Annotation of src/usr.bin/ssh/ssh-agent.c, Revision 1.20
1.20 ! markus 1: /* $OpenBSD: ssh-agent.c,v 1.19 1999/11/18 14:00:49 markus Exp $ */
1.15 markus 2:
1.1 deraadt 3: /*
4:
5: ssh-agent.c
6:
7: Author: Tatu Ylonen <ylo@cs.hut.fi>
8:
9: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10: All rights reserved
11:
12: Created: Wed Mar 29 03:46:59 1995 ylo
13:
14: The authentication agent program.
15:
16: */
17:
18: #include "includes.h"
1.20 ! markus 19: RCSID("$OpenBSD: ssh-agent.c,v 1.19 1999/11/18 14:00:49 markus Exp $");
1.1 deraadt 20:
21: #include "ssh.h"
22: #include "rsa.h"
23: #include "authfd.h"
24: #include "buffer.h"
25: #include "bufaux.h"
26: #include "xmalloc.h"
27: #include "packet.h"
28: #include "getput.h"
29: #include "mpaux.h"
30:
1.13 deraadt 31: #include <ssl/md5.h>
1.7 deraadt 32:
1.1 deraadt 33: typedef struct
34: {
35: int fd;
1.12 markus 36: enum { AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION } type;
1.1 deraadt 37: Buffer input;
38: Buffer output;
39: } SocketEntry;
40:
41: unsigned int sockets_alloc = 0;
42: SocketEntry *sockets = NULL;
43:
44: typedef struct
45: {
1.2 provos 46: RSA *key;
1.1 deraadt 47: char *comment;
48: } Identity;
49:
50: unsigned int num_identities = 0;
51: Identity *identities = NULL;
52:
53: int max_fd = 0;
54:
1.11 markus 55: /* pid of shell == parent of agent */
1.10 markus 56: int parent_pid = -1;
57:
58: /* pathname and directory for AUTH_SOCKET */
59: char socket_name[1024];
60: char socket_dir[1024];
61:
1.20 ! markus 62: extern char *__progname;
! 63:
1.2 provos 64: void
65: process_request_identity(SocketEntry *e)
1.1 deraadt 66: {
67: Buffer msg;
68: int i;
69:
70: buffer_init(&msg);
71: buffer_put_char(&msg, SSH_AGENT_RSA_IDENTITIES_ANSWER);
72: buffer_put_int(&msg, num_identities);
73: for (i = 0; i < num_identities; i++)
74: {
1.2 provos 75: buffer_put_int(&msg, BN_num_bits(identities[i].key->n));
76: buffer_put_bignum(&msg, identities[i].key->e);
77: buffer_put_bignum(&msg, identities[i].key->n);
1.1 deraadt 78: buffer_put_string(&msg, identities[i].comment,
79: strlen(identities[i].comment));
80: }
81: buffer_put_int(&e->output, buffer_len(&msg));
82: buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
83: buffer_free(&msg);
84: }
85:
1.2 provos 86: void
87: process_authentication_challenge(SocketEntry *e)
1.1 deraadt 88: {
1.2 provos 89: int i, pub_bits, len;
90: BIGNUM *pub_e, *pub_n, *challenge;
1.1 deraadt 91: Buffer msg;
1.7 deraadt 92: MD5_CTX md;
1.1 deraadt 93: unsigned char buf[32], mdbuf[16], session_id[16];
94: unsigned int response_type;
95:
96: buffer_init(&msg);
1.2 provos 97: pub_e = BN_new();
98: pub_n = BN_new();
99: challenge = BN_new();
1.1 deraadt 100: pub_bits = buffer_get_int(&e->input);
1.2 provos 101: buffer_get_bignum(&e->input, pub_e);
102: buffer_get_bignum(&e->input, pub_n);
103: buffer_get_bignum(&e->input, challenge);
1.1 deraadt 104: if (buffer_len(&e->input) == 0)
105: {
106: /* Compatibility code for old servers. */
107: memset(session_id, 0, 16);
108: response_type = 0;
109: }
110: else
111: {
112: /* New code. */
113: buffer_get(&e->input, (char *)session_id, 16);
114: response_type = buffer_get_int(&e->input);
115: }
116: for (i = 0; i < num_identities; i++)
1.2 provos 117: if (pub_bits == BN_num_bits(identities[i].key->n) &&
118: BN_cmp(pub_e, identities[i].key->e) == 0 &&
119: BN_cmp(pub_n, identities[i].key->n) == 0)
1.1 deraadt 120: {
121: /* Decrypt the challenge using the private key. */
1.2 provos 122: rsa_private_decrypt(challenge, challenge, identities[i].key);
1.1 deraadt 123:
124: /* Compute the desired response. */
125: switch (response_type)
126: {
127: case 0: /* As of protocol 1.0 */
128: /* This response type is no longer supported. */
129: log("Compatibility with ssh protocol 1.0 no longer supported.");
130: buffer_put_char(&msg, SSH_AGENT_FAILURE);
131: goto send;
132:
133: case 1: /* As of protocol 1.1 */
134: /* The response is MD5 of decrypted challenge plus session id. */
1.2 provos 135: len = BN_num_bytes(challenge);
1.17 markus 136:
137: if (len <= 0 || len > 32) {
138: fatal("process_authentication_challenge: "
139: "bad challenge length %d", len);
140: }
141:
1.2 provos 142: memset(buf, 0, 32);
143: BN_bn2bin(challenge, buf + 32 - len);
1.13 deraadt 144: MD5_Init(&md);
145: MD5_Update(&md, buf, 32);
146: MD5_Update(&md, session_id, 16);
147: MD5_Final(mdbuf, &md);
1.1 deraadt 148: break;
149:
150: default:
151: fatal("process_authentication_challenge: bad response_type %d",
152: response_type);
153: break;
154: }
155:
156: /* Send the response. */
157: buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
158: for (i = 0; i < 16; i++)
159: buffer_put_char(&msg, mdbuf[i]);
160:
161: goto send;
162: }
163: /* Unknown identity. Send failure. */
164: buffer_put_char(&msg, SSH_AGENT_FAILURE);
165: send:
166: buffer_put_int(&e->output, buffer_len(&msg));
167: buffer_append(&e->output, buffer_ptr(&msg),
168: buffer_len(&msg));
169: buffer_free(&msg);
1.2 provos 170: BN_clear_free(pub_e);
171: BN_clear_free(pub_n);
172: BN_clear_free(challenge);
1.1 deraadt 173: }
174:
1.2 provos 175: void
176: process_remove_identity(SocketEntry *e)
1.1 deraadt 177: {
178: unsigned int bits;
179: unsigned int i;
1.2 provos 180: BIGNUM *dummy, *n;
1.1 deraadt 181:
1.2 provos 182: dummy = BN_new();
183: n = BN_new();
1.1 deraadt 184:
185: /* Get the key from the packet. */
186: bits = buffer_get_int(&e->input);
1.2 provos 187: buffer_get_bignum(&e->input, dummy);
188: buffer_get_bignum(&e->input, n);
1.18 markus 189:
190: if (bits != BN_num_bits(n))
1.19 markus 191: error("Warning: keysize mismatch: actual %d, announced %d",
1.18 markus 192: BN_num_bits(n), bits);
1.1 deraadt 193:
194: /* Check if we have the key. */
195: for (i = 0; i < num_identities; i++)
1.2 provos 196: if (BN_cmp(identities[i].key->n, n) == 0)
1.1 deraadt 197: {
198: /* We have this key. Free the old key. Since we don\'t want to leave
199: empty slots in the middle of the array, we actually free the
200: key there and copy data from the last entry. */
1.2 provos 201: RSA_free(identities[i].key);
1.1 deraadt 202: xfree(identities[i].comment);
203: if (i < num_identities - 1)
204: identities[i] = identities[num_identities - 1];
205: num_identities--;
1.2 provos 206: BN_clear_free(dummy);
207: BN_clear_free(n);
1.1 deraadt 208:
209: /* Send success. */
210: buffer_put_int(&e->output, 1);
211: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
212: return;
213: }
214: /* We did not have the key. */
1.2 provos 215: BN_clear(dummy);
216: BN_clear(n);
1.1 deraadt 217:
218: /* Send failure. */
219: buffer_put_int(&e->output, 1);
220: buffer_put_char(&e->output, SSH_AGENT_FAILURE);
221: }
222:
223: /* Removes all identities from the agent. */
224:
1.2 provos 225: void
226: process_remove_all_identities(SocketEntry *e)
1.1 deraadt 227: {
228: unsigned int i;
229:
230: /* Loop over all identities and clear the keys. */
231: for (i = 0; i < num_identities; i++)
232: {
1.2 provos 233: RSA_free(identities[i].key);
1.1 deraadt 234: xfree(identities[i].comment);
235: }
236:
237: /* Mark that there are no identities. */
238: num_identities = 0;
239:
240: /* Send success. */
241: buffer_put_int(&e->output, 1);
242: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
243: return;
244: }
245:
246: /* Adds an identity to the agent. */
247:
1.2 provos 248: void
249: process_add_identity(SocketEntry *e)
1.1 deraadt 250: {
1.2 provos 251: RSA *k;
1.1 deraadt 252: int i;
1.2 provos 253: BIGNUM *aux;
254: BN_CTX *ctx;
255:
1.1 deraadt 256: if (num_identities == 0)
257: identities = xmalloc(sizeof(Identity));
258: else
259: identities = xrealloc(identities, (num_identities + 1) * sizeof(Identity));
1.2 provos 260:
261: identities[num_identities].key = RSA_new();
262: k = identities[num_identities].key;
263: buffer_get_int(&e->input); /* bits */
264: k->n = BN_new();
265: buffer_get_bignum(&e->input, k->n);
266: k->e = BN_new();
267: buffer_get_bignum(&e->input, k->e);
268: k->d = BN_new();
269: buffer_get_bignum(&e->input, k->d);
270: k->iqmp = BN_new();
271: buffer_get_bignum(&e->input, k->iqmp);
272: /* SSH and SSL have p and q swapped */
273: k->q = BN_new();
274: buffer_get_bignum(&e->input, k->q); /* p */
275: k->p = BN_new();
276: buffer_get_bignum(&e->input, k->p); /* q */
277:
278: /* Generate additional parameters */
279: aux = BN_new();
280: ctx = BN_CTX_new();
281:
282: BN_sub(aux, k->q, BN_value_one());
283: k->dmq1 = BN_new();
284: BN_mod(k->dmq1, k->d, aux, ctx);
285:
286: BN_sub(aux, k->p, BN_value_one());
287: k->dmp1 = BN_new();
288: BN_mod(k->dmp1, k->d, aux, ctx);
289:
290: BN_clear_free(aux);
291: BN_CTX_free(ctx);
292:
1.1 deraadt 293: identities[num_identities].comment = buffer_get_string(&e->input, NULL);
294:
295: /* Check if we already have the key. */
296: for (i = 0; i < num_identities; i++)
1.2 provos 297: if (BN_cmp(identities[i].key->n, k->n) == 0)
1.1 deraadt 298: {
299: /* We already have this key. Clear and free the new data and
300: return success. */
1.2 provos 301: RSA_free(k);
1.1 deraadt 302: xfree(identities[num_identities].comment);
303:
304: /* Send success. */
305: buffer_put_int(&e->output, 1);
306: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
307: return;
308: }
309:
310: /* Increment the number of identities. */
311: num_identities++;
312:
313: /* Send a success message. */
314: buffer_put_int(&e->output, 1);
315: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
316: }
317:
1.2 provos 318: void
319: process_message(SocketEntry *e)
1.1 deraadt 320: {
321: unsigned int msg_len;
322: unsigned int type;
323: unsigned char *cp;
324: if (buffer_len(&e->input) < 5)
325: return; /* Incomplete message. */
326: cp = (unsigned char *)buffer_ptr(&e->input);
327: msg_len = GET_32BIT(cp);
328: if (msg_len > 256 * 1024)
329: {
1.8 deraadt 330: shutdown(e->fd, SHUT_RDWR);
1.1 deraadt 331: close(e->fd);
332: e->type = AUTH_UNUSED;
333: return;
334: }
335: if (buffer_len(&e->input) < msg_len + 4)
336: return;
337: buffer_consume(&e->input, 4);
338: type = buffer_get_char(&e->input);
1.12 markus 339:
1.1 deraadt 340: switch (type)
341: {
342: case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
343: process_request_identity(e);
344: break;
345: case SSH_AGENTC_RSA_CHALLENGE:
346: process_authentication_challenge(e);
347: break;
348: case SSH_AGENTC_ADD_RSA_IDENTITY:
349: process_add_identity(e);
350: break;
351: case SSH_AGENTC_REMOVE_RSA_IDENTITY:
352: process_remove_identity(e);
353: break;
354: case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
355: process_remove_all_identities(e);
356: break;
357: default:
358: /* Unknown message. Respond with failure. */
359: error("Unknown message %d", type);
360: buffer_clear(&e->input);
361: buffer_put_int(&e->output, 1);
362: buffer_put_char(&e->output, SSH_AGENT_FAILURE);
363: break;
364: }
365: }
366:
1.2 provos 367: void
368: new_socket(int type, int fd)
1.1 deraadt 369: {
370: unsigned int i, old_alloc;
371: if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
372: error("fcntl O_NONBLOCK: %s", strerror(errno));
373:
374: if (fd > max_fd)
375: max_fd = fd;
376:
377: for (i = 0; i < sockets_alloc; i++)
378: if (sockets[i].type == AUTH_UNUSED)
379: {
380: sockets[i].fd = fd;
381: sockets[i].type = type;
382: buffer_init(&sockets[i].input);
383: buffer_init(&sockets[i].output);
384: return;
385: }
386: old_alloc = sockets_alloc;
387: sockets_alloc += 10;
388: if (sockets)
389: sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
390: else
391: sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
392: for (i = old_alloc; i < sockets_alloc; i++)
393: sockets[i].type = AUTH_UNUSED;
394: sockets[old_alloc].type = type;
395: sockets[old_alloc].fd = fd;
396: buffer_init(&sockets[old_alloc].input);
397: buffer_init(&sockets[old_alloc].output);
398: }
399:
1.2 provos 400: void
401: prepare_select(fd_set *readset, fd_set *writeset)
1.1 deraadt 402: {
403: unsigned int i;
404: for (i = 0; i < sockets_alloc; i++)
405: switch (sockets[i].type)
406: {
1.12 markus 407: case AUTH_SOCKET:
1.1 deraadt 408: case AUTH_CONNECTION:
409: FD_SET(sockets[i].fd, readset);
410: if (buffer_len(&sockets[i].output) > 0)
411: FD_SET(sockets[i].fd, writeset);
412: break;
413: case AUTH_UNUSED:
414: break;
415: default:
416: fatal("Unknown socket type %d", sockets[i].type);
417: break;
418: }
419: }
420:
421: void after_select(fd_set *readset, fd_set *writeset)
422: {
423: unsigned int i;
1.12 markus 424: int len, sock;
1.1 deraadt 425: char buf[1024];
426: struct sockaddr_un sunaddr;
427:
428: for (i = 0; i < sockets_alloc; i++)
429: switch (sockets[i].type)
430: {
431: case AUTH_UNUSED:
432: break;
433: case AUTH_SOCKET:
434: if (FD_ISSET(sockets[i].fd, readset))
435: {
436: len = sizeof(sunaddr);
437: sock = accept(sockets[i].fd, (struct sockaddr *)&sunaddr, &len);
438: if (sock < 0)
439: {
440: perror("accept from AUTH_SOCKET");
441: break;
442: }
1.12 markus 443: new_socket(AUTH_CONNECTION, sock);
1.1 deraadt 444: }
445: break;
446: case AUTH_CONNECTION:
447: if (buffer_len(&sockets[i].output) > 0 &&
448: FD_ISSET(sockets[i].fd, writeset))
449: {
450: len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
451: buffer_len(&sockets[i].output));
452: if (len <= 0)
453: {
1.8 deraadt 454: shutdown(sockets[i].fd, SHUT_RDWR);
1.1 deraadt 455: close(sockets[i].fd);
456: sockets[i].type = AUTH_UNUSED;
457: break;
458: }
459: buffer_consume(&sockets[i].output, len);
460: }
461: if (FD_ISSET(sockets[i].fd, readset))
462: {
463: len = read(sockets[i].fd, buf, sizeof(buf));
464: if (len <= 0)
465: {
1.8 deraadt 466: shutdown(sockets[i].fd, SHUT_RDWR);
1.1 deraadt 467: close(sockets[i].fd);
468: sockets[i].type = AUTH_UNUSED;
469: break;
470: }
471: buffer_append(&sockets[i].input, buf, len);
472: process_message(&sockets[i]);
473: }
474: break;
475: default:
476: fatal("Unknown type %d", sockets[i].type);
477: }
478: }
479:
1.6 deraadt 480: void
1.2 provos 481: check_parent_exists(int sig)
1.1 deraadt 482: {
483: if (kill(parent_pid, 0) < 0)
484: {
485: /* printf("Parent has died - Authentication agent exiting.\n"); */
486: exit(1);
487: }
488: signal(SIGALRM, check_parent_exists);
489: alarm(10);
490: }
491:
1.15 markus 492: void
493: cleanup_socket(void)
494: {
1.10 markus 495: remove(socket_name);
496: rmdir(socket_dir);
497: }
498:
1.15 markus 499: void
500: cleanup_exit(int i)
501: {
502: cleanup_socket();
503: exit(i);
504: }
505:
506: void
507: usage()
508: {
509: fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
510: fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
511: __progname);
512: exit(1);
513: }
514:
1.2 provos 515: int
516: main(int ac, char **av)
1.1 deraadt 517: {
518: fd_set readset, writeset;
1.15 markus 519: int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
1.1 deraadt 520: struct sockaddr_un sunaddr;
1.15 markus 521: pid_t pid;
522: char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
1.1 deraadt 523:
1.3 deraadt 524: /* check if RSA support exists */
525: if (rsa_alive() == 0) {
526: fprintf(stderr,
527: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
528: __progname);
529: exit(1);
530: }
1.1 deraadt 531:
1.15 markus 532: while ((ch = getopt(ac, av, "cks")) != -1)
533: {
534: switch (ch)
535: {
536: case 'c':
537: if (s_flag)
538: usage();
539: c_flag++;
540: break;
541: case 'k':
542: k_flag++;
543: break;
544: case 's':
545: if (c_flag)
546: usage();
547: s_flag++;
548: break;
549: default:
550: usage();
551: }
552: }
553: ac -= optind;
554: av += optind;
555:
556: if (ac > 0 && (c_flag || k_flag || s_flag))
557: usage();
558:
559: if (ac == 0 && !c_flag && !k_flag && !s_flag)
560: {
561: shell = getenv("SHELL");
562: if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
563: c_flag = 1;
564: }
565:
566: if (k_flag)
1.1 deraadt 567: {
1.15 markus 568: pidstr = getenv(SSH_AGENTPID_ENV_NAME);
569: if (pidstr == NULL)
570: {
571: fprintf(stderr, "%s not set, cannot kill agent\n",
572: SSH_AGENTPID_ENV_NAME);
573: exit(1);
574: }
575: pid = atoi(pidstr);
576: if (pid < 1) /* XXX PID_MAX check too */
577: {
578: fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
579: SSH_AGENTPID_ENV_NAME, pidstr);
580: exit(1);
581: }
582: if (kill(pid, SIGTERM) == -1)
583: {
584: perror("kill");
585: exit(1);
586: }
587: format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
588: printf(format, SSH_AUTHSOCKET_ENV_NAME);
589: printf(format, SSH_AGENTPID_ENV_NAME);
590: printf("echo Agent pid %d killed;\n", pid);
591: exit(0);
1.1 deraadt 592: }
593:
1.9 markus 594: parent_pid = getpid();
1.10 markus 595:
596: /* Create private directory for agent socket */
597: strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
598: if (mkdtemp(socket_dir) == NULL) {
599: perror("mkdtemp: private socket dir");
600: exit(1);
601: }
1.15 markus 602: snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
603: parent_pid);
1.10 markus 604:
1.15 markus 605: /* Create socket early so it will exist before command gets run from
606: the parent. */
1.9 markus 607: sock = socket(AF_UNIX, SOCK_STREAM, 0);
608: if (sock < 0)
1.1 deraadt 609: {
1.9 markus 610: perror("socket");
1.15 markus 611: cleanup_exit(1);
1.9 markus 612: }
613: memset(&sunaddr, 0, sizeof(sunaddr));
614: sunaddr.sun_family = AF_UNIX;
615: strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
616: if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
617: {
618: perror("bind");
1.15 markus 619: cleanup_exit(1);
1.9 markus 620: }
621: if (listen(sock, 5) < 0)
622: {
623: perror("listen");
1.15 markus 624: cleanup_exit(1);
625: }
626:
627: /* Fork, and have the parent execute the command, if any, or present the
628: socket data. The child continues as the authentication agent. */
629: pid = fork();
630: if (pid == -1)
631: {
632: perror("fork");
633: exit(1);
634: }
635: if (pid != 0)
636: { /* Parent - execute the given command. */
637: close(sock);
638: snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
639: if (ac == 0)
640: {
641: format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
642: printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
643: SSH_AUTHSOCKET_ENV_NAME);
644: printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
645: SSH_AGENTPID_ENV_NAME);
646: printf("echo Agent pid %d;\n", pid);
647: exit(0);
648: }
649:
650: setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
651: setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1);
652: execvp(av[0], av);
653: perror(av[0]);
1.9 markus 654: exit(1);
1.1 deraadt 655: }
1.15 markus 656:
657: close(0);
658: close(1);
659: close(2);
660:
1.16 markus 661: if (setsid() == -1)
662: {
663: perror("setsid");
664: cleanup_exit(1);
665: }
1.15 markus 666:
667: if (atexit(cleanup_socket) < 0)
1.16 markus 668: {
669: perror("atexit");
670: cleanup_exit(1);
671: }
1.15 markus 672:
1.9 markus 673: new_socket(AUTH_SOCKET, sock);
1.15 markus 674: if (ac > 0)
675: {
676: signal(SIGALRM, check_parent_exists);
677: alarm(10);
678: }
1.1 deraadt 679:
680: signal(SIGINT, SIG_IGN);
1.15 markus 681: signal(SIGPIPE, SIG_IGN);
1.1 deraadt 682: while (1)
683: {
684: FD_ZERO(&readset);
685: FD_ZERO(&writeset);
686: prepare_select(&readset, &writeset);
687: if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0)
688: {
689: if (errno == EINTR)
690: continue;
691: exit(1);
692: }
693: after_select(&readset, &writeset);
694: }
695: /*NOTREACHED*/
696: }