Attachment #1324 for bug #396




20070626
 - matthieu.hautreux@cea.fr
  [session.c] [servconf.h] [servconf.c] [sshd_config] [sshd_config.0]
  [sshd_config.5]
  bug#396 : add an sshd option (RemoteCommandCleanup) that enables to clean
  child processes when remote command connection is closed/lost.
  All processes that share the pgrp of the child (child pid) receive
  a SIGHUP during session close. Default behavior is no.

20070306
 - (djm) OpenBSD CVS Sync
   - jmc@cvs.openbsd.org 2007/03/01 16:19:33

Lines 122-127 initialize_server_options(ServerOptions Link Here

(-)a/servconf.c (+10 lines)
122	options->permit_tun = -1;	122	options->permit_tun = -1;
123	options->num_permitted_opens = -1;	123	options->num_permitted_opens = -1;
124	options->adm_forced_command = NULL;	124	options->adm_forced_command = NULL;
		125	options->remote_command_cleanup = -1;
125	}	126	}
126		127
127	void	128	void
Lines 263-268 fill_default_server_options(ServerOption Link Here
263	}	264	}
264	#endif	265	#endif
265		266
		267	if (options->remote_command_cleanup == -1)
		268	options->remote_command_cleanup = 0;
		269
266	}	270	}
267		271
268	/* Keyword tokens. */	272	/* Keyword tokens. */
Lines 293-298 typedef enum { Link Here
293	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,	297	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
294	sMatch, sPermitOpen, sForceCommand,	298	sMatch, sPermitOpen, sForceCommand,
295	sUsePrivilegeSeparation,	299	sUsePrivilegeSeparation,
		300	sRemoteCommandCleanup,
296	sDeprecated, sUnsupported	301	sDeprecated, sUnsupported
297	} ServerOpCodes;	302	} ServerOpCodes;
298		303
Lines 403-408 static struct { Link Here
403	{ "match", sMatch, SSHCFG_ALL },	408	{ "match", sMatch, SSHCFG_ALL },
404	{ "permitopen", sPermitOpen, SSHCFG_ALL },	409	{ "permitopen", sPermitOpen, SSHCFG_ALL },
405	{ "forcecommand", sForceCommand, SSHCFG_ALL },	410	{ "forcecommand", sForceCommand, SSHCFG_ALL },
		411	{ "remotecommandcleanup", sRemoteCommandCleanup },
406	{ NULL, sBadOption, 0 }	412	{ NULL, sBadOption, 0 }
407	};	413	};
408		414
Lines 1268-1273 parse_flag: Link Here
1268	arg = strdelim(&cp);	1274	arg = strdelim(&cp);
1269	break;	1275	break;
1270		1276
		1277	case sRemoteCommandCleanup:
		1278	intptr = &options->remote_command_cleanup;
		1279	goto parse_flag;
		1280
1271	default:	1281	default:
1272	fatal("%s line %d: Missing handler for opcode %s (%d)",	1282	fatal("%s line %d: Missing handler for opcode %s (%d)",
1273	filename, linenum, arg, opcode);	1283	filename, linenum, arg, opcode);

Lines 141-146 typedef struct { Link Here

(-)a/servconf.h (+4 lines)
141	int permit_tun;	141	int permit_tun;
142		142
143	int num_permitted_opens;	143	int num_permitted_opens;
		144
		145	int remote_command_cleanup; /* If true, send HUP to child process group when session is closed
		146	and no pty was allocated (remote command execution)
		147	*/
144	} ServerOptions;	148	} ServerOptions;
145		149
146	void initialize_server_options(ServerOptions *);	150	void initialize_server_options(ServerOptions *);

Lines 2243-2248 session_close(Session *s) Link Here

(-)a/session.c (+5 lines)
2243	debug("session_close: session %d pid %ld", s->self, (long)s->pid);	2243	debug("session_close: session %d pid %ld", s->self, (long)s->pid);
2244	if (s->ttyfd != -1)	2244	if (s->ttyfd != -1)
2245	session_pty_cleanup(s);	2245	session_pty_cleanup(s);
		2246	else if(s->pid && options.remote_command_cleanup){
		2247	debug("sending signal HUP to process group %u ",s->pid);
		2248	kill(-1*s->pid,SIGHUP);
		2249	}
		2250
2246	if (s->term)	2251	if (s->term)
2247	xfree(s->term);	2252	xfree(s->term);
2248	if (s->display)	2253	if (s->display)

Lines 80-85 Link Here

(-)a/sshd_config (+2 lines)
80	# and ChallengeResponseAuthentication to 'no'.	80	# and ChallengeResponseAuthentication to 'no'.
81	#UsePAM no	81	#UsePAM no
82		82
		83	#RemoteCommandCleanup no
		84
83	#AllowTcpForwarding yes	85	#AllowTcpForwarding yes
84	#GatewayPorts no	86	#GatewayPorts no
85	#X11Forwarding no	87	#X11Forwarding no

Lines 401-406 DESCRIPTION Link Here

(-)a/sshd_config.0 (+5 lines)
401	fault is ``yes''. Note that this option applies to protocol ver-	401	fault is ``yes''. Note that this option applies to protocol ver-
402	sion 2 only.	402	sion 2 only.
403		403
		404	RemoteCommandCleanup
		405	Specifies whether user processes that where launched without pty
		406	and share the same pgrp as the child process pid must be signal
		407	with HUP when connection is closed/lost. The default is ``no''.
		408
404	RhostsRSAAuthentication	409	RhostsRSAAuthentication
405	Specifies whether rhosts or /etc/hosts.equiv authentication to-	410	Specifies whether rhosts or /etc/hosts.equiv authentication to-
406	gether with successful RSA host authentication is allowed. The	411	gether with successful RSA host authentication is allowed. The

Lines 708-713 Specifies whether public key authenticat Link Here

(-)a/sshd_config.5 (+6 lines)
708	The default is	708	The default is
709	.Dq yes .	709	.Dq yes .
710	Note that this option applies to protocol version 2 only.	710	Note that this option applies to protocol version 2 only.
		711	.It Cm RemoteCommandCleanup
		712	Specifies whether user processes that where launched without pty
		713	and share the same pgrp as the child process pid must be signal
		714	with HUP when connection is closed/lost.
		715	The default is
		716	.Dq no .
711	.It Cm RhostsRSAAuthentication	717	.It Cm RhostsRSAAuthentication
712	Specifies whether rhosts or /etc/hosts.equiv authentication together	718	Specifies whether rhosts or /etc/hosts.equiv authentication together
713	with successful RSA host authentication is allowed.	719	with successful RSA host authentication is allowed.

Return to bug 396

Lines 1-3 Link Here

(-)a/ChangeLog (+9 lines)
		1	20070626
		2	- matthieu.hautreux@cea.fr
		3	[session.c] [servconf.h] [servconf.c] [sshd_config] [sshd_config.0]
		4	[sshd_config.5]
		5	bug#396 : add an sshd option (RemoteCommandCleanup) that enables to clean
		6	child processes when remote command connection is closed/lost.
		7	All processes that share the pgrp of the child (child pid) receive
		8	a SIGHUP during session close. Default behavior is no.
		9
1	20070306	10	20070306
2	- (djm) OpenBSD CVS Sync	11	- (djm) OpenBSD CVS Sync
3	- jmc@cvs.openbsd.org 2007/03/01 16:19:33	12	- jmc@cvs.openbsd.org 2007/03/01 16:19:33