# $OpenBSD: rc.subr,v 1.160 2022/10/19 21:04:45 ajacoutot Exp $ # # Copyright (c) 2010, 2011, 2014-2022 Antoine Jacoutot # Copyright (c) 2010, 2011 Ingo Schwarze # Copyright (c) 2010, 2011, 2014 Robert Nagy # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. _rc_actions="start stop restart reload check configtest" readonly _rc_actions _rc_check_name() { [[ $1 == +([_[:alpha:]])+(|[_[:alnum:]]) ]] } _rc_do() { if [ -n "${_RC_DEBUG}" ]; then echo "doing $@" && "$@" else "$@" >/dev/null 2>&1 fi } _rc_err() { [ -n "${1}" ] && echo "${1}" 1>&2 [ -n "${2}" ] && exit "${2}" || exit 1 } _rc_parse_conf() { typeset -l _key local _l _rcfile _val set -A _allowed_keys -- \ accounting amd_master check_quotas ipsec library_aslr \ multicast nfs_server pexp pf pkg_scripts shlib_dirs spamd_black [ $# -gt 0 ] || set -- /etc/rc.conf /etc/rc.conf.local for _rcfile; do [[ -f $_rcfile ]] || continue while IFS=' ' read -r _l; do [[ $_l == [!#=]*=* ]] || continue _key=${_l%%*([[:blank:]])=*} [[ $_key == *_@(execdir|flags|logger|rtable|timeout|user) ]] || [[ " ${_allowed_keys[*]} " == *" $_key "* ]] || continue [[ $_key == "" ]] && continue _val=${_l##*([!=])=*([[:blank:]])} _val=${_val%%#*} _val=${_val%%*([[:blank:]])} # remove leading and trailing quotes (backwards compat) [[ $_val == @(\"*\"|\'*\') ]] && _val=${_val#?} _val=${_val%?} eval "${_key}=\${_val}" done < $_rcfile done # special care needed for spamlogd to avoid starting it up and failing # all the time if [ X"${spamd_flags}" = X"NO" -o X"${spamd_black}" != X"NO" ]; then spamlogd_flags=NO fi # special care needed for pflogd to avoid starting it up and failing # if pf is not enabled if [ X"${pf}" = X"NO" ]; then pflogd_flags=NO fi # special care needed if nfs_server=YES to startup nfsd and mountd with # sane default flags if [ X"${nfs_server}" = X"YES" ]; then [ X"${nfsd_flags}" = X"NO" ] && nfsd_flags="-tun 4" [ X"${mountd_flags}" = X"NO" ] && mountd_flags= fi } # return if we only want internal functions [ -n "${FUNCS_ONLY}" ] && return _rc_not_supported() { local _a _enotsup _what=${1} for _a in ${_rc_actions}; do [ "${_what}" == "configtest" ] && ! typeset -f rc_configtest >/dev/null && _enotsup=NO && break [ "${_what}" == "restart" ] && _what="stop" if [ "${_what}" == "${_a}" ]; then eval _enotsup=\${rc_${_what}} break fi done [ X"${_enotsup}" == X"NO" ] } _rc_usage() { local _a _allsup for _a in ${_rc_actions}; do _rc_not_supported ${_a} || _allsup="${_allsup:+$_allsup|}${_a}" done _rc_err "usage: $0 [-df] ${_allsup}" } _rc_write_runfile() { [ -d ${_RC_RUNDIR} ] || mkdir -p ${_RC_RUNDIR} && cat >${_RC_RUNFILE} </dev/null # timer may not be running anymore kill $! 2>/dev/null # kill last job if it's running } _rc_sendsig() { pkill -${1:-TERM} -T "${daemon_rtable}" -xf "${pexp}" } _rc_wait_for_start() { trap "_rc_alarm" ALRM while ((SECONDS < daemon_timeout)); do if _rc_do rc_check; then [ X"${rc_bg}" = X"YES" ] || [ -z "$$" ] && break fi sleep .5 done & wait pkill -ALRM -P $$ return } rc_exec() { local _rcexec="su -fl -c ${daemon_class} -s /bin/sh ${daemon_user} -c" [ "${daemon_rtable}" -eq "$(id -R)" ] || _rcexec="route -T ${daemon_rtable} exec ${_rcexec}" ${_rcexec} "${daemon_logger:+set -o pipefail; } \ ${daemon_execdir:+cd ${daemon_execdir} && } \ $@ \ ${daemon_logger:+ 2>&1 | logger -isp ${daemon_logger} -t ${_name}}" } rc_start() { rc_exec "${daemon} ${daemon_flags}" } rc_check() { pgrep -T "${daemon_rtable}" -q -xf "${pexp}" } rc_reload() { _rc_sendsig ${rc_reload_signal} } rc_stop() { _rc_sendsig ${rc_stop_signal} } rc_cmd() { local _exit _n _ret _timer # optim: don't sleep(1) in the first loop _1stloop=true [ -n "${1}" ] && echo "${_rc_actions}" | grep -qw -- ${1} || _rc_usage [ "$(id -u)" -eq 0 ] || [ X"${rc_usercheck}" != X"NO" -a X"$1" = "Xcheck" ] || _rc_err "$0: need root privileges" if _rc_not_supported $1; then [ -n "${INRC}" ] && exit 1 _rc_err "$0: $1 is not supported" fi [ -n "${_RC_DEBUG}" ] || _n="-n" [[ ${1} == start ]] || _rc_do _rc_parse_conf ${_RC_RUNFILE} case "$1" in check) echo $_n "${INRC:+ }${_name}" _rc_do rc_check && _rc_exit ok || _rc_exit failed ;; configtest) echo $_n "${INRC:+ }${_name}" _rc_do rc_configtest && _rc_exit ok || _rc_exit failed ;; start) if [ X"${daemon_flags}" = X"NO" ]; then _rc_err "$0: need -f to force $1 since ${_name}_flags=NO" fi [ -z "${INRC}" ] && _rc_do rc_check && exit 0 echo $_n "${INRC:+ }${_name}" while true; do # no real loop, only needed to break # running during start is mostly useful for daemons # whose child will not return a config parsing error to # the parent during startup; e.g. bgpd, httpd... if typeset -f rc_configtest >/dev/null; then _rc_do rc_configtest || break fi if typeset -f rc_pre >/dev/null; then _rc_do rc_pre || break fi # prevent hanging the boot sequence _rc_do _rc_wait_for_start & _TIMERSUB=$! trap "_rc_alarm" ALRM _rc_do rc_start; _ret=$? kill -ALRM ${_TIMERSUB} wait ${_TIMERSUB} 2>/dev/null # don't print Alarm clock # XXX for unknown reason, rc_check can fail (e.g. redis) # while it just succeeded in _rc_wait_for_start; # check to cope with failing daemons returning 0 #[[ "${_ret}" == @(0|142) ]] && _rc_do rc_check || break [[ "${_ret}" == @(0|142) ]] || break [[ "${_ret}" == 142 ]] && [ X"${rc_bg}" != X"YES" ] && _exit="timeout" _rc_do _rc_write_runfile _rc_exit ${_exit:=ok} done # handle failure _rc_do _rc_rm_runfile typeset -f rc_post >/dev/null && _rc_do rc_post _rc_exit failed ;; stop) _rc_do rc_check || exit 0 echo $_n "${INRC:+ }${_name}" _rc_do rc_stop & _timer=$! while ((SECONDS < daemon_timeout)); do # last chance: send a SIGTERM first in case the process # used another signal to stop (e.g. SIGQUIT with nginx) # or a non-default rc_stop() function; do it 2s before # timeout to re-enter the loop one last time which will # give 1s for SIGTERM to terminate the process ((SECONDS == daemon_timeout-2)) && _rc_do _rc_sendsig TERM && sleep .5 pkill -0 -P "$$" 2>/dev/null || _rc_do rc_check || break ${_1stloop} && _1stloop=false || sleep .5 done kill -ALRM ${_timer} 2>/dev/null wait ${_timer} # don't print Alarm clock [[ $? == 0 ]] || _exit=failed # KILL the process _rc_do rc_check && _rc_do _rc_sendsig KILL && _exit="killed" _rc_do _rc_rm_runfile if typeset -f rc_post >/dev/null; then _rc_do rc_post || _exit=failed fi _rc_exit ${_exit:=ok} ;; reload) echo $_n "${INRC:+ }${_name}" _rc_do rc_check || _rc_exit failed if typeset -f rc_configtest >/dev/null; then _rc_do rc_configtest || _rc_exit failed fi _rc_do rc_reload & _timer=$! while ((SECONDS < daemon_timeout)); do pkill -0 -P "$$" 2>/dev/null || break ${_1stloop} && _1stloop=false || sleep .5 done kill -ALRM ${_timer} 2>/dev/null wait ${_timer} # don't print Alarm clock _ret=$? [[ ${_ret} == 142 ]] && _exit=timeout || [[ ${_ret} == 0 ]] || _exit=failed _rc_exit ${_exit:=ok} ;; restart) if typeset -f rc_configtest >/dev/null; then _rc_do rc_configtest || _rc_exit failed fi $0 ${_RC_DEBUG} ${_RC_FORCE} stop && $0 ${_RC_DEBUG} ${_RC_FORCE} start ;; *) _rc_usage ;; esac } _name=${0##*/} _rc_check_name "${_name}" || _rc_err "invalid rc.d script name: ${_name}" [ -n "${KSH_VERSION}" ] || _rc_err "$0: wrong shell, use /bin/ksh" [ -n "${daemon}" ] || _rc_err "$0: daemon is not set" unset _RC_DEBUG _RC_FORCE while getopts "df" c; do case "$c" in d) _RC_DEBUG=-d;; f) _RC_FORCE=-f;; *) _rc_usage;; esac done shift $((OPTIND-1)) _RC_RUNDIR=/var/run/rc.d _RC_RUNFILE=${_RC_RUNDIR}/${_name} # parse /etc/rc.conf{.local} for the daemon variables _rc_do _rc_parse_conf rc_reload_signal=${rc_reload_signal:=HUP} rc_stop_signal=${rc_stop_signal:=TERM} eval _rcexecdir=\${${_name}_execdir} eval _rcflags=\${${_name}_flags} eval _rclogger=\${${_name}_logger} eval _rcrtable=\${${_name}_rtable} eval _rctimeout=\${${_name}_timeout} eval _rcuser=\${${_name}_user} # set default values; duplicated in rcctl(8) getcap -f /etc/login.conf.d/${_name}:/etc/login.conf ${_name} 1>/dev/null 2>&1 && \ daemon_class=${_name} || daemon_class=daemon [ -z "${daemon_rtable}" ] && daemon_rtable=0 [ -z "${daemon_timeout}" ] && daemon_timeout=30 [ -z "${daemon_user}" ] && daemon_user=root # use flags from the rc.d script if daemon is not enabled [ -n "${_RC_FORCE}" -o "$1" != "start" ] && [ X"${_rcflags}" = X"NO" ] && unset _rcflags [ -n "${_rcexecdir}" ] && daemon_execdir=${_rcexecdir} [ -n "${_rcflags}" ] && daemon_flags=${_rcflags} [ -n "${_rclogger}" ] && daemon_logger=${_rclogger} [ -n "${_rcrtable}" ] && daemon_rtable=${_rcrtable} [ -n "${_rctimeout}" ] && daemon_timeout=${_rctimeout} [ -n "${_rcuser}" ] && daemon_user=${_rcuser} if [ -n "${_RC_DEBUG}" ]; then echo -n "${_name}_flags " [ -n "${_rcflags}" ] || echo -n "empty, using default " echo ">${daemon_flags}<" fi readonly daemon_class unset _rcexecdir _rcflags _rclogger _rcrtable _rctimeout _rcuser # the shell will strip the quotes from daemon_flags when starting a daemon; # make sure pexp matches the process (i.e. doesn't include the quotes) pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"