135 lines
3.9 KiB
Diff
135 lines
3.9 KiB
Diff
|
# HG changeset patch
|
||
|
# Parent 1ba8782c9cf18b104779c751839f3a2575c87954
|
||
|
Send signals to systemd to prevent various race conditions
|
||
|
bsc#1048367
|
||
|
|
||
|
diff --git a/openssh-7.2p2/configure.ac b/openssh-7.2p2/configure.ac
|
||
|
--- a/openssh-7.2p2/configure.ac
|
||
|
+++ b/openssh-7.2p2/configure.ac
|
||
|
@@ -4326,16 +4326,40 @@ AC_ARG_WITH([kerberos5],
|
||
|
LIBS="$saved_LIBS"
|
||
|
|
||
|
fi
|
||
|
]
|
||
|
)
|
||
|
AC_SUBST([GSSLIBS])
|
||
|
AC_SUBST([K5LIBS])
|
||
|
|
||
|
+# Check whether user wants systemd support
|
||
|
+SYSTEMD_MSG="no"
|
||
|
+AC_ARG_WITH(systemd,
|
||
|
+ [ --with-systemd Enable systemd support],
|
||
|
+ [ if test "x$withval" != "xno" ; then
|
||
|
+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
|
||
|
+ if test "$PKGCONFIG" != "no"; then
|
||
|
+ AC_MSG_CHECKING([for libsystemd])
|
||
|
+ if $PKGCONFIG --exists libsystemd; then
|
||
|
+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
|
||
|
+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
|
||
|
+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
|
||
|
+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
|
||
|
+ AC_MSG_RESULT([yes])
|
||
|
+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
|
||
|
+ SYSTEMD_MSG="yes"
|
||
|
+ else
|
||
|
+ AC_MSG_RESULT([no])
|
||
|
+ fi
|
||
|
+ fi
|
||
|
+ fi ]
|
||
|
+)
|
||
|
+
|
||
|
+
|
||
|
# Looking for programs, paths and files
|
||
|
|
||
|
PRIVSEP_PATH=/var/empty
|
||
|
AC_ARG_WITH([privsep-path],
|
||
|
[ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
|
||
|
[
|
||
|
if test -n "$withval" && test "x$withval" != "xno" && \
|
||
|
test "x${withval}" != "xyes"; then
|
||
|
@@ -5140,16 +5164,17 @@ echo " KerberosV support
|
||
|
echo " SELinux support: $SELINUX_MSG"
|
||
|
echo " Smartcard support: $SCARD_MSG"
|
||
|
echo " S/KEY support: $SKEY_MSG"
|
||
|
echo " MD5 password support: $MD5_MSG"
|
||
|
echo " libedit support: $LIBEDIT_MSG"
|
||
|
echo " Solaris process contract support: $SPC_MSG"
|
||
|
echo " Solaris project support: $SP_MSG"
|
||
|
echo " Solaris privilege support: $SPP_MSG"
|
||
|
+echo " systemd support: $SYSTEMD_MSG"
|
||
|
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
|
||
|
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
|
||
|
echo " BSD Auth support: $BSD_AUTH_MSG"
|
||
|
echo " Random number source: $RAND_MSG"
|
||
|
echo " Privsep sandbox style: $SANDBOX_STYLE"
|
||
|
|
||
|
echo ""
|
||
|
|
||
|
diff --git a/openssh-7.2p2/sshd.c b/openssh-7.2p2/sshd.c
|
||
|
--- a/openssh-7.2p2/sshd.c
|
||
|
+++ b/openssh-7.2p2/sshd.c
|
||
|
@@ -82,16 +82,20 @@
|
||
|
#include "openbsd-compat/openssl-compat.h"
|
||
|
#endif
|
||
|
|
||
|
#ifdef HAVE_SECUREWARE
|
||
|
#include <sys/security.h>
|
||
|
#include <prot.h>
|
||
|
#endif
|
||
|
|
||
|
+#ifdef HAVE_SYSTEMD
|
||
|
+#include <systemd/sd-daemon.h>
|
||
|
+#endif
|
||
|
+
|
||
|
#include "xmalloc.h"
|
||
|
#include "ssh.h"
|
||
|
#include "ssh1.h"
|
||
|
#include "ssh2.h"
|
||
|
#include "rsa.h"
|
||
|
#include "sshpty.h"
|
||
|
#include "packet.h"
|
||
|
#include "log.h"
|
||
|
@@ -328,16 +332,20 @@ sighup_handler(int sig)
|
||
|
|
||
|
/*
|
||
|
* Called from the main program after receiving SIGHUP.
|
||
|
* Restarts the server.
|
||
|
*/
|
||
|
static void
|
||
|
sighup_restart(void)
|
||
|
{
|
||
|
+#ifdef HAVE_SYSTEMD
|
||
|
+ /* Signal systemd that we are reloading */
|
||
|
+ sd_notify(0, "RELOADING=1");
|
||
|
+#endif
|
||
|
logit("Received SIGHUP; restarting.");
|
||
|
platform_pre_restart();
|
||
|
close_listen_socks();
|
||
|
close_startup_pipes();
|
||
|
alarm(0); /* alarm timer persists across exec */
|
||
|
signal(SIGHUP, SIG_IGN); /* will be restored after exec */
|
||
|
execv(saved_argv[0], saved_argv);
|
||
|
logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
|
||
|
@@ -2119,16 +2127,21 @@ main(int ac, char **av)
|
||
|
error("Couldn't create pid file \"%s\": %s",
|
||
|
options.pid_file, strerror(errno));
|
||
|
} else {
|
||
|
fprintf(f, "%ld\n", (long) getpid());
|
||
|
fclose(f);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+#ifdef HAVE_SYSTEMD
|
||
|
+ /* Signal systemd that we are ready to accept connections */
|
||
|
+ sd_notify(0, "READY=1");
|
||
|
+#endif
|
||
|
+
|
||
|
/* Accept a connection and return in a forked child */
|
||
|
server_accept_loop(&sock_in, &sock_out,
|
||
|
&newsock, config_s);
|
||
|
}
|
||
|
|
||
|
/* This is the child processing a new connection. */
|
||
|
setproctitle("%s", "[accepted]");
|
||
|
|