1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#
# Copyright (C) 2020 FreeIPA Contributors, see COPYING for license
#
"""
This module contains default SUSE OS family-specific implementations of
system tasks.
"""
import logging
from ipaplatform.paths import paths
from ipaplatform.base.tasks import BaseTaskNamespace as BaseTask
from ipaplatform.redhat.tasks import RedHatTaskNamespace
from ipapython import ipautil
logger = logging.getLogger(__name__)
class SuseTaskNamespace(RedHatTaskNamespace):
def restore_context(self, filepath, force=False):
pass # FIXME: Implement after libexec move
def check_selinux_status(self, restorecon=paths.RESTORECON):
pass # FIXME: Implement after libexec move
def set_nisdomain(self, nisdomain):
nis_variable = "NETCONFIG_NIS_STATIC_DOMAIN"
try:
with open(paths.SYSCONF_NETWORK, "r") as f:
content = [
line
for line in f
if not line.strip().upper().startswith(nis_variable)
]
except IOError:
content = []
content.append("{}={}\n".format(nis_variable, nisdomain))
with open(paths.SYSCONF_NETWORK, "w") as f:
f.writelines(content)
def set_selinux_booleans(self, required_settings, backup_func=None):
return False # FIXME: Implement after libexec move
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore,
sudo=True, subid=False):
# pylint: disable=ipa-forbidden-import
from ipalib import sysrestore # FixMe: break import cycle
# pylint: enable=ipa-forbidden-import
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
logger.debug('Enabling SSSD in nsswitch')
BaseTask.configure_nsswitch_database(self, fstore, 'group',
['sss'], default_value=['compat'])
BaseTask.configure_nsswitch_database(self, fstore, 'passwd',
['sss'], default_value=['compat'])
BaseTask.configure_nsswitch_database(self, fstore, 'shadow',
['sss'], default_value=['compat'])
BaseTask.configure_nsswitch_database(self, fstore, 'netgroup',
['files','sss'], preserve=False,
default_value=['files','nis'])
BaseTask.configure_nsswitch_database(self, fstore, 'automount',
['files','sss'], preserve=False,
default_value=['files','nis'])
if sudo:
BaseTask.enable_sssd_sudo(self,fstore)
logger.debug('Enabling sss in PAM')
try:
ipautil.run([paths.PAM_CONFIG, '--add', '--sss'])
if mkhomedir:
logger.debug('Enabling mkhomedir in PAM')
try:
ipautil.run([paths.PAM_CONFIG, '--add', '--mkhomedir',
'--mkhomedir-umask=0077'])
except ipautil.CalledProcessError:
logger.debug('Failed to configure PAM mkhomedir')
return False
except ipautil.CalledProcessError:
logger.debug('Failed to configure PAM to use SSSD')
return False
return True
def restore_pre_ipa_client_configuration(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
if fstore.has_file(paths.NSSWITCH_CONF):
logger.debug('Restoring nsswitch from fstore')
fstore.restore_file(paths.NSSWITCH_CONF)
else:
logger.info('nsswitch not restored')
return False
try:
logger.debug('Removing sssd from PAM')
ipautil.run([paths.PAM_CONFIG, '--delete', '--mkhomedir'])
ipautil.run([paths.PAM_CONFIG, '--delete', '--sss'])
logger.debug('Removing sssd from PAM successed')
except ipautil.CalledProcessError:
logger.debug('Faled to remove sssd from PAM')
return False
return True
def disable_ldap_automount(self, statestore):
# SUSE does not use authconfig or authselect
return BaseTask.disable_ldap_automount(self, statestore)
def modify_pam_to_use_krb5(self, statestore):
# SUSE doesn't use authconfig, this is handled by pam-config
return True
def backup_auth_configuration(self, path):
# SUSE doesn't use authconfig, nothing to backup
return True
def restore_auth_configuration(self, path):
# SUSE doesn't use authconfig, nothing to restore
return True
def migrate_auth_configuration(self, statestore):
# SUSE doesn't have authselect
return True
tasks = SuseTaskNamespace()
|
