From b6c1f13f8ece15bf4a64c8985a5ae6f3bab14f4d Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Fri, 3 Nov 2006 19:09:57 +0000
Subject: Bug(s) fixed: 213786 Bug Description: upgrade install of ssl enabled
 servers changes file/dir permisssions from nobody to root Reviewed by: nhosoi
 (Thanks!) Fix Description: The ssloff and sslon operations change several
 files, by grep/sed to temp files, then moving the temp files over the
 original ones.  When done as root, this changes the file ownership to root
 from the original nobody.  In order to preserve the file/directory ownership,
 we first figure out the instance, then use the ownership of that dse.ldif
 file to determine the server user:group.  We have to do this before the call
 to SSLOff because SSLOff needs the user:group to chown the files.  Then,
 every time we create a new file and replace an existing one, we do a chown
 $user:$group to preserve the existing file ownership. Platforms tested: RHEL4
 Flag Day: no Doc impact: no

---
 ldap/cm/newinst/setup | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

(limited to 'ldap/cm/newinst')

diff --git a/ldap/cm/newinst/setup b/ldap/cm/newinst/setup
index ac2d39e2..cc38ce88 100755
--- a/ldap/cm/newinst/setup
+++ b/ldap/cm/newinst/setup
@@ -157,6 +157,10 @@ inffile=
 tmpinffile=
 nextisinffile=
 keepinffile=
+# set by user or from existing files during upgrade
+user=
+# set by user or from existing files during upgrade
+group=
 for arg in "$@" ; do
 	if [ "$arg" = "-s" ]; then
 		silent=1
@@ -227,6 +231,7 @@ adminSSLOff() {
 			echo $conffile=$security >> $tmpfile
 			cat $conffile | sed -e "s/^\($security\) .*/\1 off/g" > $conffile.01
 			mv $conffile.01 $conffile
+			chown $user:$group $conffile
 			echo "$conffile: SSL off ..."
 		fi
 	fi
@@ -248,6 +253,7 @@ adminXmlSSLOff() {
 			echo $conffile=$confparam >> $tmpfile
 			cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"off\"/g" > $conffile.0
 			mv $conffile.0 $conffile
+			chown $user:$group $conffile
 			echo "$conffile: SSL off ..."
 		fi
 		sslparams0=`grep -i "<.*SSLPARAMS " $conffile`
@@ -263,6 +269,7 @@ echo adminXmlSSLOff: SSLPARAMS off
 			sslparams=`echo $sslparams1 | sed -e 's/\"/\\\\\"/g'`
 			cat $conffile | sed -e "s/\($sslparams\)/\<\!-- \1 --\>/g" > $conffile.1
 			mv $conffile.1 $conffile
+			chown $user:$group $conffile
 		fi
 	fi
 }
@@ -282,6 +289,7 @@ SSLOff() {
 				$dir/stop-slapd
 				cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 off/g" > $dir/config/dse.ldif.0
 				mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+				chown $user:$group $dir/config/dse.ldif
 				echo "$dir/config/dse.ldif: SSL off ..."
 			fi
 		fi
@@ -308,6 +316,7 @@ adminSSLOn() {
 	if [ -f $conffile ]; then
 		cat $conffile | sed -e "s/^\($confparam\) .*/\1 on/g" > $conffile.00
 		mv $conffile.00 $conffile
+		chown $user:$group $conffile
 		echo "$conffile $confparam: SSL on ..."
 	fi
 }
@@ -317,6 +326,7 @@ adminXmlSSLOn() {
 	if [ -f $conffile ]; then
 		cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"on\"/g" > $conffile.2
 		mv $conffile.2 $conffile
+		chown $user:$group $conffile
 	fi
 	grep -i "<.*SSLPARAMS " $conffile > /dev/null 2>&1
 	rval=$?
@@ -324,6 +334,7 @@ adminXmlSSLOn() {
 	then
 		cat $conffile | sed -e "s/<\!-- *$sslparams *-->/$sslparams/g" > $conffile.3
 		mv $conffile.3 $conffile
+		chown $user:$group $conffile
 	fi
 	echo "$conffile: SSL on ..."
 }
@@ -336,6 +347,7 @@ SSLOn() {
 				$dir/stop-slapd
 				cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0
 				mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+				chown $user:$group $dir/config/dse.ldif
 				echo "$dir/config/dse.ldif: SSL on ..."
 				echo "Restarting Directory Server: $dir/start-slapd"
 				$dir/start-slapd
@@ -370,9 +382,14 @@ SSLOn() {
 
 # check whether it is an in-place installation
 if [ -f $sroot/admin-serv/config/adm.conf ]; then
+	dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
+	if [ -f $sroot/$dsinst/config/dse.ldif ]; then
+		user=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
+		group=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
+    fi
+
 	SSLOff
 
-	dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
 	if [ -f $sroot/$dsinst/config/dse.ldif ]; then
 		# it is an in=place installation
 		ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"`
@@ -380,8 +397,6 @@ if [ -f $sroot/admin-serv/config/adm.conf ]; then
 		adminport=`getValFromAdminConf "\<port:" "adm.conf"`
 		adminid=`getValFromAdmpw "admpw"`
 		sysuser=`getValFromAdminConf "nsSuiteSpotUser:" "local.conf"`
-		suitespotuser=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
-		suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
 		admindomain=`echo $ldaphost | awk -F. '{print $5 ? $2 "." $3 "." $4 "." $5: $4 ? $2 "." $3 "." $4 : $3 ? $2 "." $3 : $2 ? $2 : ""}'`
 		if [ "$admindomain" = "" ]; then
 			admindomain=`domainname`
@@ -405,8 +420,8 @@ if [ -f $sroot/admin-serv/config/adm.conf ]; then
 		inffile=$sroot/setup/myinstall.inf
 		echo "[General]" > $inffile
 		echo "FullMachineName=   $ldaphost" >> $inffile
-		echo "SuiteSpotUserID=   $suitespotuser" >> $inffile
-		echo "SuitespotGroup=   $suitespotgroup" >> $inffile
+		echo "SuiteSpotUserID=   $user" >> $inffile
+		echo "SuitespotGroup=   $group" >> $inffile
 		echo "ServerRoot=   $sroot" >> $inffile
 		echo "ConfigDirectoryLdapURL=   ldap://$ldaphost:$ldapport/o=NetscapeRoot" >> $inffile
 		echo "ConfigDirectoryAdminID=   $adminid" >> $inffile
-- 
cgit