ipa-client-automount: always restore nsswitch.conf at uninstall time

ipa-client-automount used to only restore nsswitch.conf when sssd was not used. However authselect's default profile is now sssd so always restore nsswitch.conf's automount configuration to 'files sssd'. Note that the behavior seen before commit: a0e846f56c8de3b549d1d284087131da13135e34 would always restore nsswitch.conf to the previous state which in some cases was wrong. Fixes: https://pagure.io/freeipa/issue/8038 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: François Cami <fcami@redhat.com> 2019-08-14 21:47:31 +0200
committer: Rob Crittenden <rcritten@redhat.com> 2019-08-28 22:15:50 -0400
commit: b27ad6e9f956a2485eee09b647b45c4901a1f928 (patch)
tree: fb32b6bff65c82a5de417709215f707454c01dd7 /ipaclient
parent: 405dcc6becfca504dce7e06c6f0849a9c06df4c6 (diff)
download: freeipa-b27ad6e9f956a2485eee09b647b45c4901a1f928.tar.gz
freeipa-b27ad6e9f956a2485eee09b647b45c4901a1f928.tar.xz
freeipa-b27ad6e9f956a2485eee09b647b45c4901a1f928.zip
1 files changed, 54 insertions, 15 deletions
diff --git a/ipaclient/install/ipa_client_automount.py b/ipaclient/install/ipa_client_automount.py
index fa07598e6..a1dc2a18c 100644
--- a/ipaclient/install/ipa_client_automount.py
+++ b/ipaclient/install/ipa_client_automount.py
@@ -177,18 +177,30 @@ def configure_xml(fstore):
         print("Configured %s" % authconf)
 
 
-def configure_nsswitch(fstore, options):
+def configure_nsswitch(statestore, options):
     """
-    Point automount to ldap in nsswitch.conf. This function is for non-SSSD
-    setups only
+    Point automount to ldap in nsswitch.conf.
+    This function is for non-SSSD setups only.
     """
-    fstore.backup_file(paths.NSSWITCH_CONF)
-
     conf = ipachangeconf.IPAChangeConf("IPA Installer")
     conf.setOptionAssignment(':')
 
-    nss_value = ' files ldap'
+    with open(paths.NSSWITCH_CONF, 'r') as f:
+        current_opts = conf.parse(f)
+        current_nss_value = conf.findOpts(
+            current_opts, name='automount', type='option'
+        )[1]
+        if current_nss_value is None:
+            # no automount database present
+            current_nss_value = False  # None cannot be backed up
+        else:
+            current_nss_value = current_nss_value['value']
+        statestore.backup_state(
+            'ipa-client-automount-nsswitch', 'previous-automount',
+            current_nss_value
+        )
 
+    nss_value = ' files ldap'
     opts = [
         {
             'name': 'automount',
@@ -198,7 +210,6 @@ def configure_nsswitch(fstore, options):
         },
         {'name': 'empty', 'type': 'empty'},
     ]
-
     conf.changeConf(paths.NSSWITCH_CONF, opts)
 
     print("Configured %s" % paths.NSSWITCH_CONF)
@@ -322,19 +333,47 @@ def configure_autofs_common(fstore, statestore, options):
 def uninstall(fstore, statestore):
     RESTORE_FILES = [
         paths.SYSCONFIG_AUTOFS,
-        paths.NSSWITCH_CONF,
         paths.AUTOFS_LDAP_AUTH_CONF,
         paths.SYSCONFIG_NFS,
         paths.IDMAPD_CONF,
     ]
     STATES = ['autofs', 'rpcidmapd', 'rpcgssd']
 
-    # automount only touches /etc/nsswitch.conf if LDAP is
-    # used. Don't restore it otherwise.
-    if statestore.get_state('authconfig', 'sssd') or (
-        statestore.get_state('authselect', 'profile') == 'sssd'
-    ):
-        RESTORE_FILES.remove(paths.NSSWITCH_CONF)
+    if statestore.get_state(
+        'ipa-client-automount-nsswitch', 'previous-automount'
+    ) is False:
+        # Previous nsswitch.conf had no automount database configured
+        # so remove it.
+        conf = ipachangeconf.IPAChangeConf("IPA automount installer")
+        conf.setOptionAssignment(':')
+        changes = [conf.rmOption('automount')]
+        conf.changeConf(paths.NSSWITCH_CONF, changes)
+        tasks.restore_context(paths.NSSWITCH_CONF)
+        statestore.delete_state(
+            'ipa-client-automount-nsswitch', 'previous-automount'
+        )
+    elif statestore.get_state(
+        'ipa-client-automount-nsswitch', 'previous-automount'
+    ) is not None:
+        nss_value = statestore.get_state(
+            'ipa-client-automount-nsswitch', 'previous-automount'
+        )
+        opts = [
+            {
+                'name': 'automount',
+                'type': 'option',
+                'action': 'set',
+                'value': nss_value,
+            },
+            {'name': 'empty', 'type': 'empty'},
+        ]
+        conf = ipachangeconf.IPAChangeConf("IPA automount installer")
+        conf.setOptionAssignment(':')
+        conf.changeConf(paths.NSSWITCH_CONF, opts)
+        tasks.restore_context(paths.NSSWITCH_CONF)
+        statestore.delete_state(
+            'ipa-client-automount-nsswitch', 'previous-automount'
+        )
 
     if not any(fstore.has_file(f) for f in RESTORE_FILES) or not any(
         statestore.has_state(s) for s in STATES
@@ -588,7 +627,7 @@ def configure_automount():
 
     try:
         if not options.sssd:
-            configure_nsswitch(fstore, options)
+            configure_nsswitch(statestore, options)
         configure_nfs(fstore, statestore, options)
         if options.sssd:
             configure_autofs_sssd(fstore, statestore, autodiscover, options)
author	François Cami <fcami@redhat.com>	2019-08-14 21:47:31 +0200
committer	Rob Crittenden <rcritten@redhat.com>	2019-08-28 22:15:50 -0400
commit	b27ad6e9f956a2485eee09b647b45c4901a1f928 (patch)
tree	fb32b6bff65c82a5de417709215f707454c01dd7 /ipaclient
parent	405dcc6becfca504dce7e06c6f0849a9c06df4c6 (diff)
download	freeipa-b27ad6e9f956a2485eee09b647b45c4901a1f928.tar.gz freeipa-b27ad6e9f956a2485eee09b647b45c4901a1f928.tar.xz freeipa-b27ad6e9f956a2485eee09b647b45c4901a1f928.zip