); 2487 setimer(0); 2488 } 2489 2490 if (childpid != 0) { 2491 2492 if (process == NULLPROC) { 2493 /* 2494 * No proc table pointer specified so search 2495 * for a free slot. 2496 */ 2497 for (process = proc_table; process->p_flags != 0 && 2498 (process < proc_table + num_proc); process++) 2499 ; 2500 2501 if (process == (proc_table + num_proc)) { 2502 int old_proc_table_size = num_proc; 2503 2504 /* Increase the process table size */ 2505 increase_proc_table_size(); 2506 if (old_proc_table_size == num_proc) { 2507 /* didn't grow: memory failure */ 2508 return (NO_ROOM); 2509 } else { 2510 process = 2511 proc_table + old_proc_table_size; 2512 } 2513 } 2514 2515 process->p_time = 0L; 2516 process->p_count = 0; 2517 } 2518 process->p_id[0] = '\0'; 2519 process->p_id[1] = '\0'; 2520 process->p_id[2] = '\0'; 2521 process->p_id[3] = '\0'; 2522 process->p_pid = childpid; 2523 process->p_flags = (LIVING | OCCUPIED | modes); 2524 process->p_exit = 0; 2525 2526 st_write(); 2527 } else { 2528 if ((action & (M_WAIT | M_BOOTWAIT)) == 0) 2529 (void) setpgrp(); 2530 2531 process = NULLPROC; 2532 2533 /* 2534 * Reset all signals to the system defaults. 2535 */ 2536 for (i = SIGHUP; i <= SIGRTMAX; i++) 2537 (void) sigset(i, SIG_DFL); 2538 2539 /* 2540 * POSIX B.2.2.2 advises that init should set SIGTTOU, 2541 * SIGTTIN, and SIGTSTP to SIG_IGN. 2542 * 2543 * Make sure that SIGXCPU and SIGXFSZ also remain ignored, 2544 * for backward compatibility. 2545 */ 2546 (void) sigset(SIGTTIN, SIG_IGN); 2547 (void) sigset(SIGTTOU, SIG_IGN); 2548 (void) sigset(SIGTSTP, SIG_IGN); 2549 (void) sigset(SIGXCPU, SIG_IGN); 2550 (void) sigset(SIGXFSZ, SIG_IGN); 2551 } 2552 return (process); 2553 } 2554 2555 2556 /* 2557 * waitproc() waits for a specified process to die. For this function to 2558 * work, the specified process must already in the proc_table. waitproc() 2559 * returns the exit status of the specified process when it dies. 2560 */ 2561 static long 2562 waitproc(struct PROC_TABLE *process) 2563 { 2564 int answer; 2565 sigset_t oldmask, newmask, zeromask; 2566 2567 (void) sigemptyset(&zeromask); 2568 (void) sigemptyset(&newmask); 2569 2570 (void) sigaddset(&newmask, SIGCLD); 2571 2572 /* Block SIGCLD and save the current signal mask */ 2573 if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0) 2574 perror("SIG_BLOCK error"); 2575 2576 /* 2577 * Wait around until the process dies. 2578 */ 2579 if (process->p_flags & LIVING) 2580 (void) sigsuspend(&zeromask); 2581 2582 /* Reset signal mask to unblock SIGCLD */ 2583 if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0) 2584 perror("SIG_SETMASK error"); 2585 2586 if (process->p_flags & LIVING) 2587 return (FAILURE); 2588 2589 /* 2590 * Make sure to only return 16 bits so that answer will always 2591 * be positive whenever the process of interest really died. 2592 */ 2593 answer = (process->p_exit & 0xffff); 2594 2595 /* 2596 * Free the slot in the proc_table. 2597 */ 2598 process->p_flags = 0; 2599 return (answer); 2600 } 2601 2602 /* 2603 * notify_pam_dead(): calls into the PAM framework to close the given session. 2604 */ 2605 static void 2606 notify_pam_dead(struct utmpx *up) 2607 { 2608 pam_handle_t *pamh; 2609 char user[sizeof (up->ut_user) + 1]; 2610 char ttyn[sizeof (up->ut_line) + 1]; 2611 char host[sizeof (up->ut_host) + 1]; 2612 2613 /* 2614 * PAM does not take care of updating utmpx/wtmpx. 2615 */ 2616 (void) snprintf(user, sizeof (user), "%s", up->ut_user); 2617 (void) snprintf(ttyn, sizeof (ttyn), "%s", up->ut_line); 2618 (void) snprintf(host, sizeof (host), "%s", up->ut_host); 2619 2620 if (pam_start("init", user, NULL, &pamh) == PAM_SUCCESS) { 2621 (void) pam_set_item(pamh, PAM_TTY, ttyn); 2622 (void) pam_set_item(pamh, PAM_RHOST, host); 2623 (void) pam_close_session(pamh, 0); 2624 (void) pam_end(pamh, PAM_SUCCESS); 2625 } 2626 } 2627 2628 /* 2629 * Check you can access utmpx (As / may be read-only and 2630 * /var may not be mounted yet). 2631 */ 2632 static int 2633 access_utmpx(void) 2634 { 2635 do { 2636 utmpx_ok = (access(UTMPX, R_OK|W_OK) == 0); 2637 } while (!utmpx_ok && errno == EINTR); 2638 2639 return (utmpx_ok); 2640 } 2641 2642 /* 2643 * account() updates entries in utmpx and appends new entries to the end of 2644 * wtmpx (assuming they exist). The program argument indicates the name of 2645 * program if INIT_PROCESS, otherwise should be NULL. 2646 * 2647 * account() only blocks for INIT_PROCESS requests. 2648 * 2649 * Returns non-zero if write failed. 2650 */ 2651 static int 2652 account(short state, struct PROC_TABLE *process, char *program) 2653 { 2654 struct utmpx utmpbuf, *u, *oldu; 2655 int tmplen; 2656 char fail_buf[UT_LINE_SZ]; 2657 sigset_t block, unblock; 2658 2659 if (!utmpx_ok && !access_utmpx()) { 2660 return (-1); 2661 } 2662 2663 /* 2664 * Set up the prototype for the utmp structure we want to write. 2665 */ 2666 u = &utmpbuf; 2667 (void) memset(u, 0, sizeof (struct utmpx)); 2668 2669 /* 2670 * Fill in the various fields of the utmp structure. 2671 */ 2672 u->ut_id[0] = process->p_id[0]; 2673 u->ut_id[1] = process->p_id[1]; 2674 u->ut_id[2] = process->p_id[2]; 2675 u->ut_id[3] = process->p_id[3]; 2676 u->ut_pid = process->p_pid; 2677 2678 /* 2679 * Fill the "ut_exit" structure. 2680 */ 2681 u->ut_exit.e_termination = WTERMSIG(process->p_exit); 2682 u->ut_exit.e_exit = WEXITSTATUS(process->p_exit); 2683 u->ut_type = state; 2684 2685 (void) time(&u->ut_tv.tv_sec); 2686 2687 /* 2688 * Block signals for utmp update. 2689 */ 2690 (void) sigfillset(&block); 2691 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2692 2693 /* 2694 * See if there already is such an entry in the "utmpx" file. 2695 */ 2696 setutxent(); /* Start at beginning of utmpx file. */ 2697 2698 if ((oldu = getutxid(u)) != NULL) { 2699 /* 2700 * Copy in the old "user", "line" and "host" fields 2701 * to our new structure. 2702 */ 2703 bcopy(oldu->ut_user, u->ut_user, sizeof (u->ut_user)); 2704 bcopy(oldu->ut_line, u->ut_line, sizeof (u->ut_line)); 2705 bcopy(oldu->ut_host, u->ut_host, sizeof (u->ut_host)); 2706 u->ut_syslen = (tmplen = strlen(u->ut_host)) ? 2707 min(tmplen + 1, sizeof (u->ut_host)) : 0; 2708 2709 if (oldu->ut_type == USER_PROCESS && state == DEAD_PROCESS) { 2710 notify_pam_dead(oldu); 2711 } 2712 } 2713 2714 /* 2715 * Perform special accounting. Insert the special string into the 2716 * ut_line array. For INIT_PROCESSes put in the name of the 2717 * program in the "ut_user" field. 2718 */ 2719 switch (state) { 2720 case INIT_PROCESS: 2721 (void) strncpy(u->ut_user, program, sizeof (u->ut_user)); 2722 (void) strcpy(fail_buf, "INIT_PROCESS"); 2723 break; 2724 2725 default: 2726 (void) strlcpy(fail_buf, u->ut_id, sizeof (u->ut_id) + 1); 2727 break; 2728 } 2729 2730 /* 2731 * Write out the updated entry to utmpx file. 2732 */ 2733 if (pututxline(u) == NULL) { 2734 console(B_TRUE, "Failed write of utmpx entry: \"%s\": %s\n", 2735 fail_buf, strerror(errno)); 2736 endutxent(); 2737 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2738 return (-1); 2739 } 2740 2741 /* 2742 * If we're able to write to utmpx, then attempt to add to the 2743 * end of the wtmpx file. 2744 */ 2745 updwtmpx(WTMPX, u); 2746 2747 endutxent(); 2748 2749 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2750 2751 return (0); 2752 } 2753 2754 static void 2755 clearent(pid_t pid, short status) 2756 { 2757 struct utmpx *up; 2758 sigset_t block, unblock; 2759 2760 /* 2761 * Block signals for utmp update. 2762 */ 2763 (void) sigfillset(&block); 2764 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2765 2766 /* 2767 * No error checking for now. 2768 */ 2769 2770 setutxent(); 2771 while (up = getutxent()) { 2772 if (up->ut_pid == pid) { 2773 if (up->ut_type == DEAD_PROCESS) { 2774 /* 2775 * Cleaned up elsewhere. 2776 */ 2777 continue; 2778 } 2779 2780 notify_pam_dead(up); 2781 2782 up->ut_type = DEAD_PROCESS; 2783 up->ut_exit.e_termination = WTERMSIG(status); 2784 up->ut_exit.e_exit = WEXITSTATUS(status); 2785 (void) time(&up->ut_tv.tv_sec); 2786 2787 (void) pututxline(up); 2788 /* 2789 * Now attempt to add to the end of the 2790 * wtmp and wtmpx files. Do not create 2791 * if they don't already exist. 2792 */ 2793 updwtmpx(WTMPX, up); 2794 2795 break; 2796 } 2797 } 2798 2799 endutxent(); 2800 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2801 } 2802 2803 /* 2804 * prog_name() searches for the word or unix path name and 2805 * returns a pointer to the last element of the pathname. 2806 */ 2807 static char * 2808 prog_name(char *string) 2809 { 2810 char *ptr, *ptr2; 2811 /* XXX - utmp - fix name length */ 2812 static char word[_POSIX_LOGIN_NAME_MAX]; 2813 2814 /* 2815 * Search for the first word skipping leading spaces and tabs. 2816 */ 2817 while (*string == ' ' || *string == '\t') 2818 string++; 2819 2820 /* 2821 * If the first non-space non-tab character is not one allowed in 2822 * a word, return a pointer to a null string, otherwise parse the 2823 * pathname. 2824 */ 2825 if (*string != '.' && *string != '/' && *string != '_' && 2826 (*string < 'a' || *string > 'z') && 2827 (*string < 'A' || * string > 'Z') && 2828 (*string < '0' || *string > '9')) 2829 return (""); 2830 2831 /* 2832 * Parse the pathname looking forward for '/', ' ', '\t', '\n' or 2833 * '\0'. Each time a '/' is found, move "ptr" to one past the 2834 * '/', thus when a ' ', '\t', '\n', or '\0' is found, "ptr" will 2835 * point to the last element of the pathname. 2836 */ 2837 for (ptr = string; *string != ' ' && *string != '\t' && 2838 *string != '\n' && *string != '\0'; string++) { 2839 if (*string == '/') 2840 ptr = string+1; 2841 } 2842 2843 /* 2844 * Copy out up to the size of the "ut_user" array into "word", 2845 * null terminate it and return a pointer to it. 2846 */ 2847 /* XXX - utmp - fix name length */ 2848 for (ptr2 = &word[0]; ptr2 < &word[_POSIX_LOGIN_NAME_MAX - 1] && 2849 ptr < string; /* CSTYLED */) 2850 *ptr2++ = *ptr++; 2851 2852 *ptr2 = '\0'; 2853 return (&word[0]); 2854 } 2855 2856 2857 /* 2858 * realcon() returns a nonzero value if there is a character device 2859 * associated with SYSCON that has the same device number as CONSOLE. 2860 */ 2861 static int 2862 realcon() 2863 { 2864 struct stat sconbuf, conbuf; 2865 2866 if (stat(SYSCON, &sconbuf) != -1 && 2867 stat(CONSOLE, &conbuf) != -1 && 2868 S_ISCHR(sconbuf.st_mode) && 2869 S_ISCHR(conbuf.st_mode) && 2870 sconbuf.st_rdev == conbuf.st_rdev) { 2871 return (1); 2872 } else { 2873 return (0); 2874 } 2875 } 2876 2877 2878 /* 2879 * get_ioctl_syscon() retrieves the SYSCON settings from the IOCTLSYSCON file. 2880 * Returns true if the IOCTLSYSCON file needs to be written (with 2881 * write_ioctl_syscon() below) 2882 */ 2883 static int 2884 get_ioctl_syscon() 2885 { 2886 FILE *fp; 2887 unsigned int iflags, oflags, cflags, lflags, ldisc, cc[18]; 2888 int i, valid_format = 0; 2889 2890 /* 2891 * Read in the previous modes for SYSCON from IOCTLSYSCON. 2892 */ 2893 if ((fp = fopen(IOCTLSYSCON, "r")) == NULL) { 2894 stored_syscon_termios = dflt_termios; 2895 console(B_TRUE, 2896 "warning:%s does not exist, default settings assumed\n", 2897 IOCTLSYSCON); 2898 } else { 2899 2900 i = fscanf(fp, 2901 "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2902 &iflags, &oflags, &cflags, &lflags, 2903 &cc[0], &cc[1], &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], 2904 &cc[7], &cc[8], &cc[9], &cc[10], &cc[11], &cc[12], &cc[13], 2905 &cc[14], &cc[15], &cc[16], &cc[17]); 2906 2907 if (i == 22) { 2908 stored_syscon_termios.c_iflag = iflags; 2909 stored_syscon_termios.c_oflag = oflags; 2910 stored_syscon_termios.c_cflag = cflags; 2911 stored_syscon_termios.c_lflag = lflags; 2912 for (i = 0; i < 18; i++) 2913 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2914 valid_format = 1; 2915 } else if (i == 13) { 2916 rewind(fp); 2917 i = fscanf(fp, "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2918 &iflags, &oflags, &cflags, &lflags, &ldisc, &cc[0], &cc[1], 2919 &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], &cc[7]); 2920 2921 /* 2922 * If the file is formatted properly, use the values to 2923 * initialize the console terminal condition. 2924 */ 2925 stored_syscon_termios.c_iflag = (ushort_t)iflags; 2926 stored_syscon_termios.c_oflag = (ushort_t)oflags; 2927 stored_syscon_termios.c_cflag = (ushort_t)cflags; 2928 stored_syscon_termios.c_lflag = (ushort_t)lflags; 2929 for (i = 0; i < 8; i++) 2930 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2931 valid_format = 1; 2932 } 2933 (void) fclose(fp); 2934 2935 /* If the file is badly formatted, use the default settings. */ 2936 if (!valid_format) 2937 stored_syscon_termios = dflt_termios; 2938 } 2939 2940 /* If the file had a bad format, rewrite it later. */ 2941 return (!valid_format); 2942 } 2943 2944 2945 static void 2946 write_ioctl_syscon() 2947 { 2948 FILE *fp; 2949 int i; 2950 2951 (void) unlink(SYSCON); 2952 (void) link(SYSTTY, SYSCON); 2953 (void) umask(022); 2954 fp = fopen(IOCTLSYSCON, "w"); 2955 2956 (void) fprintf(fp, "%x:%x:%x:%x:0", stored_syscon_termios.c_iflag, 2957 stored_syscon_termios.c_oflag, stored_syscon_termios.c_cflag, 2958 stored_syscon_termios.c_lflag); 2959 for (i = 0; i < 8; ++i) 2960 (void) fprintf(fp, ":%x", stored_syscon_termios.c_cc[i]); 2961 (void) putc('\n', fp); 2962 2963 (void) fflush(fp); 2964 (void) fsync(fileno(fp)); 2965 (void) fclose(fp); 2966 (void) umask(cmask); 2967 } 2968 2969 2970 /* 2971 * void console(boolean_t, char *, ...) 2972 * Outputs the requested message to the system console. Note that the number 2973 * of arguments passed to console() should be determined by the print format. 2974 * 2975 * The "prefix" parameter indicates whether or not "INIT: " should precede the 2976 * message. 2977 * 2978 * To make sure we write to the console in a sane fashion, we use the modes 2979 * we keep in stored_syscon_termios (which we read out of /etc/ioctl.syscon). 2980 * Afterwards we restore whatever modes were already there. 2981 */ 2982 /* PRINTFLIKE2 */ 2983 static void 2984 console(boolean_t prefix, char *format, ...) 2985 { 2986 char outbuf[BUFSIZ]; 2987 va_list args; 2988 int fd, getret; 2989 struct termios old_syscon_termios; 2990 FILE *f; 2991 2992 /* 2993 * We open SYSCON anew each time in case it has changed (see 2994 * userinit()). 2995 */ 2996 if ((fd = open(SYSCON, O_RDWR | O_NOCTTY)) < 0 || 2997 (f = fdopen(fd, "r+")) == NULL) { 2998 if (prefix) 2999 syslog(LOG_WARNING, "INIT: "); 3000 va_start(args, format); 3001 vsyslog(LOG_WARNING, format, args); 3002 va_end(args); 3003 if (fd >= 0) 3004 (void) close(fd); 3005 return; 3006 } 3007 setbuf(f, &outbuf[0]); 3008 3009 getret = tcgetattr(fd, &old_syscon_termios); 3010 old_syscon_termios.c_cflag &= ~HUPCL; 3011 if (realcon()) 3012 /* Don't overwrite cflag of real console. */ 3013 stored_syscon_termios.c_cflag = old_syscon_termios.c_cflag; 3014 3015 stored_syscon_termios.c_cflag &= ~HUPCL; 3016 3017 (void) tcsetattr(fd, TCSANOW, &stored_syscon_termios); 3018 3019 if (prefix) 3020 (void) fprintf(f, "\nINIT: "); 3021 va_start(args, format); 3022 (void) vfprintf(f, format, args); 3023 va_end(args); 3024 3025 if (getret == 0) 3026 (void) tcsetattr(fd, TCSADRAIN, &old_syscon_termios); 3027 3028 (void) fclose(f); 3029 } 3030 3031 /* 3032 * timer() is a substitute for sleep() which uses alarm() and pause(). 3033 */ 3034 static void 3035 timer(int waitime) 3036 { 3037 setimer(waitime); 3038 while (time_up == FALSE) 3039 (void) pause(); 3040 } 3041 3042 static void 3043 setimer(int timelimit) 3044 { 3045 alarmclk(); 3046 (void) alarm(timelimit); 3047 time_up = (timelimit ? FALSE : TRUE); 3048 } 3049 3050 /* 3051 * Fails with 3052 * ENOMEM - out of memory 3053 * ECONNABORTED - repository connection broken 3054 * EPERM - permission denied 3055 * EACCES - backend access denied 3056 * EROFS - backend readonly 3057 */ 3058 static int 3059 get_or_add_startd(scf_instance_t *inst) 3060 { 3061 scf_handle_t *h; 3062 scf_scope_t *scope = NULL; 3063 scf_service_t *svc = NULL; 3064 int ret = 0; 3065 3066 h = scf_instance_handle(inst); 3067 3068 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 3069 NULL, NULL, SCF_DECODE_FMRI_EXACT) == 0) 3070 return (0); 3071 3072 switch (scf_error()) { 3073 case SCF_ERROR_CONNECTION_BROKEN: 3074 return (ECONNABORTED); 3075 3076 case SCF_ERROR_NOT_FOUND: 3077 break; 3078 3079 case SCF_ERROR_HANDLE_MISMATCH: 3080 case SCF_ERROR_INVALID_ARGUMENT: 3081 case SCF_ERROR_CONSTRAINT_VIOLATED: 3082 default: 3083 bad_error("scf_handle_decode_fmri", scf_error()); 3084 } 3085 3086 /* Make sure we're right, since we're adding piece-by-piece. */ 3087 assert(strcmp(SCF_SERVICE_STARTD, 3088 "svc:/system/svc/restarter:default") == 0); 3089 3090 if ((scope = scf_scope_create(h)) == NULL || 3091 (svc = scf_service_create(h)) == NULL) { 3092 ret = ENOMEM; 3093 goto out; 3094 } 3095 3096 get_scope: 3097 if (scf_handle_get_scope(h, SCF_SCOPE_LOCAL, scope) != 0) { 3098 switch (scf_error()) { 3099 case SCF_ERROR_CONNECTION_BROKEN: 3100 ret = ECONNABORTED; 3101 goto out; 3102 3103 case SCF_ERROR_NOT_FOUND: 3104 (void) fputs(gettext( 3105 "smf(5) repository missing local scope.\n"), 3106 stderr); 3107 exit(1); 3108 /* NOTREACHED */ 3109 3110 case SCF_ERROR_HANDLE_MISMATCH: 3111 case SCF_ERROR_INVALID_ARGUMENT: 3112 default: 3113 bad_error("scf_handle_get_scope", scf_error()); 3114 } 3115 } 3116 3117 get_svc: 3118 if (scf_scope_get_service(scope, "system/svc/restarter", svc) != 0) { 3119 switch (scf_error()) { 3120 case SCF_ERROR_CONNECTION_BROKEN: 3121 ret = ECONNABORTED; 3122 goto out; 3123 3124 case SCF_ERROR_DELETED: 3125 goto get_scope; 3126 3127 case SCF_ERROR_NOT_FOUND: 3128 break; 3129 3130 case SCF_ERROR_HANDLE_MISMATCH: 3131 case SCF_ERROR_INVALID_ARGUMENT: 3132 case SCF_ERROR_NOT_SET: 3133 default: 3134 bad_error("scf_scope_get_service", scf_error()); 3135 } 3136 3137 add_svc: 3138 if (scf_scope_add_service(scope, "system/svc/restarter", svc) != 3139 0) { 3140 switch (scf_error()) { 3141 case SCF_ERROR_CONNECTION_BROKEN: 3142 ret = ECONNABORTED; 3143 goto out; 3144 3145 case SCF_ERROR_EXISTS: 3146 goto get_svc; 3147 3148 case SCF_ERROR_PERMISSION_DENIED: 3149 ret = EPERM; 3150 goto out; 3151 3152 case SCF_ERROR_BACKEND_ACCESS: 3153 ret = EACCES; 3154 goto out; 3155 3156 case SCF_ERROR_BACKEND_READONLY: 3157 ret = EROFS; 3158 goto out; 3159 3160 case SCF_ERROR_HANDLE_MISMATCH: 3161 case SCF_ERROR_INVALID_ARGUMENT: 3162 case SCF_ERROR_NOT_SET: 3163 default: 3164 bad_error("scf_scope_add_service", scf_error()); 3165 } 3166 } 3167 } 3168 3169 get_inst: 3170 if (scf_service_get_instance(svc, "default", inst) != 0) { 3171 switch (scf_error()) { 3172 case SCF_ERROR_CONNECTION_BROKEN: 3173 ret = ECONNABORTED; 3174 goto out; 3175 3176 case SCF_ERROR_DELETED: 3177 goto add_svc; 3178 3179 case SCF_ERROR_NOT_FOUND: 3180 break; 3181 3182 case SCF_ERROR_HANDLE_MISMATCH: 3183 case SCF_ERROR_INVALID_ARGUMENT: 3184 case SCF_ERROR_NOT_SET: 3185 default: 3186 bad_error("scf_service_get_instance", scf_error()); 3187 } 3188 3189 if (scf_service_add_instance(svc, "default", inst) != 3190 0) { 3191 switch (scf_error()) { 3192 case SCF_ERROR_CONNECTION_BROKEN: 3193 ret = ECONNABORTED; 3194 goto out; 3195 3196 case SCF_ERROR_DELETED: 3197 goto add_svc; 3198 3199 case SCF_ERROR_EXISTS: 3200 goto get_inst; 3201 3202 case SCF_ERROR_PERMISSION_DENIED: 3203 ret = EPERM; 3204 goto out; 3205 3206 case SCF_ERROR_BACKEND_ACCESS: 3207 ret = EACCES; 3208 goto out; 3209 3210 case SCF_ERROR_BACKEND_READONLY: 3211 ret = EROFS; 3212 goto out; 3213 3214 case SCF_ERROR_HANDLE_MISMATCH: 3215 case SCF_ERROR_INVALID_ARGUMENT: 3216 case SCF_ERROR_NOT_SET: 3217 default: 3218 bad_error("scf_service_add_instance", 3219 scf_error()); 3220 } 3221 } 3222 } 3223 3224 ret = 0; 3225 3226 out: 3227 scf_service_destroy(svc); 3228 scf_scope_destroy(scope); 3229 return (ret); 3230 } 3231 3232 /* 3233 * Fails with 3234 * ECONNABORTED - repository connection broken 3235 * ECANCELED - the transaction's property group was deleted 3236 */ 3237 static int 3238 transaction_add_set(scf_transaction_t *tx, scf_transaction_entry_t *ent, 3239 const char *pname, scf_type_t type) 3240 { 3241 change_type: 3242 if (scf_transaction_property_change_type(tx, ent, pname, type) == 0) 3243 return (0); 3244 3245 switch (scf_error()) { 3246 case SCF_ERROR_CONNECTION_BROKEN: 3247 return (ECONNABORTED); 3248 3249 case SCF_ERROR_DELETED: 3250 return (ECANCELED); 3251 3252 case SCF_ERROR_NOT_FOUND: 3253 goto new; 3254 3255 case SCF_ERROR_HANDLE_MISMATCH: 3256 case SCF_ERROR_INVALID_ARGUMENT: 3257 case SCF_ERROR_NOT_BOUND: 3258 case SCF_ERROR_NOT_SET: 3259 default: 3260 bad_error("scf_transaction_property_change_type", scf_error()); 3261 } 3262 3263 new: 3264 if (scf_transaction_property_new(tx, ent, pname, type) == 0) 3265 return (0); 3266 3267 switch (scf_error()) { 3268 case SCF_ERROR_CONNECTION_BROKEN: 3269 return (ECONNABORTED); 3270 3271 case SCF_ERROR_DELETED: 3272 return (ECANCELED); 3273 3274 case SCF_ERROR_EXISTS: 3275 goto change_type; 3276 3277 case SCF_ERROR_HANDLE_MISMATCH: 3278 case SCF_ERROR_INVALID_ARGUMENT: 3279 case SCF_ERROR_NOT_BOUND: 3280 case SCF_ERROR_NOT_SET: 3281 default: 3282 bad_error("scf_transaction_property_new", scf_error()); 3283 /* NOTREACHED */ 3284 } 3285 } 3286 3287 static void 3288 scferr(void) 3289 { 3290 switch (scf_error()) { 3291 case SCF_ERROR_NO_MEMORY: 3292 console(B_TRUE, gettext("Out of memory.\n")); 3293 break; 3294 3295 case SCF_ERROR_CONNECTION_BROKEN: 3296 console(B_TRUE, gettext( 3297 "Connection to smf(5) repository server broken.\n")); 3298 break; 3299 3300 case SCF_ERROR_NO_RESOURCES: 3301 console(B_TRUE, gettext( 3302 "smf(5) repository server is out of memory.\n")); 3303 break; 3304 3305 case SCF_ERROR_PERMISSION_DENIED: 3306 console(B_TRUE, gettext("Insufficient privileges.\n")); 3307 break; 3308 3309 default: 3310 console(B_TRUE, gettext("libscf error: %s\n"), 3311 scf_strerror(scf_error())); 3312 } 3313 } 3314 3315 static void 3316 lscf_set_runlevel(char rl) 3317 { 3318 scf_handle_t *h; 3319 scf_instance_t *inst = NULL; 3320 scf_propertygroup_t *pg = NULL; 3321 scf_transaction_t *tx = NULL; 3322 scf_transaction_entry_t *ent = NULL; 3323 scf_value_t *val = NULL; 3324 char buf[2]; 3325 int r; 3326 3327 h = scf_handle_create(SCF_VERSION); 3328 if (h == NULL) { 3329 scferr(); 3330 return; 3331 } 3332 3333 if (scf_handle_bind(h) != 0) { 3334 switch (scf_error()) { 3335 case SCF_ERROR_NO_SERVER: 3336 console(B_TRUE, 3337 gettext("smf(5) repository server not running.\n")); 3338 goto bail; 3339 3340 default: 3341 scferr(); 3342 goto bail; 3343 } 3344 } 3345 3346 if ((inst = scf_instance_create(h)) == NULL || 3347 (pg = scf_pg_create(h)) == NULL || 3348 (val = scf_value_create(h)) == NULL || 3349 (tx = scf_transaction_create(h)) == NULL || 3350 (ent = scf_entry_create(h)) == NULL) { 3351 scferr(); 3352 goto bail; 3353 } 3354 3355 get_inst: 3356 r = get_or_add_startd(inst); 3357 switch (r) { 3358 case 0: 3359 break; 3360 3361 case ENOMEM: 3362 case ECONNABORTED: 3363 case EPERM: 3364 case EACCES: 3365 case EROFS: 3366 scferr(); 3367 goto bail; 3368 default: 3369 bad_error("get_or_add_startd", r); 3370 } 3371 3372 get_pg: 3373 if (scf_instance_get_pg(inst, SCF_PG_OPTIONS_OVR, pg) != 0) { 3374 switch (scf_error()) { 3375 case SCF_ERROR_CONNECTION_BROKEN: 3376 scferr(); 3377 goto bail; 3378 3379 case SCF_ERROR_DELETED: 3380 goto get_inst; 3381 3382 case SCF_ERROR_NOT_FOUND: 3383 break; 3384 3385 case SCF_ERROR_HANDLE_MISMATCH: 3386 case SCF_ERROR_INVALID_ARGUMENT: 3387 case SCF_ERROR_NOT_SET: 3388 default: 3389 bad_error("scf_instance_get_pg", scf_error()); 3390 } 3391 3392 add_pg: 3393 if (scf_instance_add_pg(inst, SCF_PG_OPTIONS_OVR, 3394 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, pg) != 3395 0) { 3396 switch (scf_error()) { 3397 case SCF_ERROR_CONNECTION_BROKEN: 3398 case SCF_ERROR_PERMISSION_DENIED: 3399 case SCF_ERROR_BACKEND_ACCESS: 3400 scferr(); 3401 goto bail; 3402 3403 case SCF_ERROR_DELETED: 3404 goto get_inst; 3405 3406 case SCF_ERROR_EXISTS: 3407 goto get_pg; 3408 3409 case SCF_ERROR_HANDLE_MISMATCH: 3410 case SCF_ERROR_INVALID_ARGUMENT: 3411 case SCF_ERROR_NOT_SET: 3412 default: 3413 bad_error("scf_instance_add_pg", scf_error()); 3414 } 3415 } 3416 } 3417 3418 buf[0] = rl; 3419 buf[1] = '\0'; 3420 r = scf_value_set_astring(val, buf); 3421 assert(r == 0); 3422 3423 for (;;) { 3424 if (scf_transaction_start(tx, pg) != 0) { 3425 switch (scf_error()) { 3426 case SCF_ERROR_CONNECTION_BROKEN: 3427 case SCF_ERROR_PERMISSION_DENIED: 3428 case SCF_ERROR_BACKEND_ACCESS: 3429 scferr(); 3430 goto bail; 3431 3432 case SCF_ERROR_DELETED: 3433 goto add_pg; 3434 3435 case SCF_ERROR_HANDLE_MISMATCH: 3436 case SCF_ERROR_NOT_BOUND: 3437 case SCF_ERROR_IN_USE: 3438 case SCF_ERROR_NOT_SET: 3439 default: 3440 bad_error("scf_transaction_start", scf_error()); 3441 } 3442 } 3443 3444 r = transaction_add_set(tx, ent, "runlevel", SCF_TYPE_ASTRING); 3445 switch (r) { 3446 case 0: 3447 break; 3448 3449 case ECONNABORTED: 3450 scferr(); 3451 goto bail; 3452 3453 case ECANCELED: 3454 scf_transaction_reset(tx); 3455 goto add_pg; 3456 3457 default: 3458 bad_error("transaction_add_set", r); 3459 } 3460 3461 r = scf_entry_add_value(ent, val); 3462 assert(r == 0); 3463 3464 r = scf_transaction_commit(tx); 3465 if (r == 1) 3466 break; 3467 3468 if (r != 0) { 3469 switch (scf_error()) { 3470 case SCF_ERROR_CONNECTION_BROKEN: 3471 case SCF_ERROR_PERMISSION_DENIED: 3472 case SCF_ERROR_BACKEND_ACCESS: 3473 case SCF_ERROR_BACKEND_READONLY: 3474 scferr(); 3475 goto bail; 3476 3477 case SCF_ERROR_DELETED: 3478 scf_transaction_reset(tx); 3479 goto add_pg; 3480 3481 case SCF_ERROR_INVALID_ARGUMENT: 3482 case SCF_ERROR_NOT_BOUND: 3483 case SCF_ERROR_NOT_SET: 3484 default: 3485 bad_error("scf_transaction_commit", 3486 scf_error()); 3487 } 3488 } 3489 3490 scf_transaction_reset(tx); 3491 (void) scf_pg_update(pg); 3492 } 3493 3494 bail: 3495 scf_transaction_destroy(tx); 3496 scf_entry_destroy(ent); 3497 scf_value_destroy(val); 3498 scf_pg_destroy(pg); 3499 scf_instance_destroy(inst); 3500 3501 (void) scf_handle_unbind(h); 3502 scf_handle_destroy(h); 3503 } 3504 3505 /* 3506 * Function to handle requests from users to main init running as process 1. 3507 */ 3508 static void 3509 userinit(int argc, char **argv) 3510 { 3511 FILE *fp; 3512 char *ln; 3513 int init_signal; 3514 struct stat sconbuf, conbuf; 3515 const char *usage_msg = "Usage: init [0123456SsQqabc]\n"; 3516 3517 /* 3518 * We are a user invoked init. Is there an argument and is it 3519 * a single character? If not, print usage message and quit. 3520 */ 3521 if (argc != 2 || argv[1][1] != '\0') { 3522 (void) fprintf(stderr, usage_msg); 3523 exit(0); 3524 } 3525 3526 if ((init_signal = lvlname_to_state((char)argv[1][0])) == -1) { 3527 (void) fprintf(stderr, usage_msg); 3528 (void) audit_put_record(ADT_FAILURE, ADT_FAIL_VALUE_BAD_CMD, 3529 argv[1]); 3530 exit(1); 3531 } 3532 3533 if (init_signal == SINGLE_USER) { 3534 /* 3535 * Make sure this process is talking to a legal tty line 3536 * and that /dev/syscon is linked to this line. 3537 */ 3538 ln = ttyname(0); /* Get the name of tty */ 3539 if (ln == NULL) { 3540 (void) fprintf(stderr, 3541 "Standard input not a tty line\n"); 3542 (void) audit_put_record(ADT_FAILURE, 3543 ADT_FAIL_VALUE_BAD_TTY, argv[1]); 3544 exit(1); 3545 } 3546 3547 if ((stat(ln, &sconbuf) != -1) && 3548 (stat(SYSCON, &conbuf) == -1 || 3549 sconbuf.st_rdev != conbuf.st_rdev)) { 3550 /* 3551 * /dev/syscon needs to change. 3552 * Unlink /dev/syscon and relink it to the current line. 3553 */ 3554 if (lstat(SYSCON, &conbuf) != -1 && 3555 unlink(SYSCON) == FAILURE) { 3556 perror("Can't unlink /dev/syscon"); 3557 (void) fprintf(stderr, 3558 "Run command on the system console.\n"); 3559 (void) audit_put_record(ADT_FAILURE, 3560 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3561 exit(1); 3562 } 3563 if (symlink(ln, SYSCON) == FAILURE) { 3564 (void) fprintf(stderr, 3565 "Can't symlink /dev/syscon to %s: %s", ln, 3566 strerror(errno)); 3567 3568 /* Try to leave a syscon */ 3569 (void) link(SYSTTY, SYSCON); 3570 (void) audit_put_record(ADT_FAILURE, 3571 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3572 exit(1); 3573 } 3574 3575 /* 3576 * Try to leave a message on system console saying where 3577 * /dev/syscon is currently connected. 3578 */ 3579 if ((fp = fopen(SYSTTY, "r+")) != NULL) { 3580 (void) fprintf(fp, 3581 "\n**** SYSCON CHANGED TO %s ****\n", 3582 ln); 3583 (void) fclose(fp); 3584 } 3585 } 3586 } 3587 3588 update_boot_archive(init_signal); 3589 3590 (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]); 3591 3592 /* 3593 * Signal init; init will take care of telling svc.startd. 3594 */ 3595 if (kill(init_pid, init_signal) == FAILURE) { 3596 (void) fprintf(stderr, "Must be super-user\n"); 3597 (void) audit_put_record(ADT_FAILURE, 3598 ADT_FAIL_VALUE_AUTH, argv[1]); 3599 exit(1); 3600 } 3601 3602 exit(0); 3603 } 3604 3605 3606 #define DELTA 25 /* Number of pidlist elements to allocate at a time */ 3607 3608 /* ARGSUSED */ 3609 void 3610 sigpoll(int n) 3611 { 3612 struct pidrec prec; 3613 struct pidrec *p = ≺ 3614 struct pidlist *plp; 3615 struct pidlist *tp, *savetp; 3616 int i; 3617 3618 if (Pfd < 0) { 3619 return; 3620 } 3621 3622 for (;;) { 3623 /* 3624 * Important Note: Either read will really fail (in which case 3625 * return is all we can do) or will get EAGAIN (Pfd was opened 3626 * O_NDELAY), in which case we also want to return. 3627 * Always return from here! 3628 */ 3629 if (read(Pfd, p, sizeof (struct pidrec)) != 3630 sizeof (struct pidrec)) { 3631 return; 3632 } 3633 switch (p->pd_type) { 3634 3635 case ADDPID: 3636 /* 3637 * New "godchild", add to list. 3638 */ 3639 if (Plfree == NULL) { 3640 plp = (struct pidlist *)calloc(DELTA, 3641 sizeof (struct pidlist)); 3642 if (plp == NULL) { 3643 /* Can't save pid */ 3644 break; 3645 } 3646 /* 3647 * Point at 2nd record allocated, we'll use plp. 3648 */ 3649 tp = plp + 1; 3650 /* 3651 * Link them into a chain. 3652 */ 3653 Plfree = tp; 3654 for (i = 0; i < DELTA - 2; i++) { 3655 tp->pl_next = tp + 1; 3656 tp++; 3657 } 3658 } else { 3659 plp = Plfree; 3660 Plfree = plp->pl_next; 3661 } 3662 plp->pl_pid = p->pd_pid; 3663 plp->pl_dflag = 0; 3664 plp->pl_next = NULL; 3665 /* 3666 * Note - pid list is kept in increasing order of pids. 3667 */ 3668 if (Plhead == NULL) { 3669 Plhead = plp; 3670 /* Back up to read next record */ 3671 break; 3672 } else { 3673 savetp = tp = Plhead; 3674 while (tp) { 3675 if (plp->pl_pid > tp->pl_pid) { 3676 savetp = tp; 3677 tp = tp->pl_next; 3678 continue; 3679 } else if (plp->pl_pid < tp->pl_pid) { 3680 if (tp == Plhead) { 3681 plp->pl_next = Plhead; 3682 Plhead = plp; 3683 } else { 3684 plp->pl_next = 3685 savetp->pl_next; 3686 savetp->pl_next = plp; 3687 } 3688 break; 3689 } else { 3690 /* Already in list! */ 3691 plp->pl_next = Plfree; 3692 Plfree = plp; 3693 break; 3694 } 3695 } 3696 if (tp == NULL) { 3697 /* Add to end of list */ 3698 savetp->pl_next = plp; 3699 } 3700 } 3701 /* Back up to read next record. */ 3702 break; 3703 3704 case REMPID: 3705 /* 3706 * This one was handled by someone else, 3707 * purge it from the list. 3708 */ 3709 if (Plhead == NULL) { 3710 /* Back up to read next record. */ 3711 break; 3712 } 3713 savetp = tp = Plhead; 3714 while (tp) { 3715 if (p->pd_pid > tp->pl_pid) { 3716 /* Keep on looking. */ 3717 savetp = tp; 3718 tp = tp->pl_next; 3719 continue; 3720 } else if (p->pd_pid < tp->pl_pid) { 3721 /* Not in list. */ 3722 break; 3723 } else { 3724 /* Found it. */ 3725 if (tp == Plhead) 3726 Plhead = tp->pl_next; 3727 else 3728 savetp->pl_next = tp->pl_next; 3729 tp->pl_next = Plfree; 3730 Plfree = tp; 3731 break; 3732 } 3733 } 3734 /* Back up to read next record. */ 3735 break; 3736 default: 3737 console(B_TRUE, "Bad message on initpipe\n"); 3738 break; 3739 } 3740 } 3741 } 3742 3743 3744 static void 3745 cleanaux() 3746 { 3747 struct pidlist *savep, *p; 3748 pid_t pid; 3749 short status; 3750 3751 (void) sighold(SIGCLD); 3752 Gchild = 0; /* Note - Safe to do this here since no SIGCLDs */ 3753 (void) sighold(SIGPOLL); 3754 savep = p = Plhead; 3755 while (p) { 3756 if (p->pl_dflag) { 3757 /* 3758 * Found an entry to delete, 3759 * remove it from list first. 3760 */ 3761 pid = p->pl_pid; 3762 status = p->pl_exit; 3763 if (p == Plhead) { 3764 Plhead = p->pl_next; 3765 p->pl_next = Plfree; 3766 Plfree = p; 3767 savep = p = Plhead; 3768 } else { 3769 savep->pl_next = p->pl_next; 3770 p->pl_next = Plfree; 3771 Plfree = p; 3772 p = savep->pl_next; 3773 } 3774 clearent(pid, status); 3775 continue; 3776 } 3777 savep = p; 3778 p = p->pl_next; 3779 } 3780 (void) sigrelse(SIGPOLL); 3781 (void) sigrelse(SIGCLD); 3782 } 3783 3784 3785 /* 3786 * /etc/inittab has more entries and we have run out of room in the proc_table 3787 * array. Double the size of proc_table to accomodate the extra entries. 3788 */ 3789 static void 3790 increase_proc_table_size() 3791 { 3792 sigset_t block, unblock; 3793 void *ptr; 3794 size_t delta = num_proc * sizeof (struct PROC_TABLE); 3795 3796 3797 /* 3798 * Block signals for realloc. 3799 */ 3800 (void) sigfillset(&block); 3801 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 3802 3803 3804 /* 3805 * On failure we just return because callers of this function check 3806 * for failure. 3807 */ 3808 do 3809 ptr = realloc(g_state, g_state_sz + delta); 3810 while (ptr == NULL && errno == EAGAIN); 3811 3812 if (ptr != NULL) { 3813 /* ensure that the new part is initialized to zero */ 3814 bzero((caddr_t)ptr + g_state_sz, delta); 3815 3816 g_state = ptr; 3817 g_state_sz += delta; 3818 num_proc <<= 1; 3819 } 3820 3821 3822 /* unblock our signals before returning */ 3823 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 3824 } 3825 3826 3827 3828 /* 3829 * Sanity check g_state. 3830 */ 3831 static int 3832 st_sane() 3833 { 3834 int i; 3835 struct PROC_TABLE *ptp; 3836 3837 3838 /* Note: cur_state is encoded as a signal number */ 3839 if (cur_state < 1 || cur_state == 9 || cur_state > 13) 3840 return (0); 3841 3842 /* Check num_proc */ 3843 if (g_state_sz != sizeof (struct init_state) + (num_proc - 1) * 3844 sizeof (struct PROC_TABLE)) 3845 return (0); 3846 3847 /* Check proc_table */ 3848 for (i = 0, ptp = proc_table; i < num_proc; ++i, ++ptp) { 3849 /* skip unoccupied entries */ 3850 if (!(ptp->p_flags & OCCUPIED)) 3851 continue; 3852 3853 /* p_flags has no bits outside of PF_MASK */ 3854 if (ptp->p_flags & ~(PF_MASK)) 3855 return (0); 3856 3857 /* 5 <= pid <= MAXPID */ 3858 if (ptp->p_pid < 5 || ptp->p_pid > MAXPID) 3859 return (0); 3860 3861 /* p_count >= 0 */ 3862 if (ptp->p_count < 0) 3863 return (0); 3864 3865 /* p_time >= 0 */ 3866 if (ptp->p_time < 0) 3867 return (0); 3868 } 3869 3870 return (1); 3871 } 3872 3873 /* 3874 * Initialize our state. 3875 * 3876 * If the system just booted, then init_state_file, which is located on an 3877 * everpresent tmpfs filesystem, should not exist. 3878 * 3879 * If we were restarted, then init_state_file should exist, in 3880 * which case we'll read it in, sanity check it, and use it. 3881 * 3882 * Note: You can't call console() until proc_table is ready. 3883 */ 3884 void 3885 st_init() 3886 { 3887 struct stat stb; 3888 int ret, st_fd, insane = 0; 3889 size_t to_be_read; 3890 char *ptr; 3891 3892 3893 booting = 1; 3894 3895 do { 3896 /* 3897 * If we can exclusively create the file, then we're the 3898 * initial invocation of init(1M). 3899 */ 3900 st_fd = open(init_state_file, O_RDWR | O_CREAT | O_EXCL, 3901 S_IRUSR | S_IWUSR); 3902 } while (st_fd == -1 && errno == EINTR); 3903 if (st_fd != -1) 3904 goto new_state; 3905 3906 booting = 0; 3907 3908 do { 3909 st_fd = open(init_state_file, O_RDWR, S_IRUSR | S_IWUSR); 3910 } while (st_fd == -1 && errno == EINTR); 3911 if (st_fd == -1) 3912 goto new_state; 3913 3914 /* Get the size of the file. */ 3915 do 3916 ret = fstat(st_fd, &stb); 3917 while (ret == -1 && errno == EINTR); 3918 if (ret == -1) 3919 goto new_state; 3920 3921 do 3922 g_state = malloc(stb.st_size); 3923 while (g_state == NULL && errno == EAGAIN); 3924 if (g_state == NULL) 3925 goto new_state; 3926 3927 to_be_read = stb.st_size; 3928 ptr = (char *)g_state; 3929 while (to_be_read > 0) { 3930 ssize_t read_ret; 3931 3932 read_ret = read(st_fd, ptr, to_be_read); 3933 if (read_ret < 0) { 3934 if (errno == EINTR) 3935 continue; 3936 3937 goto new_state; 3938 } 3939 3940 to_be_read -= read_ret; 3941 ptr += read_ret; 3942 } 3943 3944 (void) close(st_fd); 3945 3946 g_state_sz = stb.st_size; 3947 3948 if (st_sane()) { 3949 console(B_TRUE, "Restarting.\n"); 3950 return; 3951 } 3952 3953 insane = 1; 3954 3955 new_state: 3956 if (st_fd >= 0) 3957 (void) close(st_fd); 3958 else 3959 (void) unlink(init_state_file); 3960 3961 if (g_state != NULL) 3962 free(g_state); 3963 3964 /* Something went wrong, so allocate new state. */ 3965 g_state_sz = sizeof (struct init_state) + 3966 ((init_num_proc - 1) * sizeof (struct PROC_TABLE)); 3967 do 3968 g_state = calloc(1, g_state_sz); 3969 while (g_state == NULL && errno == EAGAIN); 3970 if (g_state == NULL) { 3971 /* Fatal error! */ 3972 exit(errno); 3973 } 3974 3975 g_state->ist_runlevel = -1; 3976 num_proc = init_num_proc; 3977 3978 if (!booting) { 3979 console(B_TRUE, "Restarting.\n"); 3980 3981 /* Overwrite the bad state file. */ 3982 st_write(); 3983 3984 if (!insane) { 3985 console(B_TRUE, 3986 "Error accessing persistent state file `%s'. " 3987 "Ignored.\n", init_state_file); 3988 } else { 3989 console(B_TRUE, 3990 "Persistent state file `%s' is invalid and was " 3991 "ignored.\n", init_state_file); 3992 } 3993 } 3994 } 3995 3996 /* 3997 * Write g_state out to the state file. 3998 */ 3999 void 4000 st_write() 4001 { 4002 static int complained = 0; 4003 4004 int st_fd; 4005 char *cp; 4006 size_t sz; 4007 ssize_t ret; 4008 4009 4010 do { 4011 st_fd = open(init_next_state_file, 4012 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); 4013 } while (st_fd < 0 && errno == EINTR); 4014 if (st_fd < 0) 4015 goto err; 4016 4017 cp = (char *)g_state; 4018 sz = g_state_sz; 4019 while (sz > 0) { 4020 ret = write(st_fd, cp, sz); 4021 if (ret < 0) { 4022 if (errno == EINTR) 4023 continue; 4024 4025 goto err; 4026 } 4027 4028 sz -= ret; 4029 cp += ret; 4030 } 4031 4032 (void) close(st_fd); 4033 st_fd = -1; 4034 if (rename(init_next_state_file, init_state_file)) { 4035 (void) unlink(init_next_state_file); 4036 goto err; 4037 } 4038 complained = 0; 4039 4040 return; 4041 4042 err: 4043 if (st_fd >= 0) 4044 (void) close(st_fd); 4045 4046 if (!booting && !complained) { 4047 /* 4048 * Only complain after the filesystem should have come up. 4049 * And only do it once so we don't loop between console() 4050 * & efork(). 4051 */ 4052 complained = 1; 4053 if (st_fd) 4054 console(B_TRUE, "Couldn't write persistent state " 4055 "file `%s'.\n", init_state_file); 4056 else 4057 console(B_TRUE, "Couldn't move persistent state " 4058 "file `%s' to `%s'.\n", init_next_state_file, 4059 init_state_file); 4060 } 4061 } 4062 4063 /* 4064 * Create a contract with these parameters. 4065 */ 4066 static int 4067 contract_make_template(uint_t info, uint_t critical, uint_t fatal, 4068 uint64_t cookie) 4069 { 4070 int fd, err; 4071 4072 char *ioctl_tset_emsg = 4073 "Couldn't set \"%s\" contract template parameter: %s.\n"; 4074 4075 do 4076 fd = open64(CTFS_ROOT "/process/template", O_RDWR); 4077 while (fd < 0 && errno == EINTR); 4078 if (fd < 0) { 4079 console(B_TRUE, "Couldn't create process template: %s.\n", 4080 strerror(errno)); 4081 return (-1); 4082 } 4083 4084 if (err = ct_pr_tmpl_set_param(fd, CT_PR_INHERIT | CT_PR_REGENT)) 4085 console(B_TRUE, "Contract set template inherit, regent " 4086 "failed: %s.\n", strerror(err)); 4087 4088 /* 4089 * These errors result in a misconfigured template, which is better 4090 * than no template at all, so warn but don't abort. 4091 */ 4092 if (err = ct_tmpl_set_informative(fd, info)) 4093 console(B_TRUE, ioctl_tset_emsg, "informative", strerror(err)); 4094 4095 if (err = ct_tmpl_set_critical(fd, critical)) 4096 console(B_TRUE, ioctl_tset_emsg, "critical", strerror(err)); 4097 4098 if (err = ct_pr_tmpl_set_fatal(fd, fatal)) 4099 console(B_TRUE, ioctl_tset_emsg, "fatal", strerror(err)); 4100 4101 if (err = ct_tmpl_set_cookie(fd, cookie)) 4102 console(B_TRUE, ioctl_tset_emsg, "cookie", strerror(err)); 4103 4104 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4105 4106 return (fd); 4107 } 4108 4109 /* 4110 * Create the templates and open an event file descriptor. We use dup2(2) to 4111 * get these descriptors away from the stdin/stdout/stderr group. 4112 */ 4113 static void 4114 contracts_init() 4115 { 4116 int err, fd; 4117 4118 /* 4119 * Create & configure a legacy template. We only want empty events so 4120 * we know when to abandon them. 4121 */ 4122 legacy_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, CT_PR_EV_HWERR, 4123 ORDINARY_COOKIE); 4124 if (legacy_tmpl >= 0) { 4125 err = ct_tmpl_activate(legacy_tmpl); 4126 if (err != 0) { 4127 (void) close(legacy_tmpl); 4128 legacy_tmpl = -1; 4129 console(B_TRUE, 4130 "Couldn't activate legacy template (%s); " 4131 "legacy services will be in init's contract.\n", 4132 strerror(err)); 4133 } 4134 } else 4135 console(B_TRUE, 4136 "Legacy services will be in init's contract.\n"); 4137 4138 if (dup2(legacy_tmpl, 255) == -1) { 4139 console(B_TRUE, "Could not duplicate legacy template: %s.\n", 4140 strerror(errno)); 4141 } else { 4142 (void) close(legacy_tmpl); 4143 legacy_tmpl = 255; 4144 } 4145 4146 (void) fcntl(legacy_tmpl, F_SETFD, FD_CLOEXEC); 4147 4148 startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4149 CT_PR_EV_HWERR | CT_PR_EV_SIGNAL | CT_PR_EV_CORE, STARTD_COOKIE); 4150 4151 if (dup2(startd_tmpl, 254) == -1) { 4152 console(B_TRUE, "Could not duplicate startd template: %s.\n", 4153 strerror(errno)); 4154 } else { 4155 (void) close(startd_tmpl); 4156 startd_tmpl = 254; 4157 } 4158 4159 (void) fcntl(startd_tmpl, F_SETFD, FD_CLOEXEC); 4160 4161 if (legacy_tmpl < 0 && startd_tmpl < 0) { 4162 /* The creation errors have already been reported. */ 4163 console(B_TRUE, 4164 "Ignoring contract events. Core smf(5) services will not " 4165 "be restarted.\n"); 4166 return; 4167 } 4168 4169 /* 4170 * Open an event endpoint. 4171 */ 4172 do 4173 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY); 4174 while (fd < 0 && errno == EINTR); 4175 if (fd < 0) { 4176 console(B_TRUE, 4177 "Couldn't open process pbundle: %s. Core smf(5) services " 4178 "will not be restarted.\n", strerror(errno)); 4179 return; 4180 } 4181 4182 if (dup2(fd, 253) == -1) { 4183 console(B_TRUE, "Could not duplicate process bundle: %s.\n", 4184 strerror(errno)); 4185 } else { 4186 (void) close(fd); 4187 fd = 253; 4188 } 4189 4190 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4191 4192 /* Reset in case we've been restarted. */ 4193 (void) ct_event_reset(fd); 4194 4195 poll_fds[0].fd = fd; 4196 poll_fds[0].events = POLLIN; 4197 poll_nfds = 1; 4198 } 4199 4200 static int 4201 contract_getfile(ctid_t id, const char *name, int oflag) 4202 { 4203 int fd; 4204 4205 do 4206 fd = contract_open(id, "process", name, oflag); 4207 while (fd < 0 && errno == EINTR); 4208 4209 if (fd < 0) 4210 console(B_TRUE, "Couldn't open %s for contract %ld: %s.\n", 4211 name, id, strerror(errno)); 4212 4213 return (fd); 4214 } 4215 4216 static int 4217 contract_cookie(ctid_t id, uint64_t *cp) 4218 { 4219 int fd, err; 4220 ct_stathdl_t sh; 4221 4222 fd = contract_getfile(id, "status", O_RDONLY); 4223 if (fd < 0) 4224 return (-1); 4225 4226 err = ct_status_read(fd, CTD_COMMON, &sh); 4227 if (err != 0) { 4228 console(B_TRUE, "Couldn't read status of contract %ld: %s.\n", 4229 id, strerror(err)); 4230 (void) close(fd); 4231 return (-1); 4232 } 4233 4234 (void) close(fd); 4235 4236 *cp = ct_status_get_cookie(sh); 4237 4238 ct_status_free(sh); 4239 return (0); 4240 } 4241 4242 static void 4243 contract_ack(ct_evthdl_t e) 4244 { 4245 int fd; 4246 4247 if (ct_event_get_flags(e) & CTE_INFO) 4248 return; 4249 4250 fd = contract_getfile(ct_event_get_ctid(e), "ctl", O_WRONLY); 4251 if (fd < 0) 4252 return; 4253 4254 (void) ct_ctl_ack(fd, ct_event_get_evid(e)); 4255 (void) close(fd); 4256 } 4257 4258 /* 4259 * Process a contract event. 4260 */ 4261 static void 4262 contract_event(struct pollfd *poll) 4263 { 4264 ct_evthdl_t e; 4265 int err; 4266 ctid_t ctid; 4267 4268 if (!(poll->revents & POLLIN)) { 4269 if (poll->revents & POLLERR) 4270 console(B_TRUE, 4271 "Unknown poll error on my process contract " 4272 "pbundle.\n"); 4273 return; 4274 } 4275 4276 err = ct_event_read(poll->fd, &e); 4277 if (err != 0) { 4278 console(B_TRUE, "Error retrieving contract event: %s.\n", 4279 strerror(err)); 4280 return; 4281 } 4282 4283 ctid = ct_event_get_ctid(e); 4284 4285 if (ct_event_get_type(e) == CT_PR_EV_EMPTY) { 4286 uint64_t cookie; 4287 int ret, abandon = 1; 4288 4289 /* If it's svc.startd, restart it. Else, abandon. */ 4290 ret = contract_cookie(ctid, &cookie); 4291 4292 if (ret == 0) { 4293 if (cookie == STARTD_COOKIE && 4294 do_restart_startd) { 4295 if (smf_debug) 4296 console(B_TRUE, "Restarting " 4297 "svc.startd.\n"); 4298 4299 /* 4300 * Account for the failure. If the failure rate 4301 * exceeds a threshold, then drop to maintenance 4302 * mode. 4303 */ 4304 startd_record_failure(); 4305 if (startd_failure_rate_critical()) 4306 enter_maintenance(); 4307 4308 if (startd_tmpl < 0) 4309 console(B_TRUE, 4310 "Restarting svc.startd in " 4311 "improper contract (bad " 4312 "template).\n"); 4313 4314 (void) startd_run(startd_cline, startd_tmpl, 4315 ctid); 4316 4317 abandon = 0; 4318 } 4319 } 4320 4321 if (abandon && (err = contract_abandon_id(ctid))) { 4322 console(B_TRUE, "Couldn't abandon contract %ld: %s.\n", 4323 ctid, strerror(err)); 4324 } 4325 4326 /* 4327 * No need to acknowledge the event since either way the 4328 * originating contract should be abandoned. 4329 */ 4330 } else { 4331 console(B_TRUE, 4332 "Received contract event of unexpected type %d from " 4333 "contract %ld.\n", ct_event_get_type(e), ctid); 4334 4335 if ((ct_event_get_flags(e) & (CTE_INFO | CTE_ACK)) == 0) 4336 /* Allow unexpected critical events to be released. */ 4337 contract_ack(e); 4338 } 4339 4340 ct_event_free(e); 4341 } 4342 4343 /* 4344 * svc.startd(1M) Management 4345 */ 4346 4347 /* 4348 * (Re)start svc.startd(1M). old_ctid should be the contract ID of the old 4349 * contract, or 0 if we're starting it for the first time. If wait is true 4350 * we'll wait for and return the exit value of the child. 4351 */ 4352 static int 4353 startd_run(const char *cline, int tmpl, ctid_t old_ctid) 4354 { 4355 int err, i, ret, did_activate; 4356 pid_t pid; 4357 struct stat sb; 4358 4359 if (cline[0] == '\0') 4360 return (-1); 4361 4362 /* 4363 * Don't restart startd if the system is rebooting or shutting down. 4364 */ 4365 do { 4366 ret = stat("/etc/svc/volatile/resetting", &sb); 4367 } while (ret == -1 && errno == EINTR); 4368 4369 if (ret == 0) { 4370 if (smf_debug) 4371 console(B_TRUE, "Quiescing for reboot.\n"); 4372 (void) pause(); 4373 return (-1); 4374 } 4375 4376 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4377 if (err == EINVAL) { 4378 console(B_TRUE, "Remake startd_tmpl; reattempt transfer.\n"); 4379 tmpl = startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4380 CT_PR_EV_HWERR, STARTD_COOKIE); 4381 4382 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4383 } 4384 if (err != 0) { 4385 console(B_TRUE, 4386 "Couldn't set transfer parameter of contract template: " 4387 "%s.\n", strerror(err)); 4388 } 4389 4390 if ((err = ct_pr_tmpl_set_svc_fmri(startd_tmpl, 4391 SCF_SERVICE_STARTD)) != 0) 4392 console(B_TRUE, 4393 "Can not set svc_fmri in contract template: %s\n", 4394 strerror(err)); 4395 if ((err = ct_pr_tmpl_set_svc_aux(startd_tmpl, 4396 startd_svc_aux)) != 0) 4397 console(B_TRUE, 4398 "Can not set svc_aux in contract template: %s\n", 4399 strerror(err)); 4400 did_activate = !(ct_tmpl_activate(tmpl)); 4401 if (!did_activate) 4402 console(B_TRUE, 4403 "Template activation failed; not starting \"%s\" in " 4404 "proper contract.\n", cline); 4405 4406 /* Hold SIGCLD so we can wait if necessary. */ 4407 (void) sighold(SIGCLD); 4408 4409 while ((pid = fork()) < 0) { 4410 if (errno == EPERM) { 4411 console(B_TRUE, "Insufficient permission to fork.\n"); 4412 4413 /* Now that's a doozy. */ 4414 exit(1); 4415 } 4416 4417 console(B_TRUE, 4418 "fork() for svc.startd failed: %s. Will retry in 1 " 4419 "second...\n", strerror(errno)); 4420 4421 (void) sleep(1); 4422 4423 /* Eventually give up? */ 4424 } 4425 4426 if (pid == 0) { 4427 /* child */ 4428 4429 /* See the comment in efork() */ 4430 for (i = SIGHUP; i <= SIGRTMAX; ++i) { 4431 if (i == SIGTTOU || i == SIGTTIN || i == SIGTSTP) 4432 (void) sigset(i, SIG_IGN); 4433 else 4434 (void) sigset(i, SIG_DFL); 4435 } 4436 4437 if (smf_options != NULL) { 4438 /* Put smf_options in the environment. */ 4439 glob_envp[glob_envn] = 4440 malloc(sizeof ("SMF_OPTIONS=") - 1 + 4441 strlen(smf_options) + 1); 4442 4443 if (glob_envp[glob_envn] != NULL) { 4444 /* LINTED */ 4445 (void) sprintf(glob_envp[glob_envn], 4446 "SMF_OPTIONS=%s", smf_options); 4447 glob_envp[glob_envn+1] = NULL; 4448 } else { 4449 console(B_TRUE, 4450 "Could not set SMF_OPTIONS (%s).\n", 4451 strerror(errno)); 4452 } 4453 } 4454 4455 if (smf_debug) 4456 console(B_TRUE, "Executing svc.startd\n"); 4457 4458 (void) execle(SH, "INITSH", "-c", cline, NULL, glob_envp); 4459 4460 console(B_TRUE, "Could not exec \"%s\" (%s).\n", SH, 4461 strerror(errno)); 4462 4463 exit(1); 4464 } 4465 4466 /* parent */ 4467 4468 if (did_activate) { 4469 if (legacy_tmpl < 0 || ct_tmpl_activate(legacy_tmpl) != 0) 4470 (void) ct_tmpl_clear(tmpl); 4471 } 4472 4473 /* Clear the old_ctid reference so the kernel can reclaim it. */ 4474 if (old_ctid != 0) 4475 (void) ct_pr_tmpl_set_transfer(tmpl, 0); 4476 4477 (void) sigrelse(SIGCLD); 4478 4479 return (0); 4480 } 4481 4482 /* 4483 * void startd_record_failure(void) 4484 * Place the current time in our circular array of svc.startd failures. 4485 */ 4486 void 4487 startd_record_failure() 4488 { 4489 int index = startd_failure_index++ % NSTARTD_FAILURE_TIMES; 4490 4491 startd_failure_time[index] = gethrtime(); 4492 } 4493 4494 /* 4495 * int startd_failure_rate_critical(void) 4496 * Return true if the average failure interval is less than the permitted 4497 * interval. Implicit success if insufficient measurements for an average 4498 * exist. 4499 */ 4500 int 4501 startd_failure_rate_critical() 4502 { 4503 int n = startd_failure_index; 4504 hrtime_t avg_ns = 0; 4505 4506 if (startd_failure_index < NSTARTD_FAILURE_TIMES) 4507 return (0); 4508 4509 avg_ns = 4510 (startd_failure_time[(n - 1) % NSTARTD_FAILURE_TIMES] - 4511 startd_failure_time[n % NSTARTD_FAILURE_TIMES]) / 4512 NSTARTD_FAILURE_TIMES; 4513 4514 return (avg_ns < STARTD_FAILURE_RATE_NS); 4515 } 4516 4517 /* 4518 * returns string that must be free'd 4519 */ 4520 4521 static char 4522 *audit_boot_msg() 4523 { 4524 char *b, *p; 4525 char desc[] = "booted"; 4526 zoneid_t zid = getzoneid(); 4527 4528 b = malloc(sizeof (desc) + MAXNAMELEN + 3); 4529 if (b == NULL) 4530 return (b); 4531 4532 p = b; 4533 p += strlcpy(p, desc, sizeof (desc)); 4534 if (zid != GLOBAL_ZONEID) { 4535 p += strlcpy(p, ": ", 3); 4536 (void) getzonenamebyid(zid, p, MAXNAMELEN); 4537 } 4538 return (b); 4539 } 4540 4541 /* 4542 * Generate AUE_init_solaris audit record. Return 1 if 4543 * auditing is enabled in case the caller cares. 4544 * 4545 * In the case of userint() or a local zone invocation of 4546 * one_true_init, the process initially contains the audit 4547 * characteristics of the process that invoked init. The first pass 4548 * through here uses those characteristics then for the case of 4549 * one_true_init in a local zone, clears them so subsequent system 4550 * state changes won't be attributed to the person who booted the 4551 * zone. 4552 */ 4553 static int 4554 audit_put_record(int pass_fail, int status, char *msg) 4555 { 4556 adt_session_data_t *ah; 4557 adt_event_data_t *event; 4558 4559 if (!adt_audit_enabled()) 4560 return (0); 4561 4562 /* 4563 * the PROC_DATA picks up the context to tell whether this is 4564 * an attributed record (auid = -2 is unattributed) 4565 */ 4566 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) { 4567 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4568 return (1); 4569 } 4570 event = adt_alloc_event(ah, ADT_init_solaris); 4571 if (event == NULL) { 4572 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4573 (void) adt_end_session(ah); 4574 return (1); 4575 } 4576 event->adt_init_solaris.info = msg; /* NULL is ok here */ 4577 4578 if (adt_put_event(event, pass_fail, status)) { 4579 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4580 (void) adt_end_session(ah); 4581 return (1); 4582 } 4583 adt_free_event(event); 4584 4585 (void) adt_end_session(ah); 4586 4587 return (1); 4588 } 4589