/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/splashy.c

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/splashy.c

* Splashy - Read a password from splashy and output it

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf() */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <signal.h> /* sig_atomic_t, struct sigaction,

sigemptyset(), sigaddset(), SIGINT,

SIGHUP, SIGTERM, sigaction,

SIG_IGN, kill(), SIGKILL */

#include <stddef.h> /* NULL */

#include <stdlib.h> /* getenv() */

#include <stdio.h> /* asprintf(), perror() */

#include <stdio.h> /* asprintf(), vasprintf(), vprintf(),

fprintf() */

#include <stdlib.h> /* EXIT_FAILURE, free(),

EXIT_SUCCESS */

#include <sys/types.h> /* pid_t, DIR, struct dirent,

#include <iso646.h> /* not, or, and */

#include <unistd.h> /* readlink(), fork(), execl(),

sleep(), dup2() STDERR_FILENO,

STDOUT_FILENO, _exit() */

#include <string.h> /* memcmp() */

#include <errno.h> /* errno */

STDOUT_FILENO, _exit(),

pause() */

#include <string.h> /* memcmp(), strerror() */

#include <errno.h> /* errno, EACCES, ENOTDIR, ELOOP,

ENOENT, ENAMETOOLONG, EMFILE,

ENFILE, ENOMEM, ENOEXEC, EINVAL,

E2BIG, EFAULT, EIO, ETXTBSY,

EISDIR, ELIBBAD, EPERM, EINTR,

ECHILD */

#include <error.h> /* error() */

#include <sys/wait.h> /* waitpid(), WIFEXITED(),

WEXITSTATUS() */

#include <sysexits.h> /* EX_OSERR, EX_OSFILE,

EX_UNAVAILABLE */

#include <stdarg.h> /* va_list, va_start(), ... */

sig_atomic_t interrupted_by_signal = 0;

static void termination_handler(__attribute__((unused))int signum){

int signal_received;

/* Function to use when printing errors */

__attribute__((format (gnu_printf, 3, 4)))

void error_plus(int status, int errnum, const char *formatstring,

...){

va_list ap;

char *text;

int ret;

va_start(ap, formatstring);

ret = vasprintf(&text, formatstring, ap);

if(ret == -1){

fprintf(stderr, "Mandos plugin %s: ",

program_invocation_short_name);

vfprintf(stderr, formatstring, ap);

fprintf(stderr, ": ");

fprintf(stderr, "%s\n", strerror(errnum));

error(status, errno, "vasprintf while printing error");

return;

}

fprintf(stderr, "Mandos plugin ");

error(status, errnum, "%s", text);

free(text);

}

static void termination_handler(int signum){

if(interrupted_by_signal){

return;

}

interrupted_by_signal = 1;

signal_received = signum;

}

int main(__attribute__((unused))int argc,

__attribute__((unused))char **argv){

int ret = 0;

100

char *prompt = NULL;

101

DIR *proc_dir = NULL;

102

pid_t splashy_pid = 0;

103

pid_t splashy_command_pid = 0;

104

int exitstatus = EXIT_FAILURE;

105

106

/* Create prompt string */

char *prompt = NULL;

107

{

108

const char *const cryptsource = getenv("cryptsource");

109

const char *const crypttarget = getenv("crypttarget");

126

}

127

}

128

if(ret == -1){

return EXIT_FAILURE;

129

prompt = NULL;

130

exitstatus = EX_OSERR;

131

goto failure;

132

}

133

}

134

135

/* Find splashy process */

pid_t splashy_pid = 0;

136

{

137

const char splashy_name[] = "/sbin/splashy";

DIR *proc_dir = opendir("/proc");

138

proc_dir = opendir("/proc");

139

if(proc_dir == NULL){

free(prompt);

perror("opendir");

return EXIT_FAILURE;

140

int e = errno;

141

error_plus(0, errno, "opendir");

142

switch(e){

143

case EACCES:

144

case ENOTDIR:

145

case ELOOP:

146

case ENOENT:

147

default:

148

exitstatus = EX_OSFILE;

149

break;

150

case ENAMETOOLONG:

151

case EMFILE:

152

case ENFILE:

153

case ENOMEM:

154

exitstatus = EX_OSERR;

155

break;

156

}

157

goto failure;

158

}

159

for(struct dirent *proc_ent = readdir(proc_dir);

160

proc_ent != NULL;

119

180

char *exe_link;

120

181

ret = asprintf(&exe_link, "/proc/%s/exe", proc_ent->d_name);

121

182

if(ret == -1){

122

perror("asprintf");

123

free(prompt);

124

closedir(proc_dir);

125

return EXIT_FAILURE;

183

error_plus(0, errno, "asprintf");

184

exitstatus = EX_OSERR;

185

goto failure;

126

186

}

127

187

128

188

/* Check that it refers to a symlink owned by root:root */

133

193

free(exe_link);

134

194

continue;

135

195

}

136

perror("lstat");

196

int e = errno;

197

error_plus(0, errno, "lstat");

137

198

free(exe_link);

138

free(prompt);

139

closedir(proc_dir);

140

return EXIT_FAILURE;

199

switch(e){

200

case EACCES:

201

case ENOTDIR:

202

case ELOOP:

203

default:

204

exitstatus = EX_OSFILE;

205

break;

206

case ENAMETOOLONG:

207

exitstatus = EX_OSERR;

208

break;

209

}

210

goto failure;

141

211

}

142

212

if(not S_ISLNK(exe_stat.st_mode)

143

213

or exe_stat.st_uid != 0

157

227

}

158

228

}

159

229

closedir(proc_dir);

230

proc_dir = NULL;

160

231

}

161

232

if(splashy_pid == 0){

162

free(prompt);

163

return EXIT_FAILURE;

233

exitstatus = EX_UNAVAILABLE;

234

goto failure;

164

235

}

165

236

166

237

/* Set up the signal handler */

169

240

new_action = { .sa_handler = termination_handler,

170

241

.sa_flags = 0 };

171

242

sigemptyset(&new_action.sa_mask);

172

sigaddset(&new_action.sa_mask, SIGINT);

173

sigaddset(&new_action.sa_mask, SIGHUP);

174

sigaddset(&new_action.sa_mask, SIGTERM);

243

ret = sigaddset(&new_action.sa_mask, SIGINT);

244

if(ret == -1){

245

error_plus(0, errno, "sigaddset");

246

exitstatus = EX_OSERR;

247

goto failure;

248

}

249

ret = sigaddset(&new_action.sa_mask, SIGHUP);

250

if(ret == -1){

251

error_plus(0, errno, "sigaddset");

252

exitstatus = EX_OSERR;

253

goto failure;

254

}

255

ret = sigaddset(&new_action.sa_mask, SIGTERM);

256

if(ret == -1){

257

error_plus(0, errno, "sigaddset");

258

exitstatus = EX_OSERR;

259

goto failure;

260

}

175

261

ret = sigaction(SIGINT, NULL, &old_action);

176

262

if(ret == -1){

177

perror("sigaction");

178

free(prompt);

179

return EXIT_FAILURE;

263

error_plus(0, errno, "sigaction");

264

exitstatus = EX_OSERR;

265

goto failure;

180

266

}

181

267

if(old_action.sa_handler != SIG_IGN){

182

268

ret = sigaction(SIGINT, &new_action, NULL);

183

269

if(ret == -1){

184

perror("sigaction");

185

free(prompt);

186

return EXIT_FAILURE;

270

error_plus(0, errno, "sigaction");

271

exitstatus = EX_OSERR;

272

goto failure;

187

273

}

188

274

}

189

275

ret = sigaction(SIGHUP, NULL, &old_action);

190

276

if(ret == -1){

191

perror("sigaction");

192

free(prompt);

193

return EXIT_FAILURE;

277

error_plus(0, errno, "sigaction");

278

exitstatus = EX_OSERR;

279

goto failure;

194

280

}

195

281

if(old_action.sa_handler != SIG_IGN){

196

282

ret = sigaction(SIGHUP, &new_action, NULL);

197

283

if(ret == -1){

198

perror("sigaction");

199

free(prompt);

200

return EXIT_FAILURE;

284

error_plus(0, errno, "sigaction");

285

exitstatus = EX_OSERR;

286

goto failure;

201

287

}

202

288

}

203

289

ret = sigaction(SIGTERM, NULL, &old_action);

204

290

if(ret == -1){

205

perror("sigaction");

206

free(prompt);

207

return EXIT_FAILURE;

291

error_plus(0, errno, "sigaction");

292

exitstatus = EX_OSERR;

293

goto failure;

208

294

}

209

295

if(old_action.sa_handler != SIG_IGN){

210

296

ret = sigaction(SIGTERM, &new_action, NULL);

211

297

if(ret == -1){

212

perror("sigaction");

213

free(prompt);

214

return EXIT_FAILURE;

298

error_plus(0, errno, "sigaction");

299

exitstatus = EX_OSERR;

300

goto failure;

215

301

}

216

302

}

217

303

}

218

304

305

if(interrupted_by_signal){

306

goto failure;

307

}

308

219

309

/* Fork off the splashy command to prompt for password */

220

pid_t splashy_command_pid = 0;

221

if(not interrupted_by_signal){

222

splashy_command_pid = fork();

223

if(splashy_command_pid == -1){

224

if(not interrupted_by_signal){

225

perror("fork");

226

}

227

return EXIT_FAILURE;

228

}

229

/* Child */

230

if(splashy_command_pid == 0){

310

splashy_command_pid = fork();

311

if(splashy_command_pid != 0 and interrupted_by_signal){

312

goto failure;

313

}

314

if(splashy_command_pid == -1){

315

error_plus(0, errno, "fork");

316

exitstatus = EX_OSERR;

317

goto failure;

318

}

319

/* Child */

320

if(splashy_command_pid == 0){

321

if(not interrupted_by_signal){

231

322

const char splashy_command[] = "/sbin/splashy_update";

232

ret = execl(splashy_command, splashy_command, prompt,

233

(char *)NULL);

234

if(not interrupted_by_signal){

235

perror("execl");

323

execl(splashy_command, splashy_command, prompt, (char *)NULL);

324

int e = errno;

325

error_plus(0, errno, "execl");

326

switch(e){

327

case EACCES:

328

case ENOENT:

329

case ENOEXEC:

330

case EINVAL:

331

_exit(EX_UNAVAILABLE);

332

case ENAMETOOLONG:

333

case E2BIG:

334

case ENOMEM:

335

case EFAULT:

336

case EIO:

337

case EMFILE:

338

case ENFILE:

339

case ETXTBSY:

340

default:

341

_exit(EX_OSERR);

342

case ENOTDIR:

343

case ELOOP:

344

case EISDIR:

345

#ifdef ELIBBAD

346

case ELIBBAD: /* Linux only */

347

#endif

348

case EPERM:

349

_exit(EX_OSFILE);

236

350

}

237

free(prompt);

238

_exit(EXIT_FAILURE);

239

351

}

352

free(prompt);

353

_exit(EXIT_FAILURE);

240

354

}

241

355

242

356

/* Parent */

243

357

free(prompt);

358

prompt = NULL;

359

360

if(interrupted_by_signal){

361

goto failure;

362

}

244

363

245

364

/* Wait for command to complete */

246

if(not interrupted_by_signal and splashy_command_pid != 0){

365

{

247

366

int status;

248

ret = waitpid(splashy_command_pid, &status, 0);

367

do {

368

ret = waitpid(splashy_command_pid, &status, 0);

369

} while(ret == -1 and errno == EINTR

370

and not interrupted_by_signal);

371

if(interrupted_by_signal){

372

goto failure;

373

}

249

374

if(ret == -1){

250

if(errno != EINTR){

251

perror("waitpid");

252

}

375

error_plus(0, errno, "waitpid");

253

376

if(errno == ECHILD){

254

377

splashy_command_pid = 0;

255

378

}

256

379

} else {

257

380

/* The child process has exited */

258

381

splashy_command_pid = 0;

259

if(not interrupted_by_signal and WIFEXITED(status)

260

and WEXITSTATUS(status)==0){

382

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

261

383

return EXIT_SUCCESS;

262

384

}

263

385

}

264

386

}

265

kill(splashy_pid, SIGTERM);

266

if(interrupted_by_signal and splashy_command_pid != 0){

267

kill(splashy_command_pid, SIGTERM);

268

}

269

sleep(2);

270

while(kill(splashy_pid, 0) == 0){

271

kill(splashy_pid, SIGKILL);

272

sleep(1);

273

}

274

pid_t new_splashy_pid = fork();

275

if(new_splashy_pid == 0){

276

/* Child; will become new splashy process */

277

278

/* Make the effective user ID (root) the only user ID instead of

279

the real user ID (_mandos) */

280

ret = setuid(geteuid());

281

if(ret == -1){

282

perror("setuid");

283

}

284

285

setsid();

286

ret = chdir("/");

287

/* if(fork() != 0){ */

288

/* _exit(EXIT_SUCCESS); */

289

/* } */

290

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace our stdout */

291

if(ret == -1){

292

perror("dup2");

293

_exit(EXIT_FAILURE);

294

}

295

296

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

297

if(not interrupted_by_signal){

298

perror("execl");

299

}

300

_exit(EXIT_FAILURE);

301

}

302

303

return EXIT_FAILURE;

387

388

failure:

389

390

free(prompt);

391

392

if(proc_dir != NULL){

393

TEMP_FAILURE_RETRY(closedir(proc_dir));

394

}

395

396

if(splashy_command_pid != 0){

397

TEMP_FAILURE_RETRY(kill(splashy_command_pid, SIGTERM));

398

399

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGTERM));

400

sleep(2);

401

while(TEMP_FAILURE_RETRY(kill(splashy_pid, 0)) == 0){

402

TEMP_FAILURE_RETRY(kill(splashy_pid, SIGKILL));

403

sleep(1);

404

}

405

pid_t new_splashy_pid = (pid_t)TEMP_FAILURE_RETRY(fork());

406

if(new_splashy_pid == 0){

407

/* Child; will become new splashy process */

408

409

/* Make the effective user ID (root) the only user ID instead of

410

the real user ID (_mandos) */

411

ret = setuid(geteuid());

412

if(ret == -1){

413

error_plus(0, errno, "setuid");

414

}

415

416

setsid();

417

ret = chdir("/");

418

if(ret == -1){

419

error_plus(0, errno, "chdir");

420

}

421

/* if(fork() != 0){ */

422

/* _exit(EXIT_SUCCESS); */

423

/* } */

424

ret = dup2(STDERR_FILENO, STDOUT_FILENO); /* replace stdout */

425

if(ret == -1){

426

error_plus(0, errno, "dup2");

427

_exit(EX_OSERR);

428

}

429

430

execl("/sbin/splashy", "/sbin/splashy", "boot", (char *)NULL);

431

{

432

int e = errno;

433

error_plus(0, errno, "execl");

434

switch(e){

435

case EACCES:

436

case ENOENT:

437

case ENOEXEC:

438

default:

439

_exit(EX_UNAVAILABLE);

440

case ENAMETOOLONG:

441

case E2BIG:

442

case ENOMEM:

443

_exit(EX_OSERR);

444

case ENOTDIR:

445

case ELOOP:

446

_exit(EX_OSFILE);

447

}

448

}

449

}

450

}

451

452

if(interrupted_by_signal){

453

struct sigaction signal_action;

454

sigemptyset(&signal_action.sa_mask);

455

signal_action.sa_handler = SIG_DFL;

456

ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,

457

&signal_action, NULL));

458

if(ret == -1){

459

error_plus(0, errno, "sigaction");

460

}

461

do {

462

ret = raise(signal_received);

463

} while(ret != 0 and errno == EINTR);

464

if(ret != 0){

465

error_plus(0, errno, "raise");

466

abort();

467

}

468

TEMP_FAILURE_RETRY(pause());

469

}

470

471

return exitstatus;

304

472

}

Older »