X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=opensshd.init;h=17c2a2b9274cbc7f9c93c502eacb0ddff4a2381d;hb=32322335c5a6f92ca0ff279f48173bfbffd5ecba;hp=7cfea0e59d891e0df7047e35cda4ae299fa3baa3;hpb=9ceb608e2d54e216eff8b6af4b27461b7897a02d;p=packages%2Fopenssh.git

diff --git a/opensshd.init b/opensshd.init
index 7cfea0e..17c2a2b 100644
--- a/opensshd.init
+++ b/opensshd.init
@@ -4,10 +4,11 @@
 #
 # chkconfig:	345 55 45
 #
-# description:	sshd (secure shell daemon) is a server part of the ssh suite.
-#		Ssh can be used for remote login, remote file copying, TCP port
+# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
+#		Ssh can be used for remote login, remote file copying, TCP port \
 #		forwarding etc. Ssh offers strong encryption and authentication.
 
+SSHD_OOM_ADJUST=-17
 
 # Source function library
 . /etc/rc.d/init.d/functions
@@ -19,82 +20,127 @@
 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
 
 # Check that networking is up.
-if is_no "${NETWORKING}"; then
-        msg_network_down OpenSSH
-        exit 1
+if is_yes "${NETWORKING}"; then
+	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
+		msg_network_down OpenSSH
+		exit 1
+	fi
+else
+	exit 0
 fi
-			
 
-# See how we were called.
-case "$1" in
-  start)
+adjust_oom() {
+    if [ -e /var/run/sshd.pid ]; then
+	for pid in $(cat /var/run/sshd.pid); do
+        	if [ -w "/proc/$pid/oom_adj" ]; then
+	            echo "$SSHD_OOM_ADJUST" > "/proc/$pid/oom_adj" 2> /dev/null || :
+	        fi
+	done
+    fi
+}
+
+checkconfig() {
+	/usr/sbin/sshd -t || exit 1
+}
+
+start() {
 	# generate new keys with empty passwords if they do not exist
 	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-	    /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
-	    chmod 600 /etc/ssh/ssh_host_key
+		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
+		chmod 600 /etc/ssh/ssh_host_key
+		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
 	fi
 	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
-	    /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
-	    chmod 600 /etc/ssh/ssh_host_rsa_key
+		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
+		chmod 600 /etc/ssh/ssh_host_rsa_key
+		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
 	fi
 	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-	    /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
-	    chmod 600 /etc/ssh/ssh_host_dsa_key
+		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
+		chmod 600 /etc/ssh/ssh_host_dsa_key
+		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
 	fi
 
+	checkconfig
+
 	if [ ! -f /etc/ssh/ssh_host_key ]; then
 		msg_not_running OpenSSH
-		nls "No SSH host key found! You must run \"$0 init\" first."
+		nls "No SSH host key found! You must run \"%s init\" first." "$0"
 		exit 1
 	fi
 
 	# Check if the service is already running?
 	if [ ! -f /var/lock/subsys/sshd ]; then
 		msg_starting OpenSSH
-		daemon /usr/sbin/sshd 
+		daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd
 		RETVAL=$?
-		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd		
+		adjust_oom
+		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
 	else
 		msg_already_running OpenSSH
 	fi
-	;;
-  stop)
-        if [ -f /var/lock/subsys/sshd ]; then
+}
+
+stop() {
+	if [ -f /var/lock/subsys/sshd ]; then
 		msg_stopping OpenSSH
-		killproc sshd
-		rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
+		# we use start-stop-daemon to stop sshd, as it is unacceptable for such
+		# critical service as sshd to kill it by procname, but unfortunately
+		# rc-scripts does not provide way to kill *only* by pidfile
+		start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
+		rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 	else
 		msg_not_running OpenSSH
-		exit 1
-	fi	
+	fi
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+  	start
+	;;
+  stop)
+  	stop
 	;;
   restart)
-	$0 stop
-	$0 start
+	checkconfig
+	stop
+	start
 	;;
   status)
 	status sshd
 	exit $?
 	;;
   init)
-	echo "Now the SSH host key will be generated. Please note, that if you"
-	echo "will use password for the key, you will need to type it on each"
-	echo "reboot."
+	nls "Now the SSH host key will be generated. Please note, that if you"
+	nls "will use password for the key, you will need to type it on each"
+	nls "reboot."
 	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
+	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
 	chmod 600 /etc/ssh/ssh_host_key
 	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
+	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
 	chmod 600 /etc/ssh/ssh_host_rsa_key
-        /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
+	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
 	chmod 600 /etc/ssh/ssh_host_dsa_key
+	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
 	exit $?
 	;;
-  reload)
-	msg_reloading OpenSSH
-	killproc sshd -HUP
+  reload|force-reload)
+	if [ -f /var/lock/subsys/sshd ]; then
+		checkconfig
+		msg_reloading OpenSSH
+		killproc sshd -HUP
+		RETVAL=$?
+	else
+		msg_not_running OpenSSH
+		exit 7
+	fi
 	;;
   *)
-	msg_usage "$0 {start|stop|init|status|restart|reload}"
-	exit 1
+	msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
+	exit 3
 esac
 
 exit $RETVAL