#!/bin/sh

[0] Fix | Delete

#

[1] Fix | Delete

# Turns on or off the nss-sysinit module db by editing the

[2] Fix | Delete

# global PKCS #11 congiguration file. Displays the status.

[3] Fix | Delete

#

[4] Fix | Delete

# This script can be invoked by the user as super user.

[5] Fix | Delete

# It is invoked at nss-sysinit post install time with argument on.

[6] Fix | Delete

#

[7] Fix | Delete

usage()

[8] Fix | Delete

{

[9] Fix | Delete

cat <<EOF

[10] Fix | Delete

Usage: setup-nsssysinit [on|off]

[11] Fix | Delete

on - turns on nsssysinit

[12] Fix | Delete

off - turns off nsssysinit

[13] Fix | Delete

status - reports whether nsssysinit is turned on or off

[14] Fix | Delete

EOF

[15] Fix | Delete

exit $1

[16] Fix | Delete

}

[17] Fix | Delete

[18] Fix | Delete

# validate

[19] Fix | Delete

if [ $# -eq 0 ]; then

[20] Fix | Delete

usage 1 1>&2

[21] Fix | Delete

fi

[22] Fix | Delete

[23] Fix | Delete

# the system-wide configuration file

[24] Fix | Delete

p11conf="/etc/pki/nssdb/pkcs11.txt"

[25] Fix | Delete

# must exist, otherwise report it and exit with failure

[26] Fix | Delete

if [ ! -f $p11conf ]; then

[27] Fix | Delete

echo "Could not find ${p11conf}"

[28] Fix | Delete

exit 1

[29] Fix | Delete

fi

[30] Fix | Delete

[31] Fix | Delete

# check if nsssysinit is currently enabled or disabled

[32] Fix | Delete

sysinit_enabled()

[33] Fix | Delete

{

[34] Fix | Delete

grep -q '^library=libnsssysinit' ${p11conf}

[35] Fix | Delete

}

[36] Fix | Delete

[37] Fix | Delete

umask 022

[38] Fix | Delete

case "$1" in

[39] Fix | Delete

on | ON )

[40] Fix | Delete

if sysinit_enabled; then

[41] Fix | Delete

exit 0

[42] Fix | Delete

fi

[43] Fix | Delete

cat ${p11conf} | \

[44] Fix | Delete

sed -e 's/^library=$/library=libnsssysinit.so/' \

[45] Fix | Delete

-e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \

[46] Fix | Delete

${p11conf}.on

[47] Fix | Delete

mv ${p11conf}.on ${p11conf}

[48] Fix | Delete

;;

[49] Fix | Delete

off | OFF )

[50] Fix | Delete

if ! sysinit_enabled; then

[51] Fix | Delete

exit 0

[52] Fix | Delete

fi

[53] Fix | Delete

cat ${p11conf} | \

[54] Fix | Delete

sed -e 's/^library=libnsssysinit.so/library=/' \

[55] Fix | Delete

-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \

[56] Fix | Delete

${p11conf}.off

[57] Fix | Delete

mv ${p11conf}.off ${p11conf}

[58] Fix | Delete

;;

[59] Fix | Delete

status )

[60] Fix | Delete

echo -n 'NSS sysinit is '

[61] Fix | Delete

sysinit_enabled && echo 'enabled' || echo 'disabled'

[62] Fix | Delete

;;

[63] Fix | Delete

* )

[64] Fix | Delete

usage 1 1>&2

[65] Fix | Delete

;;

[66] Fix | Delete

esac

[67] Fix | Delete

[68] Fix | Delete