/mandos/trunk

/* -*- mode: c; coding: utf-8; after-save-hook: (lambda () (let* ((find-build-directory (lambda (try-directory &optional base-directory) (let ((base-directory (or base-directory try-directory))) (cond ((equal try-directory "/") base-directory) ((file-readable-p (concat (file-name-as-directory try-directory) "Makefile")) try-directory) ((funcall find-build-directory (directory-file-name (file-name-directory try-directory)) base-directory)))))) (build-directory (funcall find-build-directory (buffer-file-name))) (local-build-directory (if (fboundp 'file-local-name) (file-local-name build-directory) (or (file-remote-p build-directory 'localname) build-directory))) (command (file-relative-name (file-name-sans-extension (buffer-file-name)) build-directory))) (pcase (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (let ((qbdir (shell-quote-argument local-build-directory)) (qcmd (shell-quote-argument command))) (format "cd %s && CFLAGS=-Werror make --silent %s && %s --test --verbose" qbdir qcmd qcmd)) nil "*Test*")) (0 (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w)))) (_ (with-current-buffer "*Test*" (compilation-mode) (cd-absolute build-directory)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); -*- */

/*

 * Mandos password agent - Simple password agent to run Mandos client

 *

 * Copyright © 2019-2021 Teddy Hogeborn

 * Copyright © 2019-2021 Björn Påhlsson

 * 

 * This file is part of Mandos.

 * 

 * Mandos is free software: you can redistribute it and/or modify it

 * under the terms of the GNU General Public License as published by

 * the Free Software Foundation, either version 3 of the License, or

 * (at your option) any later version.

 * 

 * Mandos is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * General Public License for more details.

 * 

 * You should have received a copy of the GNU General Public License

 * along with Mandos.  If not, see <http://www.gnu.org/licenses/>.

 * 

 * Contact the authors at <mandos@recompile.se>.

 */

#define _GNU_SOURCE		/* pipe2(), O_CLOEXEC, setresgid(),

				   setresuid(), asprintf(), getline(),

				   basename() */

#include <inttypes.h>		/* uintmax_t, strtoumax(), PRIuMAX,

				   PRIdMAX, intmax_t, uint32_t,

				   SCNx32, SCNuMAX, SCNxMAX */

#include <stddef.h>		/* size_t, NULL */

#include <sys/types.h>		/* pid_t, uid_t, gid_t, getuid(),

				   getpid() */

#include <stdbool.h>		/* bool, true, false */

#include <signal.h>		/* struct sigaction, sigset_t,

				   sigemptyset(), sigaddset(),

				   SIGCHLD, pthread_sigmask(),

				   SIG_BLOCK, SIG_SETMASK, SA_RESTART,

				   SA_NOCLDSTOP, sigfillset(), kill(),

				   SIGTERM, sigdelset(), SIGKILL,

				   NSIG, sigismember(), SA_ONSTACK,

				   SIG_DFL, SIG_IGN, SIGINT, SIGQUIT,

				   SIGHUP, SIGSTOP, SIG_UNBLOCK */

#include <unistd.h>		/* uid_t, gid_t, close(), pipe2(),

				   fork(), _exit(), dup2(),

				   STDOUT_FILENO, setresgid(),

				   setresuid(), execv(), ssize_t,

				   read(), dup3(), getuid(), dup(),

				   STDERR_FILENO, pause(), write(),

				   rmdir(), unlink(), getpid() */

#include <stdlib.h>		/* EXIT_SUCCESS, EXIT_FAILURE,

				   malloc(), free(), realloc(),

				   setenv(), calloc(), mkdtemp(),

				   mkostemp() */

#include <iso646.h>		/* not, or, and, xor */

#include <error.h>		/* error() */

#include <sysexits.h>		/* EX_USAGE, EX_OSERR, EX_OSFILE */

#include <errno.h>		/* errno, error_t, EACCES,

				   ENAMETOOLONG, ENOENT, ENOTDIR,

				   ENOMEM, EEXIST, ECHILD, EPERM,

				   EAGAIN, EINTR, ENOBUFS, EADDRINUSE,

				   ECONNREFUSED, ECONNRESET,

				   ETOOMANYREFS, EMSGSIZE, EBADF,

				   EINVAL */

#include <string.h>		/* strdup(), memcpy(),

				   explicit_bzero(), memset(),

				   strcmp(), strlen(), strncpy(),

				   memcmp(), basename(), strerror() */

#include <argz.h>		/* argz_create(), argz_count(),

				   argz_extract(), argz_next(),

				   argz_add() */

#include <sys/epoll.h>		/* epoll_create1(), EPOLL_CLOEXEC,

				   epoll_ctl(), EPOLL_CTL_ADD,

				   struct epoll_event, EPOLLIN,

				   EPOLLRDHUP, EPOLLOUT,

				   epoll_pwait() */

#include <time.h>		/* struct timespec, clock_gettime(),

				   CLOCK_MONOTONIC */

#include <argp.h>		/* struct argp_option, OPTION_HIDDEN,

				   OPTION_ALIAS, struct argp_state,

				   ARGP_ERR_UNKNOWN, ARGP_KEY_ARGS,

				   struct argp, argp_parse(),

				   ARGP_NO_EXIT */

#include <stdint.h>		/* SIZE_MAX, uint32_t */

#include <sys/mman.h>		/* munlock(), mlock() */

#include <fcntl.h>		/* O_CLOEXEC, O_NONBLOCK, fcntl(),

				   F_GETFD, F_GETFL, FD_CLOEXEC,

				   open(), O_WRONLY, O_NOCTTY,

				   O_RDONLY, O_NOFOLLOW */

#include <sys/wait.h>		/* waitpid(), WNOHANG, WIFEXITED(),

				   WEXITSTATUS() */

#include <limits.h>		/* PIPE_BUF, NAME_MAX, INT_MAX */

#include <sys/inotify.h>	/* inotify_init1(), IN_NONBLOCK,

				   IN_CLOEXEC, inotify_add_watch(),

				   IN_CLOSE_WRITE, IN_MOVED_TO,

				   IN_MOVED_FROM, IN_DELETE,

				   IN_EXCL_UNLINK, IN_ONLYDIR,

				   struct inotify_event */

#include <fnmatch.h>		/* fnmatch(), FNM_FILE_NAME */

#include <stdio.h>		/* asprintf(), FILE, stderr, fopen(),

				   fclose(), getline(), sscanf(),

				   feof(), ferror(), rename(),

				   fdopen(), fprintf(), fscanf() */

#include <glib.h>    /* GKeyFile, g_key_file_free(), g_key_file_new(),

			GError, g_key_file_load_from_file(),

			G_KEY_FILE_NONE, TRUE, G_FILE_ERROR_NOENT,

			g_key_file_get_string(), guint64,

			g_key_file_get_uint64(),

			G_KEY_FILE_ERROR_KEY_NOT_FOUND, gconstpointer,

			g_assert_true(), g_assert_nonnull(),

			g_assert_null(), g_assert_false(),

			g_assert_cmpint(), g_assert_cmpuint(),

			g_test_skip(), g_assert_cmpstr(),

			g_test_message(), g_test_init(), g_test_add(),

			g_test_run(), GOptionContext,

			g_option_context_new(),

			g_option_context_set_help_enabled(), FALSE,

			g_option_context_set_ignore_unknown_options(),

			gboolean, GOptionEntry, G_OPTION_ARG_NONE,

			g_option_context_add_main_entries(),

			g_option_context_parse(),

			g_option_context_free(), g_error() */

#include <sys/un.h>		/* struct sockaddr_un, SUN_LEN */

#include <sys/socket.h>		/* AF_LOCAL, socket(), PF_LOCAL,

				   SOCK_DGRAM, SOCK_NONBLOCK,

				   SOCK_CLOEXEC, connect(),

				   struct sockaddr, socklen_t,

				   shutdown(), SHUT_RD, send(),

				   MSG_NOSIGNAL, bind(), recv(),

				   socketpair() */

#include <glob.h>		/* globfree(), glob_t, glob(),

				   GLOB_ERR, GLOB_NOSORT, GLOB_MARK,

				   GLOB_ABORTED, GLOB_NOMATCH,

				   GLOB_NOSPACE */

/* End of includes */

/* Start of declarations of private types and functions */

/* microseconds of CLOCK_MONOTONIC absolute time; 0 means unset */

typedef uintmax_t mono_microsecs;

/* "task_queue" - A queue of tasks to be run */

typedef struct {

  struct task_struct *tasks;	/* Tasks in this queue */

  size_t length;		/* Number of tasks */

  /* Memory allocated for "tasks", in bytes */

  size_t allocated;		

  /* Time when this queue should be run, at the latest */

  mono_microsecs next_run;

} __attribute__((designated_init)) task_queue;

/* "task_func" - A function type for task functions

   I.e. functions for the code which runs when a task is run, all have

   this type */

typedef void (task_func) (const struct task_struct,

			  task_queue *const)

  __attribute__((nonnull));

/* "buffer" - A data buffer for a growing array of bytes

   Used for the "password" variable */

typedef struct {

  char *data;

  size_t length;

  size_t allocated;

} __attribute__((designated_init)) buffer;

/* "string_set" - A set type which can contain strings

   Used by the "cancelled_filenames" variable */

typedef struct {

  char *argz;			/* Do not access these except in */

  size_t argz_len;		/* the string_set_* functions */

} __attribute__((designated_init)) string_set;

/* "task_context" - local variables for tasks

   This data structure distinguishes between different tasks which are

   using the same function.  This data structure is passed to every

   task function when each task is run.

   Note that not every task uses every struct member. */

typedef struct task_struct {

  task_func *const func;	 /* The function run by this task */

  char *const question_filename; /* The question file */

  const pid_t pid;		 /* Mandos client process ID */

  const int epoll_fd;		 /* The epoll set file descriptor */

  bool *const quit_now;		 /* Set to true on fatal errors */

  const int fd;			 /* General purpose file descriptor */

  bool *const mandos_client_exited; /* Set true when client exits */

  buffer *const password;	    /* As read from client process */

  bool *const password_is_read;	    /* "password" is done growing */

  char *filename;		    /* General purpose file name */

  /* A set of strings of all the file names of questions which have

     been cancelled for any reason; tasks pertaining to these question

     files should not be run */

  string_set *const cancelled_filenames;

  const mono_microsecs notafter; /* "NotAfter" from question file */

  /* Updated before each queue run; is compared with queue.next_run */

  const mono_microsecs *const current_time;

} __attribute__((designated_init)) task_context;

/* Declare all our functions here so we can define them in any order

   below.  Note: test functions are *not* declared here, they are

   declared in the test section. */

__attribute__((warn_unused_result))

static bool should_only_run_tests(int *, char **[]);

__attribute__((warn_unused_result, cold))

static bool run_tests(int, char *[]);

static void handle_sigchld(__attribute__((unused)) int sig){}

__attribute__((warn_unused_result, malloc))

task_queue *create_queue(void);

__attribute__((nonnull, warn_unused_result))

bool add_to_queue(task_queue *const, const task_context);

__attribute__((nonnull))

void cleanup_task(const task_context *const);

__attribute__((nonnull))

void cleanup_queue(task_queue *const *const);

__attribute__((pure, nonnull, warn_unused_result))

bool queue_has_question(const task_queue *const);

__attribute__((nonnull))

void cleanup_close(const int *const);

__attribute__((nonnull))

void cleanup_string(char *const *const);

__attribute__((nonnull))

void cleanup_buffer(buffer *const);

__attribute__((pure, nonnull, warn_unused_result))

bool string_set_contains(const string_set, const char *const);

__attribute__((nonnull, warn_unused_result))

bool string_set_add(string_set *const, const char *const);

__attribute__((nonnull))

void string_set_clear(string_set *);

void string_set_swap(string_set *const, string_set *const);

__attribute__((nonnull, warn_unused_result))

bool start_mandos_client(task_queue *const, const int, bool *const,

			 bool *const, buffer *const, bool *const,

			 const struct sigaction *const,

			 const sigset_t, const char *const,

			 const uid_t, const gid_t,

			 const char *const *const);

__attribute__((nonnull))

task_func wait_for_mandos_client_exit;

__attribute__((nonnull))

task_func read_mandos_client_output;

__attribute__((warn_unused_result))

bool add_inotify_dir_watch(task_queue *const, const int, bool *const,

			   buffer *const, const char *const,

			   string_set *, const mono_microsecs *const,

			   bool *const, bool *const);

__attribute__((nonnull))

task_func read_inotify_event;

__attribute__((nonnull))

task_func open_and_parse_question;

__attribute__((nonnull))

task_func cancel_old_question;

__attribute__((nonnull))

task_func connect_question_socket;

__attribute__((nonnull))

task_func send_password_to_socket;

__attribute__((warn_unused_result))

bool add_existing_questions(task_queue *const, const int,

			    buffer *const, string_set *,

			    const mono_microsecs *const,

			    bool *const, bool *const,

			    const char *const);

__attribute__((nonnull, warn_unused_result))

bool wait_for_event(const int, const mono_microsecs,

		    const mono_microsecs);

bool run_queue(task_queue **const, string_set *const, bool *const);

bool clear_all_fds_from_epoll_set(const int);

mono_microsecs get_current_time(void);

__attribute__((nonnull, warn_unused_result))

bool setup_signal_handler(struct sigaction *const);

__attribute__((nonnull))

bool restore_signal_handler(const struct sigaction *const);

__attribute__((nonnull, warn_unused_result))

bool block_sigchld(sigset_t *const);

__attribute__((nonnull))

bool restore_sigmask(const sigset_t *const);

__attribute__((nonnull))

bool parse_arguments(int, char *[], const bool, char **, char **,

		     uid_t *const , gid_t *const, char **, size_t *);

/* End of declarations of private types and functions */

/* Start of "main" section; this section LACKS TESTS!

   Code here should be as simple as possible. */

/* These are required to be global by Argp */

const char *argp_program_version = "password-agent " VERSION;

const char *argp_program_bug_address = "<mandos@recompile.se>";

int main(int argc, char *argv[]){

  /* If the --test option is passed, skip all normal operations and

     instead only run the run_tests() function, which also does all

     its own option parsing, so we don't have to do anything here. */

  if(should_only_run_tests(&argc, &argv)){

    if(run_tests(argc, argv)){

      return EXIT_SUCCESS;	/* All tests successful */

    }

    return EXIT_FAILURE;	/* Some test(s) failed */

  }

  __attribute__((cleanup(cleanup_string)))

    char *agent_directory = NULL;

  __attribute__((cleanup(cleanup_string)))

    char *helper_directory = NULL;

  uid_t user = 0;

  gid_t group = 0;

  __attribute__((cleanup(cleanup_string)))

    char *mandos_argz = NULL;

  size_t mandos_argz_length = 0;

  if(not parse_arguments(argc, argv, true, &agent_directory,

			 &helper_directory, &user, &group,

			 &mandos_argz, &mandos_argz_length)){

    /* This should never happen, since "true" is passed as the third

       argument to parse_arguments() above, which should make

       argp_parse() call exit() if any parsing error occurs. */

    error(EX_USAGE, errno, "Failed to parse arguments");

  }

  const char default_agent_directory[] = "/run/systemd/ask-password";

  const char default_helper_directory[]

    = "/lib/mandos/plugin-helpers";

  const char *const default_argv[]

    = {"/lib/mandos/plugins.d/mandos-client", NULL };

  /* Set variables to default values if unset */

  if(agent_directory == NULL){

    agent_directory = strdup(default_agent_directory);

    if(agent_directory == NULL){

      error(EX_OSERR, errno, "Failed strdup()");

    }

  }

  if(helper_directory == NULL){

    helper_directory = strdup(default_helper_directory);

    if(helper_directory == NULL){

      error(EX_OSERR, errno, "Failed strdup()");

    }

  }

  if(user == 0){

    user = 65534;		/* nobody */

  }

  if(group == 0){

    group = 65534;		/* nogroup */

  }

  /* If parse_opt did not create an argz vector, create one with

     default values */

  if(mandos_argz == NULL){

#ifdef __GNUC__

#pragma GCC diagnostic push

    /* argz_create() takes a non-const argv for some unknown reason -

       argz_create() isn't modifying the strings, just copying them.

       Therefore, this cast to non-const should be safe. */

#pragma GCC diagnostic ignored "-Wcast-qual"

#endif

    errno = argz_create((char *const *)default_argv, &mandos_argz,

			&mandos_argz_length);

#ifdef __GNUC__

#pragma GCC diagnostic pop

#endif

    if(errno != 0){

      error(EX_OSERR, errno, "Failed argz_create()");

    }

  }

  /* Use argz vector to create a normal argv, usable by execv() */

  char **mandos_argv = malloc((argz_count(mandos_argz,

					  mandos_argz_length)

			       + 1) * sizeof(char *));

  if(mandos_argv == NULL){

    error_t saved_errno = errno;

    free(mandos_argz);

    error(EX_OSERR, saved_errno, "Failed malloc()");

  }

  argz_extract(mandos_argz, mandos_argz_length, mandos_argv);

  sigset_t orig_sigmask;

  if(not block_sigchld(&orig_sigmask)){

    return EX_OSERR;

  }

  struct sigaction old_sigchld_action;

  if(not setup_signal_handler(&old_sigchld_action)){

    return EX_OSERR;

  }

  mono_microsecs current_time = 0;

  bool mandos_client_exited = false;

  bool quit_now = false;

  __attribute__((cleanup(cleanup_close)))

    const int epoll_fd = epoll_create1(EPOLL_CLOEXEC);

  if(epoll_fd < 0){

    error(EX_OSERR, errno, "Failed to create epoll set fd");

  }

  __attribute__((cleanup(cleanup_queue)))

    task_queue *queue = create_queue();

  if(queue == NULL){

    error(EX_OSERR, errno, "Failed to create task queue");

  }

  __attribute__((cleanup(cleanup_buffer)))

    buffer password = {};

  bool password_is_read = false;

  __attribute__((cleanup(string_set_clear)))

    string_set cancelled_filenames = {};

  /* Add tasks to queue */

  if(not start_mandos_client(queue, epoll_fd, &mandos_client_exited,

  			     &quit_now, &password, &password_is_read,

  			     &old_sigchld_action, orig_sigmask,

			     helper_directory, user, group,

			     (const char *const *)mandos_argv)){

    return EX_OSERR;		/* Error has already been printed */

  }

  /* These variables were only for start_mandos_client() and are not

     needed anymore */

  free(mandos_argv);

  free(mandos_argz);

  mandos_argz = NULL;

  if(not add_inotify_dir_watch(queue, epoll_fd, &quit_now, &password,

  			       agent_directory, &cancelled_filenames,

  			       &current_time, &mandos_client_exited,

  			       &password_is_read)){

    switch(errno){		/* Error has already been printed */

    case EACCES:

    case ENAMETOOLONG:

    case ENOENT:

    case ENOTDIR:

      return EX_OSFILE;

    default:

      return EX_OSERR;

    }

  }

  if(not add_existing_questions(queue, epoll_fd, &password,

				&cancelled_filenames, &current_time,

				&mandos_client_exited,

				&password_is_read, agent_directory)){

    return EXIT_FAILURE;	/* Error has already been printed */

  }

  /* Run queue */

  do {

    current_time = get_current_time();

    if(not wait_for_event(epoll_fd, queue->next_run, current_time)){

      const error_t saved_errno = errno;

      error(EXIT_FAILURE, saved_errno, "Failure while waiting for"

	    " events");

    }

    current_time = get_current_time();

    if(not run_queue(&queue, &cancelled_filenames, &quit_now)){

      const error_t saved_errno = errno;

      error(EXIT_FAILURE, saved_errno, "Failure while running queue");

    }

    /*  When no tasks about questions are left in the queue, break out

	of the loop (and implicitly exit the program) */

  } while(queue_has_question(queue));

  restore_signal_handler(&old_sigchld_action);

  restore_sigmask(&orig_sigmask);

  return EXIT_SUCCESS;

}

__attribute__((warn_unused_result))

mono_microsecs get_current_time(void){

  struct timespec currtime;

  if(clock_gettime(CLOCK_MONOTONIC, &currtime) != 0){

    error(0, errno, "Failed to get current time");

    return 0;

  }

  return ((mono_microsecs)currtime.tv_sec * 1000000) /* seconds */

    + ((mono_microsecs)currtime.tv_nsec / 1000);     /* nanoseconds */

}

/* End of "main" section */

/* Start of regular code section; ALL this code has tests */

__attribute__((nonnull))

bool parse_arguments(int argc, char *argv[], const bool exit_failure,

		     char **agent_directory, char **helper_directory,

		     uid_t *const user, gid_t *const group,

		     char **mandos_argz, size_t *mandos_argz_length){

  const struct argp_option options[] = {

    { .name="agent-directory",.key='d', .arg="DIRECTORY",

      .doc="Systemd password agent directory" },

    { .name="helper-directory",.key=128, .arg="DIRECTORY",

      .doc="Mandos Client password helper directory" },

    { .name="plugin-helper-dir", .key=129, /* From plugin-runner */

      .flags=OPTION_HIDDEN | OPTION_ALIAS },

    { .name="user", .key='u', .arg="USERID",

      .doc="User ID the Mandos Client will use as its unprivileged"

      " user" },

    { .name="userid", .key=130,	/* From plugin--runner */

      .flags=OPTION_HIDDEN | OPTION_ALIAS },

    { .name="group", .key='g', .arg="GROUPID",

      .doc="Group ID the Mandos Client will use as its unprivileged"

      " group" },

    { .name="groupid", .key=131, /* From plugin--runner */

      .flags=OPTION_HIDDEN | OPTION_ALIAS },

    { .name="test", .key=255, /* See should_only_run_tests() */

      .doc="Skip normal operation, and only run self-tests.  See"

      " --test --help.", .group=10, },

    { NULL },

  };

  __attribute__((nonnull(3)))

    error_t parse_opt(int key, char *arg, struct argp_state *state){

    errno = 0;

    switch(key){

    case 'd':			/* --agent-directory */

      *agent_directory = strdup(arg);

      break;

    case 128:			/* --helper-directory */

    case 129:			/* --plugin-helper-dir */

      *helper_directory = strdup(arg);

      break;

    case 'u':			/* --user */

    case 130:			/* --userid */

      {

	char *tmp;

	uintmax_t tmp_id = 0;

	errno = 0;

	tmp_id = (uid_t)strtoumax(arg, &tmp, 10);

	if(errno != 0 or tmp == arg or *tmp != '\0'

	   or tmp_id != (uid_t)tmp_id or (uid_t)tmp_id == 0){

	  return ARGP_ERR_UNKNOWN;

	}

	*user = (uid_t)tmp_id;

	errno = 0;

	break;

      }

    case 'g':			/* --group */

    case 131:			/* --groupid */

      {

	char *tmp;

	uintmax_t tmp_id = 0;

	errno = 0;

	tmp_id = (uid_t)strtoumax(arg, &tmp, 10);

	if(errno != 0 or tmp == arg or *tmp != '\0'

	   or tmp_id != (gid_t)tmp_id or (gid_t)tmp_id == 0){

	  return ARGP_ERR_UNKNOWN;

	}

	*group = (gid_t)tmp_id;

	errno = 0;

	break;

      }

    case ARGP_KEY_ARGS:

      /* Copy arguments into argz vector */

      return argz_create(state->argv + state->next, mandos_argz,

    			 mandos_argz_length);

    default:

      return ARGP_ERR_UNKNOWN;

    }

    return errno;

  }

  const struct argp argp = {

    .options=options,

    .parser=parse_opt,

    .args_doc="[MANDOS_CLIENT [OPTION...]]\n--test",

    .doc = "Mandos password agent -- runs Mandos client as a"

    " systemd password agent",

  };

  errno = argp_parse(&argp, argc, argv,

		     exit_failure ? 0 : ARGP_NO_EXIT, NULL, NULL);

  return errno == 0;

}

__attribute__((nonnull, warn_unused_result))

bool block_sigchld(sigset_t *const orig_sigmask){

  sigset_t sigchld_sigmask;

  if(sigemptyset(&sigchld_sigmask) < 0){

    error(0, errno, "Failed to empty signal set");

    return false;

  }

  if(sigaddset(&sigchld_sigmask, SIGCHLD) < 0){

    error(0, errno, "Failed to add SIGCHLD to signal set");

    return false;

  }

  if(pthread_sigmask(SIG_BLOCK, &sigchld_sigmask, orig_sigmask) != 0){

    error(0, errno, "Failed to block SIGCHLD signal");

    return false;

  }

  return true;

}

__attribute__((nonnull, warn_unused_result, const))

bool restore_sigmask(const sigset_t *const orig_sigmask){

  if(pthread_sigmask(SIG_SETMASK, orig_sigmask, NULL) != 0){

    error(0, errno, "Failed to restore blocked signals");

    return false;

  }

  return true;

}

__attribute__((nonnull, warn_unused_result))

bool setup_signal_handler(struct sigaction *const old_sigchld_action){

  struct sigaction sigchld_action = {

    .sa_handler=handle_sigchld,

    .sa_flags=SA_RESTART | SA_NOCLDSTOP,

  };

  /* Set all signals in "sa_mask" struct member; this makes all

     signals automatically blocked during signal handler */

  if(sigfillset(&sigchld_action.sa_mask) != 0){

    error(0, errno, "Failed to do sigfillset()");

    return false;

  }

  if(sigaction(SIGCHLD, &sigchld_action, old_sigchld_action) != 0){

    error(0, errno, "Failed to set SIGCHLD signal handler");

    return false;

  }

  return true;

}

__attribute__((nonnull, warn_unused_result))