mrc0mmand / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone

Blame SOURCES/libexec-check-config.sh

3b9fe0
#!/bin/sh
3b9fe0
# Author: Jan Vcelak <jvcelak@redhat.com>
3b9fe0
3b9fe0
. /usr/libexec/openldap/functions
3b9fe0
3b9fe0
function check_config_syntax()
3b9fe0
{
3b9fe0
	retcode=0
3b9fe0
	tmp_slaptest=`mktemp --tmpdir=/var/run/openldap`
3b9fe0
	run_as_ldap "/usr/sbin/slaptest $SLAPD_GLOBAL_OPTIONS -u" &>$tmp_slaptest
3b9fe0
	if [ $? -ne 0 ]; then
3b9fe0
		error "Checking configuration file failed:"
3b9fe0
		cat $tmp_slaptest >&2
3b9fe0
		retcode=1
3b9fe0
	fi
3b9fe0
	rm $tmp_slaptest
3b9fe0
	return $retcode
3b9fe0
}
3b9fe0
3b9fe0
function check_certs_perms()
3b9fe0
{
3b9fe0
	retcode=0
3b9fe0
	for cert in `certificates`; do
3b9fe0
		run_as_ldap "/usr/bin/test -e \"$cert\""
3b9fe0
		if [ $? -ne 0 ]; then
3b9fe0
			error "TLS certificate/key/DB '%s' was not found." "$cert"
3b9fe0
			retcoder=1
3b9fe0
			continue
3b9fe0
		fi
3b9fe0
		run_as_ldap "/usr/bin/test -r \"$cert\""
3b9fe0
		if [ $? -ne 0 ]; then
3b9fe0
			error "TLS certificate/key/DB '%s' is not readable." "$cert"
3b9fe0
			retcode=1
3b9fe0
		fi
3b9fe0
	done
3b9fe0
	return $retcode
3b9fe0
}
3b9fe0
3b9fe0
function check_db_perms()
3b9fe0
{
3b9fe0
	retcode=0
3b9fe0
	for dbdir in `databases`; do
3b9fe0
		[ -d "$dbdir" ] || continue
3b9fe0
		for dbfile in `find ${dbdir} -maxdepth 1 -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name "alock"`; do
3b9fe0
			run_as_ldap "/usr/bin/test -r \"$dbfile\" -a -w \"$dbfile\""
3b9fe0
			if [ $? -ne 0 ]; then
3b9fe0
				error "Read/write permissions for DB file '%s' are required." "$dbfile"
3b9fe0
				retcode=1
3b9fe0
			fi
3b9fe0
		done
3b9fe0
	done
3b9fe0
	return $retcode
3b9fe0
}
3b9fe0
3b9fe0
function check_everything()
3b9fe0
{
3b9fe0
	retcode=0
3b9fe0
	check_config_syntax || retcode=1
3b9fe0
	# TODO: need support for Mozilla NSS, disabling temporarily
3b9fe0
	#check_certs_perms || retcode=1
3b9fe0
	check_db_perms || retcode=1
3b9fe0
	return $retcode
3b9fe0
}
3b9fe0
3b9fe0
if [ `id -u` -ne 0 ]; then
3b9fe0
	error "You have to be root to run this script."
3b9fe0
	exit 4
3b9fe0
fi
3b9fe0
3b9fe0
load_sysconfig
3b9fe0
3b9fe0
if [ -n "$SLAPD_CONFIG_DIR" ]; then
3b9fe0
	if [ ! -d "$SLAPD_CONFIG_DIR" ]; then
3b9fe0
		error "Configuration directory '%s' does not exist." "$SLAPD_CONFIG_DIR"
3b9fe0
	else
3b9fe0
		check_everything
3b9fe0
		exit $?
3b9fe0
	fi
3b9fe0
fi
3b9fe0
3b9fe0
if [ -n "$SLAPD_CONFIG_FILE" ]; then
3b9fe0
	if [ ! -f "$SLAPD_CONFIG_FILE" ]; then
3b9fe0
		error "Configuration file '%s' does not exist." "$SLAPD_CONFIG_FILE"
3b9fe0
	else
3b9fe0
		error "Warning: Usage of a configuration file is obsolete!"
3b9fe0
		check_everything
3b9fe0
		exit $?
3b9fe0
	fi
3b9fe0
fi
3b9fe0
3b9fe0
exit 1