1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#!/bin/sh
set -e
confhandler () {
conffile=$1
template=$2
if [ -r $conffile ] ; then
pwd=`grep '^rootpw ' $conffile | head -1 | sed 's/rootpw *//'`
fi
if [ -z "$pwd" -o "$pwd" = "secret" ] ; then
pwd=`mkpasswd -s 0 | tr '/' 'x'`
fi
tempfile=`mktemp`
sed "s/\(rootpw *\)secret/\1$pwd/" $template > $tempfile
ucf $tempfile $conffile
rm $tempfile
chown openldap:openldap $conffile
}
if [ "$1" = "configure" ] ; then
confhandler /etc/bdii/bdii-slapd.conf /usr/share/bdii/bdii-slapd.conf
confhandler /etc/bdii/bdii-top-slapd.conf /usr/share/bdii/bdii-top-slapd.conf
chown openldap:openldap /var/lib/bdii
chown openldap:openldap /var/lib/bdii/gip
chown openldap:openldap /var/lib/bdii/gip/ldif
chown openldap:openldap /var/lib/bdii/gip/provider
chown openldap:openldap /var/lib/bdii/gip/plugin
chown openldap:openldap /var/log/bdii
fi
if [ "$1" = "configure" ] ; then
APP_PROFILE=/etc/apparmor.d/usr.sbin.slapd
LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.sbin.slapd
if [ ! -r "$LOCAL_APP_PROFILE" ] ; then
# Create the local profile if it does not yet exist
tmp=`mktemp`
cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.sbin.slapd.
# For more details, please see /etc/apparmor.d/local/README.
EOM
mkdir -p `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true
mv -f "$tmp" "$LOCAL_APP_PROFILE"
chmod 644 "$LOCAL_APP_PROFILE"
fi
grep -q "AppArmor profile for bdii" "$LOCAL_APP_PROFILE" || \
cat <<EOM >> "$LOCAL_APP_PROFILE"
# AppArmor profile for bdii START
#include <abstractions/p11-kit>
/etc/bdii/* r,
/var/lib/bdii/db/** rwk,
/{,var/}run/bdii/db/* w,
# AppArmor profile for bdii END
EOM
if [ -r "$APP_PROFILE" ] ; then
# Reload the profile
if aa-status --enabled 2>/dev/null ; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
#DEBHELPER#
|
