Ejemplo n.º 1
0
func main() {
	options.Parse()
	if *options.String["config"] != "" && !*options.Bool["init"] {
		err := options.Load(*options.String["config"])
		options.FailIf(err, "Can't load configuration")
	}

	fmt.Println("Cloudproxy HTTPS Server")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: no host Tao available")
	}
	self, err := tao.Parent().GetTaoName()
	options.FailIf(err, "Can't get Tao name")

	// TODO(kwalsh) extend tao name with operating mode and policy

	addr := net.JoinHostPort(*options.String["host"], *options.String["port"])

	cpath := *options.String["config"]
	kdir := *options.String["keys"]
	if kdir == "" && cpath != "" {
		kdir = path.Dir(cpath)
	} else if kdir == "" {
		options.Fail(nil, "Option -keys or -config is required")
	}

	docs := *options.String["docs"]
	if docs == "" && cpath != "" {
		docs = path.Join(path.Dir(cpath), "docs")
	} else if docs == "" {
		options.Fail(nil, "Option -keys or -config is required")
	}

	var keys *tao.Keys

	if *options.Bool["init"] {
		keys = taoca.GenerateKeys(name, addr, kdir)
	} else {
		keys = taoca.LoadKeys(kdir)
	}

	fmt.Printf("Configuration file: %s\n", cpath)
	if *options.Bool["init"] && cpath != "" {
		err := options.Save(cpath, "HTTPS server configuration", "persistent")
		options.FailIf(err, "Can't save configuration")
	}

	http.Handle("/cert/", https.CertificateHandler{keys.CertificatePool})
	http.Handle("/prin/", https.ManifestHandler{"/prin/", self.String()})
	http.Handle("/", http.FileServer(https.LoggingFilesystem{http.Dir(docs)}))
	fmt.Printf("Listening at %s using HTTPS\n", addr)
	err = tao.ListenAndServeTLS(addr, keys)
	options.FailIf(err, "can't listen and serve")

	fmt.Println("Server Done")
}
Ejemplo n.º 2
0
func startHost(domain *tao.Domain) {

	if *options.Bool["daemon"] && *options.Bool["foreground"] {
		options.Usage("Can supply only one of -daemon and -foreground")
	}
	if *options.Bool["daemon"] {
		daemonize()
	}

	cfg := configureFromFile()
	configureFromOptions(cfg)
	host, err := loadHost(domain, cfg)
	options.FailIf(err, "Can't create host")

	sockPath := path.Join(hostPath(), "admin_socket")
	// Set the socketPath directory go+rx so tao_launch can access sockPath and
	// connect to this linux host, even when tao_launch is run as non-root.
	err = os.Chmod(path.Dir(sockPath), 0755)
	options.FailIf(err, "Can't change permissions")
	uaddr, err := net.ResolveUnixAddr("unix", sockPath)
	options.FailIf(err, "Can't resolve unix socket")
	sock, err := net.ListenUnix("unix", uaddr)
	options.FailIf(err, "Can't create admin socket")
	defer sock.Close()
	err = os.Chmod(sockPath, 0666)
	if err != nil {
		sock.Close()
		options.Fail(err, "Can't change permissions on admin socket")
	}

	go func() {
		verbose.Printf("Linux Tao Service (%s) started and waiting for requests\n", host.HostName())
		err = tao.NewLinuxHostAdminServer(host).Serve(sock)
		verbose.Printf("Linux Tao Service finished\n")
		sock.Close()
		options.FailIf(err, "Error serving admin requests")
		os.Exit(0)
	}()

	c := make(chan os.Signal, 1)
	signal.Notify(c, os.Interrupt, os.Kill, syscall.SIGTERM)
	<-c
	verbose.Printf("Linux Tao Service shutting down\n")
	err = shutdown()
	if err != nil {
		sock.Close()
		options.Fail(err, "Can't shut down admin socket")
	}

	// The above goroutine will normally end by calling os.Exit(), so we
	// can block here indefinitely. But if we get a second kill signal,
	// let's abort.
	verbose.Printf("Waiting for shutdown....\n")
	<-c
	options.Fail(nil, "Could not shut down linux_host")
}
Ejemplo n.º 3
0
func subcmd(cmd, prog string, args []string) {
	dirs := util.LiberalSearchPath()
	binary := util.FindExecutable(prog, dirs)
	if binary == "" {
		options.Fail(nil, "Can't find `%s` on path '%s'", prog, strings.Join(dirs, ":"))
	}
	args = append([]string{"tao_" + cmd}, args...)
	err := syscall.Exec(binary, args, os.Environ())
	options.Fail(err, "Can't exec `%s`", cmd)
}
Ejemplo n.º 4
0
func configureFromFile() *tao.LinuxHostConfig {
	d, err := ioutil.ReadFile(hostConfigPath())
	if err != nil {
		options.Fail(err, "Can't read linux host configuration")
	}
	var cfg tao.LinuxHostConfig
	if err := proto.UnmarshalText(string(d), &cfg); err != nil {
		options.Fail(err, "Can't parse linux host configuration")
	}
	return &cfg
}
Ejemplo n.º 5
0
func main() {
	options.Parse()
	if *options.String["config"] != "" && !*options.Bool["init"] {
		err := options.Load(*options.String["config"])
		options.FailIf(err, "Can't load configuration")
	}

	fmt.Println("Cloudproxy HTTPS Netlog Viewer")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: no host Tao available")
	}

	// TODO(kwalsh) extend tao name with operating mode and policy

	addr := net.JoinHostPort(*options.String["host"], *options.String["port"])

	cpath := *options.String["config"]
	kdir := *options.String["keys"]
	if kdir == "" && cpath != "" {
		kdir = path.Dir(cpath)
	} else if kdir == "" {
		options.Fail(nil, "Option -keys or -config is required")
	}

	var keys *tao.Keys

	if *options.Bool["init"] {
		keys = taoca.GenerateKeys(name, addr, kdir)
	} else {
		keys = taoca.LoadKeys(kdir)
	}

	fmt.Printf("Configuration file: %s\n", cpath)
	if *options.Bool["init"] && cpath != "" {
		err := options.Save(cpath, "Cloudproxy HTTPS netlog viewer configuration", "persistent")
		options.FailIf(err, "Can't save configuration")
	}

	http.Handle("/cert/", https.CertificateHandler{keys.CertificatePool})
	http.Handle("/index.html", http.RedirectHandler("/", 301))
	http.HandleFunc("/", netlog_show)
	fmt.Printf("Listening at %s using HTTPS\n", addr)
	err := tao.ListenAndServeTLS(addr, keys)
	options.FailIf(err, "can't listen and serve")

	fmt.Println("Server Done")
}
Ejemplo n.º 6
0
func main() {
	flag.Parse()

	// Check to see if we are running in Docker mode with linked containers.
	// If so, then there will be an environment variable SERVER_PORT that
	// will contain a value of the form tcp://<ip>:<port>
	serverEnvVar := os.Getenv("SERVER_PORT")
	if serverEnvVar == "" {
		serverAddr = net.JoinHostPort(*serverHost, *serverPort)
	} else {
		serverAddr = strings.TrimPrefix(serverEnvVar, "tcp://")
		if serverAddr == serverEnvVar {
			options.Usage("client: invalid SERVER_PORT environment variable value '%s'\n", serverEnvVar)
		}
	}

	switch *demoAuth {
	case "tcp", "tls", "tao":
	default:
		options.Usage("unrecognized authentication mode: %s\n", *demoAuth)
	}

	fmt.Println("Go Tao Demo Client")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: No host Tao available")
	}

	domain, err := tao.LoadDomain(configPath(), nil)
	options.FailIf(err, "error: couldn't load the tao domain from %s\n", configPath())

	doClient(domain)
	fmt.Println("Client Done")
}
Ejemplo n.º 7
0
func SubmitAndInstall(keys *tao.Keys, csr *CSR) {
	verbose.Printf("Obtaining certificate from CA (may take a while)\n")
	resp, err := Submit(keys, csr)
	options.FailIf(err, "can't obtain X509 certificate from CA")
	if len(resp) == 0 {
		options.Fail(nil, "no x509 certificates returned from CA")
	}
	// Add the certs to our keys...
	keys.Cert["default"] = resp[0]
	for i, c := range resp {
		name := "ca"
		if i > 0 {
			name = fmt.Sprintf("ca-%d", i)
		}
		keys.Cert[name] = c
	}
	if keys.X509Path("default") != "" {
		err = keys.SaveCerts()
	}
	options.FailIf(err, "can't save X509 certificates")

	chain := keys.CertChain("default")
	verbose.Printf("Obtained certfificate chain of length %d:\n", len(chain))
	for i, cert := range chain {
		verbose.Printf("  Cert[%d] Subject: %s\n", i, x509txt.RDNString(cert.Subject))
	}
	if Warn {
		fmt.Println("Note: You may need to install root CA's key into the browser.")
	}
}
Ejemplo n.º 8
0
func UrlBasename(loc string) string {
	u, err := url.ParseRequestURI(loc)
	options.FailIf(err, "can't parse url in certificate: %s", u)
	s := strings.Split(u.Path, "/")
	if len(s) < 2 {
		options.Fail(nil, "can't parse url in certificate: %s", u)
	}
	return s[len(s)-1]
}
Ejemplo n.º 9
0
func main() {
	verbose.Set(true)
	options.Parse()

	if *options.String["config"] != "" && !*options.Bool["init"] {
		err := options.Load(*options.String["config"])
		options.FailIf(err, "Can't load configuration")
	}

	if *options.Bool["init"] {
		cpath := *options.String["config"]
		if cpath == "" {
			options.Fail(nil, "Option -init requires option -config")
		}
		fmt.Println("Initializing configuration file: " + cpath)
		err := options.Save(cpath, "Tao rendezvous configuration", "persistent")
		options.FailIf(err, "Can't save configuration")
	}

	fmt.Println("Cloudproxy Rendezvous Service")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: no host Tao available")
	}

	allowAnon = *options.Bool["anon"]
	manualMode = *options.Bool["manual"]
	fcfsMode = *options.Bool["fcfs"]
	addr := *options.String["addr"]

	netlog.Log("rendezvous: init")
	netlog.Log("rendezvous: allow anon? %v", allowAnon)
	netlog.Log("rendezvous: manual? %v", manualMode)
	netlog.Log("rendezvous: fcfs? %v", fcfsMode)
	netlog.Log("rendezvous: addr = %v", addr)

	// TODO(kwalsh) extend tao name with operating mode and policy

	err := tao.NewOpenServer(tao.ConnHandlerFunc(doResponses)).ListenAndServe(addr)
	options.FailIf(err, "server died")

	netlog.Log("rendezvous: done")
}
Ejemplo n.º 10
0
func prompt(msg, def string) string {
	fmt.Printf("%s [%s]: ", msg, def)
	line, hasMoreInLine, err := bufio.NewReader(os.Stdin).ReadLine()
	options.FailIf(err, "Bad input")
	if hasMoreInLine {
		options.Fail(nil, "Buffer overflow: Bad input")
	}
	s := strings.TrimSpace(string(line))
	if s == "" {
		s = def
	}
	return s
}
Ejemplo n.º 11
0
func main() {
	options.Parse()

	fmt.Println("Cloudproxy Networked Logging Service")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: No host Tao available")
	}

	addr := *options.String["addr"]

	// TODO(kwalsh) perhaps extend our tao name with current config options

	err := tao.NewOpenServer(tao.ConnHandlerFunc(doResponse)).ListenAndServe(addr)
	options.FailIf(err, "netlog: server died")
}
Ejemplo n.º 12
0
func main() {
	flag.Parse()
	serverAddr = net.JoinHostPort(*serverHost, *serverPort)
	switch *demoAuth {
	case "tcp", "tls", "tao":
	default:
		options.Usage("unrecognized authentication mode: %s\n", *demoAuth)
		return
	}

	fmt.Println("Go Tao Demo Server")

	if tao.Parent() == nil {
		options.Fail(nil, "can't continue: No host Tao available")
	}

	doServer()
	fmt.Println("Server Done")
}
Ejemplo n.º 13
0
func main() {
	verbose.Set(true)
	options.Parse()

	profiling.ProfilePath = *options.String["profile"]

	if !verbose.Enabled {
		taoca.ConfirmNames = false
	}

	if *options.String["config"] != "" && !*options.Bool["init"] {
		err := options.Load(*options.String["config"])
		options.FailIf(err, "Can't load configuration")
	}

	fmt.Println("https/tls Certificate Authority")

	manualMode = *options.Bool["manual"]
	learnMode = *options.Bool["learn"]

	if !manualMode && tao.Parent() == nil {
		options.Fail(nil, "can't continue: automatic mode, but no host Tao available")
	}

	if *options.Bool["root"] == (*options.String["subsidiary"] != "") {
		options.Usage("must supply exactly one of -root or -subsidiary options")
	}

	host := *options.String["host"]
	port := *options.String["port"]
	addr := net.JoinHostPort(host, port)

	// TODO(kwalsh) extend tao name with operating mode and policy

	cpath := *options.String["config"]
	kdir := *options.String["keys"]
	if kdir == "" && cpath != "" {
		kdir = path.Dir(cpath)
	} else if kdir == "" {
		options.Fail(nil, "Option -keys or -config is required")
	}
	ppath := path.Join(kdir, "policy")

	var err error

	if *options.Bool["init"] {
		if cpath != "" {
			err := options.Save(cpath, "HTTPS/TLS certificate authority configuration", "persistent")
			options.FailIf(err, "Can't save configuration")
		}
		fmt.Println("" +
			"Initializing fresh HTTP/TLS CA signing key. Provide the following information,\n" +
			"to be include in the CA's own x509 certificate. Leave the response blank to\n" +
			"accept the default value.\n" +
			"\n" +
			"Configuration file: " + cpath + "\n" +
			"Keys directory: " + kdir + "\n")

		var caName *pkix.Name
		if taoca.ConfirmNames {
			if *options.Bool["root"] {
				caName = taoca.ConfirmName(caRootName)
			} else {
				caName = taoca.ConfirmName(caSubsidiaryName)
			}
		} else {
			if *options.Bool["root"] {
				caName = caRootName
			} else {
				caName = caSubsidiaryName
			}
		}

		if manualMode {
			pwd := options.Password("Choose an HTTPS/TLS CA signing key password", "pass")
			caKeys, err = tao.InitOnDiskPBEKeys(tao.Signing, pwd, kdir, caName)
			tao.ZeroBytes(pwd)
		} else {
			caKeys, err = tao.InitOnDiskTaoSealedKeys(tao.Signing, caName, tao.Parent(), kdir, tao.SealPolicyDefault)
		}
		options.FailIf(err, "Can't initialize fresh HTTPS/TLS CA signing key")
		if *options.Bool["root"] {
			fmt.Printf(""+
				"Note: To install this CA's key in the Chrome browser, go to\n"+
				"  'Settings', 'Show advanced settings...', 'Manage Certificates...', 'Authorities'\n"+
				"  then import the following file:\n"+
				"     %s\n"+
				"  Select 'Trust this certificate for identifying websites' and/or other\n"+
				"  options, then click 'OK'\n", caKeys.X509Path("default"))
		} else {
			csr := taoca.NewCertificateSigningRequest(caKeys.VerifyingKey, caName)
			*csr.IsCa = true
			srv := *options.String["subsidiary"]
			taoca.DefaultServerName = srv
			taoca.SubmitAndInstall(caKeys, csr)
		}

		if !manualMode {
			f, err := os.Open(ppath)
			if err == nil {
				f.Close()
				fmt.Printf("Using existing certificate-granting policy: %s\n", ppath)
			} else {
				fmt.Printf("Creating default certificate-granting policy: %s\n", ppath)
				fmt.Printf("Edit that file to define the certificate-granting policy.\n")
				err := util.WritePath(ppath, []byte(policy.Default), 0755, 0755)
				options.FailIf(err, "Can't save policy rules")
			}
		}
	} else {
		if manualMode {
			pwd := options.Password("HTTPS/TLS CA signing key password", "pass")
			caKeys, err = tao.LoadOnDiskPBEKeys(tao.Signing, pwd, kdir)
			tao.ZeroBytes(pwd)
		} else {
			caKeys, err = tao.LoadOnDiskTaoSealedKeys(tao.Signing, tao.Parent(), kdir, tao.SealPolicyDefault)
		}
		options.FailIf(err, "Can't load HTTP/TLS CA signing key")
	}

	netlog.Log("https_ca: start")
	netlog.Log("https_ca: manual? %v", manualMode)

	if !manualMode {
		guard, err = policy.Load(ppath)
		options.FailIf(err, "Can't load certificate-granting policy")
	}

	var prin auth.Prin
	if tao.Parent() != nil {
		prin, err = tao.Parent().GetTaoName()
		options.FailIf(err, "Can't get tao name")
	} else {
		rendezvous.DefaultServer.Connect(caKeys)
		prin = caKeys.SigningKey.ToPrincipal()
	}

	name := *options.String["name"]
	if name != "" {
		err = rendezvous.Register(rendezvous.Binding{
			Name:      proto.String(name),
			Host:      proto.String(host),
			Port:      proto.String(port),
			Protocol:  proto.String("protoc/rpc/https_ca"),
			Principal: proto.String(prin.String()),
		})
		options.FailIf(err, "Can't register with rendezvous service")
	}

	statsdelay := *options.String["stats"]
	var srv *tao.Server
	if statsdelay != "" {
		go profiling.ShowStats(&stats, statsdelay, "sign certificates")
		srv = tao.NewOpenServer(tao.ConnHandlerFunc(doResponseWithStats))
	} else {
		srv = tao.NewOpenServer(tao.ConnHandlerFunc(doResponseWithoutStats))
	}

	srv.Keys = caKeys
	fmt.Printf("Listening at %s using Tao-authenticated channels\n", addr)
	err = srv.ListenAndServe(addr)
	options.FailIf(err, "server died")

	fmt.Println("Server Done")
	netlog.Log("https_ca: done")
}
Ejemplo n.º 14
0
func runHosted(client *tao.LinuxHostAdminClient, args []string) {
	var err error

	if len(args) == 0 {
		options.Usage("Missing program path and arguments")
	}

	spec := new(tao.HostedProgramSpec)

	ctype := "process"
	spec.Path = args[0]
	for _, prefix := range []string{"process", "docker", "kvm_coreos"} {
		if strings.HasPrefix(spec.Path, prefix+":") {
			ctype = prefix
			spec.Path = strings.TrimPrefix(spec.Path, prefix+":")
		}
	}

	switch ctype {
	case "process":
		dirs := util.LiberalSearchPath()
		binary := util.FindExecutable(args[0], dirs)
		if binary == "" {
			options.Fail(nil, "Can't find `%s` on path '%s'", args[0], strings.Join(dirs, ":"))
		}
		spec.ContainerArgs = []string{spec.Path}
		spec.Args = args[1:]
		spec.Path = binary
	case "docker", "kvm_coreos":
		// args contains [ "docker:argv0", docker_args..., "--", prog_args... ]
		spec.ContainerArgs, spec.Args = split(args, "--")
		// Replace docker arg 0 with valid image name constructed from // base(argv[0]).
		r, _ := regexp.Compile("[^a-zA-Z0-9_.]+")
		spec.ContainerArgs[0] = r.ReplaceAllLiteralString(path.Base(spec.Path), "_")
	}

	pidfile := *options.String["pidfile"]
	var pidOut *os.File
	if pidfile == "-" {
		pidOut = os.Stdout
	} else if pidfile != "" {
		pidOut, err = os.Create(pidfile)
		options.FailIf(err, "Can't open pid file")
	}

	namefile := *options.String["namefile"]
	var nameOut *os.File
	if namefile == "-" {
		nameOut = os.Stdout
	} else if namefile != "" {
		nameOut, err = os.Create(namefile)
		options.FailIf(err, "Can't open name file")
	}

	daemon := *options.Bool["daemon"]
	disown := *options.Bool["disown"]

	var pr, pw *os.File
	proxying := false
	tty := isCtty(int(os.Stdin.Fd()))
	if daemon {
		// stdio is nil
	} else if disown {
		// We are assuming that if stdin is a terminal, it is our controlling
		// terminal. I don't know any way to verify it, but it seems likely.
		if tty {
			// stdin is nil, else they would steal input from tty
		} else {
			spec.Stdin = os.Stdin
		}
		spec.Stdout = os.Stdout
		spec.Stderr = os.Stderr
	} else {
		// interactive
		proxying = tty
		if proxying {
			pr, pw, err = os.Pipe()
			options.FailIf(err, "Can't pipe")
			spec.Stdin = pr
		} else {
			spec.Stdin = os.Stdin
		}
		spec.Stdout = os.Stdout
		spec.Stderr = os.Stderr
		fmt.Fprintf(noise, "[proxying stdin]\n")
	}

	spec.Dir, err = os.Getwd()
	options.FailIf(err, "Can't get working directory")

	// Start catching signals early, buffering a few, so we don't miss any. We
	// don't proxy SIGTTIN. However, we do catch it and stop ourselves, rather
	// than letting the OS stop us. This is necessary so that we can send
	// SIGCONT to the child at the right times.
	// Here is the easy case
	//   we start in background
	//   we fork (output starts going)
	//   we are background, so leave SIGTTIN handling at the default
	//   we read and get SIGTTIN, so are stopped
	//   child is not stopped, it keeps outputting, as desired
	//   upon fg, we get SIGCONT, start dropping SIGTTIN and looping for input and signals
	// Here is the tricky case:
	//   we start in foreground
	//   we fork (output starts going)
	//   we are foreground, so catch and drop SIGTTIN (we use SIGTSTP instead)
	//   we get SIGTSTP via ctrl-z
	//   we send child SIGTSTP, so it stops
	//      [we are still dropping SIGTTIN]
	//   we send ourselves SIGSTOP, so we stop
	//   we get SIGCONT via either bg or fg
	//      [if bg, now furiously catching and dropping SIGTTIN]
	//      [if fg, dropping too, but there should not be any SIGTTIN]
	//   send child the SIGCONT
	//   if we are foreground, so go back to top of loop
	//   if we are background, reset SIGTTIN which causes us to stop
	//
	// The basic invariant we are trying to maintain is that when we are
	// foreground we catch and drop SIGTTIN, allowing us to properly handle
	// SIGTSTP events. There shouldn't be any SIGTTIN anyway, except for the
	// brief moments when we are transitioning to stopped.
	// And when the child is supposed to be running in the background, we should
	// leave the default SIGTTIN behavior, so that the OS will stop our read
	// loop.

	signals := make(chan os.Signal, 10) // some buffering
	signal.Notify(signals,
		syscall.SIGINT,  // Ctrl-C
		syscall.SIGTERM, // SIGINT wannabe (e.g. via kill)
		syscall.SIGQUIT, // Ctrl-\
		syscall.SIGTSTP, // Ctrl-Z
		syscall.SIGHUP,  // tty hangup (e.g. via disown)
		syscall.SIGABRT, // abort (e.g. via kill)
		syscall.SIGUSR1, // user-defined (e.g. via kill)
		syscall.SIGUSR2, // user-defined (e.g. via kill)
	)

	// Start the hosted program
	subprin, pid, err := client.StartHostedProgram(spec)
	options.FailIf(err, "Can't start hosted program")
	fmt.Fprintf(noise, "[started hosted program with pid %d]\n", pid)
	fmt.Fprintf(noise, "[subprin is %v]\n", subprin)

	if pidOut != nil {
		fmt.Fprintln(pidOut, pid)
		pidOut.Close()
	}

	if nameOut != nil {
		fmt.Fprintln(nameOut, subprin)
		nameOut.Close()
	}

	if disown || daemon {
		return
	}

	// Listen for exit status from host
	status := make(chan int, 1)
	go func() {
		s, _ := client.WaitHostedProgram(pid, subprin)
		// For short programs, we often lose the race, so
		// we get a "no such hosted program" error. Ignore it.
		status <- s
	}()

	wasForeground := false
	if proxying && isForeground() {
		fmt.Fprintf(noise, "[in foreground]\n")
		dropSIGTTIN()
		wasForeground = true
	}

	// Proxy stdin, if needed
	if proxying {
		pr.Close()
		go func() {
			_, err := io.Copy(pw, os.Stdin)
			options.WarnIf(err, "Can't copy from stdin to pipe")
			pw.Close()
		}()
	}

	// If we are proxying and (were) background, we should probably
	// have done a read() by now and gotten SIGTTIN and stopped. Let's
	// pause a moment to be sure the read() happens.
	time.Sleep(moment)

	// By this point, if we had been foreground, we might still be. Or, we might
	// have been foreground but just gotten SIGTSTP and are now madly dropping
	// SIGTTIN until we get into the loop below to handle the SIGTSTP.
	//
	// Alternatively, if we had been background, we would have been stopped by
	// the default SIGTTIN, so the only way we would be here is if we later got
	// pulled foreground via fg. We want to be dropping SIGTTIN in case we get a
	// SIGTSTP.
	if proxying && !wasForeground {
		dropSIGTTIN()
	}

	next := cont
	for next != done {
		select {
		case s := <-status:
			fmt.Fprintf(noise, "[hosted program exited, %s]\n", exitCode(s))
			next = done
		case sig := <-signals:
			next = handle(sig, pid)
		}
		if next == resumed && proxying && !isForeground() {
			// Need to toggle SIGTTIN handling and block (that's the only way to
			// stop spinning on SIGTTIN), but only after handling all pending
			// signals (e.g. SIGCONT then SIGHUP, or SIGCONT then SIGTERM).
			for next == resumed {
				select {
				case s := <-status:
					fmt.Fprintf(noise, "[hosted program exited, %s]\n", exitCode(s))
					next = done
				case sig := <-signals:
					next = handle(sig, pid)
					if next == cont {
						next = resumed
					}
				default:
					next = cont
					defaultSIGTTIN()
					time.Sleep(moment)
					dropSIGTTIN()
				}
			}
		}
	}
	signal.Stop(signals)
}