From: Arran Cudbard-Bell <a.cudbard@networkradius.org>
Date: Fri, 15 Jun 2012 10:48:58 +0000 (+0200)
Subject: Add SMF manifest for solaris
X-Git-Tag: release_2_2_0~119
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99e2ae0f4fb0cb97144fd3e370bc5a3d5fa1686b;p=thirdparty%2Ffreeradius-server.git

Add SMF manifest for solaris
---

diff --git a/scripts/solaris/README.md b/scripts/solaris/README.md
new file mode 100644
index 00000000000..96e0cffda33
--- /dev/null
+++ b/scripts/solaris/README.md
@@ -0,0 +1,44 @@
+# Solaris startup scripts
+
+SMF is the Solaris version of upstart (or the reverse), it imports XML configuration file for services, and manages service dependencies. It will automatically restart daemons in they die, and provides a standard interface for checking the status of a service and administratively disabling/enabling it.
+
+# Installation/configuration
+
+## Solaris 10
+Do the following as the root user ``sudo -s``.
+
+Copy the service management script ``svc-radius`` to ``/lib/srv/method/``:
+
+```bash
+cp ./svc-radius /lib/srv/method/
+chown root:bin /lib/srv/method/svc-radius
+chmod 555 /lib/srv/method/svc-radius
+```
+
+Copy the ``radius.xml`` manifest to ``/var/svc/manifest/network/``, and import it into SMF:
+
+```bash
+cp ./radius.xml /var/srv/manifest/network/radius.xml
+svccfg import /var/svc/manifest/network/radius.xml
+```
+### Authorizing additional users
+
+First create an authorisation entry for the radius service:
+```bash
+echo "solaris.smf.manage.radius/server:::FreeRADIUS Server management::" >> /etc/security/auth_attr
+```
+
+Next instruct SMF to use RBAC for authorising actions on this particular service (only works with local accounts):
+```bash
+svccfg -s radius setprop general/action_authorization=astring: 'solaris.smf.manage.radius/server'
+```
+
+Then assign this authorisation to our one or more users:
+```bash
+usermod -A solaris.smf.manage.radius/server <user>
+```
+
+And finally test with (as authorized user):
+```bash
+svcs radius
+```
diff --git a/scripts/solaris/radius.xml b/scripts/solaris/radius.xml
new file mode 100644
index 00000000000..d9b05065df4
--- /dev/null
+++ b/scripts/solaris/radius.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM
+"/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type='manifest' name='radius'>
+<service
+       name='network/radius'
+       type='service'
+       version='1'>
+       <create_default_instance enabled='false' />
+       <single_instance/>
+  
+       <dependency name='fs-local'
+                grouping='require_all'
+                restart_on='none'
+                type='service'>
+                <service_fmri value='svc:/system/filesystem/local' />
+       </dependency>
+
+       <dependency name='fs-autofs'
+               grouping='optional_all'
+               restart_on='none'
+               type='service'>
+               <service_fmri value='svc:/system/filesystem/autofs' />
+       </dependency>
+
+       <dependency name='net-loopback'
+               grouping='require_all'
+               restart_on='none'
+               type='service'>
+               <service_fmri value='svc:/network/loopback' />
+       </dependency>
+
+       <dependency name='net-physical'
+               grouping='require_all'
+               restart_on='none'
+               type='service'>
+               <service_fmri value='svc:/network/physical' />
+       </dependency>
+
+       <exec_method
+               type='method'
+               name='start'
+               exec='/lib/svc/method/svc-radius %m'
+               timeout_seconds='10' />
+       <exec_method
+               type='method'
+               name='stop'
+               exec='/lib/svc/method/svc-radius %m %{restarter/contract}'
+               timeout_seconds='10' />
+       <exec_method
+               type='method'
+               name='refresh'
+               exec='/lib/svc/method/svc-radius %m'
+               timeout_seconds='10' />
+
+       <stability value='Unstable' />
+       <template>
+               <common_name>
+                       <loctext xml:lang='C'> radius
+                       </loctext>
+               </common_name>
+               <documentation>
+                       <manpage title='radius' section='1M'
+                               manpath='/usr/share/man' />
+              </documentation>
+       </template>
+</service>
+</service_bundle>
diff --git a/scripts/solaris/svc-radius.in b/scripts/solaris/svc-radius.in
new file mode 100755
index 00000000000..2c41f261294
--- /dev/null
+++ b/scripts/solaris/svc-radius.in
@@ -0,0 +1,98 @@
+#!/bin/sh
+. /lib/svc/share/smf_include.sh
+#
+#
+# radiusd       Start the radius daemon.
+#
+#    This program is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program; if not, write to the Free Software
+#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+#    Copyright (C) 2001-2012 The FreeRADIUS Project http://www.freeradius.org
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+sbindir=@sbindir@
+localstatedir=@localstatedir@
+logdir=@logdir@
+rundir=${localstatedir}/run/radiusd
+sysconfdir=@sysconfdir@
+
+#
+#  If you have issues with OpenSSL, uncomment these next lines.
+#
+#  Something similar may work for MySQL, and you may also
+#  have to LD_PRELOAD libz.so
+#
+#LD_LIBRARY_PATH= -lcrypto -lssl -lcrypto
+#LD_RUN_PATH= -lcrypto -lssl -lcrypto:
+#LD_PRELOAD= -lcrypto -lssl -lcryptolibcrypto.so
+export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD
+
+RADIUSD=$sbindir/radiusd
+RADDBDIR=@raddbdir@
+DESC="FreeRADIUS"
+
+#
+#  See 'man radiusd' for details on command-line options.
+#
+ARGS=""
+
+test -f $RADIUSD || exit $SMF_EXIT_ERR_CONFIG 
+test -f $RADDBDIR/radiusd.conf || exit $SMF_EXIT_ERR_CONFIG
+
+#if [ ! -d $rundir ] ; then
+#    mkdir $rundir
+#    chown radmin:radius
+#    chmod 775 $rundir
+#fi
+#
+#if [ ! -d $logdir ] ; then
+#    mkdir $logdir
+#    chown radmin:radius $logdir
+#    chmod 770 $logdir
+#    chmod g+s $logdir
+#fi
+#
+#if [ ! -f $logdir/radius.log ]; then
+#        touch $logdir/radius.log
+#fi
+#
+#chown radmin:radius $logdir/radius.log
+#chmod 660 $logdir/radius.log
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        $RADIUSD $ARGS
+        echo "radiusd"
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        smf_kill_contract $2 TERM 1
+        [ $? -ne 0 ] && exit 1
+        echo "radiusd."
+        ;;
+  refresh)
+        echo "Reloading $DESC configuration files."
+        [ -f $rundir/radiusd.pid ] && kill -HUP `cat $rundir/radiusd.pid`
+        ;;
+  check)
+        $RADIUSD -C $ARGS
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|refresh|check}"
+        exit 1
+esac
+
+exit $SMF_EXIT_OK