rpms / sssd

Clone
Source Code
GIT

Files

  1.   b2d4308a8adc2267c8080d4de4152b068f20ec5f
  2.   SOURCES
  3.   0111-BUILD-Ship-systemd-service-file-for-sssd-secrets.patch
Blob Blame History Raw 
From d0b2cd8d161e7fc6e6c96f51342c88e6572eb1da Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 15 Aug 2016 14:10:23 +0200
Subject: [PATCH 111/111] BUILD: Ship systemd service file for sssd-secrets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds two new files: sssd-secrets.socket and sssd-secrets.service. These
can be used to socket-acticate the secrets responder even without
explicitly starting it in the sssd config file.

The specfile activates the socket after installation which means that
the admin would just be able to use the secrets socket and the
sssd_secrets responder would be started automatically by systemd.

The sssd-secrets responder is started as root, mostly because I didn't
think of an easy way to pass the uid/gid to the responders without
asking about the sssd user identity in the first place. But nonetheless,
the sssd-secrets responder wasn't tested as non-root and at least the
initialization should be performed as root for the time being.

Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 Makefile.am                              | 21 +++++++++++++++++++--
 contrib/sssd.spec.in                     |  6 ++++++
 src/sysv/systemd/sssd-secrets.service.in |  8 ++++++++
 src/sysv/systemd/sssd-secrets.socket.in  |  8 ++++++++
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 src/sysv/systemd/sssd-secrets.service.in
 create mode 100644 src/sysv/systemd/sssd-secrets.socket.in

diff --git a/Makefile.am b/Makefile.am
index a32a1e37c85e2370fa006ee73b730145f03c3fc1..6ab4399d5b68644668198bc9b0e3056562a4e51a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3888,7 +3888,10 @@ systemdunit_DATA =
 systemdconf_DATA =
 if HAVE_SYSTEMD_UNIT
     systemdunit_DATA += \
-        src/sysv/systemd/sssd.service
+        src/sysv/systemd/sssd.service \
+        src/sysv/systemd/sssd-secrets.socket \
+        src/sysv/systemd/sssd-secrets.service \
+        $(NULL)
 if WITH_JOURNALD
     systemdconf_DATA += \
         src/sysv/systemd/journal.conf
@@ -3926,6 +3929,7 @@ edit_cmd = $(SED) \
         -e 's|@sbindir[@]|$(sbindir)|g' \
         -e 's|@environment_file[@]|$(environment_file)|g' \
         -e 's|@localstatedir[@]|$(localstatedir)|g' \
+        -e 's|@libexecdir[@]|$(libexecdir)|g' \
         -e 's|@prefix[@]|$(prefix)|g'
 
 replace_script = \
@@ -3937,7 +3941,10 @@ replace_script = \
 
 EXTRA_DIST += \
     src/sysv/systemd/sssd.service.in \
-    src/sysv/systemd/journal.conf.in
+    src/sysv/systemd/journal.conf.in \
+    src/sysv/systemd/sssd-secrets.socket.in \
+    src/sysv/systemd/sssd-secrets.service.in \
+    $(NULL)
 
 src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile
 	@$(MKDIR_P) src/sysv/systemd/
@@ -3947,6 +3954,14 @@ src/sysv/systemd/journal.conf: src/sysv/systemd/journal.conf.in Makefile
 	@$(MKDIR_P) src/sysv/systemd/
 	$(replace_script)
 
+src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile
+	@$(MKDIR_P) src/sysv/systemd/
+	$(replace_script)
+
+src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in Makefile
+	@$(MKDIR_P) src/sysv/systemd/
+	$(replace_script)
+
 SSSD_USER_DIRS = \
     $(DESTDIR)$(dbpath) \
     $(DESTDIR)$(keytabdir) \
@@ -4162,6 +4177,8 @@ endif
 	done;
 	rm -Rf ldb_mod_test_dir
 	rm -f $(builddir)/src/sysv/systemd/sssd.service
+	rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket
+	rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service
 	rm -f $(builddir)/src/sysv/systemd/journal.conf
 
 CLEANFILES += *.X */*.X */*/*.X
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 14f0cb27ac8f1acc3aa0786da576be33b727e024..f1ff16176cb8ca974b98948958cfa1e9290b0bca 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -737,6 +737,8 @@ done
 %{_sbindir}/sssd
 %if (0%{?use_systemd} == 1)
 %{_unitdir}/sssd.service
+%{_unitdir}/sssd-secrets.socket
+%{_unitdir}/sssd-secrets.service
 %else
 %{_initrddir}/%{name}
 %endif
@@ -1069,12 +1071,16 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
 # systemd
 %post common
 %systemd_post sssd.service
+%systemd_post sssd-secrets.socket
 
 %preun common
 %systemd_preun sssd.service
+%systemd_preun sssd-secrets.socket
 
 %postun common
 %systemd_postun_with_restart sssd.service
+%systemd_postun_with_restart sssd-secrets.socket
+%systemd_postun_with_restart sssd-secrets.service
 
 %else
 # sysv
diff --git a/src/sysv/systemd/sssd-secrets.service.in b/src/sysv/systemd/sssd-secrets.service.in
new file mode 100644
index 0000000000000000000000000000000000000000..119c9bb4b37b672159db707aa11a6d11215f29bf
--- /dev/null
+++ b/src/sysv/systemd/sssd-secrets.service.in
@@ -0,0 +1,8 @@
+[Unit]
+Description=SSSD Secrets Service responder
+
+[Install]
+Also=sssd-secrets.socket
+
+[Service]
+ExecStart=@libexecdir@/sssd/sssd_secrets --uid 0 --gid 0 --debug-to-files
diff --git a/src/sysv/systemd/sssd-secrets.socket.in b/src/sysv/systemd/sssd-secrets.socket.in
new file mode 100644
index 0000000000000000000000000000000000000000..682e8f6e0fa58092a90259523f9f2f59e0131435
--- /dev/null
+++ b/src/sysv/systemd/sssd-secrets.socket.in
@@ -0,0 +1,8 @@
+[Unit]
+Description=SSSD Secrets Service responder socket
+
+[Socket]
+ListenStream=@localstatedir@/run/secrets.socket
+
+[Install]
+WantedBy=sockets.target
-- 
2.4.11

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation