This patch adds the seatbelts which _only_ kill parent sshd procs... -RMallory
(eg: when you ssh into a machine and pkgadd the new openssh, it will not
kill your current (or anyone else's sshd session)
onanother_note: the buildpkg.sh could use some exec_prefix functionality...
to deal with ./configure --prefix= --exec_prefix=/usr
*** bak/opensshd.in Fri Oct 19 13:36:24 2001
--- opensshd.in Fri Jan 18 11:47:10 2002
***************
*** 8,16 ****
KILL=/usr/bin/kill
PS=/usr/bin/ps
XARGS=/usr/bin/xargs
prefix=%%openSSHDir%%
--- 8,19 ----
KILL=/usr/bin/kill
PS=/usr/bin/ps
XARGS=/usr/bin/xargs
+ FGREP=/usr/bin/fgrep
+ EGREP=/usr/bin/egrep
+ ME=`/usr/bin/basename $0`
prefix=%%openSSHDir%%
***************
*** 22,29 ****
killproc() {
_procname=$1
! _signal=$2
! ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' | ${XARGS} ${KILL}
}
--- 25,42 ----
killproc() {
_procname=$1
!
! #The next line finds only the parent of $_procname if it exists
! PID=`${PS} -le -u root| ${FGREP} $_procname | ${EGREP} -v ${ME} \
! | ${AWK} '{print $5}' | ${EGREP} -v "^1$" |
uniq `
!
! if [ -z "$PID" ] ; then
! echo "No parent sshd process found..."
! PID=`${PS} -u root | ${AWK}
'/'"$_procname"'$/ {print $1}'`
! test -z "$PID" && /usr/bin/echo "No sshd
children found..."
! test -z "$PID" || /usr/bin/echo "Not killing these
sshd children: \n$PID"
! else echo "Killing $PID" ; ${KILL} ${PID}
! fi
}
On Fri, 18 Jan 2002, Rob Mallory wrote:> This patch adds the seatbelts which _only_ kill parent sshd procs... -RMallory > (eg: when you ssh into a machine and pkgadd the new openssh, it will not > kill your current (or anyone else's sshd session) > > onanother_note: the buildpkg.sh could use some exec_prefix functionality... > to deal with ./configure --prefix= --exec_prefix=/usr >It should handle them. Can you give me a case wher eit does not? Since the buildpkg.sh is fake root based any --*prefix* options should work naturally. I would perfer the patch in -u format, but I'll look it over. - Ben
Here's a bit simpler change that accomplishes the same task:
--- ./opensshd.in.old Fri Jan 18 15:47:21 2002
+++ ./opensshd.in Fri Jan 18 15:47:00 2002
@@ -23,7 +23,9 @@
killproc() {
_procname=$1
_signal=$2
- ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' | ${XARGS} ${KILL}
+ ${PS} -opid,ppid,fname -u root |\
+ ${AWK} '/'"$_procname"'$/ {if ($2 == "1")
{print $1}}' |\
+ ${XARGS} ${KILL} -s $_signal
}
Zoran
--
Zoran Milojevic
SS8 Networks Inc. http://www.ss8.com
"One Better"
Tel: +1-613-592-2100/x3231 Fax: +1-613-592-9634
> -----Original Message-----
> From: Rob Mallory [mailto:rmallory at ensemblecom.com]
> Sent: January 18, 2002 15:02
> To: openssh-unix-dev at mindrot.org
> Subject: contrib/solaris/opensshd.in patch
>
>
> This patch adds the seatbelts which _only_ kill parent sshd
> procs... -RMallory
> (eg: when you ssh into a machine and pkgadd the new openssh,
> it will not
> kill your current (or anyone else's sshd session)
>
> onanother_note: the buildpkg.sh could use some exec_prefix
> functionality...
> to deal with ./configure --prefix= --exec_prefix=/usr
>
> *** bak/opensshd.in Fri Oct 19 13:36:24 2001
> --- opensshd.in Fri Jan 18 11:47:10 2002
> ***************
> *** 8,16 ****
> KILL=/usr/bin/kill
> PS=/usr/bin/ps
> XARGS=/usr/bin/xargs
>
> prefix=%%openSSHDir%%
> --- 8,19 ----
> KILL=/usr/bin/kill
> PS=/usr/bin/ps
> XARGS=/usr/bin/xargs
> + FGREP=/usr/bin/fgrep
> + EGREP=/usr/bin/egrep
> + ME=`/usr/bin/basename $0`
>
> prefix=%%openSSHDir%%
> ***************
> *** 22,29 ****
>
> killproc() {
> _procname=$1
> ! _signal=$2
> ! ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' |
> ${XARGS} ${KILL}
> }
>
>
> --- 25,42 ----
>
> killproc() {
> _procname=$1
> !
> ! #The next line finds only the parent of $_procname if it exists
> ! PID=`${PS} -le -u root| ${FGREP} $_procname | ${EGREP} -v ${ME} \
> ! | ${AWK} '{print $5}' | ${EGREP} -v
"^1$" | uniq `
> !
> ! if [ -z "$PID" ] ; then
> ! echo "No parent sshd process found..."
> ! PID=`${PS} -u root | ${AWK}
'/'"$_procname"'$/
> {print $1}'`
> ! test -z "$PID" && /usr/bin/echo "No
sshd
> children found..."
> ! test -z "$PID" || /usr/bin/echo "Not killing
> these sshd children: \n$PID"
> ! else echo "Killing $PID" ; ${KILL} ${PID}
> ! fi
> }
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020118/d35d96f4/attachment.html
Did you try it? it seems to kill all sshd's here.
specificaly, you (or at least I)_don't_ want to kill anything where
$2=="1"
from the ps -opid,ppid,fname line to be killed.
also I don't want to kill parents of any procs called "opensshd"
which is the name of the script.
-Rob
-----Original Message-----
From: Zoran Milojevic [mailto:Zoran.Milojevic at SS8.com]
Sent: Friday, January 18, 2002 1:04 PM
To: openssh-unix-dev at shitei.mindrot.org
Cc: 'Rob Mallory'
Subject: RE: contrib/solaris/opensshd.in patch
Here's a bit simpler change that accomplishes the same task:
--- ./opensshd.in.old Fri Jan 18 15:47:21 2002
+++ ./opensshd.in Fri Jan 18 15:47:00 2002
@@ -23,7 +23,9 @@
killproc() {
_procname=$1
_signal=$2
- ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' | ${XARGS} ${KILL}
+ ${PS} -opid,ppid,fname -u root |\
+ ${AWK} '/'"$_procname"'$/ {if ($2 == "1")
{print $1}}' |\
+ ${XARGS} ${KILL} -s $_signal
}
Zoran
--
Zoran Milojevic
SS8 Networks Inc. http://www.ss8.com <http://www.ss8.com>
"One Better"
Tel: +1-613-592-2100/x3231 Fax: +1-613-592-9634
> -----Original Message-----
> From: Rob Mallory [ mailto:rmallory at ensemblecom.com
<mailto:rmallory at ensemblecom.com> ] > Sent: January 18, 2002 15:02
> To: openssh-unix-dev at mindrot.org
> Subject: contrib/solaris/opensshd.in patch
>
>
> This patch adds the seatbelts which _only_ kill parent sshd
> procs... -RMallory
> (eg: when you ssh into a machine and pkgadd the new openssh,
> it will not
> kill your current (or anyone else's sshd session)
>
> onanother_note: the buildpkg.sh could use some exec_prefix
> functionality...
> to deal with ./configure --prefix= --exec_prefix=/usr
>
> *** bak/opensshd.in Fri Oct 19 13:36:24 2001
> --- opensshd.in Fri Jan 18 11:47:10 2002
> ***************
> *** 8,16 ****
> KILL=/usr/bin/kill
> PS=/usr/bin/ps
> XARGS=/usr/bin/xargs
>
> prefix=%%openSSHDir%%
> --- 8,19 ----
> KILL=/usr/bin/kill
> PS=/usr/bin/ps
> XARGS=/usr/bin/xargs
> + FGREP=/usr/bin/fgrep
> + EGREP=/usr/bin/egrep
> + ME=`/usr/bin/basename $0`
>
> prefix=%%openSSHDir%%
> ***************
> *** 22,29 ****
>
> killproc() {
> _procname=$1
> ! _signal=$2
> ! ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' |
> ${XARGS} ${KILL}
> }
>
>
> --- 25,42 ----
>
> killproc() {
> _procname=$1
> !
> ! #The next line finds only the parent of $_procname if it exists
> ! PID=`${PS} -le -u root| ${FGREP} $_procname | ${EGREP} -v ${ME} \
> ! | ${AWK} '{print $5}' | ${EGREP} -v
"^1$" | uniq `
> !
> ! if [ -z "$PID" ] ; then
> ! echo "No parent sshd process found..."
> ! PID=`${PS} -u root | ${AWK}
'/'"$_procname"'$/
> {print $1}'`
> ! test -z "$PID" && /usr/bin/echo "No
sshd
> children found..."
> ! test -z "$PID" || /usr/bin/echo "Not killing
> these sshd children: \n$PID"
> ! else echo "Killing $PID" ; ${KILL} ${PID}
> ! fi
> }
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
<http://www.mindrot.org/mailman/listinfo/openssh-unix-dev>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020118/8e62832e/attachment.html
Hmmm.. you are right. Dunno what I omitted when
cut n pasted your (nice and unbloated) version.
...and yes, I do want to kill the one who $ppid=1,
{was stuck in thinking ass-backwards like my example}
yeppers.....
anyways, I hope people agree this'd be nice to have
in the tree..... it saved my butt a few times in the past...
-----Original Message-----
From: Rob Mallory [mailto:rmallory at ensemble.com]
Sent: Friday, January 18, 2002 1:23 PM
To: 'Zoran Milojevic'; openssh-unix-dev at shitei.mindrot.org
Cc: 'Rob Mallory'
Subject: RE: contrib/solaris/opensshd.in patch
Did you try it? it seems to kill all sshd's here.
specificaly, you (or at least I)_don't_ want to kill anything where
$2=="1"
from the ps -opid,ppid,fname line to be killed.
also I don't want to kill parents of any procs called "opensshd"
which is the name of the script.
-Rob
-----Original Message-----
From: Zoran Milojevic [mailto:Zoran.Milojevic at SS8.com]
Sent: Friday, January 18, 2002 1:04 PM
To: openssh-unix-dev at shitei.mindrot.org
Cc: 'Rob Mallory'
Subject: RE: contrib/solaris/opensshd.in patch
Here's a bit simpler change that accomplishes the same task:
--- ./opensshd.in.old Fri Jan 18 15:47:21 2002
+++ ./opensshd.in Fri Jan 18 15:47:00 2002
@@ -23,7 +23,9 @@
killproc() {
_procname=$1
_signal=$2
- ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' | ${XARGS} ${KILL}
+ ${PS} -opid,ppid,fname -u root |\
+ ${AWK} '/'"$_procname"'$/ {if ($2 == "1")
{print $1}}' |\
+ ${XARGS} ${KILL} -s $_signal
}
Zoran
--
Zoran Milojevic
SS8 Networks Inc. http://www.ss8.com <http://www.ss8.com>
"One Better"
Tel: +1-613-592-2100/x3231 Fax: +1-613-592-9634
> -----Original Message-----
> From: Rob Mallory [ mailto:rmallory at ensemblecom.com
<mailto:rmallory at ensemblecom.com> ] > Sent: January 18, 2002 15:02
> To: openssh-unix-dev at mindrot.org
> Subject: contrib/solaris/opensshd.in patch
>
>
> This patch adds the seatbelts which _only_ kill parent sshd
> procs... -RMallory
> (eg: when you ssh into a machine and pkgadd the new openssh,
> it will not
> kill your current (or anyone else's sshd session)
>
> onanother_note: the buildpkg.sh could use some exec_prefix
> functionality...
> to deal with ./configure --prefix= --exec_prefix=/usr
>
> *** bak/opensshd.in Fri Oct 19 13:36:24 2001
> --- opensshd.in Fri Jan 18 11:47:10 2002
> ***************
> *** 8,16 ****
> KILL=/usr/bin/kill
> PS=/usr/bin/ps
> XARGS=/usr/bin/xargs
>
> prefix=%%openSSHDir%%
> --- 8,19 ----
> KILL=/usr/bin/kill
> PS=/usr/bin/ps
> XARGS=/usr/bin/xargs
> + FGREP=/usr/bin/fgrep
> + EGREP=/usr/bin/egrep
> + ME=`/usr/bin/basename $0`
>
> prefix=%%openSSHDir%%
> ***************
> *** 22,29 ****
>
> killproc() {
> _procname=$1
> ! _signal=$2
> ! ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' |
> ${XARGS} ${KILL}
> }
>
>
> --- 25,42 ----
>
> killproc() {
> _procname=$1
> !
> ! #The next line finds only the parent of $_procname if it exists
> ! PID=`${PS} -le -u root| ${FGREP} $_procname | ${EGREP} -v ${ME} \
> ! | ${AWK} '{print $5}' | ${EGREP} -v
"^1$" | uniq `
> !
> ! if [ -z "$PID" ] ; then
> ! echo "No parent sshd process found..."
> ! PID=`${PS} -u root | ${AWK}
'/'"$_procname"'$/
> {print $1}'`
> ! test -z "$PID" && /usr/bin/echo "No
sshd
> children found..."
> ! test -z "$PID" || /usr/bin/echo "Not killing
> these sshd children: \n$PID"
> ! else echo "Killing $PID" ; ${KILL} ${PID}
> ! fi
> }
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
<http://www.mindrot.org/mailman/listinfo/openssh-unix-dev>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020118/ef98ef53/attachment.html
Zoran Milojevic
2002-Jan-22 22:38 UTC
[openssh-unix-dev] Re: contrib/solaris/opensshd.in patch
Here's a try for the PID thing; I also included a startup check for
a running sshd, just for the kicks.
Z
--- opensshd.in.old Fri Jan 18 15:47:21 2002
+++ opensshd.in.new Tue Jan 22 17:33:42 2002
@@ -3,11 +3,9 @@
#
# Stripped PRNGd out of it for the time being.
-AWK=/usr/bin/awk
CAT=/usr/bin/cat
KILL=/usr/bin/kill
PS=/usr/bin/ps
-XARGS=/usr/bin/xargs
prefix=%%openSSHDir%%
etcdir=%%configDir%%
@@ -20,12 +18,6 @@
HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
-killproc() {
- _procname=$1
- _signal=$2
- ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print
$1}' | ${XARGS} ${KILL}
-}
-
checkkeys() {
if [ ! -f $HOST_KEY_RSA1 ]; then
@@ -39,21 +31,38 @@
fi
}
-stop_service() {
+find_pid() {
if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
PID=`${CAT} ${PIDFILE}`
fi
if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
- ${KILL} ${PID}
+ PROC=`${PS} -ofname= -p $PID`
+ if [ "${PROC}" = "`basename $SSHD`" ]; then
+ return
+ fi
+ fi
+ PID=0
+}
+
+
+stop_service() {
+ find_pid
+ if [ ${PID} -gt 1 ]; then
+ ${KILL} ${PID}
else
- echo "Unable to read PID file, killing using alternate
method"
- killproc sshd TERM
+ echo "Unable to locate the master sshd process."
+ echo "You may have to manually kill it later."
fi
}
start_service() {
- # XXX We really should check if the service is already going, but
- # XXX we will opt out at this time. - Bal
+ find_pid
+ if [ ${PID} -gt 1 ]; then
+ # XXX do we kill running sshd, or abort here?
+ # ${KILL} ${PID}
+ echo "sshd already running - use 'restart' to
restart."
+ return
+ fi
# Check to see if we have keys that need to be made
checkkeys
--
Zoran Milojevic
SS8 Networks Inc. http://www.ss8.com
"One Better"
Tel: +1-613-592-2100/x3231 Fax: +1-613-592-9634
> -----Original Message-----
> From: mouring at etoh.eviladmin.org [mailto:mouring at etoh.eviladmin.org]
> Sent: January 21, 2002 00:36
> To: Frank Cusack
> Cc: David Bronder; openssh-unix-dev at mindrot.org
> Subject: Re: [openssh-unix-dev] Re: contrib/solaris/opensshd.in patch
>
>
>
> <Nod> And if someone does not send a patch by Wed.. I'll
> write my own and
> commit it with the exec-prefix change.
>
> - Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020122/f48e68ac/attachment.html