mirror of
https://github.com/ovh/the-bastion.git
synced 2024-09-20 15:05:58 +08:00
fix: add helpers handling of SIGPIPE/SIGHUP
To avoid having e.g. a group creation interrupted in the middle just because the caller killed their ssh connection while we're still working
This commit is contained in:
parent
1725130a15
commit
2c2f723bbb
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -20,6 +20,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -19,6 +19,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -18,6 +18,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -18,6 +18,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -18,6 +18,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -19,6 +19,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -21,6 +21,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -32,6 +32,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -20,6 +20,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -19,6 +19,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -19,6 +19,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -18,6 +18,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -20,6 +20,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -19,6 +19,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -19,6 +19,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -18,6 +18,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -27,6 +27,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -16,6 +16,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -17,6 +17,8 @@ local $| = 1;
|
|||
#
|
||||
# Globals
|
||||
#
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin';
|
||||
my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$};
|
||||
if (not defined $self) {
|
||||
|
|
|
@ -21,10 +21,7 @@ my $fnret;
|
|||
# Signals
|
||||
#
|
||||
|
||||
$SIG{'INT'} = \&exit_sig;
|
||||
$SIG{'TERM'} = \&exit_sig;
|
||||
$SIG{'SEGV'} = \&exit_sig;
|
||||
$SIG{'HUP'} = \&exit_sig;
|
||||
$SIG{$_} = \&exit_sig for qw{ INT TERM SEGV HUP PIPE };
|
||||
|
||||
#
|
||||
# Do just what is needed before the first call to main_exit in the code flow
|
||||
|
|
|
@ -9,6 +9,9 @@ use lib dirname(__FILE__) . '/../../../../lib/perl';
|
|||
use OVH::Bastion;
|
||||
use OVH::Result;
|
||||
|
||||
$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway)
|
||||
$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal
|
||||
|
||||
$| = 1;
|
||||
|
||||
use Exporter 'import';
|
||||
|
|
|
@ -3,13 +3,14 @@ package OVH::Bastion;
|
|||
|
||||
use common::sense;
|
||||
|
||||
use IO::Handle;
|
||||
use IPC::Open3;
|
||||
use Symbol 'gensym';
|
||||
use IO::Select;
|
||||
use POSIX ":sys_wait_h";
|
||||
use JSON;
|
||||
use Config;
|
||||
use Fcntl 'SEEK_CUR';
|
||||
use IO::Handle;
|
||||
use IO::Select;
|
||||
use IPC::Open3;
|
||||
use JSON;
|
||||
use POSIX ":sys_wait_h";
|
||||
use Symbol 'gensym';
|
||||
|
||||
# Get signal names, i.e. signal 9 is SIGKILL, etc.
|
||||
my %signum2string;
|
||||
|
@ -109,6 +110,9 @@ sub execute {
|
|||
my $currently_in_json_block = 0;
|
||||
my %bytesnb;
|
||||
|
||||
# maximum number of warns() to call, to avoid flooding the logs
|
||||
my $warnLimit = 5;
|
||||
|
||||
# always monitor our child stdout and stderr
|
||||
my $select = IO::Select->new($child_stdout, $child_stderr);
|
||||
binmode $child_stdin;
|
||||
|
@ -185,8 +189,19 @@ sub execute {
|
|||
my $written = syswrite STDERR, $buffer, $readsize, $offset;
|
||||
if (not defined $written) {
|
||||
|
||||
# oww, abort writing for this cycle
|
||||
warn("execute(): error while syswriting($!) on stderr, aborting this cycle");
|
||||
# is the fd still open? (maybe we got a SIGPIPE or a SIGHUP)
|
||||
# don't use tell() here, we use syseek() for unbuffered i/o,
|
||||
# note that if we're at the position "0", it's still true (see doc).
|
||||
my $previousError = $!;
|
||||
if (!sysseek(STDERR, 0, SEEK_CUR)) {
|
||||
warn("execute(): error while syswriting($previousError/$!) on stderr, the filehandle is closed, will no longer attempt to write to it")
|
||||
if $warnLimit-- > 0;
|
||||
$noisy_stderr = 0;
|
||||
}
|
||||
else {
|
||||
# oww, abort writing for this cycle
|
||||
warn("execute(): error while syswriting($previousError) on stderr, aborting this cycle") if $warnLimit-- > 0;
|
||||
}
|
||||
last;
|
||||
}
|
||||
$offset += $written;
|
||||
|
@ -223,8 +238,19 @@ sub execute {
|
|||
my $written = syswrite STDOUT, $buffer, $readsize, $offset;
|
||||
if (not defined $written) {
|
||||
|
||||
# oww, abort writing for this cycle
|
||||
warn("execute(): error while syswriting($!) on stdout, aborting this cycle");
|
||||
# is the fd still open? (maybe we got a SIGPIPE or a SIGHUP)
|
||||
# don't use tell() here, we use syseek() for unbuffered i/o,
|
||||
# note that if we're at the position "0", it's still true (see doc).
|
||||
my $previousError = $!;
|
||||
if (!sysseek(STDOUT, 0, SEEK_CUR)) {
|
||||
warn("execute(): error while syswriting($previousError/$!) on stdout, the filehandle is closed, will no longer attempt to write to it")
|
||||
if $warnLimit-- > 0;
|
||||
$noisy_stdout = 0;
|
||||
}
|
||||
else {
|
||||
# oww, abort writing for this cycle
|
||||
warn("execute(): error while syswriting($previousError) on stdout, aborting this cycle") if $warnLimit-- > 0;
|
||||
}
|
||||
last;
|
||||
}
|
||||
$offset += $written;
|
||||
|
|
Loading…
Reference in a new issue