From 3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <frenaud@redhat.com>
Date: Mon, 27 Jun 2016 10:23:14 +0200
Subject: Do not allow installation in FIPS mode

https://fedorahosted.org/freeipa/ticket/5761

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 install/tools/ipactl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'install/tools')

diff --git a/install/tools/ipactl b/install/tools/ipactl
index 547b21d87..e6a1b5a22 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -31,7 +31,8 @@ from ipaserver.install.dsinstance import config_dirname
 from ipaserver.install.installutils import is_ipa_configured, ScriptError
 from ipalib import api, errors
 from ipapython.ipaldap import IPAdmin
-from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
+from ipapython.ipautil import (
+    wait_for_open_ports, wait_for_open_socket, is_fips_enabled)
 from ipapython import config
 from ipaplatform.tasks import tasks
 from ipapython.dn import DN
@@ -545,6 +546,9 @@ def main():
     elif args[0] != "start" and args[0] != "stop" and args[0] != "restart" and args[0] != "status":
         raise IpactlError("Unrecognized action [" + args[0] + "]", 2)
 
+    if is_fips_enabled():
+        raise IpactlError("Starting IPA server in FIPS mode is not supported")
+
     # check if IPA is configured at all
     try:
         check_IPA_configuration()
-- 
cgit