summaryrefslogtreecommitdiffstats
path: root/src/sysv
diff options
context:
space:
mode:
Diffstat (limited to 'src/sysv')
-rw-r--r--src/sysv/gentoo/sssd-kcm.in21
-rw-r--r--src/sysv/gentoo/sssd.in31
-rw-r--r--src/sysv/sssd.in148
-rw-r--r--src/sysv/systemd/sssd-autofs.service.in19
-rw-r--r--src/sysv/systemd/sssd-autofs.socket.in16
-rw-r--r--src/sysv/systemd/sssd-ifp.service.in14
-rw-r--r--src/sysv/systemd/sssd-kcm.service.in14
-rw-r--r--src/sysv/systemd/sssd-kcm.socket.in9
-rw-r--r--src/sysv/systemd/sssd-nss.service.in15
-rw-r--r--src/sysv/systemd/sssd-nss.socket.in15
-rw-r--r--src/sysv/systemd/sssd-pac.service.in19
-rw-r--r--src/sysv/systemd/sssd-pac.socket.in16
-rw-r--r--src/sysv/systemd/sssd-pam-priv.socket.in19
-rw-r--r--src/sysv/systemd/sssd-pam.service.in19
-rw-r--r--src/sysv/systemd/sssd-pam.socket.in17
-rw-r--r--src/sysv/systemd/sssd-ssh.service.in19
-rw-r--r--src/sysv/systemd/sssd-ssh.socket.in16
-rw-r--r--src/sysv/systemd/sssd-sudo.service.in19
-rw-r--r--src/sysv/systemd/sssd-sudo.socket.in16
-rw-r--r--src/sysv/systemd/sssd.service.in21
20 files changed, 483 insertions, 0 deletions
diff --git a/src/sysv/gentoo/sssd-kcm.in b/src/sysv/gentoo/sssd-kcm.in
new file mode 100644
index 0000000..c9242bf
--- /dev/null
+++ b/src/sysv/gentoo/sssd-kcm.in
@@ -0,0 +1,21 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v3
+
+description="SSSD Kerberos Cache Manager"
+command="@libexecdir@/sssd/sssd_kcm"
+command_background="true"
+command_args="--uid=0 --gid=0 --logger=files ${SSSD_KCM_OPTIONS}"
+pidfile="@pidpath@/sssd_kcm.pid"
+
+start_pre()
+{
+ "@sbindir@/sssd" --genconf-section=kcm || return $?
+}
+
+depend()
+{
+ need localmount clock
+ use syslog
+ before sssd
+}
diff --git a/src/sysv/gentoo/sssd.in b/src/sysv/gentoo/sssd.in
new file mode 100644
index 0000000..2268786
--- /dev/null
+++ b/src/sysv/gentoo/sssd.in
@@ -0,0 +1,31 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v3
+
+
+command="@sbindir@/sssd"
+command_args="-D --logger=files ${SSSD_OPTIONS}"
+description="System Security Services Daemon"
+pidfile="@pidpath@/sssd.pid"
+#sssd may take time time to TERMinate so allow som extra time
+retry="TERM/60"
+extra_started_commands="rotate online offline"
+
+depend(){
+ need localmount clock
+ use syslog
+ before xdm
+}
+
+do_sig() {
+ local sig=$1 ; shift
+ ebegin "$*"
+ start-stop-daemon --signal ${sig} --pidfile ${pidfile}
+ eend $?
+}
+
+rotate() { do_sig HUP "Sends sssd a signal to re-open its log files." ; }
+
+offline() { do_sig USR1 "Simulate offline" ; }
+
+online() { do_sig USR2 "Simulate online" ; }
diff --git a/src/sysv/sssd.in b/src/sysv/sssd.in
new file mode 100644
index 0000000..385785e
--- /dev/null
+++ b/src/sysv/sssd.in
@@ -0,0 +1,148 @@
+#!/bin/sh
+#
+#
+# chkconfig: - 12 88
+# description: Provides a set of daemons to manage access to remote directories
+# and authentication mechanisms. It provides an NSS and PAM
+# interface toward the system and a pluggable backend system to
+# connect to multiple different account sources. It is also the
+# basis to provide client auditing and policy services for projects
+# like FreeIPA.
+#
+### BEGIN INIT INFO
+# Provides: sssd
+# Required-Start: $remote_fs $time
+# Should-Start: $syslog
+# Should-Stop: $null
+# Required-Stop: $null
+# Default-Stop: 0 1 6
+# Short-Description: System Security Services Daemon
+# Description: Provides a set of daemons to manage access to remote directories
+# and authentication mechanisms. It provides an NSS and PAM
+# interface toward the system and a pluggable backend system to
+# connect to multiple different account sources. It is also the
+# basis to provide client auditing and policy services for projects
+# like FreeIPA.
+### END INIT INFO
+
+RETVAL=0
+prog="sssd"
+
+# Source function library.
+. /etc/init.d/functions
+
+if [ -f @environment_file@ ]; then
+ . @environment_file@
+fi
+
+SSSD=@sbindir@/sssd
+
+LOCK_FILE=@localstatedir@/lock/subsys/sssd
+PID_FILE=@localstatedir@/run/sssd.pid
+
+TIMEOUT=15
+
+start() {
+ [ -x $SSSD ] || exit 5
+ echo -n $"Starting $prog: "
+ daemon $SSSD -f -D
+ RETVAL=$?
+ echo
+ [ "$RETVAL" = 0 ] && touch $LOCK_FILE
+
+ # Wait for pidfile creation or timeout
+ sec=0
+ [ "$RETVAL" = 0 ] && while [ $sec -lt $TIMEOUT -a ! -f $PID_FILE ]
+ do
+ sleep 1
+ sec=$(($sec+1))
+ done
+
+ if [ "$sec" = "$TIMEOUT" ]; then
+ RETVAL=-1
+ fi
+
+ return $RETVAL
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ pid=`cat $PID_FILE`
+
+ killproc -p $PID_FILE $SSSD -TERM
+ RETVAL=$?
+
+ # Wait until the monitor exits
+ while (checkpid $pid)
+ do
+ usleep 100000
+ done
+
+ echo
+ [ "$RETVAL" = 0 ] && rm -f $LOCK_FILE
+ return $RETVAL
+}
+
+reload() {
+ echo -n $"Reloading $prog: "
+ killproc $SSSD -HUP
+ RETVAL=$?
+ echo
+ return $RETVAL
+}
+
+restart() {
+ stop
+ start
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ # run checks to determine if the service is running or use generic status
+ status $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+
+ restart)
+ $1
+ ;;
+
+ reload)
+ rh_status_q || exit 7
+ $1
+ ;;
+
+ force-reload)
+ force_reload
+ ;;
+
+ status)
+ rh_status
+ ;;
+
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in
new file mode 100644
index 0000000..7f920ad
--- /dev/null
+++ b/src/sysv/systemd/sssd-autofs.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSSD AutoFS Service responder
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+RefuseManualStart=true
+
+[Install]
+Also=sssd-autofs.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_autofs.log
+ExecStart=@libexecdir@/sssd/sssd_autofs ${DEBUG_LOGGER} --socket-activated
+Restart=on-failure
+User=@SSSD_USER@
+Group=@SSSD_USER@
+PermissionsStartOnly=true
diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in
new file mode 100644
index 0000000..201b33d
--- /dev/null
+++ b/src/sysv/systemd/sssd-autofs.socket.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=SSSD AutoFS Service responder socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r autofs
+ListenStream=@pipepath@/autofs
+SocketUser=@SSSD_USER@
+SocketGroup=@SSSD_USER@
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
new file mode 100644
index 0000000..9095da3
--- /dev/null
+++ b/src/sysv/systemd/sssd-ifp.service.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=SSSD IFP Service responder
+Documentation=man:sssd-ifp(5)
+After=sssd.service
+BindsTo=sssd.service
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+Type=dbus
+BusName=org.freedesktop.sssd.infopipe
+ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER}
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
+@ifp_restart@
diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
new file mode 100644
index 0000000..2ea2e08
--- /dev/null
+++ b/src/sysv/systemd/sssd-kcm.service.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=SSSD Kerberos Cache Manager
+Documentation=man:sssd-kcm(5)
+Requires=sssd-kcm.socket
+After=sssd-kcm.socket
+
+[Install]
+Also=sssd-kcm.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+ExecStartPre=-@sbindir@/sssd --genconf-section=kcm
+ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER}
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
diff --git a/src/sysv/systemd/sssd-kcm.socket.in b/src/sysv/systemd/sssd-kcm.socket.in
new file mode 100644
index 0000000..9066add
--- /dev/null
+++ b/src/sysv/systemd/sssd-kcm.socket.in
@@ -0,0 +1,9 @@
+[Unit]
+Description=SSSD Kerberos Cache Manager responder socket
+Documentation=man:sssd-kcm(8)
+
+[Socket]
+ListenStream=@runstatedir@/.heim_org.h5l.kcm-socket
+
+[Install]
+WantedBy=sockets.target
diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in
new file mode 100644
index 0000000..c671280
--- /dev/null
+++ b/src/sysv/systemd/sssd-nss.service.in
@@ -0,0 +1,15 @@
+[Unit]
+Description=SSSD NSS Service responder
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+RefuseManualStart=true
+
+[Install]
+Also=sssd-nss.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStart=@libexecdir@/sssd/sssd_nss ${DEBUG_LOGGER} --socket-activated
+Restart=on-failure
diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in
new file mode 100644
index 0000000..e5d6eda
--- /dev/null
+++ b/src/sysv/systemd/sssd-nss.socket.in
@@ -0,0 +1,15 @@
+[Unit]
+Description=SSSD NSS Service responder socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+Before=sssd-autofs.socket sssd-pac.socket sssd-pam.socket sssd-ssh.socket sssd-sudo.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r nss
+ListenStream=@pipepath@/nss
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in
new file mode 100644
index 0000000..590449b
--- /dev/null
+++ b/src/sysv/systemd/sssd-pac.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSSD PAC Service responder
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+RefuseManualStart=true
+
+[Install]
+Also=sssd-pac.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pac.log
+ExecStart=@libexecdir@/sssd/sssd_pac ${DEBUG_LOGGER} --socket-activated
+Restart=on-failure
+User=@SSSD_USER@
+Group=@SSSD_USER@
+PermissionsStartOnly=true
diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
new file mode 100644
index 0000000..40dec44
--- /dev/null
+++ b/src/sysv/systemd/sssd-pac.socket.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=SSSD PAC Service responder socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pac
+ListenStream=@pipepath@/pac
+SocketUser=@SSSD_USER@
+SocketGroup=@SSSD_USER@
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in
new file mode 100644
index 0000000..27f2cf7
--- /dev/null
+++ b/src/sysv/systemd/sssd-pam-priv.socket.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSSD PAM Service responder private socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+BindsTo=sssd-pam.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pam
+Service=sssd-pam.service
+ListenStream=@pipepath@/private/pam
+SocketUser=root
+SocketGroup=root
+SocketMode=0600
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in
new file mode 100644
index 0000000..f2e9385
--- /dev/null
+++ b/src/sysv/systemd/sssd-pam.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSSD PAM Service responder
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+RefuseManualStart=true
+
+[Install]
+Also=sssd-pam.socket sssd-pam-priv.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pam.log
+ExecStart=@libexecdir@/sssd/sssd_pam ${DEBUG_LOGGER} --socket-activated
+Restart=on-failure
+User=@SSSD_USER@
+Group=@SSSD_USER@
+PermissionsStartOnly=true
diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in
new file mode 100644
index 0000000..cbbb762
--- /dev/null
+++ b/src/sysv/systemd/sssd-pam.socket.in
@@ -0,0 +1,17 @@
+[Unit]
+Description=SSSD PAM Service responder socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+BindsTo=sssd-pam-priv.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pam
+ListenStream=@pipepath@/pam
+SocketUser=root
+SocketGroup=root
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in
new file mode 100644
index 0000000..1c18546
--- /dev/null
+++ b/src/sysv/systemd/sssd-ssh.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSSD SSH Service responder
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+RefuseManualStart=true
+
+[Install]
+Also=sssd-ssh.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_ssh.log
+ExecStart=@libexecdir@/sssd/sssd_ssh ${DEBUG_LOGGER} --socket-activated
+Restart=on-failure
+User=@SSSD_USER@
+Group=@SSSD_USER@
+PermissionsStartOnly=true
diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in
new file mode 100644
index 0000000..4772ef3
--- /dev/null
+++ b/src/sysv/systemd/sssd-ssh.socket.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=SSSD SSH Service responder socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r ssh
+ListenStream=@pipepath@/ssh
+SocketUser=@SSSD_USER@
+SocketGroup=@SSSD_USER@
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in
new file mode 100644
index 0000000..539fd99
--- /dev/null
+++ b/src/sysv/systemd/sssd-sudo.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSSD Sudo Service responder
+Documentation=man:sssd.conf(5) man:sssd-sudo(5)
+After=sssd.service
+BindsTo=sssd.service
+RefuseManualStart=true
+
+[Install]
+Also=sssd-sudo.socket
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log
+ExecStart=@libexecdir@/sssd/sssd_sudo ${DEBUG_LOGGER} --socket-activated
+Restart=on-failure
+User=@SSSD_USER@
+Group=@SSSD_USER@
+PermissionsStartOnly=true
diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
new file mode 100644
index 0000000..e94a2f6
--- /dev/null
+++ b/src/sysv/systemd/sssd-sudo.socket.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=SSSD Sudo Service responder socket
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Socket]
+ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r sudo
+ListenStream=@pipepath@/sudo
+SocketUser=@SSSD_USER@
+SocketMode=0660
+
+[Install]
+WantedBy=sssd.service
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
new file mode 100644
index 0000000..79bba20
--- /dev/null
+++ b/src/sysv/systemd/sssd.service.in
@@ -0,0 +1,21 @@
+[Unit]
+Description=System Security Services Daemon
+# SSSD must be running before we permit user sessions
+Before=systemd-user-sessions.service nss-user-lookup.target
+Wants=nss-user-lookup.target
+StartLimitIntervalSec=50s
+StartLimitBurst=5
+@condconfigexists@
+
+[Service]
+Environment=DEBUG_LOGGER=--logger=files
+EnvironmentFile=-@environment_file@
+ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
+Type=notify
+NotifyAccess=main
+PIDFile=@pidpath@/sssd.pid
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
+Restart=on-abnormal
+
+[Install]
+WantedBy=multi-user.target