Import Upstream version 4.12.4
This commit is contained in:
geos_one
@@ -101,7 +101,8 @@ class RedHatAuthSelect(RedHatAuthToolBase):
|
||||
features = output_items[1:]
|
||||
return profile, features
|
||||
|
||||
def configure(self, sssd, mkhomedir, statestore, sudo=True):
|
||||
def configure(self, sssd, mkhomedir, statestore, sudo=True,
|
||||
subid=False):
|
||||
# In the statestore, the following keys are used for the
|
||||
# 'authselect' module:
|
||||
# Old method:
|
||||
@@ -121,6 +122,8 @@ class RedHatAuthSelect(RedHatAuthToolBase):
|
||||
statestore.backup_state('authselect', 'mkhomedir', True)
|
||||
if sudo:
|
||||
cmd.append("with-sudo")
|
||||
if subid:
|
||||
cmd.append("with-subid")
|
||||
cmd.append("--force")
|
||||
cmd.append("--backup={}".format(backup_name))
|
||||
|
||||
@@ -129,7 +132,14 @@ class RedHatAuthSelect(RedHatAuthToolBase):
|
||||
def unconfigure(
|
||||
self, fstore, statestore, was_sssd_installed, was_sssd_configured
|
||||
):
|
||||
if not statestore.has_state('authselect') and was_sssd_installed:
|
||||
# If the installation failed before doing the authselect part
|
||||
# nothing to do here
|
||||
complete = statestore.get_state('installation', 'complete')
|
||||
if complete is not None and not complete and \
|
||||
not statestore.has_state('authselect'):
|
||||
return
|
||||
|
||||
if not statestore.has_state('authselect'):
|
||||
logger.warning(
|
||||
"WARNING: Unable to revert to the pre-installation state "
|
||||
"('authconfig' tool has been deprecated in favor of "
|
||||
|
||||
@@ -10,7 +10,10 @@ related constants for the Red Hat OS family-based systems.
|
||||
# Fallback to default path definitions
|
||||
from __future__ import absolute_import
|
||||
|
||||
from ipaplatform.base.constants import BaseConstantsNamespace
|
||||
from ipaplatform.base.constants import BaseConstantsNamespace, User, Group
|
||||
|
||||
|
||||
__all__ = ("constants", "User", "Group")
|
||||
|
||||
|
||||
class RedHatConstantsNamespace(BaseConstantsNamespace):
|
||||
|
||||
@@ -31,6 +31,9 @@ from ipaplatform.base.paths import BasePathNamespace
|
||||
|
||||
|
||||
class RedHatPathNamespace(BasePathNamespace):
|
||||
CRYPTO_POLICY_OPENSSLCNF_FILE = (
|
||||
'/etc/crypto-policies/back-ends/opensslcnf.config'
|
||||
)
|
||||
# https://docs.python.org/2/library/platform.html#cross-platform
|
||||
if sys.maxsize > 2**32:
|
||||
LIBSOFTHSM2_SO = BasePathNamespace.LIBSOFTHSM2_SO_64
|
||||
|
||||
@@ -68,6 +68,7 @@ redhat_system_units['ipa-dnskeysyncd'] = 'ipa-dnskeysyncd.service'
|
||||
redhat_system_units['named-regular'] = 'named.service'
|
||||
redhat_system_units['named-pkcs11'] = 'named-pkcs11.service'
|
||||
redhat_system_units['named'] = redhat_system_units['named-pkcs11']
|
||||
redhat_system_units['named-conflict'] = redhat_system_units['named-regular']
|
||||
redhat_system_units['ods-enforcerd'] = 'ods-enforcerd.service'
|
||||
redhat_system_units['ods_enforcerd'] = redhat_system_units['ods-enforcerd']
|
||||
redhat_system_units['ods-signerd'] = 'ods-signerd.service'
|
||||
|
||||
@@ -56,7 +56,7 @@ logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
# /etc/pkcs11/modules override
|
||||
# base filen ame, module, list of disabled-in
|
||||
# base filename, module, list of disabled-in
|
||||
# 'p11-kit-proxy' disables proxying of module, see man(5) pkcs11.conf
|
||||
PKCS11_MODULES = [
|
||||
('softhsm2', paths.LIBSOFTHSM2_SO, ['p11-kit-proxy']),
|
||||
@@ -245,9 +245,9 @@ class RedHatTaskNamespace(BaseTaskNamespace):
|
||||
f.writelines(content)
|
||||
|
||||
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore,
|
||||
sudo=True):
|
||||
sudo=True, subid=False):
|
||||
auth_config = get_auth_tool()
|
||||
auth_config.configure(sssd, mkhomedir, statestore, sudo)
|
||||
auth_config.configure(sssd, mkhomedir, statestore, sudo, subid)
|
||||
|
||||
def is_nosssd_supported(self):
|
||||
# The flag --no-sssd is not supported any more for rhel-based distros
|
||||
@@ -513,15 +513,15 @@ class RedHatTaskNamespace(BaseTaskNamespace):
|
||||
"""Tell systemd to reload config files"""
|
||||
ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"])
|
||||
|
||||
def configure_http_gssproxy_conf(self, ipaapi_user):
|
||||
def configure_http_gssproxy_conf(self, ipauser):
|
||||
ipautil.copy_template_file(
|
||||
os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'),
|
||||
paths.GSSPROXY_CONF,
|
||||
dict(
|
||||
HTTP_KEYTAB=paths.HTTP_KEYTAB,
|
||||
HTTP_CCACHE=paths.HTTP_CCACHE,
|
||||
HTTPD_USER=constants.HTTPD_USER,
|
||||
IPAAPI_USER=ipaapi_user,
|
||||
IPAAPI_USER=ipauser,
|
||||
SWEEPER_SOCKET=paths.IPA_CCACHE_SWEEPER_GSSPROXY_SOCK,
|
||||
)
|
||||
)
|
||||
|
||||
@@ -756,16 +756,8 @@ class RedHatTaskNamespace(BaseTaskNamespace):
|
||||
"{}.module".format(name))
|
||||
for name, _module, _disabled in PKCS11_MODULES)
|
||||
|
||||
def enable_ldap_automount(self, statestore):
|
||||
"""
|
||||
Point automount to ldap in nsswitch.conf.
|
||||
This function is for non-SSSD setups only.
|
||||
"""
|
||||
super(RedHatTaskNamespace, self).enable_ldap_automount(statestore)
|
||||
|
||||
authselect_cmd = [paths.AUTHSELECT, "enable-feature",
|
||||
"with-custom-automount"]
|
||||
ipautil.run(authselect_cmd)
|
||||
def enable_sssd_sudo(self, _fstore):
|
||||
"""sudo enablement is handled by authselect"""
|
||||
|
||||
def disable_ldap_automount(self, statestore):
|
||||
"""Disable ldap-based automount"""
|
||||
@@ -773,6 +765,12 @@ class RedHatTaskNamespace(BaseTaskNamespace):
|
||||
|
||||
authselect_cmd = [paths.AUTHSELECT, "disable-feature",
|
||||
"with-custom-automount"]
|
||||
ipautil.run(authselect_cmd)
|
||||
try:
|
||||
ipautil.run(authselect_cmd)
|
||||
except ipautil.CalledProcessError:
|
||||
logger.info("Unable to disable with-custom-automount feature")
|
||||
logger.info("It may happen if the configuration was done "
|
||||
"using authconfig instead of authselect")
|
||||
|
||||
|
||||
tasks = RedHatTaskNamespace()
|
||||
|
||||
Reference in New Issue
Block a user