1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * University Copyright- Copyright (c) 1982, 1986, 1988 32 * The Regents of the University of California 33 * All Rights Reserved 34 * 35 * University Acknowledgment- Portions of this document are derived from 36 * software developed by the University of California, Berkeley, and its 37 * contributors. 38 */ 39 40 #pragma ident "%Z%%M% %I% %E% SMI" 41 42 /* 43 * init(1M) is the general process spawning program. Its primary job is to 44 * start and restart svc.startd for smf(5). For backwards-compatibility it also 45 * spawns and respawns processes according to /etc/inittab and the current 46 * run-level. It reads /etc/default/inittab for general configuration. 47 * 48 * To change run-levels the system administrator runs init from the command 49 * line with a level name. init signals svc.startd via libscf and directs the 50 * zone's init (pid 1 in the global zone) what to do by sending it a signal; 51 * these signal numbers are commonly refered to in the code as 'states'. Valid 52 * run-levels are [sS0123456]. Additionally, init can be given directives 53 * [qQabc], which indicate actions to be taken pertaining to /etc/inittab. 54 * 55 * When init processes inittab entries, it finds processes that are to be 56 * spawned at various run-levels. inittab contains the set of the levels for 57 * which each inittab entry is valid. 58 * 59 * State File and Restartability 60 * Premature exit by init(1M) is handled as a special case by the kernel: 61 * init(1M) will be immediately re-executed, retaining its original PID. (PID 62 * 1 in the global zone.) To track the processes it has previously spawned, 63 * as well as other mutable state, init(1M) regularly updates a state file 64 * such that its subsequent invocations have knowledge of its various 65 * dependent processes and duties. 66 * 67 * Process Contracts 68 * We start svc.startd(1M) in a contract and transfer inherited contracts when 69 * restarting it. Everything else is started using the legacy contract 70 * template, and the created contracts are abandoned when they become empty. 71 * 72 * utmpx Entry Handling 73 * Because init(1M) no longer governs the startup process, its knowledge of 74 * when utmpx becomes writable is indirect. However, spawned processes 75 * expect to be constructed with valid utmpx entries. As a result, attempts 76 * to write normal entries will be retried until successful. 77 * 78 * Maintenance Mode 79 * In certain failure scenarios, init(1M) will enter a maintenance mode, in 80 * which it invokes sulogin(1M) to allow the operator an opportunity to 81 * repair the system. Normally, this operation is performed as a 82 * fork(2)-exec(2)-waitpid(3C) sequence with the parent waiting for repair or 83 * diagnosis to be completed. In the cases that fork(2) requests themselves 84 * fail, init(1M) will directly execute sulogin(1M), and allow the kernel to 85 * restart init(1M) on exit from the operator session. 86 * 87 * One scenario where init(1M) enters its maintenance mode is when 88 * svc.startd(1M) begins to fail rapidly, defined as when the average time 89 * between recent failures drops below a given threshold. 90 */ 91 92 #include <sys/contract/process.h> 93 #include <sys/ctfs.h> 94 #include <sys/stat.h> 95 #include <sys/statvfs.h> 96 #include <sys/stropts.h> 97 #include <sys/systeminfo.h> 98 #include <sys/time.h> 99 #include <sys/termios.h> 100 #include <sys/tty.h> 101 #include <sys/types.h> 102 #include <sys/utsname.h> 103 104 #include <bsm/adt_event.h> 105 #include <bsm/libbsm.h> 106 #include <security/pam_appl.h> 107 108 #include <assert.h> 109 #include <ctype.h> 110 #include <dirent.h> 111 #include <errno.h> 112 #include <fcntl.h> 113 #include <libcontract.h> 114 #include <libcontract_priv.h> 115 #include <libintl.h> 116 #include <libscf.h> 117 #include <libscf_priv.h> 118 #include <poll.h> 119 #include <procfs.h> 120 #include <signal.h> 121 #include <stdarg.h> 122 #include <stdio.h> 123 #include <stdio_ext.h> 124 #include <stdlib.h> 125 #include <string.h> 126 #include <strings.h> 127 #include <syslog.h> 128 #include <time.h> 129 #include <ulimit.h> 130 #include <unistd.h> 131 #include <utmpx.h> 132 #include <wait.h> 133 #include <zone.h> 134 #include <ucontext.h> 135 136 #undef sleep 137 138 #define fioctl(p, sptr, cmd) ioctl(fileno(p), sptr, cmd) 139 #define min(a, b) (((a) < (b)) ? (a) : (b)) 140 141 #define TRUE 1 142 #define FALSE 0 143 #define FAILURE -1 144 145 #define UT_LINE_SZ 32 /* Size of a utmpx ut_line field */ 146 147 /* 148 * SLEEPTIME The number of seconds "init" sleeps between wakeups if 149 * nothing else requires this "init" wakeup. 150 */ 151 #define SLEEPTIME (5 * 60) 152 153 /* 154 * MAXCMDL The maximum length of a command string in inittab. 155 */ 156 #define MAXCMDL 512 157 158 /* 159 * EXEC The length of the prefix string added to all comamnds 160 * found in inittab. 161 */ 162 #define EXEC (sizeof ("exec ") - 1) 163 164 /* 165 * TWARN The amount of time between warning signal, SIGTERM, 166 * and the fatal kill signal, SIGKILL. 167 */ 168 #define TWARN 5 169 170 #define id_eq(x, y) ((x[0] == y[0] && x[1] == y[1] && x[2] == y[2] &&\ 171 x[3] == y[3]) ? TRUE : FALSE) 172 173 /* 174 * The kernel's default umask is 022 these days; since some processes inherit 175 * their umask from init, init will set it from CMASK in /etc/default/init. 176 * init gets the default umask from the kernel, it sets it to 022 whenever 177 * it wants to create a file and reverts to CMASK afterwards. 178 */ 179 180 static int cmask; 181 182 /* 183 * The following definitions, concluding with the 'lvls' array, provide a 184 * common mapping between level-name (like 'S'), signal number (state), 185 * run-level mask, and specific properties associated with a run-level. 186 * This array should be accessed using the routines lvlname_to_state(), 187 * lvlname_to_mask(), state_to_mask(), and state_to_flags(). 188 */ 189 190 /* 191 * Correspondence of signals to init actions. 192 */ 193 #define LVLQ SIGHUP 194 #define LVL0 SIGINT 195 #define LVL1 SIGQUIT 196 #define LVL2 SIGILL 197 #define LVL3 SIGTRAP 198 #define LVL4 SIGIOT 199 #define LVL5 SIGEMT 200 #define LVL6 SIGFPE 201 #define SINGLE_USER SIGBUS 202 #define LVLa SIGSEGV 203 #define LVLb SIGSYS 204 #define LVLc SIGPIPE 205 206 /* 207 * Bit Mask for each level. Used to determine legal levels. 208 */ 209 #define MASK0 0x0001 210 #define MASK1 0x0002 211 #define MASK2 0x0004 212 #define MASK3 0x0008 213 #define MASK4 0x0010 214 #define MASK5 0x0020 215 #define MASK6 0x0040 216 #define MASKSU 0x0080 217 #define MASKa 0x0100 218 #define MASKb 0x0200 219 #define MASKc 0x0400 220 221 #define MASK_NUMERIC (MASK0 | MASK1 | MASK2 | MASK3 | MASK4 | MASK5 | MASK6) 222 #define MASK_abc (MASKa | MASKb | MASKc) 223 224 /* 225 * Flags to indicate properties of various states. 226 */ 227 #define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */ 228 229 typedef struct lvl { 230 int lvl_state; 231 int lvl_mask; 232 char lvl_name; 233 int lvl_flags; 234 } lvl_t; 235 236 static lvl_t lvls[] = { 237 { LVLQ, 0, 'Q', 0 }, 238 { LVLQ, 0, 'q', 0 }, 239 { LVL0, MASK0, '0', LSEL_RUNLEVEL }, 240 { LVL1, MASK1, '1', LSEL_RUNLEVEL }, 241 { LVL2, MASK2, '2', LSEL_RUNLEVEL }, 242 { LVL3, MASK3, '3', LSEL_RUNLEVEL }, 243 { LVL4, MASK4, '4', LSEL_RUNLEVEL }, 244 { LVL5, MASK5, '5', LSEL_RUNLEVEL }, 245 { LVL6, MASK6, '6', LSEL_RUNLEVEL }, 246 { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL }, 247 { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL }, 248 { LVLa, MASKa, 'a', 0 }, 249 { LVLb, MASKb, 'b', 0 }, 250 { LVLc, MASKc, 'c', 0 } 251 }; 252 253 #define LVL_NELEMS (sizeof (lvls) / sizeof (lvl_t)) 254 255 /* 256 * Legal action field values. 257 */ 258 #define OFF 0 /* Kill process if on, else ignore */ 259 #define RESPAWN 1 /* Continuously restart process when it dies */ 260 #define ONDEMAND RESPAWN /* Respawn for a, b, c type processes */ 261 #define ONCE 2 /* Start process, do not respawn when dead */ 262 #define WAIT 3 /* Perform once and wait to complete */ 263 #define BOOT 4 /* Start at boot time only */ 264 #define BOOTWAIT 5 /* Start at boot time and wait to complete */ 265 #define POWERFAIL 6 /* Start on powerfail */ 266 #define POWERWAIT 7 /* Start and wait for complete on powerfail */ 267 #define INITDEFAULT 8 /* Default level "init" should start at */ 268 #define SYSINIT 9 /* Actions performed before init speaks */ 269 270 #define M_OFF 0001 271 #define M_RESPAWN 0002 272 #define M_ONDEMAND M_RESPAWN 273 #define M_ONCE 0004 274 #define M_WAIT 0010 275 #define M_BOOT 0020 276 #define M_BOOTWAIT 0040 277 #define M_PF 0100 278 #define M_PWAIT 0200 279 #define M_INITDEFAULT 0400 280 #define M_SYSINIT 01000 281 282 /* States for the inittab parser in getcmd(). */ 283 #define ID 1 284 #define LEVELS 2 285 #define ACTION 3 286 #define COMMAND 4 287 #define COMMENT 5 288 289 /* 290 * Init can be in any of three main states, "normal" mode where it is 291 * processing entries for the lines file in a normal fashion, "boot" mode, 292 * where it is only interested in the boot actions, and "powerfail" mode, 293 * where it is only interested in powerfail related actions. The following 294 * masks declare the legal actions for each mode. 295 */ 296 #define NORMAL_MODES (M_OFF | M_RESPAWN | M_ONCE | M_WAIT) 297 #define BOOT_MODES (M_BOOT | M_BOOTWAIT) 298 #define PF_MODES (M_PF | M_PWAIT) 299 300 struct PROC_TABLE { 301 char p_id[4]; /* Four letter unique id of process */ 302 pid_t p_pid; /* Process id */ 303 short p_count; /* How many respawns of this command in */ 304 /* the current series */ 305 long p_time; /* Start time for a series of respawns */ 306 short p_flags; 307 short p_exit; /* Exit status of a process which died */ 308 }; 309 310 /* 311 * Flags for the "p_flags" word of a PROC_TABLE entry: 312 * 313 * OCCUPIED This slot in init's proc table is in use. 314 * 315 * LIVING Process is alive. 316 * 317 * NOCLEANUP efork() is not allowed to cleanup this entry even 318 * if process is dead. 319 * 320 * NAMED This process has a name, i.e. came from inittab. 321 * 322 * DEMANDREQUEST Process started by a "telinit [abc]" command. Processes 323 * formed this way are respawnable and immune to level 324 * changes as long as their entry exists in inittab. 325 * 326 * TOUCHED Flag used by remv() to determine whether it has looked 327 * at an entry while checking for processes to be killed. 328 * 329 * WARNED Flag used by remv() to mark processes that have been 330 * sent the SIGTERM signal. If they don't die in 5 331 * seconds, they are sent the SIGKILL signal. 332 * 333 * KILLED Flag used by remv() to mark procs that have been sent 334 * the SIGTERM and SIGKILL signals. 335 * 336 * PF_MASK Bitwise or of legal flags, for sanity checking. 337 */ 338 #define OCCUPIED 01 339 #define LIVING 02 340 #define NOCLEANUP 04 341 #define NAMED 010 342 #define DEMANDREQUEST 020 343 #define TOUCHED 040 344 #define WARNED 0100 345 #define KILLED 0200 346 #define PF_MASK 0377 347 348 /* 349 * Respawn limits for processes that are to be respawned: 350 * 351 * SPAWN_INTERVAL The number of seconds over which "init" will try to 352 * respawn a process SPAWN_LIMIT times before it gets mad. 353 * 354 * SPAWN_LIMIT The number of respawns "init" will attempt in 355 * SPAWN_INTERVAL seconds before it generates an 356 * error message and inhibits further tries for 357 * INHIBIT seconds. 358 * 359 * INHIBIT The number of seconds "init" ignores an entry it had 360 * trouble spawning unless a "telinit Q" is received. 361 */ 362 363 #define SPAWN_INTERVAL (2*60) 364 #define SPAWN_LIMIT 10 365 #define INHIBIT (5*60) 366 367 /* 368 * The maximum number of decimal digits for an id_t. (ceil(log10 (max_id))) 369 */ 370 #define ID_MAX_STR_LEN 10 371 372 #define NULLPROC ((struct PROC_TABLE *)(0)) 373 #define NO_ROOM ((struct PROC_TABLE *)(FAILURE)) 374 375 struct CMD_LINE { 376 char c_id[4]; /* Four letter unique id of process to be */ 377 /* affected by action */ 378 short c_levels; /* Mask of legal levels for process */ 379 short c_action; /* Mask for type of action required */ 380 char *c_command; /* Pointer to init command */ 381 }; 382 383 struct pidrec { 384 int pd_type; /* Command type */ 385 pid_t pd_pid; /* pid to add or remove */ 386 }; 387 388 /* 389 * pd_type's 390 */ 391 #define ADDPID 1 392 #define REMPID 2 393 394 static struct pidlist { 395 pid_t pl_pid; /* pid to watch for */ 396 int pl_dflag; /* Flag indicating SIGCLD from this pid */ 397 short pl_exit; /* Exit status of proc */ 398 struct pidlist *pl_next; /* Next in list */ 399 } *Plhead, *Plfree; 400 401 /* 402 * The following structure contains a set of modes for /dev/syscon 403 * and should match the default contents of /etc/ioctl.syscon. 404 */ 405 static struct termios dflt_termios = { 406 BRKINT|ICRNL|IXON|IMAXBEL, /* iflag */ 407 OPOST|ONLCR|TAB3, /* oflag */ 408 CS8|CREAD|B9600, /* cflag */ 409 ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN, /* lflag */ 410 CINTR, CQUIT, CERASE, CKILL, CEOF, 0, 0, 0, 411 0, 0, 0, 0, 0, 0, 0, 0, 412 0, 0, 0 413 }; 414 415 static struct termios stored_syscon_termios; 416 static int write_ioctl = 0; /* Rewrite /etc/ioctl.syscon */ 417 418 static union WAKEUP { 419 struct WAKEFLAGS { 420 unsigned w_usersignal : 1; /* User sent signal to "init" */ 421 unsigned w_childdeath : 1; /* An "init" child died */ 422 unsigned w_powerhit : 1; /* OS experienced powerfail */ 423 } w_flags; 424 int w_mask; 425 } wakeup; 426 427 428 struct init_state { 429 int ist_runlevel; 430 int ist_num_proc; 431 int ist_utmpx_ok; 432 struct PROC_TABLE ist_proc_table[1]; 433 }; 434 435 #define cur_state (g_state->ist_runlevel) 436 #define num_proc (g_state->ist_num_proc) 437 #define proc_table (g_state->ist_proc_table) 438 #define utmpx_ok (g_state->ist_utmpx_ok) 439 440 /* Contract cookies. */ 441 #define ORDINARY_COOKIE 0 442 #define STARTD_COOKIE 1 443 444 445 #ifndef NDEBUG 446 #define bad_error(func, err) { \ 447 (void) fprintf(stderr, "%s:%d: %s() failed with unexpected " \ 448 "error %d. Aborting.\n", __FILE__, __LINE__, (func), (err)); \ 449 abort(); \ 450 } 451 #else 452 #define bad_error(func, err) abort() 453 #endif 454 455 456 /* 457 * Useful file and device names. 458 */ 459 static char *CONSOLE = "/dev/console"; /* Real system console */ 460 static char *INITPIPE_DIR = "/var/run"; 461 static char *INITPIPE = "/var/run/initpipe"; 462 463 #define INIT_STATE_DIR "/etc/svc/volatile" 464 static const char * const init_state_file = INIT_STATE_DIR "/init.state"; 465 static const char * const init_next_state_file = 466 INIT_STATE_DIR "/init-next.state"; 467 468 static const int init_num_proc = 20; /* Initial size of process table. */ 469 470 static char *UTMPX = UTMPX_FILE; /* Snapshot record file */ 471 static char *WTMPX = WTMPX_FILE; /* Long term record file */ 472 static char *INITTAB = "/etc/inittab"; /* Script file for "init" */ 473 static char *SYSTTY = "/dev/systty"; /* System Console */ 474 static char *SYSCON = "/dev/syscon"; /* Virtual System console */ 475 static char *IOCTLSYSCON = "/etc/ioctl.syscon"; /* Last syscon modes */ 476 static char *ENVFILE = "/etc/default/init"; /* Default env. */ 477 static char *SU = "/etc/sulogin"; /* Super-user program for single user */ 478 static char *SH = "/sbin/sh"; /* Standard shell */ 479 480 /* 481 * Default Path. /sbin is included in path only during sysinit phase 482 */ 483 #define DEF_PATH "PATH=/usr/sbin:/usr/bin" 484 #define INIT_PATH "PATH=/sbin:/usr/sbin:/usr/bin" 485 486 static int prior_state; 487 static int prev_state; /* State "init" was in last time it woke */ 488 static int new_state; /* State user wants "init" to go to. */ 489 static int lvlq_received; /* Explicit request to examine state */ 490 static int op_modes = BOOT_MODES; /* Current state of "init" */ 491 static int Gchild = 0; /* Flag to indicate "godchild" died, set in */ 492 /* childeath() and cleared in cleanaux() */ 493 static int Pfd = -1; /* fd to receive pids thru */ 494 static unsigned int spawncnt, pausecnt; 495 static int rsflag; /* Set if a respawn has taken place */ 496 static volatile int time_up; /* Flag set to TRUE by the alarm interrupt */ 497 /* routine each time an alarm interrupt */ 498 /* takes place. */ 499 static int sflg = 0; /* Set if we were booted -s to single user */ 500 static int rflg = 0; /* Set if booted -r, reconfigure devices */ 501 static int bflg = 0; /* Set if booted -b, don't run rc scripts */ 502 static pid_t init_pid; /* PID of "one true" init for current zone */ 503 504 static struct init_state *g_state = NULL; 505 static size_t g_state_sz; 506 static int booting = 1; /* Set while we're booting. */ 507 508 /* 509 * Array for default global environment. 510 */ 511 #define MAXENVENT 24 /* Max number of default env variables + 1 */ 512 /* init can use three itself, so this leaves */ 513 /* 20 for the administrator in ENVFILE. */ 514 static char *glob_envp[MAXENVENT]; /* Array of environment strings */ 515 static int glob_envn; /* Number of environment strings */ 516 517 518 static struct pollfd poll_fds[1]; 519 static int poll_nfds = 0; /* poll_fds is uninitialized */ 520 521 static int legacy_tmpl = -1; /* fd for legacy contract template */ 522 static int startd_tmpl = -1; /* fd for svc.startd's template */ 523 524 static char startd_cline[256] = ""; /* svc.startd's command line */ 525 static int do_restart_startd = 1; /* Whether to restart svc.startd. */ 526 static char *smf_options = NULL; /* Options to give to startd. */ 527 static int smf_debug = 0; /* Messages for debugging smf(5) */ 528 static time_t init_boot_time; /* Substitute for kernel boot time. */ 529 530 #define NSTARTD_FAILURE_TIMES 3 /* trigger after 3 failures */ 531 #define STARTD_FAILURE_RATE_NS 5000000000LL /* 1 failure/5 seconds */ 532 533 static hrtime_t startd_failure_time[NSTARTD_FAILURE_TIMES]; 534 static uint_t startd_failure_index; 535 536 537 static char *prog_name(char *); 538 static int state_to_mask(int); 539 static int lvlname_to_mask(char, int *); 540 static void lscf_set_runlevel(char); 541 static int state_to_flags(int); 542 static char state_to_name(int); 543 static int lvlname_to_state(char); 544 static int getcmd(struct CMD_LINE *, char *); 545 static int realcon(); 546 static int spawn_processes(); 547 static int get_ioctl_syscon(); 548 static int account(short, struct PROC_TABLE *, char *); 549 static void alarmclk(); 550 static void childeath(int); 551 static void cleanaux(); 552 static void clearent(pid_t, short); 553 static void console(boolean_t, char *, ...); 554 static void init_signals(void); 555 static void setup_pipe(); 556 static void killproc(pid_t); 557 static void init_env(); 558 static void boot_init(); 559 static void powerfail(); 560 static void remv(); 561 static void write_ioctl_syscon(); 562 static void spawn(struct PROC_TABLE *, struct CMD_LINE *); 563 static void setimer(int); 564 static void siglvl(int, siginfo_t *, ucontext_t *); 565 static void sigpoll(int); 566 static void enter_maintenance(void); 567 static void timer(int); 568 static void userinit(int, char **); 569 static void notify_pam_dead(struct utmpx *); 570 static long waitproc(struct PROC_TABLE *); 571 static struct PROC_TABLE *efork(int, struct PROC_TABLE *, int); 572 static struct PROC_TABLE *findpslot(struct CMD_LINE *); 573 static void increase_proc_table_size(); 574 static void st_init(); 575 static void st_write(); 576 static void contracts_init(); 577 static void contract_event(struct pollfd *); 578 static int startd_run(const char *, int, ctid_t); 579 static void startd_record_failure(); 580 static int startd_failure_rate_critical(); 581 static char *audit_boot_msg(); 582 static int audit_put_record(int, int, char *); 583 static void update_boot_archive(int new_state); 584 585 int 586 main(int argc, char *argv[]) 587 { 588 int chg_lvl_flag = FALSE, print_banner = FALSE; 589 int may_need_audit = 1; 590 int c; 591 char *msg; 592 593 /* Get a timestamp for use as boot time, if needed. */ 594 (void) time(&init_boot_time); 595 596 /* Get the default umask */ 597 cmask = umask(022); 598 (void) umask(cmask); 599 600 /* Parse the arguments to init. Check for single user */ 601 opterr = 0; 602 while ((c = getopt(argc, argv, "brsm:")) != EOF) { 603 switch (c) { 604 case 'b': 605 rflg = 0; 606 bflg = 1; 607 if (!sflg) 608 sflg++; 609 break; 610 case 'r': 611 bflg = 0; 612 rflg++; 613 break; 614 case 's': 615 if (!bflg) 616 sflg++; 617 break; 618 case 'm': 619 smf_options = optarg; 620 smf_debug = (strstr(smf_options, "debug") != NULL); 621 break; 622 } 623 } 624 625 /* 626 * Determine if we are the main init, or a user invoked init, whose job 627 * it is to inform init to change levels or perform some other action. 628 */ 629 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 630 sizeof (init_pid)) != sizeof (init_pid)) { 631 (void) fprintf(stderr, "could not get pid for init\n"); 632 return (1); 633 } 634 635 /* 636 * If this PID is not the same as the "true" init for the zone, then we 637 * must be in 'user' mode. 638 */ 639 if (getpid() != init_pid) { 640 userinit(argc, argv); 641 } 642 643 if (getzoneid() != GLOBAL_ZONEID) { 644 print_banner = TRUE; 645 } 646 647 /* 648 * Initialize state (and set "booting"). 649 */ 650 st_init(); 651 652 if (booting && print_banner) { 653 struct utsname un; 654 char buf[BUFSIZ], *isa; 655 long ret; 656 int bits = 32; 657 658 /* 659 * We want to print the boot banner as soon as 660 * possible. In the global zone, the kernel does it, 661 * but we do not have that luxury in non-global zones, 662 * so we will print it here. 663 */ 664 (void) uname(&un); 665 ret = sysinfo(SI_ISALIST, buf, sizeof (buf)); 666 if (ret != -1L && ret <= sizeof (buf)) { 667 for (isa = strtok(buf, " "); isa; 668 isa = strtok(NULL, " ")) { 669 if (strcmp(isa, "sparcv9") == 0 || 670 strcmp(isa, "amd64") == 0) { 671 bits = 64; 672 break; 673 } 674 } 675 } 676 677 console(B_FALSE, 678 "\n\n%s Release %s Version %s %d-bit\r\n", 679 un.sysname, un.release, un.version, bits); 680 console(B_FALSE, 681 "Copyright 1983-2008 Sun Microsystems, Inc. " 682 " All rights reserved.\r\n"); 683 console(B_FALSE, 684 "Use is subject to license terms.\r\n"); 685 } 686 687 /* 688 * Get the ioctl settings for /dev/syscon from /etc/ioctl.syscon 689 * so that it can be brought up in the state it was in when the 690 * system went down; or set to defaults if ioctl.syscon isn't 691 * valid. 692 * 693 * This needs to be done even if we're restarting so reset_modes() 694 * will work in case we need to go down to single user mode. 695 */ 696 write_ioctl = get_ioctl_syscon(); 697 698 /* 699 * Set up all signals to be caught or ignored as appropriate. 700 */ 701 init_signals(); 702 703 /* Load glob_envp from ENVFILE. */ 704 init_env(); 705 706 contracts_init(); 707 708 if (!booting) { 709 /* cur_state should have been read in. */ 710 711 op_modes = NORMAL_MODES; 712 713 /* Rewrite the ioctl file if it was bad. */ 714 if (write_ioctl) 715 write_ioctl_syscon(); 716 } else { 717 /* 718 * It's fine to boot up with state as zero, because 719 * startd will later tell us the real state. 720 */ 721 cur_state = 0; 722 op_modes = BOOT_MODES; 723 724 boot_init(); 725 } 726 727 prev_state = prior_state = cur_state; 728 729 setup_pipe(); 730 731 /* 732 * Here is the beginning of the main process loop. 733 */ 734 for (;;) { 735 if (lvlq_received) { 736 setup_pipe(); 737 lvlq_received = B_FALSE; 738 } 739 740 /* 741 * Clean up any accounting records for dead "godchildren". 742 */ 743 if (Gchild) 744 cleanaux(); 745 746 /* 747 * If in "normal" mode, check all living processes and initiate 748 * kill sequence on those that should not be there anymore. 749 */ 750 if (op_modes == NORMAL_MODES && cur_state != LVLa && 751 cur_state != LVLb && cur_state != LVLc) 752 remv(); 753 754 /* 755 * If a change in run levels is the reason we awoke, now do 756 * the accounting to report the change in the utmp file. 757 * Also report the change on the system console. 758 */ 759 if (chg_lvl_flag) { 760 chg_lvl_flag = FALSE; 761 762 if (state_to_flags(cur_state) & LSEL_RUNLEVEL) { 763 char rl = state_to_name(cur_state); 764 765 if (rl != -1) 766 lscf_set_runlevel(rl); 767 } 768 769 may_need_audit = 1; 770 } 771 772 /* 773 * Scan the inittab file and spawn and respawn processes that 774 * should be alive in the current state. If inittab does not 775 * exist default to single user mode. 776 */ 777 if (spawn_processes() == FAILURE) { 778 prior_state = prev_state; 779 cur_state = SINGLE_USER; 780 } 781 782 /* If any respawns occurred, take note. */ 783 if (rsflag) { 784 rsflag = 0; 785 spawncnt++; 786 } 787 788 /* 789 * If a powerfail signal was received during the last 790 * sequence, set mode to powerfail. When spawn_processes() is 791 * entered the first thing it does is to check "powerhit". If 792 * it is in PF_MODES then it clears "powerhit" and does 793 * a powerfail sequence. If it is not in PF_MODES, then it 794 * puts itself in PF_MODES and then clears "powerhit". Should 795 * "powerhit" get set again while spawn_processes() is working 796 * on a powerfail sequence, the following code will see that 797 * spawn_processes() tries to execute the powerfail sequence 798 * again. This guarantees that the powerfail sequence will be 799 * successfully completed before further processing takes 800 * place. 801 */ 802 if (wakeup.w_flags.w_powerhit) { 803 op_modes = PF_MODES; 804 /* 805 * Make sure that cur_state != prev_state so that 806 * ONCE and WAIT types work. 807 */ 808 prev_state = 0; 809 } else if (op_modes != NORMAL_MODES) { 810 /* 811 * If spawn_processes() was not just called while in 812 * normal mode, we set the mode to normal and it will 813 * be called again to check normal modes. If we have 814 * just finished a powerfail sequence with prev_state 815 * equal to zero, we set prev_state equal to cur_state 816 * before the next pass through. 817 */ 818 if (op_modes == PF_MODES) 819 prev_state = cur_state; 820 op_modes = NORMAL_MODES; 821 } else if (cur_state == LVLa || cur_state == LVLb || 822 cur_state == LVLc) { 823 /* 824 * If it was a change of levels that awakened us and the 825 * new level is one of the demand levels then reset 826 * cur_state to the previous state and do another scan 827 * to take care of the usual respawn actions. 828 */ 829 cur_state = prior_state; 830 prior_state = prev_state; 831 prev_state = cur_state; 832 } else { 833 prev_state = cur_state; 834 835 if (wakeup.w_mask == 0) { 836 int ret; 837 838 if (may_need_audit && (cur_state == LVL3)) { 839 msg = audit_boot_msg(); 840 841 may_need_audit = 0; 842 (void) audit_put_record(ADT_SUCCESS, 843 ADT_SUCCESS, msg); 844 free(msg); 845 } 846 847 /* 848 * "init" is finished with all actions for 849 * the current wakeup. 850 */ 851 ret = poll(poll_fds, poll_nfds, 852 SLEEPTIME * MILLISEC); 853 pausecnt++; 854 if (ret > 0) 855 contract_event(&poll_fds[0]); 856 else if (ret < 0 && errno != EINTR) 857 console(B_TRUE, "poll() error: %s\n", 858 strerror(errno)); 859 } 860 861 if (wakeup.w_flags.w_usersignal) { 862 /* 863 * Install the new level. This could be a real 864 * change in levels or a telinit [Q|a|b|c] or 865 * just a telinit to the same level at which 866 * we are running. 867 */ 868 if (new_state != cur_state) { 869 if (new_state == LVLa || 870 new_state == LVLb || 871 new_state == LVLc) { 872 prev_state = prior_state; 873 prior_state = cur_state; 874 cur_state = new_state; 875 } else { 876 prev_state = cur_state; 877 if (cur_state >= 0) 878 prior_state = cur_state; 879 cur_state = new_state; 880 chg_lvl_flag = TRUE; 881 } 882 } 883 884 new_state = 0; 885 } 886 887 if (wakeup.w_flags.w_powerhit) 888 op_modes = PF_MODES; 889 890 /* 891 * Clear all wakeup reasons. 892 */ 893 wakeup.w_mask = 0; 894 } 895 } 896 897 /*NOTREACHED*/ 898 } 899 900 static void 901 update_boot_archive(int new_state) 902 { 903 if (new_state != LVL0 && new_state != LVL5 && new_state != LVL6) 904 return; 905 906 if (getzoneid() != GLOBAL_ZONEID) 907 return; 908 909 (void) system("/sbin/bootadm -a update_all"); 910 } 911 912 /* 913 * void enter_maintenance() 914 * A simple invocation of sulogin(1M), with no baggage, in the case that we 915 * are unable to activate svc.startd(1M). We fork; the child runs sulogin; 916 * we wait for it to exit. 917 */ 918 static void 919 enter_maintenance() 920 { 921 struct PROC_TABLE *su_process; 922 923 console(B_FALSE, "Requesting maintenance mode\n" 924 "(See /lib/svc/share/README for additional information.)\n"); 925 (void) sigset(SIGCLD, SIG_DFL); 926 while ((su_process = efork(M_OFF, NULLPROC, NOCLEANUP)) == NO_ROOM) 927 (void) pause(); 928 (void) sigset(SIGCLD, childeath); 929 if (su_process == NULLPROC) { 930 int fd; 931 932 (void) fclose(stdin); 933 (void) fclose(stdout); 934 (void) fclose(stderr); 935 closefrom(0); 936 937 fd = open(SYSCON, O_RDWR | O_NOCTTY); 938 if (fd >= 0) { 939 (void) dup2(fd, 1); 940 (void) dup2(fd, 2); 941 } else { 942 /* 943 * Need to issue an error message somewhere. 944 */ 945 syslog(LOG_CRIT, "init[%d]: cannot open %s; %s\n", 946 getpid(), SYSCON, strerror(errno)); 947 } 948 949 /* 950 * Execute the "su" program. 951 */ 952 (void) execle(SU, SU, "-", (char *)0, glob_envp); 953 console(B_TRUE, "execle of %s failed: %s\n", SU, 954 strerror(errno)); 955 timer(5); 956 exit(1); 957 } 958 959 /* 960 * If we are the parent, wait around for the child to die 961 * or for "init" to be signaled to change levels. 962 */ 963 while (waitproc(su_process) == FAILURE) { 964 /* 965 * All other reasons for waking are ignored when in 966 * single-user mode. The only child we are interested 967 * in is being waited for explicitly by waitproc(). 968 */ 969 wakeup.w_mask = 0; 970 } 971 } 972 973 /* 974 * remv() scans through "proc_table" and performs cleanup. If 975 * there is a process in the table, which shouldn't be here at 976 * the current run level, then remv() kills the process. 977 */ 978 static void 979 remv() 980 { 981 struct PROC_TABLE *process; 982 struct CMD_LINE cmd; 983 char cmd_string[MAXCMDL]; 984 int change_level; 985 986 change_level = (cur_state != prev_state ? TRUE : FALSE); 987 988 /* 989 * Clear the TOUCHED flag on all entries so that when we have 990 * finished scanning inittab, we will be able to tell if we 991 * have any processes for which there is no entry in inittab. 992 */ 993 for (process = proc_table; 994 (process < proc_table + num_proc); process++) { 995 process->p_flags &= ~TOUCHED; 996 } 997 998 /* 999 * Scan all inittab entries. 1000 */ 1001 while (getcmd(&cmd, &cmd_string[0]) == TRUE) { 1002 /* Scan for process which goes with this entry in inittab. */ 1003 for (process = proc_table; 1004 (process < proc_table + num_proc); process++) { 1005 if ((process->p_flags & OCCUPIED) == 0 || 1006 !id_eq(process->p_id, cmd.c_id)) 1007 continue; 1008 1009 /* 1010 * This slot contains the process we are looking for. 1011 */ 1012 1013 /* 1014 * Is the cur_state SINGLE_USER or is this process 1015 * marked as "off" or was this proc started by some 1016 * mechanism other than LVL{a|b|c} and the current level 1017 * does not support this process? 1018 */ 1019 if (cur_state == SINGLE_USER || 1020 cmd.c_action == M_OFF || 1021 ((cmd.c_levels & state_to_mask(cur_state)) == 0 && 1022 (process->p_flags & DEMANDREQUEST) == 0)) { 1023 if (process->p_flags & LIVING) { 1024 /* 1025 * Touch this entry so we know we have 1026 * treated it. Note that procs which 1027 * are already dead at this point and 1028 * should not be restarted are left 1029 * untouched. This causes their slot to 1030 * be freed later after dead accounting 1031 * is done. 1032 */ 1033 process->p_flags |= TOUCHED; 1034 1035 if ((process->p_flags & KILLED) == 0) { 1036 if (change_level) { 1037 process->p_flags 1038 |= WARNED; 1039 (void) kill( 1040 process->p_pid, 1041 SIGTERM); 1042 } else { 1043 /* 1044 * Fork a killing proc 1045 * so "init" can 1046 * continue without 1047 * having to pause for 1048 * TWARN seconds. 1049 */ 1050 killproc( 1051 process->p_pid); 1052 } 1053 process->p_flags |= KILLED; 1054 } 1055 } 1056 } else { 1057 /* 1058 * Process can exist at current level. If it is 1059 * still alive or a DEMANDREQUEST we touch it so 1060 * it will be left alone. Otherwise we leave it 1061 * untouched so it will be accounted for and 1062 * cleaned up later in remv(). Dead 1063 * DEMANDREQUESTs will be accounted but not 1064 * freed. 1065 */ 1066 if (process->p_flags & 1067 (LIVING|NOCLEANUP|DEMANDREQUEST)) 1068 process->p_flags |= TOUCHED; 1069 } 1070 1071 break; 1072 } 1073 } 1074 1075 st_write(); 1076 1077 /* 1078 * If this was a change of levels call, scan through the 1079 * process table for processes that were warned to die. If any 1080 * are found that haven't left yet, sleep for TWARN seconds and 1081 * then send final terminations to any that haven't died yet. 1082 */ 1083 if (change_level) { 1084 1085 /* 1086 * Set the alarm for TWARN seconds on the assumption 1087 * that there will be some that need to be waited for. 1088 * This won't harm anything except we are guaranteed to 1089 * wakeup in TWARN seconds whether we need to or not. 1090 */ 1091 setimer(TWARN); 1092 1093 /* 1094 * Scan for processes which should be dying. We hope they 1095 * will die without having to be sent a SIGKILL signal. 1096 */ 1097 for (process = proc_table; 1098 (process < proc_table + num_proc); process++) { 1099 /* 1100 * If this process should die, hasn't yet, and the 1101 * TWARN time hasn't expired yet, wait for process 1102 * to die or for timer to expire. 1103 */ 1104 while (time_up == FALSE && 1105 (process->p_flags & (WARNED|LIVING|OCCUPIED)) == 1106 (WARNED|LIVING|OCCUPIED)) 1107 (void) pause(); 1108 1109 if (time_up == TRUE) 1110 break; 1111 } 1112 1113 /* 1114 * If we reached the end of the table without the timer 1115 * expiring, then there are no procs which will have to be 1116 * sent the SIGKILL signal. If the timer has expired, then 1117 * it is necessary to scan the table again and send signals 1118 * to all processes which aren't going away nicely. 1119 */ 1120 if (time_up == TRUE) { 1121 for (process = proc_table; 1122 (process < proc_table + num_proc); process++) { 1123 if ((process->p_flags & 1124 (WARNED|LIVING|OCCUPIED)) == 1125 (WARNED|LIVING|OCCUPIED)) 1126 (void) kill(process->p_pid, SIGKILL); 1127 } 1128 } 1129 setimer(0); 1130 } 1131 1132 /* 1133 * Rescan the proc_table for two kinds of entry, those marked LIVING, 1134 * NAMED, which don't have an entry in inittab (haven't been TOUCHED 1135 * by the above scanning), and haven't been sent kill signals, and 1136 * those entries marked not LIVING, NAMED. The former procs are killed. 1137 * The latter have DEAD_PROCESS accounting done and the slot cleared. 1138 */ 1139 for (process = proc_table; 1140 (process < proc_table + num_proc); process++) { 1141 if ((process->p_flags & (LIVING|NAMED|TOUCHED|KILLED|OCCUPIED)) 1142 == (LIVING|NAMED|OCCUPIED)) { 1143 killproc(process->p_pid); 1144 process->p_flags |= KILLED; 1145 } else if ((process->p_flags & (LIVING|NAMED|OCCUPIED)) == 1146 (NAMED|OCCUPIED)) { 1147 (void) account(DEAD_PROCESS, process, NULL); 1148 /* 1149 * If this named proc hasn't been TOUCHED, then free the 1150 * space. It has either died of it's own accord, but 1151 * isn't respawnable or it was killed because it 1152 * shouldn't exist at this level. 1153 */ 1154 if ((process->p_flags & TOUCHED) == 0) 1155 process->p_flags = 0; 1156 } 1157 } 1158 1159 st_write(); 1160 } 1161 1162 /* 1163 * Extract the svc.startd command line and whether to restart it from its 1164 * inittab entry. 1165 */ 1166 /*ARGSUSED*/ 1167 static void 1168 process_startd_line(struct CMD_LINE *cmd, char *cmd_string) 1169 { 1170 size_t sz; 1171 1172 /* Save the command line. */ 1173 if (sflg || rflg) { 1174 /* Also append -r or -s. */ 1175 (void) strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1176 (void) strlcat(startd_cline, " -", sizeof (startd_cline)); 1177 if (sflg) 1178 sz = strlcat(startd_cline, "s", sizeof (startd_cline)); 1179 if (rflg) 1180 sz = strlcat(startd_cline, "r", sizeof (startd_cline)); 1181 } else { 1182 sz = strlcpy(startd_cline, cmd_string, sizeof (startd_cline)); 1183 } 1184 1185 if (sz >= sizeof (startd_cline)) { 1186 console(B_TRUE, 1187 "svc.startd command line too long. Ignoring.\n"); 1188 startd_cline[0] = '\0'; 1189 return; 1190 } 1191 } 1192 1193 /* 1194 * spawn_processes() scans inittab for entries which should be run at this 1195 * mode. Processes which should be running but are not, are started. 1196 */ 1197 static int 1198 spawn_processes() 1199 { 1200 struct PROC_TABLE *pp; 1201 struct CMD_LINE cmd; 1202 char cmd_string[MAXCMDL]; 1203 short lvl_mask; 1204 int status; 1205 1206 /* 1207 * First check the "powerhit" flag. If it is set, make sure the modes 1208 * are PF_MODES and clear the "powerhit" flag. Avoid the possible race 1209 * on the "powerhit" flag by disallowing a new powerfail interrupt 1210 * between the test of the powerhit flag and the clearing of it. 1211 */ 1212 if (wakeup.w_flags.w_powerhit) { 1213 wakeup.w_flags.w_powerhit = 0; 1214 op_modes = PF_MODES; 1215 } 1216 lvl_mask = state_to_mask(cur_state); 1217 1218 /* 1219 * Scan through all the entries in inittab. 1220 */ 1221 while ((status = getcmd(&cmd, &cmd_string[0])) == TRUE) { 1222 if (id_eq(cmd.c_id, "smf")) { 1223 process_startd_line(&cmd, cmd_string); 1224 continue; 1225 } 1226 1227 retry_for_proc_slot: 1228 1229 /* 1230 * Find out if there is a process slot for this entry already. 1231 */ 1232 if ((pp = findpslot(&cmd)) == NULLPROC) { 1233 /* 1234 * we've run out of proc table entries 1235 * increase proc_table. 1236 */ 1237 increase_proc_table_size(); 1238 1239 /* 1240 * Retry now as we have an empty proc slot. 1241 * In case increase_proc_table_size() fails, 1242 * we will keep retrying. 1243 */ 1244 goto retry_for_proc_slot; 1245 } 1246 1247 /* 1248 * If there is an entry, and it is marked as DEMANDREQUEST, 1249 * one of the levels a, b, or c is in its levels mask, and 1250 * the action field is ONDEMAND and ONDEMAND is a permissable 1251 * mode, and the process is dead, then respawn it. 1252 */ 1253 if (((pp->p_flags & (LIVING|DEMANDREQUEST)) == DEMANDREQUEST) && 1254 (cmd.c_levels & MASK_abc) && 1255 (cmd.c_action & op_modes) == M_ONDEMAND) { 1256 spawn(pp, &cmd); 1257 continue; 1258 } 1259 1260 /* 1261 * If the action is not an action we are interested in, 1262 * skip the entry. 1263 */ 1264 if ((cmd.c_action & op_modes) == 0 || pp->p_flags & LIVING || 1265 (cmd.c_levels & lvl_mask) == 0) 1266 continue; 1267 1268 /* 1269 * If the modes are the normal modes (ONCE, WAIT, RESPAWN, OFF, 1270 * ONDEMAND) and the action field is either OFF or the action 1271 * field is ONCE or WAIT and the current level is the same as 1272 * the last level, then skip this entry. ONCE and WAIT only 1273 * get run when the level changes. 1274 */ 1275 if (op_modes == NORMAL_MODES && 1276 (cmd.c_action == M_OFF || 1277 (cmd.c_action & (M_ONCE|M_WAIT)) && 1278 cur_state == prev_state)) 1279 continue; 1280 1281 /* 1282 * At this point we are interested in performing the action for 1283 * this entry. Actions fall into two categories, spinning off 1284 * a process and not waiting, and spinning off a process and 1285 * waiting for it to die. If the action is ONCE, RESPAWN, 1286 * ONDEMAND, POWERFAIL, or BOOT we don't wait for the process 1287 * to die, for all other actions we do wait. 1288 */ 1289 if (cmd.c_action & (M_ONCE | M_RESPAWN | M_PF | M_BOOT)) { 1290 spawn(pp, &cmd); 1291 1292 } else { 1293 spawn(pp, &cmd); 1294 while (waitproc(pp) == FAILURE); 1295 (void) account(DEAD_PROCESS, pp, NULL); 1296 pp->p_flags = 0; 1297 } 1298 } 1299 return (status); 1300 } 1301 1302 /* 1303 * spawn() spawns a shell, inserts the information about the process 1304 * process into the proc_table, and does the startup accounting. 1305 */ 1306 static void 1307 spawn(struct PROC_TABLE *process, struct CMD_LINE *cmd) 1308 { 1309 int i; 1310 int modes, maxfiles; 1311 time_t now; 1312 struct PROC_TABLE tmproc, *oprocess; 1313 1314 /* 1315 * The modes to be sent to efork() are 0 unless we are 1316 * spawning a LVLa, LVLb, or LVLc entry or we will be 1317 * waiting for the death of the child before continuing. 1318 */ 1319 modes = NAMED; 1320 if (process->p_flags & DEMANDREQUEST || cur_state == LVLa || 1321 cur_state == LVLb || cur_state == LVLc) 1322 modes |= DEMANDREQUEST; 1323 if ((cmd->c_action & (M_SYSINIT | M_WAIT | M_BOOTWAIT | M_PWAIT)) != 0) 1324 modes |= NOCLEANUP; 1325 1326 /* 1327 * If this is a respawnable process, check the threshold 1328 * information to avoid excessive respawns. 1329 */ 1330 if (cmd->c_action & M_RESPAWN) { 1331 /* 1332 * Add NOCLEANUP to all respawnable commands so that the 1333 * information about the frequency of respawns isn't lost. 1334 */ 1335 modes |= NOCLEANUP; 1336 (void) time(&now); 1337 1338 /* 1339 * If no time is assigned, then this is the first time 1340 * this command is being processed in this series. Assign 1341 * the current time. 1342 */ 1343 if (process->p_time == 0L) 1344 process->p_time = now; 1345 1346 if (process->p_count++ == SPAWN_LIMIT) { 1347 1348 if ((now - process->p_time) < SPAWN_INTERVAL) { 1349 /* 1350 * Process is respawning too rapidly. Print 1351 * message and refuse to respawn it for now. 1352 */ 1353 console(B_TRUE, "Command is respawning too " 1354 "rapidly. Check for possible errors.\n" 1355 "id:%4s \"%s\"\n", 1356 &cmd->c_id[0], &cmd->c_command[EXEC]); 1357 return; 1358 } 1359 process->p_time = now; 1360 process->p_count = 0; 1361 1362 } else if (process->p_count > SPAWN_LIMIT) { 1363 /* 1364 * If process has been respawning too rapidly and 1365 * the inhibit time limit hasn't expired yet, we 1366 * refuse to respawn. 1367 */ 1368 if (now - process->p_time < SPAWN_INTERVAL + INHIBIT) 1369 return; 1370 process->p_time = now; 1371 process->p_count = 0; 1372 } 1373 rsflag = TRUE; 1374 } 1375 1376 /* 1377 * Spawn a child process to execute this command. 1378 */ 1379 (void) sigset(SIGCLD, SIG_DFL); 1380 oprocess = process; 1381 while ((process = efork(cmd->c_action, oprocess, modes)) == NO_ROOM) 1382 (void) pause(); 1383 1384 if (process == NULLPROC) { 1385 1386 /* 1387 * We are the child. We must make sure we get a different 1388 * file pointer for our references to utmpx. Otherwise our 1389 * seeks and reads will compete with those of the parent. 1390 */ 1391 endutxent(); 1392 1393 /* 1394 * Perform the accounting for the beginning of a process. 1395 * Note that all processes are initially "INIT_PROCESS"es. 1396 */ 1397 tmproc.p_id[0] = cmd->c_id[0]; 1398 tmproc.p_id[1] = cmd->c_id[1]; 1399 tmproc.p_id[2] = cmd->c_id[2]; 1400 tmproc.p_id[3] = cmd->c_id[3]; 1401 tmproc.p_pid = getpid(); 1402 tmproc.p_exit = 0; 1403 (void) account(INIT_PROCESS, &tmproc, 1404 prog_name(&cmd->c_command[EXEC])); 1405 maxfiles = ulimit(UL_GDESLIM, 0); 1406 for (i = 0; i < maxfiles; i++) 1407 (void) fcntl(i, F_SETFD, FD_CLOEXEC); 1408 1409 /* 1410 * Now exec a shell with the -c option and the command 1411 * from inittab. 1412 */ 1413 (void) execle(SH, "INITSH", "-c", cmd->c_command, (char *)0, 1414 glob_envp); 1415 console(B_TRUE, "Command\n\"%s\"\n failed to execute. errno " 1416 "= %d (exec of shell failed)\n", cmd->c_command, errno); 1417 1418 /* 1419 * Don't come back so quickly that "init" doesn't have a 1420 * chance to finish putting this child in "proc_table". 1421 */ 1422 timer(20); 1423 exit(1); 1424 1425 } 1426 1427 /* 1428 * We are the parent. Insert the necessary 1429 * information in the proc_table. 1430 */ 1431 process->p_id[0] = cmd->c_id[0]; 1432 process->p_id[1] = cmd->c_id[1]; 1433 process->p_id[2] = cmd->c_id[2]; 1434 process->p_id[3] = cmd->c_id[3]; 1435 1436 st_write(); 1437 1438 (void) sigset(SIGCLD, childeath); 1439 } 1440 1441 /* 1442 * findpslot() finds the old slot in the process table for the 1443 * command with the same id, or it finds an empty slot. 1444 */ 1445 static struct PROC_TABLE * 1446 findpslot(struct CMD_LINE *cmd) 1447 { 1448 struct PROC_TABLE *process; 1449 struct PROC_TABLE *empty = NULLPROC; 1450 1451 for (process = proc_table; 1452 (process < proc_table + num_proc); process++) { 1453 if (process->p_flags & OCCUPIED && 1454 id_eq(process->p_id, cmd->c_id)) 1455 break; 1456 1457 /* 1458 * If the entry is totally empty and "empty" is still 0, 1459 * remember where this hole is and make sure the slot is 1460 * zeroed out. 1461 */ 1462 if (empty == NULLPROC && (process->p_flags & OCCUPIED) == 0) { 1463 empty = process; 1464 process->p_id[0] = '\0'; 1465 process->p_id[1] = '\0'; 1466 process->p_id[2] = '\0'; 1467 process->p_id[3] = '\0'; 1468 process->p_pid = 0; 1469 process->p_time = 0L; 1470 process->p_count = 0; 1471 process->p_flags = 0; 1472 process->p_exit = 0; 1473 } 1474 } 1475 1476 /* 1477 * If there is no entry for this slot, then there should be an 1478 * empty slot. If there is no empty slot, then we've run out 1479 * of proc_table space. If the latter is true, empty will be 1480 * NULL and the caller will have to complain. 1481 */ 1482 if (process == (proc_table + num_proc)) 1483 process = empty; 1484 1485 return (process); 1486 } 1487 1488 /* 1489 * getcmd() parses lines from inittab. Each time it finds a command line 1490 * it will return TRUE as well as fill the passed CMD_LINE structure and 1491 * the shell command string. When the end of inittab is reached, FALSE 1492 * is returned inittab is automatically opened if it is not currently open 1493 * and is closed when the end of the file is reached. 1494 */ 1495 static FILE *fp_inittab = NULL; 1496 1497 static int 1498 getcmd(struct CMD_LINE *cmd, char *shcmd) 1499 { 1500 char *ptr; 1501 int c, lastc, state; 1502 char *ptr1; 1503 int answer, i, proceed; 1504 struct stat sbuf; 1505 static char *actions[] = { 1506 "off", "respawn", "ondemand", "once", "wait", "boot", 1507 "bootwait", "powerfail", "powerwait", "initdefault", 1508 "sysinit", 1509 }; 1510 static short act_masks[] = { 1511 M_OFF, M_RESPAWN, M_ONDEMAND, M_ONCE, M_WAIT, M_BOOT, 1512 M_BOOTWAIT, M_PF, M_PWAIT, M_INITDEFAULT, M_SYSINIT, 1513 }; 1514 /* 1515 * Only these actions will be allowed for entries which 1516 * are specified for single-user mode. 1517 */ 1518 short su_acts = M_INITDEFAULT | M_PF | M_PWAIT | M_WAIT; 1519 1520 if (fp_inittab == NULL) { 1521 /* 1522 * Before attempting to open inittab we stat it to make 1523 * sure it currently exists and is not empty. We try 1524 * several times because someone may have temporarily 1525 * unlinked or truncated the file. 1526 */ 1527 for (i = 0; i < 3; i++) { 1528 if (stat(INITTAB, &sbuf) == -1) { 1529 if (i == 2) { 1530 console(B_TRUE, 1531 "Cannot stat %s, errno: %d\n", 1532 INITTAB, errno); 1533 return (FAILURE); 1534 } else { 1535 timer(3); 1536 } 1537 } else if (sbuf.st_size < 10) { 1538 if (i == 2) { 1539 console(B_TRUE, 1540 "%s truncated or corrupted\n", 1541 INITTAB); 1542 return (FAILURE); 1543 } else { 1544 timer(3); 1545 } 1546 } else { 1547 break; 1548 } 1549 } 1550 1551 /* 1552 * If unable to open inittab, print error message and 1553 * return FAILURE to caller. 1554 */ 1555 if ((fp_inittab = fopen(INITTAB, "r")) == NULL) { 1556 console(B_TRUE, "Cannot open %s errno: %d\n", INITTAB, 1557 errno); 1558 return (FAILURE); 1559 } 1560 } 1561 1562 /* 1563 * Keep getting commands from inittab until you find a 1564 * good one or run out of file. 1565 */ 1566 for (answer = FALSE; answer == FALSE; ) { 1567 /* 1568 * Zero out the cmd itself before trying next line. 1569 */ 1570 bzero(cmd, sizeof (struct CMD_LINE)); 1571 1572 /* 1573 * Read in lines of inittab, parsing at colons, until a line is 1574 * read in which doesn't end with a backslash. Do not start if 1575 * the first character read is an EOF. Note that this means 1576 * that lines which don't end in a newline are still processed, 1577 * since the "for" will terminate normally once started, 1578 * regardless of whether line terminates with a newline or EOF. 1579 */ 1580 state = FAILURE; 1581 if ((c = fgetc(fp_inittab)) == EOF) { 1582 answer = FALSE; 1583 (void) fclose(fp_inittab); 1584 fp_inittab = NULL; 1585 break; 1586 } 1587 1588 for (proceed = TRUE, ptr = shcmd, state = ID, lastc = '\0'; 1589 proceed && c != EOF; 1590 lastc = c, c = fgetc(fp_inittab)) { 1591 /* If we're not in the FAILURE state and haven't */ 1592 /* yet reached the shell command field, process */ 1593 /* the line, otherwise just look for a real end */ 1594 /* of line. */ 1595 if (state != FAILURE && state != COMMAND) { 1596 /* 1597 * Squeeze out spaces and tabs. 1598 */ 1599 if (c == ' ' || c == '\t') 1600 continue; 1601 1602 /* 1603 * Ignore characters in a comment, except for the \n. 1604 */ 1605 if (state == COMMENT) { 1606 if (c == '\n') { 1607 lastc = ' '; 1608 break; 1609 } else { 1610 continue; 1611 } 1612 } 1613 1614 /* 1615 * Detect comments (lines whose first non-whitespace 1616 * character is '#') by checking that we're at the 1617 * beginning of a line, have seen a '#', and haven't 1618 * yet accumulated any characters. 1619 */ 1620 if (state == ID && c == '#' && ptr == shcmd) { 1621 state = COMMENT; 1622 continue; 1623 } 1624 1625 /* 1626 * If the character is a ':', then check the 1627 * previous field for correctness and advance 1628 * to the next field. 1629 */ 1630 if (c == ':') { 1631 switch (state) { 1632 1633 case ID : 1634 /* 1635 * Check to see that there are only 1636 * 1 to 4 characters for the id. 1637 */ 1638 if ((i = ptr - shcmd) < 1 || i > 4) { 1639 state = FAILURE; 1640 } else { 1641 bcopy(shcmd, &cmd->c_id[0], i); 1642 ptr = shcmd; 1643 state = LEVELS; 1644 } 1645 break; 1646 1647 case LEVELS : 1648 /* 1649 * Build a mask for all the levels for 1650 * which this command will be legal. 1651 */ 1652 for (cmd->c_levels = 0, ptr1 = shcmd; 1653 ptr1 < ptr; ptr1++) { 1654 int mask; 1655 if (lvlname_to_mask(*ptr1, 1656 &mask) == -1) { 1657 state = FAILURE; 1658 break; 1659 } 1660 cmd->c_levels |= mask; 1661 } 1662 if (state != FAILURE) { 1663 state = ACTION; 1664 ptr = shcmd; /* Reset the buffer */ 1665 } 1666 break; 1667 1668 case ACTION : 1669 /* 1670 * Null terminate the string in shcmd buffer and 1671 * then try to match against legal actions. If 1672 * the field is of length 0, then the default of 1673 * "RESPAWN" is used if the id is numeric, 1674 * otherwise the default is "OFF". 1675 */ 1676 if (ptr == shcmd) { 1677 if (isdigit(cmd->c_id[0]) && 1678 (cmd->c_id[1] == '\0' || 1679 isdigit(cmd->c_id[1])) && 1680 (cmd->c_id[2] == '\0' || 1681 isdigit(cmd->c_id[2])) && 1682 (cmd->c_id[3] == '\0' || 1683 isdigit(cmd->c_id[3]))) 1684 cmd->c_action = M_RESPAWN; 1685 else 1686 cmd->c_action = M_OFF; 1687 } else { 1688 for (cmd->c_action = 0, i = 0, *ptr = '\0'; 1689 i < sizeof (actions)/sizeof (char *); 1690 i++) { 1691 if (strcmp(shcmd, actions[i]) == 0) { 1692 if ((cmd->c_levels & MASKSU) && 1693 !(act_masks[i] & su_acts)) 1694 cmd->c_action = 0; 1695 else 1696 cmd->c_action = act_masks[i]; 1697 break; 1698 } 1699 } 1700 } 1701 1702 /* 1703 * If the action didn't match any legal action, 1704 * set state to FAILURE. 1705 */ 1706 if (cmd->c_action == 0) { 1707 state = FAILURE; 1708 } else { 1709 state = COMMAND; 1710 (void) strcpy(shcmd, "exec "); 1711 } 1712 ptr = shcmd + EXEC; 1713 break; 1714 } 1715 continue; 1716 } 1717 } 1718 1719 /* If the character is a '\n', then this is the end of a */ 1720 /* line. If the '\n' wasn't preceded by a backslash, */ 1721 /* it is also the end of an inittab command. If it was */ 1722 /* preceded by a backslash then the next line is a */ 1723 /* continuation. Note that the continuation '\n' falls */ 1724 /* through and is treated like other characters and is */ 1725 /* stored in the shell command line. */ 1726 if (c == '\n' && lastc != '\\') { 1727 proceed = FALSE; 1728 *ptr = '\0'; 1729 break; 1730 } 1731 1732 /* For all other characters just stuff them into the */ 1733 /* command as long as there aren't too many of them. */ 1734 /* Make sure there is room for a terminating '\0' also. */ 1735 if (ptr >= shcmd + MAXCMDL - 1) 1736 state = FAILURE; 1737 else 1738 *ptr++ = (char)c; 1739 1740 /* If the character we just stored was a quoted */ 1741 /* backslash, then change "c" to '\0', so that this */ 1742 /* backslash will not cause a subsequent '\n' to appear */ 1743 /* quoted. In otherwords '\' '\' '\n' is the real end */ 1744 /* of a command, while '\' '\n' is a continuation. */ 1745 if (c == '\\' && lastc == '\\') 1746 c = '\0'; 1747 } 1748 1749 /* 1750 * Make sure all the fields are properly specified 1751 * for a good command line. 1752 */ 1753 if (state == COMMAND) { 1754 answer = TRUE; 1755 cmd->c_command = shcmd; 1756 1757 /* 1758 * If no default level was supplied, insert 1759 * all numerical levels. 1760 */ 1761 if (cmd->c_levels == 0) 1762 cmd->c_levels = MASK_NUMERIC; 1763 1764 /* 1765 * If no action has been supplied, declare this 1766 * entry to be OFF. 1767 */ 1768 if (cmd->c_action == 0) 1769 cmd->c_action = M_OFF; 1770 1771 /* 1772 * If no shell command has been supplied, make sure 1773 * there is a null string in the command field. 1774 */ 1775 if (ptr == shcmd + EXEC) 1776 *shcmd = '\0'; 1777 } else 1778 answer = FALSE; 1779 1780 /* 1781 * If we have reached the end of inittab, then close it 1782 * and quit trying to find a good command line. 1783 */ 1784 if (c == EOF) { 1785 (void) fclose(fp_inittab); 1786 fp_inittab = NULL; 1787 break; 1788 } 1789 } 1790 return (answer); 1791 } 1792 1793 /* 1794 * lvlname_to_state(): convert the character name of a state to its level 1795 * (its corresponding signal number). 1796 */ 1797 static int 1798 lvlname_to_state(char name) 1799 { 1800 int i; 1801 for (i = 0; i < LVL_NELEMS; i++) { 1802 if (lvls[i].lvl_name == name) 1803 return (lvls[i].lvl_state); 1804 } 1805 return (-1); 1806 } 1807 1808 /* 1809 * state_to_name(): convert the level to the character name. 1810 */ 1811 static char 1812 state_to_name(int state) 1813 { 1814 int i; 1815 for (i = 0; i < LVL_NELEMS; i++) { 1816 if (lvls[i].lvl_state == state) 1817 return (lvls[i].lvl_name); 1818 } 1819 return (-1); 1820 } 1821 1822 /* 1823 * state_to_mask(): return the mask corresponding to a signal number 1824 */ 1825 static int 1826 state_to_mask(int state) 1827 { 1828 int i; 1829 for (i = 0; i < LVL_NELEMS; i++) { 1830 if (lvls[i].lvl_state == state) 1831 return (lvls[i].lvl_mask); 1832 } 1833 return (0); /* return 0, since that represents an empty mask */ 1834 } 1835 1836 /* 1837 * lvlname_to_mask(): return the mask corresponding to a levels character name 1838 */ 1839 static int 1840 lvlname_to_mask(char name, int *mask) 1841 { 1842 int i; 1843 for (i = 0; i < LVL_NELEMS; i++) { 1844 if (lvls[i].lvl_name == name) { 1845 *mask = lvls[i].lvl_mask; 1846 return (0); 1847 } 1848 } 1849 return (-1); 1850 } 1851 1852 /* 1853 * state_to_flags(): return the flags corresponding to a runlevel. These 1854 * indicate properties of that runlevel. 1855 */ 1856 static int 1857 state_to_flags(int state) 1858 { 1859 int i; 1860 for (i = 0; i < LVL_NELEMS; i++) { 1861 if (lvls[i].lvl_state == state) 1862 return (lvls[i].lvl_flags); 1863 } 1864 return (0); 1865 } 1866 1867 /* 1868 * killproc() creates a child which kills the process specified by pid. 1869 */ 1870 void 1871 killproc(pid_t pid) 1872 { 1873 struct PROC_TABLE *process; 1874 1875 (void) sigset(SIGCLD, SIG_DFL); 1876 while ((process = efork(M_OFF, NULLPROC, 0)) == NO_ROOM) 1877 (void) pause(); 1878 (void) sigset(SIGCLD, childeath); 1879 1880 if (process == NULLPROC) { 1881 /* 1882 * efork() sets all signal handlers to the default, so reset 1883 * the ALRM handler to make timer() work as expected. 1884 */ 1885 (void) sigset(SIGALRM, alarmclk); 1886 1887 /* 1888 * We are the child. Try to terminate the process nicely 1889 * first using SIGTERM and if it refuses to die in TWARN 1890 * seconds kill it with SIGKILL. 1891 */ 1892 (void) kill(pid, SIGTERM); 1893 (void) timer(TWARN); 1894 (void) kill(pid, SIGKILL); 1895 (void) exit(0); 1896 } 1897 } 1898 1899 /* 1900 * Set up the default environment for all procs to be forked from init. 1901 * Read the values from the /etc/default/init file, except for PATH. If 1902 * there's not enough room in the environment array, the environment 1903 * lines that don't fit are silently discarded. 1904 */ 1905 void 1906 init_env() 1907 { 1908 char line[MAXCMDL]; 1909 FILE *fp; 1910 int inquotes, length, wslength; 1911 char *tokp, *cp1, *cp2; 1912 1913 glob_envp[0] = malloc((unsigned)(strlen(DEF_PATH)+2)); 1914 (void) strcpy(glob_envp[0], DEF_PATH); 1915 glob_envn = 1; 1916 1917 if (rflg) { 1918 glob_envp[1] = 1919 malloc((unsigned)(strlen("_DVFS_RECONFIG=YES")+2)); 1920 (void) strcpy(glob_envp[1], "_DVFS_RECONFIG=YES"); 1921 ++glob_envn; 1922 } else if (bflg == 1) { 1923 glob_envp[1] = 1924 malloc((unsigned)(strlen("RB_NOBOOTRC=YES")+2)); 1925 (void) strcpy(glob_envp[1], "RB_NOBOOTRC=YES"); 1926 ++glob_envn; 1927 } 1928 1929 if ((fp = fopen(ENVFILE, "r")) == NULL) { 1930 console(B_TRUE, 1931 "Cannot open %s. Environment not initialized.\n", 1932 ENVFILE); 1933 } else { 1934 while (fgets(line, MAXCMDL - 1, fp) != NULL && 1935 glob_envn < MAXENVENT - 2) { 1936 /* 1937 * Toss newline 1938 */ 1939 length = strlen(line); 1940 if (line[length - 1] == '\n') 1941 line[length - 1] = '\0'; 1942 1943 /* 1944 * Ignore blank or comment lines. 1945 */ 1946 if (line[0] == '#' || line[0] == '\0' || 1947 (wslength = strspn(line, " \t\n")) == 1948 strlen(line) || 1949 strchr(line, '#') == line + wslength) 1950 continue; 1951 1952 /* 1953 * First make a pass through the line and change 1954 * any non-quoted semi-colons to blanks so they 1955 * will be treated as token separators below. 1956 */ 1957 inquotes = 0; 1958 for (cp1 = line; *cp1 != '\0'; cp1++) { 1959 if (*cp1 == '"') { 1960 if (inquotes == 0) 1961 inquotes = 1; 1962 else 1963 inquotes = 0; 1964 } else if (*cp1 == ';') { 1965 if (inquotes == 0) 1966 *cp1 = ' '; 1967 } 1968 } 1969 1970 /* 1971 * Tokens within the line are separated by blanks 1972 * and tabs. For each token in the line which 1973 * contains a '=' we strip out any quotes and then 1974 * stick the token in the environment array. 1975 */ 1976 if ((tokp = strtok(line, " \t")) == NULL) 1977 continue; 1978 do { 1979 if (strchr(tokp, '=') == NULL) 1980 continue; 1981 length = strlen(tokp); 1982 while ((cp1 = strpbrk(tokp, "\"\'")) != NULL) { 1983 for (cp2 = cp1; 1984 cp2 < &tokp[length]; cp2++) 1985 *cp2 = *(cp2 + 1); 1986 length--; 1987 } 1988 1989 if (strncmp(tokp, "CMASK=", 1990 sizeof ("CMASK=") - 1) == 0) { 1991 long t; 1992 1993 /* We know there's an = */ 1994 t = strtol(strchr(tokp, '=') + 1, NULL, 1995 8); 1996 1997 /* Sanity */ 1998 if (t <= 077 && t >= 0) 1999 cmask = (int)t; 2000 (void) umask(cmask); 2001 continue; 2002 } 2003 glob_envp[glob_envn] = 2004 malloc((unsigned)(length + 1)); 2005 (void) strcpy(glob_envp[glob_envn], tokp); 2006 if (++glob_envn >= MAXENVENT - 1) 2007 break; 2008 } while ((tokp = strtok(NULL, " \t")) != NULL); 2009 } 2010 2011 /* 2012 * Append a null pointer to the environment array 2013 * to mark its end. 2014 */ 2015 glob_envp[glob_envn] = NULL; 2016 (void) fclose(fp); 2017 } 2018 } 2019 2020 /* 2021 * boot_init(): Do initialization things that should be done at boot. 2022 */ 2023 void 2024 boot_init() 2025 { 2026 int i; 2027 struct PROC_TABLE *process, *oprocess; 2028 struct CMD_LINE cmd; 2029 char line[MAXCMDL]; 2030 char *old_path; 2031 int maxfiles; 2032 2033 /* Use INIT_PATH for sysinit cmds */ 2034 old_path = glob_envp[0]; 2035 glob_envp[0] = malloc((unsigned)(strlen(INIT_PATH)+2)); 2036 (void) strcpy(glob_envp[0], INIT_PATH); 2037 2038 /* 2039 * Scan inittab(4) and process the special svc.startd entry, initdefault 2040 * and sysinit entries. 2041 */ 2042 while (getcmd(&cmd, &line[0]) == TRUE) { 2043 if (startd_tmpl >= 0 && id_eq(cmd.c_id, "smf")) 2044 process_startd_line(&cmd, line); 2045 else if (cmd.c_action == M_INITDEFAULT) { 2046 /* 2047 * initdefault is no longer meaningful, as the SMF 2048 * milestone controls what (legacy) run level we 2049 * boot to. 2050 */ 2051 console(B_TRUE, 2052 "Ignoring legacy \"initdefault\" entry.\n"); 2053 } else if (cmd.c_action == M_SYSINIT) { 2054 /* 2055 * Execute the "sysinit" entry and wait for it to 2056 * complete. No bookkeeping is performed on these 2057 * entries because we avoid writing to the file system 2058 * until after there has been an chance to check it. 2059 */ 2060 if (process = findpslot(&cmd)) { 2061 (void) sigset(SIGCLD, SIG_DFL); 2062 2063 for (oprocess = process; 2064 (process = efork(M_OFF, oprocess, 2065 (NAMED|NOCLEANUP))) == NO_ROOM; 2066 /* CSTYLED */) 2067 ; 2068 (void) sigset(SIGCLD, childeath); 2069 2070 if (process == NULLPROC) { 2071 maxfiles = ulimit(UL_GDESLIM, 0); 2072 2073 for (i = 0; i < maxfiles; i++) 2074 (void) fcntl(i, F_SETFD, 2075 FD_CLOEXEC); 2076 (void) execle(SH, "INITSH", "-c", 2077 cmd.c_command, 2078 (char *)0, glob_envp); 2079 console(B_TRUE, 2080 "Command\n\"%s\"\n failed to execute. errno = %d (exec of shell failed)\n", 2081 cmd.c_command, errno); 2082 exit(1); 2083 } else while (waitproc(process) == FAILURE); 2084 process->p_flags = 0; 2085 st_write(); 2086 } 2087 } 2088 } 2089 2090 /* Restore the path. */ 2091 free(glob_envp[0]); 2092 glob_envp[0] = old_path; 2093 2094 /* 2095 * This will enable st_write() to complain about init_state_file. 2096 */ 2097 booting = 0; 2098 2099 /* 2100 * If the /etc/ioctl.syscon didn't exist or had invalid contents write 2101 * out a correct version. 2102 */ 2103 if (write_ioctl) 2104 write_ioctl_syscon(); 2105 2106 /* 2107 * Start svc.startd(1M), which does most of the work. 2108 */ 2109 if (startd_cline[0] != '\0' && startd_tmpl >= 0) { 2110 /* Start svc.startd. */ 2111 if (startd_run(startd_cline, startd_tmpl, 0) == -1) 2112 cur_state = SINGLE_USER; 2113 } else { 2114 console(B_TRUE, "Absent svc.startd entry or bad " 2115 "contract template. Not starting svc.startd.\n"); 2116 enter_maintenance(); 2117 } 2118 } 2119 2120 /* 2121 * init_signals(): Initialize all signals to either be caught or ignored. 2122 */ 2123 void 2124 init_signals(void) 2125 { 2126 struct sigaction act; 2127 int i; 2128 2129 /* 2130 * Start by ignoring all signals, then selectively re-enable some. 2131 * The SIG_IGN disposition will only affect asynchronous signals: 2132 * any signal that we trigger synchronously that doesn't end up 2133 * being handled by siglvl() will be forcibly delivered by the kernel. 2134 */ 2135 for (i = SIGHUP; i <= SIGRTMAX; i++) 2136 (void) sigset(i, SIG_IGN); 2137 2138 /* 2139 * Handle all level-changing signals using siglvl() and set sa_mask so 2140 * that all level-changing signals are blocked while in siglvl(). 2141 */ 2142 act.sa_handler = siglvl; 2143 act.sa_flags = SA_SIGINFO; 2144 (void) sigemptyset(&act.sa_mask); 2145 2146 (void) sigaddset(&act.sa_mask, LVLQ); 2147 (void) sigaddset(&act.sa_mask, LVL0); 2148 (void) sigaddset(&act.sa_mask, LVL1); 2149 (void) sigaddset(&act.sa_mask, LVL2); 2150 (void) sigaddset(&act.sa_mask, LVL3); 2151 (void) sigaddset(&act.sa_mask, LVL4); 2152 (void) sigaddset(&act.sa_mask, LVL5); 2153 (void) sigaddset(&act.sa_mask, LVL6); 2154 (void) sigaddset(&act.sa_mask, SINGLE_USER); 2155 (void) sigaddset(&act.sa_mask, LVLa); 2156 (void) sigaddset(&act.sa_mask, LVLb); 2157 (void) sigaddset(&act.sa_mask, LVLc); 2158 2159 (void) sigaction(LVLQ, &act, NULL); 2160 (void) sigaction(LVL0, &act, NULL); 2161 (void) sigaction(LVL1, &act, NULL); 2162 (void) sigaction(LVL2, &act, NULL); 2163 (void) sigaction(LVL3, &act, NULL); 2164 (void) sigaction(LVL4, &act, NULL); 2165 (void) sigaction(LVL5, &act, NULL); 2166 (void) sigaction(LVL6, &act, NULL); 2167 (void) sigaction(SINGLE_USER, &act, NULL); 2168 (void) sigaction(LVLa, &act, NULL); 2169 (void) sigaction(LVLb, &act, NULL); 2170 (void) sigaction(LVLc, &act, NULL); 2171 2172 (void) sigset(SIGALRM, alarmclk); 2173 alarmclk(); 2174 2175 (void) sigset(SIGCLD, childeath); 2176 (void) sigset(SIGPWR, powerfail); 2177 } 2178 2179 /* 2180 * Set up pipe for "godchildren". If the file exists and is a pipe just open 2181 * it. Else, if the file system is r/w create it. Otherwise, defer its 2182 * creation and open until after /var/run has been mounted. This function is 2183 * only called on startup and when explicitly requested via LVLQ. 2184 */ 2185 void 2186 setup_pipe() 2187 { 2188 struct stat stat_buf; 2189 struct statvfs statvfs_buf; 2190 struct sigaction act; 2191 2192 /* 2193 * Always close the previous pipe descriptor as the mounted filesystems 2194 * may have changed. 2195 */ 2196 if (Pfd >= 0) 2197 (void) close(Pfd); 2198 2199 if ((stat(INITPIPE, &stat_buf) == 0) && 2200 ((stat_buf.st_mode & (S_IFMT|S_IRUSR)) == (S_IFIFO|S_IRUSR))) 2201 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2202 else 2203 if ((statvfs(INITPIPE_DIR, &statvfs_buf) == 0) && 2204 ((statvfs_buf.f_flag & ST_RDONLY) == 0)) { 2205 (void) unlink(INITPIPE); 2206 (void) mknod(INITPIPE, S_IFIFO | 0600, 0); 2207 Pfd = open(INITPIPE, O_RDWR | O_NDELAY); 2208 } 2209 2210 if (Pfd >= 0) { 2211 (void) ioctl(Pfd, I_SETSIG, S_INPUT); 2212 /* 2213 * Read pipe in message discard mode. 2214 */ 2215 (void) ioctl(Pfd, I_SRDOPT, RMSGD); 2216 2217 act.sa_handler = sigpoll; 2218 act.sa_flags = 0; 2219 (void) sigemptyset(&act.sa_mask); 2220 (void) sigaddset(&act.sa_mask, SIGCLD); 2221 (void) sigaction(SIGPOLL, &act, NULL); 2222 } 2223 } 2224 2225 /* 2226 * siglvl - handle an asynchronous signal from init(1M) telling us that we 2227 * should change the current run level. We set new_state accordingly. 2228 */ 2229 void 2230 siglvl(int sig, siginfo_t *sip, ucontext_t *ucp) 2231 { 2232 struct PROC_TABLE *process; 2233 struct sigaction act; 2234 2235 /* 2236 * If the signal was from the kernel (rather than init(1M)) then init 2237 * itself tripped the signal. That is, we might have a bug and tripped 2238 * a real SIGSEGV instead of receiving it as an alias for SIGLVLa. In 2239 * such a case we reset the disposition to SIG_DFL, block all signals 2240 * in uc_mask but the current one, and return to the interrupted ucp 2241 * to effect an appropriate death. The kernel will then restart us. 2242 * 2243 * The one exception to SI_FROMKERNEL() is SIGFPE (a.k.a. LVL6), which 2244 * the kernel can send us when it wants to effect an orderly reboot. 2245 * For this case we must also verify si_code is zero, rather than a 2246 * code such as FPE_INTDIV which a bug might have triggered. 2247 */ 2248 if (sip != NULL && SI_FROMKERNEL(sip) && 2249 (sig != SIGFPE || sip->si_code == 0)) { 2250 2251 (void) sigemptyset(&act.sa_mask); 2252 act.sa_handler = SIG_DFL; 2253 act.sa_flags = 0; 2254 (void) sigaction(sig, &act, NULL); 2255 2256 (void) sigfillset(&ucp->uc_sigmask); 2257 (void) sigdelset(&ucp->uc_sigmask, sig); 2258 ucp->uc_flags |= UC_SIGMASK; 2259 2260 (void) setcontext(ucp); 2261 } 2262 2263 /* 2264 * If the signal received is a LVLQ signal, do not really 2265 * change levels, just restate the current level. If the 2266 * signal is not a LVLQ, set the new level to the signal 2267 * received. 2268 */ 2269 if (sig == LVLQ) { 2270 new_state = cur_state; 2271 lvlq_received = B_TRUE; 2272 } else { 2273 new_state = sig; 2274 } 2275 2276 /* 2277 * Clear all times and repeat counts in the process table 2278 * since either the level is changing or the user has editted 2279 * the inittab file and wants us to look at it again. 2280 * If the user has fixed a typo, we don't want residual timing 2281 * data preventing the fixed command line from executing. 2282 */ 2283 for (process = proc_table; 2284 (process < proc_table + num_proc); process++) { 2285 process->p_time = 0L; 2286 process->p_count = 0; 2287 } 2288 2289 /* 2290 * Set the flag to indicate that a "user signal" was received. 2291 */ 2292 wakeup.w_flags.w_usersignal = 1; 2293 } 2294 2295 2296 /* 2297 * alarmclk 2298 */ 2299 static void 2300 alarmclk() 2301 { 2302 time_up = TRUE; 2303 } 2304 2305 /* 2306 * childeath_single(): 2307 * 2308 * This used to be the SIGCLD handler and it was set with signal() 2309 * (as opposed to sigset()). When a child exited we'd come to the 2310 * handler, wait for the child, and reenable the handler with 2311 * signal() just before returning. The implementation of signal() 2312 * checks with waitid() for waitable children and sends a SIGCLD 2313 * if there are some. If children are exiting faster than the 2314 * handler can run we keep sending signals and the handler never 2315 * gets to return and eventually the stack runs out and init dies. 2316 * To prevent that we set the handler with sigset() so the handler 2317 * doesn't need to be reset, and in childeath() (see below) we 2318 * call childeath_single() as long as there are children to be 2319 * waited for. If a child exits while init is in the handler a 2320 * SIGCLD will be pending and delivered on return from the handler. 2321 * If the child was already waited for the handler will have nothing 2322 * to do and return, otherwise the child will be waited for. 2323 */ 2324 static void 2325 childeath_single() 2326 { 2327 struct PROC_TABLE *process; 2328 struct pidlist *pp; 2329 pid_t pid; 2330 int status; 2331 2332 /* 2333 * Perform wait to get the process id of the child that died and 2334 * then scan the process table to see if we are interested in 2335 * this process. NOTE: if a super-user sends the SIGCLD signal 2336 * to init, the following wait will not immediately return and 2337 * init will be inoperative until one of its child really does die. 2338 */ 2339 pid = wait(&status); 2340 2341 for (process = proc_table; 2342 (process < proc_table + num_proc); process++) { 2343 if ((process->p_flags & (LIVING|OCCUPIED)) == 2344 (LIVING|OCCUPIED) && process->p_pid == pid) { 2345 2346 /* 2347 * Mark this process as having died and store the exit 2348 * status. Also set the wakeup flag for a dead child 2349 * and break out of the loop. 2350 */ 2351 process->p_flags &= ~LIVING; 2352 process->p_exit = (short)status; 2353 wakeup.w_flags.w_childdeath = 1; 2354 2355 return; 2356 } 2357 } 2358 2359 /* 2360 * No process was found above, look through auxiliary list. 2361 */ 2362 (void) sighold(SIGPOLL); 2363 pp = Plhead; 2364 while (pp) { 2365 if (pid > pp->pl_pid) { 2366 /* 2367 * Keep on looking. 2368 */ 2369 pp = pp->pl_next; 2370 continue; 2371 } else if (pid < pp->pl_pid) { 2372 /* 2373 * Not in the list. 2374 */ 2375 break; 2376 } else { 2377 /* 2378 * This is a dead "godchild". 2379 */ 2380 pp->pl_dflag = 1; 2381 pp->pl_exit = (short)status; 2382 wakeup.w_flags.w_childdeath = 1; 2383 Gchild = 1; /* Notice to call cleanaux(). */ 2384 break; 2385 } 2386 } 2387 2388 (void) sigrelse(SIGPOLL); 2389 } 2390 2391 /* ARGSUSED */ 2392 static void 2393 childeath(int signo) 2394 { 2395 siginfo_t info; 2396 2397 while ((waitid(P_ALL, (id_t)0, &info, WEXITED|WNOHANG|WNOWAIT) == 0) && 2398 info.si_pid != 0) 2399 childeath_single(); 2400 } 2401 2402 static void 2403 powerfail() 2404 { 2405 (void) nice(-19); 2406 wakeup.w_flags.w_powerhit = 1; 2407 } 2408 2409 /* 2410 * efork() forks a child and the parent inserts the process in its table 2411 * of processes that are directly a result of forks that it has performed. 2412 * The child just changes the "global" with the process id for this process 2413 * to it's new value. 2414 * If efork() is called with a pointer into the proc_table it uses that slot, 2415 * otherwise it searches for a free slot. Regardless of how it was called, 2416 * it returns the pointer to the proc_table entry 2417 * 2418 * The SIGCLD handler is set to default (SIG_DFL) before calling efork(). 2419 * This relies on the somewhat obscure SVR2 SIGCLD/SIG_DFL semantic 2420 * implied by the use of signal(3c). While the meaning of SIG_DFL for 2421 * SIGCLD is nominally to ignore the signal, once the signal disposition 2422 * is set to childeath(), the kernel will post a SIGCLD if a child 2423 * exited during the period the disposition was SIG_DFL. It acts more 2424 * like a signal block. 2425 * 2426 * Ideally, this should be rewritten to use modern signal semantics. 2427 */ 2428 static struct PROC_TABLE * 2429 efork(int action, struct PROC_TABLE *process, int modes) 2430 { 2431 pid_t childpid; 2432 struct PROC_TABLE *proc; 2433 int i; 2434 void (*oldroutine)(); 2435 /* 2436 * Freshen up the proc_table, removing any entries for dead processes 2437 * that don't have NOCLEANUP set. Perform the necessary accounting. 2438 */ 2439 for (proc = proc_table; (proc < proc_table + num_proc); proc++) { 2440 if ((proc->p_flags & (OCCUPIED|LIVING|NOCLEANUP)) == 2441 (OCCUPIED)) { 2442 /* 2443 * Is this a named process? 2444 * If so, do the necessary bookkeeping. 2445 */ 2446 if (proc->p_flags & NAMED) 2447 (void) account(DEAD_PROCESS, proc, NULL); 2448 2449 /* 2450 * Free this entry for new usage. 2451 */ 2452 proc->p_flags = 0; 2453 } 2454 } 2455 2456 while ((childpid = fork()) == FAILURE) { 2457 /* 2458 * Shorten the alarm timer in case someone else's child dies 2459 * and free up a slot in the process table. 2460 */ 2461 setimer(5); 2462 2463 /* 2464 * Wait for some children to die. Since efork() is normally 2465 * called with SIGCLD in the default state, reset it to catch 2466 * so that child death signals can come in. 2467 */ 2468 oldroutine = sigset(SIGCLD, childeath); 2469 (void) pause(); 2470 (void) sigset(SIGCLD, oldroutine); 2471 setimer(0); 2472 } 2473 2474 if (childpid != 0) { 2475 2476 if (process == NULLPROC) { 2477 /* 2478 * No proc table pointer specified so search 2479 * for a free slot. 2480 */ 2481 for (process = proc_table; process->p_flags != 0 && 2482 (process < proc_table + num_proc); process++) 2483 ; 2484 2485 if (process == (proc_table + num_proc)) { 2486 int old_proc_table_size = num_proc; 2487 2488 /* Increase the process table size */ 2489 increase_proc_table_size(); 2490 if (old_proc_table_size == num_proc) { 2491 /* didn't grow: memory failure */ 2492 return (NO_ROOM); 2493 } else { 2494 process = 2495 proc_table + old_proc_table_size; 2496 } 2497 } 2498 2499 process->p_time = 0L; 2500 process->p_count = 0; 2501 } 2502 process->p_id[0] = '\0'; 2503 process->p_id[1] = '\0'; 2504 process->p_id[2] = '\0'; 2505 process->p_id[3] = '\0'; 2506 process->p_pid = childpid; 2507 process->p_flags = (LIVING | OCCUPIED | modes); 2508 process->p_exit = 0; 2509 2510 st_write(); 2511 } else { 2512 if ((action & (M_WAIT | M_BOOTWAIT)) == 0) 2513 (void) setpgrp(); 2514 2515 process = NULLPROC; 2516 2517 /* 2518 * Reset all signals to the system defaults. 2519 */ 2520 for (i = SIGHUP; i <= SIGRTMAX; i++) 2521 (void) sigset(i, SIG_DFL); 2522 2523 /* 2524 * POSIX B.2.2.2 advises that init should set SIGTTOU, 2525 * SIGTTIN, and SIGTSTP to SIG_IGN. 2526 * 2527 * Make sure that SIGXCPU and SIGXFSZ also remain ignored, 2528 * for backward compatibility. 2529 */ 2530 (void) sigset(SIGTTIN, SIG_IGN); 2531 (void) sigset(SIGTTOU, SIG_IGN); 2532 (void) sigset(SIGTSTP, SIG_IGN); 2533 (void) sigset(SIGXCPU, SIG_IGN); 2534 (void) sigset(SIGXFSZ, SIG_IGN); 2535 } 2536 return (process); 2537 } 2538 2539 2540 /* 2541 * waitproc() waits for a specified process to die. For this function to 2542 * work, the specified process must already in the proc_table. waitproc() 2543 * returns the exit status of the specified process when it dies. 2544 */ 2545 static long 2546 waitproc(struct PROC_TABLE *process) 2547 { 2548 int answer; 2549 sigset_t oldmask, newmask, zeromask; 2550 2551 (void) sigemptyset(&zeromask); 2552 (void) sigemptyset(&newmask); 2553 2554 (void) sigaddset(&newmask, SIGCLD); 2555 2556 /* Block SIGCLD and save the current signal mask */ 2557 if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0) 2558 perror("SIG_BLOCK error"); 2559 2560 /* 2561 * Wait around until the process dies. 2562 */ 2563 if (process->p_flags & LIVING) 2564 (void) sigsuspend(&zeromask); 2565 2566 /* Reset signal mask to unblock SIGCLD */ 2567 if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0) 2568 perror("SIG_SETMASK error"); 2569 2570 if (process->p_flags & LIVING) 2571 return (FAILURE); 2572 2573 /* 2574 * Make sure to only return 16 bits so that answer will always 2575 * be positive whenever the process of interest really died. 2576 */ 2577 answer = (process->p_exit & 0xffff); 2578 2579 /* 2580 * Free the slot in the proc_table. 2581 */ 2582 process->p_flags = 0; 2583 return (answer); 2584 } 2585 2586 /* 2587 * notify_pam_dead(): calls into the PAM framework to close the given session. 2588 */ 2589 static void 2590 notify_pam_dead(struct utmpx *up) 2591 { 2592 pam_handle_t *pamh; 2593 char user[sizeof (up->ut_user) + 1]; 2594 char ttyn[sizeof (up->ut_line) + 1]; 2595 char host[sizeof (up->ut_host) + 1]; 2596 2597 /* 2598 * PAM does not take care of updating utmpx/wtmpx. 2599 */ 2600 (void) snprintf(user, sizeof (user), "%s", up->ut_user); 2601 (void) snprintf(ttyn, sizeof (ttyn), "%s", up->ut_line); 2602 (void) snprintf(host, sizeof (host), "%s", up->ut_host); 2603 2604 if (pam_start("init", user, NULL, &pamh) == PAM_SUCCESS) { 2605 (void) pam_set_item(pamh, PAM_TTY, ttyn); 2606 (void) pam_set_item(pamh, PAM_RHOST, host); 2607 (void) pam_close_session(pamh, 0); 2608 (void) pam_end(pamh, PAM_SUCCESS); 2609 } 2610 } 2611 2612 /* 2613 * Check you can access utmpx (As / may be read-only and 2614 * /var may not be mounted yet). 2615 */ 2616 static int 2617 access_utmpx(void) 2618 { 2619 do { 2620 utmpx_ok = (access(UTMPX, R_OK|W_OK) == 0); 2621 } while (!utmpx_ok && errno == EINTR); 2622 2623 return (utmpx_ok); 2624 } 2625 2626 /* 2627 * account() updates entries in utmpx and appends new entries to the end of 2628 * wtmpx (assuming they exist). The program argument indicates the name of 2629 * program if INIT_PROCESS, otherwise should be NULL. 2630 * 2631 * account() only blocks for INIT_PROCESS requests. 2632 * 2633 * Returns non-zero if write failed. 2634 */ 2635 static int 2636 account(short state, struct PROC_TABLE *process, char *program) 2637 { 2638 struct utmpx utmpbuf, *u, *oldu; 2639 int tmplen; 2640 char fail_buf[UT_LINE_SZ]; 2641 sigset_t block, unblock; 2642 2643 if (!utmpx_ok && !access_utmpx()) { 2644 return (-1); 2645 } 2646 2647 /* 2648 * Set up the prototype for the utmp structure we want to write. 2649 */ 2650 u = &utmpbuf; 2651 (void) memset(u, 0, sizeof (struct utmpx)); 2652 2653 /* 2654 * Fill in the various fields of the utmp structure. 2655 */ 2656 u->ut_id[0] = process->p_id[0]; 2657 u->ut_id[1] = process->p_id[1]; 2658 u->ut_id[2] = process->p_id[2]; 2659 u->ut_id[3] = process->p_id[3]; 2660 u->ut_pid = process->p_pid; 2661 2662 /* 2663 * Fill the "ut_exit" structure. 2664 */ 2665 u->ut_exit.e_termination = WTERMSIG(process->p_exit); 2666 u->ut_exit.e_exit = WEXITSTATUS(process->p_exit); 2667 u->ut_type = state; 2668 2669 (void) time(&u->ut_tv.tv_sec); 2670 2671 /* 2672 * Block signals for utmp update. 2673 */ 2674 (void) sigfillset(&block); 2675 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2676 2677 /* 2678 * See if there already is such an entry in the "utmpx" file. 2679 */ 2680 setutxent(); /* Start at beginning of utmpx file. */ 2681 2682 if ((oldu = getutxid(u)) != NULL) { 2683 /* 2684 * Copy in the old "user", "line" and "host" fields 2685 * to our new structure. 2686 */ 2687 bcopy(oldu->ut_user, u->ut_user, sizeof (u->ut_user)); 2688 bcopy(oldu->ut_line, u->ut_line, sizeof (u->ut_line)); 2689 bcopy(oldu->ut_host, u->ut_host, sizeof (u->ut_host)); 2690 u->ut_syslen = (tmplen = strlen(u->ut_host)) ? 2691 min(tmplen + 1, sizeof (u->ut_host)) : 0; 2692 2693 if (oldu->ut_type == USER_PROCESS && state == DEAD_PROCESS) { 2694 notify_pam_dead(oldu); 2695 } 2696 } 2697 2698 /* 2699 * Perform special accounting. Insert the special string into the 2700 * ut_line array. For INIT_PROCESSes put in the name of the 2701 * program in the "ut_user" field. 2702 */ 2703 switch (state) { 2704 case INIT_PROCESS: 2705 (void) strncpy(u->ut_user, program, sizeof (u->ut_user)); 2706 (void) strcpy(fail_buf, "INIT_PROCESS"); 2707 break; 2708 2709 default: 2710 (void) strlcpy(fail_buf, u->ut_id, sizeof (u->ut_id) + 1); 2711 break; 2712 } 2713 2714 /* 2715 * Write out the updated entry to utmpx file. 2716 */ 2717 if (pututxline(u) == NULL) { 2718 console(B_TRUE, "Failed write of utmpx entry: \"%s\": %s\n", 2719 fail_buf, strerror(errno)); 2720 endutxent(); 2721 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2722 return (-1); 2723 } 2724 2725 /* 2726 * If we're able to write to utmpx, then attempt to add to the 2727 * end of the wtmpx file. 2728 */ 2729 updwtmpx(WTMPX, u); 2730 2731 endutxent(); 2732 2733 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2734 2735 return (0); 2736 } 2737 2738 static void 2739 clearent(pid_t pid, short status) 2740 { 2741 struct utmpx *up; 2742 sigset_t block, unblock; 2743 2744 /* 2745 * Block signals for utmp update. 2746 */ 2747 (void) sigfillset(&block); 2748 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 2749 2750 /* 2751 * No error checking for now. 2752 */ 2753 2754 setutxent(); 2755 while (up = getutxent()) { 2756 if (up->ut_pid == pid) { 2757 if (up->ut_type == DEAD_PROCESS) { 2758 /* 2759 * Cleaned up elsewhere. 2760 */ 2761 continue; 2762 } 2763 2764 notify_pam_dead(up); 2765 2766 up->ut_type = DEAD_PROCESS; 2767 up->ut_exit.e_termination = WTERMSIG(status); 2768 up->ut_exit.e_exit = WEXITSTATUS(status); 2769 (void) time(&up->ut_tv.tv_sec); 2770 2771 (void) pututxline(up); 2772 /* 2773 * Now attempt to add to the end of the 2774 * wtmp and wtmpx files. Do not create 2775 * if they don't already exist. 2776 */ 2777 updwtmpx(WTMPX, up); 2778 2779 break; 2780 } 2781 } 2782 2783 endutxent(); 2784 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 2785 } 2786 2787 /* 2788 * prog_name() searches for the word or unix path name and 2789 * returns a pointer to the last element of the pathname. 2790 */ 2791 static char * 2792 prog_name(char *string) 2793 { 2794 char *ptr, *ptr2; 2795 /* XXX - utmp - fix name length */ 2796 static char word[_POSIX_LOGIN_NAME_MAX]; 2797 2798 /* 2799 * Search for the first word skipping leading spaces and tabs. 2800 */ 2801 while (*string == ' ' || *string == '\t') 2802 string++; 2803 2804 /* 2805 * If the first non-space non-tab character is not one allowed in 2806 * a word, return a pointer to a null string, otherwise parse the 2807 * pathname. 2808 */ 2809 if (*string != '.' && *string != '/' && *string != '_' && 2810 (*string < 'a' || *string > 'z') && 2811 (*string < 'A' || * string > 'Z') && 2812 (*string < '0' || *string > '9')) 2813 return (""); 2814 2815 /* 2816 * Parse the pathname looking forward for '/', ' ', '\t', '\n' or 2817 * '\0'. Each time a '/' is found, move "ptr" to one past the 2818 * '/', thus when a ' ', '\t', '\n', or '\0' is found, "ptr" will 2819 * point to the last element of the pathname. 2820 */ 2821 for (ptr = string; 2822 *string != ' ' && *string != '\t' && *string != '\n' && 2823 *string != '\0'; 2824 string++) { 2825 if (*string == '/') 2826 ptr = string+1; 2827 } 2828 2829 /* 2830 * Copy out up to the size of the "ut_user" array into "word", 2831 * null terminate it and return a pointer to it. 2832 */ 2833 /* XXX - utmp - fix name length */ 2834 for (ptr2 = &word[0]; ptr2 < &word[_POSIX_LOGIN_NAME_MAX - 1] && 2835 ptr < string; /* CSTYLED */) 2836 *ptr2++ = *ptr++; 2837 2838 *ptr2 = '\0'; 2839 return (&word[0]); 2840 } 2841 2842 2843 /* 2844 * realcon() returns a nonzero value if there is a character device 2845 * associated with SYSCON that has the same device number as CONSOLE. 2846 */ 2847 static int 2848 realcon() 2849 { 2850 struct stat sconbuf, conbuf; 2851 2852 if (stat(SYSCON, &sconbuf) != -1 && 2853 stat(CONSOLE, &conbuf) != -1 && 2854 S_ISCHR(sconbuf.st_mode) && 2855 S_ISCHR(conbuf.st_mode) && 2856 sconbuf.st_rdev == conbuf.st_rdev) { 2857 return (1); 2858 } else { 2859 return (0); 2860 } 2861 } 2862 2863 2864 /* 2865 * get_ioctl_syscon() retrieves the SYSCON settings from the IOCTLSYSCON file. 2866 * Returns true if the IOCTLSYSCON file needs to be written (with 2867 * write_ioctl_syscon() below) 2868 */ 2869 static int 2870 get_ioctl_syscon() 2871 { 2872 FILE *fp; 2873 unsigned int iflags, oflags, cflags, lflags, ldisc, cc[18]; 2874 int i, valid_format = 0; 2875 2876 /* 2877 * Read in the previous modes for SYSCON from IOCTLSYSCON. 2878 */ 2879 if ((fp = fopen(IOCTLSYSCON, "r")) == NULL) { 2880 stored_syscon_termios = dflt_termios; 2881 console(B_TRUE, 2882 "warning:%s does not exist, default settings assumed\n", 2883 IOCTLSYSCON); 2884 } else { 2885 2886 i = fscanf(fp, 2887 "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2888 &iflags, &oflags, &cflags, &lflags, 2889 &cc[0], &cc[1], &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], 2890 &cc[7], &cc[8], &cc[9], &cc[10], &cc[11], &cc[12], &cc[13], 2891 &cc[14], &cc[15], &cc[16], &cc[17]); 2892 2893 if (i == 22) { 2894 stored_syscon_termios.c_iflag = iflags; 2895 stored_syscon_termios.c_oflag = oflags; 2896 stored_syscon_termios.c_cflag = cflags; 2897 stored_syscon_termios.c_lflag = lflags; 2898 for (i = 0; i < 18; i++) 2899 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2900 valid_format = 1; 2901 } else if (i == 13) { 2902 rewind(fp); 2903 i = fscanf(fp, "%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x", 2904 &iflags, &oflags, &cflags, &lflags, &ldisc, &cc[0], &cc[1], 2905 &cc[2], &cc[3], &cc[4], &cc[5], &cc[6], &cc[7]); 2906 2907 /* 2908 * If the file is formatted properly, use the values to 2909 * initialize the console terminal condition. 2910 */ 2911 stored_syscon_termios.c_iflag = (ushort_t)iflags; 2912 stored_syscon_termios.c_oflag = (ushort_t)oflags; 2913 stored_syscon_termios.c_cflag = (ushort_t)cflags; 2914 stored_syscon_termios.c_lflag = (ushort_t)lflags; 2915 for (i = 0; i < 8; i++) 2916 stored_syscon_termios.c_cc[i] = (char)cc[i]; 2917 valid_format = 1; 2918 } 2919 (void) fclose(fp); 2920 2921 /* If the file is badly formatted, use the default settings. */ 2922 if (!valid_format) 2923 stored_syscon_termios = dflt_termios; 2924 } 2925 2926 /* If the file had a bad format, rewrite it later. */ 2927 return (!valid_format); 2928 } 2929 2930 2931 static void 2932 write_ioctl_syscon() 2933 { 2934 FILE *fp; 2935 int i; 2936 2937 (void) unlink(SYSCON); 2938 (void) link(SYSTTY, SYSCON); 2939 (void) umask(022); 2940 fp = fopen(IOCTLSYSCON, "w"); 2941 2942 (void) fprintf(fp, "%x:%x:%x:%x:0", stored_syscon_termios.c_iflag, 2943 stored_syscon_termios.c_oflag, stored_syscon_termios.c_cflag, 2944 stored_syscon_termios.c_lflag); 2945 for (i = 0; i < 8; ++i) 2946 (void) fprintf(fp, ":%x", stored_syscon_termios.c_cc[i]); 2947 (void) putc('\n', fp); 2948 2949 (void) fflush(fp); 2950 (void) fsync(fileno(fp)); 2951 (void) fclose(fp); 2952 (void) umask(cmask); 2953 } 2954 2955 2956 /* 2957 * void console(boolean_t, char *, ...) 2958 * Outputs the requested message to the system console. Note that the number 2959 * of arguments passed to console() should be determined by the print format. 2960 * 2961 * The "prefix" parameter indicates whether or not "INIT: " should precede the 2962 * message. 2963 * 2964 * To make sure we write to the console in a sane fashion, we use the modes 2965 * we keep in stored_syscon_termios (which we read out of /etc/ioctl.syscon). 2966 * Afterwards we restore whatever modes were already there. 2967 */ 2968 /* PRINTFLIKE2 */ 2969 static void 2970 console(boolean_t prefix, char *format, ...) 2971 { 2972 char outbuf[BUFSIZ]; 2973 va_list args; 2974 int fd, getret; 2975 struct termios old_syscon_termios; 2976 FILE *f; 2977 2978 /* 2979 * We open SYSCON anew each time in case it has changed (see 2980 * userinit()). 2981 */ 2982 if ((fd = open(SYSCON, O_RDWR | O_NOCTTY)) < 0 || 2983 (f = fdopen(fd, "r+")) == NULL) { 2984 if (prefix) 2985 syslog(LOG_WARNING, "INIT: "); 2986 va_start(args, format); 2987 vsyslog(LOG_WARNING, format, args); 2988 va_end(args); 2989 if (fd >= 0) 2990 (void) close(fd); 2991 return; 2992 } 2993 setbuf(f, &outbuf[0]); 2994 2995 getret = tcgetattr(fd, &old_syscon_termios); 2996 old_syscon_termios.c_cflag &= ~HUPCL; 2997 if (realcon()) 2998 /* Don't overwrite cflag of real console. */ 2999 stored_syscon_termios.c_cflag = old_syscon_termios.c_cflag; 3000 3001 stored_syscon_termios.c_cflag &= ~HUPCL; 3002 3003 (void) tcsetattr(fd, TCSANOW, &stored_syscon_termios); 3004 3005 if (prefix) 3006 (void) fprintf(f, "\nINIT: "); 3007 va_start(args, format); 3008 (void) vfprintf(f, format, args); 3009 va_end(args); 3010 3011 if (getret == 0) 3012 (void) tcsetattr(fd, TCSADRAIN, &old_syscon_termios); 3013 3014 (void) fclose(f); 3015 } 3016 3017 /* 3018 * timer() is a substitute for sleep() which uses alarm() and pause(). 3019 */ 3020 static void 3021 timer(int waitime) 3022 { 3023 setimer(waitime); 3024 while (time_up == FALSE) 3025 (void) pause(); 3026 } 3027 3028 static void 3029 setimer(int timelimit) 3030 { 3031 alarmclk(); 3032 (void) alarm(timelimit); 3033 time_up = (timelimit ? FALSE : TRUE); 3034 } 3035 3036 /* 3037 * Fails with 3038 * ENOMEM - out of memory 3039 * ECONNABORTED - repository connection broken 3040 * EPERM - permission denied 3041 * EACCES - backend access denied 3042 * EROFS - backend readonly 3043 */ 3044 static int 3045 get_or_add_startd(scf_instance_t *inst) 3046 { 3047 scf_handle_t *h; 3048 scf_scope_t *scope = NULL; 3049 scf_service_t *svc = NULL; 3050 int ret = 0; 3051 3052 h = scf_instance_handle(inst); 3053 3054 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 3055 NULL, NULL, SCF_DECODE_FMRI_EXACT) == 0) 3056 return (0); 3057 3058 switch (scf_error()) { 3059 case SCF_ERROR_CONNECTION_BROKEN: 3060 return (ECONNABORTED); 3061 3062 case SCF_ERROR_NOT_FOUND: 3063 break; 3064 3065 case SCF_ERROR_HANDLE_MISMATCH: 3066 case SCF_ERROR_INVALID_ARGUMENT: 3067 case SCF_ERROR_CONSTRAINT_VIOLATED: 3068 default: 3069 bad_error("scf_handle_decode_fmri", scf_error()); 3070 } 3071 3072 /* Make sure we're right, since we're adding piece-by-piece. */ 3073 assert(strcmp(SCF_SERVICE_STARTD, 3074 "svc:/system/svc/restarter:default") == 0); 3075 3076 if ((scope = scf_scope_create(h)) == NULL || 3077 (svc = scf_service_create(h)) == NULL) { 3078 ret = ENOMEM; 3079 goto out; 3080 } 3081 3082 get_scope: 3083 if (scf_handle_get_scope(h, SCF_SCOPE_LOCAL, scope) != 0) { 3084 switch (scf_error()) { 3085 case SCF_ERROR_CONNECTION_BROKEN: 3086 ret = ECONNABORTED; 3087 goto out; 3088 3089 case SCF_ERROR_NOT_FOUND: 3090 (void) fputs(gettext( 3091 "smf(5) repository missing local scope.\n"), 3092 stderr); 3093 exit(1); 3094 /* NOTREACHED */ 3095 3096 case SCF_ERROR_HANDLE_MISMATCH: 3097 case SCF_ERROR_INVALID_ARGUMENT: 3098 default: 3099 bad_error("scf_handle_get_scope", scf_error()); 3100 } 3101 } 3102 3103 get_svc: 3104 if (scf_scope_get_service(scope, "system/svc/restarter", svc) != 0) { 3105 switch (scf_error()) { 3106 case SCF_ERROR_CONNECTION_BROKEN: 3107 ret = ECONNABORTED; 3108 goto out; 3109 3110 case SCF_ERROR_DELETED: 3111 goto get_scope; 3112 3113 case SCF_ERROR_NOT_FOUND: 3114 break; 3115 3116 case SCF_ERROR_HANDLE_MISMATCH: 3117 case SCF_ERROR_INVALID_ARGUMENT: 3118 case SCF_ERROR_NOT_SET: 3119 default: 3120 bad_error("scf_scope_get_service", scf_error()); 3121 } 3122 3123 add_svc: 3124 if (scf_scope_add_service(scope, "system/svc/restarter", svc) != 3125 0) { 3126 switch (scf_error()) { 3127 case SCF_ERROR_CONNECTION_BROKEN: 3128 ret = ECONNABORTED; 3129 goto out; 3130 3131 case SCF_ERROR_EXISTS: 3132 goto get_svc; 3133 3134 case SCF_ERROR_PERMISSION_DENIED: 3135 ret = EPERM; 3136 goto out; 3137 3138 case SCF_ERROR_BACKEND_ACCESS: 3139 ret = EACCES; 3140 goto out; 3141 3142 case SCF_ERROR_BACKEND_READONLY: 3143 ret = EROFS; 3144 goto out; 3145 3146 case SCF_ERROR_HANDLE_MISMATCH: 3147 case SCF_ERROR_INVALID_ARGUMENT: 3148 case SCF_ERROR_NOT_SET: 3149 default: 3150 bad_error("scf_scope_add_service", scf_error()); 3151 } 3152 } 3153 } 3154 3155 get_inst: 3156 if (scf_service_get_instance(svc, "default", inst) != 0) { 3157 switch (scf_error()) { 3158 case SCF_ERROR_CONNECTION_BROKEN: 3159 ret = ECONNABORTED; 3160 goto out; 3161 3162 case SCF_ERROR_DELETED: 3163 goto add_svc; 3164 3165 case SCF_ERROR_NOT_FOUND: 3166 break; 3167 3168 case SCF_ERROR_HANDLE_MISMATCH: 3169 case SCF_ERROR_INVALID_ARGUMENT: 3170 case SCF_ERROR_NOT_SET: 3171 default: 3172 bad_error("scf_service_get_instance", scf_error()); 3173 } 3174 3175 if (scf_service_add_instance(svc, "default", inst) != 3176 0) { 3177 switch (scf_error()) { 3178 case SCF_ERROR_CONNECTION_BROKEN: 3179 ret = ECONNABORTED; 3180 goto out; 3181 3182 case SCF_ERROR_DELETED: 3183 goto add_svc; 3184 3185 case SCF_ERROR_EXISTS: 3186 goto get_inst; 3187 3188 case SCF_ERROR_PERMISSION_DENIED: 3189 ret = EPERM; 3190 goto out; 3191 3192 case SCF_ERROR_BACKEND_ACCESS: 3193 ret = EACCES; 3194 goto out; 3195 3196 case SCF_ERROR_BACKEND_READONLY: 3197 ret = EROFS; 3198 goto out; 3199 3200 case SCF_ERROR_HANDLE_MISMATCH: 3201 case SCF_ERROR_INVALID_ARGUMENT: 3202 case SCF_ERROR_NOT_SET: 3203 default: 3204 bad_error("scf_service_add_instance", 3205 scf_error()); 3206 } 3207 } 3208 } 3209 3210 ret = 0; 3211 3212 out: 3213 scf_service_destroy(svc); 3214 scf_scope_destroy(scope); 3215 return (ret); 3216 } 3217 3218 /* 3219 * Fails with 3220 * ECONNABORTED - repository connection broken 3221 * ECANCELED - the transaction's property group was deleted 3222 */ 3223 static int 3224 transaction_add_set(scf_transaction_t *tx, scf_transaction_entry_t *ent, 3225 const char *pname, scf_type_t type) 3226 { 3227 change_type: 3228 if (scf_transaction_property_change_type(tx, ent, pname, type) == 0) 3229 return (0); 3230 3231 switch (scf_error()) { 3232 case SCF_ERROR_CONNECTION_BROKEN: 3233 return (ECONNABORTED); 3234 3235 case SCF_ERROR_DELETED: 3236 return (ECANCELED); 3237 3238 case SCF_ERROR_NOT_FOUND: 3239 goto new; 3240 3241 case SCF_ERROR_HANDLE_MISMATCH: 3242 case SCF_ERROR_INVALID_ARGUMENT: 3243 case SCF_ERROR_NOT_BOUND: 3244 case SCF_ERROR_NOT_SET: 3245 default: 3246 bad_error("scf_transaction_property_change_type", scf_error()); 3247 } 3248 3249 new: 3250 if (scf_transaction_property_new(tx, ent, pname, type) == 0) 3251 return (0); 3252 3253 switch (scf_error()) { 3254 case SCF_ERROR_CONNECTION_BROKEN: 3255 return (ECONNABORTED); 3256 3257 case SCF_ERROR_DELETED: 3258 return (ECANCELED); 3259 3260 case SCF_ERROR_EXISTS: 3261 goto change_type; 3262 3263 case SCF_ERROR_HANDLE_MISMATCH: 3264 case SCF_ERROR_INVALID_ARGUMENT: 3265 case SCF_ERROR_NOT_BOUND: 3266 case SCF_ERROR_NOT_SET: 3267 default: 3268 bad_error("scf_transaction_property_new", scf_error()); 3269 /* NOTREACHED */ 3270 } 3271 } 3272 3273 static void 3274 scferr(void) 3275 { 3276 switch (scf_error()) { 3277 case SCF_ERROR_NO_MEMORY: 3278 console(B_TRUE, gettext("Out of memory.\n")); 3279 break; 3280 3281 case SCF_ERROR_CONNECTION_BROKEN: 3282 console(B_TRUE, gettext( 3283 "Connection to smf(5) repository server broken.\n")); 3284 break; 3285 3286 case SCF_ERROR_NO_RESOURCES: 3287 console(B_TRUE, gettext( 3288 "smf(5) repository server is out of memory.\n")); 3289 break; 3290 3291 case SCF_ERROR_PERMISSION_DENIED: 3292 console(B_TRUE, gettext("Insufficient privileges.\n")); 3293 break; 3294 3295 default: 3296 console(B_TRUE, gettext("libscf error: %s\n"), 3297 scf_strerror(scf_error())); 3298 } 3299 } 3300 3301 static void 3302 lscf_set_runlevel(char rl) 3303 { 3304 scf_handle_t *h; 3305 scf_instance_t *inst = NULL; 3306 scf_propertygroup_t *pg = NULL; 3307 scf_transaction_t *tx = NULL; 3308 scf_transaction_entry_t *ent = NULL; 3309 scf_value_t *val = NULL; 3310 char buf[2]; 3311 int r; 3312 3313 h = scf_handle_create(SCF_VERSION); 3314 if (h == NULL) { 3315 scferr(); 3316 return; 3317 } 3318 3319 if (scf_handle_bind(h) != 0) { 3320 switch (scf_error()) { 3321 case SCF_ERROR_NO_SERVER: 3322 console(B_TRUE, 3323 gettext("smf(5) repository server not running.\n")); 3324 goto bail; 3325 3326 default: 3327 scferr(); 3328 goto bail; 3329 } 3330 } 3331 3332 if ((inst = scf_instance_create(h)) == NULL || 3333 (pg = scf_pg_create(h)) == NULL || 3334 (val = scf_value_create(h)) == NULL || 3335 (tx = scf_transaction_create(h)) == NULL || 3336 (ent = scf_entry_create(h)) == NULL) { 3337 scferr(); 3338 goto bail; 3339 } 3340 3341 get_inst: 3342 r = get_or_add_startd(inst); 3343 switch (r) { 3344 case 0: 3345 break; 3346 3347 case ENOMEM: 3348 case ECONNABORTED: 3349 case EPERM: 3350 case EACCES: 3351 case EROFS: 3352 scferr(); 3353 goto bail; 3354 default: 3355 bad_error("get_or_add_startd", r); 3356 } 3357 3358 get_pg: 3359 if (scf_instance_get_pg(inst, SCF_PG_OPTIONS_OVR, pg) != 0) { 3360 switch (scf_error()) { 3361 case SCF_ERROR_CONNECTION_BROKEN: 3362 scferr(); 3363 goto bail; 3364 3365 case SCF_ERROR_DELETED: 3366 goto get_inst; 3367 3368 case SCF_ERROR_NOT_FOUND: 3369 break; 3370 3371 case SCF_ERROR_HANDLE_MISMATCH: 3372 case SCF_ERROR_INVALID_ARGUMENT: 3373 case SCF_ERROR_NOT_SET: 3374 default: 3375 bad_error("scf_instance_get_pg", scf_error()); 3376 } 3377 3378 add_pg: 3379 if (scf_instance_add_pg(inst, SCF_PG_OPTIONS_OVR, 3380 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, pg) != 3381 0) { 3382 switch (scf_error()) { 3383 case SCF_ERROR_CONNECTION_BROKEN: 3384 case SCF_ERROR_PERMISSION_DENIED: 3385 case SCF_ERROR_BACKEND_ACCESS: 3386 scferr(); 3387 goto bail; 3388 3389 case SCF_ERROR_DELETED: 3390 goto get_inst; 3391 3392 case SCF_ERROR_EXISTS: 3393 goto get_pg; 3394 3395 case SCF_ERROR_HANDLE_MISMATCH: 3396 case SCF_ERROR_INVALID_ARGUMENT: 3397 case SCF_ERROR_NOT_SET: 3398 default: 3399 bad_error("scf_instance_add_pg", scf_error()); 3400 } 3401 } 3402 } 3403 3404 buf[0] = rl; 3405 buf[1] = '\0'; 3406 r = scf_value_set_astring(val, buf); 3407 assert(r == 0); 3408 3409 for (;;) { 3410 if (scf_transaction_start(tx, pg) != 0) { 3411 switch (scf_error()) { 3412 case SCF_ERROR_CONNECTION_BROKEN: 3413 case SCF_ERROR_PERMISSION_DENIED: 3414 case SCF_ERROR_BACKEND_ACCESS: 3415 scferr(); 3416 goto bail; 3417 3418 case SCF_ERROR_DELETED: 3419 goto add_pg; 3420 3421 case SCF_ERROR_HANDLE_MISMATCH: 3422 case SCF_ERROR_NOT_BOUND: 3423 case SCF_ERROR_IN_USE: 3424 case SCF_ERROR_NOT_SET: 3425 default: 3426 bad_error("scf_transaction_start", scf_error()); 3427 } 3428 } 3429 3430 r = transaction_add_set(tx, ent, "runlevel", SCF_TYPE_ASTRING); 3431 switch (r) { 3432 case 0: 3433 break; 3434 3435 case ECONNABORTED: 3436 scferr(); 3437 goto bail; 3438 3439 case ECANCELED: 3440 scf_transaction_reset(tx); 3441 goto add_pg; 3442 3443 default: 3444 bad_error("transaction_add_set", r); 3445 } 3446 3447 r = scf_entry_add_value(ent, val); 3448 assert(r == 0); 3449 3450 r = scf_transaction_commit(tx); 3451 if (r == 1) 3452 break; 3453 3454 if (r != 0) { 3455 switch (scf_error()) { 3456 case SCF_ERROR_CONNECTION_BROKEN: 3457 case SCF_ERROR_PERMISSION_DENIED: 3458 case SCF_ERROR_BACKEND_ACCESS: 3459 case SCF_ERROR_BACKEND_READONLY: 3460 scferr(); 3461 goto bail; 3462 3463 case SCF_ERROR_DELETED: 3464 scf_transaction_reset(tx); 3465 goto add_pg; 3466 3467 case SCF_ERROR_INVALID_ARGUMENT: 3468 case SCF_ERROR_NOT_BOUND: 3469 case SCF_ERROR_NOT_SET: 3470 default: 3471 bad_error("scf_transaction_commit", 3472 scf_error()); 3473 } 3474 } 3475 3476 scf_transaction_reset(tx); 3477 (void) scf_pg_update(pg); 3478 } 3479 3480 bail: 3481 scf_transaction_destroy(tx); 3482 scf_entry_destroy(ent); 3483 scf_value_destroy(val); 3484 scf_pg_destroy(pg); 3485 scf_instance_destroy(inst); 3486 3487 (void) scf_handle_unbind(h); 3488 scf_handle_destroy(h); 3489 } 3490 3491 /* 3492 * Function to handle requests from users to main init running as process 1. 3493 */ 3494 static void 3495 userinit(int argc, char **argv) 3496 { 3497 FILE *fp; 3498 char *ln; 3499 int init_signal; 3500 struct stat sconbuf, conbuf; 3501 const char *usage_msg = "Usage: init [0123456SsQqabc]\n"; 3502 3503 /* 3504 * We are a user invoked init. Is there an argument and is it 3505 * a single character? If not, print usage message and quit. 3506 */ 3507 if (argc != 2 || argv[1][1] != '\0') { 3508 (void) fprintf(stderr, usage_msg); 3509 exit(0); 3510 } 3511 3512 if ((init_signal = lvlname_to_state((char)argv[1][0])) == -1) { 3513 (void) fprintf(stderr, usage_msg); 3514 (void) audit_put_record(ADT_FAILURE, ADT_FAIL_VALUE_BAD_CMD, 3515 argv[1]); 3516 exit(1); 3517 } 3518 3519 if (init_signal == SINGLE_USER) { 3520 /* 3521 * Make sure this process is talking to a legal tty line 3522 * and that /dev/syscon is linked to this line. 3523 */ 3524 ln = ttyname(0); /* Get the name of tty */ 3525 if (ln == NULL) { 3526 (void) fprintf(stderr, 3527 "Standard input not a tty line\n"); 3528 (void) audit_put_record(ADT_FAILURE, 3529 ADT_FAIL_VALUE_BAD_TTY, argv[1]); 3530 exit(1); 3531 } 3532 3533 if ((stat(ln, &sconbuf) != -1) && 3534 (stat(SYSCON, &conbuf) == -1 || 3535 sconbuf.st_rdev != conbuf.st_rdev)) { 3536 /* 3537 * /dev/syscon needs to change. 3538 * Unlink /dev/syscon and relink it to the current line. 3539 */ 3540 if (lstat(SYSCON, &conbuf) != -1 && 3541 unlink(SYSCON) == FAILURE) { 3542 perror("Can't unlink /dev/syscon"); 3543 (void) fprintf(stderr, 3544 "Run command on the system console.\n"); 3545 (void) audit_put_record(ADT_FAILURE, 3546 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3547 exit(1); 3548 } 3549 if (symlink(ln, SYSCON) == FAILURE) { 3550 (void) fprintf(stderr, 3551 "Can't symlink /dev/syscon to %s: %s", ln, 3552 strerror(errno)); 3553 3554 /* Try to leave a syscon */ 3555 (void) link(SYSTTY, SYSCON); 3556 (void) audit_put_record(ADT_FAILURE, 3557 ADT_FAIL_VALUE_PROGRAM, argv[1]); 3558 exit(1); 3559 } 3560 3561 /* 3562 * Try to leave a message on system console saying where 3563 * /dev/syscon is currently connected. 3564 */ 3565 if ((fp = fopen(SYSTTY, "r+")) != NULL) { 3566 (void) fprintf(fp, 3567 "\n**** SYSCON CHANGED TO %s ****\n", 3568 ln); 3569 (void) fclose(fp); 3570 } 3571 } 3572 } 3573 3574 update_boot_archive(init_signal); 3575 3576 (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]); 3577 3578 /* 3579 * Signal init; init will take care of telling svc.startd. 3580 */ 3581 if (kill(init_pid, init_signal) == FAILURE) { 3582 (void) fprintf(stderr, "Must be super-user\n"); 3583 (void) audit_put_record(ADT_FAILURE, 3584 ADT_FAIL_VALUE_AUTH, argv[1]); 3585 exit(1); 3586 } 3587 3588 exit(0); 3589 } 3590 3591 3592 #define DELTA 25 /* Number of pidlist elements to allocate at a time */ 3593 3594 /* ARGSUSED */ 3595 void 3596 sigpoll(int n) 3597 { 3598 struct pidrec prec; 3599 struct pidrec *p = ≺ 3600 struct pidlist *plp; 3601 struct pidlist *tp, *savetp; 3602 int i; 3603 3604 if (Pfd < 0) { 3605 return; 3606 } 3607 3608 for (;;) { 3609 /* 3610 * Important Note: Either read will really fail (in which case 3611 * return is all we can do) or will get EAGAIN (Pfd was opened 3612 * O_NDELAY), in which case we also want to return. 3613 * Always return from here! 3614 */ 3615 if (read(Pfd, p, sizeof (struct pidrec)) != 3616 sizeof (struct pidrec)) { 3617 return; 3618 } 3619 switch (p->pd_type) { 3620 3621 case ADDPID: 3622 /* 3623 * New "godchild", add to list. 3624 */ 3625 if (Plfree == NULL) { 3626 plp = (struct pidlist *)calloc(DELTA, 3627 sizeof (struct pidlist)); 3628 if (plp == NULL) { 3629 /* Can't save pid */ 3630 break; 3631 } 3632 /* 3633 * Point at 2nd record allocated, we'll use plp. 3634 */ 3635 tp = plp + 1; 3636 /* 3637 * Link them into a chain. 3638 */ 3639 Plfree = tp; 3640 for (i = 0; i < DELTA - 2; i++) { 3641 tp->pl_next = tp + 1; 3642 tp++; 3643 } 3644 } else { 3645 plp = Plfree; 3646 Plfree = plp->pl_next; 3647 } 3648 plp->pl_pid = p->pd_pid; 3649 plp->pl_dflag = 0; 3650 plp->pl_next = NULL; 3651 /* 3652 * Note - pid list is kept in increasing order of pids. 3653 */ 3654 if (Plhead == NULL) { 3655 Plhead = plp; 3656 /* Back up to read next record */ 3657 break; 3658 } else { 3659 savetp = tp = Plhead; 3660 while (tp) { 3661 if (plp->pl_pid > tp->pl_pid) { 3662 savetp = tp; 3663 tp = tp->pl_next; 3664 continue; 3665 } else if (plp->pl_pid < tp->pl_pid) { 3666 if (tp == Plhead) { 3667 plp->pl_next = Plhead; 3668 Plhead = plp; 3669 } else { 3670 plp->pl_next = 3671 savetp->pl_next; 3672 savetp->pl_next = plp; 3673 } 3674 break; 3675 } else { 3676 /* Already in list! */ 3677 plp->pl_next = Plfree; 3678 Plfree = plp; 3679 break; 3680 } 3681 } 3682 if (tp == NULL) { 3683 /* Add to end of list */ 3684 savetp->pl_next = plp; 3685 } 3686 } 3687 /* Back up to read next record. */ 3688 break; 3689 3690 case REMPID: 3691 /* 3692 * This one was handled by someone else, 3693 * purge it from the list. 3694 */ 3695 if (Plhead == NULL) { 3696 /* Back up to read next record. */ 3697 break; 3698 } 3699 savetp = tp = Plhead; 3700 while (tp) { 3701 if (p->pd_pid > tp->pl_pid) { 3702 /* Keep on looking. */ 3703 savetp = tp; 3704 tp = tp->pl_next; 3705 continue; 3706 } else if (p->pd_pid < tp->pl_pid) { 3707 /* Not in list. */ 3708 break; 3709 } else { 3710 /* Found it. */ 3711 if (tp == Plhead) 3712 Plhead = tp->pl_next; 3713 else 3714 savetp->pl_next = tp->pl_next; 3715 tp->pl_next = Plfree; 3716 Plfree = tp; 3717 break; 3718 } 3719 } 3720 /* Back up to read next record. */ 3721 break; 3722 default: 3723 console(B_TRUE, "Bad message on initpipe\n"); 3724 break; 3725 } 3726 } 3727 } 3728 3729 3730 static void 3731 cleanaux() 3732 { 3733 struct pidlist *savep, *p; 3734 pid_t pid; 3735 short status; 3736 3737 (void) sigset(SIGCLD, SIG_DFL); 3738 Gchild = 0; /* Note - Safe to do this here since no SIGCLDs */ 3739 (void) sighold(SIGPOLL); 3740 savep = p = Plhead; 3741 while (p) { 3742 if (p->pl_dflag) { 3743 /* 3744 * Found an entry to delete, 3745 * remove it from list first. 3746 */ 3747 pid = p->pl_pid; 3748 status = p->pl_exit; 3749 if (p == Plhead) { 3750 Plhead = p->pl_next; 3751 p->pl_next = Plfree; 3752 Plfree = p; 3753 savep = p = Plhead; 3754 } else { 3755 savep->pl_next = p->pl_next; 3756 p->pl_next = Plfree; 3757 Plfree = p; 3758 p = savep->pl_next; 3759 } 3760 clearent(pid, status); 3761 continue; 3762 } 3763 savep = p; 3764 p = p->pl_next; 3765 } 3766 (void) sigrelse(SIGPOLL); 3767 (void) sigset(SIGCLD, childeath); 3768 } 3769 3770 3771 /* 3772 * /etc/inittab has more entries and we have run out of room in the proc_table 3773 * array. Double the size of proc_table to accomodate the extra entries. 3774 */ 3775 static void 3776 increase_proc_table_size() 3777 { 3778 sigset_t block, unblock; 3779 void *ptr; 3780 size_t delta = num_proc * sizeof (struct PROC_TABLE); 3781 3782 3783 /* 3784 * Block signals for realloc. 3785 */ 3786 (void) sigfillset(&block); 3787 (void) sigprocmask(SIG_BLOCK, &block, &unblock); 3788 3789 3790 /* 3791 * On failure we just return because callers of this function check 3792 * for failure. 3793 */ 3794 do 3795 ptr = realloc(g_state, g_state_sz + delta); 3796 while (ptr == NULL && errno == EAGAIN); 3797 3798 if (ptr != NULL) { 3799 /* ensure that the new part is initialized to zero */ 3800 bzero((caddr_t)ptr + g_state_sz, delta); 3801 3802 g_state = ptr; 3803 g_state_sz += delta; 3804 num_proc <<= 1; 3805 } 3806 3807 3808 /* unblock our signals before returning */ 3809 (void) sigprocmask(SIG_SETMASK, &unblock, NULL); 3810 } 3811 3812 3813 3814 /* 3815 * Sanity check g_state. 3816 */ 3817 static int 3818 st_sane() 3819 { 3820 int i; 3821 struct PROC_TABLE *ptp; 3822 3823 3824 /* Note: cur_state is encoded as a signal number */ 3825 if (cur_state < 1 || cur_state == 9 || cur_state > 13) 3826 return (0); 3827 3828 /* Check num_proc */ 3829 if (g_state_sz != sizeof (struct init_state) + (num_proc - 1) * 3830 sizeof (struct PROC_TABLE)) 3831 return (0); 3832 3833 /* Check proc_table */ 3834 for (i = 0, ptp = proc_table; i < num_proc; ++i, ++ptp) { 3835 /* skip unoccupied entries */ 3836 if (!(ptp->p_flags & OCCUPIED)) 3837 continue; 3838 3839 /* p_flags has no bits outside of PF_MASK */ 3840 if (ptp->p_flags & ~(PF_MASK)) 3841 return (0); 3842 3843 /* 5 <= pid <= MAXPID */ 3844 if (ptp->p_pid < 5 || ptp->p_pid > MAXPID) 3845 return (0); 3846 3847 /* p_count >= 0 */ 3848 if (ptp->p_count < 0) 3849 return (0); 3850 3851 /* p_time >= 0 */ 3852 if (ptp->p_time < 0) 3853 return (0); 3854 } 3855 3856 return (1); 3857 } 3858 3859 /* 3860 * Initialize our state. 3861 * 3862 * If the system just booted, then init_state_file, which is located on an 3863 * everpresent tmpfs filesystem, should not exist. 3864 * 3865 * If we were restarted, then init_state_file should exist, in 3866 * which case we'll read it in, sanity check it, and use it. 3867 * 3868 * Note: You can't call console() until proc_table is ready. 3869 */ 3870 void 3871 st_init() 3872 { 3873 struct stat stb; 3874 int ret, st_fd, insane = 0; 3875 size_t to_be_read; 3876 char *ptr; 3877 3878 3879 booting = 1; 3880 3881 do { 3882 /* 3883 * If we can exclusively create the file, then we're the 3884 * initial invocation of init(1M). 3885 */ 3886 st_fd = open(init_state_file, O_RDWR | O_CREAT | O_EXCL, 3887 S_IRUSR | S_IWUSR); 3888 } while (st_fd == -1 && errno == EINTR); 3889 if (st_fd != -1) 3890 goto new_state; 3891 3892 booting = 0; 3893 3894 do { 3895 st_fd = open(init_state_file, O_RDWR, S_IRUSR | S_IWUSR); 3896 } while (st_fd == -1 && errno == EINTR); 3897 if (st_fd == -1) 3898 goto new_state; 3899 3900 /* Get the size of the file. */ 3901 do 3902 ret = fstat(st_fd, &stb); 3903 while (ret == -1 && errno == EINTR); 3904 if (ret == -1) 3905 goto new_state; 3906 3907 do 3908 g_state = malloc(stb.st_size); 3909 while (g_state == NULL && errno == EAGAIN); 3910 if (g_state == NULL) 3911 goto new_state; 3912 3913 to_be_read = stb.st_size; 3914 ptr = (char *)g_state; 3915 while (to_be_read > 0) { 3916 ssize_t read_ret; 3917 3918 read_ret = read(st_fd, ptr, to_be_read); 3919 if (read_ret < 0) { 3920 if (errno == EINTR) 3921 continue; 3922 3923 goto new_state; 3924 } 3925 3926 to_be_read -= read_ret; 3927 ptr += read_ret; 3928 } 3929 3930 (void) close(st_fd); 3931 3932 g_state_sz = stb.st_size; 3933 3934 if (st_sane()) { 3935 console(B_TRUE, "Restarting.\n"); 3936 return; 3937 } 3938 3939 insane = 1; 3940 3941 new_state: 3942 if (st_fd >= 0) 3943 (void) close(st_fd); 3944 else 3945 (void) unlink(init_state_file); 3946 3947 if (g_state != NULL) 3948 free(g_state); 3949 3950 /* Something went wrong, so allocate new state. */ 3951 g_state_sz = sizeof (struct init_state) + 3952 ((init_num_proc - 1) * sizeof (struct PROC_TABLE)); 3953 do 3954 g_state = calloc(1, g_state_sz); 3955 while (g_state == NULL && errno == EAGAIN); 3956 if (g_state == NULL) { 3957 /* Fatal error! */ 3958 exit(errno); 3959 } 3960 3961 g_state->ist_runlevel = -1; 3962 num_proc = init_num_proc; 3963 3964 if (!booting) { 3965 console(B_TRUE, "Restarting.\n"); 3966 3967 /* Overwrite the bad state file. */ 3968 st_write(); 3969 3970 if (!insane) { 3971 console(B_TRUE, 3972 "Error accessing persistent state file `%s'. " 3973 "Ignored.\n", init_state_file); 3974 } else { 3975 console(B_TRUE, 3976 "Persistent state file `%s' is invalid and was " 3977 "ignored.\n", init_state_file); 3978 } 3979 } 3980 } 3981 3982 /* 3983 * Write g_state out to the state file. 3984 */ 3985 void 3986 st_write() 3987 { 3988 static int complained = 0; 3989 3990 int st_fd; 3991 char *cp; 3992 size_t sz; 3993 ssize_t ret; 3994 3995 3996 do { 3997 st_fd = open(init_next_state_file, 3998 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); 3999 } while (st_fd < 0 && errno == EINTR); 4000 if (st_fd < 0) 4001 goto err; 4002 4003 cp = (char *)g_state; 4004 sz = g_state_sz; 4005 while (sz > 0) { 4006 ret = write(st_fd, cp, sz); 4007 if (ret < 0) { 4008 if (errno == EINTR) 4009 continue; 4010 4011 goto err; 4012 } 4013 4014 sz -= ret; 4015 cp += ret; 4016 } 4017 4018 (void) close(st_fd); 4019 st_fd = -1; 4020 if (rename(init_next_state_file, init_state_file)) { 4021 (void) unlink(init_next_state_file); 4022 goto err; 4023 } 4024 complained = 0; 4025 4026 return; 4027 4028 err: 4029 if (st_fd >= 0) 4030 (void) close(st_fd); 4031 4032 if (!booting && !complained) { 4033 /* 4034 * Only complain after the filesystem should have come up. 4035 * And only do it once so we don't loop between console() 4036 * & efork(). 4037 */ 4038 complained = 1; 4039 if (st_fd) 4040 console(B_TRUE, "Couldn't write persistent state " 4041 "file `%s'.\n", init_state_file); 4042 else 4043 console(B_TRUE, "Couldn't move persistent state " 4044 "file `%s' to `%s'.\n", init_next_state_file, 4045 init_state_file); 4046 } 4047 } 4048 4049 /* 4050 * Create a contract with these parameters. 4051 */ 4052 static int 4053 contract_make_template(uint_t info, uint_t critical, uint_t fatal, 4054 uint64_t cookie) 4055 { 4056 int fd, err; 4057 4058 char *ioctl_tset_emsg = 4059 "Couldn't set \"%s\" contract template parameter: %s.\n"; 4060 4061 do 4062 fd = open64(CTFS_ROOT "/process/template", O_RDWR); 4063 while (fd < 0 && errno == EINTR); 4064 if (fd < 0) { 4065 console(B_TRUE, "Couldn't create process template: %s.\n", 4066 strerror(errno)); 4067 return (-1); 4068 } 4069 4070 if (err = ct_pr_tmpl_set_param(fd, CT_PR_INHERIT | CT_PR_REGENT)) 4071 console(B_TRUE, "Contract set template inherit, regent " 4072 "failed.\n"); 4073 4074 /* 4075 * These errors result in a misconfigured template, which is better 4076 * than no template at all, so warn but don't abort. 4077 */ 4078 if (err = ct_tmpl_set_informative(fd, info)) 4079 console(B_TRUE, ioctl_tset_emsg, "informative", strerror(err)); 4080 4081 if (err = ct_tmpl_set_critical(fd, critical)) 4082 console(B_TRUE, ioctl_tset_emsg, "critical", strerror(err)); 4083 4084 if (err = ct_pr_tmpl_set_fatal(fd, fatal)) 4085 console(B_TRUE, ioctl_tset_emsg, "fatal", strerror(err)); 4086 4087 if (err = ct_tmpl_set_cookie(fd, cookie)) 4088 console(B_TRUE, ioctl_tset_emsg, "cookie", strerror(err)); 4089 4090 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4091 4092 return (fd); 4093 } 4094 4095 /* 4096 * Create the templates and open an event file descriptor. We use dup2(2) to 4097 * get these descriptors away from the stdin/stdout/stderr group. 4098 */ 4099 static void 4100 contracts_init() 4101 { 4102 int err, fd; 4103 4104 /* 4105 * Create & configure a legacy template. We only want empty events so 4106 * we know when to abandon them. 4107 */ 4108 legacy_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, CT_PR_EV_HWERR, 4109 ORDINARY_COOKIE); 4110 if (legacy_tmpl >= 0) { 4111 err = ct_tmpl_activate(legacy_tmpl); 4112 if (err != 0) { 4113 (void) close(legacy_tmpl); 4114 legacy_tmpl = -1; 4115 console(B_TRUE, 4116 "Couldn't activate legacy template (%s); " 4117 "legacy services will be in init's contract.\n", 4118 strerror(err)); 4119 } 4120 } else 4121 console(B_TRUE, 4122 "Legacy services will be in init's contract.\n"); 4123 4124 if (dup2(legacy_tmpl, 255) == -1) { 4125 console(B_TRUE, "Could not duplicate legacy template: %s.\n", 4126 strerror(errno)); 4127 } else { 4128 (void) close(legacy_tmpl); 4129 legacy_tmpl = 255; 4130 } 4131 4132 (void) fcntl(legacy_tmpl, F_SETFD, FD_CLOEXEC); 4133 4134 startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4135 CT_PR_EV_HWERR | CT_PR_EV_SIGNAL | CT_PR_EV_CORE, STARTD_COOKIE); 4136 4137 if (dup2(startd_tmpl, 254) == -1) { 4138 console(B_TRUE, "Could not duplicate startd template: %s.\n", 4139 strerror(errno)); 4140 } else { 4141 (void) close(startd_tmpl); 4142 startd_tmpl = 254; 4143 } 4144 4145 (void) fcntl(startd_tmpl, F_SETFD, FD_CLOEXEC); 4146 4147 if (legacy_tmpl < 0 && startd_tmpl < 0) { 4148 /* The creation errors have already been reported. */ 4149 console(B_TRUE, 4150 "Ignoring contract events. Core smf(5) services will not " 4151 "be restarted.\n"); 4152 return; 4153 } 4154 4155 /* 4156 * Open an event endpoint. 4157 */ 4158 do 4159 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY); 4160 while (fd < 0 && errno == EINTR); 4161 if (fd < 0) { 4162 console(B_TRUE, 4163 "Couldn't open process pbundle: %s. Core smf(5) services " 4164 "will not be restarted.\n", strerror(errno)); 4165 return; 4166 } 4167 4168 if (dup2(fd, 253) == -1) { 4169 console(B_TRUE, "Could not duplicate process bundle: %s.\n", 4170 strerror(errno)); 4171 } else { 4172 (void) close(fd); 4173 fd = 253; 4174 } 4175 4176 (void) fcntl(fd, F_SETFD, FD_CLOEXEC); 4177 4178 /* Reset in case we've been restarted. */ 4179 (void) ct_event_reset(fd); 4180 4181 poll_fds[0].fd = fd; 4182 poll_fds[0].events = POLLIN; 4183 poll_nfds = 1; 4184 } 4185 4186 static int 4187 contract_getfile(ctid_t id, const char *name, int oflag) 4188 { 4189 int fd; 4190 4191 do 4192 fd = contract_open(id, "process", name, oflag); 4193 while (fd < 0 && errno == EINTR); 4194 4195 if (fd < 0) 4196 console(B_TRUE, "Couldn't open %s for contract %ld: %s.\n", 4197 name, id, strerror(errno)); 4198 4199 return (fd); 4200 } 4201 4202 static int 4203 contract_cookie(ctid_t id, uint64_t *cp) 4204 { 4205 int fd, err; 4206 ct_stathdl_t sh; 4207 4208 fd = contract_getfile(id, "status", O_RDONLY); 4209 if (fd < 0) 4210 return (-1); 4211 4212 err = ct_status_read(fd, CTD_COMMON, &sh); 4213 if (err != 0) { 4214 console(B_TRUE, "Couldn't read status of contract %ld: %s.\n", 4215 id, strerror(err)); 4216 (void) close(fd); 4217 return (-1); 4218 } 4219 4220 (void) close(fd); 4221 4222 *cp = ct_status_get_cookie(sh); 4223 4224 ct_status_free(sh); 4225 return (0); 4226 } 4227 4228 static void 4229 contract_ack(ct_evthdl_t e) 4230 { 4231 int fd; 4232 4233 if (ct_event_get_flags(e) & CTE_INFO) 4234 return; 4235 4236 fd = contract_getfile(ct_event_get_ctid(e), "ctl", O_WRONLY); 4237 if (fd < 0) 4238 return; 4239 4240 (void) ct_ctl_ack(fd, ct_event_get_evid(e)); 4241 (void) close(fd); 4242 } 4243 4244 /* 4245 * Process a contract event. 4246 */ 4247 static void 4248 contract_event(struct pollfd *poll) 4249 { 4250 ct_evthdl_t e; 4251 int err; 4252 ctid_t ctid; 4253 4254 if (!(poll->revents & POLLIN)) { 4255 if (poll->revents & POLLERR) 4256 console(B_TRUE, 4257 "Unknown poll error on my process contract " 4258 "pbundle.\n"); 4259 return; 4260 } 4261 4262 err = ct_event_read(poll->fd, &e); 4263 if (err != 0) { 4264 console(B_TRUE, "Error retrieving contract event: %s.\n", 4265 strerror(err)); 4266 return; 4267 } 4268 4269 ctid = ct_event_get_ctid(e); 4270 4271 if (ct_event_get_type(e) == CT_PR_EV_EMPTY) { 4272 uint64_t cookie; 4273 int ret, abandon = 1; 4274 4275 /* If it's svc.startd, restart it. Else, abandon. */ 4276 ret = contract_cookie(ctid, &cookie); 4277 4278 if (ret == 0) { 4279 if (cookie == STARTD_COOKIE && 4280 do_restart_startd) { 4281 if (smf_debug) 4282 console(B_TRUE, "Restarting " 4283 "svc.startd.\n"); 4284 4285 /* 4286 * Account for the failure. If the failure rate 4287 * exceeds a threshold, then drop to maintenance 4288 * mode. 4289 */ 4290 startd_record_failure(); 4291 if (startd_failure_rate_critical()) 4292 enter_maintenance(); 4293 4294 if (startd_tmpl < 0) 4295 console(B_TRUE, 4296 "Restarting svc.startd in " 4297 "improper contract (bad " 4298 "template).\n"); 4299 4300 (void) startd_run(startd_cline, startd_tmpl, 4301 ctid); 4302 4303 abandon = 0; 4304 } 4305 } 4306 4307 if (abandon && (err = contract_abandon_id(ctid))) { 4308 console(B_TRUE, "Couldn't abandon contract %ld: %s.\n", 4309 ctid, strerror(err)); 4310 } 4311 4312 /* 4313 * No need to acknowledge the event since either way the 4314 * originating contract should be abandoned. 4315 */ 4316 } else { 4317 console(B_TRUE, 4318 "Received contract event of unexpected type %d from " 4319 "contract %ld.\n", ct_event_get_type(e), ctid); 4320 4321 if ((ct_event_get_flags(e) & (CTE_INFO | CTE_ACK)) == 0) 4322 /* Allow unexpected critical events to be released. */ 4323 contract_ack(e); 4324 } 4325 4326 ct_event_free(e); 4327 } 4328 4329 /* 4330 * svc.startd(1M) Management 4331 */ 4332 4333 /* 4334 * (Re)start svc.startd(1M). old_ctid should be the contract ID of the old 4335 * contract, or 0 if we're starting it for the first time. If wait is true 4336 * we'll wait for and return the exit value of the child. 4337 */ 4338 static int 4339 startd_run(const char *cline, int tmpl, ctid_t old_ctid) 4340 { 4341 int err, i, ret, did_activate; 4342 pid_t pid; 4343 struct stat sb; 4344 4345 if (cline[0] == '\0') 4346 return (-1); 4347 4348 /* 4349 * Don't restart startd if the system is rebooting or shutting down. 4350 */ 4351 do { 4352 ret = stat("/etc/svc/volatile/resetting", &sb); 4353 } while (ret == -1 && errno == EINTR); 4354 4355 if (ret == 0) { 4356 if (smf_debug) 4357 console(B_TRUE, "Quiescing for reboot.\n"); 4358 (void) pause(); 4359 return (-1); 4360 } 4361 4362 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4363 if (err == EINVAL) { 4364 console(B_TRUE, "Remake startd_tmpl; reattempt transfer.\n"); 4365 tmpl = startd_tmpl = contract_make_template(0, CT_PR_EV_EMPTY, 4366 CT_PR_EV_HWERR, STARTD_COOKIE); 4367 4368 err = ct_pr_tmpl_set_transfer(tmpl, old_ctid); 4369 } 4370 if (err != 0) { 4371 console(B_TRUE, 4372 "Couldn't set transfer parameter of contract template: " 4373 "%s.\n", strerror(err)); 4374 } 4375 4376 did_activate = !(ct_tmpl_activate(tmpl)); 4377 if (!did_activate) 4378 console(B_TRUE, 4379 "Template activation failed; not starting \"%s\" in " 4380 "proper contract.\n", cline); 4381 4382 /* Hold SIGCHLD so we can wait if necessary. */ 4383 (void) sighold(SIGCHLD); 4384 4385 while ((pid = fork()) < 0) { 4386 if (errno == EPERM) { 4387 console(B_TRUE, "Insufficient permission to fork.\n"); 4388 4389 /* Now that's a doozy. */ 4390 exit(1); 4391 } 4392 4393 console(B_TRUE, 4394 "fork() for svc.startd failed: %s. Will retry in 1 " 4395 "second...\n", strerror(errno)); 4396 4397 (void) sleep(1); 4398 4399 /* Eventually give up? */ 4400 } 4401 4402 if (pid == 0) { 4403 /* child */ 4404 4405 /* See the comment in efork() */ 4406 for (i = SIGHUP; i <= SIGRTMAX; ++i) { 4407 if (i == SIGTTOU || i == SIGTTIN || i == SIGTSTP) 4408 (void) sigset(i, SIG_IGN); 4409 else 4410 (void) sigset(i, SIG_DFL); 4411 } 4412 4413 if (smf_options != NULL) { 4414 /* Put smf_options in the environment. */ 4415 glob_envp[glob_envn] = 4416 malloc(sizeof ("SMF_OPTIONS=") - 1 + 4417 strlen(smf_options) + 1); 4418 4419 if (glob_envp[glob_envn] != NULL) { 4420 /* LINTED */ 4421 (void) sprintf(glob_envp[glob_envn], 4422 "SMF_OPTIONS=%s", smf_options); 4423 glob_envp[glob_envn+1] = NULL; 4424 } else { 4425 console(B_TRUE, 4426 "Could not set SMF_OPTIONS (%s).\n", 4427 strerror(errno)); 4428 } 4429 } 4430 4431 if (smf_debug) 4432 console(B_TRUE, "Executing svc.startd\n"); 4433 4434 (void) execle(SH, "INITSH", "-c", cline, NULL, glob_envp); 4435 4436 console(B_TRUE, "Could not exec \"%s\" (%s).\n", SH, 4437 strerror(errno)); 4438 4439 exit(1); 4440 } 4441 4442 /* parent */ 4443 4444 if (did_activate) { 4445 if (legacy_tmpl < 0 || ct_tmpl_activate(legacy_tmpl) != 0) 4446 (void) ct_tmpl_clear(tmpl); 4447 } 4448 4449 /* Clear the old_ctid reference so the kernel can reclaim it. */ 4450 if (old_ctid != 0) 4451 (void) ct_pr_tmpl_set_transfer(tmpl, 0); 4452 4453 (void) sigrelse(SIGCHLD); 4454 4455 return (0); 4456 } 4457 4458 /* 4459 * void startd_record_failure(void) 4460 * Place the current time in our circular array of svc.startd failures. 4461 */ 4462 void 4463 startd_record_failure() 4464 { 4465 int index = startd_failure_index++ % NSTARTD_FAILURE_TIMES; 4466 4467 startd_failure_time[index] = gethrtime(); 4468 } 4469 4470 /* 4471 * int startd_failure_rate_critical(void) 4472 * Return true if the average failure interval is less than the permitted 4473 * interval. Implicit success if insufficient measurements for an average 4474 * exist. 4475 */ 4476 int 4477 startd_failure_rate_critical() 4478 { 4479 int n = startd_failure_index; 4480 hrtime_t avg_ns = 0; 4481 4482 if (startd_failure_index < NSTARTD_FAILURE_TIMES) 4483 return (0); 4484 4485 avg_ns = 4486 (startd_failure_time[(n - 1) % NSTARTD_FAILURE_TIMES] - 4487 startd_failure_time[n % NSTARTD_FAILURE_TIMES]) / 4488 NSTARTD_FAILURE_TIMES; 4489 4490 return (avg_ns < STARTD_FAILURE_RATE_NS); 4491 } 4492 4493 /* 4494 * returns string that must be free'd 4495 */ 4496 4497 static char 4498 *audit_boot_msg() 4499 { 4500 char *b, *p; 4501 char desc[] = "booted"; 4502 zoneid_t zid = getzoneid(); 4503 4504 b = malloc(sizeof (desc) + MAXNAMELEN + 3); 4505 if (b == NULL) 4506 return (b); 4507 4508 p = b; 4509 p += strlcpy(p, desc, sizeof (desc)); 4510 if (zid != GLOBAL_ZONEID) { 4511 p += strlcpy(p, ": ", 3); 4512 (void) getzonenamebyid(zid, p, MAXNAMELEN); 4513 } 4514 return (b); 4515 } 4516 4517 /* 4518 * Generate AUE_init_solaris audit record. Return 1 if 4519 * auditing is enabled in case the caller cares. 4520 * 4521 * In the case of userint() or a local zone invocation of 4522 * one_true_init, the process initially contains the audit 4523 * characteristics of the process that invoked init. The first pass 4524 * through here uses those characteristics then for the case of 4525 * one_true_init in a local zone, clears them so subsequent system 4526 * state changes won't be attributed to the person who booted the 4527 * zone. 4528 */ 4529 static int 4530 audit_put_record(int pass_fail, int status, char *msg) 4531 { 4532 adt_session_data_t *ah; 4533 adt_event_data_t *event; 4534 4535 if (!adt_audit_enabled()) 4536 return (0); 4537 4538 /* 4539 * the PROC_DATA picks up the context to tell whether this is 4540 * an attributed record (auid = -2 is unattributed) 4541 */ 4542 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) { 4543 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4544 return (1); 4545 } 4546 event = adt_alloc_event(ah, ADT_init_solaris); 4547 if (event == NULL) { 4548 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4549 (void) adt_end_session(ah); 4550 return (1); 4551 } 4552 event->adt_init_solaris.info = msg; /* NULL is ok here */ 4553 4554 if (adt_put_event(event, pass_fail, status)) { 4555 console(B_TRUE, "audit failure: %s\n", strerror(errno)); 4556 (void) adt_end_session(ah); 4557 return (1); 4558 } 4559 adt_free_event(event); 4560 4561 (void) adt_end_session(ah); 4562 4563 return (1); 4564 } 4565