X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=opensshd.init;h=a6cf16ed9bbf17b16ab0a780a7d24ab181835445;hb=141073f06fbbceb748012bfaa742b8197ebd2c94;hp=58808bcf963e7a57dce1d7375f1a44303bcdfe39;hpb=4ac098e43e9f70522a0f3352e6817dc24e93bc21;p=packages%2Fopenssh.git

diff --git a/opensshd.init b/opensshd.init
index 58808bc..a6cf16e 100644
--- a/opensshd.init
+++ b/opensshd.init
@@ -8,6 +8,7 @@
 #		Ssh can be used for remote login, remote file copying, TCP port \
 #		forwarding etc. Ssh offers strong encryption and authentication.
 
+SSHD_OOM_ADJUST=-17
 
 # Source function library
 . /etc/rc.d/init.d/functions
@@ -27,11 +28,20 @@ if is_yes "${NETWORKING}"; then
 else
 	exit 0
 fi
-			
-RETVAL=0
-# See how we were called.
-case "$1" in
-  start)
+
+adjust_oom() {
+	if [ -e /var/run/sshd.pid ]; then
+		for pid in $(cat /var/run/sshd.pid); do
+			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
+		done
+	fi
+}
+
+checkconfig() {
+	/usr/sbin/sshd -t || exit 1
+}
+
+start() {
 	# generate new keys with empty passwords if they do not exist
 	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
 		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
@@ -49,6 +59,8 @@ case "$1" in
 		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
 	fi
 
+	checkconfig
+
 	if [ ! -f /etc/ssh/ssh_host_key ]; then
 		msg_not_running OpenSSH
 		nls "No SSH host key found! You must run \"%s init\" first." "$0"
@@ -58,26 +70,41 @@ case "$1" in
 	# Check if the service is already running?
 	if [ ! -f /var/lock/subsys/sshd ]; then
 		msg_starting OpenSSH
-		daemon /usr/sbin/sshd 
+		daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd
 		RETVAL=$?
-		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd		
+		adjust_oom
+		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
 	else
 		msg_already_running OpenSSH
 	fi
-	;;
-  stop)
+}
+
+stop() {
 	if [ -f /var/lock/subsys/sshd ]; then
 		msg_stopping OpenSSH
-		killproc sshd
-		rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
+		# we use start-stop-daemon to stop sshd, as it is unacceptable for such
+		# critical service as sshd to kill it by procname, but unfortunately
+		# rc-scripts does not provide way to kill *only* by pidfile
+		start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
+		rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 	else
 		msg_not_running OpenSSH
-	fi	
+	fi
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+  	start
+	;;
+  stop)
+  	stop
 	;;
   restart)
-	$0 stop
-	$0 start
-	exit $?
+	checkconfig
+	stop
+	start
 	;;
   status)
 	status sshd
@@ -100,11 +127,12 @@ case "$1" in
 	;;
   reload|force-reload)
 	if [ -f /var/lock/subsys/sshd ]; then
+		checkconfig
 		msg_reloading OpenSSH
 		killproc sshd -HUP
 		RETVAL=$?
 	else
-		msg_not_running OpenSSH >&2
+		msg_not_running OpenSSH
 		exit 7
 	fi
 	;;