Commit | Line | Data |
---|---|---|
0a708c0e NW |
1 | /*- |
2 | * Copyright (c) 1991 The Regents of the University of California. | |
3 | * All rights reserved. | |
4 | * | |
5 | * This code is derived from software contributed to Berkeley by | |
6 | * Donn Seeley at Berkeley Software Design, Inc. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | |
15 | * documentation and/or other materials provided with the distribution. | |
16 | * 3. All advertising materials mentioning features or use of this software | |
17 | * must display the following acknowledgement: | |
18 | * This product includes software developed by the University of | |
19 | * California, Berkeley and its contributors. | |
20 | * 4. Neither the name of the University nor the names of its contributors | |
21 | * may be used to endorse or promote products derived from this software | |
22 | * without specific prior written permission. | |
23 | * | |
24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
34 | * SUCH DAMAGE. | |
35 | */ | |
36 | ||
37 | #ifndef lint | |
38 | char copyright[] = | |
39 | "@(#) Copyright (c) 1991 The Regents of the University of California.\n\ | |
40 | All rights reserved.\n"; | |
41 | #endif /* not lint */ | |
42 | ||
43 | #ifndef lint | |
44 | static char sccsid[] = "@(#)init.c 6.22 (Berkeley) 6/2/93"; | |
45 | #endif /* not lint */ | |
46 | ||
47 | #include <sys/param.h> | |
48 | #ifndef NOSYSCTL | |
49 | #include <sys/sysctl.h> | |
50 | #endif | |
51 | #include <sys/wait.h> | |
52 | ||
53 | #include <db.h> | |
54 | #include <errno.h> | |
55 | #include <fcntl.h> | |
56 | #include <signal.h> | |
57 | #include <stdio.h> | |
58 | #include <stdlib.h> | |
59 | #include <string.h> | |
60 | #include <syslog.h> | |
61 | #include <time.h> | |
62 | #include <ttyent.h> | |
63 | #include <unistd.h> | |
22860a22 | 64 | #include <sys/reboot.h> |
0a708c0e NW |
65 | |
66 | #ifdef __STDC__ | |
67 | #include <stdarg.h> | |
68 | #else | |
69 | #include <varargs.h> | |
70 | #endif | |
71 | ||
72 | #ifdef SECURE | |
73 | #include <pwd.h> | |
74 | #endif | |
75 | ||
76 | #include "pathnames.h" | |
77 | ||
78 | /* | |
79 | * Until the mythical util.h arrives... | |
80 | */ | |
81 | extern int login_tty __P((int)); | |
82 | extern int logout __P((const char *)); | |
83 | extern void logwtmp __P((const char *, const char *, const char *)); | |
84 | ||
85 | /* | |
86 | * Sleep times; used to prevent thrashing. | |
87 | */ | |
88 | #define GETTY_SPACING 5 /* N secs minimum getty spacing */ | |
89 | #define GETTY_SLEEP 30 /* sleep N secs after spacing problem */ | |
90 | #define WINDOW_WAIT 3 /* wait N secs after starting window */ | |
91 | #define STALL_TIMEOUT 30 /* wait N secs after warning */ | |
92 | #define DEATH_WATCH 10 /* wait N secs for procs to die */ | |
93 | ||
94 | void handle __P((sig_t, ...)); | |
95 | void delset __P((sigset_t *, ...)); | |
96 | ||
97 | void stall __P((char *, ...)); | |
98 | void warning __P((char *, ...)); | |
99 | void emergency __P((char *, ...)); | |
100 | void disaster __P((int)); | |
101 | void badsys __P((int)); | |
102 | ||
103 | /* | |
104 | * We really need a recursive typedef... | |
105 | * The following at least guarantees that the return type of (*state_t)() | |
106 | * is sufficiently wide to hold a function pointer. | |
107 | */ | |
108 | typedef long (*state_func_t) __P((void)); | |
109 | typedef state_func_t (*state_t) __P((void)); | |
110 | ||
111 | state_func_t single_user __P((void)); | |
112 | state_func_t runcom __P((void)); | |
113 | state_func_t read_ttys __P((void)); | |
114 | state_func_t multi_user __P((void)); | |
115 | state_func_t clean_ttys __P((void)); | |
116 | state_func_t catatonia __P((void)); | |
117 | state_func_t death __P((void)); | |
118 | ||
119 | enum { AUTOBOOT, FASTBOOT } runcom_mode = AUTOBOOT; | |
22860a22 | 120 | int noreboot = 0; |
0a708c0e NW |
121 | |
122 | void transition __P((state_t)); | |
123 | state_t requested_transition = runcom; | |
124 | ||
125 | void setctty __P((char *)); | |
126 | ||
127 | typedef struct init_session { | |
128 | int se_index; /* index of entry in ttys file */ | |
129 | pid_t se_process; /* controlling process */ | |
130 | time_t se_started; /* used to avoid thrashing */ | |
131 | int se_flags; /* status of session */ | |
132 | #define SE_SHUTDOWN 0x1 /* session won't be restarted */ | |
133 | char *se_device; /* filename of port */ | |
134 | char *se_getty; /* what to run on that port */ | |
135 | char **se_getty_argv; /* pre-parsed argument array */ | |
136 | char *se_window; /* window system (started only once) */ | |
137 | char **se_window_argv; /* pre-parsed argument array */ | |
138 | struct init_session *se_prev; | |
139 | struct init_session *se_next; | |
140 | } session_t; | |
141 | ||
142 | void free_session __P((session_t *)); | |
143 | session_t *new_session __P((session_t *, int, struct ttyent *)); | |
144 | session_t *sessions; | |
145 | ||
146 | char **construct_argv __P((char *)); | |
147 | void start_window_system __P((session_t *)); | |
148 | void collect_child __P((pid_t)); | |
149 | pid_t start_getty __P((session_t *)); | |
150 | void transition_handler __P((int)); | |
151 | void alrm_handler __P((int)); | |
152 | void setsecuritylevel __P((int)); | |
153 | int getsecuritylevel __P((void)); | |
154 | int setupargv __P((session_t *, struct ttyent *)); | |
155 | int clang; | |
156 | ||
157 | void clear_session_logs __P((session_t *)); | |
158 | ||
159 | int start_session_db __P((void)); | |
160 | void add_session __P((session_t *)); | |
161 | void del_session __P((session_t *)); | |
162 | session_t *find_session __P((pid_t)); | |
163 | DB *session_db; | |
164 | ||
165 | /* | |
166 | * The mother of all processes. | |
167 | */ | |
168 | int | |
169 | main(argc, argv) | |
170 | int argc; | |
171 | char **argv; | |
172 | { | |
173 | int c; | |
174 | struct sigaction sa; | |
175 | sigset_t mask; | |
176 | ||
177 | ||
178 | /* Dispose of random users. */ | |
179 | if (getuid() != 0) { | |
180 | (void)fprintf(stderr, "init: %s\n", strerror(EPERM)); | |
181 | exit (1); | |
182 | } | |
183 | ||
184 | /* System V users like to reexec init. */ | |
185 | if (getpid() != 1) { | |
186 | (void)fprintf(stderr, "init: already running\n"); | |
187 | exit (1); | |
188 | } | |
189 | ||
190 | /* | |
191 | * Note that this does NOT open a file... | |
192 | * Does 'init' deserve its own facility number? | |
193 | */ | |
194 | openlog("init", LOG_CONS|LOG_ODELAY, LOG_AUTH); | |
195 | ||
196 | /* | |
197 | * Create an initial session. | |
198 | */ | |
199 | if (setsid() < 0) | |
200 | warning("initial setsid() failed: %m"); | |
201 | ||
202 | /* | |
203 | * This code assumes that we always get arguments through flags, | |
204 | * never through bits set in some random machine register. | |
205 | */ | |
206 | while ((c = getopt(argc, argv, "sf")) != -1) | |
207 | switch (c) { | |
208 | case 's': | |
209 | requested_transition = single_user; | |
210 | break; | |
211 | case 'f': | |
212 | runcom_mode = FASTBOOT; | |
213 | break; | |
214 | default: | |
215 | warning("unrecognized flag '-%c'", c); | |
216 | break; | |
217 | } | |
218 | ||
219 | if (optind != argc) | |
220 | warning("ignoring excess arguments"); | |
221 | ||
222 | /* | |
223 | * We catch or block signals rather than ignore them, | |
224 | * so that they get reset on exec. | |
225 | */ | |
226 | handle(badsys, SIGSYS, 0); | |
227 | handle(disaster, SIGABRT, SIGFPE, SIGILL, SIGSEGV, | |
228 | SIGBUS, SIGXCPU, SIGXFSZ, 0); | |
22860a22 | 229 | handle(transition_handler, SIGHUP, SIGINT, SIGTERM, SIGTSTP, 0); |
0a708c0e NW |
230 | handle(alrm_handler, SIGALRM, 0); |
231 | sigfillset(&mask); | |
232 | delset(&mask, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGSYS, | |
22860a22 | 233 | SIGXCPU, SIGXFSZ, SIGHUP, SIGINT, SIGTERM, SIGTSTP, SIGALRM, 0); |
0a708c0e NW |
234 | sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); |
235 | sigemptyset(&sa.sa_mask); | |
236 | sa.sa_flags = 0; | |
237 | sa.sa_handler = SIG_IGN; | |
238 | (void) sigaction(SIGTTIN, &sa, (struct sigaction *)0); | |
239 | (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0); | |
240 | ||
241 | /* | |
242 | * Paranoia. | |
243 | */ | |
244 | close(0); | |
245 | close(1); | |
246 | close(2); | |
247 | ||
248 | /* | |
249 | * Start the state machine. | |
250 | */ | |
251 | transition(requested_transition); | |
252 | ||
253 | /* | |
254 | * Should never reach here. | |
255 | */ | |
256 | return 1; | |
257 | } | |
258 | ||
259 | /* | |
260 | * Associate a function with a signal handler. | |
261 | */ | |
262 | void | |
263 | #ifdef __STDC__ | |
264 | handle(sig_t handler, ...) | |
265 | #else | |
266 | handle(va_alist) | |
267 | va_dcl | |
268 | #endif | |
269 | { | |
270 | int sig; | |
271 | struct sigaction sa; | |
272 | int mask_everything; | |
273 | va_list ap; | |
274 | #ifndef __STDC__ | |
275 | sig_t handler; | |
276 | ||
277 | va_start(ap); | |
278 | handler = va_arg(ap, sig_t); | |
279 | #else | |
280 | va_start(ap, handler); | |
281 | #endif | |
282 | ||
283 | sa.sa_handler = handler; | |
284 | sigfillset(&mask_everything); | |
285 | ||
286 | while (sig = va_arg(ap, int)) { | |
287 | sa.sa_mask = mask_everything; | |
288 | /* XXX SA_RESTART? */ | |
289 | sa.sa_flags = sig == SIGCHLD ? SA_NOCLDSTOP : 0; | |
290 | sigaction(sig, &sa, (struct sigaction *) 0); | |
291 | } | |
292 | va_end(ap); | |
293 | } | |
294 | ||
295 | /* | |
296 | * Delete a set of signals from a mask. | |
297 | */ | |
298 | void | |
299 | #ifdef __STDC__ | |
300 | delset(sigset_t *maskp, ...) | |
301 | #else | |
302 | delset(va_alist) | |
303 | va_dcl | |
304 | #endif | |
305 | { | |
306 | int sig; | |
307 | va_list ap; | |
308 | #ifndef __STDC__ | |
309 | sigset_t *maskp; | |
310 | ||
311 | va_start(ap); | |
312 | maskp = va_arg(ap, sigset_t *); | |
313 | #else | |
314 | va_start(ap, maskp); | |
315 | #endif | |
316 | ||
317 | while (sig = va_arg(ap, int)) | |
318 | sigdelset(maskp, sig); | |
319 | va_end(ap); | |
320 | } | |
321 | ||
322 | /* | |
323 | * Log a message and sleep for a while (to give someone an opportunity | |
324 | * to read it and to save log or hardcopy output if the problem is chronic). | |
325 | * NB: should send a message to the session logger to avoid blocking. | |
326 | */ | |
327 | void | |
328 | #ifdef __STDC__ | |
329 | stall(char *message, ...) | |
330 | #else | |
331 | stall(va_alist) | |
332 | va_dcl | |
333 | #endif | |
334 | { | |
335 | va_list ap; | |
336 | #ifndef __STDC__ | |
337 | char *message; | |
338 | ||
339 | va_start(ap); | |
340 | message = va_arg(ap, char *); | |
341 | #else | |
342 | va_start(ap, message); | |
343 | #endif | |
344 | ||
345 | vsyslog(LOG_ALERT, message, ap); | |
346 | va_end(ap); | |
347 | sleep(STALL_TIMEOUT); | |
348 | } | |
349 | ||
350 | /* | |
351 | * Like stall(), but doesn't sleep. | |
352 | * If cpp had variadic macros, the two functions could be #defines for another. | |
353 | * NB: should send a message to the session logger to avoid blocking. | |
354 | */ | |
355 | void | |
356 | #ifdef __STDC__ | |
357 | warning(char *message, ...) | |
358 | #else | |
359 | warning(va_alist) | |
360 | va_dcl | |
361 | #endif | |
362 | { | |
363 | va_list ap; | |
364 | #ifndef __STDC__ | |
365 | char *message; | |
366 | ||
367 | va_start(ap); | |
368 | message = va_arg(ap, char *); | |
369 | #else | |
370 | va_start(ap, message); | |
371 | #endif | |
372 | ||
373 | vsyslog(LOG_ALERT, message, ap); | |
374 | va_end(ap); | |
375 | } | |
376 | ||
377 | /* | |
378 | * Log an emergency message. | |
379 | * NB: should send a message to the session logger to avoid blocking. | |
380 | */ | |
381 | void | |
382 | #ifdef __STDC__ | |
383 | emergency(char *message, ...) | |
384 | #else | |
385 | emergency(va_alist) | |
386 | va_dcl | |
387 | #endif | |
388 | { | |
389 | va_list ap; | |
390 | #ifndef __STDC__ | |
391 | char *message; | |
392 | ||
393 | va_start(ap); | |
394 | message = va_arg(ap, char *); | |
395 | #else | |
396 | va_start(ap, message); | |
397 | #endif | |
398 | ||
399 | vsyslog(LOG_EMERG, message, ap); | |
400 | va_end(ap); | |
401 | } | |
402 | ||
403 | /* | |
404 | * Catch a SIGSYS signal. | |
405 | * | |
406 | * These may arise if a system does not support sysctl. | |
407 | * We tolerate up to 25 of these, then throw in the towel. | |
408 | */ | |
409 | void | |
410 | badsys(sig) | |
411 | int sig; | |
412 | { | |
413 | static int badcount = 0; | |
414 | ||
415 | if (badcount++ < 25) | |
416 | return; | |
417 | disaster(sig); | |
418 | } | |
419 | ||
420 | /* | |
421 | * Catch an unexpected signal. | |
422 | */ | |
423 | void | |
424 | disaster(sig) | |
425 | int sig; | |
426 | { | |
427 | emergency("fatal signal: %s", | |
428 | sig < (unsigned) NSIG ? sys_siglist[sig] : "unknown signal"); | |
429 | ||
430 | sleep(STALL_TIMEOUT); | |
431 | _exit(sig); /* reboot */ | |
432 | } | |
433 | ||
434 | /* | |
435 | * Get the security level of the kernel. | |
436 | */ | |
437 | int | |
438 | getsecuritylevel() | |
439 | { | |
440 | #ifdef KERN_SECURELVL | |
441 | int name[2], curlevel; | |
442 | size_t len; | |
443 | extern int errno; | |
444 | ||
445 | name[0] = CTL_KERN; | |
446 | name[1] = KERN_SECURELVL; | |
447 | len = sizeof curlevel; | |
448 | if (sysctl(name, 2, &curlevel, &len, NULL, 0) == -1) { | |
449 | emergency("cannot get kernel security level: %s", | |
450 | strerror(errno)); | |
451 | return (-1); | |
452 | } | |
453 | return (curlevel); | |
454 | #else | |
455 | return (-1); | |
456 | #endif | |
457 | } | |
458 | ||
459 | /* | |
460 | * Set the security level of the kernel. | |
461 | */ | |
462 | void | |
463 | setsecuritylevel(newlevel) | |
464 | int newlevel; | |
465 | { | |
466 | #ifdef KERN_SECURELVL | |
467 | int name[2], curlevel; | |
468 | extern int errno; | |
469 | ||
470 | curlevel = getsecuritylevel(); | |
471 | if (newlevel == curlevel) | |
472 | return; | |
473 | name[0] = CTL_KERN; | |
474 | name[1] = KERN_SECURELVL; | |
475 | if (sysctl(name, 2, NULL, NULL, &newlevel, sizeof newlevel) == -1) { | |
476 | emergency( | |
477 | "cannot change kernel security level from %d to %d: %s", | |
478 | curlevel, newlevel, strerror(errno)); | |
479 | return; | |
480 | } | |
481 | #ifdef SECURE | |
482 | warning("kernel security level changed from %d to %d", | |
483 | curlevel, newlevel); | |
484 | #endif | |
485 | #endif | |
486 | } | |
487 | ||
488 | /* | |
489 | * Change states in the finite state machine. | |
490 | * The initial state is passed as an argument. | |
491 | */ | |
492 | void | |
493 | transition(s) | |
494 | state_t s; | |
495 | { | |
496 | for (;;) | |
497 | s = (state_t) (*s)(); | |
498 | } | |
499 | ||
500 | /* | |
501 | * Close out the accounting files for a login session. | |
502 | * NB: should send a message to the session logger to avoid blocking. | |
503 | */ | |
504 | void | |
505 | clear_session_logs(sp) | |
506 | session_t *sp; | |
507 | { | |
508 | char *line = sp->se_device + sizeof(_PATH_DEV) - 1; | |
509 | ||
510 | if (logout(line)) | |
511 | logwtmp(line, "", ""); | |
512 | } | |
513 | ||
514 | /* | |
515 | * Start a session and allocate a controlling terminal. | |
516 | * Only called by children of init after forking. | |
517 | */ | |
518 | void | |
519 | setctty(name) | |
520 | char *name; | |
521 | { | |
522 | int fd; | |
523 | ||
524 | (void) revoke(name); | |
df08b487 | 525 | #ifdef BROKEN_DTR |
0a708c0e | 526 | sleep (2); /* leave DTR low */ |
df08b487 | 527 | #endif |
0a708c0e NW |
528 | if ((fd = open(name, O_RDWR)) == -1) { |
529 | stall("can't open %s: %m", name); | |
530 | _exit(1); | |
531 | } | |
532 | if (login_tty(fd) == -1) { | |
533 | stall("can't get %s for controlling terminal: %m", name); | |
534 | _exit(1); | |
535 | } | |
536 | } | |
537 | ||
538 | /* | |
539 | * Bring the system up single user. | |
540 | */ | |
541 | state_func_t | |
542 | single_user() | |
543 | { | |
544 | pid_t pid, wpid; | |
545 | int status; | |
546 | sigset_t mask; | |
547 | char *shell = _PATH_BSHELL; | |
548 | char *argv[2]; | |
549 | #ifdef SECURE | |
550 | struct ttyent *typ; | |
551 | struct passwd *pp; | |
552 | static const char banner[] = | |
553 | "Enter root password, or ^D to go multi-user\n"; | |
554 | char *clear, *password; | |
555 | #endif | |
556 | ||
557 | /* | |
558 | * If the kernel is in secure mode, downgrade it to insecure mode. | |
559 | */ | |
560 | if (getsecuritylevel() > 0) | |
561 | setsecuritylevel(0); | |
562 | ||
22860a22 NW |
563 | if ( noreboot > 0) { |
564 | /* Instead of going single user, let's halt the machine */ | |
565 | sync(); | |
566 | alarm(2); | |
567 | pause(); | |
568 | reboot(RB_HALT); | |
569 | _exit(0); | |
570 | } | |
571 | ||
0a708c0e NW |
572 | if ((pid = fork()) == 0) { |
573 | /* | |
574 | * Start the single user session. | |
575 | */ | |
576 | setctty(_PATH_CONSOLE); | |
577 | ||
578 | #ifdef SECURE | |
579 | /* | |
580 | * Check the root password. | |
581 | * We don't care if the console is 'on' by default; | |
582 | * it's the only tty that can be 'off' and 'secure'. | |
583 | */ | |
584 | typ = getttynam("console"); | |
585 | pp = getpwnam("root"); | |
586 | if (typ && (typ->ty_status & TTY_SECURE) == 0 && pp) { | |
587 | write(2, banner, sizeof banner - 1); | |
588 | for (;;) { | |
589 | clear = getpass("Password:"); | |
590 | if (clear == 0 || *clear == '\0') | |
591 | _exit(0); | |
592 | password = crypt(clear, pp->pw_passwd); | |
593 | bzero(clear, _PASSWORD_LEN); | |
594 | if (strcmp(password, pp->pw_passwd) == 0) | |
595 | break; | |
596 | warning("single-user login failed\n"); | |
597 | } | |
598 | } | |
599 | endttyent(); | |
600 | endpwent(); | |
601 | #endif /* SECURE */ | |
602 | ||
603 | #ifdef DEBUGSHELL | |
604 | { | |
605 | char altshell[128], *cp = altshell; | |
606 | int num; | |
607 | ||
608 | #define SHREQUEST \ | |
609 | "Enter pathname of shell or RETURN for sh: " | |
610 | (void)write(STDERR_FILENO, | |
611 | SHREQUEST, sizeof(SHREQUEST) - 1); | |
612 | while ((num = read(STDIN_FILENO, cp, 1)) != -1 && | |
613 | num != 0 && *cp != '\n' && cp < &altshell[127]) | |
614 | cp++; | |
615 | *cp = '\0'; | |
616 | if (altshell[0] != '\0') | |
617 | shell = altshell; | |
618 | } | |
619 | #endif /* DEBUGSHELL */ | |
620 | ||
621 | /* | |
622 | * Unblock signals. | |
623 | * We catch all the interesting ones, | |
624 | * and those are reset to SIG_DFL on exec. | |
625 | */ | |
626 | sigemptyset(&mask); | |
627 | sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); | |
628 | ||
629 | /* | |
630 | * Fire off a shell. | |
631 | * If the default one doesn't work, try the Bourne shell. | |
632 | */ | |
633 | argv[0] = "-sh"; | |
634 | argv[1] = 0; | |
635 | execv(shell, argv); | |
636 | emergency("can't exec %s for single user: %m", shell); | |
637 | execv(_PATH_BSHELL, argv); | |
638 | emergency("can't exec %s for single user: %m", _PATH_BSHELL); | |
639 | sleep(STALL_TIMEOUT); | |
640 | _exit(1); | |
641 | } | |
642 | ||
643 | if (pid == -1) { | |
644 | /* | |
645 | * We are seriously hosed. Do our best. | |
646 | */ | |
647 | emergency("can't fork single-user shell, trying again"); | |
648 | while (waitpid(-1, (int *) 0, WNOHANG) > 0) | |
649 | continue; | |
650 | return (state_func_t) single_user; | |
651 | } | |
652 | ||
653 | requested_transition = 0; | |
654 | do { | |
655 | if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) | |
656 | collect_child(wpid); | |
657 | if (wpid == -1) { | |
658 | if (errno == EINTR) | |
659 | continue; | |
660 | warning("wait for single-user shell failed: %m; restarting"); | |
661 | return (state_func_t) single_user; | |
662 | } | |
663 | if (wpid == pid && WIFSTOPPED(status)) { | |
664 | warning("init: shell stopped, restarting\n"); | |
665 | kill(pid, SIGCONT); | |
666 | wpid = -1; | |
667 | } | |
668 | } while (wpid != pid && !requested_transition); | |
669 | ||
670 | if (requested_transition) | |
671 | return (state_func_t) requested_transition; | |
672 | ||
673 | if (!WIFEXITED(status)) { | |
674 | if (WTERMSIG(status) == SIGKILL) { | |
675 | /* | |
676 | * reboot(8) killed shell? | |
677 | */ | |
678 | warning("single user shell terminated."); | |
679 | sleep(STALL_TIMEOUT); | |
680 | _exit(0); | |
681 | } else { | |
682 | warning("single user shell terminated, restarting"); | |
683 | return (state_func_t) single_user; | |
684 | } | |
685 | } | |
686 | ||
687 | runcom_mode = FASTBOOT; | |
688 | return (state_func_t) runcom; | |
689 | } | |
690 | ||
691 | /* | |
692 | * Run the system startup script. | |
693 | */ | |
694 | state_func_t | |
695 | runcom() | |
696 | { | |
697 | pid_t pid, wpid; | |
698 | int status; | |
699 | char *argv[4]; | |
700 | struct sigaction sa; | |
701 | ||
702 | if ((pid = fork()) == 0) { | |
703 | sigemptyset(&sa.sa_mask); | |
704 | sa.sa_flags = 0; | |
705 | sa.sa_handler = SIG_IGN; | |
706 | (void) sigaction(SIGTSTP, &sa, (struct sigaction *)0); | |
707 | (void) sigaction(SIGHUP, &sa, (struct sigaction *)0); | |
708 | ||
709 | setctty(_PATH_CONSOLE); | |
710 | ||
711 | argv[0] = "sh"; | |
712 | argv[1] = _PATH_RUNCOM; | |
713 | argv[2] = runcom_mode == AUTOBOOT ? "autoboot" : 0; | |
714 | argv[3] = 0; | |
715 | ||
716 | sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0); | |
717 | ||
718 | execv(_PATH_BSHELL, argv); | |
719 | stall("can't exec %s for %s: %m", _PATH_BSHELL, _PATH_RUNCOM); | |
720 | _exit(1); /* force single user mode */ | |
721 | } | |
722 | ||
723 | if (pid == -1) { | |
724 | emergency("can't fork for %s on %s: %m", | |
725 | _PATH_BSHELL, _PATH_RUNCOM); | |
726 | while (waitpid(-1, (int *) 0, WNOHANG) > 0) | |
727 | continue; | |
728 | sleep(STALL_TIMEOUT); | |
729 | return (state_func_t) single_user; | |
730 | } | |
731 | ||
732 | /* | |
733 | * Copied from single_user(). This is a bit paranoid. | |
734 | */ | |
735 | do { | |
736 | if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) | |
737 | collect_child(wpid); | |
738 | if (wpid == -1) { | |
739 | if (errno == EINTR) | |
740 | continue; | |
741 | warning("wait for %s on %s failed: %m; going to single user mode", | |
742 | _PATH_BSHELL, _PATH_RUNCOM); | |
743 | return (state_func_t) single_user; | |
744 | } | |
745 | if (wpid == pid && WIFSTOPPED(status)) { | |
746 | warning("init: %s on %s stopped, restarting\n", | |
747 | _PATH_BSHELL, _PATH_RUNCOM); | |
748 | kill(pid, SIGCONT); | |
749 | wpid = -1; | |
750 | } | |
751 | } while (wpid != pid); | |
752 | ||
753 | if (WIFSIGNALED(status) && WTERMSIG(status) == SIGTERM && | |
754 | requested_transition == catatonia) { | |
755 | /* /etc/rc executed /sbin/reboot; wait for the end quietly */ | |
756 | sigset_t s; | |
757 | ||
758 | sigfillset(&s); | |
759 | for (;;) | |
760 | sigsuspend(&s); | |
761 | } | |
762 | ||
763 | if (!WIFEXITED(status)) { | |
764 | warning("%s on %s terminated abnormally, going to single user mode", | |
765 | _PATH_BSHELL, _PATH_RUNCOM); | |
766 | return (state_func_t) single_user; | |
767 | } | |
768 | ||
769 | if (WEXITSTATUS(status)) | |
770 | return (state_func_t) single_user; | |
771 | ||
772 | runcom_mode = AUTOBOOT; /* the default */ | |
773 | /* NB: should send a message to the session logger to avoid blocking. */ | |
774 | logwtmp("~", "reboot", ""); | |
775 | return (state_func_t) read_ttys; | |
776 | } | |
777 | ||
778 | /* | |
779 | * Open the session database. | |
780 | * | |
781 | * NB: We could pass in the size here; is it necessary? | |
782 | */ | |
783 | int | |
784 | start_session_db() | |
785 | { | |
786 | if (session_db && (*session_db->close)(session_db)) | |
787 | emergency("session database close: %s", strerror(errno)); | |
788 | if ((session_db = dbopen(NULL, O_RDWR, 0, DB_HASH, NULL)) == 0) { | |
789 | emergency("session database open: %s", strerror(errno)); | |
790 | return (1); | |
791 | } | |
792 | return (0); | |
793 | ||
794 | } | |
795 | ||
796 | /* | |
797 | * Add a new login session. | |
798 | */ | |
799 | void | |
800 | add_session(sp) | |
801 | session_t *sp; | |
802 | { | |
803 | DBT key; | |
804 | DBT data; | |
805 | ||
806 | key.data = &sp->se_process; | |
807 | key.size = sizeof sp->se_process; | |
808 | data.data = &sp; | |
809 | data.size = sizeof sp; | |
810 | ||
811 | if ((*session_db->put)(session_db, &key, &data, 0)) | |
812 | emergency("insert %d: %s", sp->se_process, strerror(errno)); | |
813 | } | |
814 | ||
815 | /* | |
816 | * Delete an old login session. | |
817 | */ | |
818 | void | |
819 | del_session(sp) | |
820 | session_t *sp; | |
821 | { | |
822 | DBT key; | |
823 | ||
824 | key.data = &sp->se_process; | |
825 | key.size = sizeof sp->se_process; | |
826 | ||
827 | if ((*session_db->del)(session_db, &key, 0)) | |
828 | emergency("delete %d: %s", sp->se_process, strerror(errno)); | |
829 | } | |
830 | ||
831 | /* | |
832 | * Look up a login session by pid. | |
833 | */ | |
834 | session_t * | |
835 | #ifdef __STDC__ | |
836 | find_session(pid_t pid) | |
837 | #else | |
838 | find_session(pid) | |
839 | pid_t pid; | |
840 | #endif | |
841 | { | |
842 | DBT key; | |
843 | DBT data; | |
844 | session_t *ret; | |
845 | ||
846 | key.data = &pid; | |
847 | key.size = sizeof pid; | |
848 | if ((*session_db->get)(session_db, &key, &data, 0) != 0) | |
849 | return 0; | |
850 | bcopy(data.data, (char *)&ret, sizeof(ret)); | |
851 | return ret; | |
852 | } | |
853 | ||
854 | /* | |
855 | * Construct an argument vector from a command line. | |
856 | */ | |
857 | char ** | |
858 | construct_argv(command) | |
859 | char *command; | |
860 | { | |
861 | register int argc = 0; | |
862 | register char **argv = (char **) malloc(((strlen(command) + 1) / 2 + 1) | |
863 | * sizeof (char *)); | |
864 | static const char separators[] = " \t"; | |
865 | ||
866 | if ((argv[argc++] = strtok(command, separators)) == 0) | |
867 | return 0; | |
868 | while (argv[argc++] = strtok((char *) 0, separators)) | |
869 | continue; | |
870 | return argv; | |
871 | } | |
872 | ||
873 | /* | |
874 | * Deallocate a session descriptor. | |
875 | */ | |
876 | void | |
877 | free_session(sp) | |
878 | register session_t *sp; | |
879 | { | |
880 | free(sp->se_device); | |
881 | if (sp->se_getty) { | |
882 | free(sp->se_getty); | |
883 | free(sp->se_getty_argv); | |
884 | } | |
885 | if (sp->se_window) { | |
886 | free(sp->se_window); | |
887 | free(sp->se_window_argv); | |
888 | } | |
889 | free(sp); | |
890 | } | |
891 | ||
892 | /* | |
893 | * Allocate a new session descriptor. | |
894 | */ | |
895 | session_t * | |
896 | new_session(sprev, session_index, typ) | |
897 | session_t *sprev; | |
898 | int session_index; | |
899 | register struct ttyent *typ; | |
900 | { | |
901 | register session_t *sp; | |
902 | ||
903 | if ((typ->ty_status & TTY_ON) == 0 || | |
904 | typ->ty_name == 0 || | |
905 | typ->ty_getty == 0) | |
906 | return 0; | |
907 | ||
908 | sp = (session_t *) malloc(sizeof (session_t)); | |
909 | bzero(sp, sizeof *sp); | |
910 | ||
911 | sp->se_index = session_index; | |
912 | ||
913 | sp->se_device = malloc(sizeof(_PATH_DEV) + strlen(typ->ty_name)); | |
914 | (void) sprintf(sp->se_device, "%s%s", _PATH_DEV, typ->ty_name); | |
915 | ||
916 | if (setupargv(sp, typ) == 0) { | |
917 | free_session(sp); | |
918 | return (0); | |
919 | } | |
920 | ||
921 | sp->se_next = 0; | |
922 | if (sprev == 0) { | |
923 | sessions = sp; | |
924 | sp->se_prev = 0; | |
925 | } else { | |
926 | sprev->se_next = sp; | |
927 | sp->se_prev = sprev; | |
928 | } | |
929 | ||
930 | return sp; | |
931 | } | |
932 | ||
933 | /* | |
934 | * Calculate getty and if useful window argv vectors. | |
935 | */ | |
936 | int | |
937 | setupargv(sp, typ) | |
938 | session_t *sp; | |
939 | struct ttyent *typ; | |
940 | { | |
941 | ||
942 | if (sp->se_getty) { | |
943 | free(sp->se_getty); | |
944 | free(sp->se_getty_argv); | |
945 | } | |
946 | sp->se_getty = malloc(strlen(typ->ty_getty) + strlen(typ->ty_name) + 2); | |
947 | (void) sprintf(sp->se_getty, "%s %s", typ->ty_getty, typ->ty_name); | |
948 | sp->se_getty_argv = construct_argv(sp->se_getty); | |
949 | if (sp->se_getty_argv == 0) { | |
950 | warning("can't parse getty for port %s", sp->se_device); | |
951 | free(sp->se_getty); | |
952 | sp->se_getty = 0; | |
953 | return (0); | |
954 | } | |
955 | if (typ->ty_window) { | |
956 | if (sp->se_window) | |
957 | free(sp->se_window); | |
958 | sp->se_window = strdup(typ->ty_window); | |
959 | sp->se_window_argv = construct_argv(sp->se_window); | |
960 | if (sp->se_window_argv == 0) { | |
961 | warning("can't parse window for port %s", | |
962 | sp->se_device); | |
963 | free(sp->se_window); | |
964 | sp->se_window = 0; | |
965 | return (0); | |
966 | } | |
967 | } | |
968 | return (1); | |
969 | } | |
970 | ||
971 | /* | |
972 | * Walk the list of ttys and create sessions for each active line. | |
973 | */ | |
974 | state_func_t | |
975 | read_ttys() | |
976 | { | |
977 | int session_index = 0; | |
978 | register session_t *sp, *snext; | |
979 | register struct ttyent *typ; | |
980 | ||
981 | /* | |
982 | * Destroy any previous session state. | |
983 | * There shouldn't be any, but just in case... | |
984 | */ | |
985 | for (sp = sessions; sp; sp = snext) { | |
986 | if (sp->se_process) | |
987 | clear_session_logs(sp); | |
988 | snext = sp->se_next; | |
989 | free_session(sp); | |
990 | } | |
991 | sessions = 0; | |
992 | if (start_session_db()) | |
993 | return (state_func_t) single_user; | |
994 | ||
995 | /* | |
996 | * Allocate a session entry for each active port. | |
997 | * Note that sp starts at 0. | |
998 | */ | |
999 | while (typ = getttyent()) | |
1000 | if (snext = new_session(sp, ++session_index, typ)) | |
1001 | sp = snext; | |
1002 | ||
1003 | endttyent(); | |
1004 | ||
1005 | return (state_func_t) multi_user; | |
1006 | } | |
1007 | ||
1008 | /* | |
1009 | * Start a window system running. | |
1010 | */ | |
1011 | void | |
1012 | start_window_system(sp) | |
1013 | session_t *sp; | |
1014 | { | |
1015 | pid_t pid; | |
1016 | sigset_t mask; | |
1017 | ||
1018 | if ((pid = fork()) == -1) { | |
1019 | emergency("can't fork for window system on port %s: %m", | |
1020 | sp->se_device); | |
1021 | /* hope that getty fails and we can try again */ | |
1022 | return; | |
1023 | } | |
1024 | ||
1025 | if (pid) | |
1026 | return; | |
1027 | ||
1028 | sigemptyset(&mask); | |
1029 | sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); | |
1030 | ||
1031 | if (setsid() < 0) | |
1032 | emergency("setsid failed (window) %m"); | |
1033 | ||
1034 | execv(sp->se_window_argv[0], sp->se_window_argv); | |
1035 | stall("can't exec window system '%s' for port %s: %m", | |
1036 | sp->se_window_argv[0], sp->se_device); | |
1037 | _exit(1); | |
1038 | } | |
1039 | ||
1040 | /* | |
1041 | * Start a login session running. | |
1042 | */ | |
1043 | pid_t | |
1044 | start_getty(sp) | |
1045 | session_t *sp; | |
1046 | { | |
1047 | pid_t pid; | |
1048 | sigset_t mask; | |
1049 | time_t current_time = time((time_t *) 0); | |
1050 | ||
1051 | /* | |
1052 | * fork(), not vfork() -- we can't afford to block. | |
1053 | */ | |
1054 | if ((pid = fork()) == -1) { | |
1055 | emergency("can't fork for getty on port %s: %m", sp->se_device); | |
1056 | return -1; | |
1057 | } | |
1058 | ||
1059 | if (pid) | |
1060 | return pid; | |
1061 | ||
1062 | if (current_time > sp->se_started && | |
1063 | current_time - sp->se_started < GETTY_SPACING) { | |
1064 | warning("getty repeating too quickly on port %s, sleeping", | |
1065 | sp->se_device); | |
1066 | sleep((unsigned) GETTY_SLEEP); | |
1067 | } | |
1068 | ||
1069 | if (sp->se_window) { | |
1070 | start_window_system(sp); | |
1071 | sleep(WINDOW_WAIT); | |
1072 | } | |
1073 | ||
1074 | sigemptyset(&mask); | |
1075 | sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); | |
1076 | ||
1077 | execv(sp->se_getty_argv[0], sp->se_getty_argv); | |
1078 | stall("can't exec getty '%s' for port %s: %m", | |
1079 | sp->se_getty_argv[0], sp->se_device); | |
1080 | _exit(1); | |
1081 | } | |
1082 | ||
1083 | /* | |
1084 | * Collect exit status for a child. | |
1085 | * If an exiting login, start a new login running. | |
1086 | */ | |
1087 | void | |
1088 | #ifdef __STDC__ | |
1089 | collect_child(pid_t pid) | |
1090 | #else | |
1091 | collect_child(pid) | |
1092 | pid_t pid; | |
1093 | #endif | |
1094 | { | |
1095 | register session_t *sp, *sprev, *snext; | |
1096 | ||
1097 | if (! sessions) | |
1098 | return; | |
1099 | ||
1100 | if (! (sp = find_session(pid))) | |
1101 | return; | |
1102 | ||
1103 | clear_session_logs(sp); | |
1104 | del_session(sp); | |
1105 | sp->se_process = 0; | |
1106 | ||
1107 | if (sp->se_flags & SE_SHUTDOWN) { | |
1108 | if (sprev = sp->se_prev) | |
1109 | sprev->se_next = sp->se_next; | |
1110 | else | |
1111 | sessions = sp->se_next; | |
1112 | if (snext = sp->se_next) | |
1113 | snext->se_prev = sp->se_prev; | |
1114 | free_session(sp); | |
1115 | return; | |
1116 | } | |
1117 | ||
1118 | if ((pid = start_getty(sp)) == -1) { | |
1119 | /* serious trouble */ | |
1120 | requested_transition = clean_ttys; | |
1121 | return; | |
1122 | } | |
1123 | ||
1124 | sp->se_process = pid; | |
1125 | sp->se_started = time((time_t *) 0); | |
1126 | add_session(sp); | |
1127 | } | |
1128 | ||
1129 | /* | |
1130 | * Catch a signal and request a state transition. | |
1131 | */ | |
1132 | void | |
1133 | transition_handler(sig) | |
1134 | int sig; | |
1135 | { | |
1136 | ||
1137 | switch (sig) { | |
1138 | case SIGHUP: | |
1139 | requested_transition = clean_ttys; | |
1140 | break; | |
22860a22 NW |
1141 | case SIGINT: |
1142 | noreboot++; | |
0a708c0e NW |
1143 | case SIGTERM: |
1144 | requested_transition = death; | |
1145 | break; | |
1146 | case SIGTSTP: | |
1147 | requested_transition = catatonia; | |
1148 | break; | |
1149 | default: | |
1150 | requested_transition = 0; | |
1151 | break; | |
1152 | } | |
1153 | } | |
1154 | ||
1155 | /* | |
1156 | * Take the system multiuser. | |
1157 | */ | |
1158 | state_func_t | |
1159 | multi_user() | |
1160 | { | |
1161 | pid_t pid; | |
1162 | register session_t *sp; | |
1163 | ||
1164 | requested_transition = 0; | |
1165 | ||
1166 | /* | |
1167 | * If the administrator has not set the security level to -1 | |
1168 | * to indicate that the kernel should not run multiuser in secure | |
1169 | * mode, and the run script has not set a higher level of security | |
1170 | * than level 1, then put the kernel into secure mode. | |
1171 | */ | |
1172 | if (getsecuritylevel() == 0) | |
1173 | setsecuritylevel(1); | |
1174 | ||
1175 | for (sp = sessions; sp; sp = sp->se_next) { | |
1176 | if (sp->se_process) | |
1177 | continue; | |
1178 | if ((pid = start_getty(sp)) == -1) { | |
1179 | /* serious trouble */ | |
1180 | requested_transition = clean_ttys; | |
1181 | break; | |
1182 | } | |
1183 | sp->se_process = pid; | |
1184 | sp->se_started = time((time_t *) 0); | |
1185 | add_session(sp); | |
1186 | } | |
1187 | ||
1188 | while (!requested_transition) | |
1189 | if ((pid = waitpid(-1, (int *) 0, 0)) != -1) | |
1190 | collect_child(pid); | |
1191 | ||
1192 | return (state_func_t) requested_transition; | |
1193 | } | |
1194 | ||
1195 | /* | |
1196 | * This is an n-squared algorithm. We hope it isn't run often... | |
1197 | */ | |
1198 | state_func_t | |
1199 | clean_ttys() | |
1200 | { | |
1201 | register session_t *sp, *sprev; | |
1202 | register struct ttyent *typ; | |
1203 | register int session_index = 0; | |
1204 | register int devlen; | |
1205 | ||
1206 | if (! sessions) | |
1207 | return (state_func_t) multi_user; | |
1208 | ||
1209 | devlen = sizeof(_PATH_DEV) - 1; | |
1210 | while (typ = getttyent()) { | |
1211 | ++session_index; | |
1212 | ||
1213 | for (sprev = 0, sp = sessions; sp; sprev = sp, sp = sp->se_next) | |
1214 | if (strcmp(typ->ty_name, sp->se_device + devlen) == 0) | |
1215 | break; | |
1216 | ||
1217 | if (sp) { | |
1218 | if (sp->se_index != session_index) { | |
1219 | warning("port %s changed utmp index from %d to %d", | |
1220 | sp->se_device, sp->se_index, | |
1221 | session_index); | |
1222 | sp->se_index = session_index; | |
1223 | } | |
1224 | if ((typ->ty_status & TTY_ON) == 0 || | |
1225 | typ->ty_getty == 0) { | |
1226 | sp->se_flags |= SE_SHUTDOWN; | |
1227 | kill(sp->se_process, SIGHUP); | |
1228 | continue; | |
1229 | } | |
1230 | sp->se_flags &= ~SE_SHUTDOWN; | |
1231 | if (setupargv(sp, typ) == 0) { | |
1232 | warning("can't parse getty for port %s", | |
1233 | sp->se_device); | |
1234 | sp->se_flags |= SE_SHUTDOWN; | |
1235 | kill(sp->se_process, SIGHUP); | |
1236 | } | |
1237 | continue; | |
1238 | } | |
1239 | ||
1240 | new_session(sprev, session_index, typ); | |
1241 | } | |
1242 | ||
1243 | endttyent(); | |
1244 | ||
1245 | return (state_func_t) multi_user; | |
1246 | } | |
1247 | ||
1248 | /* | |
1249 | * Block further logins. | |
1250 | */ | |
1251 | state_func_t | |
1252 | catatonia() | |
1253 | { | |
1254 | register session_t *sp; | |
1255 | ||
1256 | for (sp = sessions; sp; sp = sp->se_next) | |
1257 | sp->se_flags |= SE_SHUTDOWN; | |
1258 | ||
1259 | return (state_func_t) multi_user; | |
1260 | } | |
1261 | ||
1262 | /* | |
1263 | * Note SIGALRM. | |
1264 | */ | |
1265 | void | |
1266 | alrm_handler(sig) | |
1267 | int sig; | |
1268 | { | |
1269 | clang = 1; | |
1270 | } | |
1271 | ||
1272 | /* | |
1273 | * Bring the system down to single user. | |
1274 | */ | |
1275 | state_func_t | |
1276 | death() | |
1277 | { | |
1278 | register session_t *sp; | |
1279 | register int i; | |
1280 | pid_t pid; | |
1281 | static const int death_sigs[3] = { SIGHUP, SIGTERM, SIGKILL }; | |
1282 | ||
1283 | for (sp = sessions; sp; sp = sp->se_next) | |
1284 | sp->se_flags |= SE_SHUTDOWN; | |
1285 | ||
1286 | /* NB: should send a message to the session logger to avoid blocking. */ | |
1287 | logwtmp("~", "shutdown", ""); | |
1288 | ||
1289 | for (i = 0; i < 3; ++i) { | |
1290 | if (kill(-1, death_sigs[i]) == -1 && errno == ESRCH) | |
1291 | return (state_func_t) single_user; | |
1292 | ||
1293 | clang = 0; | |
1294 | alarm(DEATH_WATCH); | |
1295 | do | |
1296 | if ((pid = waitpid(-1, (int *)0, 0)) != -1) | |
1297 | collect_child(pid); | |
1298 | while (clang == 0 && errno != ECHILD); | |
1299 | ||
1300 | if (errno == ECHILD) | |
1301 | return (state_func_t) single_user; | |
1302 | } | |
1303 | ||
1304 | warning("some processes would not die; ps axl advised"); | |
1305 | ||
1306 | return (state_func_t) single_user; | |
1307 | } |