]> git.saurik.com Git - apple/system_cmds.git/blob - init.tproj/init.c
projects / apple / system_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
system_cmds-196.tar.gz
[apple/system_cmds.git] / init.tproj / init.c
1 /*
2 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights
7 * Reserved. This file contains Original Code and/or Modifications of
8 * Original Code as defined in and that are subject to the Apple Public
9 * Source License Version 1.0 (the 'License'). You may not use this file
10 * except in compliance with the License. Please obtain a copy of the
11 * License at http://www.apple.com/publicsource and read it before using
12 * this file.
13 *
14 * The Original Code and all software distributed under the License are
15 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
16 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
17 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
19 * License for the specific language governing rights and limitations
20 * under the License."
21 *
22 * @APPLE_LICENSE_HEADER_END@
23 */
24 /*-
25 * Copyright (c) 1991, 1993
26 * The Regents of the University of California. All rights reserved.
27 *
28 * This code is derived from software contributed to Berkeley by
29 * Donn Seeley at Berkeley Software Design, Inc.
30 *
31 * Redistribution and use in source and binary forms, with or without
32 * modification, are permitted provided that the following conditions
33 * are met:
34 * 1. Redistributions of source code must retain the above copyright
35 * notice, this list of conditions and the following disclaimer.
36 * 2. Redistributions in binary form must reproduce the above copyright
37 * notice, this list of conditions and the following disclaimer in the
38 * documentation and/or other materials provided with the distribution.
39 * 3. All advertising materials mentioning features or use of this software
40 * must display the following acknowledgement:
41 * This product includes software developed by the University of
42 * California, Berkeley and its contributors.
43 * 4. Neither the name of the University nor the names of its contributors
44 * may be used to endorse or promote products derived from this software
45 * without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * SUCH DAMAGE.
58 */
59
60 #include <sys/param.h>
61 #include <sys/sysctl.h>
62 #include <sys/wait.h>
63
64 #include <db.h>
65 #include <errno.h>
66 #include <fcntl.h>
67 #include <signal.h>
68 #include <stdio.h>
69 #include <stdlib.h>
70 #include <string.h>
71 #include <syslog.h>
72 #include <time.h>
73 #include <ttyent.h>
74 #include <unistd.h>
75 #include <paths.h>
76
77 #include <stdarg.h>
78
79 #ifdef SECURE
80 #include <pwd.h>
81 #endif
82
83 #include "pathnames.h"
84
85 /*
86 * Until the mythical util.h arrives...
87 */
88 extern int login_tty __P((int));
89 extern int logout __P((const char *));
90 extern void logwtmp __P((const char *, const char *, const char *));
91
92 /*
93 * Sleep times; used to prevent thrashing.
94 */
95 #define GETTY_SPACING 5 /* N secs minimum getty spacing */
96 #define GETTY_SLEEP 30 /* sleep N secs after spacing problem */
97 #define WINDOW_WAIT 3 /* wait N secs after starting window */
98 #define STALL_TIMEOUT 30 /* wait N secs after warning */
99 #define DEATH_WATCH 10 /* wait N secs for procs to die */
100 #define FAILED_HW_PASS 5 /* wait N secs before croaking user */
101
102 void handle __P((sig_t, ...));
103 void delset __P((sigset_t *, ...));
104
105 void stall __P((char *, ...));
106 void warning __P((char *, ...));
107 void emergency __P((char *, ...));
108 void disaster __P((int));
109 void badsys __P((int));
110
111 /*
112 * We really need a recursive typedef...
113 * The following at least guarantees that the return type of (*state_t)()
114 * is sufficiently wide to hold a function pointer.
115 */
116 typedef long (*state_func_t) __P((void));
117 typedef state_func_t (*state_t) __P((void));
118
119 state_func_t single_user __P((void));
120 state_func_t runcom __P((void));
121 state_func_t read_ttys __P((void));
122 state_func_t multi_user __P((void));
123 state_func_t clean_ttys __P((void));
124 state_func_t catatonia __P((void));
125 state_func_t death __P((void));
126
127 enum { AUTOBOOT, FASTBOOT, BOOT_SCRIPT } runcom_mode = AUTOBOOT;
128 int runcom_boot = 1; /* Run the rc.boot script */
129 int runcom_verbose = 0;
130 int runcom_safe = 0;
131
132 void transition __P((state_t));
133 state_t requested_transition = runcom;
134
135 void setctty __P((char *, int));
136
137
138 // gvdl@next.com 14 Aug 1995
139 // - from ~apps/loginwindow_proj/loginwindow/common.h
140 #define REALLY_EXIT_TO_CONSOLE 229
141
142 // From old init.c
143 // These flags are used in the se_flags field of the init_session structure
144 #define SE_SHUTDOWN 0x1 /* session won't be restarted */
145
146 // The flags below control what sort of getty is launched.
147 #define SE_GETTY_LAUNCH 0x30 /* What type of getty to launch */
148 #define SE_COMMON 0x00 /* Usual command that is run - getty */
149 #define SE_ONERROR 0x10 /* Command to run if error condition occurs.
150 * This will almost always be the windowserver
151 * and loginwindow. This is so if the w.s.
152 * ever dies, that the naive user (stan)
153 * doesn't ever see the console window. */
154 #define SE_ONOPTION 0x20 /* Command to run when loginwindow exits with
155 * special error code (229). This signifies
156 * that the user typed "console" at l.w. and
157 * l.w. wants to exit and have init run getty
158 * which will then put up a console window. */
159
160 typedef struct _se_command {
161 char *path; /* what to run on that port */
162 char **argv; /* pre-parsed argument array */
163 } se_cmd_t;
164
165 typedef struct init_session {
166 int se_index; /* index of entry in ttys file */
167 pid_t se_process; /* controlling process */
168 time_t se_started; /* used to avoid thrashing */
169 int se_flags; /* status of session */
170 char *se_device; /* filename of port */
171 se_cmd_t se_getty; /* what to run on that port */
172 se_cmd_t se_window; /* window system (started only once) */
173 se_cmd_t se_onerror; /* See SE_ONERROR above */
174 se_cmd_t se_onoption; /* See SE_ONOPTION above */
175 struct init_session *se_prev;
176 struct init_session *se_next;
177 } session_t;
178
179 void free_session __P((session_t *));
180 session_t *new_session __P((session_t *, int, struct ttyent *));
181 session_t *sessions;
182
183 char **construct_argv __P((char *));
184 void collect_child __P((pid_t));
185 pid_t start_getty __P((session_t *));
186 void transition_handler __P((int));
187 void alrm_handler __P((int));
188 void setsecuritylevel __P((int));
189 int getsecuritylevel __P((void));
190 int setupargv __P((session_t *, struct ttyent *));
191 int clang;
192
193 void clear_session_logs __P((session_t *));
194
195 int start_session_db __P((void));
196 void add_session __P((session_t *));
197 void del_session __P((session_t *));
198 session_t *find_session __P((pid_t));
199 DB *session_db;
200
201 /*
202 * The mother of all processes.
203 */
204 int
205 main(argc, argv)
206 int argc;
207 char **argv;
208 {
209 int c;
210 struct sigaction sa;
211 sigset_t mask;
212
213
214 /* Dispose of random users. */
215 if (getuid() != 0) {
216 (void)fprintf(stderr, "init: %s\n", strerror(EPERM));
217 exit (1);
218 }
219
220 /* System V users like to reexec init. */
221 if (getpid() != 1) {
222 (void)fprintf(stderr, "init: already running\n");
223 exit (1);
224 }
225
226 /*
227 * Note that this does NOT open a file...
228 * Does 'init' deserve its own facility number?
229 */
230 openlog("init", LOG_CONS|LOG_ODELAY, LOG_AUTH);
231
232 /*
233 * Create an initial session.
234 */
235 if (setsid() < 0)
236 warning("initial setsid() failed: %m");
237
238 /*
239 * Establish an initial user so that programs running
240 * single user do not freak out and die (like passwd).
241 */
242 if (setlogin("root") < 0)
243 warning("setlogin() failed: %m");
244
245 /*
246 * This code assumes that we always get arguments through flags,
247 * never through bits set in some random machine register.
248 */
249
250 #ifdef DEBUG
251 {
252 int i;
253 for (i = 0; i <= argc; i++) {
254 if (argv[i])
255 warning("init argument %d: '%s'", i, argv[i]);
256 else
257 warning("init argument %d: ***NULL***", i);
258 }
259 }
260 #endif
261
262 while ((c = getopt(argc, argv, "sfbvx")) != -1) {
263 #ifdef DEBUG
264 warning("handling init argument '-%c'", c);
265 #endif
266 switch (c) {
267 case 's':
268 requested_transition = single_user;
269 break;
270 case 'f':
271 runcom_mode = FASTBOOT;
272 break;
273 case 'b':
274 runcom_boot = 0; // Don't runcom rc.boot
275 break;
276 case 'v':
277 runcom_verbose = 1;
278 break;
279 case 'x':
280 runcom_safe = 1;
281 break;
282 default:
283 warning("unrecognized flag '-%c'", c);
284 break;
285 }
286 }
287
288 if (optind != argc)
289 warning("ignoring excess arguments");
290
291 /*
292 * We catch or block signals rather than ignore them,
293 * so that they get reset on exec.
294 */
295 handle(badsys, SIGSYS, 0);
296 handle(disaster, SIGABRT, SIGFPE, SIGILL, SIGSEGV,
297 SIGBUS, SIGXCPU, SIGXFSZ, 0);
298 handle(transition_handler, SIGHUP, SIGTERM, SIGTSTP, 0);
299 handle(alrm_handler, SIGALRM, 0);
300 sigfillset(&mask);
301 delset(&mask, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGSYS,
302 SIGXCPU, SIGXFSZ, SIGHUP, SIGTERM, SIGTSTP, SIGALRM, 0);
303 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0);
304 sigemptyset(&sa.sa_mask);
305 sa.sa_flags = 0;
306 sa.sa_handler = SIG_IGN;
307 (void) sigaction(SIGTTIN, &sa, (struct sigaction *)0);
308 (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0);
309
310 /*
311 * Paranoia.
312 */
313 close(0);
314 close(1);
315 close(2);
316
317 if (runcom_boot)
318 {
319 int old_rc_mode = runcom_mode;
320
321 runcom_mode = BOOT_SCRIPT;
322 if (runcom() == (state_func_t) single_user)
323 requested_transition = single_user; // Error in script
324 runcom_mode = old_rc_mode;
325 }
326
327 /*
328 * Start the state machine.
329 */
330 transition(requested_transition);
331
332 /*
333 * Should never reach here.
334 */
335 return 1;
336 }
337
338 /*
339 * Associate a function with a signal handler.
340 */
341 void
342 handle(sig_t handler, ...)
343 {
344 int sig;
345 struct sigaction sa;
346 int mask_everything;
347 va_list ap;
348 va_start(ap, handler);
349
350 sa.sa_handler = handler;
351 sigfillset(&mask_everything);
352
353 while (sig = va_arg(ap, int)) {
354 sa.sa_mask = mask_everything;
355 /* XXX SA_RESTART? */
356 sa.sa_flags = sig == SIGCHLD ? SA_NOCLDSTOP : 0;
357 sigaction(sig, &sa, (struct sigaction *) 0);
358 }
359 va_end(ap);
360 }
361
362 /*
363 * Delete a set of signals from a mask.
364 */
365 void
366 delset(sigset_t *maskp, ...)
367 {
368 int sig;
369 va_list ap;
370 va_start(ap, maskp);
371
372 while (sig = va_arg(ap, int))
373 sigdelset(maskp, sig);
374 va_end(ap);
375 }
376
377 /*
378 * Log a message and sleep for a while (to give someone an opportunity
379 * to read it and to save log or hardcopy output if the problem is chronic).
380 * NB: should send a message to the session logger to avoid blocking.
381 */
382 void
383 stall(char *message, ...)
384 {
385 va_list ap;
386 va_start(ap, message);
387
388 vsyslog(LOG_ALERT, message, ap);
389 va_end(ap);
390 sleep(STALL_TIMEOUT);
391 }
392
393 /*
394 * Like stall(), but doesn't sleep.
395 * If cpp had variadic macros, the two functions could be #defines for another.
396 * NB: should send a message to the session logger to avoid blocking.
397 */
398 void
399 warning(char *message, ...)
400 {
401 va_list ap;
402 va_start(ap, message);
403
404 vsyslog(LOG_ALERT, message, ap);
405 va_end(ap);
406 }
407
408 /*
409 * Log an emergency message.
410 * NB: should send a message to the session logger to avoid blocking.
411 */
412 void
413 emergency(char *message, ...)
414 {
415 va_list ap;
416 va_start(ap, message);
417
418 vsyslog(LOG_EMERG, message, ap);
419 va_end(ap);
420 }
421
422 /*
423 * Catch a SIGSYS signal.
424 *
425 * These may arise if a system does not support sysctl.
426 * We tolerate up to 25 of these, then throw in the towel.
427 */
428 void
429 badsys(sig)
430 int sig;
431 {
432 static int badcount = 0;
433
434 if (badcount++ < 25)
435 return;
436 disaster(sig);
437 }
438
439 /*
440 * Catch an unexpected signal.
441 */
442 void
443 disaster(sig)
444 int sig;
445 {
446 emergency("fatal signal: %s",
447 sig < (unsigned) NSIG ? sys_siglist[sig] : "unknown signal");
448
449 sleep(STALL_TIMEOUT);
450 _exit(sig); /* reboot */
451 }
452
453 /*
454 * Get the security level of the kernel.
455 */
456 int
457 getsecuritylevel()
458 {
459 #ifdef KERN_SECURELVL
460 int name[2], curlevel;
461 size_t len;
462 extern int errno;
463
464 name[0] = CTL_KERN;
465 name[1] = KERN_SECURELVL;
466 len = sizeof curlevel;
467 if (sysctl(name, 2, &curlevel, &len, NULL, 0) == -1) {
468 emergency("cannot get kernel security level: %s",
469 strerror(errno));
470 return (-1);
471 }
472 return (curlevel);
473 #else
474 return (-1);
475 #endif
476 }
477
478 /*
479 * Set the security level of the kernel.
480 */
481 void
482 setsecuritylevel(newlevel)
483 int newlevel;
484 {
485 #ifdef KERN_SECURELVL
486 int name[2], curlevel;
487 extern int errno;
488
489 curlevel = getsecuritylevel();
490 if (newlevel == curlevel)
491 return;
492 name[0] = CTL_KERN;
493 name[1] = KERN_SECURELVL;
494 if (sysctl(name, 2, NULL, NULL, &newlevel, sizeof newlevel) == -1) {
495 emergency(
496 "cannot change kernel security level from %d to %d: %s",
497 curlevel, newlevel, strerror(errno));
498 return;
499 }
500 #ifdef SECURE
501 warning("kernel security level changed from %d to %d",
502 curlevel, newlevel);
503 #endif
504 #endif
505 }
506
507 /*
508 * Change states in the finite state machine.
509 * The initial state is passed as an argument.
510 */
511 void
512 transition(s)
513 state_t s;
514 {
515 for (;;)
516 s = (state_t) (*s)();
517 }
518
519 /*
520 * Close out the accounting files for a login session.
521 * NB: should send a message to the session logger to avoid blocking.
522 */
523 void
524 clear_session_logs(sp)
525 session_t *sp;
526 {
527 char *line = sp->se_device + sizeof(_PATH_DEV) - 1;
528
529 if (logout(line))
530 logwtmp(line, "", "");
531 }
532
533 /*
534 * Start a session and allocate a controlling terminal.
535 * Only called by children of init after forking.
536 */
537 void
538 setctty(name, flags)
539 char *name;
540 int flags;
541 {
542 int fd;
543
544 (void) revoke(name);
545 if ((fd = open(name, flags | O_RDWR)) == -1) {
546 stall("can't open %s: %m", name);
547 _exit(1);
548 }
549 if (login_tty(fd) == -1) {
550 stall("can't get %s for controlling terminal: %m", name);
551 _exit(1);
552 }
553 }
554
555 #if m68k
556 /*
557 * Taken from etc/halt/halt.c
558 */
559
560 #include <stdio.h>
561 #include <signal.h>
562 #include <sgtty.h>
563
564 static void shutend(void)
565 {
566 register i;
567
568 acct(0);
569 for (i = 0; i < 10; i++)
570 close(i);
571
572 logwtmp("~", "shutdown", "");
573 }
574
575 static void do_halt(void)
576 {
577 char sbuf [40];
578 int halthowto = RB_HALT;
579
580 (void) kill(-1, SIGTERM); /* one chance to catch it */
581
582 sprintf (sbuf, "Invalid hardware password, halting machine...\n");
583 write (1, sbuf, strlen (sbuf));
584
585 signal(SIGALRM, SIG_DFL);
586 shutend();
587 sync();
588
589 signal(SIGALRM, alrm_handler);
590 alarm(FAILED_HW_PASS);
591 pause();
592
593 syscall(SYS_reboot, halthowto);
594 }
595
596 /*
597 * Taken from lib/gen/getpass.c
598 */
599
600 static char *gethwpasswd(char *prompt)
601 {
602 struct termios term;
603 register char *p;
604 register c;
605 static char pbuf[9];
606 int echo;
607
608 (void) tcgetattr(1, &term);
609 if (echo = (term.c_lflag & ECHO))
610 {
611 term.c_lflag &= ~ECHO;
612 (void) tcsetattr(1, TCSAFLUSH|TCSASOFT, &term);
613 }
614
615 write(2, prompt, strlen(prompt));
616
617 for (p = pbuf; (c = getchar()) != '\n' && c != EOF; )
618 if (p < &pbuf[8])
619 *p++ = c;
620 *p = '\0';
621
622 p = "\n";
623 write(2, p, strlen(p));
624
625 if (echo)
626 {
627 term.c_lflag |= ECHO;
628 (void) tcsetattr(1, TCSAFLUSH|TCSASOFT, &term);
629 }
630
631 return(pbuf);
632 }
633
634
635 static char *hw_passwd (void)
636 {
637 char sbuf[40];
638 static char buffer [12];
639 struct nvram_info nvi;
640 int vidfd, count;
641
642 if ((vidfd = open ("/dev/vid0", O_RDONLY, 0)) == -1)
643 return NULL;
644
645 if (ioctl (vidfd, DKIOCGNVRAM, &nvi) == -1)
646 return NULL;
647
648 if (nvi.ni_hw_pwd != HW_PWD)
649 return NULL;
650 else
651 {
652
653 for (count = 0; count < NVRAM_HW_PASSWD; count++)
654 nvi.ni_ep[count] ^= 'N';
655 strncpy(buffer, nvi.ni_ep, NVRAM_HW_PASSWD);
656 /* ni_ep is not necessarily null terminated */
657
658 // gvdl I sure hope it is 'cause bad things will happen otherwise
659
660 return buffer;
661 }
662 }
663
664
665 #endif m68k
666
667
668 static void
669 do_security_check(void)
670 {
671 #if m68k
672 char sbuf[128];
673 char *try, *passwd;
674 int retries = 0;
675
676 /*
677 * If there is a hardware passwd, we want to
678 * prompt the user for it. The write will be
679 * to the console window because of the O_POPUP flag.
680 */
681 passwd = hw_passwd();
682 write (1, "\n\n", 2);
683
684 if (passwd != NULL)
685 {
686 do
687 {
688 try = gethwpasswd ("Enter hardware password:");
689 if (strncmp (try, passwd, NVRAM_HW_PASSWD) == 0)
690 {
691 execl(shell, minus, (char *)0);
692 exit (0);
693 }
694 else
695 {
696 sprintf (sbuf, "Password incorrect.\n\n");
697 write (1, sbuf, strlen (sbuf));
698 }
699 }
700 while (++retries < 3);
701 do_halt();
702 }
703 #elif defined(SECURE)
704 struct ttyent *typ;
705 struct passwd *pp;
706 static const char banner[] =
707 "Enter root password, or ^D to go multi-user\n";
708 char *clear, *password;
709
710 /*
711 * Check the root password.
712 * We don't care if the console is 'on' by default;
713 * it's the only tty that can be 'off' and 'secure'.
714 */
715 typ = getttynam("console");
716 pp = getpwnam("root");
717 if (typ && (typ->ty_status & TTY_SECURE) == 0 && pp)
718 {
719 write(2, banner, sizeof banner - 1);
720 for (;;)
721 {
722 clear = getpass("Password:");
723 if (clear == 0 || *clear == '\0')
724 _exit(0);
725 password = crypt(clear, pp->pw_passwd);
726 memset(clear, 0, _PASSWORD_LEN);
727 if (strcmp(password, pp->pw_passwd) == 0)
728 break;
729 warning("single-user login failed\n");
730 }
731 }
732 endttyent();
733 endpwent();
734 #endif /* SECURE */
735 }
736
737 /*
738 * Bring the system up single user.
739 */
740 state_func_t
741 single_user()
742 {
743 pid_t pid, wpid;
744 int status;
745 sigset_t mask;
746 char *shell = _PATH_BSHELL;
747 char *argv[2];
748 /*
749 * If the kernel is in secure mode, downgrade it to insecure mode.
750 */
751 if (getsecuritylevel() > 0)
752 setsecuritylevel(0);
753
754 if ((pid = fork()) == 0) {
755 /*
756 * Start the single user session.
757 */
758 setctty(_PATH_CONSOLE, O_POPUP);
759
760 do_security_check();
761
762 #ifdef DEBUGSHELL
763 {
764 char altshell[128], *cp = altshell;
765 int num;
766
767 #define SHREQUEST \
768 "Enter pathname of shell or RETURN for sh: "
769 (void)write(STDERR_FILENO,
770 SHREQUEST, sizeof(SHREQUEST) - 1);
771 while ((num = read(STDIN_FILENO, cp, 1)) != -1 &&
772 num != 0 && *cp != '\n' && cp < &altshell[127])
773 cp++;
774 *cp = '\0';
775 if (altshell[0] != '\0')
776 shell = altshell;
777 }
778 #endif /* DEBUGSHELL */
779
780 /*
781 * Unblock signals.
782 * We catch all the interesting ones,
783 * and those are reset to SIG_DFL on exec.
784 */
785 sigemptyset(&mask);
786 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0);
787
788 /*
789 * Set up the PATH to be approriate for the root user.
790 */
791 setenv("PATH", _PATH_STDPATH, 1);
792
793 /*
794 * We're dropping into the console; set TERM appropriately.
795 */
796 setenv("TERM", "vt100", 1);
797
798 /*
799 * Fire off a shell.
800 * If the default one doesn't work, try the Bourne shell.
801 */
802 argv[0] = "-sh";
803 argv[1] = 0;
804 execv(shell, argv);
805 emergency("can't exec %s for single user: %m", shell);
806 execv(_PATH_BSHELL, argv);
807 emergency("can't exec %s for single user: %m", _PATH_BSHELL);
808 sleep(STALL_TIMEOUT);
809 _exit(1);
810 }
811
812 if (pid == -1) {
813 /*
814 * We are seriously hosed. Do our best.
815 */
816 emergency("can't fork single-user shell, trying again");
817 while (waitpid(-1, (int *) 0, WNOHANG) > 0)
818 continue;
819 return (state_func_t) single_user;
820 }
821
822 requested_transition = 0;
823 do {
824 if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1)
825 collect_child(wpid);
826 if (wpid == -1) {
827 if (errno == EINTR)
828 continue;
829 warning("wait for single-user shell failed: %m; restarting");
830 return (state_func_t) single_user;
831 }
832 if (wpid == pid && WIFSTOPPED(status)) {
833 warning("init: shell stopped, restarting\n");
834 kill(pid, SIGCONT);
835 wpid = -1;
836 }
837 } while (wpid != pid && !requested_transition);
838
839 if (requested_transition)
840 return (state_func_t) requested_transition;
841
842 if (!WIFEXITED(status)) {
843 if (WTERMSIG(status) == SIGKILL) {
844 /*
845 * reboot(8) killed shell?
846 */
847 warning("single user shell terminated.");
848 sleep(STALL_TIMEOUT);
849 _exit(0);
850 } else {
851 warning("single user shell terminated, restarting");
852 return (state_func_t) single_user;
853 }
854 }
855
856 runcom_mode = FASTBOOT;
857 return (state_func_t) runcom;
858 }
859
860 /*
861 * Run the system startup script.
862 */
863 state_func_t
864 runcom()
865 {
866 pid_t pid, wpid;
867 int status;
868 char *argv[4];
869 char options[4];
870 struct sigaction sa;
871
872 if ((pid = fork()) == 0) {
873 sigemptyset(&sa.sa_mask);
874 sa.sa_flags = 0;
875 sa.sa_handler = SIG_IGN;
876 (void) sigaction(SIGTSTP, &sa, (struct sigaction *)0);
877 (void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
878
879 setctty(_PATH_CONSOLE, 0);
880
881 argv[0] = "sh";
882
883 if (runcom_mode == BOOT_SCRIPT)
884 {
885 argv[1] = _PATH_RUNCOM_BOOT;
886 argv[2] = requested_transition == single_user
887 ? "singleuser" : 0;
888 }
889 else /* runcom_mode != BOOT_SCRIPT */
890 {
891 argv[1] = _PATH_RUNCOM;
892
893 switch(runcom_mode) {
894 case AUTOBOOT:
895 argv[2] = "autoboot";
896 break;
897 default:
898 argv[2] = "multiuser";
899 break;
900 }
901 }
902
903 if (runcom_verbose || runcom_safe)
904 {
905 int i = 0;
906
907 options[i++] = '-';
908 if (runcom_verbose) options[i++] = 'v';
909 if (runcom_safe ) options[i++] = 'x';
910 options[i] = '\0';
911
912 argv[3] = options;
913 }
914 else
915 {
916 argv[3] = 0;
917 }
918
919 argv[4] = 0;
920
921 #ifdef DEBUG
922 {
923 int i;
924 for (i = 0; i <= 4; i++) {
925 if (argv[i])
926 warning("%s argument: %s", _PATH_RUNCOM, argv[i]);
927 }
928 }
929 #endif
930
931 sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0);
932
933 execv(_PATH_BSHELL, argv);
934 stall("can't exec %s for %s: %m", _PATH_BSHELL, _PATH_RUNCOM);
935 _exit(1); /* force single user mode */
936 }
937
938 if (pid == -1) {
939 emergency("can't fork for %s on %s: %m",
940 _PATH_BSHELL, _PATH_RUNCOM);
941 while (waitpid(-1, (int *) 0, WNOHANG) > 0)
942 continue;
943 sleep(STALL_TIMEOUT);
944 return (state_func_t) single_user;
945 }
946
947 /*
948 * Copied from single_user(). This is a bit paranoid.
949 */
950 do {
951 if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1)
952 collect_child(wpid);
953 if (wpid == -1) {
954 if (errno == EINTR)
955 continue;
956 warning("wait for %s on %s failed: %m; going to single user mode",
957 _PATH_BSHELL, _PATH_RUNCOM);
958 return (state_func_t) single_user;
959 }
960 if (wpid == pid && WIFSTOPPED(status)) {
961 warning("init: %s on %s stopped, restarting\n",
962 _PATH_BSHELL, _PATH_RUNCOM);
963 kill(pid, SIGCONT);
964 wpid = -1;
965 }
966 } while (wpid != pid);
967
968 if (WIFSIGNALED(status) && WTERMSIG(status) == SIGTERM &&
969 requested_transition == catatonia) {
970 /* /etc/rc executed /sbin/reboot; wait for the end quietly */
971 sigset_t s;
972
973 sigfillset(&s);
974 for (;;)
975 sigsuspend(&s);
976 }
977
978 if (!WIFEXITED(status)) {
979 warning("%s on %s terminated abnormally, going to single user mode",
980 _PATH_BSHELL, _PATH_RUNCOM);
981 return (state_func_t) single_user;
982 }
983
984 if (WEXITSTATUS(status))
985 return (state_func_t) single_user;
986
987 runcom_mode = AUTOBOOT; /* the default */
988 /* NB: should send a message to the session logger to avoid blocking. */
989 logwtmp("~", "reboot", "");
990 return (state_func_t) read_ttys;
991 }
992
993 /*
994 * Open the session database.
995 *
996 * NB: We could pass in the size here; is it necessary?
997 */
998 int
999 start_session_db()
1000 {
1001 if (session_db && (*session_db->close)(session_db))
1002 emergency("session database close: %s", strerror(errno));
1003 if ((session_db = dbopen(NULL, O_RDWR, 0, DB_HASH, NULL)) == 0) {
1004 emergency("session database open: %s", strerror(errno));
1005 return (1);
1006 }
1007 return (0);
1008
1009 }
1010
1011 /*
1012 * Add a new login session.
1013 */
1014 void
1015 add_session(sp)
1016 session_t *sp;
1017 {
1018 DBT key;
1019 DBT data;
1020
1021 key.data = &sp->se_process;
1022 key.size = sizeof sp->se_process;
1023 data.data = &sp;
1024 data.size = sizeof sp;
1025
1026 if ((*session_db->put)(session_db, &key, &data, 0))
1027 emergency("insert %d: %s", sp->se_process, strerror(errno));
1028 }
1029
1030 /*
1031 * Delete an old login session.
1032 */
1033 void
1034 del_session(sp)
1035 session_t *sp;
1036 {
1037 DBT key;
1038
1039 key.data = &sp->se_process;
1040 key.size = sizeof sp->se_process;
1041
1042 if ((*session_db->del)(session_db, &key, 0))
1043 emergency("delete %d: %s", sp->se_process, strerror(errno));
1044 }
1045
1046 /*
1047 * Look up a login session by pid.
1048 */
1049 session_t *
1050 find_session(pid_t pid)
1051 {
1052 DBT key;
1053 DBT data;
1054 session_t *ret;
1055
1056 key.data = &pid;
1057 key.size = sizeof pid;
1058 if ((*session_db->get)(session_db, &key, &data, 0) != 0)
1059 return 0;
1060 memmove(&ret, data.data, sizeof(ret));
1061 return ret;
1062 }
1063
1064 /*
1065 * Construct an argument vector from a command line.
1066 */
1067 char **
1068 construct_argv(command)
1069 char *command;
1070 {
1071 register int argc = 0;
1072 register char **argv = (char **) malloc(((strlen(command) + 1) / 2 + 1)
1073 * sizeof (char *));
1074 static const char separators[] = " \t";
1075
1076 if ((argv[argc++] = strtok(command, separators)) == 0)
1077 return 0;
1078 while (argv[argc++] = strtok((char *) 0, separators))
1079 continue;
1080 return argv;
1081 }
1082
1083 /*
1084 * Deallocate a session descriptor.
1085 */
1086
1087 static __inline__ void free_command(se_cmd_t *se_cmd)
1088 {
1089 if (se_cmd->path)
1090 {
1091 free(se_cmd->path);
1092 free(se_cmd->argv);
1093 }
1094 }
1095
1096 void
1097 free_session(sp)
1098 register session_t *sp;
1099 {
1100 free(sp->se_device);
1101 free_command(&sp->se_getty);
1102 free_command(&sp->se_window);
1103 free_command(&sp->se_onerror);
1104 free_command(&sp->se_onoption);
1105 memset(sp, '\0', sizeof(*sp)); // a bit of defensive programming
1106
1107 free(sp);
1108 }
1109
1110 static int setup_command(se_cmd_t *se_cmd, char *command, char *arg )
1111 {
1112
1113 char *commandWithArg;
1114
1115 commandWithArg = malloc( strlen( command) + strlen( arg) + 2);
1116 (void) sprintf(commandWithArg, "%s %s", command, arg);
1117
1118 free_command(se_cmd);
1119
1120 se_cmd->path = commandWithArg;
1121 se_cmd->argv = construct_argv(commandWithArg);
1122 if (se_cmd->argv == NULL)
1123 {
1124 free(se_cmd->path);
1125 se_cmd->path = NULL;
1126 return 0;
1127 }
1128 return 1;
1129 }
1130
1131 /*
1132 * Calculate getty and if useful window argv vectors.
1133 */
1134 int
1135 setupargv(sp, typ)
1136 session_t *sp;
1137 struct ttyent *typ;
1138 {
1139 char *type;
1140
1141 if ( !setup_command(&sp->se_getty, typ->ty_getty, typ->ty_name) )
1142 {
1143 type = "getty";
1144 goto bad_args;
1145 }
1146
1147 if (typ->ty_window
1148 && !setup_command(&sp->se_window, typ->ty_window, typ->ty_name) )
1149 {
1150 type = "window";
1151 goto bad_args;
1152 }
1153
1154 if (typ->ty_onerror
1155 && !setup_command(&sp->se_onerror, typ->ty_onerror, typ->ty_name) )
1156 {
1157 type = "onerror";
1158 goto bad_args;
1159 }
1160
1161 if (typ->ty_onoption
1162 && !setup_command(&sp->se_onoption, typ->ty_onoption, typ->ty_name) )
1163 {
1164 type = "onoption";
1165 goto bad_args;
1166 }
1167
1168 return 1;
1169
1170 bad_args:
1171 warning("can't parse %s for port %s", type, sp->se_device);
1172 return 0;
1173 }
1174
1175
1176 /*
1177 * Allocate a new session descriptor.
1178 */
1179 session_t *
1180 new_session(sprev, session_index, typ)
1181 session_t *sprev;
1182 int session_index;
1183 register struct ttyent *typ;
1184 {
1185 register session_t *sp;
1186
1187 if ((typ->ty_status & TTY_ON) == 0 ||
1188 typ->ty_name == 0 ||
1189 typ->ty_getty == 0)
1190 return 0;
1191
1192 sp = (session_t *) malloc(sizeof (session_t));
1193 memset(sp, 0, sizeof *sp);
1194
1195 sp->se_index = session_index;
1196
1197 sp->se_device = malloc(sizeof(_PATH_DEV) + strlen(typ->ty_name));
1198 (void) sprintf(sp->se_device, "%s%s", _PATH_DEV, typ->ty_name);
1199
1200 if (setupargv(sp, typ) == 0) {
1201 free_session(sp);
1202 return (0);
1203 }
1204
1205 sp->se_next = 0;
1206 if (sprev == 0) {
1207 sessions = sp;
1208 sp->se_prev = 0;
1209 } else {
1210 sprev->se_next = sp;
1211 sp->se_prev = sprev;
1212 }
1213
1214 return sp;
1215 }
1216
1217 /*
1218 * Walk the list of ttys and create sessions for each active line.
1219 */
1220 state_func_t
1221 read_ttys()
1222 {
1223 int session_index = 0;
1224 register session_t *sp, *snext;
1225 register struct ttyent *typ;
1226
1227 /*
1228 * Destroy any previous session state.
1229 * There shouldn't be any, but just in case...
1230 */
1231 for (sp = sessions; sp; sp = snext) {
1232 if (sp->se_process)
1233 clear_session_logs(sp);
1234 snext = sp->se_next;
1235 free_session(sp);
1236 }
1237 sessions = 0;
1238 if (start_session_db())
1239 return (state_func_t) single_user;
1240
1241 /*
1242 * Allocate a session entry for each active port.
1243 * Note that sp starts at 0.
1244 */
1245 while (typ = getttyent())
1246 if (snext = new_session(sp, ++session_index, typ))
1247 sp = snext;
1248
1249 endttyent();
1250
1251 return (state_func_t) multi_user;
1252 }
1253
1254 /*
1255 * Start a window system running.
1256 */
1257 static pid_t
1258 start_window_system(session_t *sp)
1259 {
1260 pid_t pid;
1261 sigset_t mask;
1262
1263 if ((pid = fork()) == -1) {
1264 emergency("can't fork for window system on port %s: %m",
1265 sp->se_device);
1266 /* hope that getty fails and we can try again */
1267 return -1;
1268 }
1269
1270 if (pid)
1271 return pid;
1272
1273 sigemptyset(&mask);
1274 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0);
1275
1276 if (setsid() < 0)
1277 emergency("setsid failed (window) %m");
1278
1279 execv(sp->se_window.argv[0], sp->se_window.argv);
1280 stall("can't exec window system '%s' for port %s: %m",
1281 sp->se_window.argv[0], sp->se_device);
1282 _exit(1);
1283 }
1284
1285 /*
1286 * Start a login session running.
1287 */
1288 pid_t
1289 start_getty(sp)
1290 session_t *sp;
1291 {
1292 pid_t pid;
1293 sigset_t mask;
1294 se_cmd_t *se_cmd;
1295 const char *session_type = NULL;
1296 time_t current_time = time((time_t *) 0);
1297
1298 // Setup the default values;
1299 switch (sp->se_flags & SE_GETTY_LAUNCH)
1300 {
1301 case SE_ONOPTION:
1302 if (sp->se_onoption.path)
1303 {
1304 se_cmd = &sp->se_onoption;
1305 session_type = "onoption";
1306 break;
1307 }
1308 /* No break */
1309
1310 case SE_ONERROR:
1311 if (sp->se_onerror.path)
1312 {
1313 se_cmd = &sp->se_onerror;
1314 session_type = "onerror";
1315 break;
1316 }
1317 /* No break */
1318
1319 case SE_COMMON:
1320 default:
1321 se_cmd = &sp->se_getty;
1322 session_type = "getty";
1323 break;
1324 }
1325
1326 if (sp->se_window.path
1327 && ((sp->se_flags & SE_GETTY_LAUNCH) != SE_ONOPTION))
1328 {
1329 if (start_window_system(sp) == -1)
1330 return -1;
1331 }
1332
1333 /*
1334 * fork(), not vfork() -- we can't afford to block.
1335 */
1336 if ((pid = fork()) == -1) {
1337 emergency("can't fork for %s on port %s: %m",
1338 session_type, sp->se_device);
1339 return -1;
1340 }
1341
1342 if (pid)
1343 return pid;
1344
1345 if (current_time > sp->se_started &&
1346 current_time - sp->se_started < GETTY_SPACING) {
1347 warning("%s repeating too quickly on port %s, sleeping",
1348 session_type, sp->se_device);
1349 sleep((unsigned) GETTY_SLEEP);
1350 }
1351
1352 sigemptyset(&mask);
1353 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0);
1354
1355 execv(se_cmd->argv[0], se_cmd->argv);
1356 stall("can't exec %s '%s' for port %s: %m", session_type,
1357 se_cmd->argv[0], sp->se_device);
1358 _exit(1);
1359 }
1360
1361 /*
1362 * Collect exit status for a child.
1363 * If an exiting login, start a new login running.
1364 */
1365 void
1366 collect_child(pid_t pid)
1367 {
1368 register session_t *sp, *sprev, *snext;
1369
1370 if ( !sessions)
1371 return;
1372
1373 if ( !(sp = find_session(pid)) )
1374 return;
1375
1376 clear_session_logs(sp);
1377 del_session(sp);
1378 sp->se_process = 0;
1379
1380 if (sp->se_flags & SE_SHUTDOWN) {
1381 if (sprev = sp->se_prev)
1382 sprev->se_next = sp->se_next;
1383 else
1384 sessions = sp->se_next;
1385 if (snext = sp->se_next)
1386 snext->se_prev = sp->se_prev;
1387 free_session(sp);
1388 return;
1389 }
1390
1391 if ((pid = start_getty(sp)) == -1) {
1392 /* serious trouble */
1393 requested_transition = clean_ttys;
1394 return;
1395 }
1396
1397 sp->se_process = pid;
1398 sp->se_started = time((time_t *) 0);
1399 sp->se_flags &= ~SE_GETTY_LAUNCH; // clear down getty launch type
1400 add_session(sp);
1401 }
1402
1403 /*
1404 * Catch a signal and request a state transition.
1405 */
1406 void
1407 transition_handler(sig)
1408 int sig;
1409 {
1410
1411 switch (sig) {
1412 case SIGHUP:
1413 requested_transition = clean_ttys;
1414 break;
1415 case SIGTERM:
1416 requested_transition = death;
1417 break;
1418 case SIGTSTP:
1419 requested_transition = catatonia;
1420 break;
1421 default:
1422 requested_transition = 0;
1423 break;
1424 }
1425 }
1426
1427 /*
1428 * Take the system multiuser.
1429 */
1430 state_func_t
1431 multi_user()
1432 {
1433 pid_t pid;
1434 register session_t *sp;
1435
1436 requested_transition = 0;
1437
1438 /*
1439 * If the administrator has not set the security level to -1
1440 * to indicate that the kernel should not run multiuser in secure
1441 * mode, and the run script has not set a higher level of security
1442 * than level 1, then put the kernel into secure mode.
1443 */
1444 if (getsecuritylevel() == 0)
1445 setsecuritylevel(1);
1446
1447 for (sp = sessions; sp; sp = sp->se_next) {
1448 if (sp->se_process)
1449 continue;
1450 if ((pid = start_getty(sp)) == -1) {
1451 /* serious trouble */
1452 requested_transition = clean_ttys;
1453 break;
1454 }
1455 sp->se_process = pid;
1456 sp->se_started = time((time_t *) 0);
1457 add_session(sp);
1458 }
1459
1460 while (!requested_transition)
1461 {
1462 int status;
1463 session_t *sp;
1464
1465 pid = waitpid(-1, &status, 0);
1466 if (!sessions || !(sp = find_session(pid)))
1467 continue;
1468
1469 if (WIFSIGNALED(status))
1470 sp->se_flags |= SE_ONERROR;
1471 else if (WEXITSTATUS(status) == REALLY_EXIT_TO_CONSOLE)
1472 { /* WIFEXITED(status) assumed */
1473 sp->se_flags |= SE_ONOPTION;
1474 }
1475 else
1476 sp->se_flags |= SE_ONERROR;
1477
1478 if (pid != -1)
1479 collect_child(pid);
1480 }
1481
1482 return (state_func_t) requested_transition;
1483 }
1484
1485 /*
1486 * This is an n-squared algorithm. We hope it isn't run often...
1487 */
1488 state_func_t
1489 clean_ttys()
1490 {
1491 register session_t *sp, *sprev;
1492 register struct ttyent *typ;
1493 register int session_index = 0;
1494 register int devlen;
1495
1496 if (! sessions)
1497 return (state_func_t) multi_user;
1498
1499 devlen = sizeof(_PATH_DEV) - 1;
1500 while (typ = getttyent()) {
1501 ++session_index;
1502
1503 for (sprev = 0, sp = sessions; sp; sprev = sp, sp = sp->se_next)
1504 if (strcmp(typ->ty_name, sp->se_device + devlen) == 0)
1505 break;
1506
1507 if (sp) {
1508 if (sp->se_index != session_index) {
1509 warning("port %s changed utmp index from %d to %d",
1510 sp->se_device, sp->se_index,
1511 session_index);
1512 sp->se_index = session_index;
1513 }
1514 if ((typ->ty_status & TTY_ON) == 0 ||
1515 typ->ty_getty == 0) {
1516 sp->se_flags |= SE_SHUTDOWN;
1517 kill(sp->se_process, SIGHUP);
1518 continue;
1519 }
1520 sp->se_flags &= ~SE_SHUTDOWN;
1521 if (setupargv(sp, typ) == 0) {
1522 warning("can't parse getty for port %s",
1523 sp->se_device);
1524 sp->se_flags |= SE_SHUTDOWN;
1525 kill(sp->se_process, SIGHUP);
1526 }
1527 continue;
1528 }
1529
1530 new_session(sprev, session_index, typ);
1531 }
1532
1533 endttyent();
1534
1535 return (state_func_t) multi_user;
1536 }
1537
1538 /*
1539 * Block further logins.
1540 */
1541 state_func_t
1542 catatonia()
1543 {
1544 register session_t *sp;
1545
1546 for (sp = sessions; sp; sp = sp->se_next)
1547 sp->se_flags |= SE_SHUTDOWN;
1548
1549 return (state_func_t) multi_user;
1550 }
1551
1552 /*
1553 * Note SIGALRM.
1554 */
1555 void
1556 alrm_handler(sig)
1557 int sig;
1558 {
1559 clang = 1;
1560 }
1561
1562 /*
1563 * Bring the system down to single user.
1564 */
1565 state_func_t
1566 death()
1567 {
1568 register session_t *sp;
1569 register int i;
1570 pid_t pid;
1571 static const int death_sigs[3] = { SIGHUP, SIGTERM, SIGKILL };
1572
1573 for (sp = sessions; sp; sp = sp->se_next)
1574 sp->se_flags |= SE_SHUTDOWN;
1575
1576 /* NB: should send a message to the session logger to avoid blocking. */
1577 logwtmp("~", "shutdown", "");
1578
1579 for (i = 0; i < 3; ++i) {
1580 if (kill(-1, death_sigs[i]) == -1 && errno == ESRCH)
1581 return (state_func_t) single_user;
1582
1583 clang = 0;
1584 alarm(DEATH_WATCH);
1585 do
1586 if ((pid = waitpid(-1, (int *)0, 0)) != -1)
1587 collect_child(pid);
1588 while (clang == 0 && errno != ECHILD);
1589
1590 if (errno == ECHILD)
1591 return (state_func_t) single_user;
1592 }
1593
1594 warning("some processes would not die; ps axl advised");
1595
1596 return (state_func_t) single_user;
1597 }
mirror of system_cmds