#!/bin/sh

# Check that debian-admin is in /etc/aliases for root.
# Peter Palfrader, 2008

#my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );

set -e
err=0

log() {
	if [ "$0" = "ok" ] && [ "$err" = 0 ]; then
		err=0
	elif [ "$1" = "warn" ] && [ "$err" -lt 1 ]; then
		err=1
	elif [ "$1" = "critical" ] && [ "$err" -lt 2 ]; then
		err=2
	elif [ "$1" = "unknown" ] && [ "$err" = 0 ]; then
		err=3
	fi
	if [ "`eval echo \\$$1`" = "" ]; then
		eval $1="\"$2\""
	else
		eval $1="\"`eval echo \\$$1`; $2\""
	fi
}


check_aliases() {
	if ! [ -e /etc/aliases ]; then
		log unknown "/etc/aliases not found"
		return
	fi

	if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
		log ok "debian-admin found in aliases"
		return
	fi

	log warn "debian-admin not found in root entry in aliases"
}

check_ldap_conf() {
	if ! [ -e /etc/ldap/ldap.conf ]; then
		log unknown "/etc/ldap/ldap.conf not found"
		return
	fi

	if egrep '^URI.*ldap://db.debian.org' /etc/ldap/ldap.conf > /dev/null &&
	   egrep '^BASE.*dc=debian,dc=org' /etc/ldap/ldap.conf > /dev/null &&
	   egrep '^TLS_CACERT.*/etc/ssl/certs/spi-cacert-2008.pem' /etc/ldap/ldap.conf > /dev/null &&
	   egrep '^TLS_REQCERT.*hard' /etc/ldap/ldap.conf > /dev/null ; then
		log ok "ldap.conf configured properly"
		return
	fi

	log warn "ldap.conf does not have URI, BASE, TLS_CACERT, TLS_REQCERT all configured correctly"
}

check_aliases
check_ldap_conf

[ "$critical" = "" ] || echo -n "Critical: $critical; "
[ "$warn" = "" ] || echo -n "Warning: $warn; "
[ "$unknown" = "" ] || echo -n "Unknown: $unknown; "
[ "$ok" = "" ] || echo -n "OK: $ok"
echo
exit $err