ipautil: move is_fips_enabled() to ipaplatform.tasks

The FIPS setting is platform-specific. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-01-26 16:16:31 -06:00 · 2016-11-23 16:13:31 +01:00 · 2016-11-23 16:13:31 +01:00 · 75b70e3f0d
commit 75b70e3f0d
parent d911f49348
7 changed files with 28 additions and 28 deletions
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@ -31,8 +31,7 @@ from ipaserver.install.dsinstance import config_dirname
 from ipaserver.install.installutils import is_ipa_configured, ScriptError
 from ipalib import api, errors
 from ipapython.ipaldap import LDAPClient
-from ipapython.ipautil import (
-    wait_for_open_ports, wait_for_open_socket, is_fips_enabled)
+from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
 from ipapython import config
 from ipaplatform.tasks import tasks
 from ipapython.dn import DN
@ -544,7 +543,7 @@ def main():
    elif args[0] != "start" and args[0] != "stop" and args[0] != "restart" and args[0] != "status":
        raise IpactlError("Unrecognized action [" + args[0] + "]", 2)

-    if is_fips_enabled():
+    if tasks.is_fips_enabled():
        raise IpactlError("Starting IPA server in FIPS mode is not supported")

    # check if IPA is configured at all
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@ -67,7 +67,6 @@ from ipapython.ipautil import (
    CalledProcessError,
    dir_exists,
    file_exists,
-    is_fips_enabled,
    realm_to_suffix,
    run,
    user_input,
@ -1967,7 +1966,7 @@ def install_check(options):
            "You must be root to run ipa-client-install.",
            rval=CLIENT_INSTALL_ERROR)

-    if is_fips_enabled():
+    if tasks.is_fips_enabled():
        raise ScriptError(
            "Installing IPA client in FIPS mode is not supported",
            rval=CLIENT_INSTALL_ERROR)
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@ -249,3 +249,6 @@ class BaseTaskNamespace(object):
    def remove_httpd_service_ipa_conf(self):
        """Remove configuration of httpd service of IPA"""
        raise NotImplementedError()
+
+    def is_fips_enabled(self):
+        return False
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@ -478,4 +478,23 @@ class RedHatTaskNamespace(BaseTaskNamespace):
    def set_hostname(self, hostname):
        ipautil.run([paths.BIN_HOSTNAMECTL, 'set-hostname', hostname])

+    def is_fips_enabled(self):
+        """
+        Checks whether this host is FIPS-enabled.
+
+        Returns a boolean indicating if the host is FIPS-enabled, i.e. if the
+        file /proc/sys/crypto/fips_enabled contains a non-0 value. Otherwise,
+        or if the file /proc/sys/crypto/fips_enabled does not exist,
+        the function returns False.
+        """
+        try:
+            with open(paths.PROC_FIPS_ENABLED, 'r') as f:
+                if f.read().strip() != '0':
+                    return True
+        except IOError:
+            # Consider that the host is not fips-enabled if the file does not
+            # exist
+            pass
+        return False
+
 tasks = RedHatTaskNamespace()
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@ -1467,25 +1467,6 @@ else:
    fsdecode = os.fsdecode  #pylint: disable=no-member


-def is_fips_enabled():
-    """
-    Checks whether this host is FIPS-enabled.
-
-    Returns a boolean indicating if the host is FIPS-enabled, i.e. if the
-    file /proc/sys/crypto/fips_enabled contains a non-0 value. Otherwise,
-    or if the file /proc/sys/crypto/fips_enabled does not exist,
-    the function returns False.
-    """
-    try:
-        with open(paths.PROC_FIPS_ENABLED, 'r') as f:
-            if f.read().strip() != '0':
-                return True
-    except IOError:
-        # Consider that the host is not fips-enabled if the file does not exist
-        pass
-    return False
-
-
 def unescape_seq(seq, *args):
    """
    unescape (remove '\\') all occurences of sequence in input strings.
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@ -19,8 +19,7 @@ from ipapython import ipautil
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger
 from ipapython.ipautil import (
-    decrypt_file, format_netloc, ipa_generate_password, run, user_input,
-    is_fips_enabled)
+    decrypt_file, format_netloc, ipa_generate_password, run, user_input)
 from ipapython.admintool import ScriptError
 from ipaplatform import services
 from ipaplatform.paths import paths
@ -322,7 +321,7 @@ def install_check(installer):
    external_ca_file = installer._external_ca_file
    http_ca_cert = installer._ca_cert

-    if is_fips_enabled():
+    if tasks.is_fips_enabled():
        raise RuntimeError(
            "Installing IPA server in FIPS mode is not supported")

--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -520,7 +520,7 @@ def check_remote_version(api):


 def common_check(no_ntp):
-    if ipautil.is_fips_enabled():
+    if tasks.is_fips_enabled():
        raise RuntimeError(
            "Installing IPA server in FIPS mode is not supported")