1/* 2 * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <config.h> 18 19#include <sys/types.h> 20#include <sys/param.h> 21#ifdef HAVE_SYS_SYSMACROS_H 22# include <sys/sysmacros.h> 23#endif 24#include <sys/socket.h> 25#include <sys/stat.h> 26#include <sys/time.h> 27#include <sys/wait.h> 28#ifdef HAVE_TERMIOS_H 29# include <termios.h> 30#else 31# include <termio.h> 32#endif /* HAVE_TERMIOS_H */ 33#include <sys/ioctl.h> 34#ifdef HAVE_SYS_SELECT_H 35# include <sys/select.h> 36#endif /* HAVE_SYS_SELECT_H */ 37#include <stdio.h> 38#ifdef STDC_HEADERS 39# include <stdlib.h> 40# include <stddef.h> 41#else 42# ifdef HAVE_STDLIB_H 43# include <stdlib.h> 44# endif 45#endif /* STDC_HEADERS */ 46#ifdef HAVE_STRING_H 47# include <string.h> 48#endif /* HAVE_STRING_H */ 49#ifdef HAVE_STRINGS_H 50# include <strings.h> 51#endif /* HAVE_STRINGS_H */ 52#ifdef HAVE_UNISTD_H 53# include <unistd.h> 54#endif /* HAVE_UNISTD_H */ 55#if TIME_WITH_SYS_TIME 56# include <time.h> 57#endif 58#ifdef HAVE_SETLOCALE 59# include <locale.h> 60#endif 61#include <errno.h> 62#include <fcntl.h> 63#include <signal.h> 64#ifdef HAVE_SELINUX 65# include <selinux/selinux.h> 66#endif 67 68#include "sudo.h" 69#include "sudo_exec.h" 70 71/* Shared with exec_pty.c for use with handler(). */ 72int signal_pipe[2]; 73 74#ifdef _PATH_SUDO_IO_LOGDIR 75/* We keep a tailq of signals to forward to child. */ 76struct sigforward { 77 struct sigforward *prev, *next; 78 int signo; 79}; 80TQ_DECLARE(sigforward) 81static struct sigforward_list sigfwd_list; 82static pid_t ppgrp = -1; 83static void forward_signals __P((int fd)); 84static void schedule_signal __P((int signo)); 85static int log_io; 86#endif /* _PATH_SUDO_IO_LOGDIR */ 87 88volatile pid_t cmnd_pid = -1; 89 90static int handle_signals __P((int sv[2], pid_t child, 91 struct command_status *cstat)); 92#ifdef SA_SIGINFO 93static void handler_user_only __P((int s, siginfo_t *info, void *context)); 94#endif 95 96/* 97 * Like execve(2) but falls back to running through /bin/sh 98 * ala execvp(3) if we get ENOEXEC. 99 */ 100int 101my_execve(path, argv, envp) 102 const char *path; 103 char *argv[]; 104 char *envp[]; 105{ 106 execve(path, argv, envp); 107 if (errno == ENOEXEC) { 108 argv--; /* at least one extra slot... */ 109 argv[0] = "sh"; 110 argv[1] = (char *)path; 111 execve(_PATH_BSHELL, argv, envp); 112 } 113 return -1; 114} 115 116/* 117 * Fork and execute a command, returns the child's pid. 118 * Sends errno back on sv[1] if execve() fails. 119 */ 120static int fork_cmnd(path, argv, envp, sv, rbac_enabled) 121 const char *path; 122 char *argv[]; 123 char *envp[]; 124 int sv[2]; 125 int rbac_enabled; 126{ 127 struct command_status cstat; 128 sigaction_t sa; 129 130 ppgrp = getpgrp(); /* parent's process group */ 131 132 /* 133 * Handle suspend/restore of sudo and the command. 134 * In most cases, the command will be in the same process group as 135 * sudo and job control will "just work". However, if the command 136 * changes its process group ID and does not change it back (or is 137 * kill by SIGSTOP which is not catchable), we need to resume the 138 * command manually. Also, if SIGTSTP is sent directly to sudo, 139 * we need to suspend the command, and then suspend ourself, restoring 140 * the default SIGTSTP handler temporarily. 141 * 142 * XXX - currently we send SIGCONT upon resume in some cases where 143 * we don't need to (e.g. command pgrp == parent pgrp). 144 */ 145 zero_bytes(&sa, sizeof(sa)); 146 sigemptyset(&sa.sa_mask); 147 sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ 148#ifdef SA_SIGINFO 149 sa.sa_flags |= SA_SIGINFO; 150 sa.sa_sigaction = handler; 151#else 152 sa.sa_handler = handler; 153#endif 154 sigaction(SIGCONT, &sa, NULL); 155#ifdef SA_SIGINFO 156 sa.sa_sigaction = handler_user_only; 157#endif 158 sigaction(SIGTSTP, &sa, NULL); 159 160 cmnd_pid = fork(); 161 switch (cmnd_pid) { 162 case -1: 163 error(1, "fork"); 164 break; 165 case 0: 166 /* child */ 167 close(sv[0]); 168 close(signal_pipe[0]); 169 close(signal_pipe[1]); 170 fcntl(sv[1], F_SETFD, FD_CLOEXEC); 171 restore_signals(); 172 if (exec_setup(rbac_enabled, user_ttypath, -1) == TRUE) { 173 /* headed for execve() */ 174 int maxfd = def_closefrom; 175 dup2(sv[1], maxfd); 176 (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC); 177 sv[1] = maxfd++; 178 closefrom(maxfd); 179#ifdef HAVE_SELINUX 180 if (rbac_enabled) 181 selinux_execve(path, argv, envp); 182 else 183#endif 184 my_execve(path, argv, envp); 185 } 186 cstat.type = CMD_ERRNO; 187 cstat.val = errno; 188 send(sv[1], &cstat, sizeof(cstat), 0); 189 _exit(1); 190 } 191 return cmnd_pid; 192} 193 194static struct signal_state { 195 int signo; 196 sigaction_t sa; 197} saved_signals[] = { 198 { SIGALRM }, 199 { SIGCHLD }, 200 { SIGCONT }, 201 { SIGHUP }, 202 { SIGINT }, 203 { SIGPIPE }, 204 { SIGQUIT }, 205 { SIGTERM }, 206 { SIGTSTP }, 207 { SIGTTIN }, 208 { SIGTTOU }, 209 { SIGUSR1 }, 210 { SIGUSR2 }, 211 { -1 } 212}; 213 214/* 215 * Save signal handler state so it can be restored before exec. 216 */ 217void 218save_signals() 219{ 220 struct signal_state *ss; 221 222 for (ss = saved_signals; ss->signo != -1; ss++) 223 sigaction(ss->signo, NULL, &ss->sa); 224} 225 226/* 227 * Restore signal handlers to initial state. 228 */ 229void 230restore_signals() 231{ 232 struct signal_state *ss; 233 234 for (ss = saved_signals; ss->signo != -1; ss++) 235 sigaction(ss->signo, &ss->sa, NULL); 236} 237 238/* 239 * Execute a command, potentially in a pty with I/O loggging. 240 * This is a little bit tricky due to how POSIX job control works and 241 * we fact that we have two different controlling terminals to deal with. 242 */ 243int 244sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode) 245 const char *path; 246 char *argv[]; 247 char *envp[]; 248 uid_t uid; 249 struct command_status *cstat; 250 int dowait; 251 int bgmode; 252{ 253 int maxfd, n, nready, sv[2]; 254 int rbac_enabled = 0; 255 fd_set *fdsr, *fdsw; 256 sigaction_t sa; 257 sigset_t omask; 258 pid_t child; 259 260 /* If running in background mode, fork and exit. */ 261 if (bgmode) { 262 switch (fork()) { 263 case -1: 264 cstat->type = CMD_ERRNO; 265 cstat->val = errno; 266 return -1; 267 case 0: 268 /* child continues without controlling terminal */ 269 (void)setpgid(0, 0); 270 break; 271 default: 272 /* parent exits (but does not flush buffers) */ 273 _exit(0); 274 } 275 } 276 277#ifdef _PATH_SUDO_IO_LOGDIR 278 log_io = def_log_output || def_log_input || def_use_pty; 279 if (log_io) { 280 pty_setup(uid); 281 io_log_open(); 282 dowait = TRUE; 283 } 284#endif /* _PATH_SUDO_IO_LOGDIR */ 285 286#ifdef HAVE_SELINUX 287 rbac_enabled = is_selinux_enabled() > 0 && user_role != NULL; 288 if (rbac_enabled) 289 dowait = TRUE; 290#endif 291 292 /* 293 * If we don't need to wait for the command to finish, just exec it. 294 */ 295 if (!dowait) { 296 exec_setup(FALSE, NULL, -1); 297 closefrom(def_closefrom); 298 my_execve(path, argv, envp); 299 cstat->type = CMD_ERRNO; 300 cstat->val = errno; 301 return 127; 302 } 303 304 /* 305 * We communicate with the child over a bi-directional pair of sockets. 306 * Parent sends signal info to child and child sends back wait status. 307 */ 308 if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) == -1) 309 error(1, "cannot create sockets"); 310 311 /* 312 * We use a pipe to atomically handle signal notification within 313 * the select() loop. 314 */ 315 if (pipe_nonblock(signal_pipe) != 0) 316 error(1, "cannot create pipe"); 317 318 zero_bytes(&sa, sizeof(sa)); 319 sigemptyset(&sa.sa_mask); 320 321 /* 322 * Signals for forward to the child process (excluding SIGCHLD). 323 * Note: HP-UX select() will not be interrupted if SA_RESTART set. 324 */ 325 sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ 326#ifdef SA_SIGINFO 327 sa.sa_flags |= SA_SIGINFO; 328 sa.sa_sigaction = handler; 329#else 330 sa.sa_handler = handler; 331#endif 332 sigaction(SIGALRM, &sa, NULL); 333 sigaction(SIGCHLD, &sa, NULL); 334 sigaction(SIGPIPE, &sa, NULL); 335 sigaction(SIGTERM, &sa, NULL); 336 sigaction(SIGUSR1, &sa, NULL); 337 sigaction(SIGUSR2, &sa, NULL); 338 339 /* 340 * When not running the command in a pty, we do not want to 341 * forward signals generated by the kernel that the child will 342 * already have received either by virtue of being in the 343 * controlling tty's process group (SIGINT, SIGQUIT) or because 344 * the session is terminating (SIGHUP). 345 */ 346#ifdef SA_SIGINFO 347# ifdef _PATH_SUDO_IO_LOGDIR 348 if (!log_io) 349# endif 350 { 351 sa.sa_flags |= SA_SIGINFO; 352 sa.sa_sigaction = handler_user_only; 353 } 354#endif /* SA_SIGINFO */ 355 sigaction(SIGHUP, &sa, NULL); 356 sigaction(SIGINT, &sa, NULL); 357 sigaction(SIGQUIT, &sa, NULL); 358 359 /* Max fd we will be selecting on. */ 360 maxfd = MAX(sv[0], signal_pipe[0]); 361 362 /* 363 * Child will run the command in the pty, parent will pass data 364 * to and from pty. Adjusts maxfd as needed. 365 */ 366#ifdef _PATH_SUDO_IO_LOGDIR 367 if (log_io) 368 child = fork_pty(path, argv, envp, sv, rbac_enabled, bgmode, &maxfd, &omask); 369 else 370#endif 371 child = fork_cmnd(path, argv, envp, sv, rbac_enabled); 372 close(sv[1]); 373 374#ifdef HAVE_SETLOCALE 375 /* 376 * I/O logging must be in the C locale for floating point numbers 377 * to be logged consistently. 378 */ 379 setlocale(LC_ALL, "C"); 380#endif 381 382 /* 383 * In the event loop we pass input from user tty to master 384 * and pass output from master to stdout and IO plugin. 385 */ 386 fdsr = emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); 387 fdsw = emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); 388 for (;;) { 389 memset(fdsw, 0, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask)); 390 memset(fdsr, 0, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask)); 391 392 FD_SET(signal_pipe[0], fdsr); 393 FD_SET(sv[0], fdsr); 394#ifdef _PATH_SUDO_IO_LOGDIR 395 if (!tq_empty(&sigfwd_list)) 396 FD_SET(sv[0], fdsw); 397 if (log_io) 398 fd_set_iobs(fdsr, fdsw); /* XXX - better name */ 399#endif 400 nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL); 401 if (nready == -1) { 402 if (errno == EINTR || errno == ENOMEM) 403 continue; 404#ifdef _PATH_SUDO_IO_LOGDIR 405 if (errno == EBADF || errno == EIO) { 406 /* One of the ttys must have gone away. */ 407 goto do_tty_io; 408 } 409#endif 410 warning("select failed"); 411#ifdef _PATH_SUDO_IO_LOGDIR 412 schedule_signal(SIGKILL); 413 forward_signals(sv[0]); 414#endif 415 break; 416 } 417#ifdef _PATH_SUDO_IO_LOGDIR 418 if (FD_ISSET(sv[0], fdsw)) { 419 forward_signals(sv[0]); 420 } 421#endif /* _PATH_SUDO_IO_LOGDIR */ 422 if (FD_ISSET(signal_pipe[0], fdsr)) { 423 n = handle_signals(sv, child, cstat); 424 if (n == 0) { 425 /* Child has exited, cstat is set, we are done. */ 426 goto done; 427 } 428 if (n == -1) { 429 /* Error reading signal_pipe[0], should not happen. */ 430 break; 431 } 432 /* Restart event loop so signals get sent to child immediately. */ 433 continue; 434 } 435 if (FD_ISSET(sv[0], fdsr)) { 436 /* read child status */ 437 n = recv(sv[0], cstat, sizeof(*cstat), 0); 438 if (n != sizeof(*cstat)) { 439 if (n == -1) { 440 if (errno == EINTR) 441 continue; 442#ifdef _PATH_SUDO_IO_LOGDIR 443 /* 444 * If not logging I/O we will receive ECONNRESET when 445 * the command is executed. It is safe to ignore this. 446 */ 447 if (log_io && errno != EAGAIN) { 448 cstat->type = CMD_ERRNO; 449 cstat->val = errno; 450 break; 451 } 452#endif 453 } else { 454 /* Short read or EOF. */ 455 /* XXX - should set cstat */ 456 break; 457 } 458 } 459#ifdef _PATH_SUDO_IO_LOGDIR /* XXX */ 460 if (cstat->type == CMD_PID) { 461 /* 462 * Once we know the command's pid we can unblock 463 * signals which were blocked in fork_pty(). This 464 * avoids a race between exec of the command and 465 * receipt of a fatal signal from it. 466 */ 467 cmnd_pid = cstat->val; 468 if (log_io) 469 sigprocmask(SIG_SETMASK, &omask, NULL); 470 } else if (cstat->type == CMD_WSTATUS) { 471 if (WIFSTOPPED(cstat->val)) { 472 /* Suspend parent and tell child how to resume on return. */ 473 n = suspend_parent(WSTOPSIG(cstat->val)); 474 schedule_signal(n); 475 continue; 476 } else { 477 /* Child exited or was killed, either way we are done. */ 478 break; 479 } 480 } else 481#endif /* _PATH_SUDO_IO_LOGDIR */ 482 if (cstat->type == CMD_ERRNO) { 483 /* Child was unable to execute command or broken pipe. */ 484 break; 485 } 486 } 487 488#ifdef _PATH_SUDO_IO_LOGDIR 489do_tty_io: 490 if (perform_io(fdsr, fdsw, cstat) != 0) { 491 /* I/O error, kill child if still alive and finish. */ 492 schedule_signal(SIGKILL); 493 forward_signals(sv[0]); 494 break; 495 } 496#endif /* _PATH_SUDO_IO_LOGDIR */ 497 } 498 499#ifdef _PATH_SUDO_IO_LOGDIR 500 if (log_io) { 501 /* Flush any remaining output and free pty-related memory. */ 502 pty_close(cstat); 503 } 504#endif /* _PATH_SUDO_IO_LOGDIR */ 505 506#ifdef HAVE_SELINUX 507 if (rbac_enabled) { 508 /* This is probably not needed in log_io mode. */ 509 if (selinux_restore_tty() != 0) 510 warningx("unable to restore tty label"); 511 } 512#endif 513 514done: 515 efree(fdsr); 516 efree(fdsw); 517#ifdef _PATH_SUDO_IO_LOGDIR 518 while (!tq_empty(&sigfwd_list)) { 519 struct sigforward *sigfwd = tq_first(&sigfwd_list); 520 tq_remove(&sigfwd_list, sigfwd); 521 efree(sigfwd); 522 } 523#endif /* _PATH_SUDO_IO_LOGDIR */ 524 525 return cstat->type == CMD_ERRNO ? -1 : 0; 526} 527 528/* 529 * Read signals on fd written to by handler(). 530 * Returns -1 on error, 0 on child exit, else 1. 531 */ 532static int 533handle_signals(sv, child, cstat) 534 int sv[2]; 535 pid_t child; 536 struct command_status *cstat; 537{ 538 unsigned char signo; 539 ssize_t nread; 540 int status; 541 pid_t pid; 542 543 for (;;) { 544 /* read signal pipe */ 545 nread = read(signal_pipe[0], &signo, sizeof(signo)); 546 if (nread <= 0) { 547 /* It should not be possible to get EOF but just in case. */ 548 if (nread == 0) 549 errno = ECONNRESET; 550 /* Restart if interrupted by signal so the pipe doesn't fill. */ 551 if (errno == EINTR) 552 continue; 553 /* If pipe is empty, we are done. */ 554 if (errno == EAGAIN) 555 break; 556 cstat->type = CMD_ERRNO; 557 cstat->val = errno; 558 return -1; 559 } 560 if (signo == SIGCHLD) { 561 /* 562 * If logging I/O, child is the intermediate process, 563 * otherwise it is the command itself. 564 */ 565 do { 566#ifdef sudo_waitpid 567 pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG); 568#else 569 pid = wait(&status); 570#endif 571 } while (pid == -1 && errno == EINTR); 572 if (pid == child) { 573#ifdef _PATH_SUDO_IO_LOGDIR 574 if (log_io) { 575 /* 576 * On BSD we get ECONNRESET on sv[0] if monitor dies 577 * and select() will return with sv[0] readable. 578 * On Linux that doesn't appear to happen so if the 579 * monitor dies, shut down the socketpair to force a 580 * select() notification. 581 */ 582 (void) shutdown(sv[0], SHUT_WR); 583 } else 584#endif 585 { 586 if (WIFSTOPPED(status)) { 587 /* 588 * Save the controlling terminal's process group 589 * so we can restore it after we resume, if needed. 590 * Most well-behaved shells change the pgrp back to 591 * its original value before suspending so we must 592 * not try to restore in that case, lest we race with 593 * the child upon resume, potentially stopping sudo 594 * with SIGTTOU while the command continues to run. 595 */ 596#ifdef HAVE_TCSETPGRP 597 sigaction_t sa, osa; 598 pid_t saved_pgrp = (pid_t)-1; 599 int signo = WSTOPSIG(status); 600 int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0); 601 if (fd != -1) { 602 if ((saved_pgrp = tcgetpgrp(fd)) == ppgrp) 603 saved_pgrp = -1; 604 } 605#endif /* HAVE_TCSETPGRP */ 606 if (signo == SIGTSTP) { 607 zero_bytes(&sa, sizeof(sa)); 608 sigemptyset(&sa.sa_mask); 609 sa.sa_handler = SIG_DFL; 610 sigaction(SIGTSTP, &sa, &osa); 611 } 612 if (kill(getpid(), signo) != 0) 613 warning("kill(%d, %d)", getpid(), signo); 614 if (signo == SIGTSTP) 615 sigaction(SIGTSTP, &osa, NULL); 616#ifdef HAVE_TCSETPGRP 617 if (fd != -1) { 618 /* 619 * Restore command's process group if different. 620 * Otherwise, we cannot resume some shells. 621 */ 622 if (saved_pgrp != (pid_t)-1) 623 (void)tcsetpgrp(fd, saved_pgrp); 624 close(fd); 625 } 626#endif /* HAVE_TCSETPGRP */ 627 } else { 628 /* Child has exited, we are done. */ 629 cstat->type = CMD_WSTATUS; 630 cstat->val = status; 631 return 0; 632 } 633 } 634 } 635 } else { 636#ifdef _PATH_SUDO_IO_LOGDIR 637 if (log_io) { 638 /* Schedule signo to be forwared to the child. */ 639 schedule_signal(signo); 640 } else 641#endif 642 { 643 /* Nothing listening on sv[0], send directly. */ 644 if (kill(child, signo) != 0) 645 warning("kill(%d, %d)", child, signo); 646 } 647 } 648 } 649 return 1; 650} 651 652#ifdef _PATH_SUDO_IO_LOGDIR 653/* 654 * Forward signals in sigfwd_list to child listening on fd. 655 */ 656static void 657forward_signals(sock) 658 int sock; 659{ 660 struct sigforward *sigfwd; 661 struct command_status cstat; 662 ssize_t nsent; 663 664 while (!tq_empty(&sigfwd_list)) { 665 sigfwd = tq_first(&sigfwd_list); 666 cstat.type = CMD_SIGNO; 667 cstat.val = sigfwd->signo; 668 do { 669 nsent = send(sock, &cstat, sizeof(cstat), 0); 670 } while (nsent == -1 && errno == EINTR); 671 tq_remove(&sigfwd_list, sigfwd); 672 efree(sigfwd); 673 if (nsent != sizeof(cstat)) { 674 if (errno == EPIPE) { 675 /* Other end of socket gone, empty out sigfwd_list. */ 676 while (!tq_empty(&sigfwd_list)) { 677 sigfwd = tq_first(&sigfwd_list); 678 tq_remove(&sigfwd_list, sigfwd); 679 efree(sigfwd); 680 } 681 /* XXX - child (monitor) is dead, we should exit too? */ 682 } 683 break; 684 } 685 } 686} 687 688/* 689 * Schedule a signal to be forwared. 690 */ 691static void 692schedule_signal(signo) 693 int signo; 694{ 695 struct sigforward *sigfwd; 696 697 sigfwd = ecalloc(1, sizeof(*sigfwd)); 698 sigfwd->prev = sigfwd; 699 /* sigfwd->next = NULL; */ 700 sigfwd->signo = signo; 701 tq_append(&sigfwd_list, sigfwd); 702} 703#endif /* _PATH_SUDO_IO_LOGDIR */ 704 705/* 706 * Generic handler for signals passed from parent -> child. 707 * The other end of signal_pipe is checked in the main event loop. 708 */ 709#ifdef SA_SIGINFO 710RETSIGTYPE 711handler(s, info, context) 712 int s; 713 siginfo_t *info; 714 void *context; 715{ 716 unsigned char signo = (unsigned char)s; 717 718 /* 719 * If the signal came from the command we ran, just ignore 720 * it since we don't want the child to indirectly kill itself. 721 * This can happen with, e.g. BSD-derived versions of reboot 722 * that call kill(-1, SIGTERM) to kill all other processes. 723 */ 724 if (info != NULL && info->si_code == SI_USER && info->si_pid == cmnd_pid) 725 return; 726 727 /* 728 * The pipe is non-blocking, if we overflow the kernel's pipe 729 * buffer we drop the signal. This is not a problem in practice. 730 */ 731 ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); 732} 733#else 734RETSIGTYPE 735handler(s) 736 int s; 737{ 738 unsigned char signo = (unsigned char)s; 739 740 /* 741 * The pipe is non-blocking, if we overflow the kernel's pipe 742 * buffer we drop the signal. This is not a problem in practice. 743 */ 744 ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); 745} 746#endif 747 748#ifdef SA_SIGINFO 749/* 750 * Generic handler for signals passed from parent -> child. 751 * The other end of signal_pipe is checked in the main event loop. 752 * This version is for the non-pty case and does not forward 753 * signals that are generated by the kernel. 754 */ 755static RETSIGTYPE 756handler_user_only(s, info, context) 757 int s; 758 siginfo_t *info; 759 void *context; 760{ 761 unsigned char signo = (unsigned char)s; 762 763 /* Only forward user-generated signals. */ 764 if (info != NULL && info->si_code == SI_USER) { 765 /* 766 * The pipe is non-blocking, if we overflow the kernel's pipe 767 * buffer we drop the signal. This is not a problem in practice. 768 */ 769 ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); 770 } 771} 772#endif /* SA_SIGINFO */ 773 774/* 775 * Open a pipe and make both ends non-blocking. 776 * Returns 0 on success and -1 on error. 777 */ 778int 779pipe_nonblock(fds) 780 int fds[2]; 781{ 782 int flags, rval; 783 784 rval = pipe(fds); 785 if (rval != -1) { 786 flags = fcntl(fds[0], F_GETFL, 0); 787 if (flags != -1 && !ISSET(flags, O_NONBLOCK)) 788 rval = fcntl(fds[0], F_SETFL, flags | O_NONBLOCK); 789 if (rval != -1) { 790 flags = fcntl(fds[1], F_GETFL, 0); 791 if (flags != -1 && !ISSET(flags, O_NONBLOCK)) 792 rval = fcntl(fds[1], F_SETFL, flags | O_NONBLOCK); 793 } 794 if (rval == -1) { 795 close(fds[0]); 796 close(fds[1]); 797 } 798 } 799 800 return rval; 801} 802