1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <librestart.h> 29 #include <librestart_priv.h> 30 #include <libscf.h> 31 #include <libscf_priv.h> 32 33 #include <assert.h> 34 #include <ctype.h> 35 #include <dlfcn.h> 36 #include <errno.h> 37 #include <exec_attr.h> 38 #include <grp.h> 39 #include <libsysevent.h> 40 #include <libuutil.h> 41 #include <limits.h> 42 #include <link.h> 43 #include <malloc.h> 44 #include <pool.h> 45 #include <priv.h> 46 #include <project.h> 47 #include <pthread.h> 48 #include <pwd.h> 49 #include <secdb.h> 50 #include <signal.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <syslog.h> 54 #include <sys/corectl.h> 55 #include <sys/machelf.h> 56 #include <sys/task.h> 57 #include <sys/types.h> 58 #include <time.h> 59 #include <unistd.h> 60 61 #define walkcontext _walkcontext 62 #include <ucontext.h> 63 64 #define min(a, b) ((a) > (b) ? (b) : (a)) 65 66 #define MKW_TRUE ":true" 67 #define MKW_KILL ":kill" 68 #define MKW_KILL_PROC ":kill_process" 69 70 #define ALLOCFAIL ((char *)"Allocation failure.") 71 #define RCBROKEN ((char *)"Repository connection broken.") 72 73 #define MAX_COMMIT_RETRIES 20 74 #define MAX_COMMIT_RETRY_INT (5 * 1000000) /* 5 seconds */ 75 #define INITIAL_COMMIT_RETRY_INT (10000) /* 1/100th second */ 76 77 /* 78 * bad_fail() catches bugs in this and lower layers by reporting supposedly 79 * impossible function failures. The NDEBUG case keeps the strings out of the 80 * library but still calls abort() so we can root-cause from the coredump. 81 */ 82 #ifndef NDEBUG 83 #define bad_fail(func, err) { \ 84 (void) fprintf(stderr, \ 85 "At %s:%d, %s() failed with unexpected error %d. Aborting.\n", \ 86 __FILE__, __LINE__, (func), (err)); \ 87 abort(); \ 88 } 89 #else 90 #define bad_fail(func, err) abort() 91 #endif 92 93 struct restarter_event_handle { 94 char *reh_restarter_name; 95 char *reh_delegate_channel_name; 96 evchan_t *reh_delegate_channel; 97 char *reh_delegate_subscriber_id; 98 char *reh_master_channel_name; 99 evchan_t *reh_master_channel; 100 char *reh_master_subscriber_id; 101 int (*reh_handler)(restarter_event_t *); 102 }; 103 104 struct restarter_event { 105 sysevent_t *re_sysevent; 106 restarter_event_type_t re_type; 107 char *re_instance_name; 108 restarter_event_handle_t *re_event_handle; 109 restarter_instance_state_t re_state; 110 restarter_instance_state_t re_next_state; 111 }; 112 113 static const char * const allocfail = "Allocation failure.\n"; 114 static const char * const rcbroken = "Repository connection broken.\n"; 115 116 static int method_context_safety = 0; /* Can safely call pools/projects. */ 117 118 int ndebug = 1; 119 120 static void 121 free_restarter_event_handle(struct restarter_event_handle *h) 122 { 123 if (h == NULL) 124 return; 125 126 /* 127 * Just free the memory -- don't unbind the sysevent handle, 128 * as otherwise events may be lost if this is just a restarter 129 * restart. 130 */ 131 132 if (h->reh_restarter_name != NULL) 133 free(h->reh_restarter_name); 134 if (h->reh_delegate_channel_name != NULL) 135 free(h->reh_delegate_channel_name); 136 if (h->reh_delegate_subscriber_id != NULL) 137 free(h->reh_delegate_subscriber_id); 138 if (h->reh_master_channel_name != NULL) 139 free(h->reh_master_channel_name); 140 if (h->reh_master_subscriber_id != NULL) 141 free(h->reh_master_subscriber_id); 142 143 free(h); 144 } 145 146 static const char * 147 last_part(const char *fmri) 148 { 149 char *last_part; 150 151 last_part = strrchr(fmri, '/'); 152 last_part++; 153 assert(last_part != NULL); 154 155 return (last_part); 156 } 157 158 char * 159 _restarter_get_channel_name(const char *fmri, int type) 160 { 161 const char *name; 162 char *chan_name = malloc(MAX_CHNAME_LEN); 163 char prefix_name[3]; 164 165 if (chan_name == NULL) 166 return (NULL); 167 168 if (type == RESTARTER_CHANNEL_DELEGATE) 169 (void) strcpy(prefix_name, "d_"); 170 else if (type == RESTARTER_CHANNEL_MASTER) 171 (void) strcpy(prefix_name, "m_"); 172 else { 173 free(chan_name); 174 return (NULL); 175 } 176 177 name = last_part(fmri); 178 179 /* 180 * Should check for [a-z],[A-Z],[0-9],.,_,-,: 181 */ 182 183 if (snprintf(chan_name, MAX_CHNAME_LEN, "com.sun:scf:%s%s", 184 prefix_name, name) > MAX_CHNAME_LEN) { 185 free(chan_name); 186 return (NULL); 187 } 188 189 return (chan_name); 190 } 191 192 int 193 cb(sysevent_t *syse, void *cookie) 194 { 195 restarter_event_handle_t *h = (restarter_event_handle_t *)cookie; 196 restarter_event_t *e; 197 nvlist_t *attr_list = NULL; 198 int ret = 0; 199 200 e = uu_zalloc(sizeof (restarter_event_t)); 201 if (e == NULL) 202 uu_die(allocfail); 203 e->re_event_handle = h; 204 e->re_sysevent = syse; 205 206 if (sysevent_get_attr_list(syse, &attr_list) != 0) 207 uu_die(allocfail); 208 209 if ((nvlist_lookup_uint32(attr_list, RESTARTER_NAME_TYPE, 210 &(e->re_type)) != 0) || 211 (nvlist_lookup_string(attr_list, 212 RESTARTER_NAME_INSTANCE, &(e->re_instance_name)) != 0)) { 213 uu_warn("%s: Can't decode nvlist for event %p\n", 214 h->reh_restarter_name, (void *)syse); 215 216 ret = 0; 217 } else { 218 ret = h->reh_handler(e); 219 } 220 221 uu_free(e); 222 nvlist_free(attr_list); 223 return (ret); 224 } 225 226 /* 227 * restarter_bind_handle(uint32_t, char *, int (*)(restarter_event_t *), int, 228 * restarter_event_handle_t **) 229 * 230 * Bind to a delegated restarter event channel. 231 * Each delegated restarter gets its own channel for resource management. 232 * 233 * Returns 0 on success or 234 * ENOTSUP version mismatch 235 * EINVAL restarter_name or event_handle is NULL 236 * ENOMEM out of memory, too many channels, or too many subscriptions 237 * EBUSY sysevent_evc_bind() could not establish binding 238 * EFAULT internal sysevent_evc_bind()/sysevent_evc_subscribe() error 239 * EMFILE out of file descriptors 240 * EPERM insufficient privilege for sysevent_evc_bind() 241 * EEXIST already subscribed 242 */ 243 int 244 restarter_bind_handle(uint32_t version, const char *restarter_name, 245 int (*event_handler)(restarter_event_t *), int flags, 246 restarter_event_handle_t **rehp) 247 { 248 restarter_event_handle_t *h; 249 size_t sz; 250 int err; 251 252 if (version != RESTARTER_EVENT_VERSION) 253 return (ENOTSUP); 254 255 if (restarter_name == NULL || event_handler == NULL) 256 return (EINVAL); 257 258 if (flags & RESTARTER_FLAG_DEBUG) 259 ndebug++; 260 261 if ((h = uu_zalloc(sizeof (restarter_event_handle_t))) == NULL) 262 return (ENOMEM); 263 264 h->reh_delegate_subscriber_id = malloc(MAX_SUBID_LEN); 265 h->reh_master_subscriber_id = malloc(MAX_SUBID_LEN); 266 h->reh_restarter_name = strdup(restarter_name); 267 if (h->reh_delegate_subscriber_id == NULL || 268 h->reh_master_subscriber_id == NULL || 269 h->reh_restarter_name == NULL) { 270 free_restarter_event_handle(h); 271 return (ENOMEM); 272 } 273 274 sz = strlcpy(h->reh_delegate_subscriber_id, "del", MAX_SUBID_LEN); 275 assert(sz < MAX_SUBID_LEN); 276 sz = strlcpy(h->reh_master_subscriber_id, "master", MAX_SUBID_LEN); 277 assert(sz < MAX_SUBID_LEN); 278 279 h->reh_delegate_channel_name = 280 _restarter_get_channel_name(restarter_name, 281 RESTARTER_CHANNEL_DELEGATE); 282 h->reh_master_channel_name = 283 _restarter_get_channel_name(restarter_name, 284 RESTARTER_CHANNEL_MASTER); 285 286 if (h->reh_delegate_channel_name == NULL || 287 h->reh_master_channel_name == NULL) { 288 free_restarter_event_handle(h); 289 return (ENOMEM); 290 } 291 292 if (sysevent_evc_bind(h->reh_delegate_channel_name, 293 &h->reh_delegate_channel, EVCH_CREAT|EVCH_HOLD_PEND) != 0) { 294 err = errno; 295 assert(err != EINVAL); 296 assert(err != ENOENT); 297 free_restarter_event_handle(h); 298 return (err); 299 } 300 301 if (sysevent_evc_bind(h->reh_master_channel_name, 302 &h->reh_master_channel, EVCH_CREAT|EVCH_HOLD_PEND) != 0) { 303 err = errno; 304 assert(err != EINVAL); 305 assert(err != ENOENT); 306 free_restarter_event_handle(h); 307 return (err); 308 } 309 310 h->reh_handler = event_handler; 311 312 assert(strlen(restarter_name) <= MAX_CLASS_LEN - 1); 313 assert(strlen(h->reh_delegate_subscriber_id) <= MAX_SUBID_LEN - 1); 314 assert(strlen(h->reh_master_subscriber_id) <= MAX_SUBID_LEN - 1); 315 316 if (sysevent_evc_subscribe(h->reh_delegate_channel, 317 h->reh_delegate_subscriber_id, EC_ALL, cb, h, EVCH_SUB_KEEP) != 0) { 318 err = errno; 319 assert(err != EINVAL); 320 free_restarter_event_handle(h); 321 return (err); 322 } 323 324 *rehp = h; 325 return (0); 326 } 327 328 restarter_event_handle_t * 329 restarter_event_get_handle(restarter_event_t *e) 330 { 331 assert(e != NULL && e->re_event_handle != NULL); 332 return (e->re_event_handle); 333 } 334 335 restarter_event_type_t 336 restarter_event_get_type(restarter_event_t *e) 337 { 338 assert(e != NULL); 339 return (e->re_type); 340 } 341 342 ssize_t 343 restarter_event_get_instance(restarter_event_t *e, char *inst, size_t sz) 344 { 345 assert(e != NULL && inst != NULL); 346 return ((ssize_t)strlcpy(inst, e->re_instance_name, sz)); 347 } 348 349 int 350 restarter_event_get_current_states(restarter_event_t *e, 351 restarter_instance_state_t *state, restarter_instance_state_t *next_state) 352 { 353 if (e == NULL) 354 return (-1); 355 *state = e->re_state; 356 *next_state = e->re_next_state; 357 return (0); 358 } 359 360 /* 361 * Commit the state, next state, and auxiliary state into the repository. 362 * Let the graph engine know about the state change and error. On success, 363 * return 0. On error, return 364 * EINVAL - aux has spaces 365 * - inst is invalid or not an instance FMRI 366 * EPROTO - librestart compiled against different libscf 367 * ENOMEM - out of memory 368 * - repository server out of resources 369 * ENOTACTIVE - repository server not running 370 * ECONNABORTED - repository connection established, but then broken 371 * - unknown libscf error 372 * ENOENT - inst does not exist in the repository 373 * EPERM - insufficient permissions 374 * EACCESS - backend access denied 375 * EROFS - backend is readonly 376 * EFAULT - internal sysevent_evc_publish() error 377 * EBADF - h is invalid (sysevent_evc_publish() returned EINVAL) 378 */ 379 int 380 restarter_set_states(restarter_event_handle_t *h, const char *inst, 381 restarter_instance_state_t cur_state, 382 restarter_instance_state_t new_cur_state, 383 restarter_instance_state_t next_state, 384 restarter_instance_state_t new_next_state, restarter_error_t e, 385 const char *aux) 386 { 387 nvlist_t *attr; 388 scf_handle_t *scf_h; 389 instance_data_t id; 390 useconds_t retry_int = INITIAL_COMMIT_RETRY_INT; 391 int retries; 392 int ret = 0; 393 char *p = (char *)aux; 394 395 assert(h->reh_master_channel != NULL); 396 assert(h->reh_master_channel_name != NULL); 397 assert(h->reh_master_subscriber_id != NULL); 398 399 /* Validate format of auxiliary state: no spaces allowed */ 400 if (p != NULL) { 401 while (*p != '\0') { 402 if (isspace(*p)) 403 return (EINVAL); 404 p++; 405 } 406 } 407 408 if ((scf_h = scf_handle_create(SCF_VERSION)) == NULL) { 409 switch (scf_error()) { 410 case SCF_ERROR_VERSION_MISMATCH: 411 return (EPROTO); 412 413 case SCF_ERROR_NO_MEMORY: 414 return (ENOMEM); 415 416 default: 417 bad_fail("scf_handle_create", scf_error()); 418 } 419 } 420 421 if (scf_handle_bind(scf_h) == -1) { 422 scf_handle_destroy(scf_h); 423 switch (scf_error()) { 424 case SCF_ERROR_NO_SERVER: 425 return (ENOTACTIVE); 426 427 case SCF_ERROR_NO_RESOURCES: 428 return (ENOMEM); 429 430 case SCF_ERROR_INVALID_ARGUMENT: 431 case SCF_ERROR_IN_USE: 432 default: 433 bad_fail("scf_handle_bind", scf_error()); 434 } 435 } 436 437 if (nvlist_alloc(&attr, NV_UNIQUE_NAME, 0) != 0 || 438 nvlist_add_int32(attr, RESTARTER_NAME_STATE, new_cur_state) != 0 || 439 nvlist_add_int32(attr, RESTARTER_NAME_NEXT_STATE, new_next_state) 440 != 0 || 441 nvlist_add_int32(attr, RESTARTER_NAME_ERROR, e) != 0 || 442 nvlist_add_string(attr, RESTARTER_NAME_INSTANCE, inst) != 0) { 443 ret = ENOMEM; 444 goto errout; 445 } 446 447 id.i_fmri = inst; 448 id.i_state = cur_state; 449 id.i_next_state = next_state; 450 451 ret = _restarter_commit_states(scf_h, &id, new_cur_state, 452 new_next_state, aux); 453 if (ret != 0) 454 goto errout; 455 456 for (retries = 0; retries < MAX_COMMIT_RETRIES; retries++) { 457 ret = sysevent_evc_publish(h->reh_master_channel, "master", 458 "state_change", "com.sun", "librestart", attr, 459 EVCH_NOSLEEP); 460 if (ret == 0) 461 break; 462 463 switch (ret) { 464 case EAGAIN: 465 /* Queue is full */ 466 (void) usleep(retry_int); 467 468 retry_int = min(retry_int * 2, MAX_COMMIT_RETRY_INT); 469 break; 470 471 case EFAULT: 472 case ENOMEM: 473 goto errout; 474 475 case EINVAL: 476 ret = EBADF; 477 goto errout; 478 479 case EOVERFLOW: 480 default: 481 bad_fail("sysevent_evc_publish", ret); 482 } 483 } 484 485 errout: 486 nvlist_free(attr); 487 (void) scf_handle_unbind(scf_h); 488 scf_handle_destroy(scf_h); 489 490 return (ret); 491 } 492 493 restarter_instance_state_t 494 restarter_string_to_state(char *string) 495 { 496 assert(string != NULL); 497 498 if (strcmp(string, SCF_STATE_STRING_NONE) == 0) 499 return (RESTARTER_STATE_NONE); 500 else if (strcmp(string, SCF_STATE_STRING_UNINIT) == 0) 501 return (RESTARTER_STATE_UNINIT); 502 else if (strcmp(string, SCF_STATE_STRING_MAINT) == 0) 503 return (RESTARTER_STATE_MAINT); 504 else if (strcmp(string, SCF_STATE_STRING_OFFLINE) == 0) 505 return (RESTARTER_STATE_OFFLINE); 506 else if (strcmp(string, SCF_STATE_STRING_DISABLED) == 0) 507 return (RESTARTER_STATE_DISABLED); 508 else if (strcmp(string, SCF_STATE_STRING_ONLINE) == 0) 509 return (RESTARTER_STATE_ONLINE); 510 else if (strcmp(string, SCF_STATE_STRING_DEGRADED) == 0) 511 return (RESTARTER_STATE_DEGRADED); 512 else { 513 return (RESTARTER_STATE_NONE); 514 } 515 } 516 517 ssize_t 518 restarter_state_to_string(restarter_instance_state_t state, char *string, 519 size_t len) 520 { 521 assert(string != NULL); 522 523 if (state == RESTARTER_STATE_NONE) 524 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_NONE, len)); 525 else if (state == RESTARTER_STATE_UNINIT) 526 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_UNINIT, len)); 527 else if (state == RESTARTER_STATE_MAINT) 528 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_MAINT, len)); 529 else if (state == RESTARTER_STATE_OFFLINE) 530 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_OFFLINE, 531 len)); 532 else if (state == RESTARTER_STATE_DISABLED) 533 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_DISABLED, 534 len)); 535 else if (state == RESTARTER_STATE_ONLINE) 536 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_ONLINE, len)); 537 else if (state == RESTARTER_STATE_DEGRADED) 538 return ((ssize_t)strlcpy(string, SCF_STATE_STRING_DEGRADED, 539 len)); 540 else 541 return ((ssize_t)strlcpy(string, "unknown", len)); 542 } 543 544 /* 545 * Sets pg to the name property group of s_inst. If it doesn't exist, it is 546 * added. 547 * 548 * Fails with 549 * ECONNABORTED - repository disconnection or unknown libscf error 550 * EBADF - inst is not set 551 * ECANCELED - inst is deleted 552 * EPERM - permission is denied 553 * EACCES - backend denied access 554 * EROFS - backend readonly 555 */ 556 static int 557 instance_get_or_add_pg(scf_instance_t *inst, const char *name, 558 const char *type, uint32_t flags, scf_propertygroup_t *pg) 559 { 560 again: 561 if (scf_instance_get_pg(inst, name, pg) == 0) 562 return (0); 563 564 switch (scf_error()) { 565 case SCF_ERROR_CONNECTION_BROKEN: 566 default: 567 return (ECONNABORTED); 568 569 case SCF_ERROR_NOT_SET: 570 return (EBADF); 571 572 case SCF_ERROR_DELETED: 573 return (ECANCELED); 574 575 case SCF_ERROR_NOT_FOUND: 576 break; 577 578 case SCF_ERROR_HANDLE_MISMATCH: 579 case SCF_ERROR_INVALID_ARGUMENT: 580 bad_fail("scf_instance_get_pg", scf_error()); 581 } 582 583 if (scf_instance_add_pg(inst, name, type, flags, pg) == 0) 584 return (0); 585 586 switch (scf_error()) { 587 case SCF_ERROR_CONNECTION_BROKEN: 588 default: 589 return (ECONNABORTED); 590 591 case SCF_ERROR_DELETED: 592 return (ECANCELED); 593 594 case SCF_ERROR_EXISTS: 595 goto again; 596 597 case SCF_ERROR_PERMISSION_DENIED: 598 return (EPERM); 599 600 case SCF_ERROR_BACKEND_ACCESS: 601 return (EACCES); 602 603 case SCF_ERROR_BACKEND_READONLY: 604 return (EROFS); 605 606 case SCF_ERROR_HANDLE_MISMATCH: 607 case SCF_ERROR_INVALID_ARGUMENT: 608 case SCF_ERROR_NOT_SET: /* should be caught above */ 609 bad_fail("scf_instance_add_pg", scf_error()); 610 } 611 612 return (0); 613 } 614 615 /* 616 * Fails with 617 * ECONNABORTED 618 * ECANCELED - pg was deleted 619 */ 620 static int 621 tx_set_value(scf_transaction_t *tx, scf_transaction_entry_t *ent, 622 const char *pname, scf_type_t ty, scf_value_t *val) 623 { 624 int r; 625 626 for (;;) { 627 if (scf_transaction_property_change_type(tx, ent, pname, 628 ty) == 0) 629 break; 630 631 switch (scf_error()) { 632 case SCF_ERROR_CONNECTION_BROKEN: 633 default: 634 return (ECONNABORTED); 635 636 case SCF_ERROR_DELETED: 637 return (ECANCELED); 638 639 case SCF_ERROR_NOT_FOUND: 640 break; 641 642 case SCF_ERROR_HANDLE_MISMATCH: 643 case SCF_ERROR_INVALID_ARGUMENT: 644 case SCF_ERROR_IN_USE: 645 case SCF_ERROR_NOT_SET: 646 bad_fail("scf_transaction_property_change_type", 647 scf_error()); 648 } 649 650 if (scf_transaction_property_new(tx, ent, pname, ty) == 0) 651 break; 652 653 switch (scf_error()) { 654 case SCF_ERROR_CONNECTION_BROKEN: 655 default: 656 return (ECONNABORTED); 657 658 case SCF_ERROR_DELETED: 659 return (ECANCELED); 660 661 case SCF_ERROR_EXISTS: 662 break; 663 664 case SCF_ERROR_HANDLE_MISMATCH: 665 case SCF_ERROR_INVALID_ARGUMENT: 666 case SCF_ERROR_IN_USE: 667 case SCF_ERROR_NOT_SET: 668 bad_fail("scf_transaction_property_new", scf_error()); 669 } 670 } 671 672 r = scf_entry_add_value(ent, val); 673 assert(r == 0); 674 675 return (0); 676 } 677 678 /* 679 * Commit new_state, new_next_state, and aux to the repository for id. If 680 * successful, also set id's state and next-state as given, and return 0. 681 * Fails with 682 * ENOMEM - out of memory 683 * ECONNABORTED - repository connection broken 684 * - unknown libscf error 685 * EINVAL - id->i_fmri is invalid or not an instance FMRI 686 * ENOENT - id->i_fmri does not exist 687 * EPERM - insufficient permissions 688 * EACCES - backend access denied 689 * EROFS - backend is readonly 690 */ 691 int 692 _restarter_commit_states(scf_handle_t *h, instance_data_t *id, 693 restarter_instance_state_t new_state, 694 restarter_instance_state_t new_state_next, const char *aux) 695 { 696 char str_state[MAX_SCF_STATE_STRING_SZ]; 697 char str_new_state[MAX_SCF_STATE_STRING_SZ]; 698 char str_state_next[MAX_SCF_STATE_STRING_SZ]; 699 char str_new_state_next[MAX_SCF_STATE_STRING_SZ]; 700 int ret = 0, r; 701 struct timeval now; 702 ssize_t sz; 703 char *default_aux = "none"; 704 705 scf_transaction_t *t = NULL; 706 scf_transaction_entry_t *t_state = NULL, *t_state_next = NULL; 707 scf_transaction_entry_t *t_stime = NULL, *t_aux = NULL; 708 scf_value_t *v_state = NULL, *v_state_next = NULL, *v_stime = NULL; 709 scf_value_t *v_aux = NULL; 710 scf_instance_t *s_inst = NULL; 711 scf_propertygroup_t *pg = NULL; 712 713 assert(new_state != RESTARTER_STATE_NONE); 714 715 /* If aux state is unset, set aux to a default string. */ 716 if (aux == NULL) 717 aux = default_aux; 718 719 if ((s_inst = scf_instance_create(h)) == NULL || 720 (pg = scf_pg_create(h)) == NULL || 721 (t = scf_transaction_create(h)) == NULL || 722 (t_state = scf_entry_create(h)) == NULL || 723 (t_state_next = scf_entry_create(h)) == NULL || 724 (t_stime = scf_entry_create(h)) == NULL || 725 (t_aux = scf_entry_create(h)) == NULL || 726 (v_state = scf_value_create(h)) == NULL || 727 (v_state_next = scf_value_create(h)) == NULL || 728 (v_stime = scf_value_create(h)) == NULL || 729 (v_aux = scf_value_create(h)) == NULL) { 730 ret = ENOMEM; 731 goto out; 732 } 733 734 sz = restarter_state_to_string(new_state, str_new_state, 735 sizeof (str_new_state)); 736 assert(sz < sizeof (str_new_state)); 737 sz = restarter_state_to_string(new_state_next, str_new_state_next, 738 sizeof (str_new_state_next)); 739 assert(sz < sizeof (str_new_state_next)); 740 sz = restarter_state_to_string(id->i_state, str_state, 741 sizeof (str_state)); 742 assert(sz < sizeof (str_state)); 743 sz = restarter_state_to_string(id->i_next_state, str_state_next, 744 sizeof (str_state_next)); 745 assert(sz < sizeof (str_state_next)); 746 747 ret = gettimeofday(&now, NULL); 748 assert(ret != -1); 749 750 if (scf_handle_decode_fmri(h, id->i_fmri, NULL, NULL, s_inst, 751 NULL, NULL, SCF_DECODE_FMRI_EXACT) == -1) { 752 switch (scf_error()) { 753 case SCF_ERROR_CONNECTION_BROKEN: 754 default: 755 ret = ECONNABORTED; 756 break; 757 758 case SCF_ERROR_INVALID_ARGUMENT: 759 case SCF_ERROR_CONSTRAINT_VIOLATED: 760 ret = EINVAL; 761 break; 762 763 case SCF_ERROR_NOT_FOUND: 764 ret = ENOENT; 765 break; 766 767 case SCF_ERROR_HANDLE_MISMATCH: 768 bad_fail("scf_handle_decode_fmri", scf_error()); 769 } 770 goto out; 771 } 772 773 774 if (scf_value_set_astring(v_state, str_new_state) != 0 || 775 scf_value_set_astring(v_state_next, str_new_state_next) != 0 || 776 scf_value_set_astring(v_aux, aux) != 0) 777 bad_fail("scf_value_set_astring", scf_error()); 778 779 if (scf_value_set_time(v_stime, now.tv_sec, now.tv_usec * 1000) != 0) 780 bad_fail("scf_value_set_time", scf_error()); 781 782 add_pg: 783 switch (r = instance_get_or_add_pg(s_inst, SCF_PG_RESTARTER, 784 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, pg)) { 785 case 0: 786 break; 787 788 case ECONNABORTED: 789 case EPERM: 790 case EACCES: 791 case EROFS: 792 ret = r; 793 goto out; 794 795 case ECANCELED: 796 ret = ENOENT; 797 goto out; 798 799 case EBADF: 800 default: 801 bad_fail("instance_get_or_add_pg", r); 802 } 803 804 for (;;) { 805 if (scf_transaction_start(t, pg) != 0) { 806 switch (scf_error()) { 807 case SCF_ERROR_CONNECTION_BROKEN: 808 default: 809 ret = ECONNABORTED; 810 goto out; 811 812 case SCF_ERROR_NOT_SET: 813 goto add_pg; 814 815 case SCF_ERROR_PERMISSION_DENIED: 816 ret = EPERM; 817 goto out; 818 819 case SCF_ERROR_BACKEND_ACCESS: 820 ret = EACCES; 821 goto out; 822 823 case SCF_ERROR_BACKEND_READONLY: 824 ret = EROFS; 825 goto out; 826 827 case SCF_ERROR_HANDLE_MISMATCH: 828 case SCF_ERROR_IN_USE: 829 bad_fail("scf_transaction_start", scf_error()); 830 } 831 } 832 833 if ((r = tx_set_value(t, t_state, SCF_PROPERTY_STATE, 834 SCF_TYPE_ASTRING, v_state)) != 0 || 835 (r = tx_set_value(t, t_state_next, SCF_PROPERTY_NEXT_STATE, 836 SCF_TYPE_ASTRING, v_state_next)) != 0 || 837 (r = tx_set_value(t, t_aux, SCF_PROPERTY_AUX_STATE, 838 SCF_TYPE_ASTRING, v_aux)) != 0 || 839 (r = tx_set_value(t, t_stime, SCF_PROPERTY_STATE_TIMESTAMP, 840 SCF_TYPE_TIME, v_stime)) != 0) { 841 switch (r) { 842 case ECONNABORTED: 843 ret = ECONNABORTED; 844 goto out; 845 846 case ECANCELED: 847 scf_transaction_reset(t); 848 goto add_pg; 849 850 default: 851 bad_fail("tx_set_value", r); 852 } 853 } 854 855 ret = scf_transaction_commit(t); 856 if (ret == 1) 857 break; 858 if (ret == -1) { 859 switch (scf_error()) { 860 case SCF_ERROR_CONNECTION_BROKEN: 861 default: 862 ret = ECONNABORTED; 863 goto out; 864 865 case SCF_ERROR_PERMISSION_DENIED: 866 ret = EPERM; 867 goto out; 868 869 case SCF_ERROR_BACKEND_ACCESS: 870 ret = EACCES; 871 goto out; 872 873 case SCF_ERROR_BACKEND_READONLY: 874 ret = EROFS; 875 goto out; 876 877 case SCF_ERROR_NOT_SET: 878 bad_fail("scf_transaction_commit", scf_error()); 879 } 880 } 881 882 scf_transaction_reset(t); 883 if (scf_pg_update(pg) == -1) { 884 switch (scf_error()) { 885 case SCF_ERROR_CONNECTION_BROKEN: 886 default: 887 ret = ECONNABORTED; 888 goto out; 889 890 case SCF_ERROR_NOT_SET: 891 goto add_pg; 892 } 893 } 894 } 895 896 id->i_state = new_state; 897 id->i_next_state = new_state_next; 898 ret = 0; 899 900 out: 901 scf_transaction_destroy(t); 902 scf_entry_destroy(t_state); 903 scf_entry_destroy(t_state_next); 904 scf_entry_destroy(t_stime); 905 scf_entry_destroy(t_aux); 906 scf_value_destroy(v_state); 907 scf_value_destroy(v_state_next); 908 scf_value_destroy(v_stime); 909 scf_value_destroy(v_aux); 910 scf_pg_destroy(pg); 911 scf_instance_destroy(s_inst); 912 913 return (ret); 914 } 915 916 /* 917 * Fails with 918 * EINVAL - type is invalid 919 * ENOMEM 920 * ECONNABORTED - repository connection broken 921 * EBADF - s_inst is not set 922 * ECANCELED - s_inst is deleted 923 * EPERM - permission denied 924 * EACCES - backend access denied 925 * EROFS - backend readonly 926 */ 927 int 928 restarter_remove_contract(scf_instance_t *s_inst, ctid_t contract_id, 929 restarter_contract_type_t type) 930 { 931 scf_handle_t *h; 932 scf_transaction_t *t = NULL; 933 scf_transaction_entry_t *t_cid = NULL; 934 scf_propertygroup_t *pg = NULL; 935 scf_property_t *prop = NULL; 936 scf_value_t *val; 937 scf_iter_t *iter = NULL; 938 const char *pname; 939 int ret = 0, primary; 940 uint64_t c; 941 942 switch (type) { 943 case RESTARTER_CONTRACT_PRIMARY: 944 primary = 1; 945 break; 946 case RESTARTER_CONTRACT_TRANSIENT: 947 primary = 0; 948 break; 949 default: 950 return (EINVAL); 951 } 952 953 h = scf_instance_handle(s_inst); 954 955 pg = scf_pg_create(h); 956 prop = scf_property_create(h); 957 iter = scf_iter_create(h); 958 t = scf_transaction_create(h); 959 960 if (pg == NULL || prop == NULL || iter == NULL || t == NULL) { 961 ret = ENOMEM; 962 goto remove_contract_cleanup; 963 } 964 965 add: 966 scf_transaction_destroy_children(t); 967 ret = instance_get_or_add_pg(s_inst, SCF_PG_RESTARTER, 968 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, pg); 969 if (ret != 0) 970 goto remove_contract_cleanup; 971 972 pname = primary? SCF_PROPERTY_CONTRACT : 973 SCF_PROPERTY_TRANSIENT_CONTRACT; 974 975 for (;;) { 976 if (scf_transaction_start(t, pg) != 0) { 977 switch (scf_error()) { 978 case SCF_ERROR_CONNECTION_BROKEN: 979 default: 980 ret = ECONNABORTED; 981 goto remove_contract_cleanup; 982 983 case SCF_ERROR_DELETED: 984 goto add; 985 986 case SCF_ERROR_PERMISSION_DENIED: 987 ret = EPERM; 988 goto remove_contract_cleanup; 989 990 case SCF_ERROR_BACKEND_ACCESS: 991 ret = EACCES; 992 goto remove_contract_cleanup; 993 994 case SCF_ERROR_BACKEND_READONLY: 995 ret = EROFS; 996 goto remove_contract_cleanup; 997 998 case SCF_ERROR_HANDLE_MISMATCH: 999 case SCF_ERROR_IN_USE: 1000 case SCF_ERROR_NOT_SET: 1001 bad_fail("scf_transaction_start", scf_error()); 1002 } 1003 } 1004 1005 t_cid = scf_entry_create(h); 1006 1007 if (scf_pg_get_property(pg, pname, prop) == 0) { 1008 replace: 1009 if (scf_transaction_property_change_type(t, t_cid, 1010 pname, SCF_TYPE_COUNT) != 0) { 1011 switch (scf_error()) { 1012 case SCF_ERROR_CONNECTION_BROKEN: 1013 default: 1014 ret = ECONNABORTED; 1015 goto remove_contract_cleanup; 1016 1017 case SCF_ERROR_DELETED: 1018 scf_entry_destroy(t_cid); 1019 goto add; 1020 1021 case SCF_ERROR_NOT_FOUND: 1022 goto new; 1023 1024 case SCF_ERROR_HANDLE_MISMATCH: 1025 case SCF_ERROR_INVALID_ARGUMENT: 1026 case SCF_ERROR_IN_USE: 1027 case SCF_ERROR_NOT_SET: 1028 bad_fail( 1029 "scf_transaction_property_changetype", 1030 scf_error()); 1031 } 1032 } 1033 1034 if (scf_property_is_type(prop, SCF_TYPE_COUNT) == 0) { 1035 if (scf_iter_property_values(iter, prop) != 0) { 1036 switch (scf_error()) { 1037 case SCF_ERROR_CONNECTION_BROKEN: 1038 default: 1039 ret = ECONNABORTED; 1040 goto remove_contract_cleanup; 1041 1042 case SCF_ERROR_NOT_SET: 1043 case SCF_ERROR_HANDLE_MISMATCH: 1044 bad_fail( 1045 "scf_iter_property_values", 1046 scf_error()); 1047 } 1048 } 1049 1050 next_val: 1051 val = scf_value_create(h); 1052 if (val == NULL) { 1053 assert(scf_error() == 1054 SCF_ERROR_NO_MEMORY); 1055 ret = ENOMEM; 1056 goto remove_contract_cleanup; 1057 } 1058 1059 ret = scf_iter_next_value(iter, val); 1060 if (ret == -1) { 1061 switch (scf_error()) { 1062 case SCF_ERROR_CONNECTION_BROKEN: 1063 ret = ECONNABORTED; 1064 goto remove_contract_cleanup; 1065 1066 case SCF_ERROR_DELETED: 1067 scf_value_destroy(val); 1068 goto add; 1069 1070 case SCF_ERROR_HANDLE_MISMATCH: 1071 case SCF_ERROR_INVALID_ARGUMENT: 1072 default: 1073 bad_fail("scf_iter_next_value", 1074 scf_error()); 1075 } 1076 } 1077 1078 if (ret == 1) { 1079 ret = scf_value_get_count(val, &c); 1080 assert(ret == 0); 1081 1082 if (c != contract_id) { 1083 ret = scf_entry_add_value(t_cid, 1084 val); 1085 assert(ret == 0); 1086 } else { 1087 scf_value_destroy(val); 1088 } 1089 1090 goto next_val; 1091 } 1092 1093 scf_value_destroy(val); 1094 } else { 1095 switch (scf_error()) { 1096 case SCF_ERROR_CONNECTION_BROKEN: 1097 default: 1098 ret = ECONNABORTED; 1099 goto remove_contract_cleanup; 1100 1101 case SCF_ERROR_TYPE_MISMATCH: 1102 break; 1103 1104 case SCF_ERROR_INVALID_ARGUMENT: 1105 case SCF_ERROR_NOT_SET: 1106 bad_fail("scf_property_is_type", 1107 scf_error()); 1108 } 1109 } 1110 } else { 1111 switch (scf_error()) { 1112 case SCF_ERROR_CONNECTION_BROKEN: 1113 default: 1114 ret = ECONNABORTED; 1115 goto remove_contract_cleanup; 1116 1117 case SCF_ERROR_DELETED: 1118 scf_entry_destroy(t_cid); 1119 goto add; 1120 1121 case SCF_ERROR_NOT_FOUND: 1122 break; 1123 1124 case SCF_ERROR_HANDLE_MISMATCH: 1125 case SCF_ERROR_INVALID_ARGUMENT: 1126 case SCF_ERROR_NOT_SET: 1127 bad_fail("scf_pg_get_property", scf_error()); 1128 } 1129 1130 new: 1131 if (scf_transaction_property_new(t, t_cid, pname, 1132 SCF_TYPE_COUNT) != 0) { 1133 switch (scf_error()) { 1134 case SCF_ERROR_CONNECTION_BROKEN: 1135 default: 1136 ret = ECONNABORTED; 1137 goto remove_contract_cleanup; 1138 1139 case SCF_ERROR_DELETED: 1140 scf_entry_destroy(t_cid); 1141 goto add; 1142 1143 case SCF_ERROR_EXISTS: 1144 goto replace; 1145 1146 case SCF_ERROR_HANDLE_MISMATCH: 1147 case SCF_ERROR_INVALID_ARGUMENT: 1148 case SCF_ERROR_NOT_SET: 1149 bad_fail("scf_transaction_property_new", 1150 scf_error()); 1151 } 1152 } 1153 } 1154 1155 ret = scf_transaction_commit(t); 1156 if (ret == -1) { 1157 switch (scf_error()) { 1158 case SCF_ERROR_CONNECTION_BROKEN: 1159 default: 1160 ret = ECONNABORTED; 1161 goto remove_contract_cleanup; 1162 1163 case SCF_ERROR_DELETED: 1164 goto add; 1165 1166 case SCF_ERROR_PERMISSION_DENIED: 1167 ret = EPERM; 1168 goto remove_contract_cleanup; 1169 1170 case SCF_ERROR_BACKEND_ACCESS: 1171 ret = EACCES; 1172 goto remove_contract_cleanup; 1173 1174 case SCF_ERROR_BACKEND_READONLY: 1175 ret = EROFS; 1176 goto remove_contract_cleanup; 1177 1178 case SCF_ERROR_NOT_SET: 1179 bad_fail("scf_transaction_commit", scf_error()); 1180 } 1181 } 1182 if (ret == 1) { 1183 ret = 0; 1184 break; 1185 } 1186 1187 scf_transaction_destroy_children(t); 1188 if (scf_pg_update(pg) == -1) { 1189 switch (scf_error()) { 1190 case SCF_ERROR_CONNECTION_BROKEN: 1191 default: 1192 ret = ECONNABORTED; 1193 goto remove_contract_cleanup; 1194 1195 case SCF_ERROR_DELETED: 1196 goto add; 1197 1198 case SCF_ERROR_NOT_SET: 1199 bad_fail("scf_pg_update", scf_error()); 1200 } 1201 } 1202 } 1203 1204 remove_contract_cleanup: 1205 scf_transaction_destroy_children(t); 1206 scf_transaction_destroy(t); 1207 scf_iter_destroy(iter); 1208 scf_property_destroy(prop); 1209 scf_pg_destroy(pg); 1210 1211 return (ret); 1212 } 1213 1214 /* 1215 * Fails with 1216 * EINVAL - type is invalid 1217 * ENOMEM 1218 * ECONNABORTED - repository disconnection 1219 * EBADF - s_inst is not set 1220 * ECANCELED - s_inst is deleted 1221 * EPERM 1222 * EACCES 1223 * EROFS 1224 */ 1225 int 1226 restarter_store_contract(scf_instance_t *s_inst, ctid_t contract_id, 1227 restarter_contract_type_t type) 1228 { 1229 scf_handle_t *h; 1230 scf_transaction_t *t = NULL; 1231 scf_transaction_entry_t *t_cid = NULL; 1232 scf_value_t *val; 1233 scf_propertygroup_t *pg = NULL; 1234 scf_property_t *prop = NULL; 1235 scf_iter_t *iter = NULL; 1236 const char *pname; 1237 int ret = 0, primary; 1238 1239 if (type == RESTARTER_CONTRACT_PRIMARY) 1240 primary = 1; 1241 else if (type == RESTARTER_CONTRACT_TRANSIENT) 1242 primary = 0; 1243 else 1244 return (EINVAL); 1245 1246 h = scf_instance_handle(s_inst); 1247 1248 pg = scf_pg_create(h); 1249 prop = scf_property_create(h); 1250 iter = scf_iter_create(h); 1251 t = scf_transaction_create(h); 1252 1253 if (pg == NULL || prop == NULL || iter == NULL || t == NULL) { 1254 ret = ENOMEM; 1255 goto out; 1256 } 1257 1258 add: 1259 scf_transaction_destroy_children(t); 1260 ret = instance_get_or_add_pg(s_inst, SCF_PG_RESTARTER, 1261 SCF_PG_RESTARTER_TYPE, SCF_PG_RESTARTER_FLAGS, pg); 1262 if (ret != 0) 1263 goto out; 1264 1265 pname = primary ? SCF_PROPERTY_CONTRACT : 1266 SCF_PROPERTY_TRANSIENT_CONTRACT; 1267 1268 for (;;) { 1269 if (scf_transaction_start(t, pg) != 0) { 1270 switch (scf_error()) { 1271 case SCF_ERROR_CONNECTION_BROKEN: 1272 default: 1273 ret = ECONNABORTED; 1274 goto out; 1275 1276 case SCF_ERROR_DELETED: 1277 goto add; 1278 1279 case SCF_ERROR_PERMISSION_DENIED: 1280 ret = EPERM; 1281 goto out; 1282 1283 case SCF_ERROR_BACKEND_ACCESS: 1284 ret = EACCES; 1285 goto out; 1286 1287 case SCF_ERROR_BACKEND_READONLY: 1288 ret = EROFS; 1289 goto out; 1290 1291 case SCF_ERROR_HANDLE_MISMATCH: 1292 case SCF_ERROR_IN_USE: 1293 case SCF_ERROR_NOT_SET: 1294 bad_fail("scf_transaction_start", scf_error()); 1295 } 1296 } 1297 1298 t_cid = scf_entry_create(h); 1299 if (t_cid == NULL) { 1300 ret = ENOMEM; 1301 goto out; 1302 } 1303 1304 if (scf_pg_get_property(pg, pname, prop) == 0) { 1305 replace: 1306 if (scf_transaction_property_change_type(t, t_cid, 1307 pname, SCF_TYPE_COUNT) != 0) { 1308 switch (scf_error()) { 1309 case SCF_ERROR_CONNECTION_BROKEN: 1310 default: 1311 ret = ECONNABORTED; 1312 goto out; 1313 1314 case SCF_ERROR_DELETED: 1315 scf_entry_destroy(t_cid); 1316 goto add; 1317 1318 case SCF_ERROR_NOT_FOUND: 1319 goto new; 1320 1321 case SCF_ERROR_HANDLE_MISMATCH: 1322 case SCF_ERROR_INVALID_ARGUMENT: 1323 case SCF_ERROR_IN_USE: 1324 case SCF_ERROR_NOT_SET: 1325 bad_fail( 1326 "scf_transaction_propert_change_type", 1327 scf_error()); 1328 } 1329 } 1330 1331 if (scf_property_is_type(prop, SCF_TYPE_COUNT) == 0) { 1332 if (scf_iter_property_values(iter, prop) != 0) { 1333 switch (scf_error()) { 1334 case SCF_ERROR_CONNECTION_BROKEN: 1335 default: 1336 ret = ECONNABORTED; 1337 goto out; 1338 1339 case SCF_ERROR_NOT_SET: 1340 case SCF_ERROR_HANDLE_MISMATCH: 1341 bad_fail( 1342 "scf_iter_property_values", 1343 scf_error()); 1344 } 1345 } 1346 1347 next_val: 1348 val = scf_value_create(h); 1349 if (val == NULL) { 1350 assert(scf_error() == 1351 SCF_ERROR_NO_MEMORY); 1352 ret = ENOMEM; 1353 goto out; 1354 } 1355 1356 ret = scf_iter_next_value(iter, val); 1357 if (ret == -1) { 1358 switch (scf_error()) { 1359 case SCF_ERROR_CONNECTION_BROKEN: 1360 default: 1361 ret = ECONNABORTED; 1362 goto out; 1363 1364 case SCF_ERROR_DELETED: 1365 scf_value_destroy(val); 1366 goto add; 1367 1368 case SCF_ERROR_HANDLE_MISMATCH: 1369 case SCF_ERROR_INVALID_ARGUMENT: 1370 bad_fail( 1371 "scf_iter_next_value", 1372 scf_error()); 1373 } 1374 } 1375 1376 if (ret == 1) { 1377 ret = scf_entry_add_value(t_cid, val); 1378 assert(ret == 0); 1379 1380 goto next_val; 1381 } 1382 1383 scf_value_destroy(val); 1384 } else { 1385 switch (scf_error()) { 1386 case SCF_ERROR_CONNECTION_BROKEN: 1387 default: 1388 ret = ECONNABORTED; 1389 goto out; 1390 1391 case SCF_ERROR_TYPE_MISMATCH: 1392 break; 1393 1394 case SCF_ERROR_INVALID_ARGUMENT: 1395 case SCF_ERROR_NOT_SET: 1396 bad_fail("scf_property_is_type", 1397 scf_error()); 1398 } 1399 } 1400 } else { 1401 switch (scf_error()) { 1402 case SCF_ERROR_CONNECTION_BROKEN: 1403 default: 1404 ret = ECONNABORTED; 1405 goto out; 1406 1407 case SCF_ERROR_DELETED: 1408 scf_entry_destroy(t_cid); 1409 goto add; 1410 1411 case SCF_ERROR_NOT_FOUND: 1412 break; 1413 1414 case SCF_ERROR_HANDLE_MISMATCH: 1415 case SCF_ERROR_INVALID_ARGUMENT: 1416 case SCF_ERROR_NOT_SET: 1417 bad_fail("scf_pg_get_property", scf_error()); 1418 } 1419 1420 new: 1421 if (scf_transaction_property_new(t, t_cid, pname, 1422 SCF_TYPE_COUNT) != 0) { 1423 switch (scf_error()) { 1424 case SCF_ERROR_CONNECTION_BROKEN: 1425 default: 1426 ret = ECONNABORTED; 1427 goto out; 1428 1429 case SCF_ERROR_DELETED: 1430 scf_entry_destroy(t_cid); 1431 goto add; 1432 1433 case SCF_ERROR_EXISTS: 1434 goto replace; 1435 1436 case SCF_ERROR_HANDLE_MISMATCH: 1437 case SCF_ERROR_INVALID_ARGUMENT: 1438 case SCF_ERROR_NOT_SET: 1439 bad_fail("scf_transaction_property_new", 1440 scf_error()); 1441 } 1442 } 1443 } 1444 1445 val = scf_value_create(h); 1446 if (val == NULL) { 1447 assert(scf_error() == SCF_ERROR_NO_MEMORY); 1448 ret = ENOMEM; 1449 goto out; 1450 } 1451 1452 scf_value_set_count(val, contract_id); 1453 ret = scf_entry_add_value(t_cid, val); 1454 assert(ret == 0); 1455 1456 ret = scf_transaction_commit(t); 1457 if (ret == -1) { 1458 switch (scf_error()) { 1459 case SCF_ERROR_CONNECTION_BROKEN: 1460 default: 1461 ret = ECONNABORTED; 1462 goto out; 1463 1464 case SCF_ERROR_DELETED: 1465 goto add; 1466 1467 case SCF_ERROR_PERMISSION_DENIED: 1468 ret = EPERM; 1469 goto out; 1470 1471 case SCF_ERROR_BACKEND_ACCESS: 1472 ret = EACCES; 1473 goto out; 1474 1475 case SCF_ERROR_BACKEND_READONLY: 1476 ret = EROFS; 1477 goto out; 1478 1479 case SCF_ERROR_NOT_SET: 1480 bad_fail("scf_transaction_commit", scf_error()); 1481 } 1482 } 1483 if (ret == 1) { 1484 ret = 0; 1485 break; 1486 } 1487 1488 scf_transaction_destroy_children(t); 1489 if (scf_pg_update(pg) == -1) { 1490 switch (scf_error()) { 1491 case SCF_ERROR_CONNECTION_BROKEN: 1492 default: 1493 ret = ECONNABORTED; 1494 goto out; 1495 1496 case SCF_ERROR_DELETED: 1497 goto add; 1498 1499 case SCF_ERROR_NOT_SET: 1500 bad_fail("scf_pg_update", scf_error()); 1501 } 1502 } 1503 } 1504 1505 out: 1506 scf_transaction_destroy_children(t); 1507 scf_transaction_destroy(t); 1508 scf_iter_destroy(iter); 1509 scf_property_destroy(prop); 1510 scf_pg_destroy(pg); 1511 1512 return (ret); 1513 } 1514 1515 int 1516 restarter_rm_libs_loadable() 1517 { 1518 void *libhndl; 1519 1520 if (method_context_safety) 1521 return (1); 1522 1523 if ((libhndl = dlopen("libpool.so", RTLD_LAZY | RTLD_LOCAL)) == NULL) 1524 return (0); 1525 1526 (void) dlclose(libhndl); 1527 1528 if ((libhndl = dlopen("libproject.so", RTLD_LAZY | RTLD_LOCAL)) == NULL) 1529 return (0); 1530 1531 (void) dlclose(libhndl); 1532 1533 method_context_safety = 1; 1534 1535 return (1); 1536 } 1537 1538 1539 static int 1540 get_astring_val(scf_propertygroup_t *pg, const char *name, char *buf, 1541 size_t bufsz, scf_property_t *prop, scf_value_t *val) 1542 { 1543 ssize_t szret; 1544 1545 if (scf_pg_get_property(pg, name, prop) != SCF_SUCCESS) { 1546 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) 1547 uu_die(rcbroken); 1548 return (-1); 1549 } 1550 1551 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 1552 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) 1553 uu_die(rcbroken); 1554 return (-1); 1555 } 1556 1557 szret = scf_value_get_astring(val, buf, bufsz); 1558 1559 return (szret >= 0 ? 0 : -1); 1560 } 1561 1562 /* 1563 * Try to load mcp->pwd, if it isn't already. 1564 * Fails with 1565 * ENOMEM - malloc() failed 1566 * ENOENT - no entry found 1567 * EIO - I/O error 1568 * EMFILE - process out of file descriptors 1569 * ENFILE - system out of file handles 1570 */ 1571 static int 1572 lookup_pwd(struct method_context *mcp) 1573 { 1574 struct passwd *pwdp; 1575 1576 if (mcp->pwbuf != NULL && mcp->pwd.pw_uid == mcp->uid) 1577 return (0); 1578 1579 if (mcp->pwbuf == NULL) { 1580 mcp->pwbufsz = sysconf(_SC_GETPW_R_SIZE_MAX); 1581 assert(mcp->pwbufsz >= 0); 1582 mcp->pwbuf = malloc(mcp->pwbufsz); 1583 if (mcp->pwbuf == NULL) 1584 return (ENOMEM); 1585 } 1586 1587 do { 1588 errno = 0; 1589 pwdp = getpwuid_r(mcp->uid, &mcp->pwd, mcp->pwbuf, 1590 mcp->pwbufsz); 1591 } while (pwdp == NULL && errno == EINTR); 1592 if (pwdp != NULL) 1593 return (0); 1594 1595 free(mcp->pwbuf); 1596 mcp->pwbuf = NULL; 1597 1598 switch (errno) { 1599 case 0: 1600 default: 1601 /* 1602 * Until bug 5065780 is fixed, getpwuid_r() can fail with 1603 * ENOENT, particularly on the miniroot. Since the 1604 * documentation is inaccurate, we'll return ENOENT for unknown 1605 * errors. 1606 */ 1607 return (ENOENT); 1608 1609 case EIO: 1610 case EMFILE: 1611 case ENFILE: 1612 return (errno); 1613 1614 case ERANGE: 1615 bad_fail("getpwuid_r", errno); 1616 /* NOTREACHED */ 1617 } 1618 } 1619 1620 /* 1621 * Get the user id for str. Returns 0 on success or 1622 * ERANGE the uid is too big 1623 * EINVAL the string starts with a digit, but is not a valid uid 1624 * ENOMEM out of memory 1625 * ENOENT no passwd entry for str 1626 * EIO an I/O error has occurred 1627 * EMFILE/ENFILE out of file descriptors 1628 */ 1629 int 1630 get_uid(const char *str, struct method_context *ci, uid_t *uidp) 1631 { 1632 if (isdigit(str[0])) { 1633 uid_t uid; 1634 char *cp; 1635 1636 errno = 0; 1637 uid = strtol(str, &cp, 10); 1638 1639 if (uid == 0 && errno != 0) { 1640 assert(errno != EINVAL); 1641 return (errno); 1642 } 1643 1644 for (; *cp != '\0'; ++cp) 1645 if (*cp != ' ' || *cp != '\t') 1646 return (EINVAL); 1647 1648 if (uid > UID_MAX) 1649 return (EINVAL); 1650 1651 *uidp = uid; 1652 return (0); 1653 } else { 1654 struct passwd *pwdp; 1655 1656 if (ci->pwbuf == NULL) { 1657 ci->pwbufsz = sysconf(_SC_GETPW_R_SIZE_MAX); 1658 ci->pwbuf = malloc(ci->pwbufsz); 1659 if (ci->pwbuf == NULL) 1660 return (ENOMEM); 1661 } 1662 1663 do { 1664 errno = 0; 1665 pwdp = 1666 getpwnam_r(str, &ci->pwd, ci->pwbuf, ci->pwbufsz); 1667 } while (pwdp == NULL && errno == EINTR); 1668 1669 if (pwdp != NULL) { 1670 *uidp = ci->pwd.pw_uid; 1671 return (0); 1672 } else { 1673 free(ci->pwbuf); 1674 ci->pwbuf = NULL; 1675 switch (errno) { 1676 case 0: 1677 return (ENOENT); 1678 1679 case ENOENT: 1680 case EIO: 1681 case EMFILE: 1682 case ENFILE: 1683 return (errno); 1684 1685 case ERANGE: 1686 default: 1687 bad_fail("getpwnam_r", errno); 1688 /* NOTREACHED */ 1689 } 1690 } 1691 } 1692 } 1693 1694 gid_t 1695 get_gid(const char *str) 1696 { 1697 if (isdigit(str[0])) { 1698 gid_t gid; 1699 char *cp; 1700 1701 errno = 0; 1702 gid = strtol(str, &cp, 10); 1703 1704 if (gid == 0 && errno != 0) 1705 return (-1); 1706 1707 for (; *cp != '\0'; ++cp) 1708 if (*cp != ' ' || *cp != '\t') 1709 return (-1); 1710 1711 return (gid); 1712 } else { 1713 struct group grp, *ret; 1714 char *buffer; 1715 size_t buflen; 1716 1717 buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 1718 buffer = malloc(buflen); 1719 if (buffer == NULL) 1720 uu_die(allocfail); 1721 1722 errno = 0; 1723 ret = getgrnam_r(str, &grp, buffer, buflen); 1724 free(buffer); 1725 1726 return (ret == NULL ? -1 : grp.gr_gid); 1727 } 1728 } 1729 1730 /* 1731 * Fails with 1732 * ENOMEM - out of memory 1733 * ENOENT - no passwd entry 1734 * no project entry 1735 * EIO - an I/O error occurred 1736 * EMFILE - the process is out of file descriptors 1737 * ENFILE - the system is out of file handles 1738 * ERANGE - the project id is out of range 1739 * EINVAL - str is invalid 1740 * E2BIG - the project entry was too big 1741 * -1 - the name service switch is misconfigured 1742 */ 1743 int 1744 get_projid(const char *str, struct method_context *cip) 1745 { 1746 int ret; 1747 void *buf; 1748 const size_t bufsz = PROJECT_BUFSZ; 1749 struct project proj, *pp; 1750 1751 if (strcmp(str, ":default") == 0) { 1752 if (cip->uid == 0) { 1753 /* Don't change project for root services */ 1754 cip->project = NULL; 1755 return (0); 1756 } 1757 1758 switch (ret = lookup_pwd(cip)) { 1759 case 0: 1760 break; 1761 1762 case ENOMEM: 1763 case ENOENT: 1764 case EIO: 1765 case EMFILE: 1766 case ENFILE: 1767 return (ret); 1768 1769 default: 1770 bad_fail("lookup_pwd", ret); 1771 } 1772 1773 buf = malloc(bufsz); 1774 if (buf == NULL) 1775 return (ENOMEM); 1776 1777 do { 1778 errno = 0; 1779 pp = getdefaultproj(cip->pwd.pw_name, &proj, buf, 1780 bufsz); 1781 } while (pp == NULL && errno == EINTR); 1782 1783 /* to be continued ... */ 1784 } else { 1785 projid_t projid; 1786 char *cp; 1787 1788 if (!isdigit(str[0])) { 1789 cip->project = strdup(str); 1790 return (cip->project != NULL ? 0 : ENOMEM); 1791 } 1792 1793 errno = 0; 1794 projid = strtol(str, &cp, 10); 1795 1796 if (projid == 0 && errno != 0) { 1797 assert(errno == ERANGE); 1798 return (errno); 1799 } 1800 1801 for (; *cp != '\0'; ++cp) 1802 if (*cp != ' ' || *cp != '\t') 1803 return (EINVAL); 1804 1805 if (projid > MAXPROJID) 1806 return (ERANGE); 1807 1808 buf = malloc(bufsz); 1809 if (buf == NULL) 1810 return (ENOMEM); 1811 1812 do { 1813 errno = 0; 1814 pp = getprojbyid(projid, &proj, buf, bufsz); 1815 } while (pp == NULL && errno == EINTR); 1816 } 1817 1818 if (pp) { 1819 cip->project = strdup(pp->pj_name); 1820 free(buf); 1821 return (cip->project != NULL ? 0 : ENOMEM); 1822 } 1823 1824 free(buf); 1825 1826 switch (errno) { 1827 case 0: 1828 return (ENOENT); 1829 1830 case EIO: 1831 case EMFILE: 1832 case ENFILE: 1833 return (errno); 1834 1835 case ERANGE: 1836 return (E2BIG); 1837 1838 default: 1839 return (-1); 1840 } 1841 } 1842 1843 /* 1844 * Parse the supp_groups property value and populate ci->groups. Returns 1845 * EINVAL (get_gid() failed for one of the components), E2BIG (the property has 1846 * more than NGROUPS_MAX-1 groups), or 0 on success. 1847 */ 1848 int 1849 get_groups(char *str, struct method_context *ci) 1850 { 1851 char *cp, *end, *next; 1852 uint_t i; 1853 1854 const char * const whitespace = " \t"; 1855 const char * const illegal = ", \t"; 1856 1857 if (str[0] == '\0') { 1858 ci->ngroups = 0; 1859 return (0); 1860 } 1861 1862 for (cp = str, i = 0; *cp != '\0'; ) { 1863 /* skip whitespace */ 1864 cp += strspn(cp, whitespace); 1865 1866 /* find the end */ 1867 end = cp + strcspn(cp, illegal); 1868 1869 /* skip whitespace after end */ 1870 next = end + strspn(end, whitespace); 1871 1872 /* if there's a comma, it separates the fields */ 1873 if (*next == ',') 1874 ++next; 1875 1876 *end = '\0'; 1877 1878 if ((ci->groups[i] = get_gid(cp)) == -1) { 1879 ci->ngroups = 0; 1880 return (EINVAL); 1881 } 1882 1883 ++i; 1884 if (i > NGROUPS_MAX - 1) { 1885 ci->ngroups = 0; 1886 return (E2BIG); 1887 } 1888 1889 cp = next; 1890 } 1891 1892 ci->ngroups = i; 1893 return (0); 1894 } 1895 1896 /* 1897 * Eventually, we will return a structured error in the case of 1898 * retryable or abortable failures such as memory allocation errors and 1899 * repository connection failures. For now, these failures are just 1900 * encoded in the failure string. 1901 */ 1902 static const char * 1903 get_profile(scf_propertygroup_t *pg, scf_property_t *prop, scf_value_t *val, 1904 const char *cmdline, struct method_context *ci) 1905 { 1906 char *buf = ci->vbuf; 1907 ssize_t buf_sz = ci->vbuf_sz; 1908 char cmd[PATH_MAX]; 1909 char *cp, *value; 1910 const char *cmdp; 1911 execattr_t *eap; 1912 char *errstr = NULL; 1913 1914 if (get_astring_val(pg, SCF_PROPERTY_PROFILE, buf, buf_sz, prop, val) != 1915 0) 1916 return ("Could not get profile property."); 1917 1918 /* Extract the command from the command line. */ 1919 cp = strpbrk(cmdline, " \t"); 1920 1921 if (cp == NULL) { 1922 cmdp = cmdline; 1923 } else { 1924 (void) strncpy(cmd, cmdline, cp - cmdline); 1925 cmd[cp - cmdline] = '\0'; 1926 cmdp = cmd; 1927 } 1928 1929 /* Require that cmdp[0] == '/'? */ 1930 1931 eap = getexecprof(buf, KV_COMMAND, cmdp, GET_ONE); 1932 if (eap == NULL) 1933 return ("Could not find profile."); 1934 1935 /* Based on pfexec.c */ 1936 1937 /* Get the euid first so we don't override ci->pwd for the uid. */ 1938 if ((value = kva_match(eap->attr, EXECATTR_EUID_KW)) != NULL) { 1939 if (get_uid(value, ci, &ci->euid) != 0) { 1940 ci->euid = -1; 1941 errstr = "Could not interpret profile euid."; 1942 goto out; 1943 } 1944 } 1945 1946 if ((value = kva_match(eap->attr, EXECATTR_UID_KW)) != NULL) { 1947 if (get_uid(value, ci, &ci->uid) != 0) { 1948 ci->euid = ci->uid = -1; 1949 errstr = "Could not interpret profile uid."; 1950 goto out; 1951 } 1952 ci->euid = ci->uid; 1953 } 1954 1955 if ((value = kva_match(eap->attr, EXECATTR_GID_KW)) != NULL) { 1956 ci->egid = ci->gid = get_gid(value); 1957 if (ci->gid == -1) { 1958 errstr = "Could not interpret profile gid."; 1959 goto out; 1960 } 1961 } 1962 1963 if ((value = kva_match(eap->attr, EXECATTR_EGID_KW)) != NULL) { 1964 ci->egid = get_gid(value); 1965 if (ci->egid == -1) { 1966 errstr = "Could not interpret profile egid."; 1967 goto out; 1968 } 1969 } 1970 1971 if ((value = kva_match(eap->attr, EXECATTR_LPRIV_KW)) != NULL) { 1972 ci->lpriv_set = priv_str_to_set(value, ",", NULL); 1973 if (ci->lpriv_set == NULL) { 1974 if (errno != EINVAL) 1975 errstr = ALLOCFAIL; 1976 else 1977 errstr = "Could not interpret profile " 1978 "limitprivs."; 1979 goto out; 1980 } 1981 } 1982 1983 if ((value = kva_match(eap->attr, EXECATTR_IPRIV_KW)) != NULL) { 1984 ci->priv_set = priv_str_to_set(value, ",", NULL); 1985 if (ci->priv_set == NULL) { 1986 if (errno != EINVAL) 1987 errstr = ALLOCFAIL; 1988 else 1989 errstr = "Could not interpret profile privs."; 1990 goto out; 1991 } 1992 } 1993 1994 out: 1995 free_execattr(eap); 1996 1997 return (errstr); 1998 } 1999 2000 /* 2001 * Eventually, we will return a structured error in the case of 2002 * retryable or abortable failures such as memory allocation errors and 2003 * repository connection failures. For now, these failures are just 2004 * encoded in the failure string. 2005 */ 2006 static const char * 2007 get_ids(scf_propertygroup_t *pg, scf_property_t *prop, scf_value_t *val, 2008 struct method_context *ci) 2009 { 2010 const char *errstr = NULL; 2011 char *vbuf = ci->vbuf; 2012 ssize_t vbuf_sz = ci->vbuf_sz; 2013 int r; 2014 2015 if (get_astring_val(pg, SCF_PROPERTY_USER, vbuf, vbuf_sz, prop, val) != 2016 0) { 2017 errstr = "Could not get user property."; 2018 goto out; 2019 } 2020 2021 if (get_uid(vbuf, ci, &ci->uid) != 0) { 2022 ci->uid = -1; 2023 errstr = "Could not interpret user property."; 2024 goto out; 2025 } 2026 2027 if (get_astring_val(pg, SCF_PROPERTY_GROUP, vbuf, vbuf_sz, prop, val) != 2028 0) { 2029 errstr = "Could not get group property."; 2030 goto out; 2031 } 2032 2033 if (strcmp(vbuf, ":default") != 0) { 2034 ci->gid = get_gid(vbuf); 2035 if (ci->gid == -1) { 2036 errstr = "Could not interpret group property."; 2037 goto out; 2038 } 2039 } else { 2040 switch (r = lookup_pwd(ci)) { 2041 case 0: 2042 ci->gid = ci->pwd.pw_gid; 2043 break; 2044 2045 case ENOENT: 2046 ci->gid = -1; 2047 errstr = "No passwd entry."; 2048 goto out; 2049 2050 case ENOMEM: 2051 errstr = "Out of memory."; 2052 goto out; 2053 2054 case EIO: 2055 case EMFILE: 2056 case ENFILE: 2057 errstr = "getpwuid_r() failed."; 2058 goto out; 2059 2060 default: 2061 bad_fail("lookup_pwd", r); 2062 } 2063 } 2064 2065 if (get_astring_val(pg, SCF_PROPERTY_SUPP_GROUPS, vbuf, vbuf_sz, prop, 2066 val) != 0) { 2067 errstr = "Could not get supplemental groups property."; 2068 goto out; 2069 } 2070 2071 if (strcmp(vbuf, ":default") != 0) { 2072 switch (r = get_groups(vbuf, ci)) { 2073 case 0: 2074 break; 2075 2076 case EINVAL: 2077 errstr = 2078 "Could not interpret supplemental groups property."; 2079 goto out; 2080 2081 case E2BIG: 2082 errstr = "Too many supplemental groups."; 2083 goto out; 2084 2085 default: 2086 bad_fail("get_groups", r); 2087 } 2088 } else { 2089 ci->ngroups = -1; 2090 } 2091 2092 if (get_astring_val(pg, SCF_PROPERTY_PRIVILEGES, vbuf, vbuf_sz, prop, 2093 val) != 0) { 2094 errstr = "Could not get privileges property."; 2095 goto out; 2096 } 2097 2098 /* 2099 * For default privs, we need to keep priv_set == NULL, as 2100 * we use this test elsewhere. 2101 */ 2102 if (strcmp(vbuf, ":default") != 0) { 2103 ci->priv_set = priv_str_to_set(vbuf, ",", NULL); 2104 if (ci->priv_set == NULL) { 2105 if (errno != EINVAL) { 2106 errstr = ALLOCFAIL; 2107 } else { 2108 errstr = "Could not interpret privileges " 2109 "property."; 2110 } 2111 goto out; 2112 } 2113 } 2114 2115 if (get_astring_val(pg, SCF_PROPERTY_LIMIT_PRIVILEGES, vbuf, vbuf_sz, 2116 prop, val) != 0) { 2117 errstr = "Could not get limit_privileges property."; 2118 goto out; 2119 } 2120 2121 if (strcmp(vbuf, ":default") == 0) 2122 /* 2123 * L must default to all privileges so root NPA services see 2124 * iE = all. "zone" is all privileges available in the current 2125 * zone, equivalent to "all" in the global zone. 2126 */ 2127 (void) strcpy(vbuf, "zone"); 2128 2129 ci->lpriv_set = priv_str_to_set(vbuf, ",", NULL); 2130 if (ci->lpriv_set == NULL) { 2131 if (errno != EINVAL) 2132 errstr = ALLOCFAIL; 2133 else { 2134 errstr = "Could not interpret limit_privileges " 2135 "property."; 2136 } 2137 goto out; 2138 } 2139 2140 out: 2141 return (errstr); 2142 } 2143 2144 static int 2145 get_environment(scf_handle_t *h, scf_propertygroup_t *pg, 2146 struct method_context *mcp, scf_property_t *prop, scf_value_t *val) 2147 { 2148 scf_iter_t *iter; 2149 scf_type_t type; 2150 size_t i = 0; 2151 int ret; 2152 2153 if (scf_pg_get_property(pg, SCF_PROPERTY_ENVIRONMENT, prop) != 0) { 2154 if (scf_error() == SCF_ERROR_NOT_FOUND) 2155 return (ENOENT); 2156 return (scf_error()); 2157 } 2158 if (scf_property_type(prop, &type) != 0) 2159 return (scf_error()); 2160 if (type != SCF_TYPE_ASTRING) 2161 return (EINVAL); 2162 if ((iter = scf_iter_create(h)) == NULL) 2163 return (scf_error()); 2164 2165 if (scf_iter_property_values(iter, prop) != 0) { 2166 ret = scf_error(); 2167 scf_iter_destroy(iter); 2168 return (ret); 2169 } 2170 2171 mcp->env_sz = 10; 2172 2173 if ((mcp->env = uu_zalloc(sizeof (*mcp->env) * mcp->env_sz)) == NULL) { 2174 ret = ENOMEM; 2175 goto out; 2176 } 2177 2178 while ((ret = scf_iter_next_value(iter, val)) == 1) { 2179 ret = scf_value_get_as_string(val, mcp->vbuf, mcp->vbuf_sz); 2180 if (ret == -1) { 2181 ret = scf_error(); 2182 goto out; 2183 } 2184 2185 if ((mcp->env[i] = strdup(mcp->vbuf)) == NULL) { 2186 ret = ENOMEM; 2187 goto out; 2188 } 2189 2190 if (++i == mcp->env_sz) { 2191 char **env; 2192 mcp->env_sz *= 2; 2193 env = uu_zalloc(sizeof (*mcp->env) * mcp->env_sz); 2194 if (env == NULL) { 2195 ret = ENOMEM; 2196 goto out; 2197 } 2198 (void) memcpy(env, mcp->env, 2199 sizeof (*mcp->env) * (mcp->env_sz / 2)); 2200 free(mcp->env); 2201 mcp->env = env; 2202 } 2203 } 2204 2205 if (ret == -1) 2206 ret = scf_error(); 2207 2208 out: 2209 scf_iter_destroy(iter); 2210 return (ret); 2211 } 2212 2213 /* 2214 * Fetch method context information from the repository, allocate and fill 2215 * a method_context structure, return it in *mcpp, and return NULL. On error, 2216 * return a human-readable string which indicates the error. 2217 * 2218 * Eventually, we will return a structured error in the case of 2219 * retryable or abortable failures such as memory allocation errors and 2220 * repository connection failures. For now, these failures are just 2221 * encoded in the failure string. 2222 */ 2223 const char * 2224 restarter_get_method_context(uint_t version, scf_instance_t *inst, 2225 scf_snapshot_t *snap, const char *mname, const char *cmdline, 2226 struct method_context **mcpp) 2227 { 2228 scf_handle_t *h; 2229 scf_propertygroup_t *methpg = NULL; 2230 scf_propertygroup_t *instpg = NULL; 2231 scf_propertygroup_t *pg = NULL; 2232 scf_property_t *prop = NULL; 2233 scf_value_t *val = NULL; 2234 scf_type_t ty; 2235 uint8_t use_profile; 2236 int ret; 2237 const char *errstr = NULL; 2238 struct method_context *cip; 2239 2240 2241 if (version != RESTARTER_METHOD_CONTEXT_VERSION) 2242 return ("Unknown method_context version."); 2243 2244 /* Get the handle before we allocate anything. */ 2245 h = scf_instance_handle(inst); 2246 if (h == NULL) 2247 return (scf_strerror(scf_error())); 2248 2249 cip = malloc(sizeof (*cip)); 2250 if (cip == NULL) 2251 return (ALLOCFAIL); 2252 2253 (void) memset(cip, 0, sizeof (*cip)); 2254 cip->uid = -1; 2255 cip->euid = -1; 2256 cip->gid = -1; 2257 cip->egid = -1; 2258 2259 cip->vbuf_sz = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH); 2260 assert(cip->vbuf_sz >= 0); 2261 cip->vbuf = malloc(cip->vbuf_sz); 2262 if (cip->vbuf == NULL) { 2263 free(cip); 2264 return (ALLOCFAIL); 2265 } 2266 2267 if ((instpg = scf_pg_create(h)) == NULL || 2268 (methpg = scf_pg_create(h)) == NULL || 2269 (prop = scf_property_create(h)) == NULL || 2270 (val = scf_value_create(h)) == NULL) { 2271 errstr = ALLOCFAIL; 2272 goto out; 2273 } 2274 2275 /* 2276 * The method environment, and the credentials/profile data, 2277 * may be found either in the pg for the method (methpg), 2278 * or in the instance/service SCF_PG_METHOD_CONTEXT pg (named 2279 * instpg below). 2280 */ 2281 2282 if (scf_instance_get_pg_composed(inst, snap, mname, methpg) != 2283 SCF_SUCCESS) { 2284 errstr = scf_strerror(scf_error()); 2285 goto out; 2286 } 2287 2288 if (scf_instance_get_pg_composed(inst, snap, SCF_PG_METHOD_CONTEXT, 2289 instpg) != SCF_SUCCESS) { 2290 if (scf_error() != SCF_ERROR_NOT_FOUND) { 2291 errstr = scf_strerror(scf_error()); 2292 goto out; 2293 } 2294 scf_pg_destroy(instpg); 2295 instpg = NULL; 2296 } 2297 2298 ret = get_environment(h, methpg, cip, prop, val); 2299 if (ret == ENOENT && instpg != NULL) { 2300 ret = get_environment(h, instpg, cip, prop, val); 2301 } 2302 2303 switch (ret) { 2304 case 0: 2305 case ENOENT: 2306 break; 2307 case ENOMEM: 2308 errstr = "Out of memory."; 2309 goto out; 2310 case EINVAL: 2311 errstr = "Invalid method environment."; 2312 goto out; 2313 default: 2314 errstr = scf_strerror(ret); 2315 goto out; 2316 } 2317 2318 pg = methpg; 2319 2320 ret = scf_pg_get_property(pg, SCF_PROPERTY_USE_PROFILE, prop); 2321 if (ret && scf_error() == SCF_ERROR_NOT_FOUND && instpg != NULL) { 2322 pg = instpg; 2323 ret = scf_pg_get_property(pg, SCF_PROPERTY_USE_PROFILE, prop); 2324 } 2325 2326 if (ret) { 2327 switch (scf_error()) { 2328 case SCF_ERROR_NOT_FOUND: 2329 /* No context: use defaults */ 2330 cip->uid = 0; 2331 cip->gid = 0; 2332 *mcpp = cip; 2333 goto out; 2334 2335 case SCF_ERROR_CONNECTION_BROKEN: 2336 errstr = RCBROKEN; 2337 goto out; 2338 2339 case SCF_ERROR_DELETED: 2340 errstr = "\"use_profile\" property deleted."; 2341 goto out; 2342 2343 case SCF_ERROR_HANDLE_MISMATCH: 2344 case SCF_ERROR_INVALID_ARGUMENT: 2345 case SCF_ERROR_NOT_SET: 2346 default: 2347 bad_fail("scf_pg_get_property", scf_error()); 2348 } 2349 } 2350 2351 if (scf_property_type(prop, &ty) != SCF_SUCCESS) { 2352 switch (scf_error()) { 2353 case SCF_ERROR_CONNECTION_BROKEN: 2354 errstr = RCBROKEN; 2355 break; 2356 2357 case SCF_ERROR_DELETED: 2358 errstr = "\"use profile\" property deleted."; 2359 break; 2360 2361 case SCF_ERROR_NOT_SET: 2362 default: 2363 bad_fail("scf_property_type", scf_error()); 2364 } 2365 2366 goto out; 2367 } 2368 2369 if (ty != SCF_TYPE_BOOLEAN) { 2370 errstr = "\"use profile\" property is not boolean."; 2371 goto out; 2372 } 2373 2374 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 2375 switch (scf_error()) { 2376 case SCF_ERROR_CONNECTION_BROKEN: 2377 errstr = RCBROKEN; 2378 break; 2379 2380 case SCF_ERROR_CONSTRAINT_VIOLATED: 2381 errstr = 2382 "\"use profile\" property has multiple values."; 2383 break; 2384 2385 case SCF_ERROR_NOT_FOUND: 2386 errstr = "\"use profile\" property has no values."; 2387 break; 2388 2389 default: 2390 bad_fail("scf_property_get_value", scf_error()); 2391 } 2392 2393 goto out; 2394 } 2395 2396 ret = scf_value_get_boolean(val, &use_profile); 2397 assert(ret == SCF_SUCCESS); 2398 2399 /* get ids & privileges */ 2400 if (use_profile) 2401 errstr = get_profile(pg, prop, val, cmdline, cip); 2402 else 2403 errstr = get_ids(pg, prop, val, cip); 2404 if (errstr != NULL) 2405 goto out; 2406 2407 /* get working directory */ 2408 if (get_astring_val(pg, SCF_PROPERTY_WORKING_DIRECTORY, cip->vbuf, 2409 cip->vbuf_sz, prop, val) != 0) { 2410 errstr = "Could not get value for working directory."; 2411 goto out; 2412 } 2413 2414 if (strcmp(cip->vbuf, ":default") == 0 || 2415 strcmp(cip->vbuf, ":home") == 0) { 2416 switch (ret = lookup_pwd(cip)) { 2417 case 0: 2418 break; 2419 2420 case ENOMEM: 2421 errstr = "Out of memory."; 2422 goto out; 2423 2424 case ENOENT: 2425 case EIO: 2426 case EMFILE: 2427 case ENFILE: 2428 errstr = "Could not get passwd entry."; 2429 goto out; 2430 2431 default: 2432 bad_fail("lookup_pwd", ret); 2433 } 2434 2435 cip->working_dir = strdup(cip->pwd.pw_dir); 2436 if (cip->working_dir == NULL) { 2437 errstr = ALLOCFAIL; 2438 goto out; 2439 } 2440 } else { 2441 cip->working_dir = strdup(cip->vbuf); 2442 if (cip->working_dir == NULL) { 2443 errstr = ALLOCFAIL; 2444 goto out; 2445 } 2446 } 2447 2448 /* get (optional) corefile pattern */ 2449 if (scf_pg_get_property(pg, SCF_PROPERTY_COREFILE_PATTERN, prop) == 2450 SCF_SUCCESS) { 2451 if (get_astring_val(pg, SCF_PROPERTY_COREFILE_PATTERN, 2452 cip->vbuf, cip->vbuf_sz, prop, val) != 0) { 2453 errstr = "Could not get value for corefile pattern."; 2454 goto out; 2455 } 2456 2457 cip->corefile_pattern = strdup(cip->vbuf); 2458 if (cip->corefile_pattern == NULL) { 2459 errstr = ALLOCFAIL; 2460 goto out; 2461 } 2462 } else { 2463 switch (scf_error()) { 2464 case SCF_ERROR_NOT_FOUND: 2465 /* okay if missing. */ 2466 break; 2467 2468 case SCF_ERROR_CONNECTION_BROKEN: 2469 errstr = RCBROKEN; 2470 goto out; 2471 2472 case SCF_ERROR_DELETED: 2473 errstr = "\"corefile_pattern\" property deleted."; 2474 goto out; 2475 2476 case SCF_ERROR_HANDLE_MISMATCH: 2477 case SCF_ERROR_INVALID_ARGUMENT: 2478 case SCF_ERROR_NOT_SET: 2479 default: 2480 bad_fail("scf_pg_get_property", scf_error()); 2481 } 2482 } 2483 2484 if (restarter_rm_libs_loadable()) { 2485 /* get project */ 2486 if (get_astring_val(pg, SCF_PROPERTY_PROJECT, cip->vbuf, 2487 cip->vbuf_sz, prop, val) != 0) { 2488 errstr = "Could not get project."; 2489 goto out; 2490 } 2491 2492 switch (ret = get_projid(cip->vbuf, cip)) { 2493 case 0: 2494 break; 2495 2496 case ENOMEM: 2497 errstr = "Out of memory."; 2498 goto out; 2499 2500 case ENOENT: 2501 errstr = "Missing passwd or project entry."; 2502 goto out; 2503 2504 case EIO: 2505 errstr = "I/O error."; 2506 goto out; 2507 2508 case EMFILE: 2509 case ENFILE: 2510 errstr = "Out of file descriptors."; 2511 goto out; 2512 2513 case -1: 2514 errstr = "Name service switch is misconfigured."; 2515 goto out; 2516 2517 case ERANGE: 2518 errstr = "Project ID too big."; 2519 goto out; 2520 2521 case EINVAL: 2522 errstr = "Project ID is invalid."; 2523 goto out; 2524 2525 case E2BIG: 2526 errstr = "Project entry is too big."; 2527 goto out; 2528 2529 default: 2530 bad_fail("get_projid", ret); 2531 } 2532 2533 /* get resource pool */ 2534 if (get_astring_val(pg, SCF_PROPERTY_RESOURCE_POOL, cip->vbuf, 2535 cip->vbuf_sz, prop, val) != 0) { 2536 errstr = "Could not get value of resource pool."; 2537 goto out; 2538 } 2539 2540 if (strcmp(cip->vbuf, ":default") != 0) { 2541 cip->resource_pool = strdup(cip->vbuf); 2542 if (cip->resource_pool == NULL) { 2543 errstr = ALLOCFAIL; 2544 goto out; 2545 } 2546 } 2547 } 2548 2549 *mcpp = cip; 2550 2551 out: 2552 (void) scf_value_destroy(val); 2553 scf_property_destroy(prop); 2554 scf_pg_destroy(instpg); 2555 scf_pg_destroy(methpg); 2556 2557 if (cip->pwbuf != NULL) 2558 free(cip->pwbuf); 2559 free(cip->vbuf); 2560 2561 if (errstr != NULL) 2562 restarter_free_method_context(cip); 2563 2564 return (errstr); 2565 } 2566 2567 /* 2568 * Modify the current process per the given method_context. On success, returns 2569 * 0. Note that the environment is not modified by this function to include the 2570 * environment variables in cip->env. 2571 * 2572 * On failure, sets *fp to NULL or the name of the function which failed, 2573 * and returns one of the following error codes. The words in parentheses are 2574 * the values to which *fp may be set for the error case. 2575 * ENOMEM - malloc() failed 2576 * EIO - an I/O error occurred (getpwuid_r, chdir) 2577 * EMFILE - process is out of file descriptors (getpwuid_r) 2578 * ENFILE - system is out of file handles (getpwuid_r) 2579 * EINVAL - gid or egid is out of range (setregid) 2580 * ngroups is too big (setgroups) 2581 * project's project id is bad (setproject) 2582 * uid or euid is out of range (setreuid) 2583 * poolname is invalid (pool_set_binding) 2584 * EPERM - insufficient privilege (setregid, initgroups, setgroups, setppriv, 2585 * setproject, setreuid, settaskid) 2586 * ENOENT - uid has a passwd entry but no shadow entry 2587 * working_dir does not exist (chdir) 2588 * uid has no passwd entry 2589 * the pool could not be found (pool_set_binding) 2590 * EFAULT - lpriv_set or priv_set has a bad address (setppriv) 2591 * working_dir has a bad address (chdir) 2592 * EACCES - could not access working_dir (chdir) 2593 * in a TASK_FINAL task (setproject, settaskid) 2594 * no resource pool accepting default binding exists (setproject) 2595 * ELOOP - too many symbolic links in working_dir (chdir) 2596 * ENAMETOOLONG - working_dir is too long (chdir) 2597 * ENOLINK - working_dir is on an inaccessible remote machine (chdir) 2598 * ENOTDIR - working_dir is not a directory (chdir) 2599 * ESRCH - uid is not a user of project (setproject) 2600 * project is invalid (setproject) 2601 * the resource pool specified for project is unknown (setproject) 2602 * EBADF - the configuration for the pool is invalid (pool_set_binding) 2603 * -1 - core_set_process_path() failed (core_set_process_path) 2604 * a resource control assignment failed (setproject) 2605 * a system error occurred during pool_set_binding (pool_set_binding) 2606 */ 2607 int 2608 restarter_set_method_context(struct method_context *cip, const char **fp) 2609 { 2610 pid_t mypid = -1; 2611 int r, ret; 2612 2613 cip->pwbuf = NULL; 2614 *fp = NULL; 2615 2616 if (cip->gid != -1) { 2617 if (setregid(cip->gid, 2618 cip->egid != -1 ? cip->egid : cip->gid) != 0) { 2619 *fp = "setregid"; 2620 2621 ret = errno; 2622 assert(ret == EINVAL || ret == EPERM); 2623 goto out; 2624 } 2625 } else { 2626 if (cip->pwbuf == NULL) { 2627 switch (ret = lookup_pwd(cip)) { 2628 case 0: 2629 break; 2630 2631 case ENOMEM: 2632 case ENOENT: 2633 *fp = NULL; 2634 goto out; 2635 2636 case EIO: 2637 case EMFILE: 2638 case ENFILE: 2639 *fp = "getpwuid_r"; 2640 goto out; 2641 2642 default: 2643 bad_fail("lookup_pwd", ret); 2644 } 2645 } 2646 2647 if (setregid(cip->pwd.pw_gid, 2648 cip->egid != -1 ? cip->egid : cip->pwd.pw_gid) != 0) { 2649 *fp = "setregid"; 2650 2651 ret = errno; 2652 assert(ret == EINVAL || ret == EPERM); 2653 goto out; 2654 } 2655 } 2656 2657 if (cip->ngroups == -1) { 2658 if (cip->pwbuf == NULL) { 2659 switch (ret = lookup_pwd(cip)) { 2660 case 0: 2661 break; 2662 2663 case ENOMEM: 2664 case ENOENT: 2665 *fp = NULL; 2666 goto out; 2667 2668 case EIO: 2669 case EMFILE: 2670 case ENFILE: 2671 *fp = "getpwuid_r"; 2672 goto out; 2673 2674 default: 2675 bad_fail("lookup_pwd", ret); 2676 } 2677 } 2678 2679 /* Ok if cip->gid == -1 */ 2680 if (initgroups(cip->pwd.pw_name, cip->gid) != 0) { 2681 *fp = "initgroups"; 2682 ret = errno; 2683 assert(ret == EPERM); 2684 goto out; 2685 } 2686 } else if (cip->ngroups > 0 && 2687 setgroups(cip->ngroups, cip->groups) != 0) { 2688 *fp = "setgroups"; 2689 2690 ret = errno; 2691 assert(ret == EINVAL || ret == EPERM); 2692 goto out; 2693 } 2694 2695 *fp = "setppriv"; 2696 2697 if (cip->lpriv_set != NULL) { 2698 if (setppriv(PRIV_SET, PRIV_LIMIT, cip->lpriv_set) != 0) { 2699 ret = errno; 2700 assert(ret == EFAULT || ret == EPERM); 2701 goto out; 2702 } 2703 } 2704 if (cip->priv_set != NULL) { 2705 if (setppriv(PRIV_SET, PRIV_INHERITABLE, cip->priv_set) != 0) { 2706 ret = errno; 2707 assert(ret == EFAULT || ret == EPERM); 2708 goto out; 2709 } 2710 } 2711 2712 if (cip->corefile_pattern != NULL) { 2713 mypid = getpid(); 2714 2715 if (core_set_process_path(cip->corefile_pattern, 2716 strlen(cip->corefile_pattern) + 1, mypid) != 0) { 2717 *fp = "core_set_process_path"; 2718 ret = -1; 2719 goto out; 2720 } 2721 } 2722 2723 if (restarter_rm_libs_loadable()) { 2724 if (cip->project == NULL) { 2725 if (settaskid(getprojid(), TASK_NORMAL) == -1) { 2726 switch (errno) { 2727 case EACCES: 2728 case EPERM: 2729 *fp = "settaskid"; 2730 ret = errno; 2731 goto out; 2732 2733 case EINVAL: 2734 default: 2735 bad_fail("settaskid", errno); 2736 } 2737 } 2738 } else { 2739 switch (ret = lookup_pwd(cip)) { 2740 case 0: 2741 break; 2742 2743 case ENOMEM: 2744 case ENOENT: 2745 *fp = NULL; 2746 goto out; 2747 2748 case EIO: 2749 case EMFILE: 2750 case ENFILE: 2751 *fp = "getpwuid_r"; 2752 goto out; 2753 2754 default: 2755 bad_fail("lookup_pwd", ret); 2756 } 2757 2758 *fp = "setproject"; 2759 2760 switch (setproject(cip->project, cip->pwd.pw_name, 2761 TASK_NORMAL)) { 2762 case 0: 2763 break; 2764 2765 case SETPROJ_ERR_TASK: 2766 case SETPROJ_ERR_POOL: 2767 ret = errno; 2768 goto out; 2769 2770 default: 2771 ret = -1; 2772 goto out; 2773 } 2774 } 2775 2776 if (cip->resource_pool != NULL) { 2777 if (mypid == -1) 2778 mypid = getpid(); 2779 2780 *fp = "pool_set_binding"; 2781 2782 if (pool_set_binding(cip->resource_pool, P_PID, 2783 mypid) != PO_SUCCESS) { 2784 switch (pool_error()) { 2785 case POE_INVALID_SEARCH: 2786 ret = ENOENT; 2787 break; 2788 2789 case POE_BADPARAM: 2790 ret = EINVAL; 2791 break; 2792 2793 case POE_INVALID_CONF: 2794 ret = EBADF; 2795 break; 2796 2797 case POE_SYSTEM: 2798 ret = -1; 2799 break; 2800 2801 default: 2802 bad_fail("pool_set_binding", 2803 pool_error()); 2804 } 2805 2806 goto out; 2807 } 2808 } 2809 } 2810 2811 /* 2812 * Now, we have to assume our ID. If the UID is 0, we want it to be 2813 * privilege-aware, otherwise the limit set gets used instead of E/P. 2814 * We can do this by setting P as well, which keeps 2815 * PA status (see priv_can_clear_PA()). 2816 */ 2817 2818 *fp = "setreuid"; 2819 if (setreuid(cip->uid, cip->euid != -1 ? cip->euid : cip->uid) != 0) { 2820 ret = errno; 2821 assert(ret == EINVAL || ret == EPERM); 2822 goto out; 2823 } 2824 2825 *fp = "setppriv"; 2826 if (cip->priv_set != NULL) { 2827 if (setppriv(PRIV_SET, PRIV_PERMITTED, cip->priv_set) != 0) { 2828 ret = errno; 2829 assert(ret == EFAULT || ret == EPERM); 2830 goto out; 2831 } 2832 } 2833 2834 /* 2835 * The last thing to do is chdir to the specified working directory. 2836 * This should come after the uid switching as only the user might 2837 * have access to the specified directory. 2838 */ 2839 if (cip->working_dir != NULL) { 2840 do 2841 r = chdir(cip->working_dir); 2842 while (r != 0 && errno == EINTR); 2843 if (r != 0) { 2844 *fp = "chdir"; 2845 ret = errno; 2846 goto out; 2847 } 2848 } 2849 2850 ret = 0; 2851 out: 2852 free(cip->pwbuf); 2853 cip->pwbuf = NULL; 2854 return (ret); 2855 } 2856 2857 void 2858 restarter_free_method_context(struct method_context *mcp) 2859 { 2860 size_t i; 2861 2862 if (mcp->lpriv_set != NULL) 2863 priv_freeset(mcp->lpriv_set); 2864 if (mcp->priv_set != NULL) 2865 priv_freeset(mcp->priv_set); 2866 2867 if (mcp->env != NULL) { 2868 for (i = 0; i < mcp->env_sz; i++) 2869 free(mcp->env[i]); 2870 free(mcp->env); 2871 } 2872 2873 free(mcp->working_dir); 2874 free(mcp->corefile_pattern); 2875 free(mcp->project); 2876 free(mcp->resource_pool); 2877 free(mcp); 2878 } 2879 2880 /* 2881 * Method keyword functions 2882 */ 2883 2884 int 2885 restarter_is_null_method(const char *meth) 2886 { 2887 return (strcmp(meth, MKW_TRUE) == 0); 2888 } 2889 2890 static int 2891 is_kill_method(const char *method, const char *kill_str, 2892 size_t kill_str_len) 2893 { 2894 const char *cp; 2895 int sig; 2896 2897 if (strncmp(method, kill_str, kill_str_len) != 0 || 2898 (method[kill_str_len] != '\0' && 2899 !isspace(method[kill_str_len]))) 2900 return (-1); 2901 2902 cp = method + kill_str_len; 2903 while (*cp != '\0' && isspace(*cp)) 2904 ++cp; 2905 2906 if (*cp == '\0') 2907 return (SIGTERM); 2908 2909 if (*cp != '-') 2910 return (-1); 2911 2912 return (str2sig(cp + 1, &sig) == 0 ? sig : -1); 2913 } 2914 2915 int 2916 restarter_is_kill_proc_method(const char *method) 2917 { 2918 return (is_kill_method(method, MKW_KILL_PROC, 2919 sizeof (MKW_KILL_PROC) - 1)); 2920 } 2921 2922 int 2923 restarter_is_kill_method(const char *method) 2924 { 2925 return (is_kill_method(method, MKW_KILL, sizeof (MKW_KILL) - 1)); 2926 } 2927 2928 /* 2929 * Stubs for now. 2930 */ 2931 2932 /* ARGSUSED */ 2933 int 2934 restarter_event_get_enabled(restarter_event_t *e) 2935 { 2936 return (-1); 2937 } 2938 2939 /* ARGSUSED */ 2940 uint64_t 2941 restarter_event_get_seq(restarter_event_t *e) 2942 { 2943 return (-1); 2944 } 2945 2946 /* ARGSUSED */ 2947 void 2948 restarter_event_get_time(restarter_event_t *e, hrtime_t *time) 2949 { 2950 } 2951