1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * Console support for zones requires a significant infrastructure. The 31 * core pieces are contained in this file, but other portions of note 32 * are in the zlogin(1M) command, the zcons(7D) driver, and in the 33 * devfsadm(1M) misc_link generator. 34 * 35 * Care is taken to make the console behave in an "intuitive" fashion for 36 * administrators. Essentially, we try as much as possible to mimic the 37 * experience of using a system via a tip line and system controller. 38 * 39 * The zone console architecture looks like this: 40 * 41 * Global Zone | Non-Global Zone 42 * .--------------. | 43 * .-----------. | zoneadmd -z | | .--------. .---------. 44 * | zlogin -C | | myzone | | | ttymon | | syslogd | 45 * `-----------' `--------------' | `--------' `---------' 46 * | | | | | | | 47 * User | | | | | V V 48 * - - - - - - - - -|- - - -|- - - -|-|- - - - - - -|- - /dev/zconsole - - - 49 * Kernel V V | | | 50 * [AF_UNIX Socket] | `--------. .-------------' 51 * | | | 52 * | V V 53 * | +-----------+ 54 * | | ldterm, | 55 * | | etc. | 56 * | +-----------+ 57 * | +-[Anchor]--+ 58 * | | ptem | 59 * V +-----------+ 60 * +---master---+---slave---+ 61 * | | 62 * | zcons driver | 63 * | zonename="myzone" | 64 * +------------------------+ 65 * 66 * There are basically three major tasks which the console subsystem in 67 * zoneadmd accomplishes: 68 * 69 * - Setup and teardown of zcons driver instances. One zcons instance 70 * is maintained per zone; we take advantage of the libdevice APIs 71 * to online new instances of zcons as needed. Care is taken to 72 * prune and manage these appropriately; see init_console_dev() and 73 * destroy_console_dev(). The end result is the creation of the 74 * zcons(7D) instance and an open file descriptor to the master side. 75 * zcons instances are associated with zones via their zonename device 76 * property. This the console instance to persist across reboots, 77 * and while the zone is halted. 78 * 79 * - Initialization of the slave side of the console. This is 80 * accomplished by pushing various STREAMS modules onto the console. 81 * The ptem(7M) module gets special treatment, and is anchored into 82 * place using the I_ANCHOR facility. This is so that the zcons driver 83 * always has terminal semantics, as would a real hardware terminal. 84 * This means that ttymon(1M) works unmodified; at boot time, ttymon 85 * will do its own plumbing of the console stream, and will even 86 * I_POP modules off. Hence the anchor, which assures that ptem will 87 * never be I_POP'd. 88 * 89 * - Acting as a server for 'zlogin -C' instances. When zlogin -C is 90 * run, zlogin connects to zoneadmd via unix domain socket. zoneadmd 91 * functions as a two-way proxy for console I/O, relaying user input 92 * to the master side of the console, and relaying output from the 93 * zone to the user. 94 */ 95 96 #include <sys/types.h> 97 #include <sys/socket.h> 98 #include <sys/stat.h> 99 #include <sys/termios.h> 100 #include <sys/zcons.h> 101 #include <sys/mkdev.h> 102 103 #include <assert.h> 104 #include <ctype.h> 105 #include <errno.h> 106 #include <fcntl.h> 107 #include <stdarg.h> 108 #include <stdio.h> 109 #include <stdlib.h> 110 #include <strings.h> 111 #include <stropts.h> 112 #include <thread.h> 113 #include <ucred.h> 114 #include <unistd.h> 115 #include <zone.h> 116 117 #include <libdevinfo.h> 118 #include <libdevice.h> 119 #include <libzonecfg.h> 120 121 #include <syslog.h> 122 #include <sys/modctl.h> 123 #include <sys/fs/sdev_node.h> 124 125 #include "zoneadmd.h" 126 127 #define ZCONSNEX_DEVTREEPATH "/pseudo/zconsnex@1" 128 #define ZCONSNEX_FILEPATH "/devices/pseudo/zconsnex@1" 129 130 #define CONSOLE_SOCKPATH ZONES_TMPDIR "/%s.console_sock" 131 132 static int slavefd = -1; /* slave side of console */ 133 static int serverfd = -1; /* console server unix domain socket fd */ 134 char boot_args[BOOTARGS_MAX]; 135 char bad_boot_arg[BOOTARGS_MAX]; 136 137 static struct termios base_termios = { /* from init.c */ 138 BRKINT|ICRNL|IXON|IMAXBEL, /* iflag */ 139 OPOST|ONLCR|TAB3, /* oflag */ 140 CS8|CREAD|B9600, /* cflag */ 141 ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN, /* lflag */ 142 CINTR, CQUIT, CERASE, CKILL, CEOF, 0, 0, 0, 143 0, 0, 0, 0, 0, 0, 0, 0, 144 0, 0, 0 145 }; 146 147 /* 148 * The eventstream is a simple one-directional flow of messages from the 149 * door server to the console subsystem, implemented with a pipe. 150 * It is used to wake up the console poller when it needs to take action, 151 * message the user, die off, etc. 152 */ 153 static int eventstream[2]; 154 155 156 157 int 158 eventstream_init() 159 { 160 if (pipe(eventstream) == -1) 161 return (-1); 162 return (0); 163 } 164 165 void 166 eventstream_write(zone_evt_t evt) 167 { 168 (void) write(eventstream[0], &evt, sizeof (evt)); 169 } 170 171 static zone_evt_t 172 eventstream_read(void) 173 { 174 zone_evt_t evt = Z_EVT_NULL; 175 176 (void) read(eventstream[1], &evt, sizeof (evt)); 177 return (evt); 178 } 179 180 /* 181 * count_console_devs() and its helper count_cb() do a walk of the 182 * subtree of the device tree where zone console nodes are represented. 183 * The goal is to count zone console instances already setup for a zone 184 * with the given name. More than 1 is anomolous, and our caller will 185 * have to deal with that if we find that's the case. 186 * 187 * Note: this algorithm is a linear search of nodes in the zconsnex subtree 188 * of the device tree, and could be a scalability problem, but I don't see 189 * how to avoid it. 190 */ 191 192 /* 193 * cb_data is shared by count_cb and destroy_cb for simplicity. 194 */ 195 struct cb_data { 196 zlog_t *zlogp; 197 int found; 198 int killed; 199 }; 200 201 static int 202 count_cb(di_node_t node, void *arg) 203 { 204 struct cb_data *cb = (struct cb_data *)arg; 205 char *prop_data; 206 207 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename", 208 &prop_data) != -1) { 209 assert(prop_data != NULL); 210 if (strcmp(prop_data, zone_name) == 0) { 211 cb->found++; 212 return (DI_WALK_CONTINUE); 213 } 214 } 215 return (DI_WALK_CONTINUE); 216 } 217 218 static int 219 count_console_devs(zlog_t *zlogp) 220 { 221 di_node_t root; 222 struct cb_data cb; 223 224 bzero(&cb, sizeof (cb)); 225 cb.zlogp = zlogp; 226 227 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) == 228 DI_NODE_NIL) { 229 zerror(zlogp, B_TRUE, "%s failed", "di_init"); 230 return (-1); 231 } 232 233 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, count_cb); 234 di_fini(root); 235 return (cb.found); 236 } 237 238 /* 239 * destroy_console_devs() and its helper destroy_cb() tears down any console 240 * instances associated with this zone. If things went very wrong, we 241 * might have more than one console instance hanging around. This routine 242 * hunts down and tries to remove all of them. Of course, if the console 243 * is open, the instance will not detach, which is a potential issue. 244 */ 245 static int 246 destroy_cb(di_node_t node, void *arg) 247 { 248 struct cb_data *cb = (struct cb_data *)arg; 249 char *prop_data; 250 char *tmp; 251 char devpath[MAXPATHLEN]; 252 devctl_hdl_t hdl; 253 254 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename", 255 &prop_data) == -1) 256 return (DI_WALK_CONTINUE); 257 258 assert(prop_data != NULL); 259 if (strcmp(prop_data, zone_name) != 0) { 260 /* this is the console for a different zone */ 261 return (DI_WALK_CONTINUE); 262 } 263 264 cb->found++; 265 tmp = di_devfs_path(node); 266 (void) snprintf(devpath, sizeof (devpath), "/devices/%s", tmp); 267 di_devfs_path_free(tmp); 268 269 if ((hdl = devctl_device_acquire(devpath, 0)) == NULL) { 270 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, " 271 "but it could not be controlled.", devpath); 272 return (DI_WALK_CONTINUE); 273 } 274 if (devctl_device_remove(hdl) == 0) { 275 cb->killed++; 276 } else { 277 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, " 278 "but it could not be removed.", devpath); 279 } 280 devctl_release(hdl); 281 return (DI_WALK_CONTINUE); 282 } 283 284 static int 285 destroy_console_devs(zlog_t *zlogp) 286 { 287 di_node_t root; 288 struct cb_data cb; 289 290 bzero(&cb, sizeof (cb)); 291 cb.zlogp = zlogp; 292 293 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) == 294 DI_NODE_NIL) { 295 zerror(zlogp, B_TRUE, "%s failed", "di_init"); 296 return (-1); 297 } 298 299 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, destroy_cb); 300 if (cb.found > 1) { 301 zerror(zlogp, B_FALSE, "WARNING: multiple zone console " 302 "instances detected for zone '%s'; %d of %d " 303 "successfully removed.", 304 zone_name, cb.killed, cb.found); 305 } 306 307 di_fini(root); 308 return (0); 309 } 310 311 /* 312 * init_console_dev() drives the device-tree configuration of the zone 313 * console device. The general strategy is to use the libdevice (devctl) 314 * interfaces to instantiate a new zone console node. We do a lot of 315 * sanity checking, and are careful to reuse a console if one exists. 316 * 317 * Once the device is in the device tree, we kick devfsadm via di_init_devs() 318 * to ensure that the appropriate symlinks (to the master and slave console 319 * devices) are placed in /dev in the global zone. 320 */ 321 static int 322 init_console_dev(zlog_t *zlogp) 323 { 324 devctl_hdl_t bus_hdl = NULL, dev_hdl = NULL; 325 devctl_ddef_t ddef_hdl = NULL; 326 di_devlink_handle_t dl = NULL; 327 int rv = -1, ndevs; 328 329 /* 330 * Don't re-setup console if it is working and ready already; just 331 * skip ahead to making devlinks, which we do for sanity's sake. 332 */ 333 ndevs = count_console_devs(zlogp); 334 if (ndevs == 1) { 335 goto devlinks; 336 } else if (ndevs > 1 || ndevs == -1) { 337 /* 338 * For now, this seems like a reasonable but harsh punishment. 339 * If needed, we could try to get clever and delete all but 340 * the console which is pointed at by the current symlink. 341 */ 342 if (destroy_console_devs(zlogp) == -1) { 343 goto error; 344 } 345 } 346 347 /* 348 * Time to make the consoles! 349 */ 350 if ((bus_hdl = devctl_bus_acquire(ZCONSNEX_FILEPATH, 0)) == NULL) { 351 zerror(zlogp, B_TRUE, "%s failed", "devctl_bus_acquire"); 352 goto error; 353 } 354 if ((ddef_hdl = devctl_ddef_alloc("zcons", 0)) == NULL) { 355 zerror(zlogp, B_TRUE, "failed to allocate ddef handle"); 356 goto error; 357 } 358 /* 359 * Set three properties on this node; the first is the name of the 360 * zone; the second is a flag which lets pseudo know that it is 361 * OK to automatically allocate an instance # for this device; 362 * the third tells the device framework not to auto-detach this 363 * node-- we need the node to still be there when we ask devfsadmd 364 * to make links, and when we need to open it. 365 */ 366 if (devctl_ddef_string(ddef_hdl, "zonename", zone_name) == -1) { 367 zerror(zlogp, B_TRUE, "failed to create zonename property"); 368 goto error; 369 } 370 if (devctl_ddef_int(ddef_hdl, "auto-assign-instance", 1) == -1) { 371 zerror(zlogp, B_TRUE, "failed to create auto-assign-instance " 372 "property"); 373 goto error; 374 } 375 if (devctl_ddef_int(ddef_hdl, "ddi-no-autodetach", 1) == -1) { 376 zerror(zlogp, B_TRUE, "failed to create ddi-no-auto-detach " 377 "property"); 378 goto error; 379 } 380 if (devctl_bus_dev_create(bus_hdl, ddef_hdl, 0, &dev_hdl) == -1) { 381 zerror(zlogp, B_TRUE, "failed to create console node"); 382 goto error; 383 } 384 385 devlinks: 386 if ((dl = di_devlink_init("zcons", DI_MAKE_LINK)) != NULL) { 387 (void) di_devlink_fini(&dl); 388 } else { 389 zerror(zlogp, B_TRUE, "failed to create devlinks"); 390 goto error; 391 } 392 393 rv = 0; 394 error: 395 if (ddef_hdl) 396 devctl_ddef_free(ddef_hdl); 397 if (bus_hdl) 398 devctl_release(bus_hdl); 399 if (dev_hdl) 400 devctl_release(dev_hdl); 401 return (rv); 402 } 403 404 /* 405 * prep_console_slave() takes care of setting up the console slave device 406 * (the side that the zone will eventually open). It is a helper for 407 * init_console_slave(). 408 * 409 * We have to mknod and setup the console device; then the slave side is 410 * opened, and the appropriate STREAMS modules are pushed on. A wrinkle is that 411 * 'ptem' must be anchored in place (see streamio(7i) since we always want the 412 * console to have terminal semantics. 413 */ 414 static int 415 prep_console_slave(zlog_t *zlogp, char *devroot) 416 { 417 char slavename[MAXPATHLEN]; 418 char zoneslavename[MAXPATHLEN]; 419 char zonedev[MAXPATHLEN]; 420 di_prof_t prof = NULL; 421 422 assert(slavefd == -1); 423 424 (void) snprintf(slavename, sizeof (slavename), 425 "zcons/%s/%s", zone_name, ZCONS_SLAVE_NAME); 426 427 (void) snprintf(zoneslavename, sizeof (zoneslavename), 428 "%s/dev/zconsole", devroot); 429 430 (void) snprintf(zonedev, sizeof (zonedev), 431 "%s/dev", devroot); 432 433 /* 434 * Specify zconsole as a name map in the dev profile 435 */ 436 if (di_prof_init(zonedev, &prof)) { 437 zerror(zlogp, B_TRUE, "failed to initialize profile"); 438 goto error; 439 } 440 441 if (di_prof_add_map(prof, slavename, "zconsole")) { 442 zerror(zlogp, B_TRUE, "failed to add zconsole map"); 443 goto error; 444 } 445 446 /* Send profile to kernel */ 447 if (di_prof_commit(prof)) { 448 zerror(zlogp, B_TRUE, "failed to commit profile"); 449 goto error; 450 } 451 452 di_prof_fini(prof); 453 prof = NULL; 454 455 if ((slavefd = open(zoneslavename, O_RDWR | O_NOCTTY)) < 0) { 456 zerror(zlogp, B_TRUE, "failed to open %s", zoneslavename); 457 goto error; 458 } 459 460 /* 461 * Just to make sure the whole stream is pristine. 462 */ 463 (void) ioctl(slavefd, I_FLUSH, FLUSHRW); 464 465 /* 466 * Push hardware emulation (ptem) module; we would rather not, but 467 * are forced to push ldterm and ttcompat here. Ultimately ttymon 468 * will pop them off, so we ANCHOR only ptem. 469 * 470 * We need to use __I_PUSH_NOCTTY instead of I_PUSH here, otherwise 471 * we'll end up having the slave device as *our* controling terminal. 472 */ 473 if (ioctl(slavefd, __I_PUSH_NOCTTY, "ptem") == -1) { 474 zerror(zlogp, B_TRUE, "failed to push ptem module"); 475 goto error; 476 } 477 478 /* 479 * Anchor the stream to prevent malicious or accidental I_POP of ptem. 480 */ 481 if (ioctl(slavefd, I_ANCHOR) == -1) { 482 zerror(zlogp, B_TRUE, "failed to set stream anchor"); 483 goto error; 484 } 485 486 if (ioctl(slavefd, __I_PUSH_NOCTTY, "ldterm") == -1) { 487 zerror(zlogp, B_TRUE, "failed to push ldterm module"); 488 goto error; 489 } 490 if (ioctl(slavefd, __I_PUSH_NOCTTY, "ttcompat") == -1) { 491 zerror(zlogp, B_TRUE, "failed to push ttcompat module"); 492 goto error; 493 } 494 495 /* 496 * Setup default terminal settings 497 */ 498 if (tcsetattr(slavefd, TCSAFLUSH, &base_termios) == -1) { 499 zerror(zlogp, B_TRUE, "failed to set base terminal settings"); 500 goto error; 501 } 502 503 return (0); 504 error: 505 if (slavefd != -1) 506 (void) close(slavefd); 507 slavefd = -1; 508 if (prof) 509 di_prof_fini(prof); 510 return (-1); 511 } 512 513 /* 514 * init_console_slave() sets up the console slave device; the device node 515 * itself has already been set up in the device tree; the primary job 516 * here is to do some STREAMS plumbing (via prep_console_slave()) and then 517 * to establish some symlinks. Eventually we should move that functionality 518 * into devfsadm. 519 */ 520 int 521 init_console_slave(zlog_t *zlogp) 522 { 523 char devroot[MAXPATHLEN]; 524 525 if (slavefd != -1) 526 return (0); 527 528 if (zone_get_devroot(zone_name, devroot, sizeof (devroot)) != Z_OK) { 529 zerror(zlogp, B_TRUE, "unable to determine zone root"); 530 return (-1); 531 } 532 533 if (prep_console_slave(zlogp, devroot) == -1) { 534 zerror(zlogp, B_FALSE, "could not prep console slave"); 535 return (-1); 536 } 537 538 return (0); 539 } 540 541 void 542 destroy_console_slave(void) 543 { 544 (void) close(slavefd); 545 slavefd = -1; 546 } 547 548 /* 549 * Restore initial terminal attributes to the zone console. 550 */ 551 void 552 reset_slave_terminal(zlog_t *zlogp) 553 { 554 assert(slavefd != -1); 555 556 /* Probably not fatal, so we drive on if it fails */ 557 if (tcsetattr(slavefd, TCSAFLUSH, &base_termios) == -1) { 558 zerror(zlogp, B_TRUE, "WARNING: failed to set terminal " 559 "settings."); 560 } 561 } 562 563 static int 564 init_console_sock(zlog_t *zlogp) 565 { 566 int servfd; 567 struct sockaddr_un servaddr; 568 569 bzero(&servaddr, sizeof (servaddr)); 570 servaddr.sun_family = AF_UNIX; 571 (void) snprintf(servaddr.sun_path, sizeof (servaddr.sun_path), 572 CONSOLE_SOCKPATH, zone_name); 573 574 if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { 575 zerror(zlogp, B_TRUE, "console setup: could not create socket"); 576 return (-1); 577 } 578 (void) unlink(servaddr.sun_path); 579 580 if (bind(servfd, (struct sockaddr *)&servaddr, 581 sizeof (servaddr)) == -1) { 582 zerror(zlogp, B_TRUE, 583 "console setup: could not bind to socket"); 584 goto out; 585 } 586 587 if (listen(servfd, 4) == -1) { 588 zerror(zlogp, B_TRUE, 589 "console setup: could not listen on socket"); 590 goto out; 591 } 592 return (servfd); 593 594 out: 595 (void) unlink(servaddr.sun_path); 596 (void) close(servfd); 597 return (-1); 598 } 599 600 static void 601 destroy_console_sock(int servfd) 602 { 603 char path[MAXPATHLEN]; 604 605 (void) snprintf(path, sizeof (path), CONSOLE_SOCKPATH, zone_name); 606 (void) unlink(path); 607 (void) shutdown(servfd, SHUT_RDWR); 608 (void) close(servfd); 609 } 610 611 /* 612 * Read the "ident" string from the client's descriptor; this routine also 613 * tolerates being called with pid=NULL, for times when you want to "eat" 614 * the ident string from a client without saving it. 615 */ 616 static int 617 get_client_ident(int clifd, pid_t *pid, char *locale, size_t locale_len) 618 { 619 char buf[BUFSIZ], *bufp; 620 size_t buflen = sizeof (buf); 621 char c = '\0'; 622 int i = 0, r; 623 624 /* "eat up the ident string" case, for simplicity */ 625 if (pid == NULL) { 626 assert(locale == NULL && locale_len == 0); 627 while (read(clifd, &c, 1) == 1) { 628 if (c == '\n') 629 return (0); 630 } 631 } 632 633 bzero(buf, sizeof (buf)); 634 while ((buflen > 1) && (r = read(clifd, &c, 1)) == 1) { 635 buflen--; 636 if (c == '\n') 637 break; 638 639 buf[i] = c; 640 i++; 641 } 642 if (r == -1) 643 return (-1); 644 645 /* 646 * We've filled the buffer, but still haven't seen \n. Keep eating 647 * until we find it; we don't expect this to happen, but this is 648 * defensive. 649 */ 650 if (c != '\n') { 651 while ((r = read(clifd, &c, sizeof (c))) > 0) 652 if (c == '\n') 653 break; 654 } 655 656 /* 657 * Parse buffer for message of the form: IDENT <pid> <locale> 658 */ 659 bufp = buf; 660 if (strncmp(bufp, "IDENT ", 6) != 0) 661 return (-1); 662 bufp += 6; 663 errno = 0; 664 *pid = strtoll(bufp, &bufp, 10); 665 if (errno != 0) 666 return (-1); 667 668 while (*bufp != '\0' && isspace(*bufp)) 669 bufp++; 670 (void) strlcpy(locale, bufp, locale_len); 671 672 return (0); 673 } 674 675 static int 676 accept_client(int servfd, pid_t *pid, char *locale, size_t locale_len) 677 { 678 int connfd; 679 struct sockaddr_un cliaddr; 680 socklen_t clilen; 681 682 clilen = sizeof (cliaddr); 683 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen); 684 if (connfd == -1) 685 return (-1); 686 if (get_client_ident(connfd, pid, locale, locale_len) == -1) { 687 (void) shutdown(connfd, SHUT_RDWR); 688 (void) close(connfd); 689 return (-1); 690 } 691 (void) write(connfd, "OK\n", 3); 692 return (connfd); 693 } 694 695 static void 696 reject_client(int servfd, pid_t clientpid) 697 { 698 int connfd; 699 struct sockaddr_un cliaddr; 700 socklen_t clilen; 701 char nak[MAXPATHLEN]; 702 703 clilen = sizeof (cliaddr); 704 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen); 705 706 /* 707 * After hear its ident string, tell client to get lost. 708 */ 709 if (get_client_ident(connfd, NULL, NULL, 0) == 0) { 710 (void) snprintf(nak, sizeof (nak), "%lu\n", 711 clientpid); 712 (void) write(connfd, nak, strlen(nak)); 713 } 714 (void) shutdown(connfd, SHUT_RDWR); 715 (void) close(connfd); 716 } 717 718 static void 719 event_message(int clifd, char *clilocale, zone_evt_t evt) 720 { 721 char *str, *lstr = NULL; 722 char lmsg[BUFSIZ]; 723 char outbuf[BUFSIZ]; 724 725 if (clifd == -1) 726 return; 727 728 switch (evt) { 729 case Z_EVT_ZONE_BOOTING: 730 if (*boot_args == '\0') { 731 str = "NOTICE: Zone booting up"; 732 break; 733 } 734 /*LINTED*/ 735 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale, 736 "NOTICE: Zone booting up with arguments: %s"), boot_args); 737 lstr = lmsg; 738 break; 739 case Z_EVT_ZONE_READIED: 740 str = "NOTICE: Zone readied"; 741 break; 742 case Z_EVT_ZONE_HALTED: 743 str = "NOTICE: Zone halted"; 744 break; 745 case Z_EVT_ZONE_REBOOTING: 746 if (*boot_args == '\0') { 747 str = "NOTICE: Zone rebooting"; 748 break; 749 } 750 /*LINTED*/ 751 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale, 752 "NOTICE: Zone rebooting with arguments: %s"), boot_args); 753 lstr = lmsg; 754 break; 755 case Z_EVT_ZONE_UNINSTALLING: 756 str = "NOTICE: Zone is being uninstalled. Disconnecting..."; 757 break; 758 case Z_EVT_ZONE_BOOTFAILED: 759 str = "NOTICE: Zone boot failed"; 760 break; 761 case Z_EVT_ZONE_BADARGS: 762 /*LINTED*/ 763 (void) snprintf(lmsg, sizeof (lmsg), 764 localize_msg(clilocale, 765 "WARNING: Ignoring invalid boot arguments: %s"), 766 bad_boot_arg); 767 lstr = lmsg; 768 break; 769 default: 770 return; 771 } 772 773 if (lstr == NULL) 774 lstr = localize_msg(clilocale, str); 775 (void) snprintf(outbuf, sizeof (outbuf), "\r\n[%s]\r\n", lstr); 776 (void) write(clifd, outbuf, strlen(outbuf)); 777 } 778 779 /* 780 * Check to see if the client at the other end of the socket is still 781 * alive; we know it is not if it throws EPIPE at us when we try to write 782 * an otherwise harmless 0-length message to it. 783 */ 784 static int 785 test_client(int clifd) 786 { 787 if ((write(clifd, "", 0) == -1) && errno == EPIPE) 788 return (-1); 789 return (0); 790 } 791 792 /* 793 * This routine drives the console I/O loop. It polls for input from the 794 * master side of the console (output to the console), and from the client 795 * (input from the console user). Additionally, it polls on the server fd, 796 * and disconnects any clients that might try to hook up with the zone while 797 * the console is in use. 798 * 799 * When the client first calls us up, it is expected to send a line giving 800 * its "identity"; this consists of the string 'IDENT <pid> <locale>'. 801 * This is so that we can report that the console is busy along with 802 * some diagnostics about who has it busy; the locale is used so that 803 * asynchronous messages about zone state (like the NOTICE: zone halted 804 * messages) can be output in the user's locale. 805 */ 806 static void 807 do_console_io(zlog_t *zlogp, int consfd, int servfd) 808 { 809 struct pollfd pollfds[4]; 810 char ibuf[BUFSIZ]; 811 int cc, ret; 812 int clifd = -1; 813 int pollerr = 0; 814 char clilocale[MAXPATHLEN]; 815 pid_t clipid = 0; 816 817 /* console side, watch for read events */ 818 pollfds[0].fd = consfd; 819 pollfds[0].events = POLLIN | POLLRDNORM | POLLRDBAND | 820 POLLPRI | POLLERR | POLLHUP | POLLNVAL; 821 822 /* client side, watch for read events */ 823 pollfds[1].fd = clifd; 824 pollfds[1].events = pollfds[0].events; 825 826 /* the server socket; watch for events (new connections) */ 827 pollfds[2].fd = servfd; 828 pollfds[2].events = pollfds[0].events; 829 830 /* the eventstram; watch for events (e.g.: zone halted) */ 831 pollfds[3].fd = eventstream[1]; 832 pollfds[3].events = pollfds[0].events; 833 834 for (;;) { 835 pollfds[0].revents = pollfds[1].revents = 0; 836 pollfds[2].revents = pollfds[3].revents = 0; 837 838 ret = poll(pollfds, 839 sizeof (pollfds) / sizeof (struct pollfd), -1); 840 if (ret == -1 && errno != EINTR) { 841 zerror(zlogp, B_TRUE, "poll failed"); 842 /* we are hosed, close connection */ 843 break; 844 } 845 846 /* event from console side */ 847 if (pollfds[0].revents) { 848 if (pollfds[0].revents & 849 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) { 850 errno = 0; 851 cc = read(consfd, ibuf, BUFSIZ); 852 if (cc <= 0 && (errno != EINTR) && 853 (errno != EAGAIN)) 854 break; 855 /* 856 * Lose I/O if no one is listening 857 */ 858 if (clifd != -1 && cc > 0) 859 (void) write(clifd, ibuf, cc); 860 } else { 861 pollerr = pollfds[0].revents; 862 zerror(zlogp, B_FALSE, 863 "closing connection with (console) " 864 "pollerr %d\n", pollerr); 865 break; 866 } 867 } 868 869 /* event from client side */ 870 if (pollfds[1].revents) { 871 if (pollfds[1].revents & 872 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) { 873 errno = 0; 874 cc = read(clifd, ibuf, BUFSIZ); 875 if (cc <= 0 && (errno != EINTR) && 876 (errno != EAGAIN)) 877 break; 878 (void) write(consfd, ibuf, cc); 879 } else { 880 pollerr = pollfds[1].revents; 881 zerror(zlogp, B_FALSE, 882 "closing connection with (client) " 883 "pollerr %d\n", pollerr); 884 break; 885 } 886 } 887 888 /* event from server socket */ 889 if (pollfds[2].revents && 890 (pollfds[2].revents & (POLLIN | POLLRDNORM))) { 891 if (clifd != -1) { 892 /* 893 * Test the client to see if it is really 894 * still alive. If it has died but we 895 * haven't yet detected that, we might 896 * deny a legitimate connect attempt. If it 897 * is dead, we break out; once we tear down 898 * the old connection, the new connection 899 * will happen. 900 */ 901 if (test_client(clifd) == -1) { 902 break; 903 } 904 /* we're already handling a client */ 905 reject_client(servfd, clipid); 906 907 908 } else if ((clifd = accept_client(servfd, &clipid, 909 clilocale, sizeof (clilocale))) != -1) { 910 pollfds[1].fd = clifd; 911 912 } else { 913 break; 914 } 915 } 916 917 /* 918 * Watch for events on the eventstream. This is how we get 919 * notified of the zone halting, etc. It provides us a 920 * "wakeup" from poll when important things happen, which 921 * is good. 922 */ 923 if (pollfds[3].revents) { 924 int evt = eventstream_read(); 925 /* 926 * After we drain out the event, if we aren't servicing 927 * a console client, we hop back out to our caller, 928 * which will check to see if it is time to shutdown 929 * the daemon, or if we should take another console 930 * service lap. 931 */ 932 if (clifd == -1) { 933 break; 934 } 935 event_message(clifd, clilocale, evt); 936 /* 937 * Special handling for the message that the zone is 938 * uninstalling; we boot the client, then break out 939 * of this function. When we return to the 940 * serve_console loop, we will see that the zone is 941 * in a state < READY, and so zoneadmd will shutdown. 942 */ 943 if (evt == Z_EVT_ZONE_UNINSTALLING) { 944 break; 945 } 946 } 947 948 } 949 950 if (clifd != -1) { 951 (void) shutdown(clifd, SHUT_RDWR); 952 (void) close(clifd); 953 } 954 } 955 956 int 957 init_console(zlog_t *zlogp) 958 { 959 if (init_console_dev(zlogp) == -1) { 960 zerror(zlogp, B_FALSE, 961 "console setup: device initialization failed"); 962 return (-1); 963 } 964 965 if ((serverfd = init_console_sock(zlogp)) == -1) { 966 zerror(zlogp, B_FALSE, 967 "console setup: socket initialization failed"); 968 return (-1); 969 } 970 return (0); 971 } 972 973 /* 974 * serve_console() is the master loop for driving console I/O. It is also the 975 * routine which is ultimately responsible for "pulling the plug" on zoneadmd 976 * when it realizes that the daemon should shut down. 977 * 978 * The rules for shutdown are: there must be no console client, and the zone 979 * state must be < ready. However, we need to give things a chance to actually 980 * get going when the daemon starts up-- otherwise the daemon would immediately 981 * exit on startup if the zone was in the installed state, so we first drop 982 * into the do_console_io() loop in order to give *something* a chance to 983 * happen. 984 */ 985 void 986 serve_console(zlog_t *zlogp) 987 { 988 int masterfd; 989 zone_state_t zstate; 990 char conspath[MAXPATHLEN]; 991 992 (void) snprintf(conspath, sizeof (conspath), 993 "/dev/zcons/%s/%s", zone_name, ZCONS_MASTER_NAME); 994 995 for (;;) { 996 masterfd = open(conspath, O_RDWR|O_NONBLOCK|O_NOCTTY); 997 if (masterfd == -1) { 998 zerror(zlogp, B_TRUE, "failed to open console master"); 999 (void) mutex_lock(&lock); 1000 goto death; 1001 } 1002 1003 /* 1004 * Setting RPROTDIS on the stream means that the control 1005 * portion of messages received (which we don't care about) 1006 * will be discarded by the stream head. If we allowed such 1007 * messages, we wouldn't be able to use read(2), as it fails 1008 * (EBADMSG) when a message with a control element is received. 1009 */ 1010 if (ioctl(masterfd, I_SRDOPT, RNORM|RPROTDIS) == -1) { 1011 zerror(zlogp, B_TRUE, "failed to set options on " 1012 "console master"); 1013 (void) mutex_lock(&lock); 1014 goto death; 1015 } 1016 1017 do_console_io(zlogp, masterfd, serverfd); 1018 1019 /* 1020 * We would prefer not to do this, but hostile zone processes 1021 * can cause the stream to become tainted, and reads will 1022 * fail. So, in case something has gone seriously ill, 1023 * we dismantle the stream and reopen the console when we 1024 * take another lap. 1025 */ 1026 (void) close(masterfd); 1027 1028 (void) mutex_lock(&lock); 1029 /* 1030 * We need to set death_throes (see below) atomically with 1031 * respect to noticing that (a) we have no console client and 1032 * (b) the zone is not installed. Otherwise we could get a 1033 * request to boot during this time. Once we set death_throes, 1034 * any incoming door stuff will be turned away. 1035 */ 1036 if (zone_get_state(zone_name, &zstate) == Z_OK) { 1037 if (zstate < ZONE_STATE_READY) 1038 goto death; 1039 } else { 1040 zerror(zlogp, B_FALSE, 1041 "unable to determine state of zone"); 1042 goto death; 1043 } 1044 /* 1045 * Even if zone_get_state() fails, stay conservative, and 1046 * take another lap. 1047 */ 1048 (void) mutex_unlock(&lock); 1049 } 1050 1051 death: 1052 assert(MUTEX_HELD(&lock)); 1053 in_death_throes = B_TRUE; 1054 (void) mutex_unlock(&lock); 1055 1056 destroy_console_sock(serverfd); 1057 (void) destroy_console_devs(zlogp); 1058 } 1059