#!/bin/sh
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2016 Red Hat, Inc.
#
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# END COPYRIGHT BLOCK

# Systemd has not fixed the issue at https://bugzilla.redhat.com/show_bug.cgi?id=1322167
# As a result, we need a way to fix the permissions as we start.
# We have to reset these each time, as this folder is on a tmpfs.
# If we don't do this, we can't prompt for the password!
# If you want this script to go away, fix the bugzilla so we don't need it!

# Make sure we have the path to the dse.ldif
if [ -z $1 ]
then
    echo "usage: ${0} /etc/dirsrv/slapd-<instance>/dse.ldif"
    exit 1
fi

# Grep the user out

DS_USER=`grep 'nsslapd-localuser: ' $1 | awk '{print $2}'`

# Now apply the acl

if [ -d /var/run/systemd/ask-password ]
then
    setfacl -m u:${DS_USER}:rwx /var/run/systemd/ask-password
fi

