From a7715486507e75e4a7cee843a48067b15595defa Mon Sep 17 00:00:00 2001
From: Ed Tanous <ed.tanous@intel.com>
Date: Wed, 13 Feb 2019 16:51:50 -0800
Subject: Initial commit of intel repository

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
---
 .../meta-common/recipes-security/sssd/files/ldb.sh |  1 +
 .../recipes-security/sssd/files/locked_groups      |  1 +
 .../recipes-security/sssd/files/nscd.conf          |  2 ++
 .../recipes-security/sssd/files/sssd.conf          | 16 +++++++++++++
 .../recipes-security/sssd/files/sssd.service       | 15 +++++++++++++
 .../recipes-security/sssd/sssd_%.bbappend          | 26 ++++++++++++++++++++++
 6 files changed, 61 insertions(+)
 create mode 100644 meta-openbmc-mods/meta-common/recipes-security/sssd/files/ldb.sh
 create mode 100644 meta-openbmc-mods/meta-common/recipes-security/sssd/files/locked_groups
 create mode 100644 meta-openbmc-mods/meta-common/recipes-security/sssd/files/nscd.conf
 create mode 100644 meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.conf
 create mode 100644 meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.service
 create mode 100644 meta-openbmc-mods/meta-common/recipes-security/sssd/sssd_%.bbappend

(limited to 'meta-openbmc-mods/meta-common/recipes-security/sssd')

diff --git a/meta-openbmc-mods/meta-common/recipes-security/sssd/files/ldb.sh b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/ldb.sh
new file mode 100644
index 000000000..176bfd7ca
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/ldb.sh
@@ -0,0 +1 @@
+export LDB_MODULES_PATH=/usr/lib/ldb
diff --git a/meta-openbmc-mods/meta-common/recipes-security/sssd/files/locked_groups b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/locked_groups
new file mode 100644
index 000000000..7c189e231
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/locked_groups
@@ -0,0 +1 @@
+sssd_locked
diff --git a/meta-openbmc-mods/meta-common/recipes-security/sssd/files/nscd.conf b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/nscd.conf
new file mode 100644
index 000000000..d2ffe5ddc
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/nscd.conf
@@ -0,0 +1,2 @@
+enable-cache passwd no
+enable-cache group no
\ No newline at end of file
diff --git a/meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.conf b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.conf
new file mode 100644
index 000000000..7a2786bee
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.conf
@@ -0,0 +1,16 @@
+[sssd]
+domains = LOCAL
+services = nss, pam
+config_file_version = 2
+
+[nss]
+enum_cache_timeout = 1
+filter_groups = root
+filter_users = root
+
+[pam]
+
+[domain/LOCAL]
+enumerate = true
+id_provider = local
+auth_provider = local
diff --git a/meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.service b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.service
new file mode 100644
index 000000000..fe2bcf8b4
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-security/sssd/files/sssd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=System Security Services Daemon
+# SSSD must be running before we permit user sessions
+Before=systemd-user-sessions.service nss-user-lookup.target
+Wants=nss-user-lookup.target
+
+[Service]
+Environment=LDB_MODULES_PATH=/usr/lib/ldb DEBUG_LOGGER=-f
+ExecStart=/usr/sbin/sssd $DEBUG_LOGGER
+Type=simple
+Restart=always
+PIDFile=/var/run/sssd.pid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-openbmc-mods/meta-common/recipes-security/sssd/sssd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-security/sssd/sssd_%.bbappend
new file mode 100644
index 000000000..03965ce72
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-security/sssd/sssd_%.bbappend
@@ -0,0 +1,26 @@
+inherit obmc-phosphor-systemd
+
+FILESEXTRAPATHS_append := "${THISDIR}/files:"
+SRC_URI += "file://sssd.conf \
+            file://nscd.conf \
+            file://locked_groups \
+            file://ldb.sh \
+           "
+
+PACKAGECONFIG += " systemd "
+SYSTEMD_AUTO_ENABLE = "enable"
+
+EXTRA_OECONF += " --enable-pammoddir=${base_libdir}/security"
+
+do_install_append() {
+    # sssd creates also the /var/run link. Need to remove it to avoid conflicts
+    # with the one created by base-files recipe.
+    rm -rf ${D}/var/run
+    install -m 600 ${WORKDIR}/locked_groups ${D}/${sysconfdir}/${BPN}
+    install -m 600 ${WORKDIR}/nscd.conf ${D}/${sysconfdir}
+    install -d ${D}${sysconfdir}/profile.d
+    install -m 0644 ${WORKDIR}/ldb.sh ${D}${sysconfdir}/profile.d
+}
+
+FILES_${PN} += " /lib/security/pam_sss.so "
+
-- 
cgit v1.2.3