Blob Blame Raw
From 7130e7595ee5e919558a143e64fb08cab1e3d45d Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 6 Feb 2020 15:30:42 -0500
Subject: [PATCH] Issue 50882 - Fix healthcheck errors for instances that do
 not have TLS enabled

Bug Description:  The config and FSChecks fail when TLS is not setup

Fix Description:  Properly check for conditions when TLS is not enabled,
                  and ignore errors if TLS related files are not present
                  during the FS permissions check.

relates: https://pagure.io/389-ds-base/issue/50882

Reviewed by: firstyear(thanks!)
---
 src/lib389/lib389/config.py  |  2 +-
 src/lib389/lib389/dseldif.py | 23 +++++++++++++----------
 src/lib389/lib389/lint.py    |  3 +--
 src/lib389/lib389/nss_ssl.py |  3 +++
 4 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py
index f71baf2d8..268b99c90 100644
--- a/src/lib389/lib389/config.py
+++ b/src/lib389/lib389/config.py
@@ -238,7 +238,7 @@ class Encryption(DSLdapObject):
 
     def _lint_check_tls_version(self):
         tls_min = self.get_attr_val('sslVersionMin')
-        if tls_min < ensure_bytes('TLS1.1'):
+        if tls_min is not None and tls_min < ensure_bytes('TLS1.1'):
             report = copy.deepcopy(DSELE0001)
             report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid)
             yield report
diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py
index fbb50623b..716dd46e9 100644
--- a/src/lib389/lib389/dseldif.py
+++ b/src/lib389/lib389/dseldif.py
@@ -200,13 +200,16 @@ class FSChecks(object):
         """Test file permissions are safe
         """
         for ds_file in self.ds_files:
-            perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
-            if perms not in ds_file['perms']:
-                perms = str(ds_file['perms'][0])
-                report = copy.deepcopy(ds_file['report'])
-                report['items'].append(ds_file['name'])
-                report['detail'] = report['detail'].replace('FILE', ds_file['name'])
-                report['detail'] = report['detail'].replace('PERMS', perms)
-                report['fix'] = report['fix'].replace('FILE', ds_file['name'])
-                report['fix'] = report['fix'].replace('PERMS', perms)
-                yield report
+            try:
+                perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
+                if perms not in ds_file['perms']:
+                    perms = str(ds_file['perms'][0])
+                    report = copy.deepcopy(ds_file['report'])
+                    report['items'].append(ds_file['name'])
+                    report['detail'] = report['detail'].replace('FILE', ds_file['name'])
+                    report['detail'] = report['detail'].replace('PERMS', perms)
+                    report['fix'] = report['fix'].replace('FILE', ds_file['name'])
+                    report['fix'] = report['fix'].replace('PERMS', perms)
+                    yield report
+            except FileNotFoundError:
+                pass
diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py
index 68b729674..742058fa1 100644
--- a/src/lib389/lib389/lint.py
+++ b/src/lib389/lib389/lint.py
@@ -224,8 +224,7 @@ DSREPLLE0002 = {
     'dsle': 'DSREPLLE0002',
     'severity': 'LOW',
     'items' : ['Replication', 'Conflict Entries'],
-    'detail': """There were COUNT conflict entries found under the replication suffix "SUFFIX".
-Status message: MSG""",
+    'detail': "There were COUNT conflict entries found under the replication suffix \"SUFFIX\".",
     'fix' : """While conflict entries are expected to occur in an MMR environment, they
 should be resolved.  In regards to conflict entries there is always the original/counterpart
 entry that has a normal DN, and then the conflict version of that entry.  Technically both
diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py
index 41b19caa4..c64f158d5 100644
--- a/src/lib389/lib389/nss_ssl.py
+++ b/src/lib389/lib389/nss_ssl.py
@@ -394,6 +394,9 @@ only.
         for line in lines:
             if line == '':
                 continue
+            if line == 'Database needs user init':
+                # There are no certs, abort...
+                return []
             cert_values.append(re.match(r'^(.+[^\s])[\s]+([^\s]+)$', line.rstrip()).groups())
         return cert_values
 
-- 
2.21.1