Suse compatibility fix

Removes authselect requirement for Suse
    Use Suse 'pam-config' to configure PAM
    Configures nsswitch.conf
    Removes domainname service since it does not exist on Suse

Fixes: https://pagure.io/freeipa/issue/9174
Signed-off-by: Matthew Davis github@virtual.drop.net
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

ipaplatform/base/paths.py

@@ -462,6 +462,7 @@ class BasePathNamespace:
     IPA_CCACHE_SWEEPER_GSSPROXY_SOCK = (
         "/var/lib/gssproxy/ipa_ccache_sweeper.sock"
     )
+    PAM_CONFIG = None
 
     def check_paths(self):
         """Check paths for missing files

ipaplatform/suse/paths.py

@@ -86,7 +86,7 @@ class SusePathNamespace(BasePathNamespace):
     KDESTROY = "/usr/lib/mit/bin/kdestroy"
     BIN_KVNO = "/usr/lib/mit/bin/kvno"
     UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
-    AUTHSELECT = "/usr/bin/authselect"
+    PAM_CONFIG = "/usr/sbin/pam-config"
 
 
 paths = SusePathNamespace()

ipaplatform/suse/services.py

@@ -17,7 +17,6 @@ suse_system_units = dict(
     (x, "%s.service" % x) for x in base_services.wellknownservices
 )
 suse_system_units["httpd"] = "apache2.service"
-
 suse_system_units["dirsrv"] = "dirsrv@.service"
 suse_system_units["pki-tomcatd"] = "pki-tomcatd@pki-tomcat.service"
 suse_system_units["pki_tomcatd"] = suse_system_units["pki-tomcatd"]
@@ -163,9 +162,25 @@ class SuseCAService(SuseService):
         return False
 
 
+# For services which have no SUSE counterpart
+class SuseNoService(base_services.PlatformService):
+    def start(self):
+        pass
+
+    def stop(self):
+        pass
+
+    def restart(self):
+        pass
+
+    def disable(self):
+        pass
+
 def suse_service_class_factory(name, api):
     if name == "dirsrv":
         return SuseDirectoryService(name, api)
+    if name == 'domainname':
+        return SuseNoService(name, api)
     if name == "ipa":
         return SuseIPAService(name, api)
     if name in ("pki-tomcatd", "pki_tomcatd"):
@@ -189,6 +204,6 @@ class SuseServices(base_services.KnownServices):
         super().__init__(services)
 
 
-timedate_services = ["ntpd"]
+timedate_services = base_services.timedate_services
 service = suse_service_class_factory
 knownservices = SuseServices()

ipaplatform/suse/tasks.py

@@ -10,7 +10,9 @@ system tasks.
 import logging
 
 from ipaplatform.paths import paths
+from ipaplatform.base.tasks import BaseTaskNamespace as BaseTask
 from ipaplatform.redhat.tasks import RedHatTaskNamespace
+from ipapython import ipautil
 
 logger = logging.getLogger(__name__)
 
@@ -42,5 +44,80 @@ class SuseTaskNamespace(RedHatTaskNamespace):
     def set_selinux_booleans(self, required_settings, backup_func=None):
         return False  # FIXME: Implement after libexec move
 
+    def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore,
+                                  sudo=True):
+        # pylint: disable=ipa-forbidden-import
+        from ipalib import sysrestore  # FixMe: break import cycle
+        # pylint: enable=ipa-forbidden-import
+        fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
+        logger.debug('Enabling SSSD in nsswitch')
+        BaseTask.configure_nsswitch_database(self, fstore, 'group',
+                                             ['sss'], default_value=['compat'])
+        BaseTask.configure_nsswitch_database(self, fstore, 'passwd',
+                                             ['sss'], default_value=['compat'])
+        BaseTask.configure_nsswitch_database(self, fstore, 'shadow',
+                                             ['sss'], default_value=['compat'])
+        BaseTask.configure_nsswitch_database(self, fstore, 'netgroup',
+                                             ['files','sss'], preserve=False,
+                                             default_value=['files','nis'])
+        BaseTask.configure_nsswitch_database(self, fstore, 'automount',
+                                             ['files','sss'], preserve=False,
+                                             default_value=['files','nis'])
+        if sudo:
+            BaseTask.enable_sssd_sudo(self,fstore)
+        logger.debug('Enabling sss in PAM')
+        try:
+            ipautil.run([paths.PAM_CONFIG, '--add', '--sss'])
+            if mkhomedir:
+                logger.debug('Enabling mkhomedir in PAM')
+                try:
+                    ipautil.run([paths.PAM_CONFIG, '--add', '--mkhomedir',
+                                 '--mkhomedir-umask=0077'])
+                except ipautil.CalledProcessError:
+                    logger.debug('Failed to configure PAM mkhomedir')
+                    return False
+        except ipautil.CalledProcessError:
+            logger.debug('Failed to configure PAM to use SSSD')
+            return False
+        return True
+
+    def restore_pre_ipa_client_configuration(self, fstore, statestore,
+                                             was_sssd_installed,
+                                             was_sssd_configured):
+        if fstore.has_file(paths.NSSWITCH_CONF):
+            logger.debug('Restoring nsswitch from fstore')
+            fstore.restore_file(paths.NSSWITCH_CONF)
+        else:
+            logger.info('nsswitch not restored')
+            return False
+        try:
+            logger.debug('Removing sssd from PAM')
+            ipautil.run([paths.PAM_CONFIG, '--delete', '--mkhomedir'])
+            ipautil.run([paths.PAM_CONFIG, '--delete', '--sss'])
+            logger.debug('Removing sssd from PAM successed')
+        except ipautil.CalledProcessError:
+            logger.debug('Faled to remove sssd from PAM')
+            return False
+        return True
+
+    def disable_ldap_automount(self, statestore):
+        # SUSE does not use authconfig or authselect
+        return BaseTask.disable_ldap_automount(self, statestore)
+
+    def modify_pam_to_use_krb5(self, statestore):
+        # SUSE doesn't use authconfig, this is handled by pam-config
+        return True
+
+    def backup_auth_configuration(self, path):
+        # SUSE doesn't use authconfig, nothing to backup
+        return True
+
+    def restore_auth_configuration(self, path):
+        # SUSE doesn't use authconfig, nothing to restore
+        return True
+
+    def migrate_auth_configuration(self, statestore):
+        # SUSE doesn't have authselect
+        return True
 
 tasks = SuseTaskNamespace()