meta-starlingx/meta-stx-integ/recipes-support/openldap/files/sources/libexec-check-config.sh

   1 #!/bin/sh
   2 # Author: Jan Vcelak <jvcelak@redhat.com>
   3
   4 . /usr/libexec/openldap/functions
   5
   6 function check_config_syntax()
   7 {
   8         retcode=0
   9         tmp_slaptest=`mktemp --tmpdir=/var/run/openldap`
  10         run_as_ldap "/usr/sbin/slaptest $SLAPD_GLOBAL_OPTIONS -u" &>$tmp_slaptest
  11         if [ $? -ne 0 ]; then
  12                 error "Checking configuration file failed:"
  13                 cat $tmp_slaptest >&2
  14                 retcode=1
  15         fi
  16         rm $tmp_slaptest
  17         return $retcode
  18 }
  19
  20 function check_certs_perms()
  21 {
  22         retcode=0
  23         for cert in `certificates`; do
  24                 run_as_ldap "/usr/bin/test -e \"$cert\""
  25                 if [ $? -ne 0 ]; then
  26                         error "TLS certificate/key/DB '%s' was not found." "$cert"
  27                         retcoder=1
  28                         continue
  29                 fi
  30                 run_as_ldap "/usr/bin/test -r \"$cert\""
  31                 if [ $? -ne 0 ]; then
  32                         error "TLS certificate/key/DB '%s' is not readable." "$cert"
  33                         retcode=1
  34                 fi
  35         done
  36         return $retcode
  37 }
  38
  39 function check_db_perms()
  40 {
  41         retcode=0
  42         for dbdir in `databases`; do
  43                 [ -d "$dbdir" ] || continue
  44                 for dbfile in `find ${dbdir} -maxdepth 1 -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name "alock"`; do
  45                         run_as_ldap "/usr/bin/test -r \"$dbfile\" -a -w \"$dbfile\""
  46                         if [ $? -ne 0 ]; then
  47                                 error "Read/write permissions for DB file '%s' are required." "$dbfile"
  48                                 retcode=1
  49                         fi
  50                 done
  51         done
  52         return $retcode
  53 }
  54
  55 function check_everything()
  56 {
  57         retcode=0
  58         check_config_syntax || retcode=1
  59         # TODO: need support for Mozilla NSS, disabling temporarily
  60         #check_certs_perms || retcode=1
  61         check_db_perms || retcode=1
  62         return $retcode
  63 }
  64
  65 if [ `id -u` -ne 0 ]; then
  66         error "You have to be root to run this script."
  67         exit 4
  68 fi
  69
  70 load_sysconfig
  71
  72 if [ -n "$SLAPD_CONFIG_DIR" ]; then
  73         if [ ! -d "$SLAPD_CONFIG_DIR" ]; then
  74                 error "Configuration directory '%s' does not exist." "$SLAPD_CONFIG_DIR"
  75         else
  76                 check_everything
  77                 exit $?
  78         fi
  79 fi
  80
  81 if [ -n "$SLAPD_CONFIG_FILE" ]; then
  82         if [ ! -f "$SLAPD_CONFIG_FILE" ]; then
  83                 error "Configuration file '%s' does not exist." "$SLAPD_CONFIG_FILE"
  84         else
  85                 error "Warning: Usage of a configuration file is obsolete!"
  86                 check_everything
  87                 exit $?
  88         fi
  89 fi
  90
  91 exit 1