diff options
Diffstat (limited to 'debian/patches/systemd-socket-activation.patch')
| -rw-r--r-- | debian/patches/systemd-socket-activation.patch | 86 |
1 files changed, 71 insertions, 15 deletions
diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch index 9867ccf..d2c5284 100644 --- a/debian/patches/systemd-socket-activation.patch +++ b/debian/patches/systemd-socket-activation.patch @@ -1,4 +1,4 @@ -From d4af38f9aa8f2daa0ae01b994666116f1420d305 Mon Sep 17 00:00:00 2001 +From f01545e3f9350c080a525c246b9d46ba71cb0d09 Mon Sep 17 00:00:00 2001 From: Steve Langasek <steve.langasek@ubuntu.com> Date: Thu, 1 Sep 2022 16:03:37 +0100 Subject: Support systemd socket activation @@ -9,18 +9,32 @@ the child process handle the accept(). This lets us do delayed start of the sshd daemon without becoming incompatible with config options like ClientAliveCountMax. -Last-Update: 2022-09-01 +Author: Colin Watson <cjwatson@debian.org> +Last-Update: 2024-04-03 Patch-Name: systemd-socket-activation.patch --- - sshd.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 75 insertions(+), 14 deletions(-) + configure.ac | 1 + + sshd.c | 131 +++++++++++++++++++++++++++++++++++++++++++++------ + 2 files changed, 118 insertions(+), 14 deletions(-) +diff --git a/configure.ac b/configure.ac +index c7b563ef2..cdfb505bf 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -940,6 +940,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + AC_DEFINE([USE_BTMP]) + AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) + AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) ++ AC_DEFINE([SYSTEMD_SOCKET_ACTIVATION], [1], [Have sshd accept systemd socket activation]) + inet6_default_4in6=yes + case `uname -r` in + 1.*|2.0.*) diff --git a/sshd.c b/sshd.c -index b981e7758..565e17b16 100644 +index a18b85d1d..105c688e4 100644 --- a/sshd.c +++ b/sshd.c -@@ -140,10 +140,16 @@ int deny_severity; +@@ -136,10 +136,18 @@ int deny_severity; #endif /* LIBWRAP */ /* Re-exec fds */ @@ -28,8 +42,10 @@ index b981e7758..565e17b16 100644 -#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) -#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) -+#ifdef HAVE_SYSTEMD -+#define SYSTEMD_OFFSET sd_listen_fds(0) ++#ifdef SYSTEMD_SOCKET_ACTIVATION ++static int get_systemd_listen_fds(void); ++#define SYSTEMD_OFFSET get_systemd_listen_fds() ++#define SYSTEMD_LISTEN_FDS_START 3 +#else +#define SYSTEMD_OFFSET 0 +#endif @@ -41,11 +57,51 @@ index b981e7758..565e17b16 100644 extern char *__progname; -@@ -1020,6 +1026,48 @@ server_accept_inetd(int *sock_in, int *sock_out) +@@ -1016,6 +1024,88 @@ server_accept_inetd(int *sock_in, int *sock_out) debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); } -+#ifdef HAVE_SYSTEMD ++#ifdef SYSTEMD_SOCKET_ACTIVATION ++/* ++ * Get file descriptors passed by systemd; this implements the protocol ++ * described in the NOTES section of sd_listen_fds(3). ++ * ++ * We deliberately return 0 on error, so that the return value can safely be ++ * added as part of the REEXEC_*_FD macros without extra checks. ++ */ ++static int ++get_systemd_listen_fds(void) ++{ ++ const char *listen_pid_str, *listen_fds_str; ++ pid_t listen_pid; ++ int listen_fds; ++ const char *errstr = NULL; ++ int fd; ++ ++ listen_pid_str = getenv("LISTEN_PID"); ++ if (listen_pid_str == NULL) ++ return 0; ++ listen_pid = (pid_t)strtonum(listen_pid_str, 2, INT_MAX, &errstr); ++ if (errstr != NULL || getpid() != listen_pid) ++ return 0; ++ ++ listen_fds_str = getenv("LISTEN_FDS"); ++ if (listen_fds_str == NULL) ++ return 0; ++ listen_fds = (int)strtonum(listen_fds_str, 1, ++ INT_MAX - SYSTEMD_LISTEN_FDS_START, &errstr); ++ if (errstr != NULL) ++ return 0; ++ ++ for (fd = SYSTEMD_LISTEN_FDS_START; ++ fd < SYSTEMD_LISTEN_FDS_START + listen_fds; fd++) { ++ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) ++ return 0; ++ } ++ ++ return listen_fds; ++} ++ +/* + * Configure our socket fds that were passed from systemd + */ @@ -90,11 +146,11 @@ index b981e7758..565e17b16 100644 /* * Listen for TCP connections */ -@@ -1099,22 +1147,35 @@ static void +@@ -1095,22 +1185,35 @@ static void server_listen(void) { u_int i; -+#ifdef HAVE_SYSTEMD ++#ifdef SYSTEMD_SOCKET_ACTIVATION + int systemd_socket_count; +#endif @@ -108,13 +164,13 @@ index b981e7758..565e17b16 100644 - free(options.listen_addrs[i].rdomain); - memset(&options.listen_addrs[i], 0, - sizeof(options.listen_addrs[i])); -+#ifdef HAVE_SYSTEMD -+ systemd_socket_count = sd_listen_fds(0); ++#ifdef SYSTEMD_SOCKET_ACTIVATION ++ systemd_socket_count = get_systemd_listen_fds(); + if (systemd_socket_count > 0) + { + int i; + for (i = 0; i < systemd_socket_count; i++) -+ setup_systemd_socket(SD_LISTEN_FDS_START + i); ++ setup_systemd_socket(SYSTEMD_LISTEN_FDS_START + i); + } else +#endif + { |