1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #pragma ident   "%Z%%M% %I%     %E% SMI"
  27 
  28 #include <assert.h>
  29 #include <door.h>
  30 #include <errno.h>
  31 #include <fcntl.h>
  32 #include <limits.h>
  33 #include <priv.h>
  34 #include <procfs.h>
  35 #include <pthread.h>
  36 #include <signal.h>
  37 #include <stdarg.h>
  38 #include <stdio.h>
  39 #include <stdio_ext.h>
  40 #include <stdlib.h>
  41 #include <string.h>
  42 #include <syslog.h>
  43 #include <sys/corectl.h>
  44 #include <sys/resource.h>
  45 #include <sys/stat.h>
  46 #include <sys/wait.h>
  47 #include <ucontext.h>
  48 #include <unistd.h>
  49 
  50 #include "configd.h"
  51 
  52 /*
  53  * This file manages the overall startup and shutdown of configd, as well
  54  * as managing its door thread pool and per-thread datastructures.
  55  *
  56  * 1.  Per-thread Datastructures
  57  * -----------------------------
  58  * Each configd thread has an associated thread_info_t which contains its
  59  * current state.  A pointer is kept to this in TSD, keyed by thread_info_key.
  60  * The thread_info_ts for all threads in configd are kept on a single global
  61  * list, thread_list.  After creation, the state in the thread_info structure
  62  * is only modified by the associated thread, so no locking is needed.  A TSD
  63  * destructor removes the thread_info from the global list and frees it at
  64  * pthread_exit() time.
  65  *
  66  * Threads access their per-thread data using thread_self()
  67  *
  68  * The thread_list is protected by thread_lock, a leaf lock.
  69  *
  70  * 2. Door Thread Pool Management
  71  * ------------------------------
  72  * Whenever door_return(3door) returns from the kernel and there are no
  73  * other configd threads waiting for requests, libdoor automatically
  74  * invokes a function registered with door_server_create(), to request a new
  75  * door server thread.  The default function just creates a thread that calls
  76  * door_return(3door).  Unfortunately, since it can take a while for the new
  77  * thread to *get* to door_return(3door), a stream of requests can cause a
  78  * large number of threads to be created, even though they aren't all needed.
  79  *
  80  * In our callback, new_server_needed(), we limit ourself to two new threads
  81  * at a time -- this logic is handled in reserve_new_thread().  This keeps
  82  * us from creating an absurd number of threads in response to peaking load.
  83  */
  84 static pthread_key_t    thread_info_key;
  85 static pthread_attr_t   thread_attr;
  86 
  87 static pthread_mutex_t  thread_lock = PTHREAD_MUTEX_INITIALIZER;
  88 int                     num_started;    /* number actually running */
  89 int                     num_servers;    /* number in-progress or running */
  90 static uu_list_pool_t   *thread_pool;
  91 uu_list_t               *thread_list;
  92 
  93 static thread_info_t    main_thread_info;
  94 
  95 static int      finished;
  96 
  97 static pid_t    privileged_pid = 0;
  98 static int      privileged_psinfo_fd = -1;
  99 
 100 static int      privileged_user = 0;
 101 
 102 static priv_set_t *privileged_privs;
 103 
 104 static int      log_to_syslog = 0;
 105 
 106 int             is_main_repository = 1;
 107 
 108 int             max_repository_backups = 4;
 109 
 110 #define CONFIGD_MAX_FDS         262144
 111 
 112 /*
 113  * Thanks, Mike
 114  */
 115 void
 116 abort_handler(int sig, siginfo_t *sip, ucontext_t *ucp)
 117 {
 118         struct sigaction act;
 119 
 120         (void) sigemptyset(&act.sa_mask);
 121         act.sa_handler = SIG_DFL;
 122         act.sa_flags = 0;
 123         (void) sigaction(sig, &act, NULL);
 124 
 125         (void) printstack(2);
 126 
 127         if (sip != NULL && SI_FROMUSER(sip))
 128                 (void) pthread_kill(pthread_self(), sig);
 129         (void) sigfillset(&ucp->uc_sigmask);
 130         (void) sigdelset(&ucp->uc_sigmask, sig);
 131         ucp->uc_flags |= UC_SIGMASK;
 132         (void) setcontext(ucp);
 133 }
 134 
 135 /*
 136  * Don't want to have more than a couple thread creates outstanding
 137  */
 138 static int
 139 reserve_new_thread(void)
 140 {
 141         (void) pthread_mutex_lock(&thread_lock);
 142         assert(num_started >= 0);
 143         if (num_servers > num_started + 1) {
 144                 (void) pthread_mutex_unlock(&thread_lock);
 145                 return (0);
 146         }
 147         ++num_servers;
 148         (void) pthread_mutex_unlock(&thread_lock);
 149         return (1);
 150 }
 151 
 152 static void
 153 thread_info_free(thread_info_t *ti)
 154 {
 155         uu_list_node_fini(ti, &ti->ti_node, thread_pool);
 156         if (ti->ti_ucred != NULL)
 157                 uu_free(ti->ti_ucred);
 158         uu_free(ti);
 159 }
 160 
 161 static void
 162 thread_exiting(void *arg)
 163 {
 164         thread_info_t *ti = arg;
 165 
 166         if (ti != NULL)
 167                 log_enter(&ti->ti_log);
 168 
 169         (void) pthread_mutex_lock(&thread_lock);
 170         if (ti != NULL) {
 171                 num_started--;
 172                 uu_list_remove(thread_list, ti);
 173         }
 174         assert(num_servers > 0);
 175         --num_servers;
 176 
 177         if (num_servers == 0) {
 178                 configd_critical("no door server threads\n");
 179                 abort();
 180         }
 181         (void) pthread_mutex_unlock(&thread_lock);
 182 
 183         if (ti != NULL && ti != &main_thread_info)
 184                 thread_info_free(ti);
 185 }
 186 
 187 void
 188 thread_newstate(thread_info_t *ti, thread_state_t newstate)
 189 {
 190         ti->ti_ucred_read = 0;                       /* invalidate cached ucred */
 191         if (newstate != ti->ti_state) {
 192                 ti->ti_prev_state = ti->ti_state;
 193                 ti->ti_state = newstate;
 194                 ti->ti_lastchange = gethrtime();
 195         }
 196 }
 197 
 198 thread_info_t *
 199 thread_self(void)
 200 {
 201         return (pthread_getspecific(thread_info_key));
 202 }
 203 
 204 /*
 205  * get_ucred() returns NULL if it was unable to get the credential
 206  * information.
 207  */
 208 ucred_t *
 209 get_ucred(void)
 210 {
 211         thread_info_t *ti = thread_self();
 212         ucred_t **ret = &ti->ti_ucred;
 213 
 214         if (ti->ti_ucred_read)
 215                 return (*ret);                  /* cached value */
 216 
 217         if (door_ucred(ret) != 0)
 218                 return (NULL);
 219         ti->ti_ucred_read = 1;
 220 
 221         return (*ret);
 222 }
 223 
 224 int
 225 ucred_is_privileged(ucred_t *uc)
 226 {
 227         const priv_set_t *ps;
 228 
 229         if ((ps = ucred_getprivset(uc, PRIV_EFFECTIVE)) != NULL) {
 230                 if (priv_isfullset(ps))
 231                         return (1);             /* process has all privs */
 232 
 233                 if (privileged_privs != NULL &&
 234                     priv_issubset(privileged_privs, ps))
 235                         return (1);             /* process has zone privs */
 236         }
 237 
 238         return (0);
 239 }
 240 
 241 /*
 242  * The purpose of this function is to get the audit session data for use in
 243  * generating SMF audit events.  We use a single audit session per client.
 244  *
 245  * get_audit_session() may return NULL.  It is legal to use a NULL pointer
 246  * in subsequent calls to adt_* functions.
 247  */
 248 adt_session_data_t *
 249 get_audit_session(void)
 250 {
 251         thread_info_t   *ti = thread_self();
 252 
 253         return (ti->ti_active_client->rc_adt_session);
 254 }
 255 
 256 static void *
 257 thread_start(void *arg)
 258 {
 259         thread_info_t *ti = arg;
 260 
 261         (void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
 262 
 263         (void) pthread_mutex_lock(&thread_lock);
 264         num_started++;
 265         (void) uu_list_insert_after(thread_list, uu_list_last(thread_list),
 266             ti);
 267         (void) pthread_mutex_unlock(&thread_lock);
 268         (void) pthread_setspecific(thread_info_key, ti);
 269 
 270         thread_newstate(ti, TI_DOOR_RETURN);
 271 
 272         /*
 273          * Start handling door calls
 274          */
 275         (void) door_return(NULL, 0, NULL, 0);
 276         return (arg);
 277 }
 278 
 279 static void
 280 new_thread_needed(door_info_t *dip)
 281 {
 282         thread_info_t *ti;
 283 
 284         sigset_t new, old;
 285 
 286         assert(dip == NULL);
 287 
 288         if (!reserve_new_thread())
 289                 return;
 290 
 291         if ((ti = uu_zalloc(sizeof (*ti))) == NULL)
 292                 goto fail;
 293 
 294         uu_list_node_init(ti, &ti->ti_node, thread_pool);
 295         ti->ti_state = TI_CREATED;
 296         ti->ti_prev_state = TI_CREATED;
 297 
 298         if ((ti->ti_ucred = uu_zalloc(ucred_size())) == NULL)
 299                 goto fail;
 300 
 301         (void) sigfillset(&new);
 302         (void) pthread_sigmask(SIG_SETMASK, &new, &old);
 303         if ((errno = pthread_create(&ti->ti_thread, &thread_attr, thread_start,
 304             ti)) != 0) {
 305                 (void) pthread_sigmask(SIG_SETMASK, &old, NULL);
 306                 goto fail;
 307         }
 308 
 309         (void) pthread_sigmask(SIG_SETMASK, &old, NULL);
 310         return;
 311 
 312 fail:
 313         /*
 314          * Since the thread_info structure was never linked onto the
 315          * thread list, thread_exiting() can't handle the cleanup.
 316          */
 317         thread_exiting(NULL);
 318         if (ti != NULL)
 319                 thread_info_free(ti);
 320 }
 321 
 322 int
 323 create_connection(ucred_t *uc, repository_door_request_t *rp,
 324     size_t rp_size, int *out_fd)
 325 {
 326         int flags;
 327         int privileged = 0;
 328         uint32_t debugflags = 0;
 329         psinfo_t info;
 330 
 331         if (privileged_pid != 0) {
 332                 /*
 333                  * in privileged pid mode, we only allow connections from
 334                  * our original parent -- the psinfo read verifies that
 335                  * it is the same process which we started with.
 336                  */
 337                 if (ucred_getpid(uc) != privileged_pid ||
 338                     read(privileged_psinfo_fd, &info, sizeof (info)) !=
 339                     sizeof (info))
 340                         return (REPOSITORY_DOOR_FAIL_PERMISSION_DENIED);
 341 
 342                 privileged = 1;                 /* he gets full privileges */
 343         } else if (privileged_user != 0) {
 344                 /*
 345                  * in privileged user mode, only one particular user is
 346                  * allowed to connect to us, and he can do anything.
 347                  */
 348                 if (ucred_geteuid(uc) != privileged_user)
 349                         return (REPOSITORY_DOOR_FAIL_PERMISSION_DENIED);
 350 
 351                 privileged = 1;
 352         }
 353 
 354         /*
 355          * Check that rp, of size rp_size, is large enough to
 356          * contain field 'f'.  If so, write the value into *out, and return 1.
 357          * Otherwise, return 0.
 358          */
 359 #define GET_ARG(rp, rp_size, f, out)                                    \
 360         (((rp_size) >= offsetofend(repository_door_request_t, f)) ?  \
 361             ((*(out) = (rp)->f), 1) : 0)
 362 
 363         if (!GET_ARG(rp, rp_size, rdr_flags, &flags))
 364                 return (REPOSITORY_DOOR_FAIL_BAD_REQUEST);
 365 
 366 #if (REPOSITORY_DOOR_FLAG_ALL != REPOSITORY_DOOR_FLAG_DEBUG)
 367 #error Need to update flag checks
 368 #endif
 369 
 370         if (flags & ~REPOSITORY_DOOR_FLAG_ALL)
 371                 return (REPOSITORY_DOOR_FAIL_BAD_FLAG);
 372 
 373         if (flags & REPOSITORY_DOOR_FLAG_DEBUG)
 374                 if (!GET_ARG(rp, rp_size, rdr_debug, &debugflags))
 375                         return (REPOSITORY_DOOR_FAIL_BAD_REQUEST);
 376 #undef GET_ARG
 377 
 378         return (create_client(ucred_getpid(uc), debugflags, privileged,
 379             out_fd));
 380 }
 381 
 382 void
 383 configd_vlog(int severity, const char *prefix, const char *message,
 384     va_list args)
 385 {
 386         if (log_to_syslog)
 387                 vsyslog(severity, message, args);
 388         else {
 389                 flockfile(stderr);
 390                 if (prefix != NULL)
 391                         (void) fprintf(stderr, "%s", prefix);
 392                 (void) vfprintf(stderr, message, args);
 393                 if (message[0] == 0 || message[strlen(message) - 1] != '\n')
 394                         (void) fprintf(stderr, "\n");
 395                 funlockfile(stderr);
 396         }
 397 }
 398 
 399 void
 400 configd_vcritical(const char *message, va_list args)
 401 {
 402         configd_vlog(LOG_CRIT, "svc.configd: Fatal error: ", message, args);
 403 }
 404 
 405 void
 406 configd_critical(const char *message, ...)
 407 {
 408         va_list args;
 409         va_start(args, message);
 410         configd_vcritical(message, args);
 411         va_end(args);
 412 }
 413 
 414 void
 415 configd_info(const char *message, ...)
 416 {
 417         va_list args;
 418         va_start(args, message);
 419         configd_vlog(LOG_INFO, "svc.configd: ", message, args);
 420         va_end(args);
 421 }
 422 
 423 static void
 424 usage(const char *prog, int ret)
 425 {
 426         (void) fprintf(stderr,
 427             "usage: %s [-np] [-d door_path] [-r repository_path]\n"
 428             "    [-t nonpersist_repository]\n", prog);
 429         exit(ret);
 430 }
 431 
 432 /*ARGSUSED*/
 433 static void
 434 handler(int sig, siginfo_t *info, void *data)
 435 {
 436         finished = 1;
 437 }
 438 
 439 static int pipe_fd = -1;
 440 
 441 static int
 442 daemonize_start(void)
 443 {
 444         char data;
 445         int status;
 446 
 447         int filedes[2];
 448         pid_t pid;
 449 
 450         (void) close(0);
 451         (void) dup2(2, 1);              /* stderr only */
 452 
 453         if (pipe(filedes) < 0)
 454                 return (-1);
 455 
 456         if ((pid = fork1()) < 0)
 457                 return (-1);
 458 
 459         if (pid != 0) {
 460                 /*
 461                  * parent
 462                  */
 463                 struct sigaction act;
 464 
 465                 act.sa_sigaction = SIG_DFL;
 466                 (void) sigemptyset(&act.sa_mask);
 467                 act.sa_flags = 0;
 468 
 469                 (void) sigaction(SIGPIPE, &act, NULL);      /* ignore SIGPIPE */
 470 
 471                 (void) close(filedes[1]);
 472                 if (read(filedes[0], &data, 1) == 1) {
 473                         /* presume success */
 474                         _exit(CONFIGD_EXIT_OKAY);
 475                 }
 476 
 477                 status = -1;
 478                 (void) wait4(pid, &status, 0, NULL);
 479                 if (WIFEXITED(status))
 480                         _exit(WEXITSTATUS(status));
 481                 else
 482                         _exit(-1);
 483         }
 484 
 485         /*
 486          * child
 487          */
 488         pipe_fd = filedes[1];
 489         (void) close(filedes[0]);
 490 
 491         /*
 492          * generic Unix setup
 493          */
 494         (void) setsid();
 495         (void) umask(0077);
 496 
 497         return (0);
 498 }
 499 
 500 static void
 501 daemonize_ready(void)
 502 {
 503         char data = '\0';
 504 
 505         /*
 506          * wake the parent
 507          */
 508         (void) write(pipe_fd, &data, 1);
 509         (void) close(pipe_fd);
 510 }
 511 
 512 const char *
 513 regularize_path(const char *dir, const char *base, char *tmpbuf)
 514 {
 515         if (base == NULL)
 516                 return (NULL);
 517         if (base[0] == '/')
 518                 return (base);
 519 
 520         if (snprintf(tmpbuf, PATH_MAX, "%s/%s", dir, base) >= PATH_MAX) {
 521                 (void) fprintf(stderr, "svc.configd: %s/%s: path too long\n",
 522                     dir, base);
 523                 exit(CONFIGD_EXIT_BAD_ARGS);
 524         }
 525 
 526         return (tmpbuf);
 527 }
 528 
 529 int
 530 main(int argc, char *argv[])
 531 {
 532         thread_info_t *ti = &main_thread_info;
 533 
 534         char pidpath[sizeof ("/proc/" "/psinfo") + 10];
 535 
 536         struct rlimit fd_new;
 537 
 538         const char *endptr;
 539         sigset_t myset;
 540         int c;
 541         int ret;
 542         int fd;
 543 
 544         char curdir[PATH_MAX];
 545         char dbtmp[PATH_MAX];
 546         char npdbtmp[PATH_MAX];
 547         char doortmp[PATH_MAX];
 548 
 549         const char *dbpath = NULL;
 550         const char *npdbpath = NULL;
 551         const char *doorpath = REPOSITORY_DOOR_NAME;
 552         struct sigaction act;
 553 
 554         int daemonize = 1;              /* default to daemonizing */
 555         int have_npdb = 1;
 556 
 557         closefrom(3);                   /* get rid of extraneous fds */
 558 
 559         if (getcwd(curdir, sizeof (curdir)) == NULL) {
 560                 (void) fprintf(stderr,
 561                     "%s: unable to get current directory: %s\n",
 562                     argv[0], strerror(errno));
 563                 exit(CONFIGD_EXIT_INIT_FAILED);
 564         }
 565 
 566         while ((c = getopt(argc, argv, "Dnpd:r:t:")) != -1) {
 567                 switch (c) {
 568                 case 'n':
 569                         daemonize = 0;
 570                         break;
 571                 case 'd':
 572                         doorpath = regularize_path(curdir, optarg, doortmp);
 573                         have_npdb = 0;          /* default to no non-persist */
 574                         break;
 575                 case 'p':
 576                         log_to_syslog = 0;      /* don't use syslog */
 577 
 578                         /*
 579                          * If our parent exits while we're opening its /proc
 580                          * psinfo, we're vulnerable to a pid wrapping.  To
 581                          * protect against that, re-check our ppid after
 582                          * opening it.
 583                          */
 584                         privileged_pid = getppid();
 585                         (void) snprintf(pidpath, sizeof (pidpath),
 586                             "/proc/%d/psinfo", privileged_pid);
 587                         if ((fd = open(pidpath, O_RDONLY)) < 0 ||
 588                             getppid() != privileged_pid) {
 589                                 (void) fprintf(stderr,
 590                                     "%s: unable to get parent info\n", argv[0]);
 591                                 exit(CONFIGD_EXIT_BAD_ARGS);
 592                         }
 593                         privileged_psinfo_fd = fd;
 594                         break;
 595                 case 'r':
 596                         dbpath = regularize_path(curdir, optarg, dbtmp);
 597                         is_main_repository = 0;
 598                         break;
 599                 case 't':
 600                         npdbpath = regularize_path(curdir, optarg, npdbtmp);
 601                         is_main_repository = 0;
 602                         break;
 603                 default:
 604                         usage(argv[0], CONFIGD_EXIT_BAD_ARGS);
 605                         break;
 606                 }
 607         }
 608 
 609         /*
 610          * If we're not running as root, allow our euid full access, and
 611          * everyone else no access.
 612          */
 613         if (privileged_pid == 0 && geteuid() != 0) {
 614                 privileged_user = geteuid();
 615         }
 616 
 617         privileged_privs = priv_str_to_set("zone", "", &endptr);
 618         if (endptr != NULL && privileged_privs != NULL) {
 619                 priv_freeset(privileged_privs);
 620                 privileged_privs = NULL;
 621         }
 622 
 623         openlog("svc.configd", LOG_PID | LOG_CONS, LOG_DAEMON);
 624         (void) setlogmask(LOG_UPTO(LOG_NOTICE));
 625 
 626         /*
 627          * if a non-persist db is specified, always enable it
 628          */
 629         if (npdbpath)
 630                 have_npdb = 1;
 631 
 632         if (optind != argc)
 633                 usage(argv[0], CONFIGD_EXIT_BAD_ARGS);
 634 
 635         if (daemonize) {
 636                 if (getuid() == 0)
 637                         (void) chdir("/");
 638                 if (daemonize_start() < 0) {
 639                         (void) perror("unable to daemonize");
 640                         exit(CONFIGD_EXIT_INIT_FAILED);
 641                 }
 642         }
 643         if (getuid() == 0)
 644                 (void) core_set_process_path(CONFIGD_CORE,
 645                     strlen(CONFIGD_CORE) + 1, getpid());
 646 
 647         /*
 648          * this should be enabled once we can drop privileges and still get
 649          * a core dump.
 650          */
 651 #if 0
 652         /* turn off basic privileges we do not need */
 653         (void) priv_set(PRIV_OFF, PRIV_PERMITTED, PRIV_FILE_LINK_ANY,
 654             PRIV_PROC_EXEC, PRIV_PROC_FORK, PRIV_PROC_SESSION, NULL);
 655 #endif
 656 
 657         /* not that we can exec, but to be safe, shut them all off... */
 658         (void) priv_set(PRIV_SET, PRIV_INHERITABLE, NULL);
 659 
 660         (void) sigfillset(&act.sa_mask);
 661 
 662         /* signals to ignore */
 663         act.sa_sigaction = SIG_IGN;
 664         act.sa_flags = 0;
 665         (void) sigaction(SIGPIPE, &act, NULL);
 666         (void) sigaction(SIGALRM, &act, NULL);
 667         (void) sigaction(SIGUSR1, &act, NULL);
 668         (void) sigaction(SIGUSR2, &act, NULL);
 669         (void) sigaction(SIGPOLL, &act, NULL);
 670 
 671         /* signals to abort on */
 672         act.sa_sigaction = (void (*)(int, siginfo_t *, void *))&abort_handler;
 673         act.sa_flags = SA_SIGINFO;
 674 
 675         (void) sigaction(SIGABRT, &act, NULL);
 676 
 677         /* signals to handle */
 678         act.sa_sigaction = &handler;
 679         act.sa_flags = SA_SIGINFO;
 680 
 681         (void) sigaction(SIGHUP, &act, NULL);
 682         (void) sigaction(SIGINT, &act, NULL);
 683         (void) sigaction(SIGTERM, &act, NULL);
 684 
 685         (void) sigemptyset(&myset);
 686         (void) sigaddset(&myset, SIGHUP);
 687         (void) sigaddset(&myset, SIGINT);
 688         (void) sigaddset(&myset, SIGTERM);
 689 
 690         if ((errno = pthread_attr_init(&thread_attr)) != 0) {
 691                 (void) perror("initializing");
 692                 exit(CONFIGD_EXIT_INIT_FAILED);
 693         }
 694 
 695         /*
 696          * Set the hard and soft limits to CONFIGD_MAX_FDS.
 697          */
 698         fd_new.rlim_max = fd_new.rlim_cur = CONFIGD_MAX_FDS;
 699         (void) setrlimit(RLIMIT_NOFILE, &fd_new);
 700 
 701 #ifndef NATIVE_BUILD /* Allow building on snv_38 and earlier; remove later. */
 702         (void) enable_extended_FILE_stdio(-1, -1);
 703 #endif
 704 
 705         if ((ret = backend_init(dbpath, npdbpath, have_npdb)) !=
 706             CONFIGD_EXIT_OKAY)
 707                 exit(ret);
 708 
 709         if (!client_init())
 710                 exit(CONFIGD_EXIT_INIT_FAILED);
 711 
 712         if (!rc_node_init())
 713                 exit(CONFIGD_EXIT_INIT_FAILED);
 714 
 715         (void) pthread_attr_setdetachstate(&thread_attr,
 716             PTHREAD_CREATE_DETACHED);
 717         (void) pthread_attr_setscope(&thread_attr, PTHREAD_SCOPE_SYSTEM);
 718 
 719         if ((errno = pthread_key_create(&thread_info_key,
 720             thread_exiting)) != 0) {
 721                 perror("pthread_key_create");
 722                 exit(CONFIGD_EXIT_INIT_FAILED);
 723         }
 724 
 725         if ((thread_pool = uu_list_pool_create("thread_pool",
 726             sizeof (thread_info_t), offsetof(thread_info_t, ti_node),
 727             NULL, UU_LIST_POOL_DEBUG)) == NULL) {
 728                 configd_critical("uu_list_pool_create: %s\n",
 729                     uu_strerror(uu_error()));
 730                 exit(CONFIGD_EXIT_INIT_FAILED);
 731         }
 732 
 733         if ((thread_list = uu_list_create(thread_pool, NULL, 0)) == NULL) {
 734                 configd_critical("uu_list_create: %s\n",
 735                     uu_strerror(uu_error()));
 736                 exit(CONFIGD_EXIT_INIT_FAILED);
 737         }
 738 
 739         (void) memset(ti, '\0', sizeof (*ti));
 740         uu_list_node_init(ti, &ti->ti_node, thread_pool);
 741         (void) uu_list_insert_before(thread_list, uu_list_first(thread_list),
 742             ti);
 743 
 744         ti->ti_thread = pthread_self();
 745         ti->ti_state = TI_SIGNAL_WAIT;
 746         ti->ti_prev_state = TI_SIGNAL_WAIT;
 747 
 748         (void) pthread_setspecific(thread_info_key, ti);
 749 
 750         (void) door_server_create(new_thread_needed);
 751 
 752         if (!setup_main_door(doorpath)) {
 753                 configd_critical("Setting up main door failed.\n");
 754                 exit(CONFIGD_EXIT_DOOR_INIT_FAILED);
 755         }
 756 
 757         if (daemonize)
 758                 daemonize_ready();
 759 
 760         (void) pthread_sigmask(SIG_BLOCK, &myset, NULL);
 761         while (!finished) {
 762                 int sig = sigwait(&myset);
 763                 if (sig > 0) {
 764                         break;
 765                 }
 766         }
 767 
 768         backend_fini();
 769 
 770         return (CONFIGD_EXIT_OKAY);
 771 }