diff options
author | Florence Blanc-Renaud <frenaud@redhat.com> | 2016-06-27 10:23:14 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-29 16:17:27 +0200 |
commit | 3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271 (patch) | |
tree | 0c01a8d4c49a40aa8643ebef05423653cd6901f2 /ipapython | |
parent | d7898ac2eb3b9d7b0e24579c9d8ea2f541f55268 (diff) | |
download | freeipa-3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271.tar.gz freeipa-3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271.tar.xz freeipa-3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271.zip |
Do not allow installation in FIPS mode
https://fedorahosted.org/freeipa/ticket/5761
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipapython')
-rw-r--r-- | ipapython/ipautil.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 34e05d366..c7e20c510 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1428,3 +1428,22 @@ if six.PY2: type(value).__name__)) else: fsdecode = os.fsdecode #pylint: disable=no-member + + +def is_fips_enabled(): + """ + Checks whether this host is FIPS-enabled. + + Returns a boolean indicating if the host is FIPS-enabled, i.e. if the + file /proc/sys/crypto/fips_enabled contains a non-0 value. Otherwise, + or if the file /proc/sys/crypto/fips_enabled does not exist, + the function returns False. + """ + try: + with open(paths.PROC_FIPS_ENABLED, 'r') as f: + if f.read().strip() != '0': + return True + except IOError: + # Consider that the host is not fips-enabled if the file does not exist + pass + return False |