#! /bin/sh ### BEGIN INIT INFO # Provides: shibd # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Shibboleth 2 Service Provider Daemon # Description: Starts the separate daemon used by the Shibboleth # Apache module to manage sessions and to retrieve # attributes from Shibboleth Identity Providers. ### END INIT INFO # # Written by Quanah Gibson-Mount # Modified by Lukas Haemmerle for Shibboleth 2 # Based on the dh-make template written by: # # Written by Miquel van Smoorenburg . # Modified for Debian # by Ian Murdock . PATH=/sbin:/bin:/usr/sbin:/usr/bin DESC="Shibboleth 2 daemon" NAME=shibd SHIB_HOME=@-PREFIX-@ SHIBSP_CONFIG=@-PKGSYSCONFDIR-@/shibboleth2.xml LD_LIBRARY_PATH=@-PREFIX-@/lib DAEMON=@-PREFIX-@/sbin/$NAME SCRIPTNAME=/etc/init.d/$NAME PIDFILE=@-PKGRUNDIR-@/$NAME.pid DAEMON_OPTS="" DAEMON_USER=_shibd # Force removal of socket DAEMON_OPTS="$DAEMON_OPTS -f" # Use defined configuration file DAEMON_OPTS="$DAEMON_OPTS -c $SHIBSP_CONFIG" # Specify pid file to use DAEMON_OPTS="$DAEMON_OPTS -p $PIDFILE" # Specify wait time to use DAEMON_OPTS="$DAEMON_OPTS -w 30" # Exit if the package is not installed. [ -x "$DAEMON" ] || exit 0 # Read configuration if it is present. [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Get the setting of VERBOSE and other rcS variables. [ -f /etc/default/rcS ] && . /etc/default/rcS prepare_environment () { # Ensure @-PKGRUNDIR-@ exists. /var/run may be on a tmpfs file system. [ -d '@-PKGRUNDIR-@' ] || mkdir -p '@-PKGRUNDIR-@' # If $DAEMON_USER is set, try to run shibd as that user. However, # versions of the Debian package prior to 2.3+dfsg-1 ran shibd as root, # and the local administrator may not have made the server's private key # readable by $DAEMON_USER. We therefore test first by running shibd -t # and looking for the error code indicating that the private key could not # be read. If we get that error, we fall back on running shibd as root. if [ -n "$DAEMON_USER" ]; then DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null) if [ $? = 0 ] ; then # openssl errstr 200100D (hex for 33558541) says: # error:0200100D:system library:fopen:Permission denied ERROR='ERROR OpenSSL : error code: 33558541 ' if echo "$DIAG" | fgrep -q "$ERROR" ; then unset DAEMON_USER echo "$NAME warning: file permissions require running as root" else chown -Rh "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@' fi else unset DAEMON_USER echo "$NAME error: unable to run config check as user $DAEMON_USER" fi unset DIAG fi } case "$1" in start) prepare_environment # Don't start shibd if NO_START is set. if [ "$NO_START" = 1 ] ; then echo "Not starting $DESC (see /etc/default/$NAME)" exit 0 fi echo -n "Starting $DESC: " start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \ --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet --pidfile $PIDFILE \ --retry TERM/30/KILL/5 --exec $DAEMON echo "$NAME." ;; restart|force-reload) prepare_environment echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --pidfile $PIDFILE \ --exec $DAEMON sleep 1 start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \ --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0