2017-01-05 12:41:08 +02:00
|
|
|
#
|
|
|
|
|
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
This module contains default Debian-specific implementations of system tasks.
|
|
|
|
|
"""
|
|
|
|
|
|
2018-04-05 09:21:16 +02:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
|
2017-01-05 12:41:08 +02:00
|
|
|
from ipaplatform.base.tasks import BaseTaskNamespace
|
|
|
|
|
from ipaplatform.redhat.tasks import RedHatTaskNamespace
|
2019-05-23 10:45:26 -04:00
|
|
|
from ipaplatform.paths import paths
|
2017-01-05 12:41:08 +02:00
|
|
|
|
2019-05-23 10:45:26 -04:00
|
|
|
from ipapython import directivesetter
|
2018-05-21 14:06:59 +03:00
|
|
|
from ipapython import ipautil
|
2017-01-05 12:41:08 +02:00
|
|
|
|
|
|
|
|
class DebianTaskNamespace(RedHatTaskNamespace):
|
|
|
|
|
@staticmethod
|
|
|
|
|
def restore_pre_ipa_client_configuration(fstore, statestore,
|
|
|
|
|
was_sssd_installed,
|
|
|
|
|
was_sssd_configured):
|
2018-05-21 14:06:59 +03:00
|
|
|
try:
|
|
|
|
|
ipautil.run(["pam-auth-update",
|
|
|
|
|
"--package", "--remove", "mkhomedir"])
|
|
|
|
|
except ipautil.CalledProcessError:
|
|
|
|
|
return False
|
2017-01-05 12:41:08 +02:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def set_nisdomain(nisdomain):
|
|
|
|
|
# Debian doesn't use authconfig, nothing to set
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
2018-06-18 13:27:41 +02:00
|
|
|
def modify_nsswitch_pam_stack(sssd, mkhomedir, statestore, sudo=True):
|
2018-05-21 14:06:59 +03:00
|
|
|
if mkhomedir:
|
|
|
|
|
try:
|
|
|
|
|
ipautil.run(["pam-auth-update",
|
|
|
|
|
"--package", "--enable", "mkhomedir"])
|
|
|
|
|
except ipautil.CalledProcessError:
|
|
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
else:
|
|
|
|
|
return True
|
2017-01-05 12:41:08 +02:00
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def modify_pam_to_use_krb5(statestore):
|
|
|
|
|
# Debian doesn't use authconfig, this is handled by pam-auth-update
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def backup_auth_configuration(path):
|
|
|
|
|
# Debian doesn't use authconfig, nothing to backup
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def restore_auth_configuration(path):
|
|
|
|
|
# Debian doesn't use authconfig, nothing to restore
|
|
|
|
|
return True
|
|
|
|
|
|
2019-04-17 13:45:48 +02:00
|
|
|
def migrate_auth_configuration(self, statestore):
|
|
|
|
|
# Debian doesn't have authselect
|
|
|
|
|
return True
|
|
|
|
|
|
2017-01-05 12:41:08 +02:00
|
|
|
@staticmethod
|
|
|
|
|
def parse_ipa_version(version):
|
|
|
|
|
return BaseTaskNamespace.parse_ipa_version(version)
|
|
|
|
|
|
2018-02-06 10:05:49 +01:00
|
|
|
def configure_httpd_wsgi_conf(self):
|
|
|
|
|
# Debian doesn't require special mod_wsgi configuration
|
|
|
|
|
pass
|
|
|
|
|
|
2019-05-23 10:45:26 -04:00
|
|
|
def configure_httpd_protocol(self):
|
2019-07-01 10:41:23 +02:00
|
|
|
# TLS 1.3 is not yet supported
|
2019-05-23 10:45:26 -04:00
|
|
|
directivesetter.set_directive(paths.HTTPD_SSL_CONF,
|
|
|
|
|
'SSLProtocol',
|
2019-07-01 10:41:23 +02:00
|
|
|
'TLSv1.2', False)
|
2019-05-23 10:45:26 -04:00
|
|
|
|
2018-05-21 13:46:42 +03:00
|
|
|
def setup_httpd_logging(self):
|
|
|
|
|
# Debian handles httpd logging differently
|
|
|
|
|
pass
|
|
|
|
|
|
2019-04-24 13:13:45 +02:00
|
|
|
def configure_pkcs11_modules(self, fstore):
|
|
|
|
|
# Debian doesn't use p11-kit
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
def restore_pkcs11_modules(self, fstore):
|
|
|
|
|
pass
|
2018-02-06 10:05:49 +01:00
|
|
|
|
2017-01-05 12:41:08 +02:00
|
|
|
tasks = DebianTaskNamespace()
|
