/etc/init.d/shibd is in shibboleth-sp2-utils 2.6.0+dfsg1-4+deb9u1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 | #! /bin/sh
### BEGIN INIT INFO
# Provides: shibd
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Shibboleth 2 Service Provider Daemon
# Description: Starts the separate daemon used by the Shibboleth
# Apache module to manage sessions and to retrieve
# attributes from Shibboleth Identity Providers.
### END INIT INFO
#
# Written by Quanah Gibson-Mount <quanah@stanford.edu>
# Modified by Lukas Haemmerle <lukas.haemmerle@switch.ch> for Shibboleth 2
# Updated to use the LSB init functions by Russ Allbery <rra@debian.org>
#
# Based on the dh-make template written by:
#
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
# Modified for Debian
# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="Shibboleth 2 daemon"
NAME=shibd
SHIB_HOME=/usr
SHIBSP_CONFIG=/etc/shibboleth/shibboleth2.xml
SHIBD_WAIT=30
LD_LIBRARY_PATH=/usr/lib
DAEMON=/usr/sbin/$NAME
SCRIPTNAME=/etc/init.d/$NAME
PIDFILE=/var/run/shibboleth/$NAME.pid
DAEMON_OPTS=""
DAEMON_USER=_shibd
# Read configuration if it is present.
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Force removal of socket
DAEMON_OPTS="$DAEMON_OPTS -f"
# Use defined configuration file
DAEMON_OPTS="$DAEMON_OPTS -c $SHIBSP_CONFIG"
# Specify pid file to use
DAEMON_OPTS="$DAEMON_OPTS -p $PIDFILE"
# Specify wait time to use
DAEMON_OPTS="$DAEMON_OPTS -w $SHIBD_WAIT"
# Exit if the package is not installed.
[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
. /lib/lsb/init-functions
prepare_environment () {
# Ensure /var/run/shibboleth exists. /var/run may be on a tmpfs file system.
[ -d '/var/run/shibboleth' ] || mkdir -p '/var/run/shibboleth'
# If $DAEMON_USER is set, try to run shibd as that user. However,
# versions of the Debian package prior to 2.3+dfsg-1 ran shibd as root,
# and the local administrator may not have made the server's private key
# readable by $DAEMON_USER. We therefore test first by running shibd -t
# and looking for the error code indicating that the private key could not
# be read. If we get that error, we fall back on running shibd as root.
if [ -n "$DAEMON_USER" ]; then
DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null)
if [ $? = 0 ] ; then
# openssl errstr 200100D (hex for 33558541) says:
# error:0200100D:system library:fopen:Permission denied
ERROR='ERROR OpenSSL : error code: 33558541 '
if echo "$DIAG" | fgrep -q "$ERROR" ; then
unset DAEMON_USER
log_warning_msg "$NAME: file permissions require running as" \
"root"
else
chown -Rh "$DAEMON_USER" '/var/run/shibboleth' '/var/log/shibboleth'
fi
else
unset DAEMON_USER
log_warning_msg "$NAME: unable to run config check as user" \
"$DAEMON_USER"
fi
unset DIAG
fi
}
# Start shibd.
do_start () {
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
--pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
--pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS \
|| return 2
}
# Stop shibd.
do_stop () {
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --name $NAME
RETVAL="$?"
return "$RETVAL"
}
case "$1" in
start)
prepare_environment
# Don't start shibd if NO_START is set.
if [ "$NO_START" = 1 ] ; then
if [ "$VERBOSE" != no ] ; then
echo "Not starting $DESC (see /etc/default/$NAME)"
fi
exit 0
fi
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart|force-reload)
prepare_environment
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
status)
status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $?
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
|