URL: https://github.com/SSSD/sssd/pull/84 Author: fidencio Title: #84: Socket-activation of SSSD responders Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/84/head:pr84 git checkout pr84
From 62fa380c276f820f33628fffc95f3a4f8825d535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 17:21:54 +0100 Subject: [PATCH 01/14] MONITOR: Expose the monitor's services type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's expose the monitor's service type so it can be passed by the services to the RegisterService method. It will be needed in the future, for socket-activation of the responders, as we will need to differentiate the cases where the service being registered is still not in the list of the services but is still a valid case because it was just socket-activated. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 5 ----- src/monitor/monitor_interfaces.h | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 935febb..23b0f79 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -91,11 +91,6 @@ int cmdline_debug_microseconds; struct svc_spy; -enum mt_svc_type { - MT_SVC_SERVICE, - MT_SVC_PROVIDER -}; - struct mt_svc { struct mt_svc *prev; struct mt_svc *next; diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index 8a9e4fe..9004801 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -35,6 +35,11 @@ #define SSSD_SERVICE_PIPE "private/sbus-monitor" +enum mt_svc_type { + MT_SVC_SERVICE, + MT_SVC_PROVIDER +}; + int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); int monitor_common_send_id(struct sbus_connection *conn, const char *name, uint16_t version); From 629895899e861247af6c511d2fb6a4caa0b8b9db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 17:32:10 +0100 Subject: [PATCH 02/14] MONITOR: Pass the service type to the RegisterService method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Passing the service type to the RegisterService method will help us in the future, for socket-activation, as we will need to differentiate cases where the service being registered is still not in the services' list but is a valid case and has to be added there as it was socket-activated. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 2 ++ src/monitor/monitor_interfaces.h | 3 ++- src/monitor/monitor_sbus.c | 6 ++++-- src/providers/data_provider_be.c | 2 +- src/responder/common/responder_common.c | 4 ++-- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 23b0f79..969b854 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -227,6 +227,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) struct mt_svc *svc; DBusError dbus_error; dbus_uint16_t svc_ver; + dbus_uint16_t svc_type; char *svc_name; dbus_bool_t dbret; int ret; @@ -245,6 +246,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) dbret = dbus_message_get_args(dbus_req->message, &dbus_error, DBUS_TYPE_STRING, &svc_name, DBUS_TYPE_UINT16, &svc_ver, + DBUS_TYPE_UINT16, &svc_type, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index 9004801..986bac5 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -42,7 +42,7 @@ enum mt_svc_type { int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); int monitor_common_send_id(struct sbus_connection *conn, - const char *name, uint16_t version); + const char *name, uint16_t version, uint16_t type); int monitor_common_res_init(struct sbus_request *dbus_req, void *data); errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, @@ -50,5 +50,6 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, struct mon_cli_iface *mon_iface, const char *svc_name, uint16_t svc_version, + uint16_t svc_type, void *pvt, struct sbus_connection **mon_conn); diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c index cc25c40..afd82f6 100644 --- a/src/monitor/monitor_sbus.c +++ b/src/monitor/monitor_sbus.c @@ -110,7 +110,7 @@ static void id_callback(DBusPendingCall *pending, void *ptr) } int monitor_common_send_id(struct sbus_connection *conn, - const char *name, uint16_t version) + const char *name, uint16_t version, uint16_t type) { DBusMessage *msg; dbus_bool_t ret; @@ -131,6 +131,7 @@ int monitor_common_send_id(struct sbus_connection *conn, ret = dbus_message_append_args(msg, DBUS_TYPE_STRING, &name, DBUS_TYPE_UINT16, &version, + DBUS_TYPE_UINT16, &type, DBUS_TYPE_INVALID); if (!ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); @@ -162,6 +163,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, struct mon_cli_iface *mon_iface, const char *svc_name, uint16_t svc_version, + uint16_t svc_type, void *pvt, struct sbus_connection **mon_conn) { @@ -191,7 +193,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, } /* Identify ourselves to the monitor */ - ret = monitor_common_send_id(conn, svc_name, svc_version); + ret = monitor_common_send_id(conn, svc_name, svc_version, svc_type); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the monitor!\n"); return ret; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 28787bc..36f96df 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -408,7 +408,7 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, ret = sss_monitor_init(be_ctx, be_ctx->ev, &monitor_be_methods, be_ctx->identity, DATA_PROVIDER_VERSION, - be_ctx, &be_ctx->mon_conn); + MT_SVC_PROVIDER, be_ctx, &be_ctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize monitor connection\n"); goto done; diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 6fbc074..a2d3e79 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1024,8 +1024,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx, } ret = sss_monitor_init(rctx, rctx->ev, monitor_intf, - svc_name, svc_version, rctx, - &rctx->mon_conn); + svc_name, svc_version, MT_SVC_SERVICE, + rctx, &rctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up message bus\n"); goto fail; From b4c5de996e903607f956a24ca82834f2e467675a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 18:01:39 +0100 Subject: [PATCH 03/14] RESPONDER: Make responders' common code ready for socket activation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of simply setting the unix socket during the process initialization, let's make it socket-activatable. It's the first step in order to have socket-activated responders and doesn't introduce any kind of regression with the current code. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/responder/common/responder_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index a2d3e79..86fab67 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1062,7 +1062,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, } /* after all initializations we are ready to listen on our socket */ - ret = set_unix_socket(rctx, conn_setup); + ret = activate_unix_sockets(rctx, conn_setup); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing socket\n"); goto fail; From 58009429c309d70c6685d0939ddd06d8e5ade275 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 18:39:15 +0100 Subject: [PATCH 04/14] AUTOFS: Make AutoFS responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable, let's make the autofs responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 26 ++++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-autofs.service.in | 12 ++++++++++++ src/sysv/systemd/sssd-autofs.socket.in | 9 +++++++++ 4 files changed, 49 insertions(+) create mode 100644 src/sysv/systemd/sssd-autofs.service.in create mode 100644 src/sysv/systemd/sssd-autofs.socket.in diff --git a/Makefile.am b/Makefile.am index e037930..74011cd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3923,6 +3923,12 @@ if HAVE_SYSTEMD_UNIT src/sysv/systemd/sssd-secrets.socket \ src/sysv/systemd/sssd-secrets.service \ $(NULL) +if BUILD_AUTOFS + systemdunit_DATA += \ + src/sysv/systemd/sssd-autofs.socket \ + src/sysv/systemd/sssd-autofs.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3961,6 +3967,7 @@ edit_cmd = $(SED) \ -e 's|@environment_file[@]|$(environment_file)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@libexecdir[@]|$(libexecdir)|g' \ + -e 's|@pipepath[@]|$(pipepath)|g' \ -e 's|@prefix[@]|$(prefix)|g' replace_script = \ @@ -3977,6 +3984,13 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-secrets.service.in \ $(NULL) +if BUILD_AUTOFS +EXTRA_DIST += \ + src/sysv/systemd/sssd-autofs.socket.in \ + src/sysv/systemd/sssd-autofs.service.in \ + $(NULL) +endif + src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) @@ -3993,6 +4007,16 @@ src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +if BUILD_AUTOFS +src/sysv/systemd/sssd-autofs.socket: src/sysv/systemd/sssd-autofs.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4212,6 +4236,8 @@ endif done; rm -Rf ldb_mod_test_dir rm -f $(builddir)/src/sysv/systemd/sssd.service + rm -f $(builddir)/src/sysv/systemd/sssd-autofs.socket + rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 62f3e41..ce57a7a 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -800,6 +800,8 @@ done %{_sbindir}/sssd %if (0%{?use_systemd} == 1) %{_unitdir}/sssd.service +%{_unitdir}/sssd-autofs.socket +%{_unitdir}/sssd-autofs.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in new file mode 100644 index 0000000..473071d --- /dev/null +++ b/src/sysv/systemd/sssd-autofs.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=SSSD AutoFS Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-autofs.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_autofs --uid 0 --gid 0 --debug-to-files diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in new file mode 100644 index 0000000..0b236c9 --- /dev/null +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD AutoFS Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/autofs + +[Install] +WantedBy=sockets.target From ae29dba38aede568c631d5789b4222d2a2f28085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 00:24:25 +0100 Subject: [PATCH 05/14] NSS: Make NSS responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable, let's make the NSS responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 14 ++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-nss.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-nss.socket.in | 9 +++++++++ 4 files changed, 38 insertions(+) create mode 100644 src/sysv/systemd/sssd-nss.service.in create mode 100644 src/sysv/systemd/sssd-nss.socket.in diff --git a/Makefile.am b/Makefile.am index 74011cd..eb7cc69 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3920,6 +3920,8 @@ systemdconf_DATA = if HAVE_SYSTEMD_UNIT systemdunit_DATA += \ src/sysv/systemd/sssd.service \ + src/sysv/systemd/sssd-nss.socket \ + src/sysv/systemd/sssd-nss.service \ src/sysv/systemd/sssd-secrets.socket \ src/sysv/systemd/sssd-secrets.service \ $(NULL) @@ -3980,6 +3982,8 @@ replace_script = \ EXTRA_DIST += \ src/sysv/systemd/sssd.service.in \ src/sysv/systemd/journal.conf.in \ + src/sysv/systemd/sssd-nss.socket.in \ + src/sysv/systemd/sssd-nss.service.in \ src/sysv/systemd/sssd-secrets.socket.in \ src/sysv/systemd/sssd-secrets.service.in \ $(NULL) @@ -3999,6 +4003,14 @@ src/sysv/systemd/journal.conf: src/sysv/systemd/journal.conf.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +src/sysv/systemd/sssd-nss.socket: src/sysv/systemd/sssd-nss.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-nss.service: src/sysv/systemd/sssd-nss.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) @@ -4238,6 +4250,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd.service rm -f $(builddir)/src/sysv/systemd/sssd-autofs.socket rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service + rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket + rm -f $(builddir)/src/sysv/systemd/sssd-nss.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index ce57a7a..baecfdd 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -802,6 +802,8 @@ done %{_unitdir}/sssd.service %{_unitdir}/sssd-autofs.socket %{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-nss.socket +%{_unitdir}/sssd-nss.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in new file mode 100644 index 0000000..3302d0e --- /dev/null +++ b/src/sysv/systemd/sssd-nss.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD NSS Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-nss.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in new file mode 100644 index 0000000..43a84aa --- /dev/null +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD NSS Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/nss + +[Install] +WantedBy=sockets.target From fe0dff328795eab39a2dcac261fd560cf23f93fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 00:36:10 +0100 Subject: [PATCH 06/14] PAC: Make PAC responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make PAC responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 24 ++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-pac.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-pac.socket.in | 9 +++++++++ 4 files changed, 48 insertions(+) create mode 100644 src/sysv/systemd/sssd-pac.service.in create mode 100644 src/sysv/systemd/sssd-pac.socket.in diff --git a/Makefile.am b/Makefile.am index eb7cc69..8acbe70 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3931,6 +3931,12 @@ if BUILD_AUTOFS src/sysv/systemd/sssd-autofs.service \ $(NULL) endif +if BUILD_PAC_RESPONDER + systemdunit_DATA += \ + src/sysv/systemd/sssd-pac.socket \ + src/sysv/systemd/sssd-pac.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3994,6 +4000,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-autofs.service.in \ $(NULL) endif +if BUILD_PAC_RESPONDER +EXTRA_DIST += \ + src/sysv/systemd/sssd-pac.socket.in \ + src/sysv/systemd/sssd-pac.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4029,6 +4041,16 @@ src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Ma $(replace_script) endif +if BUILD_PAC_RESPONDER +src/sysv/systemd/sssd-pac.socket: src/sysv/systemd/sssd-pac.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pac.service: src/sysv/systemd/sssd-pac.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4252,6 +4274,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket rm -f $(builddir)/src/sysv/systemd/sssd-nss.service + rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pac.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index baecfdd..3007252 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -804,6 +804,8 @@ done %{_unitdir}/sssd-autofs.service %{_unitdir}/sssd-nss.socket %{_unitdir}/sssd-nss.service +%{_unitdir}/sssd-pac.socket +%{_unitdir}/sssd-pac.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in new file mode 100644 index 0000000..fb51a93 --- /dev/null +++ b/src/sysv/systemd/sssd-pac.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD PAC Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-pac.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in new file mode 100644 index 0000000..19a6588 --- /dev/null +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD PAC Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/pac + +[Install] +WantedBy=sockets.target From 4589921f64bfc5f0b34514c839ca1b558a5dc7e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 00:53:22 +0100 Subject: [PATCH 07/14] PAM: Make PAM responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make PAM responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 21 +++++++++++++++++++++ contrib/sssd.spec.in | 3 +++ src/sysv/systemd/sssd-pam-priv.socket.in | 9 +++++++++ src/sysv/systemd/sssd-pam.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-pam.socket.in | 9 +++++++++ 5 files changed, 55 insertions(+) create mode 100644 src/sysv/systemd/sssd-pam-priv.socket.in create mode 100644 src/sysv/systemd/sssd-pam.service.in create mode 100644 src/sysv/systemd/sssd-pam.socket.in diff --git a/Makefile.am b/Makefile.am index 8acbe70..8c8443f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3922,6 +3922,9 @@ if HAVE_SYSTEMD_UNIT src/sysv/systemd/sssd.service \ src/sysv/systemd/sssd-nss.socket \ src/sysv/systemd/sssd-nss.service \ + src/sysv/systemd/sssd-pam.socket \ + src/sysv/systemd/sssd-pam-priv.socket \ + src/sysv/systemd/sssd-pam.service \ src/sysv/systemd/sssd-secrets.socket \ src/sysv/systemd/sssd-secrets.service \ $(NULL) @@ -3990,6 +3993,9 @@ EXTRA_DIST += \ src/sysv/systemd/journal.conf.in \ src/sysv/systemd/sssd-nss.socket.in \ src/sysv/systemd/sssd-nss.service.in \ + src/sysv/systemd/sssd-pam.socket.in \ + src/sysv/systemd/sssd-pam-priv.socket.in \ + src/sysv/systemd/sssd-pam.service.in \ src/sysv/systemd/sssd-secrets.socket.in \ src/sysv/systemd/sssd-secrets.service.in \ $(NULL) @@ -4023,6 +4029,18 @@ src/sysv/systemd/sssd-nss.service: src/sysv/systemd/sssd-nss.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +src/sysv/systemd/sssd-pam.socket: src/sysv/systemd/sssd-pam.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pam-priv.socket: src/sysv/systemd/sssd-pam-priv.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pam.service: src/sysv/systemd/sssd-pam.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) @@ -4276,6 +4294,9 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-nss.service rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket rm -f $(builddir)/src/sysv/systemd/sssd-pac.service + rm -f $(builddir)/src/sysv/systemd/sssd-pam.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pam-priv.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pam.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 3007252..37e94da 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -806,6 +806,9 @@ done %{_unitdir}/sssd-nss.service %{_unitdir}/sssd-pac.socket %{_unitdir}/sssd-pac.service +%{_unitdir}/sssd-pam.socket +%{_unitdir}/sssd-pam-priv.socket +%{_unitdir}/sssd-pam.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in new file mode 100644 index 0000000..92cda61 --- /dev/null +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD PAM Service responder private socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/private/pam + +[Install] +WantedBy=sockets.target diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in new file mode 100644 index 0000000..65b7a5a --- /dev/null +++ b/src/sysv/systemd/sssd-pam.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD PAM Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-pam.socket sssd-pam-priv.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in new file mode 100644 index 0000000..590f771 --- /dev/null +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD PAM Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/pam + +[Install] +WantedBy=sockets.target From 45156aa36ba2f5fa3e2c2f48cbab61494660cd52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 01:09:56 +0100 Subject: [PATCH 08/14] SSH: Make SSH responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make SSH responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 24 ++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-ssh.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-ssh.socket.in | 9 +++++++++ 4 files changed, 48 insertions(+) create mode 100644 src/sysv/systemd/sssd-ssh.service.in create mode 100644 src/sysv/systemd/sssd-ssh.socket.in diff --git a/Makefile.am b/Makefile.am index 8c8443f..4e31e81 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3940,6 +3940,12 @@ if BUILD_PAC_RESPONDER src/sysv/systemd/sssd-pac.service \ $(NULL) endif +if BUILD_SSH + systemdunit_DATA += \ + src/sysv/systemd/sssd-ssh.socket \ + src/sysv/systemd/sssd-ssh.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -4012,6 +4018,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-pac.service.in \ $(NULL) endif +if BUILD_SSH +EXTRA_DIST += \ + src/sysv/systemd/sssd-ssh.socket.in \ + src/sysv/systemd/sssd-ssh.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4069,6 +4081,16 @@ src/sysv/systemd/sssd-pac.service: src/sysv/systemd/sssd-pac.service.in Makefile $(replace_script) endif +if BUILD_SSH +src/sysv/systemd/sssd-ssh.socket: src/sysv/systemd/sssd-ssh.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-ssh.service: src/sysv/systemd/sssd-ssh.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4297,6 +4319,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-pam.socket rm -f $(builddir)/src/sysv/systemd/sssd-pam-priv.socket rm -f $(builddir)/src/sysv/systemd/sssd-pam.service + rm -f $(builddir)/src/sysv/systemd/sssd-ssh.socket + rm -f $(builddir)/src/sysv/systemd/sssd-ssh.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 37e94da..95fbd2f 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -809,6 +809,8 @@ done %{_unitdir}/sssd-pam.socket %{_unitdir}/sssd-pam-priv.socket %{_unitdir}/sssd-pam.service +%{_unitdir}/sssd-ssh.socket +%{_unitdir}/sssd-ssh.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in new file mode 100644 index 0000000..21a7e0b --- /dev/null +++ b/src/sysv/systemd/sssd-ssh.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD SSH Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-ssh.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in new file mode 100644 index 0000000..8766ab3 --- /dev/null +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD SSH Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/ssh + +[Install] +WantedBy=sockets.target From 50d1f82db9bcc021b51e691d02cc9424ebd4b440 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 01:03:13 +0100 Subject: [PATCH 09/14] SUDO: Make Sudo responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make Sudo responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 24 ++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-sudo.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-sudo.socket.in | 9 +++++++++ 4 files changed, 48 insertions(+) create mode 100644 src/sysv/systemd/sssd-sudo.service.in create mode 100644 src/sysv/systemd/sssd-sudo.socket.in diff --git a/Makefile.am b/Makefile.am index 4e31e81..a110318 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3946,6 +3946,12 @@ if BUILD_SSH src/sysv/systemd/sssd-ssh.service \ $(NULL) endif +if BUILD_SUDO + systemdunit_DATA += \ + src/sysv/systemd/sssd-sudo.socket \ + src/sysv/systemd/sssd-sudo.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -4024,6 +4030,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-ssh.service.in \ $(NULL) endif +if BUILD_SUDO +EXTRA_DIST += \ + src/sysv/systemd/sssd-sudo.socket.in \ + src/sysv/systemd/sssd-sudo.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4091,6 +4103,16 @@ src/sysv/systemd/sssd-ssh.service: src/sysv/systemd/sssd-ssh.service.in Makefile $(replace_script) endif +if BUILD_SUDO +src/sysv/systemd/sssd-sudo.socket: src/sysv/systemd/sssd-sudo.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-sudo.service: src/sysv/systemd/sssd-sudo.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4321,6 +4343,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-pam.service rm -f $(builddir)/src/sysv/systemd/sssd-ssh.socket rm -f $(builddir)/src/sysv/systemd/sssd-ssh.service + rm -f $(builddir)/src/sysv/systemd/sssd-sudo.socket + rm -f $(builddir)/src/sysv/systemd/sssd-sudo.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 95fbd2f..f963f05 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -811,6 +811,8 @@ done %{_unitdir}/sssd-pam.service %{_unitdir}/sssd-ssh.socket %{_unitdir}/sssd-ssh.service +%{_unitdir}/sssd-sudo.socket +%{_unitdir}/sssd-sudo.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in new file mode 100644 index 0000000..4194699 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD Sudo Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-sudo.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in new file mode 100644 index 0000000..ab755e2 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD Sudo Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/sudo + +[Install] +WantedBy=sockets.target From 1a57ad103c51a3111646382dca5346f3b9566322 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 01:20:14 +0100 Subject: [PATCH 10/14] IFP: Make IFP responder dbus-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable (or, in the IFP case, dbus-activatable), let's make the IFP responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Resolves: https://fedorahosted.org/sssd/ticket/3129 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 44 ++++++++++++++++++++++ configure.ac | 1 - contrib/sssd.spec.in | 1 + .../ifp/org.freedesktop.sssd.infopipe.service.in | 3 +- src/sysv/systemd/sssd-ifp.service.in | 11 ++++++ 5 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 src/sysv/systemd/sssd-ifp.service.in diff --git a/Makefile.am b/Makefile.am index a110318..512d59b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -88,6 +88,14 @@ polkitdir = @polkitdir@ pamconfdir = $(sysconfdir)/pam.d systemtap_tapdir = @tapset_dir@ +if HAVE_SYSTEMD_UNIT +ifp_exec = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --debug-to-files +ifp_systemdservice = SystemdService=sssd-ifp.service +else +ifp_exec = $(sssdlibexecdir)/sss_signal +ifp_systemdservice = +endif + secdbpath = @secdbpath@ UNICODE_LIBS=@UNICODE_LIBS@ @@ -1392,6 +1400,24 @@ if BUILD_CONFIG_LIB sssd_ifp_LDADD += libsss_config.la endif +EXTRA_DIST += \ + src/responder/ifp/org.freedesktop.sssd.infopipe.service.in \ + $(NULL) + +ifp_edit_cmd = $(SED) \ + -e 's|@ifp_exec[@]|$(ifp_exec)|g' \ + -e 's|@ifp_systemdservice[@]|$(ifp_systemdservice)|g' + +ifp_replace_script = \ + @rm -f $@ $@.tmp; \ + srcdir=''; \ + test -f ./$@.in || srcdir=$(srcdir)/; \ + $(ifp_edit_cmd) $${srcdir}$@.in >$@.tmp; \ + mv $@.tmp $@ + +src/responder/ifp/org.freedesktop.sssd.infopipe.service: src/responder/ifp/org.freedesktop.sssd.infopipe.service.in Makefile + $(ifp_replace_script) + endif if BUILD_SECRETS @@ -3934,6 +3960,11 @@ if BUILD_AUTOFS src/sysv/systemd/sssd-autofs.service \ $(NULL) endif +if BUILD_IFP + systemdunit_DATA += \ + src/sysv/systemd/sssd-ifp.service \ + $(NULL) +endif if BUILD_PAC_RESPONDER systemdunit_DATA += \ src/sysv/systemd/sssd-pac.socket \ @@ -4018,6 +4049,11 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-autofs.service.in \ $(NULL) endif +if BUILD_IFP +EXTRA_DIST += \ + src/sysv/systemd/sssd-ifp.service.in \ + $(NULL) +endif if BUILD_PAC_RESPONDER EXTRA_DIST += \ src/sysv/systemd/sssd-pac.socket.in \ @@ -4083,6 +4119,12 @@ src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Ma $(replace_script) endif +if BUILD_IFP +src/sysv/systemd/sssd-ifp.service: src/sysv/systemd/sssd-ifp.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(ifp_replace_script) +endif + if BUILD_PAC_RESPONDER src/sysv/systemd/sssd-pac.socket: src/sysv/systemd/sssd-pac.socket.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4331,9 +4373,11 @@ endif rm -Rf $$doc; \ done; rm -Rf ldb_mod_test_dir + rm -f $(builddir)/src/responder/ifp/org.freedesktop.sssd.infopipe.service rm -f $(builddir)/src/sysv/systemd/sssd.service rm -f $(builddir)/src/sysv/systemd/sssd-autofs.socket rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service + rm -f $(builddir)/src/sysv/systemd/sssd-ifp.service rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket rm -f $(builddir)/src/sysv/systemd/sssd-nss.service rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket diff --git a/configure.ac b/configure.ac index d3ef1e1..fd28eb7 100644 --- a/configure.ac +++ b/configure.ac @@ -477,7 +477,6 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config src/lib/sifp/sss_simpleifp.pc src/lib/sifp/sss_simpleifp.doxy src/config/setup.py - src/responder/ifp/org.freedesktop.sssd.infopipe.service src/systemtap/sssd.stp src/config/SSSDConfig/__init__.py]) AC_OUTPUT diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index f963f05..fce4158 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -802,6 +802,7 @@ done %{_unitdir}/sssd.service %{_unitdir}/sssd-autofs.socket %{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-ifp.service %{_unitdir}/sssd-nss.socket %{_unitdir}/sssd-nss.service %{_unitdir}/sssd-pac.socket diff --git a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in index 7820866..e3affe7 100644 --- a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in +++ b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in @@ -1,4 +1,5 @@ [D-BUS Service] Name=org.freedesktop.sssd.infopipe -Exec=@libexecdir@/sssd/sss_signal +Exec=@ifp_exec@ User=root +@ifp_systemdservice@ diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in new file mode 100644 index 0000000..e845099 --- /dev/null +++ b/src/sysv/systemd/sssd-ifp.service.in @@ -0,0 +1,11 @@ +[Unit] +Description=SSSD IFP Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Service] +Type=dbus +BusName=org.freedesktop.sssd.infopipe +ExecStart=@ifp_exec@ From 5a3a3e2ea80c979f8e872e70c8ddfe60c1e24f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 16:24:38 +0100 Subject: [PATCH 11/14] MONITOR: Split up check_services() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's split up check_services() function and create a check_service() function, that receives a single service name as parameter and checks whether the service is a known service or not. This new function will be used in order to check the socket activated services. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 969b854..46809d2 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -778,21 +778,28 @@ static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx return ret; } -static char *check_services(char **services) +static char *check_service(char *service) { const char * const *known_services = get_known_services(); - int i; - int ii; - /* Check if services we are about to start are in the list if known */ - for (i = 0; services[i]; i++) { - for (ii=0; known_services[ii]; ii++) { - if (strcasecmp(services[i], known_services[ii]) == 0) { - break; - } + for (int i = 0; known_services[i] != NULL; i++) { + if (strcasecmp(service, known_services[i]) == 0) { + break; } - if (known_services[ii] == NULL) { + if (known_services[i] == NULL) { + return service; + } + } + + return NULL; +} + +static char *check_services(char **services) +{ + /* Check if services we are about to start are in the list if known */ + for (int i = 0; services[i]; i++) { + if (check_service(services[i]) != NULL) { return services[i]; } } From 610f91f8dc5d9bdc2ea96338b61185d255af5260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Sat, 19 Nov 2016 13:52:26 +0100 Subject: [PATCH 12/14] MONITOR: Deal with no services set up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When SSSD deals with socket-activation properly, the services' line in the SSSD's config file may not be present anymore in case the admin doesn't want any service to be explicitelly activavte during SSSD's startup. Taking this into consideration, let's make SSSD ready to deal with an empty list of services in platforms were systemd is present. Explanation Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 46809d2..e033778 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -423,12 +423,14 @@ static int mark_service_as_started(struct mt_svc *svc) goto done; } - ctx->services_started = true; + if (ctx->services != NULL) { + ctx->services_started = true; - DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n"); - /* then start all services */ - for (i = 0; ctx->services[i]; i++) { - add_new_service(ctx, ctx->services[i], 0); + DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n"); + /* then start all services */ + for (i = 0; ctx->services[i]; i++) { + add_new_service(ctx, ctx->services[i], 0); + } } } @@ -471,6 +473,10 @@ static void services_startup_timeout(struct tevent_context *ev, struct mt_ctx *ctx = talloc_get_type(ptr, struct mt_ctx); int i; + if (ctx->services == NULL) { + return; + } + DEBUG(SSSDBG_TRACE_FUNC, "Handling timeout\n"); if (!ctx->services_started) { @@ -797,6 +803,10 @@ static char *check_service(char *service) static char *check_services(char **services) { + if (services == NULL) { + return NULL; + } + /* Check if services we are about to start are in the list if known */ for (int i = 0; services[i]; i++) { if (check_service(services[i]) != NULL) { @@ -871,8 +881,11 @@ static int get_monitor_config(struct mt_ctx *ctx) ctx->started_services = 0; ctx->num_services = 0; - for (i = 0; ctx->services[i] != NULL; i++) { - ctx->num_services++; + + if (ctx->services != NULL) { + for (i = 0; ctx->services[i] != NULL; i++) { + ctx->num_services++; + } } ret = get_service_user(ctx); @@ -2220,7 +2233,7 @@ static int monitor_process_init(struct mt_ctx *ctx, if (ret != EOK) { return ret; } - } else { + } else if (ctx->services != NULL) { int i; ctx->services_started = true; From d5df9543646651267f5452c56ccd00a11f5e525d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Sat, 19 Nov 2016 13:56:42 +0100 Subject: [PATCH 13/14] MONITOR: Deal with socket-activated responders MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable, let's make the monitor able to deal with this situation. When a responder is socket-activated the monitor has to: - Mark the service as started; - Increase the services' counter; - Get the responders' configuration; - Set the service's restart number; - Add the service to the services' list. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 73 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index e033778..91a1aaf 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -180,7 +180,10 @@ static int add_new_provider(struct mt_ctx *ctx, const char *name, int restarts); -static int mark_service_as_started(struct mt_svc *svc); +static char *check_service(char *service); + +static int mark_service_as_started(struct mt_svc *svc, + bool explicitly_configured); static int monitor_cleanup(void); @@ -231,6 +234,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) char *svc_name; dbus_bool_t dbret; int ret; + bool explicitly_configured = true; mini = talloc_get_type(data, struct mon_init_conn); if (!mini) { @@ -271,19 +275,54 @@ static int client_registration(struct sbus_request *dbus_req, void *data) svc = svc->next; } if (!svc) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to find peer [%s] in list of services," +#ifdef HAVE_SYSTEMD + if (svc_type == MT_SVC_PROVIDER) +#endif + { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to find peer [%s] in list of services," " killing connection!\n", svc_name); - sbus_disconnect(dbus_req->conn); - sbus_request_finish(dbus_req, NULL); - /* FIXME: should we just talloc_zfree(conn) ? */ - goto done; + sbus_disconnect(dbus_req->conn); + sbus_request_finish(dbus_req, NULL); + /* FIXME: should we just talloc_zfree(conn) ? */ + goto done; + } + +#ifdef HAVE_SYSTEMD + /* + * MT_SVC_SERVICE + * As the service wasn't part of the services' list, it basically + * means that the service has been socket activated and has to be + * configured and added to the list. + */ + if (check_service(svc_name) != NULL) { + ret = EINVAL; + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid service %s\n", svc_name); + goto done; + } + + mini->ctx->services_started = true; + mini->ctx->num_services++; + + ret = get_service_config(mini->ctx, svc_name, &svc); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to get the configuration for the service: %s\n", + svc_name); + goto done; + } + svc->restarts = 0; + + DLIST_ADD(mini->ctx->svc_list, svc); + + explicitly_configured = false; +#endif } /* Fill in svc structure with connection data */ svc->conn = mini->conn; - ret = mark_service_as_started(svc); + ret = mark_service_as_started(svc, explicitly_configured); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to mark service [%s]!\n", svc_name); goto done; @@ -388,7 +427,8 @@ static void svc_child_info(struct mt_svc *svc, int wait_status) } } -static int mark_service_as_started(struct mt_svc *svc) +static int mark_service_as_started(struct mt_svc *svc, + bool explicitly_configured) { struct mt_ctx *ctx = svc->mt_ctx; struct mt_svc *iter; @@ -439,6 +479,12 @@ static int mark_service_as_started(struct mt_svc *svc) } if (ctx->started_services == ctx->num_services) { + if (!explicitly_configured) { + /* There's no reason for trying to terminate the parent process + * when the responder was socket-activated. */ + goto done; + } + /* Initialization is complete, terminate parent process if in daemon * mode. Make sure we send the signal to the right process */ if (ctx->is_daemon) { @@ -862,8 +908,13 @@ static int get_monitor_config(struct mt_ctx *ctx) CONFDB_MONITOR_ACTIVE_SERVICES, &ctx->services); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n"); - return EINVAL; +#ifdef HAVE_SYSTEMD + if (ret != ENOENT) +#endif + { + DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n"); + return EINVAL; + } } ret = add_implicit_services(ctx->cdb, ctx, &ctx->services); From 07434df0ee326d2668fe8ee3f5927103fd72bc51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 21 Nov 2016 15:48:52 +0100 Subject: [PATCH 14/14] MAN: Mention that the services' list is optional MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For platforms where systemd is supported, after making the responders socket-activatable, the services' list is completely optional. So, let's mention that in the manual page for sssd.conf. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/man/Makefile.am | 5 ++++- src/man/sssd.conf.5.xml | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/man/Makefile.am b/src/man/Makefile.am index 5e41d3a..49058bc 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -32,7 +32,10 @@ GPO_CONDS = ;gpo_default_enforcing else GPO_CONDS = ;gpo_default_permissive endif -CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SEC_CONDS) +if HAVE_SYSTEMD_UNIT +SYSTEMD_CONDS = ;have_systemd +endif +CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SEC_CONDS)$(SYSTEMD_CONDS) #Special Rules: diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 71ace52..5b34f6c 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -202,6 +202,9 @@ <para> Comma separated list of services that are started when sssd itself starts. + <phrase condition="have_systemd">The list + of services is optional for SSSD 1.15.0 or + later.</phrase> </para> <para> Supported services: nss, pam
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
