|
Packit |
6bd9ab |
#!/bin/sh
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# testenv.sh - script to check test environment
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# Copyright (C) 2011-2017 Arthur de Jong
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
# modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
# License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
# version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
# Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
# License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
# 02110-1301 USA
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
set -e
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# get the script name
|
|
Packit |
6bd9ab |
script="`basename "$0"`"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# find source and build directory (used for finding auxiliary files)
|
|
Packit |
6bd9ab |
srcdir="${srcdir-`dirname "$0"`}"
|
|
Packit |
6bd9ab |
builddir="${builddir-`dirname "$0"`}"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# location of nslcd configuration file
|
|
Packit |
6bd9ab |
nslcd_cfg="${nslcd_cfg-/etc/nslcd.conf}"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# the configured module name (usually ldap)
|
|
Packit |
6bd9ab |
if [ -f "$builddir"/../config.h ]
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
module_name=`sed -n 's/^#define MODULE_NAME "\(.*\)"$/\1/p' "$builddir"/../config.h`
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
module_name="${module_name-ldap}"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# find the names of services that are configured to use LDAP
|
|
Packit |
6bd9ab |
nss_list_configured()
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
sed -n 's/^[ \t]*\([a-z]*\)[ \t]*:.*[ \t]'$module_name'.*$/\1/p' /etc/nsswitch.conf \
|
|
Packit |
6bd9ab |
| xargs
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# check whether the name is configure to do lookups through LDAP
|
|
Packit |
6bd9ab |
nss_is_enabled()
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
name="$1"
|
|
Packit |
6bd9ab |
grep '^[ \t]*'$name'[ \t]*:.*'$module_name'.*' /etc/nsswitch.conf > /dev/null
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# check to see if name is configured to do lookups through
|
|
Packit |
6bd9ab |
# LDAP and enable if not
|
|
Packit |
6bd9ab |
nss_enable()
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
name="$1"
|
|
Packit |
6bd9ab |
if nss_is_enabled "$name"
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
:
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
echo "$script: /etc/nsswitch.conf: enable LDAP lookups for $name" >&2
|
|
Packit |
6bd9ab |
if grep -q '^[ \t]*'$name'[ \t]*:' /etc/nsswitch.conf
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
# modify an existing entry by just adding ldap to the end
|
|
Packit |
6bd9ab |
sed -i 's/^\([ \t]*'$name'[ \t]*:.*[^ \t]\)[ \t]*$/\1 '$module_name'/' /etc/nsswitch.conf
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
# append a new line
|
|
Packit |
6bd9ab |
printf '%-15s '$module_name'\n' $name':' >> /etc/nsswitch.conf
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
# invalidate nscd cache
|
|
Packit |
6bd9ab |
nscd -i "$name" > /dev/null 2>&1 || true
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
# we're done
|
|
Packit |
6bd9ab |
return 0
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# check nsswitch.conf to see if dbs use ldap
|
|
Packit |
6bd9ab |
check_nsswitch() {
|
|
Packit |
6bd9ab |
required="${1:-passwd group}"
|
|
Packit |
6bd9ab |
if [ -r /etc/nsswitch.conf ]
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
:
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
echo "$script: ERROR: /etc/nsswitch.conf: not found" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
enabled=`nss_list_configured`
|
|
Packit |
6bd9ab |
if [ -z "$enabled" ]
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
echo "$script: ERROR: /etc/nsswitch.conf: no LDAP maps configured" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
for x in $required
|
|
Packit |
6bd9ab |
do
|
|
Packit |
6bd9ab |
if nss_is_enabled "$x"
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
:
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
echo "$script: ERROR: /etc/nsswitch.conf: $x not using ldap" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
done
|
|
Packit |
6bd9ab |
echo "$script: nsswitch.conf configured for $enabled"
|
|
Packit |
6bd9ab |
return 0
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# check PAM stack
|
|
Packit |
6bd9ab |
check_pam() {
|
|
Packit |
6bd9ab |
# TODO: implement some tests
|
|
Packit |
6bd9ab |
return 0
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# perform an LDAP search
|
|
Packit |
6bd9ab |
do_ldap_search() {
|
|
Packit |
6bd9ab |
uri="$1"
|
|
Packit |
6bd9ab |
base="$2"
|
|
Packit |
6bd9ab |
host=`echo "$uri/" | sed -n 's|:368||;s|ldap://\([^/]*\)/.*$|\1|p'`
|
|
Packit |
6bd9ab |
ldapsearch -b "$base" -s base -x -H "$uri" '(objectClass=*)' 2> /dev/null || \
|
|
Packit |
6bd9ab |
([ -n "$host" ] && LDAPSASL_MECH=none ldapsearch -b "$base" -s base -h "$host" '(objectClass=*)' 2> /dev/null) || \
|
|
Packit |
6bd9ab |
true
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# check whether the LDAP server is available
|
|
Packit |
6bd9ab |
check_ldap_server() {
|
|
Packit |
6bd9ab |
# see if we can find ldapsearch
|
|
Packit |
6bd9ab |
[ -x "`which ldapsearch 2> /dev/null || true`" ] || {
|
|
Packit |
6bd9ab |
echo "$script: ERROR: ldapsearch not found" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
# get first URI from config
|
|
Packit |
6bd9ab |
uri="${1:-`sed -n 's/^uri *//p' "$nslcd_cfg" 2>/dev/null | head -n 1`}"
|
|
Packit |
6bd9ab |
uri="${uri:-`sed -n 's/^uri *//p' "$srcdir"/nslcd-test.conf 2>/dev/null | head -n 1`}"
|
|
Packit |
6bd9ab |
uri="${uri:-ldap://127.0.0.1}"
|
|
Packit |
6bd9ab |
base="${2:-dc=test,dc=tld}"
|
|
Packit |
6bd9ab |
# try to fetch the base DN
|
|
Packit |
6bd9ab |
if do_ldap_search "$uri" "$base" < /dev/null | grep "^dn: $base\$" > /dev/null
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
echo "$script: LDAP server $uri providing $base"
|
|
Packit |
6bd9ab |
return 0
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
echo "$script: ERROR: LDAP server $uri not available for $base" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# check nslcd.conf file for presence and correct configuration
|
|
Packit |
6bd9ab |
check_nslcd_conf() {
|
|
Packit |
6bd9ab |
# check if file is present
|
|
Packit |
6bd9ab |
[ -r "$nslcd_cfg" ] || {
|
|
Packit |
6bd9ab |
echo "$script: ERROR: $nslcd_cfg: not found" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
# TODO: more tests...
|
|
Packit |
6bd9ab |
return 0
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# basic check to see if nslcd is running
|
|
Packit |
6bd9ab |
check_nslcd_running() {
|
|
Packit |
6bd9ab |
if [ -r /var/run/nslcd/socket ] && \
|
|
Packit |
6bd9ab |
[ -f /var/run/nslcd/nslcd.pid ] && \
|
|
Packit |
6bd9ab |
kill -0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1
|
|
Packit |
6bd9ab |
then
|
|
Packit |
6bd9ab |
echo "$script: nslcd running (pid `cat /var/run/nslcd/nslcd.pid`)" >&2
|
|
Packit |
6bd9ab |
return 0
|
|
Packit |
6bd9ab |
fi
|
|
Packit |
6bd9ab |
echo "$script: ERROR: nslcd not running" >&2
|
|
Packit |
6bd9ab |
return 1
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
case "$1" in
|
|
Packit |
6bd9ab |
nss_enable)
|
|
Packit |
6bd9ab |
# modify /etc/nsswitch.conf to enable ldap for db
|
|
Packit |
6bd9ab |
shift
|
|
Packit |
6bd9ab |
while [ $# -gt 0 ]
|
|
Packit |
6bd9ab |
do
|
|
Packit |
6bd9ab |
nss_enable "$1"
|
|
Packit |
6bd9ab |
shift
|
|
Packit |
6bd9ab |
done
|
|
Packit |
6bd9ab |
exit 0
|
|
Packit |
6bd9ab |
;;
|
|
Packit |
6bd9ab |
check)
|
|
Packit |
6bd9ab |
# perform all tests for test environment
|
|
Packit |
6bd9ab |
res=0
|
|
Packit |
6bd9ab |
check_nsswitch || res=1
|
|
Packit |
6bd9ab |
check_pam || res=1
|
|
Packit |
6bd9ab |
check_ldap_server || res=1
|
|
Packit |
6bd9ab |
check_nslcd_conf || res=1
|
|
Packit |
6bd9ab |
check_nslcd_running || res=1
|
|
Packit |
6bd9ab |
[ $res -eq 0 ] && echo "$script: test environment OK" || true
|
|
Packit |
6bd9ab |
exit $res
|
|
Packit |
6bd9ab |
;;
|
|
Packit |
6bd9ab |
check_nss)
|
|
Packit |
6bd9ab |
# check nsswitch.conf to see if dbs use ldap
|
|
Packit |
6bd9ab |
shift
|
|
Packit |
6bd9ab |
check_nsswitch "$*" || exit 1
|
|
Packit |
6bd9ab |
exit 0
|
|
Packit |
6bd9ab |
;;
|
|
Packit |
6bd9ab |
check_ldap)
|
|
Packit |
6bd9ab |
# check availability of LDAP server
|
|
Packit |
6bd9ab |
# (optional URI and BASE arguments)
|
|
Packit |
6bd9ab |
shift
|
|
Packit |
6bd9ab |
check_ldap_server "$@" || exit 1
|
|
Packit |
6bd9ab |
exit 0
|
|
Packit |
6bd9ab |
;;
|
|
Packit |
6bd9ab |
check_nslcd)
|
|
Packit |
6bd9ab |
# check nslcd availability
|
|
Packit |
6bd9ab |
res=0
|
|
Packit |
6bd9ab |
check_ldap_server || res=1
|
|
Packit |
6bd9ab |
check_nslcd_conf || res=1
|
|
Packit |
6bd9ab |
check_nslcd_running || res=1
|
|
Packit |
6bd9ab |
[ $res -eq 0 ] && echo "$script: test environment OK" || true
|
|
Packit |
6bd9ab |
exit $res
|
|
Packit |
6bd9ab |
;;
|
|
Packit |
6bd9ab |
*)
|
|
Packit |
6bd9ab |
echo "Usage: $0 {nss_enable|check|check_nss|check_ldap}" >&2
|
|
Packit |
6bd9ab |
exit 1
|
|
Packit |
6bd9ab |
;;
|
|
Packit |
6bd9ab |
esac
|