diff options
Diffstat (limited to 'src/sysv')
-rw-r--r-- | src/sysv/gentoo/sssd-kcm.in | 21 | ||||
-rw-r--r-- | src/sysv/gentoo/sssd.in | 31 | ||||
-rw-r--r-- | src/sysv/sssd.in | 148 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-autofs.service.in | 19 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-autofs.socket.in | 16 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-ifp.service.in | 14 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-kcm.service.in | 14 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-kcm.socket.in | 9 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-nss.service.in | 15 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-nss.socket.in | 15 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-pac.service.in | 19 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-pac.socket.in | 16 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-pam-priv.socket.in | 19 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-pam.service.in | 19 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-pam.socket.in | 17 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-ssh.service.in | 19 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-ssh.socket.in | 16 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-sudo.service.in | 19 | ||||
-rw-r--r-- | src/sysv/systemd/sssd-sudo.socket.in | 16 | ||||
-rw-r--r-- | src/sysv/systemd/sssd.service.in | 21 |
20 files changed, 483 insertions, 0 deletions
diff --git a/src/sysv/gentoo/sssd-kcm.in b/src/sysv/gentoo/sssd-kcm.in new file mode 100644 index 0000000..c9242bf --- /dev/null +++ b/src/sysv/gentoo/sssd-kcm.in @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v3 + +description="SSSD Kerberos Cache Manager" +command="@libexecdir@/sssd/sssd_kcm" +command_background="true" +command_args="--uid=0 --gid=0 --logger=files ${SSSD_KCM_OPTIONS}" +pidfile="@pidpath@/sssd_kcm.pid" + +start_pre() +{ + "@sbindir@/sssd" --genconf-section=kcm || return $? +} + +depend() +{ + need localmount clock + use syslog + before sssd +} diff --git a/src/sysv/gentoo/sssd.in b/src/sysv/gentoo/sssd.in new file mode 100644 index 0000000..2268786 --- /dev/null +++ b/src/sysv/gentoo/sssd.in @@ -0,0 +1,31 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v3 + + +command="@sbindir@/sssd" +command_args="-D --logger=files ${SSSD_OPTIONS}" +description="System Security Services Daemon" +pidfile="@pidpath@/sssd.pid" +#sssd may take time time to TERMinate so allow som extra time +retry="TERM/60" +extra_started_commands="rotate online offline" + +depend(){ + need localmount clock + use syslog + before xdm +} + +do_sig() { + local sig=$1 ; shift + ebegin "$*" + start-stop-daemon --signal ${sig} --pidfile ${pidfile} + eend $? +} + +rotate() { do_sig HUP "Sends sssd a signal to re-open its log files." ; } + +offline() { do_sig USR1 "Simulate offline" ; } + +online() { do_sig USR2 "Simulate online" ; } diff --git a/src/sysv/sssd.in b/src/sysv/sssd.in new file mode 100644 index 0000000..385785e --- /dev/null +++ b/src/sysv/sssd.in @@ -0,0 +1,148 @@ +#!/bin/sh +# +# +# chkconfig: - 12 88 +# description: Provides a set of daemons to manage access to remote directories +# and authentication mechanisms. It provides an NSS and PAM +# interface toward the system and a pluggable backend system to +# connect to multiple different account sources. It is also the +# basis to provide client auditing and policy services for projects +# like FreeIPA. +# +### BEGIN INIT INFO +# Provides: sssd +# Required-Start: $remote_fs $time +# Should-Start: $syslog +# Should-Stop: $null +# Required-Stop: $null +# Default-Stop: 0 1 6 +# Short-Description: System Security Services Daemon +# Description: Provides a set of daemons to manage access to remote directories +# and authentication mechanisms. It provides an NSS and PAM +# interface toward the system and a pluggable backend system to +# connect to multiple different account sources. It is also the +# basis to provide client auditing and policy services for projects +# like FreeIPA. +### END INIT INFO + +RETVAL=0 +prog="sssd" + +# Source function library. +. /etc/init.d/functions + +if [ -f @environment_file@ ]; then + . @environment_file@ +fi + +SSSD=@sbindir@/sssd + +LOCK_FILE=@localstatedir@/lock/subsys/sssd +PID_FILE=@localstatedir@/run/sssd.pid + +TIMEOUT=15 + +start() { + [ -x $SSSD ] || exit 5 + echo -n $"Starting $prog: " + daemon $SSSD -f -D + RETVAL=$? + echo + [ "$RETVAL" = 0 ] && touch $LOCK_FILE + + # Wait for pidfile creation or timeout + sec=0 + [ "$RETVAL" = 0 ] && while [ $sec -lt $TIMEOUT -a ! -f $PID_FILE ] + do + sleep 1 + sec=$(($sec+1)) + done + + if [ "$sec" = "$TIMEOUT" ]; then + RETVAL=-1 + fi + + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + pid=`cat $PID_FILE` + + killproc -p $PID_FILE $SSSD -TERM + RETVAL=$? + + # Wait until the monitor exits + while (checkpid $pid) + do + usleep 100000 + done + + echo + [ "$RETVAL" = 0 ] && rm -f $LOCK_FILE + return $RETVAL +} + +reload() { + echo -n $"Reloading $prog: " + killproc $SSSD -HUP + RETVAL=$? + echo + return $RETVAL +} + +restart() { + stop + start +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + + stop) + rh_status_q || exit 0 + $1 + ;; + + restart) + $1 + ;; + + reload) + rh_status_q || exit 7 + $1 + ;; + + force-reload) + force_reload + ;; + + status) + rh_status + ;; + + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in new file mode 100644 index 0000000..7f920ad --- /dev/null +++ b/src/sysv/systemd/sssd-autofs.service.in @@ -0,0 +1,19 @@ +[Unit] +Description=SSSD AutoFS Service responder +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +RefuseManualStart=true + +[Install] +Also=sssd-autofs.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_autofs.log +ExecStart=@libexecdir@/sssd/sssd_autofs ${DEBUG_LOGGER} --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in new file mode 100644 index 0000000..201b33d --- /dev/null +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -0,0 +1,16 @@ +[Unit] +Description=SSSD AutoFS Service responder socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r autofs +ListenStream=@pipepath@/autofs +SocketUser=@SSSD_USER@ +SocketGroup=@SSSD_USER@ + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in new file mode 100644 index 0000000..9095da3 --- /dev/null +++ b/src/sysv/systemd/sssd-ifp.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=SSSD IFP Service responder +Documentation=man:sssd-ifp(5) +After=sssd.service +BindsTo=sssd.service + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +Type=dbus +BusName=org.freedesktop.sssd.infopipe +ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER} +CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID +@ifp_restart@ diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in new file mode 100644 index 0000000..2ea2e08 --- /dev/null +++ b/src/sysv/systemd/sssd-kcm.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=SSSD Kerberos Cache Manager +Documentation=man:sssd-kcm(5) +Requires=sssd-kcm.socket +After=sssd-kcm.socket + +[Install] +Also=sssd-kcm.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +ExecStartPre=-@sbindir@/sssd --genconf-section=kcm +ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER} +CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID diff --git a/src/sysv/systemd/sssd-kcm.socket.in b/src/sysv/systemd/sssd-kcm.socket.in new file mode 100644 index 0000000..9066add --- /dev/null +++ b/src/sysv/systemd/sssd-kcm.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD Kerberos Cache Manager responder socket +Documentation=man:sssd-kcm(8) + +[Socket] +ListenStream=@runstatedir@/.heim_org.h5l.kcm-socket + +[Install] +WantedBy=sockets.target diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in new file mode 100644 index 0000000..c671280 --- /dev/null +++ b/src/sysv/systemd/sssd-nss.service.in @@ -0,0 +1,15 @@ +[Unit] +Description=SSSD NSS Service responder +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +RefuseManualStart=true + +[Install] +Also=sssd-nss.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStart=@libexecdir@/sssd/sssd_nss ${DEBUG_LOGGER} --socket-activated +Restart=on-failure diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in new file mode 100644 index 0000000..e5d6eda --- /dev/null +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -0,0 +1,15 @@ +[Unit] +Description=SSSD NSS Service responder socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +Before=sssd-autofs.socket sssd-pac.socket sssd-pam.socket sssd-ssh.socket sssd-sudo.socket +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r nss +ListenStream=@pipepath@/nss + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in new file mode 100644 index 0000000..590449b --- /dev/null +++ b/src/sysv/systemd/sssd-pac.service.in @@ -0,0 +1,19 @@ +[Unit] +Description=SSSD PAC Service responder +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +RefuseManualStart=true + +[Install] +Also=sssd-pac.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pac.log +ExecStart=@libexecdir@/sssd/sssd_pac ${DEBUG_LOGGER} --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in new file mode 100644 index 0000000..40dec44 --- /dev/null +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -0,0 +1,16 @@ +[Unit] +Description=SSSD PAC Service responder socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pac +ListenStream=@pipepath@/pac +SocketUser=@SSSD_USER@ +SocketGroup=@SSSD_USER@ + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in new file mode 100644 index 0000000..27f2cf7 --- /dev/null +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -0,0 +1,19 @@ +[Unit] +Description=SSSD PAM Service responder private socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +BindsTo=sssd-pam.socket +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pam +Service=sssd-pam.service +ListenStream=@pipepath@/private/pam +SocketUser=root +SocketGroup=root +SocketMode=0600 + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in new file mode 100644 index 0000000..f2e9385 --- /dev/null +++ b/src/sysv/systemd/sssd-pam.service.in @@ -0,0 +1,19 @@ +[Unit] +Description=SSSD PAM Service responder +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +RefuseManualStart=true + +[Install] +Also=sssd-pam.socket sssd-pam-priv.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pam.log +ExecStart=@libexecdir@/sssd/sssd_pam ${DEBUG_LOGGER} --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in new file mode 100644 index 0000000..cbbb762 --- /dev/null +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -0,0 +1,17 @@ +[Unit] +Description=SSSD PAM Service responder socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +BindsTo=sssd-pam-priv.socket +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pam +ListenStream=@pipepath@/pam +SocketUser=root +SocketGroup=root + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in new file mode 100644 index 0000000..1c18546 --- /dev/null +++ b/src/sysv/systemd/sssd-ssh.service.in @@ -0,0 +1,19 @@ +[Unit] +Description=SSSD SSH Service responder +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +RefuseManualStart=true + +[Install] +Also=sssd-ssh.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_ssh.log +ExecStart=@libexecdir@/sssd/sssd_ssh ${DEBUG_LOGGER} --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in new file mode 100644 index 0000000..4772ef3 --- /dev/null +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -0,0 +1,16 @@ +[Unit] +Description=SSSD SSH Service responder socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r ssh +ListenStream=@pipepath@/ssh +SocketUser=@SSSD_USER@ +SocketGroup=@SSSD_USER@ + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in new file mode 100644 index 0000000..539fd99 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -0,0 +1,19 @@ +[Unit] +Description=SSSD Sudo Service responder +Documentation=man:sssd.conf(5) man:sssd-sudo(5) +After=sssd.service +BindsTo=sssd.service +RefuseManualStart=true + +[Install] +Also=sssd-sudo.socket + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log +ExecStart=@libexecdir@/sssd/sssd_sudo ${DEBUG_LOGGER} --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in new file mode 100644 index 0000000..e94a2f6 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -0,0 +1,16 @@ +[Unit] +Description=SSSD Sudo Service responder socket +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target + +[Socket] +ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r sudo +ListenStream=@pipepath@/sudo +SocketUser=@SSSD_USER@ +SocketMode=0660 + +[Install] +WantedBy=sssd.service diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in new file mode 100644 index 0000000..79bba20 --- /dev/null +++ b/src/sysv/systemd/sssd.service.in @@ -0,0 +1,21 @@ +[Unit] +Description=System Security Services Daemon +# SSSD must be running before we permit user sessions +Before=systemd-user-sessions.service nss-user-lookup.target +Wants=nss-user-lookup.target +StartLimitIntervalSec=50s +StartLimitBurst=5 +@condconfigexists@ + +[Service] +Environment=DEBUG_LOGGER=--logger=files +EnvironmentFile=-@environment_file@ +ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER} +Type=notify +NotifyAccess=main +PIDFile=@pidpath@/sssd.pid +CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND +Restart=on-abnormal + +[Install] +WantedBy=multi-user.target |