This file is indexed.

/etc/init.d/shibd is in shibboleth-sp2-utils 2.6.1+dfsg1-2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#! /bin/sh
### BEGIN INIT INFO
# Provides:             shibd
# Required-Start:       $local_fs $remote_fs $network
# Required-Stop:        $local_fs $remote_fs
# Default-Start:        2 3 4 5
# Default-Stop:
# Short-Description:    Shibboleth 2 Service Provider Daemon
# Description:          Starts the separate daemon used by the Shibboleth
#                       Apache module to manage sessions and to retrieve
#                       attributes from Shibboleth Identity Providers.
### END INIT INFO
#
# Written by Quanah Gibson-Mount <quanah@stanford.edu>
# Modified by Lukas Haemmerle <lukas.haemmerle@switch.ch> for Shibboleth 2
# Updated to use the LSB init functions by Russ Allbery <rra@debian.org>
#
# Based on the dh-make template written by:
#
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
# Modified for Debian
# by Ian Murdock <imurdock@gnu.ai.mit.edu>.

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="Shibboleth 2 daemon"
NAME=shibd
SHIB_HOME=/usr
SHIBSP_CONFIG=/etc/shibboleth/shibboleth2.xml
SHIBD_WAIT=30
LD_LIBRARY_PATH=/usr/lib
DAEMON=/usr/sbin/$NAME
SCRIPTNAME=/etc/init.d/$NAME
PIDFILE=/var/run/shibboleth/$NAME.pid
DAEMON_OPTS=""
DAEMON_USER=_shibd

# Read configuration if it is present.
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Force removal of socket
DAEMON_OPTS="$DAEMON_OPTS -f"

# Use defined configuration file
DAEMON_OPTS="$DAEMON_OPTS -c $SHIBSP_CONFIG"

# Specify pid file to use
DAEMON_OPTS="$DAEMON_OPTS -p $PIDFILE"

# Specify wait time to use
DAEMON_OPTS="$DAEMON_OPTS -w $SHIBD_WAIT"

# Exit if the package is not installed.
[ -x "$DAEMON" ] || exit 0

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
. /lib/lsb/init-functions

prepare_environment () {
    # Ensure /var/run/shibboleth exists.  /var/run may be on a tmpfs file system.
    [ -d '/var/run/shibboleth' ] || mkdir -p '/var/run/shibboleth'

    # If $DAEMON_USER is set, try to run shibd as that user.  However,
    # versions of the Debian package prior to 2.3+dfsg-1 ran shibd as root,
    # and the local administrator may not have made the server's private key
    # readable by $DAEMON_USER.  We therefore test first by running shibd -t
    # and looking for the error code indicating that the private key could not
    # be read.  If we get that error, we fall back on running shibd as root.
    if [ -n "$DAEMON_USER" ]; then
        DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null)
        if [ $? = 0 ] ; then
            # openssl errstr 200100D (hex for 33558541) says:
            # error:0200100D:system library:fopen:Permission denied
            ERROR='ERROR OpenSSL : error code: 33558541 '
            if echo "$DIAG" | fgrep -q "$ERROR" ; then
                unset DAEMON_USER
                log_warning_msg "$NAME: file permissions require running as" \
                    "root"
            else
                chown -Rh "$DAEMON_USER" '/var/run/shibboleth' '/var/log/shibboleth'
            fi
        else
            unset DAEMON_USER
            log_warning_msg "$NAME: unable to run config check as user" \
                "$DAEMON_USER"
        fi
        unset DIAG
    fi
}

# Start shibd.
do_start () {
    # Return
    #   0 if daemon has been started
    #   1 if daemon was already running
    #   2 if daemon could not be started
    start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
        --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
        || return 1
    start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
        --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS \
        || return 2
}

# Stop shibd.
do_stop () {
    # Return
    #   0 if daemon has been stopped
    #   1 if daemon was already stopped
    #   2 if daemon could not be stopped
    #   other if a failure occurred
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
        --pidfile $PIDFILE --name $NAME
    RETVAL="$?"
    return "$RETVAL"
}

case "$1" in
start)
    prepare_environment

    # Don't start shibd if NO_START is set.
    if [ "$NO_START" = 1 ] ; then
        if [ "$VERBOSE" != no ] ; then
            echo "Not starting $DESC (see /etc/default/$NAME)"
        fi
        exit 0
    fi
    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
    do_start
    case "$?" in
        0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
        2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    esac
    ;;
stop)
    [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
    do_stop
    case "$?" in
        0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
        2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    esac
    ;;
restart|force-reload)
    prepare_environment

    log_daemon_msg "Restarting $DESC" "$NAME"
    do_stop
    case "$?" in
        0|1)
            do_start
            case "$?" in
                0) log_end_msg 0 ;;
                1) log_end_msg 1 ;; # Old process is still running
                *) log_end_msg 1 ;; # Failed to start
            esac
            ;;
        *)
            # Failed to stop
            log_end_msg 1
            ;;
    esac
    ;;
status)
    status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $?
    ;;
*)
    echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
    exit 1
    ;;
esac

exit 0