X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=opensshd.init;h=9e76029f7a1991928e53fe30d4233f912e4791a7;hb=982e10691a076e71b4999540ddad8f81ffd1a25a;hp=47112b17d11295d933f8c249ee8de98af0a83b76;hpb=3c573fc010733af2d568465ee44a181aeba4b7b7;p=packages%2Fopenssh.git

diff --git a/opensshd.init b/opensshd.init
old mode 100644
new mode 100755
index 47112b1..9e76029
--- a/opensshd.init
+++ b/opensshd.init
@@ -2,99 +2,155 @@
 #
 # sshd		sshd (secure shell daemon)
 #
-# chkconfig:	345 55 45
+# chkconfig:	345 22 88
 #
-# description:	sshd (secure shell daemon) is a server part of the ssh suite.
-#		Ssh can be used for remote login, remote file copying, TCP port
+# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
+#		Ssh can be used for remote login, remote file copying, TCP port \
 #		forwarding etc. Ssh offers strong encryption and authentication.
 
-
 # Source function library
 . /etc/rc.d/init.d/functions
 
 # Get network config
 . /etc/sysconfig/network
 
+SSHD_OOM_ADJUST=-1000
+PIDFILE=/var/run/sshd.pid
+
 # Get service config
 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
 
 # Check that networking is up.
-if is_no "${NETWORKING}"; then
-        msg_Network_Down OpenSSH
-        exit 1
+if is_yes "${NETWORKING}"; then
+	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
+		msg_network_down "OpenSSH"
+		exit 1
+	fi
+else
+	exit 0
 fi
-			
 
-# See how we were called.
-case "$1" in
-  start)
-	# generate new keys with empty passwords if they do not exist
-	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-	    /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
-	    chmod 600 /etc/ssh/ssh_host_key
-	fi
-	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
-	    /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
-	    chmod 600 /etc/ssh/ssh_host_rsa_key
+adjust_oom() {
+	if [ -e $PIDFILE ]; then
+		for pid in $(cat $PIDFILE); do
+			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
+		done
 	fi
-	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-	    /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
-	    chmod 600 /etc/ssh/ssh_host_dsa_key
+}
+
+checkconfig() {
+	ssh_gen_keys
+	/usr/sbin/sshd -t || exit 1
+}
+
+ssh_gen_keys() {
+	@@LIBEXECDIR@@/sshd-keygen
+}
+
+start() {
+	# Check if the service is already running?
+	if status --pidfile $PIDFILE sshd >/dev/null; then
+		msg_already_running "OpenSSH"
+		return
 	fi
 
-	if [ ! -f /etc/ssh/ssh_host_key ]; then
-		msg_Not_Running OpenSSH
-		nls "No SSH host key found! You must run \"$0 init\" first."
+	checkconfig
+
+	if [ ! -s /etc/ssh/ssh_host_key ]; then
+		msg_not_running "OpenSSH"
+		nls "No SSH host key found! You must run \"%s init\" first." "$0"
 		exit 1
 	fi
 
-	# Check if the service is already running?
+	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
+		OPTIONS="$OPTIONS -4"
+	fi
+	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
+		OPTIONS="$OPTIONS -6"
+	fi
+
+	msg_starting "OpenSSH"
+	daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
+	RETVAL=$?
+	adjust_oom
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+}
+
+stop() {
 	if [ ! -f /var/lock/subsys/sshd ]; then
-		msg_starting OpenSSH
-		daemon /usr/sbin/sshd 
-		RETVAL=$?
-		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd		
-	else
-		msg_Already_Running OpenSSH
+		msg_not_running "OpenSSH"
+		return
 	fi
+
+	msg_stopping "OpenSSH"
+	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
+	# critical service as sshd to kill it by procname, but unfortunately
+	# rc-scripts does not provide way to kill *only* by pidfile
+	start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
+	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
+}
+
+reload() {
+	if [ ! -f /var/lock/subsys/sshd ]; then
+		msg_not_running "OpenSSH"
+		RETVAL=7
+		return
+	fi
+
+	checkconfig
+	msg_reloading "OpenSSH"
+	killproc sshd -HUP
+	RETVAL=$?
+}
+
+condrestart() {
+	if [ ! -f /var/lock/subsys/sshd ]; then
+		msg_not_running "OpenSSH"
+		RETVAL=$1
+		return
+	fi
+
+	checkconfig
+	stop
+	start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+  	start
 	;;
   stop)
-        if [ -f /var/lock/subsys/sshd ]; then
-		msg_stopping OpenSSH
-		killproc sshd
-		rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
-	else
-		msg_Not_Running OpenSSH
-		exit 1
-	fi	
+  	stop
 	;;
   restart)
-	$0 stop
-	$0 start
+	checkconfig
+	stop
+	start
 	;;
-  status)
-	status sshd
-	exit $?
+  try-restart)
+	condrestart 0
+	;;
+  reload|force-reload)
+	reload
+	;;
+  configtest)
+	checkconfig
 	;;
   init)
-	echo "Now the SSH host key will be generated. Please note, that if you"
-	echo "will use password for the key, you will need to type it on each"
-	echo "reboot."
-	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
-	chmod 600 /etc/ssh/ssh_host_key
-	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
-	chmod 600 /etc/ssh/ssh_host_rsa_key
-        /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-	chmod 600 /etc/ssh/ssh_host_dsa_key
-	exit $?
+	nls "Now the SSH host key will be generated. Please note, that if you"
+	nls "will use password for the key, you will need to type it on each"
+	nls "reboot."
+	ssh_gen_keys
 	;;
-  reload)
-	msg_reloading OpenSSH
-	killproc sshd -HUP
+  status)
+	status --pidfile $PIDFILE sshd
+	exit $?
 	;;
   *)
-	msg_Usage "$0 {start|stop|init|status|restart|reload}"
-	exit 1
+	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
+	exit 3
 esac
 
 exit $RETVAL