File 1006-add-opensuse-leap-ipaplatform.patch of Package freeipa
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 7875d6fe2..729a66a62 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -462,6 +462,7 @@ class BasePathNamespace:
IPA_CCACHE_SWEEPER_GSSPROXY_SOCK = (
"/var/lib/gssproxy/ipa_ccache_sweeper.sock"
)
+ PAM_CONFIG = None
def check_paths(self):
"""Check paths for missing files
diff --git a/ipaplatform/suse/paths.py b/ipaplatform/suse/paths.py
index 5abcf8c30..cf0fe6a9f 100644
--- a/ipaplatform/suse/paths.py
+++ b/ipaplatform/suse/paths.py
@@ -86,7 +86,7 @@ class SusePathNamespace(BasePathNamespace):
KDESTROY = "/usr/lib/mit/bin/kdestroy"
BIN_KVNO = "/usr/lib/mit/bin/kvno"
UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
- AUTHSELECT = "/usr/bin/authselect"
+ PAM_CONFIG = "/usr/sbin/pam-config"
paths = SusePathNamespace()
diff --git a/ipaplatform/suse/services.py b/ipaplatform/suse/services.py
index df11dd741..3c3c44d15 100644
--- a/ipaplatform/suse/services.py
+++ b/ipaplatform/suse/services.py
@@ -17,7 +17,6 @@ suse_system_units = dict(
(x, "%s.service" % x) for x in base_services.wellknownservices
)
suse_system_units["httpd"] = "apache2.service"
-
suse_system_units["dirsrv"] = "dirsrv@.service"
suse_system_units["pki-tomcatd"] = "pki-tomcatd@pki-tomcat.service"
suse_system_units["pki_tomcatd"] = suse_system_units["pki-tomcatd"]
@@ -163,9 +162,25 @@ class SuseCAService(SuseService):
return False
+# For services which have no SUSE counterpart
+class SuseNoService(base_services.PlatformService):
+ def start(self):
+ pass
+
+ def stop(self):
+ pass
+
+ def restart(self):
+ pass
+
+ def disable(self):
+ pass
+
def suse_service_class_factory(name, api):
if name == "dirsrv":
return SuseDirectoryService(name, api)
+ if name == 'domainname':
+ return SuseNoService(name, api)
if name == "ipa":
return SuseIPAService(name, api)
if name in ("pki-tomcatd", "pki_tomcatd"):
@@ -189,6 +204,6 @@ class SuseServices(base_services.KnownServices):
super().__init__(services)
-timedate_services = ["ntpd"]
+timedate_services = base_services.timedate_services
service = suse_service_class_factory
knownservices = SuseServices()
diff --git a/ipaplatform/suse/tasks.py b/ipaplatform/suse/tasks.py
index 3885c2600..d0b74f56a 100644
--- a/ipaplatform/suse/tasks.py
+++ b/ipaplatform/suse/tasks.py
@@ -10,7 +10,9 @@ system tasks.
import logging
from ipaplatform.paths import paths
+from ipaplatform.base.tasks import BaseTaskNamespace as BaseTask
from ipaplatform.redhat.tasks import RedHatTaskNamespace
+from ipapython import ipautil
logger = logging.getLogger(__name__)
@@ -42,5 +44,80 @@ class SuseTaskNamespace(RedHatTaskNamespace):
def set_selinux_booleans(self, required_settings, backup_func=None):
return False # FIXME: Implement after libexec move
+ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore,
+ sudo=True):
+ # pylint: disable=ipa-forbidden-import
+ from ipalib import sysrestore # FixMe: break import cycle
+ # pylint: enable=ipa-forbidden-import
+ fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
+ logger.debug('Enabling SSSD in nsswitch')
+ BaseTask.configure_nsswitch_database(self, fstore, 'group',
+ ['sss'], default_value=['compat'])
+ BaseTask.configure_nsswitch_database(self, fstore, 'passwd',
+ ['sss'], default_value=['compat'])
+ BaseTask.configure_nsswitch_database(self, fstore, 'shadow',
+ ['sss'], default_value=['compat'])
+ BaseTask.configure_nsswitch_database(self, fstore, 'netgroup',
+ ['files','sss'], preserve=False,
+ default_value=['files','nis'])
+ BaseTask.configure_nsswitch_database(self, fstore, 'automount',
+ ['files','sss'], preserve=False,
+ default_value=['files','nis'])
+ if sudo:
+ BaseTask.enable_sssd_sudo(self,fstore)
+ logger.debug('Enabling sss in PAM')
+ try:
+ ipautil.run([paths.PAM_CONFIG, '--add', '--sss'])
+ if mkhomedir:
+ logger.debug('Enabling mkhomedir in PAM')
+ try:
+ ipautil.run([paths.PAM_CONFIG, '--add', '--mkhomedir',
+ '--mkhomedir-umask=0077'])
+ except ipautil.CalledProcessError:
+ logger.debug('Failed to configure PAM mkhomedir')
+ return False
+ except ipautil.CalledProcessError:
+ logger.debug('Failed to configure PAM to use SSSD')
+ return False
+ return True
+
+ def restore_pre_ipa_client_configuration(self, fstore, statestore,
+ was_sssd_installed,
+ was_sssd_configured):
+ if fstore.has_file(paths.NSSWITCH_CONF):
+ logger.debug('Restoring nsswitch from fstore')
+ fstore.restore_file(paths.NSSWITCH_CONF)
+ else:
+ logger.info('nsswitch not restored')
+ return False
+ try:
+ logger.debug('Removing sssd from PAM')
+ ipautil.run([paths.PAM_CONFIG, '--delete', '--mkhomedir'])
+ ipautil.run([paths.PAM_CONFIG, '--delete', '--sss'])
+ logger.debug('Removing sssd from PAM successed')
+ except ipautil.CalledProcessError:
+ logger.debug('Faled to remove sssd from PAM')
+ return False
+ return True
+
+ def disable_ldap_automount(self, statestore):
+ # SUSE does not use authconfig or authselect
+ return BaseTask.disable_ldap_automount(self, statestore)
+
+ def modify_pam_to_use_krb5(self, statestore):
+ # SUSE doesn't use authconfig, this is handled by pam-config
+ return True
+
+ def backup_auth_configuration(self, path):
+ # SUSE doesn't use authconfig, nothing to backup
+ return True
+
+ def restore_auth_configuration(self, path):
+ # SUSE doesn't use authconfig, nothing to restore
+ return True
+
+ def migrate_auth_configuration(self, statestore):
+ # SUSE doesn't have authselect
+ return True
tasks = SuseTaskNamespace()
