summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2001-12-07 17:16:19 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2001-12-07 17:16:19 +0000
commitd68e3853231298c4f3147f7068df11f6512119d6 (patch)
treef5806b69f8026948d043caa99246554b9bff8928
parent6bdd04dc72330bd2c9d341c31917ddac729c12a2 (diff)
Block keyboard-generated signals during database accesses.
-rw-r--r--libexec/login_token/login_token.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/libexec/login_token/login_token.c b/libexec/login_token/login_token.c
index 37bbd0f3cf6..882db5fd3f4 100644
--- a/libexec/login_token/login_token.c
+++ b/libexec/login_token/login_token.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_token.c,v 1.4 2001/12/06 05:37:04 millert Exp $ */
+/* $OpenBSD: login_token.c,v 1.5 2001/12/07 17:16:18 millert Exp $ */
/*-
* Copyright (c) 1995, 1996 Berkeley Software Design, Inc. All rights reserved.
@@ -41,6 +41,7 @@
#include <err.h>
#include <readpassphrase.h>
+#include <signal.h>
#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>
@@ -66,9 +67,16 @@ main(argc, argv)
int c;
int mode = 0;
struct rlimit cds;
+ sigset_t blockset;
(void)setpriority(PRIO_PROCESS, 0, 0);
+ /* We block keyboard-generated signals during database accesses. */
+ sigemptyset(&blockset);
+ sigaddset(&blockset, SIGINT);
+ sigaddset(&blockset, SIGQUIT);
+ sigaddset(&blockset, SIGTSTP);
+
openlog(NULL, LOG_ODELAY, LOG_AUTH);
cds.rlim_cur = 0;
@@ -76,10 +84,12 @@ main(argc, argv)
if (setrlimit(RLIMIT_CORE, &cds) < 0)
syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
+ (void)sigprocmask(SIG_BLOCK, &blockset, NULL);
if (token_init(argv[0]) < 0) {
syslog(LOG_ERR, "unknown token type");
errx(1, "unknown token type");
}
+ (void)sigprocmask(SIG_UNBLOCK, &blockset, NULL);
while ((c = getopt(argc, argv, "ds:v:")) != -1)
switch(c) {
@@ -136,8 +146,10 @@ main(argc, argv)
exit(1);
}
} else {
+ (void)sigprocmask(SIG_BLOCK, &blockset, NULL);
tokenchallenge(username, challenge, sizeof(challenge),
tt->proper);
+ (void)sigprocmask(SIG_UNBLOCK, &blockset, NULL);
if (mode == 1) {
fprintf(back, BI_VALUE " challenge %s\n",
auth_mkvalue(challenge));
@@ -155,6 +167,7 @@ main(argc, argv)
}
}
+ (void)sigprocmask(SIG_BLOCK, &blockset, NULL);
if (tokenverify(username, challenge, pp) == 0) {
fprintf(back, BI_AUTH "\n");