diff options
| author | Fabiano Fidêncio <fidencio@redhat.com> | 2016-11-17 00:36:10 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-01-23 18:46:37 +0100 |
| commit | e4093605339062548364d338c811431673bdfe25 (patch) | |
| tree | 723e4a68a211ca87887a72b54083d8970c6b6c46 | |
| parent | 40e9ad2bf250cc3bfcdec7fb96031e2771160f69 (diff) | |
| download | sssd-e4093605339062548364d338c811431673bdfe25.tar.gz sssd-e4093605339062548364d338c811431673bdfe25.tar.xz sssd-e4093605339062548364d338c811431673bdfe25.zip | |
PAC: Make PAC responder socket-activatable
As part of the effort of making all responder socket-activatable, let's
make PAC responder ready for this by providing its systemd's units.
In case the administrators want to use PAC responder taking advantage
of socket-activation they will need to enable sssd-pac.socket and after
a restart of the sssd service, the PAC socket will be ready waiting for
any activity in order to start the PAC responder. Also, the PAC
responder must be removed from the services line on sssd.conf.
The PAC responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
| -rw-r--r-- | Makefile.am | 24 | ||||
| -rw-r--r-- | contrib/sssd.spec.in | 6 | ||||
| -rw-r--r-- | src/responder/pac/pacsrv.c | 1 | ||||
| -rw-r--r-- | src/sysv/systemd/sssd-pac.service.in | 16 | ||||
| -rw-r--r-- | src/sysv/systemd/sssd-pac.socket.in | 12 |
5 files changed, 59 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index b2bc2d531..fd6f2fa86 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3947,6 +3947,12 @@ if BUILD_AUTOFS src/sysv/systemd/sssd-autofs.service \ $(NULL) endif +if BUILD_PAC_RESPONDER + systemdunit_DATA += \ + src/sysv/systemd/sssd-pac.socket \ + src/sysv/systemd/sssd-pac.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -4012,6 +4018,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-autofs.service.in \ $(NULL) endif +if BUILD_PAC_RESPONDER +EXTRA_DIST += \ + src/sysv/systemd/sssd-pac.socket.in \ + src/sysv/systemd/sssd-pac.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4047,6 +4059,16 @@ src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Ma $(replace_script) endif +if BUILD_PAC_RESPONDER +src/sysv/systemd/sssd-pac.socket: src/sysv/systemd/sssd-pac.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pac.service: src/sysv/systemd/sssd-pac.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4270,6 +4292,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket rm -f $(builddir)/src/sysv/systemd/sssd-nss.service + rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pac.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 519246b43..965f383a5 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -803,6 +803,8 @@ done %{_unitdir}/sssd-autofs.service %{_unitdir}/sssd-nss.socket %{_unitdir}/sssd-nss.service +%{_unitdir}/sssd-pac.socket +%{_unitdir}/sssd-pac.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else @@ -1139,12 +1141,14 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %systemd_post sssd.service %systemd_post sssd-autofs.socket %systemd_post sssd-nss.socket +%systemd_post sssd-pac.socket %systemd_post sssd-secrets.socket %preun common %systemd_preun sssd.service %systemd_preun sssd-autofs.socket %systemd_preun sssd-nss.socket +%systemd_preun sssd-pac.socket %systemd_preun sssd-secrets.socket %postun common @@ -1153,6 +1157,8 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %systemd_postun_with_restart sssd-autofs.service %systemd_postun_with_restart sssd-nss.socket %systemd_postun_with_restart sssd-nss.service +%systemd_postun_with_restart sssd-pac.socket +%systemd_postun_with_restart sssd-pac.service %systemd_postun_with_restart sssd-secrets.socket %systemd_postun_with_restart sssd-secrets.service diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 5eeb8ebe4..1f820c07f 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -218,6 +218,7 @@ int main(int argc, const char *argv[]) POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_SERVER_OPTS(uid, gid) + SSSD_RESPONDER_OPTS POPT_TABLEEND }; diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in new file mode 100644 index 000000000..a921c74cf --- /dev/null +++ b/src/sysv/systemd/sssd-pac.service.in @@ -0,0 +1,16 @@ +[Unit] +Description=SSSD PAC Service responder +Documentation=man:sssd.conf(5) +After=sssd.service +BindsTo=sssd.service + +[Install] +Also=sssd-pac.socket + +[Service] +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pac.log +ExecStart=@libexecdir@/sssd/sssd_pac --debug-to-files --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in new file mode 100644 index 000000000..cb1bd68fa --- /dev/null +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -0,0 +1,12 @@ +[Unit] +Description=SSSD PAC Service responder socket +Documentation=man:sssd.conf(5) +BindsTo=sssd.service + +[Socket] +ListenStream=@pipepath@/pac +SocketUser=@SSSD_USER@ +SocketGroup=@SSSD_USER@ + +[Install] +WantedBy=sssd.service |