⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.19
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
libexec
/
openldap
/
View File Name :
update-ppolicy-schema.sh
#!/bin/bash # This script serves one purpose, to add a possibly missing attribute # to a ppolicy schema in a dynamic configuration of OpenLDAP. This # attribute was introduced in openldap-2.4.43 and slapd will not # start without it later on. # # The script tries to update in a directory given as first parameter, # or in /etc/openldap/slapd.d implicitly. # # Author: Matus Honek <mhonek@redhat.com> # Bugzilla: #1487857 function log { echo "Update dynamic configuration: " $@ true } function iferr { if [ $? -ne 0 ]; then log "ERROR: " $@ true else false fi } function update { set -u shopt -s extglob ORIGINAL="${1:-/etc/openldap/slapd.d}" ORIGINAL="${ORIGINAL%*(/)}" ### check if necessary grep -r "pwdMaxRecordedFail" "${ORIGINAL}/cn=config/cn=schema" >/dev/null [ $? -eq 0 ] && log "Schemas look up to date. Ok. Quitting." && return 0 ### prep log "Prepare environment." TEMPDIR=$(mktemp -d) iferr "Could not create a temporary directory. Quitting." && return 1 DBDIR="${TEMPDIR}/db" SUBDBDIR="${DBDIR}/cn=temporary" mkdir "${DBDIR}" iferr "Could not create temporary configuration directory. Quitting." && return 1 cp -r --no-target-directory "${ORIGINAL}" "${SUBDBDIR}" iferr "Could not copy configuration. Quitting." && return 1 pushd "$TEMPDIR" >/dev/null cat > temp.conf <<EOF database ldif suffix cn=temporary directory db access to * by * manage EOF SOCKET="$(pwd)/socket" LISTENER="ldapi://${SOCKET//\//%2F}" CONN_PARAMS=("-Y" "EXTERNAL" "-H" "${LISTENER}") slapd -f temp.conf -h "$LISTENER" -d 0 >/dev/null 2>&1 & SLAPDPID="$!" sleep 2 ldapadd ${CONN_PARAMS[@]} -d 0 >/dev/null 2>&1 <<EOF dn: cn=temporary objectClass: olcGlobal cn: temporary EOF iferr "Could not populate the temporary database. Quitting." && return 1 ### update log "Update with new pwdMaxRecordedFailure attribute." FILTER="(&" FILTER+="(olcObjectClasses=*'pwdPolicy'*)" FILTER+="(!(olcObjectClasses=*'pwdPolicy'*'pwdMaxRecordedFailure'*))" FILTER+="(!(olcAttributeTypes=*'pwdMaxRecordedFailure'*))" FILTER+=")" RES=$(ldapsearch ${CONN_PARAMS[@]} \ -b cn=schema,cn=config,cn=temporary \ -LLL \ -o ldif-wrap=no \ "$FILTER" \ dn olcObjectClasses \ 2>/dev/null \ | sed '/^$/d') DN=$(printf "$RES" | grep '^dn:') OC=$(printf "$RES" | grep "^olcObjectClasses:.*'pwdPolicy'") NEWOC="${OC//$ pwdSafeModify /$ pwdSafeModify $ pwdMaxRecordedFailure }" test $(echo "$DN" | wc -l) = 1 iferr "Received more than one DN. Cannot continue. Quitting." && return 1 test "$NEWOC" != "$OC" iferr "Updating pwdPolicy objectClass definition failed. Quitting." && return 1 ldapmodify ${CONN_PARAMS[@]} -d 0 >/dev/null 2>&1 <<EOF $DN changetype: modify add: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailur e' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) - delete: olcObjectClasses $OC - add: olcObjectClasses $NEWOC EOF iferr "Updating with new attribute failed. Quitting." && return 1 popd >/dev/null ### apply log "Apply changes." cp -r --no-target-directory "$ORIGINAL" "$ORIGINAL~backup" iferr "Backing up old configuration failed. Quitting." && return 1 cp -r --no-target-directory "$SUBDBDIR" "$ORIGINAL" iferr "Applying new configuration failed. Quitting." && return 1 ### clean up log "Clean up." kill "$SLAPDPID" SLAPDPID= rm -rf "$TEMPDIR" TEMPDIR= } SLAPDPID= TEMPDIR= update "$1" if [ $? -ne 0 ]; then log "Clean up." echo "$SLAPDPID" echo "$TEMPDIR" kill "$SLAPDPID" rm -rf "$TEMPDIR" fi log "Finished."