diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-05-27 09:13:59 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-16 19:48:18 +0200 |
commit | 5f31f2d35f714880230c1a92a322c620e8708eb3 (patch) | |
tree | 200f71d434d8403df61d7c08b540e73f34897150 /ipaplatform/fedora/tasks.py | |
parent | 6a4cd8a4e33fba68c89d6046a98adb790c401041 (diff) | |
download | freeipa-5f31f2d35f714880230c1a92a322c620e8708eb3.tar.gz freeipa-5f31f2d35f714880230c1a92a322c620e8708eb3.tar.xz freeipa-5f31f2d35f714880230c1a92a322c620e8708eb3.zip |
ipaplatform: Do not require custom Authconfig implementations from platform modules
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaplatform/fedora/tasks.py')
-rw-r--r-- | ipaplatform/fedora/tasks.py | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py index 841b3d4e0..46fc08d70 100644 --- a/ipaplatform/fedora/tasks.py +++ b/ipaplatform/fedora/tasks.py @@ -25,6 +25,7 @@ This module contains default Fedora-specific implementations of system tasks. import os import ipautil +from ipaplatform.fedora.authconfig import FedoraAuthConfig from ipaplatform.base.tasks import * @@ -76,3 +77,67 @@ def check_selinux_status(restorecon='/sbin/restorecon'): raise RuntimeError('SELinux is enabled but %s does not exist.\n' 'Install the policycoreutils package and start the ' 'installation again.' % restorecon) + + +def restore_pre_ipa_client_configuration(fstore, statestore, + was_sssd_installed, + was_sssd_configured): + + auth_config = FedoraAuthConfig() + if statestore.has_state('authconfig'): + # disable only those configurations that we enabled during install + for conf in ('ldap', 'krb5', 'sssd', 'sssdauth', 'mkhomedir'): + cnf = statestore.restore_state('authconfig', conf) + # Do not disable sssd, as this can cause issues with its later + # uses. Remove it from statestore however, so that it becomes + # empty at the end of uninstall process. + if cnf and conf != 'sssd': + auth_config.disable(conf) + else: + # There was no authconfig status store + # It means the code was upgraded after original install + # Fall back to old logic + auth_config.disable("ldap") + auth_config.disable("krb5") + if not(was_sssd_installed and was_sssd_configured): + # Only disable sssdauth. Disabling sssd would cause issues + # with its later uses. + auth_config.disable("sssdauth") + auth_config.disable("mkhomedir") + + auth_config.execute() + + +def set_nisdomain(nisdomain): + # Let authconfig setup the permanent configuration + auth_config = FedoraAuthConfig() + auth_config.add_parameter("nisdomain", nisdomain) + auth_config.execute() + + +def modify_nsswitch_pam_stack(sssd, mkhomedir, statestore): + auth_config = FedoraAuthConfig() + + if sssd: + statestore.backup_state('authconfig', 'sssd', True) + statestore.backup_state('authconfig', 'sssdauth', True) + auth_config.enable("sssd") + auth_config.enable("sssdauth") + else: + statestore.backup_state('authconfig', 'ldap', True) + auth_config.enable("ldap") + auth_config.enable("forcelegacy") + + if mkhomedir: + statestore.backup_state('authconfig', 'mkhomedir', True) + auth_config.enable("mkhomedir") + + auth_config.execute() + + +def modify_pam_to_use_krb5(statestore): + auth_config = FedoraAuthConfig() + statestore.backup_state('authconfig', 'krb5', True) + auth_config.enable("krb5") + auth_config.add_option("nostart") + auth_config.execute() |