4 # Required-Start: $local_fs $remote_fs $network
5 # Required-Stop: $local_fs $remote_fs $network
6 # Default-Start: 2 3 4 5
8 # Short-Description: Shibboleth 2 Service Provider Daemon
9 # Description: Starts the separate daemon used by the Shibboleth
10 # Apache module to manage sessions and to retrieve
11 # attributes from Shibboleth Identity Providers.
14 # Written by Quanah Gibson-Mount <quanah@stanford.edu>
15 # Modified by Lukas Haemmerle <lukas.haemmerle@switch.ch> for Shibboleth 2
16 # Based on the dh-make template written by:
18 # Written by Miquel van Smoorenburg <miquels@cistron.nl>.
20 # by Ian Murdock <imurdock@gnu.ai.mit.edu>.
22 PATH=/sbin:/bin:/usr/sbin:/usr/bin
23 DESC="Shibboleth 2 daemon"
26 SHIBSP_CONFIG=@-PKGSYSCONFDIR-@/shibboleth2.xml
27 LD_LIBRARY_PATH=@-PREFIX-@/lib
28 DAEMON=@-PREFIX-@/sbin/$NAME
29 SCRIPTNAME=/etc/init.d/$NAME
30 PIDFILE=@-PKGRUNDIR-@/$NAME.pid
34 # Force removal of socket
35 DAEMON_OPTS="$DAEMON_OPTS -f"
37 # Use defined configuration file
38 DAEMON_OPTS="$DAEMON_OPTS -c $SHIBSP_CONFIG"
40 # Specify pid file to use
41 DAEMON_OPTS="$DAEMON_OPTS -p $PIDFILE"
43 # Specify wait time to use
44 DAEMON_OPTS="$DAEMON_OPTS -w 30"
46 # Exit if the package is not installed.
47 [ -x "$DAEMON" ] || exit 0
49 # Read configuration if it is present.
50 [ -r /etc/default/$NAME ] && . /etc/default/$NAME
52 # Get the setting of VERBOSE and other rcS variables.
53 [ -f /etc/default/rcS ] && . /etc/default/rcS
55 prepare_environment () {
56 # Ensure @-PKGRUNDIR-@ exists. /var/run may be on a tmpfs file system.
57 [ -d '@-PKGRUNDIR-@' ] || mkdir -p '@-PKGRUNDIR-@'
59 # If $DAEMON_USER is set, try to run shibd as that user. However,
60 # versions of the Debian package prior to 2.3+dfsg-1 ran shibd as root,
61 # and the local administrator may not have made the server's private key
62 # readable by $DAEMON_USER. We therefore test first by running shibd -t
63 # and looking for the error code indicating that the private key could not
64 # be read. If we get that error, we fall back on running shibd as root.
65 if [ -n "$DAEMON_USER" ]; then
66 DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null)
68 # openssl errstr 200100D (hex for 33558541) says:
69 # error:0200100D:system library:fopen:Permission denied
70 ERROR='ERROR OpenSSL : error code: 33558541 '
71 if echo "$DIAG" | fgrep -q "$ERROR" ; then
73 echo "$NAME warning: file permissions require running as root"
75 chown -Rh "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@'
79 echo "$NAME error: unable to run config check as user $DAEMON_USER"
89 # Don't start shibd if NO_START is set.
90 if [ "$NO_START" = 1 ] ; then
91 echo "Not starting $DESC (see /etc/default/$NAME)"
94 echo -n "Starting $DESC: "
95 start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
96 --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
100 echo -n "Stopping $DESC: "
101 start-stop-daemon --stop --quiet --pidfile $PIDFILE \
105 restart|force-reload)
108 echo -n "Restarting $DESC: "
109 start-stop-daemon --stop --quiet --pidfile $PIDFILE \
112 start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
113 --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
117 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2