1 /*- 2 * Copyright (c) 1991 The Regents of the University of California. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Donn Seeley at Berkeley Software Design, Inc. 7 * 8 * %sccs.include.redist.c% 9 */ 10 11 #ifndef lint 12 char copyright[] = 13 "@(#) Copyright (c) 1991 The Regents of the University of California.\n\ 14 All rights reserved.\n"; 15 #endif /* not lint */ 16 17 #ifndef lint 18 static char sccsid[] = "@(#)init.c 6.18 (Berkeley) 05/26/93"; 19 #endif /* not lint */ 20 21 #include <sys/param.h> 22 #include <sys/sysctl.h> 23 #include <sys/wait.h> 24 25 #include <db.h> 26 #include <errno.h> 27 #include <fcntl.h> 28 #include <signal.h> 29 #include <stdio.h> 30 #include <stdlib.h> 31 #include <string.h> 32 #include <syslog.h> 33 #include <time.h> 34 #include <ttyent.h> 35 #include <unistd.h> 36 37 #ifdef __STDC__ 38 #include <stdarg.h> 39 #else 40 #include <varargs.h> 41 #endif 42 43 #ifdef SECURE 44 #include <pwd.h> 45 #endif 46 47 #include "pathnames.h" 48 49 /* 50 * Until the mythical util.h arrives... 51 */ 52 extern int login_tty __P((int)); 53 extern int logout __P((const char *)); 54 extern void logwtmp __P((const char *, const char *, const char *)); 55 56 /* 57 * Sleep times; used to prevent thrashing. 58 */ 59 #define GETTY_SPACING 10 /* fork getty on a port every N secs */ 60 #define WINDOW_WAIT 3 /* wait N secs after starting window */ 61 #define STALL_TIMEOUT 30 /* wait N secs after warning */ 62 #define DEATH_WATCH 10 /* wait N secs for procs to die */ 63 64 void handle __P((sig_t, ...)); 65 void delset __P((sigset_t *, ...)); 66 67 void stall __P((char *, ...)); 68 void warning __P((char *, ...)); 69 void emergency __P((char *, ...)); 70 void disaster __P((int)); 71 void badsys __P((int)); 72 73 /* 74 * We really need a recursive typedef... 75 * The following at least guarantees that the return type of (*state_t)() 76 * is sufficiently wide to hold a function pointer. 77 */ 78 typedef long (*state_func_t) __P((void)); 79 typedef state_func_t (*state_t) __P((void)); 80 81 state_func_t single_user __P((void)); 82 state_func_t runcom __P((void)); 83 state_func_t read_ttys __P((void)); 84 state_func_t multi_user __P((void)); 85 state_func_t clean_ttys __P((void)); 86 state_func_t catatonia __P((void)); 87 state_func_t death __P((void)); 88 89 enum { AUTOBOOT, FASTBOOT } runcom_mode = AUTOBOOT; 90 91 void transition __P((state_t)); 92 state_t requested_transition = runcom; 93 94 void setctty __P((char *)); 95 96 typedef struct init_session { 97 int se_index; /* index of entry in ttys file */ 98 pid_t se_process; /* controlling process */ 99 time_t se_started; /* used to avoid thrashing */ 100 int se_flags; /* status of session */ 101 #define SE_SHUTDOWN 0x1 /* session won't be restarted */ 102 char *se_device; /* filename of port */ 103 char *se_getty; /* what to run on that port */ 104 char **se_getty_argv; /* pre-parsed argument array */ 105 char *se_window; /* window system (started only once) */ 106 char **se_window_argv; /* pre-parsed argument array */ 107 struct init_session *se_prev; 108 struct init_session *se_next; 109 } session_t; 110 111 void free_session __P((session_t *)); 112 session_t *new_session __P((session_t *, int, struct ttyent *)); 113 session_t *sessions; 114 115 char **construct_argv __P((char *)); 116 void start_window_system __P((session_t *)); 117 void collect_child __P((int)); 118 pid_t start_getty __P((session_t *)); 119 void transition_handler __P((int)); 120 void alrm_handler __P((int)); 121 int clang; 122 123 void clear_session_logs __P((session_t *)); 124 125 int start_session_db __P((void)); 126 void add_session __P((session_t *)); 127 void del_session __P((session_t *)); 128 session_t *find_session __P((pid_t)); 129 DB *session_db; 130 131 /* 132 * The mother of all processes. 133 */ 134 int 135 main(argc, argv) 136 int argc; 137 char **argv; 138 { 139 int c; 140 struct sigaction sa; 141 sigset_t mask; 142 143 144 /* Dispose of random users. */ 145 if (getuid() != 0) { 146 (void)fprintf(stderr, "init: %s\n", strerror(EPERM)); 147 exit (1); 148 } 149 150 /* System V users like to reexec init. */ 151 if (getpid() != 1) { 152 (void)fprintf(stderr, "init: already running\n"); 153 exit (1); 154 } 155 156 /* 157 * Note that this does NOT open a file... 158 * Does 'init' deserve its own facility number? 159 */ 160 openlog("init", LOG_CONS|LOG_ODELAY, LOG_AUTH); 161 162 /* 163 * Create an initial session. 164 */ 165 if (setsid() < 0) 166 warning("initial setsid() failed: %m"); 167 168 /* 169 * This code assumes that we always get arguments through flags, 170 * never through bits set in some random machine register. 171 */ 172 while ((c = getopt(argc, argv, "sf")) != -1) 173 switch (c) { 174 case 's': 175 requested_transition = single_user; 176 break; 177 case 'f': 178 runcom_mode = FASTBOOT; 179 break; 180 default: 181 warning("unrecognized flag '-%c'", c); 182 break; 183 } 184 185 if (optind != argc) 186 warning("ignoring excess arguments"); 187 188 /* 189 * We catch or block signals rather than ignore them, 190 * so that they get reset on exec. 191 */ 192 handle(badsys, SIGSYS, 0); 193 handle(disaster, SIGABRT, SIGFPE, SIGILL, SIGSEGV, 194 SIGBUS, SIGXCPU, SIGXFSZ, 0); 195 handle(transition_handler, SIGHUP, SIGTERM, SIGTSTP, 0); 196 handle(alrm_handler, SIGALRM, 0); 197 sigfillset(&mask); 198 delset(&mask, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGSYS, 199 SIGXCPU, SIGXFSZ, SIGHUP, SIGTERM, SIGTSTP, SIGALRM, 0); 200 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); 201 sigemptyset(&sa.sa_mask); 202 sa.sa_flags = 0; 203 sa.sa_handler = SIG_IGN; 204 (void) sigaction(SIGTTIN, &sa, (struct sigaction *)0); 205 (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0); 206 207 /* 208 * Paranoia. 209 */ 210 close(0); 211 close(1); 212 close(2); 213 214 /* 215 * Start the state machine. 216 */ 217 transition(requested_transition); 218 219 /* 220 * Should never reach here. 221 */ 222 return 1; 223 } 224 225 /* 226 * Associate a function with a signal handler. 227 */ 228 void 229 #ifdef __STDC__ 230 handle(sig_t handler, ...) 231 #else 232 handle(va_alist) 233 va_dcl 234 #endif 235 { 236 int sig; 237 struct sigaction sa; 238 int mask_everything; 239 va_list ap; 240 #ifndef __STDC__ 241 sig_t handler; 242 243 va_start(ap); 244 handler = va_arg(ap, sig_t); 245 #else 246 va_start(ap, handler); 247 #endif 248 249 sa.sa_handler = handler; 250 sigfillset(&mask_everything); 251 252 while (sig = va_arg(ap, int)) { 253 sa.sa_mask = mask_everything; 254 /* XXX SA_RESTART? */ 255 sa.sa_flags = sig == SIGCHLD ? SA_NOCLDSTOP : 0; 256 sigaction(sig, &sa, (struct sigaction *) 0); 257 } 258 } 259 260 /* 261 * Delete a set of signals from a mask. 262 */ 263 void 264 #ifdef __STDC__ 265 delset(sigset_t *maskp, ...) 266 #else 267 delset(va_alist) 268 va_dcl 269 #endif 270 { 271 int sig; 272 va_list ap; 273 #ifndef __STDC__ 274 sigset_t *maskp; 275 276 va_start(ap); 277 maskp = va_arg(ap, sigset_t *); 278 #else 279 va_start(ap, maskp); 280 #endif 281 282 while (sig = va_arg(ap, int)) 283 sigdelset(maskp, sig); 284 } 285 286 /* 287 * Log a message and sleep for a while (to give someone an opportunity 288 * to read it and to save log or hardcopy output if the problem is chronic). 289 * NB: should send a message to the session logger to avoid blocking. 290 */ 291 void 292 #ifdef __STDC__ 293 stall(char *message, ...) 294 #else 295 stall(va_alist) 296 va_dcl 297 #endif 298 { 299 pid_t pid; 300 va_list ap; 301 #ifndef __STDC__ 302 char *message; 303 304 va_start(ap); 305 message = va_arg(ap, char *); 306 #else 307 va_start(ap, message); 308 #endif 309 310 vsyslog(LOG_ALERT, message, ap); 311 va_end(ap); 312 sleep(STALL_TIMEOUT); 313 } 314 315 /* 316 * Like stall(), but doesn't sleep. 317 * If cpp had variadic macros, the two functions could be #defines for another. 318 * NB: should send a message to the session logger to avoid blocking. 319 */ 320 void 321 #ifdef __STDC__ 322 warning(char *message, ...) 323 #else 324 warning(va_alist) 325 va_dcl 326 #endif 327 { 328 va_list ap; 329 #ifndef __STDC__ 330 char *message; 331 332 va_start(ap); 333 message = va_arg(ap, char *); 334 #else 335 va_start(ap, message); 336 #endif 337 338 vsyslog(LOG_ALERT, message, ap); 339 va_end(ap); 340 } 341 342 /* 343 * Log an emergency message. 344 * NB: should send a message to the session logger to avoid blocking. 345 */ 346 void 347 #ifdef __STDC__ 348 emergency(char *message, ...) 349 #else 350 emergency(va_alist) 351 va_dcl 352 #endif 353 { 354 va_list ap; 355 #ifndef __STDC__ 356 char *message; 357 358 va_start(ap); 359 message = va_arg(ap, char *); 360 #else 361 va_start(ap, message); 362 #endif 363 364 vsyslog(LOG_EMERG, message, ap); 365 va_end(ap); 366 } 367 368 /* 369 * Catch a SIGSYS signal. 370 * 371 * These may arise if a system does not support sysctl. 372 * We tolerate up to 25 of these, then throw in the towel. 373 */ 374 void 375 badsys(sig) 376 int sig; 377 { 378 static int badcount = 0; 379 380 if (badcount++ < 25) 381 return; 382 disaster(sig); 383 } 384 385 /* 386 * Catch an unexpected signal. 387 */ 388 void 389 disaster(sig) 390 int sig; 391 { 392 emergency("fatal signal: %s", 393 sig < (unsigned) NSIG ? sys_siglist[sig] : "unknown signal"); 394 395 sleep(STALL_TIMEOUT); 396 _exit(sig); /* reboot */ 397 } 398 399 /* 400 * Get the security level of the kernel. 401 */ 402 int 403 getsecuritylevel() 404 { 405 int name[2], curlevel; 406 size_t len; 407 extern int errno; 408 409 name[0] = CTL_KERN; 410 name[1] = KERN_SECURELVL; 411 len = sizeof curlevel; 412 if (sysctl(name, 2, &curlevel, &len, NULL, 0) == -1) { 413 emergency("cannot get kernel security level: %s", 414 strerror(errno)); 415 return (-1); 416 } 417 return (curlevel); 418 } 419 420 /* 421 * Set the security level of the kernel. 422 */ 423 setsecuritylevel(newlevel) 424 int newlevel; 425 { 426 int name[2], len, curlevel; 427 extern int errno; 428 429 curlevel = getsecuritylevel(); 430 if (newlevel == curlevel) 431 return; 432 name[0] = CTL_KERN; 433 name[1] = KERN_SECURELVL; 434 if (sysctl(name, 2, NULL, NULL, &newlevel, sizeof newlevel) == -1) { 435 emergency( 436 "cannot change kernel security level from %d to %d: %s", 437 curlevel, newlevel, strerror(errno)); 438 return; 439 } 440 #ifdef SECURE 441 warning("kernel security level changed from %d to %d", 442 curlevel, newlevel); 443 #endif 444 } 445 446 /* 447 * Change states in the finite state machine. 448 * The initial state is passed as an argument. 449 */ 450 void 451 transition(s) 452 state_t s; 453 { 454 for (;;) 455 s = (state_t) (*s)(); 456 } 457 458 /* 459 * Close out the accounting files for a login session. 460 * NB: should send a message to the session logger to avoid blocking. 461 */ 462 void 463 clear_session_logs(sp) 464 session_t *sp; 465 { 466 char *line = sp->se_device + sizeof(_PATH_DEV) - 1; 467 468 if (logout(line)) 469 logwtmp(line, "", ""); 470 } 471 472 /* 473 * Start a session and allocate a controlling terminal. 474 * Only called by children of init after forking. 475 */ 476 void 477 setctty(name) 478 char *name; 479 { 480 int fd; 481 482 (void) revoke(name); 483 sleep (2); /* leave DTR low */ 484 if ((fd = open(name, O_RDWR)) == -1) { 485 stall("can't open %s: %m", name); 486 _exit(1); 487 } 488 if (login_tty(fd) == -1) { 489 stall("can't get %s for controlling terminal: %m", name); 490 _exit(1); 491 } 492 } 493 494 /* 495 * Bring the system up single user. 496 */ 497 state_func_t 498 single_user() 499 { 500 pid_t pid, wpid; 501 int status; 502 sigset_t mask; 503 char *shell = _PATH_BSHELL; 504 char *argv[2]; 505 #ifdef SECURE 506 struct ttyent *typ; 507 struct passwd *pp; 508 static const char banner[] = 509 "Enter root password, or ^D to go multi-user\n"; 510 char *clear, *password; 511 #endif 512 513 /* 514 * If the kernel is in secure mode, downgrade it to insecure mode. 515 */ 516 if (getsecuritylevel() > 0) 517 setsecuritylevel(0); 518 519 if ((pid = fork()) == 0) { 520 /* 521 * Start the single user session. 522 */ 523 setctty(_PATH_CONSOLE); 524 525 #ifdef SECURE 526 /* 527 * Check the root password. 528 * We don't care if the console is 'on' by default; 529 * it's the only tty that can be 'off' and 'secure'. 530 */ 531 typ = getttynam("console"); 532 pp = getpwnam("root"); 533 if (typ && (typ->ty_status & TTY_SECURE) == 0 && pp) { 534 write(2, banner, sizeof banner - 1); 535 for (;;) { 536 clear = getpass("Password:"); 537 if (clear == 0 || *clear == '\0') 538 _exit(0); 539 password = crypt(clear, pp->pw_passwd); 540 bzero(clear, _PASSWORD_LEN); 541 if (strcmp(password, pp->pw_passwd) == 0) 542 break; 543 warning("single-user login failed\n"); 544 } 545 } 546 endttyent(); 547 endpwent(); 548 #endif /* SECURE */ 549 550 #ifdef DEBUGSHELL 551 { 552 char altshell[128], *cp = altshell; 553 int num; 554 555 #define SHREQUEST \ 556 "Enter pathname of shell or RETURN for sh: " 557 (void)write(STDERR_FILENO, 558 SHREQUEST, sizeof(SHREQUEST) - 1); 559 while ((num = read(STDIN_FILENO, cp, 1)) != -1 && 560 num != 0 && *cp != '\n' && cp < &altshell[127]) 561 cp++; 562 *cp = '\0'; 563 if (altshell[0] != '\0') 564 shell = altshell; 565 } 566 #endif /* DEBUGSHELL */ 567 568 /* 569 * Unblock signals. 570 * We catch all the interesting ones, 571 * and those are reset to SIG_DFL on exec. 572 */ 573 sigemptyset(&mask); 574 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); 575 576 /* 577 * Fire off a shell. 578 * If the default one doesn't work, try the Bourne shell. 579 */ 580 argv[0] = "-sh"; 581 argv[1] = 0; 582 execv(shell, argv); 583 emergency("can't exec %s for single user: %m", shell); 584 execv(_PATH_BSHELL, argv); 585 emergency("can't exec %s for single user: %m", _PATH_BSHELL); 586 sleep(STALL_TIMEOUT); 587 _exit(1); 588 } 589 590 if (pid == -1) { 591 /* 592 * We are seriously hosed. Do our best. 593 */ 594 emergency("can't fork single-user shell, trying again"); 595 while (waitpid(-1, (int *) 0, WNOHANG) > 0) 596 continue; 597 return (state_func_t) single_user; 598 } 599 600 requested_transition = 0; 601 do { 602 if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) 603 collect_child(wpid); 604 if (wpid == -1) { 605 if (errno == EINTR) 606 continue; 607 warning("wait for single-user shell failed: %m; restarting"); 608 return (state_func_t) single_user; 609 } 610 if (wpid == pid && WIFSTOPPED(status)) { 611 warning("init: shell stopped, restarting\n"); 612 kill(pid, SIGCONT); 613 wpid = -1; 614 } 615 } while (wpid != pid && !requested_transition); 616 617 if (requested_transition) 618 return (state_func_t) requested_transition; 619 620 if (!WIFEXITED(status)) { 621 if (WTERMSIG(status) == SIGKILL) { 622 /* 623 * reboot(8) killed shell? 624 */ 625 warning("single user shell terminated."); 626 sleep(STALL_TIMEOUT); 627 _exit(0); 628 } else { 629 warning("single user shell terminated, restarting"); 630 return (state_func_t) single_user; 631 } 632 } 633 634 runcom_mode = FASTBOOT; 635 return (state_func_t) runcom; 636 } 637 638 /* 639 * Run the system startup script. 640 */ 641 state_func_t 642 runcom() 643 { 644 pid_t pid, wpid; 645 int status; 646 char *argv[4]; 647 struct sigaction sa; 648 649 if ((pid = fork()) == 0) { 650 sigemptyset(&sa.sa_mask); 651 sa.sa_flags = 0; 652 sa.sa_handler = SIG_IGN; 653 (void) sigaction(SIGTSTP, &sa, (struct sigaction *)0); 654 (void) sigaction(SIGHUP, &sa, (struct sigaction *)0); 655 656 setctty(_PATH_CONSOLE); 657 658 argv[0] = "sh"; 659 argv[1] = _PATH_RUNCOM; 660 argv[2] = runcom_mode == AUTOBOOT ? "autoboot" : 0; 661 argv[3] = 0; 662 663 sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0); 664 665 execv(_PATH_BSHELL, argv); 666 stall("can't exec %s for %s: %m", _PATH_BSHELL, _PATH_RUNCOM); 667 _exit(1); /* force single user mode */ 668 } 669 670 if (pid == -1) { 671 emergency("can't fork for %s on %s: %m", 672 _PATH_BSHELL, _PATH_RUNCOM); 673 while (waitpid(-1, (int *) 0, WNOHANG) > 0) 674 continue; 675 sleep(STALL_TIMEOUT); 676 return (state_func_t) single_user; 677 } 678 679 /* 680 * Copied from single_user(). This is a bit paranoid. 681 */ 682 do { 683 if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) 684 collect_child(wpid); 685 if (wpid == -1) { 686 if (errno == EINTR) 687 continue; 688 warning("wait for %s on %s failed: %m; going to single user mode", 689 _PATH_BSHELL, _PATH_RUNCOM); 690 return (state_func_t) single_user; 691 } 692 if (wpid == pid && WIFSTOPPED(status)) { 693 warning("init: %s on %s stopped, restarting\n", 694 _PATH_BSHELL, _PATH_RUNCOM); 695 kill(pid, SIGCONT); 696 wpid = -1; 697 } 698 } while (wpid != pid); 699 700 if (WIFSIGNALED(status) && WTERMSIG(status) == SIGTERM && 701 requested_transition == catatonia) { 702 /* /etc/rc executed /sbin/reboot; wait for the end quietly */ 703 sigset_t s; 704 705 sigfillset(&s); 706 for (;;) 707 sigsuspend(&s); 708 } 709 710 if (!WIFEXITED(status)) { 711 warning("%s on %s terminated abnormally, going to single user mode", 712 _PATH_BSHELL, _PATH_RUNCOM); 713 return (state_func_t) single_user; 714 } 715 716 if (WEXITSTATUS(status)) 717 return (state_func_t) single_user; 718 719 runcom_mode = AUTOBOOT; /* the default */ 720 /* NB: should send a message to the session logger to avoid blocking. */ 721 logwtmp("~", "reboot", ""); 722 return (state_func_t) read_ttys; 723 } 724 725 /* 726 * Open the session database. 727 * 728 * NB: We could pass in the size here; is it necessary? 729 */ 730 int 731 start_session_db() 732 { 733 if (session_db && (*session_db->close)(session_db)) 734 emergency("session database close: %s", strerror(errno)); 735 if ((session_db = dbopen(NULL, O_RDWR, 0, DB_HASH, NULL)) == 0) { 736 emergency("session database open: %s", strerror(errno)); 737 return (1); 738 } 739 return (0); 740 741 } 742 743 /* 744 * Add a new login session. 745 */ 746 void 747 add_session(sp) 748 session_t *sp; 749 { 750 DBT key; 751 DBT data; 752 753 key.data = &sp->se_process; 754 key.size = sizeof sp->se_process; 755 data.data = &sp; 756 data.size = sizeof sp; 757 758 if ((*session_db->put)(session_db, &key, &data, 0)) 759 emergency("insert %d: %s", sp->se_process, strerror(errno)); 760 } 761 762 /* 763 * Delete an old login session. 764 */ 765 void 766 del_session(sp) 767 session_t *sp; 768 { 769 DBT key; 770 771 key.data = &sp->se_process; 772 key.size = sizeof sp->se_process; 773 774 if ((*session_db->del)(session_db, &key, 0)) 775 emergency("delete %d: %s", sp->se_process, strerror(errno)); 776 } 777 778 /* 779 * Look up a login session by pid. 780 */ 781 session_t * 782 #ifdef __STDC__ 783 find_session(pid_t pid) 784 #else 785 find_session(pid) 786 pid_t pid; 787 #endif 788 { 789 DBT key; 790 DBT data; 791 session_t *ret; 792 793 key.data = &pid; 794 key.size = sizeof pid; 795 if ((*session_db->get)(session_db, &key, &data, 0) != 0) 796 return 0; 797 bcopy(data.data, (char *)&ret, sizeof(ret)); 798 return ret; 799 } 800 801 /* 802 * Construct an argument vector from a command line. 803 */ 804 char ** 805 construct_argv(command) 806 char *command; 807 { 808 register int argc = 0; 809 register char **argv = (char **) malloc(((strlen(command) + 1) / 2 + 1) 810 * sizeof (char *)); 811 static const char separators[] = " \t"; 812 813 if ((argv[argc++] = strtok(command, separators)) == 0) 814 return 0; 815 while (argv[argc++] = strtok((char *) 0, separators)) 816 continue; 817 return argv; 818 } 819 820 /* 821 * Deallocate a session descriptor. 822 */ 823 void 824 free_session(sp) 825 register session_t *sp; 826 { 827 free(sp->se_device); 828 free(sp->se_getty); 829 free(sp->se_getty_argv); 830 if (sp->se_window) { 831 free(sp->se_window); 832 free(sp->se_window_argv); 833 } 834 free(sp); 835 } 836 837 /* 838 * Allocate a new session descriptor. 839 */ 840 session_t * 841 new_session(sprev, session_index, typ) 842 session_t *sprev; 843 int session_index; 844 register struct ttyent *typ; 845 { 846 register session_t *sp; 847 848 if ((typ->ty_status & TTY_ON) == 0 || 849 typ->ty_name == 0 || 850 typ->ty_getty == 0) 851 return 0; 852 853 sp = (session_t *) malloc(sizeof (session_t)); 854 855 sp->se_index = session_index; 856 sp->se_process = 0; 857 sp->se_started = 0; 858 sp->se_flags = 0; 859 sp->se_window = 0; 860 861 sp->se_device = malloc(sizeof(_PATH_DEV) + strlen(typ->ty_name)); 862 (void) sprintf(sp->se_device, "%s%s", _PATH_DEV, typ->ty_name); 863 864 sp->se_getty = malloc(strlen(typ->ty_getty) + strlen(typ->ty_name) + 2); 865 (void) sprintf(sp->se_getty, "%s %s", typ->ty_getty, typ->ty_name); 866 sp->se_getty_argv = construct_argv(sp->se_getty); 867 if (sp->se_getty_argv == 0) { 868 warning("can't parse getty for port %s", 869 sp->se_device); 870 free_session(sp); 871 return 0; 872 } 873 if (typ->ty_window) { 874 sp->se_window = strdup(typ->ty_window); 875 sp->se_window_argv = construct_argv(sp->se_window); 876 if (sp->se_window_argv == 0) { 877 warning("can't parse window for port %s", 878 sp->se_device); 879 free_session(sp); 880 return 0; 881 } 882 } 883 884 sp->se_next = 0; 885 if (sprev == 0) { 886 sessions = sp; 887 sp->se_prev = 0; 888 } else { 889 sprev->se_next = sp; 890 sp->se_prev = sprev; 891 } 892 893 return sp; 894 } 895 896 /* 897 * Walk the list of ttys and create sessions for each active line. 898 */ 899 state_func_t 900 read_ttys() 901 { 902 int session_index = 0; 903 register session_t *sp, *snext; 904 register struct ttyent *typ; 905 906 /* 907 * Destroy any previous session state. 908 * There shouldn't be any, but just in case... 909 */ 910 for (sp = sessions; sp; sp = snext) { 911 if (sp->se_process) 912 clear_session_logs(sp); 913 snext = sp->se_next; 914 free_session(sp); 915 } 916 sessions = 0; 917 if (start_session_db()) 918 return (state_func_t) single_user; 919 920 /* 921 * Allocate a session entry for each active port. 922 * Note that sp starts at 0. 923 */ 924 while (typ = getttyent()) 925 if (snext = new_session(sp, ++session_index, typ)) 926 sp = snext; 927 928 endttyent(); 929 930 return (state_func_t) multi_user; 931 } 932 933 /* 934 * Start a window system running. 935 */ 936 void 937 start_window_system(sp) 938 session_t *sp; 939 { 940 pid_t pid; 941 sigset_t mask; 942 943 if ((pid = fork()) == -1) { 944 emergency("can't fork for window system on port %s: %m", 945 sp->se_device); 946 /* hope that getty fails and we can try again */ 947 return; 948 } 949 950 if (pid) 951 return; 952 953 sigemptyset(&mask); 954 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); 955 956 if (setsid() < 0) 957 emergency("setsid failed (window) %m"); 958 959 execv(sp->se_window_argv[0], sp->se_window_argv); 960 stall("can't exec window system '%s' for port %s: %m", 961 sp->se_window_argv[0], sp->se_device); 962 _exit(1); 963 } 964 965 /* 966 * Start a login session running. 967 */ 968 pid_t 969 start_getty(sp) 970 session_t *sp; 971 { 972 pid_t pid; 973 sigset_t mask; 974 time_t current_time = time((time_t *) 0); 975 976 /* 977 * fork(), not vfork() -- we can't afford to block. 978 */ 979 if ((pid = fork()) == -1) { 980 emergency("can't fork for getty on port %s: %m", sp->se_device); 981 return -1; 982 } 983 984 if (pid) 985 return pid; 986 987 if (current_time > sp->se_started && 988 current_time - sp->se_started < GETTY_SPACING) { 989 warning("getty repeating too quickly on port %s, sleeping", 990 sp->se_device); 991 sleep((unsigned) GETTY_SPACING + 1 - 992 (current_time - sp->se_started)); 993 } 994 995 if (sp->se_window) { 996 start_window_system(sp); 997 sleep(WINDOW_WAIT); 998 } 999 1000 setctty(sp->se_device); 1001 1002 sigemptyset(&mask); 1003 sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); 1004 1005 execv(sp->se_getty_argv[0], sp->se_getty_argv); 1006 stall("can't exec getty '%s' for port %s: %m", 1007 sp->se_getty_argv[0], sp->se_device); 1008 _exit(1); 1009 } 1010 1011 /* 1012 * Collect exit status for a child. 1013 * If an exiting login, start a new login running. 1014 */ 1015 void 1016 collect_child(pid) 1017 pid_t pid; 1018 { 1019 register session_t *sp, *sprev, *snext; 1020 1021 if (! sessions) 1022 return; 1023 1024 if (! (sp = find_session(pid))) 1025 return; 1026 1027 clear_session_logs(sp); 1028 del_session(sp); 1029 sp->se_process = 0; 1030 1031 if (sp->se_flags & SE_SHUTDOWN) { 1032 if (sprev = sp->se_prev) 1033 sprev->se_next = sp->se_next; 1034 else 1035 sessions = sp->se_next; 1036 if (snext = sp->se_next) 1037 snext->se_prev = sp->se_prev; 1038 free_session(sp); 1039 return; 1040 } 1041 1042 if ((pid = start_getty(sp)) == -1) { 1043 /* serious trouble */ 1044 requested_transition = clean_ttys; 1045 return; 1046 } 1047 1048 sp->se_process = pid; 1049 sp->se_started = time((time_t *) 0); 1050 add_session(sp); 1051 } 1052 1053 /* 1054 * Catch a signal and request a state transition. 1055 */ 1056 void 1057 transition_handler(sig) 1058 int sig; 1059 { 1060 1061 switch (sig) { 1062 case SIGHUP: 1063 requested_transition = clean_ttys; 1064 break; 1065 case SIGTERM: 1066 requested_transition = death; 1067 break; 1068 case SIGTSTP: 1069 requested_transition = catatonia; 1070 break; 1071 default: 1072 requested_transition = 0; 1073 break; 1074 } 1075 } 1076 1077 /* 1078 * Take the system multiuser. 1079 */ 1080 state_func_t 1081 multi_user() 1082 { 1083 pid_t pid; 1084 register session_t *sp; 1085 1086 requested_transition = 0; 1087 1088 /* 1089 * If the administrator has not set the security level to -1 1090 * to indicate that the kernel should not run multiuser in secure 1091 * mode, and the run script has not set a higher level of security 1092 * than level 1, then put the kernel into secure mode. 1093 */ 1094 if (getsecuritylevel() == 0) 1095 setsecuritylevel(1); 1096 1097 for (sp = sessions; sp; sp = sp->se_next) { 1098 if (sp->se_process) 1099 continue; 1100 if ((pid = start_getty(sp)) == -1) { 1101 /* serious trouble */ 1102 requested_transition = clean_ttys; 1103 break; 1104 } 1105 sp->se_process = pid; 1106 sp->se_started = time((time_t *) 0); 1107 add_session(sp); 1108 } 1109 1110 while (!requested_transition) 1111 if ((pid = waitpid(-1, (int *) 0, 0)) != -1) 1112 collect_child(pid); 1113 1114 return (state_func_t) requested_transition; 1115 } 1116 1117 /* 1118 * This is an n-squared algorithm. We hope it isn't run often... 1119 */ 1120 state_func_t 1121 clean_ttys() 1122 { 1123 register session_t *sp, *sprev; 1124 register struct ttyent *typ; 1125 register int session_index = 0; 1126 register int devlen; 1127 1128 if (! sessions) 1129 return (state_func_t) multi_user; 1130 1131 devlen = sizeof(_PATH_DEV) - 1; 1132 while (typ = getttyent()) { 1133 ++session_index; 1134 1135 for (sprev = 0, sp = sessions; sp; sprev = sp, sp = sp->se_next) 1136 if (strcmp(typ->ty_name, sp->se_device + devlen) == 0) 1137 break; 1138 1139 if (sp) { 1140 if (sp->se_index != session_index) { 1141 warning("port %s changed utmp index from %d to %d", 1142 sp->se_device, sp->se_index, 1143 session_index); 1144 sp->se_index = session_index; 1145 } 1146 if (typ->ty_status & TTY_ON) 1147 sp->se_flags &= ~SE_SHUTDOWN; 1148 else { 1149 sp->se_flags |= SE_SHUTDOWN; 1150 kill(sp->se_process, SIGHUP); 1151 } 1152 continue; 1153 } 1154 1155 new_session(sprev, session_index, typ); 1156 } 1157 1158 endttyent(); 1159 1160 return (state_func_t) multi_user; 1161 } 1162 1163 /* 1164 * Block further logins. 1165 */ 1166 state_func_t 1167 catatonia() 1168 { 1169 register session_t *sp; 1170 1171 for (sp = sessions; sp; sp = sp->se_next) 1172 sp->se_flags |= SE_SHUTDOWN; 1173 1174 return (state_func_t) multi_user; 1175 } 1176 1177 /* 1178 * Note SIGALRM. 1179 */ 1180 void 1181 alrm_handler(sig) 1182 int sig; 1183 { 1184 clang = 1; 1185 } 1186 1187 /* 1188 * Bring the system down to single user. 1189 */ 1190 state_func_t 1191 death() 1192 { 1193 register session_t *sp; 1194 register int i; 1195 pid_t pid; 1196 static const int death_sigs[3] = { SIGHUP, SIGTERM, SIGKILL }; 1197 1198 for (sp = sessions; sp; sp = sp->se_next) 1199 sp->se_flags |= SE_SHUTDOWN; 1200 1201 /* NB: should send a message to the session logger to avoid blocking. */ 1202 logwtmp("~", "shutdown", ""); 1203 1204 for (i = 0; i < 3; ++i) { 1205 if (kill(-1, death_sigs[i]) == -1 && errno == ESRCH) 1206 return (state_func_t) single_user; 1207 1208 clang = 0; 1209 alarm(DEATH_WATCH); 1210 do 1211 if ((pid = waitpid(-1, (int *)0, 0)) != -1) 1212 collect_child(pid); 1213 while (clang == 0 && errno != ECHILD); 1214 1215 if (errno == ECHILD) 1216 return (state_func_t) single_user; 1217 } 1218 1219 warning("some processes wouldn't die"); 1220 1221 return (state_func_t) single_user; 1222 } 1223