[openssh-commits] [openssh] branch master updated: notify systemd on listen and reload
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Apr 3 14:42:19 AEDT 2024
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 08f57923 notify systemd on listen and reload
08f57923 is described below
commit 08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c
Author: Damien Miller <djm at mindrot.org>
AuthorDate: Wed Apr 3 14:40:32 2024 +1100
notify systemd on listen and reload
Standalone implementation that does not depend on libsystemd.
With assistance from Luca Boccassi, and feedback/testing from Colin
Watson. bz2641
---
configure.ac | 1 +
openbsd-compat/port-linux.c | 97 ++++++++++++++++++++++++++++++++++++++++++++-
openbsd-compat/port-linux.h | 5 +++
platform.c | 11 +++++
platform.h | 1 +
sshd.c | 2 +
6 files changed, 115 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index c04349f3..2cf16b46 100644
--- a/configure.ac
+++ b/configure.ac
@@ -915,6 +915,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
AC_DEFINE([USE_BTMP])
AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
+ AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload])
inet6_default_4in6=yes
case `uname -r` in
1.*|2.0.*)
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 0457e28d..df729024 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -21,16 +21,23 @@
#include "includes.h"
-#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST)
+#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) || \
+ defined(SYSTEMD_NOTIFY)
+#include <sys/socket.h>
+#include <sys/un.h>
+
#include <errno.h>
+#include <inttypes.h>
#include <stdarg.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
+#include <time.h>
#include "log.h"
#include "xmalloc.h"
#include "port-linux.h"
+#include "misc.h"
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
@@ -310,4 +317,90 @@ oom_adjust_restore(void)
return;
}
#endif /* LINUX_OOM_ADJUST */
-#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
+
+#ifdef SYSTEMD_NOTIFY
+
+static void ssh_systemd_notify(const char *, ...)
+ __attribute__((__format__ (printf, 1, 2))) __attribute__((__nonnull__ (1)));
+
+static void
+ssh_systemd_notify(const char *fmt, ...)
+{
+ char *s = NULL;
+ const char *path;
+ struct stat sb;
+ struct sockaddr_un addr;
+ int fd = -1;
+ va_list ap;
+
+ if ((path = getenv("NOTIFY_SOCKET")) == NULL || strlen(path) == 0)
+ return;
+
+ va_start(ap, fmt);
+ xvasprintf(&s, fmt, ap);
+ va_end(ap);
+
+ /* Only AF_UNIX is supported, with path or abstract sockets */
+ if (path[0] != '/' && path[0] != '@') {
+ error_f("socket \"%s\" is not compatible with AF_UNIX", path);
+ goto out;
+ }
+
+ if (path[0] == '/' && stat(path, &sb) != 0) {
+ error_f("socket \"%s\" stat: %s", path, strerror(errno));
+ goto out;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ if (strlcpy(addr.sun_path, path,
+ sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) {
+ error_f("socket path \"%s\" too long", path);
+ goto out;
+ }
+ /* Support for abstract socket */
+ if (addr.sun_path[0] == '@')
+ addr.sun_path[0] = 0;
+ if ((fd = socket(PF_UNIX, SOCK_DGRAM, 0)) == -1) {
+ error_f("socket \"%s\": %s", path, strerror(errno));
+ goto out;
+ }
+ if (connect(fd, &addr, sizeof(addr)) != 0) {
+ error_f("socket \"%s\" connect: %s", path, strerror(errno));
+ goto out;
+ }
+ if (write(fd, s, strlen(s)) != (ssize_t)strlen(s)) {
+ error_f("socket \"%s\" write: %s", path, strerror(errno));
+ goto out;
+ }
+ debug_f("socket \"%s\" notified %s", path, s);
+ out:
+ if (fd != -1)
+ close(fd);
+ free(s);
+}
+
+void
+ssh_systemd_notify_ready(void)
+{
+ ssh_systemd_notify("READY=1");
+}
+
+void
+ssh_systemd_notify_reload(void)
+{
+ struct timespec now;
+
+ monotime_ts(&now);
+ if (now.tv_sec < 0 || now.tv_nsec < 0) {
+ error_f("monotime returned negative value");
+ ssh_systemd_notify("RELOADING=1");
+ } else {
+ ssh_systemd_notify("RELOADING=1\nMONOTONIC_USEC=%llu",
+ ((uint64_t)now.tv_sec * 1000000ULL) +
+ ((uint64_t)now.tv_nsec / 1000ULL));
+ }
+}
+#endif /* SYSTEMD_NOTIFY */
+
+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST || SYSTEMD_NOTIFY */
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 3c22a854..14064f87 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -30,4 +30,9 @@ void oom_adjust_restore(void);
void oom_adjust_setup(void);
#endif
+#ifdef SYSTEMD_NOTIFY
+void ssh_systemd_notify_ready(void);
+void ssh_systemd_notify_reload(void);
+#endif
+
#endif /* ! _PORT_LINUX_H */
diff --git a/platform.c b/platform.c
index 4fe8744e..9cf81815 100644
--- a/platform.c
+++ b/platform.c
@@ -44,6 +44,14 @@ platform_pre_listen(void)
#endif
}
+void
+platform_post_listen(void)
+{
+#ifdef SYSTEMD_NOTIFY
+ ssh_systemd_notify_ready();
+#endif
+}
+
void
platform_pre_fork(void)
{
@@ -55,6 +63,9 @@ platform_pre_fork(void)
void
platform_pre_restart(void)
{
+#ifdef SYSTEMD_NOTIFY
+ ssh_systemd_notify_reload();
+#endif
#ifdef LINUX_OOM_ADJUST
oom_adjust_restore();
#endif
diff --git a/platform.h b/platform.h
index 7fef8c98..5dec2327 100644
--- a/platform.h
+++ b/platform.h
@@ -21,6 +21,7 @@
void platform_pre_listen(void);
void platform_pre_fork(void);
void platform_pre_restart(void);
+void platform_post_listen(void);
void platform_post_fork_parent(pid_t child_pid);
void platform_post_fork_child(void);
int platform_privileged_uidswap(void);
diff --git a/sshd.c b/sshd.c
index b4f2b974..865331b4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -2077,6 +2077,8 @@ main(int ac, char **av)
ssh_signal(SIGTERM, sigterm_handler);
ssh_signal(SIGQUIT, sigterm_handler);
+ platform_post_listen();
+
/*
* Write out the pid file after the sigterm handler
* is setup and the listen sockets are bound
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list