From e4093605339062548364d338c811431673bdfe25 Mon Sep 17 00:00:00 2001
From: Fabiano Fidêncio <fidencio@redhat.com>
Date: Jan 23 2017 17:46:37 +0000
Subject: PAC: Make PAC responder socket-activatable


As part of the effort of making all responder socket-activatable, let's
make PAC responder ready for this by providing its systemd's units.

In case the administrators want to use PAC responder taking advantage
of socket-activation they will need to enable sssd-pac.socket and after
a restart of the sssd service, the PAC socket will be ready waiting for
any activity in order to start the PAC responder. Also, the PAC
responder must be removed from the services line on sssd.conf.

The PAC responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

---

diff --git a/Makefile.am b/Makefile.am
index b2bc2d5..fd6f2fa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3947,6 +3947,12 @@ if BUILD_AUTOFS
         src/sysv/systemd/sssd-autofs.service \
         $(NULL)
 endif
+if BUILD_PAC_RESPONDER
+    systemdunit_DATA += \
+        src/sysv/systemd/sssd-pac.socket \
+        src/sysv/systemd/sssd-pac.service \
+        $(NULL)
+endif
 if WITH_JOURNALD
     systemdconf_DATA += \
         src/sysv/systemd/journal.conf
@@ -4012,6 +4018,12 @@ EXTRA_DIST += \
     src/sysv/systemd/sssd-autofs.service.in \
     $(NULL)
 endif
+if BUILD_PAC_RESPONDER
+EXTRA_DIST += \
+    src/sysv/systemd/sssd-pac.socket.in \
+    src/sysv/systemd/sssd-pac.service.in \
+    $(NULL)
+endif
 
 src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile
 	@$(MKDIR_P) src/sysv/systemd/
@@ -4047,6 +4059,16 @@ src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Ma
 	$(replace_script)
 endif
 
+if BUILD_PAC_RESPONDER
+src/sysv/systemd/sssd-pac.socket: src/sysv/systemd/sssd-pac.socket.in Makefile
+	@$(MKDIR_P) src/sysv/systemd/
+	$(replace_script)
+
+src/sysv/systemd/sssd-pac.service: src/sysv/systemd/sssd-pac.service.in Makefile
+	@$(MKDIR_P) src/sysv/systemd/
+	$(replace_script)
+endif
+
 SSSD_USER_DIRS = \
     $(DESTDIR)$(dbpath) \
     $(DESTDIR)$(keytabdir) \
@@ -4270,6 +4292,8 @@ endif
 	rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service
 	rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket
 	rm -f $(builddir)/src/sysv/systemd/sssd-nss.service
+	rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket
+	rm -f $(builddir)/src/sysv/systemd/sssd-pac.service
 	rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket
 	rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service
 	rm -f $(builddir)/src/sysv/systemd/journal.conf
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 519246b..965f383 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -803,6 +803,8 @@ done
 %{_unitdir}/sssd-autofs.service
 %{_unitdir}/sssd-nss.socket
 %{_unitdir}/sssd-nss.service
+%{_unitdir}/sssd-pac.socket
+%{_unitdir}/sssd-pac.service
 %{_unitdir}/sssd-secrets.socket
 %{_unitdir}/sssd-secrets.service
 %else
@@ -1139,12 +1141,14 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
 %systemd_post sssd.service
 %systemd_post sssd-autofs.socket
 %systemd_post sssd-nss.socket
+%systemd_post sssd-pac.socket
 %systemd_post sssd-secrets.socket
 
 %preun common
 %systemd_preun sssd.service
 %systemd_preun sssd-autofs.socket
 %systemd_preun sssd-nss.socket
+%systemd_preun sssd-pac.socket
 %systemd_preun sssd-secrets.socket
 
 %postun common
@@ -1153,6 +1157,8 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
 %systemd_postun_with_restart sssd-autofs.service
 %systemd_postun_with_restart sssd-nss.socket
 %systemd_postun_with_restart sssd-nss.service
+%systemd_postun_with_restart sssd-pac.socket
+%systemd_postun_with_restart sssd-pac.service
 %systemd_postun_with_restart sssd-secrets.socket
 %systemd_postun_with_restart sssd-secrets.service
 
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index 5eeb8eb..1f820c0 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -218,6 +218,7 @@ int main(int argc, const char *argv[])
         POPT_AUTOHELP
         SSSD_MAIN_OPTS
         SSSD_SERVER_OPTS(uid, gid)
+        SSSD_RESPONDER_OPTS
         POPT_TABLEEND
     };
 
diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in
new file mode 100644
index 0000000..a921c74
--- /dev/null
+++ b/src/sysv/systemd/sssd-pac.service.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=SSSD PAC Service responder
+Documentation=man:sssd.conf(5)
+After=sssd.service
+BindsTo=sssd.service
+
+[Install]
+Also=sssd-pac.socket
+
+[Service]
+ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pac.log
+ExecStart=@libexecdir@/sssd/sssd_pac --debug-to-files --socket-activated
+Restart=on-failure
+User=@SSSD_USER@
+Group=@SSSD_USER@
+PermissionsStartOnly=true
diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
new file mode 100644
index 0000000..cb1bd68
--- /dev/null
+++ b/src/sysv/systemd/sssd-pac.socket.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=SSSD PAC Service responder socket
+Documentation=man:sssd.conf(5)
+BindsTo=sssd.service
+
+[Socket]
+ListenStream=@pipepath@/pac
+SocketUser=@SSSD_USER@
+SocketGroup=@SSSD_USER@
+
+[Install]
+WantedBy=sssd.service