Client: kill proxy command when exiting application.

2025-04-20 22:24:30 +00:00 · 2015-12-03 16:22:29 +03:00 · 2015-12-03 16:22:29 +03:00 · 960364d953
commit 960364d953
parent f64a50f319
3 changed files with 42 additions and 11 deletions
--- a/cli-main.c
+++ b/cli-main.c
@ -36,7 +36,8 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) A
 static void cli_dropbear_log(int priority, const char* format, va_list param);

 #ifdef ENABLE_CLI_PROXYCMD
-static void cli_proxy_cmd(int *sock_in, int *sock_out);
+static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out);
+static void killchild(int signo);
 #endif

 #if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI)
@ -66,10 +67,16 @@ int main(int argc, char ** argv) {
 		dropbear_exit("signal() error");
 	}

+	pid_t proxy_cmd_pid = 0;
 #ifdef ENABLE_CLI_PROXYCMD
 	if (cli_opts.proxycmd) {
-		cli_proxy_cmd(&sock_in, &sock_out);
+		cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
 		m_free(cli_opts.proxycmd);
+		if (signal(SIGINT, killchild) == SIG_ERR ||
+			signal(SIGTERM, killchild) == SIG_ERR ||
+			signal(SIGHUP, killchild) == SIG_ERR) {
+			dropbear_exit("signal() error");
+		}
 	} else
 #endif
 	{
@ -77,7 +84,7 @@ int main(int argc, char ** argv) {
 		sock_in = sock_out = -1;
 	}

-	cli_session(sock_in, sock_out, progress);
+	cli_session(sock_in, sock_out, progress, proxy_cmd_pid);

 	/* not reached */
 	return -1;
@ -132,16 +139,24 @@ static void exec_proxy_cmd(void *user_data_cmd) {
 }

 #ifdef ENABLE_CLI_PROXYCMD
-static void cli_proxy_cmd(int *sock_in, int *sock_out) {
+static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
 	int ret;

 	fill_passwd(cli_opts.own_user);

 	ret = spawn_command(exec_proxy_cmd, cli_opts.proxycmd,
-			sock_out, sock_in, NULL, NULL);
+			sock_out, sock_in, NULL, pid_out);
 	if (ret == DROPBEAR_FAILURE) {
 		dropbear_exit("Failed running proxy command");
 		*sock_in = *sock_out = -1;
 	}
 }
+
+static void killchild(int signo)
+{
+	kill_proxy_command();
+	if (signo)
+		_exit(1);
+	exit(1);
+}
 #endif /* ENABLE_CLI_PROXYCMD */
--- a/cli-session.c
+++ b/cli-session.c
@ -41,7 +41,7 @@

 static void cli_remoteclosed() ATTRIB_NORETURN;
 static void cli_sessionloop();
-static void cli_session_init();
+static void cli_session_init(pid_t proxy_cmd_pid);
 static void cli_finished() ATTRIB_NORETURN;
 static void recv_msg_service_accept(void);
 static void cli_session_cleanup(void);
@ -104,7 +104,7 @@ void cli_connected(int result, int sock, void* userdata, const char *errstring)
 	update_channel_prio();
 }

-void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) {
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) {

 	common_session_init(sock_in, sock_out);

@ -115,8 +115,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection
 	chaninitialise(cli_chantypes);

 	/* Set up cli_ses vars */
-	cli_session_init();
-
+	cli_session_init(proxy_cmd_pid);

 	/* Ready to go */
 	sessinitdone = 1;
@ -140,7 +139,7 @@ static void cli_send_kex_first_guess() {
 }
 #endif

-static void cli_session_init() {
+static void cli_session_init(pid_t proxy_cmd_pid) {

 	cli_ses.state = STATE_NOTHING;
 	cli_ses.kex_state = KEX_NOTHING;
@ -159,6 +158,8 @@ static void cli_session_init() {

 	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
 									  specific exit status */
+	cli_ses.proxy_cmd_pid = proxy_cmd_pid;
+	TRACE(("proxy command PID='%d'", proxy_cmd_pid));

 	/* Auth */
 	cli_ses.lastprivkey = NULL;
@ -334,12 +335,25 @@ static void cli_sessionloop() {

 }

+void kill_proxy_command(void) {
+	/*
+	 * Send SIGHUP to proxy command if used. We don't wait() in
+	 * case it hangs and instead rely on init to reap the child
+	 */
+	if (cli_ses.proxy_cmd_pid > 1) {
+		TRACE(("killing proxy command with PID='%d'", cli_ses.proxy_cmd_pid));
+		kill(cli_ses.proxy_cmd_pid, SIGHUP);
+	}
+}
+
 static void cli_session_cleanup(void) {

 	if (!sessinitdone) {
 		return;
 	}

+	kill_proxy_command();
+
 	/* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if
 	 * we don't revert the flags */
 	fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
--- a/session.h
+++ b/session.h
@ -61,9 +61,10 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_N
 void svr_dropbear_log(int priority, const char* format, va_list param);

 /* Client */
-void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN;
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) ATTRIB_NORETURN;
 void cli_connected(int result, int sock, void* userdata, const char *errstring);
 void cleantext(char* dirtytext);
+void kill_proxy_command();

 /* crypto parameters that are stored individually for transmit and receive */
 struct key_context_directional {
@ -304,6 +305,7 @@ struct clientsession {
 	struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */
 #endif

+	int proxy_cmd_pid;
 };

 /* Global structs storing the state */