#!/bin/sh # testenv.sh - script to check test environment # # Copyright (C) 2011-2018 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA set -e # get the script name script="`basename "$0"`" # find source and build directory (used for finding auxiliary files) srcdir="${srcdir-`dirname "$0"`}" builddir="${builddir-`dirname "$0"`}" # location of nslcd configuration file nslcd_cfg="${nslcd_cfg-/etc/nslcd.conf}" # the configured module name (usually ldap) if [ -f "$builddir"/../config.h ] then module_name=`sed -n 's/^#define MODULE_NAME "\(.*\)"$/\1/p' "$builddir"/../config.h` fi module_name="${module_name-ldap}" # find the names of services that are configured to use LDAP nss_list_configured() { sed -n 's/^[ \t]*\([a-z]*\)[ \t]*:.*[ \t]'$module_name'.*$/\1/p' /etc/nsswitch.conf \ | xargs } # check whether the name is configure to do lookups through LDAP nss_is_enabled() { name="$1" grep '^[ \t]*'$name'[ \t]*:.*'$module_name'.*' /etc/nsswitch.conf > /dev/null } # check to see if name is configured to do lookups through # LDAP and enable if not enable_nss() { name="$1" if nss_is_enabled "$name" then : else echo "$script: /etc/nsswitch.conf: enable LDAP lookups for $name" >&2 if grep -q '^[ \t]*'$name'[ \t]*:' /etc/nsswitch.conf then # modify an existing entry by just adding ldap to the end sed -i 's/^\([ \t]*'$name'[ \t]*:.*[^ \t]\)[ \t]*$/\1 '$module_name'/' /etc/nsswitch.conf else # append a new line printf '%-15s '$module_name'\n' $name':' >> /etc/nsswitch.conf fi # invalidate nscd cache nscd -i "$name" > /dev/null 2>&1 || true fi # we're done return 0 } # put a PAM stack in place that enables lookups through LDAP # (this is currently hard-coded to only support Debian-based systems) enable_pam() { cp "$srcdir"/debian-pam-config /usr/share/pam-configs/ldap pam-auth-update --enable --force ldap } # check nsswitch.conf to see if dbs use ldap check_nsswitch() { required="${1:-passwd group}" if [ -r /etc/nsswitch.conf ] then : else echo "$script: ERROR: /etc/nsswitch.conf: not found" >&2 return 1 fi enabled=`nss_list_configured` if [ -z "$enabled" ] then echo "$script: ERROR: /etc/nsswitch.conf: no LDAP maps configured" >&2 return 1 fi for x in $required do if nss_is_enabled "$x" then : else echo "$script: ERROR: /etc/nsswitch.conf: $x not using ldap" >&2 return 1 fi done echo "$script: nsswitch.conf configured for $enabled" return 0 } # check PAM stack check_pam() { # TODO: implement some tests return 0 } # perform an LDAP search do_ldap_search() { uri="$1" base="$2" host=`echo "$uri/" | sed -n 's|:368||;s|ldap://\([^/]*\)/.*$|\1|p'` ldapsearch -b "$base" -s base -x -H "$uri" '(objectClass=*)' 2> /dev/null || \ ([ -n "$host" ] && LDAPSASL_MECH=none ldapsearch -b "$base" -s base -h "$host" '(objectClass=*)' 2> /dev/null) || \ true } # check whether the LDAP server is available check_ldap_server() { # see if we can find ldapsearch [ -x "`which ldapsearch 2> /dev/null || true`" ] || { echo "$script: ERROR: ldapsearch not found" >&2 return 1 } # get first URI from config uri="${1:-`sed -n 's/^uri *//p' "$nslcd_cfg" 2>/dev/null | head -n 1`}" uri="${uri:-`sed -n 's/^uri *//p' "$srcdir"/nslcd-test.conf 2>/dev/null | head -n 1`}" uri="${uri:-ldap://127.0.0.1}" base="${2:-dc=test,dc=tld}" # try to fetch the base DN if do_ldap_search "$uri" "$base" < /dev/null | grep "^dn: $base\$" > /dev/null then echo "$script: LDAP server $uri providing $base" return 0 fi echo "$script: ERROR: LDAP server $uri not available for $base" >&2 return 1 } # check nslcd.conf file for presence and correct configuration check_nslcd_conf() { # check if file is present [ -r "$nslcd_cfg" ] || { echo "$script: ERROR: $nslcd_cfg: not found" >&2 return 1 } # TODO: more tests... return 0 } # basic check to see if nslcd is running check_nslcd_running() { if [ -r /var/run/nslcd/socket ] && \ [ -f /var/run/nslcd/nslcd.pid ] && \ kill -0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1 then echo "$script: nslcd running (pid `cat /var/run/nslcd/nslcd.pid`)" >&2 return 0 fi echo "$script: ERROR: nslcd not running" >&2 return 1 } case "$1" in enable_nss|nss_enable) # modify /etc/nsswitch.conf to enable ldap for db shift while [ $# -gt 0 ] do enable_nss "$1" shift done exit 0 ;; enable_pam) enable_pam exit 0 ;; check) # perform all tests for test environment res=0 check_nsswitch || res=1 check_pam || res=1 check_ldap_server || res=1 check_nslcd_conf || res=1 check_nslcd_running || res=1 [ $res -eq 0 ] && echo "$script: test environment OK" || true exit $res ;; check_nss) # check nsswitch.conf to see if dbs use ldap shift check_nsswitch "$*" || exit 1 exit 0 ;; check_ldap) # check availability of LDAP server # (optional URI and BASE arguments) shift check_ldap_server "$@" || exit 1 exit 0 ;; check_nslcd) # check nslcd availability res=0 check_ldap_server || res=1 check_nslcd_conf || res=1 check_nslcd_running || res=1 [ $res -eq 0 ] && echo "$script: test environment OK" || true exit $res ;; *) echo "Usage: $0 {enable_nss|enable_pam|check|check_nss|check_ldap}" >&2 exit 1 ;; esac