ipa-client-automount: always restore nsswitch.conf at uninstall time

ipa-client-automount used to only restore nsswitch.conf when sssd was not used. However authselect's default profile is now sssd so always restore nsswitch.conf's automount configuration to 'files sssd'. Note that the behavior seen before commit: a0e846f56c would always restore nsswitch.conf to the previous state which in some cases was wrong. Fixes: https://pagure.io/freeipa/issue/8038 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2024-12-23 07:33:27 -06:00 · 2019-08-14 21:47:31 +02:00 · 2019-08-14 21:47:31 +02:00 · b27ad6e9f9
commit b27ad6e9f9
parent 405dcc6bec
1 changed files with 54 additions and 15 deletions
--- a/ipaclient/install/ipa_client_automount.py
+++ b/ipaclient/install/ipa_client_automount.py
@ -177,18 +177,30 @@ def configure_xml(fstore):
        print("Configured %s" % authconf)


-def configure_nsswitch(fstore, options):
+def configure_nsswitch(statestore, options):
    """
-    Point automount to ldap in nsswitch.conf. This function is for non-SSSD
-    setups only
+    Point automount to ldap in nsswitch.conf.
+    This function is for non-SSSD setups only.
    """
-    fstore.backup_file(paths.NSSWITCH_CONF)
-
    conf = ipachangeconf.IPAChangeConf("IPA Installer")
    conf.setOptionAssignment(':')

-    nss_value = ' files ldap'
+    with open(paths.NSSWITCH_CONF, 'r') as f:
+        current_opts = conf.parse(f)
+        current_nss_value = conf.findOpts(
+            current_opts, name='automount', type='option'
+        )[1]
+        if current_nss_value is None:
+            # no automount database present
+            current_nss_value = False  # None cannot be backed up
+        else:
+            current_nss_value = current_nss_value['value']
+        statestore.backup_state(
+            'ipa-client-automount-nsswitch', 'previous-automount',
+            current_nss_value
+        )

+    nss_value = ' files ldap'
    opts = [
        {
            'name': 'automount',
@ -198,7 +210,6 @@ def configure_nsswitch(fstore, options):
        },
        {'name': 'empty', 'type': 'empty'},
    ]
-
    conf.changeConf(paths.NSSWITCH_CONF, opts)

    print("Configured %s" % paths.NSSWITCH_CONF)
@ -322,19 +333,47 @@ def configure_autofs_common(fstore, statestore, options):
 def uninstall(fstore, statestore):
    RESTORE_FILES = [
        paths.SYSCONFIG_AUTOFS,
-        paths.NSSWITCH_CONF,
        paths.AUTOFS_LDAP_AUTH_CONF,
        paths.SYSCONFIG_NFS,
        paths.IDMAPD_CONF,
    ]
    STATES = ['autofs', 'rpcidmapd', 'rpcgssd']

-    # automount only touches /etc/nsswitch.conf if LDAP is
-    # used. Don't restore it otherwise.
-    if statestore.get_state('authconfig', 'sssd') or (
-        statestore.get_state('authselect', 'profile') == 'sssd'
-    ):
-        RESTORE_FILES.remove(paths.NSSWITCH_CONF)
+    if statestore.get_state(
+        'ipa-client-automount-nsswitch', 'previous-automount'
+    ) is False:
+        # Previous nsswitch.conf had no automount database configured
+        # so remove it.
+        conf = ipachangeconf.IPAChangeConf("IPA automount installer")
+        conf.setOptionAssignment(':')
+        changes = [conf.rmOption('automount')]
+        conf.changeConf(paths.NSSWITCH_CONF, changes)
+        tasks.restore_context(paths.NSSWITCH_CONF)
+        statestore.delete_state(
+            'ipa-client-automount-nsswitch', 'previous-automount'
+        )
+    elif statestore.get_state(
+        'ipa-client-automount-nsswitch', 'previous-automount'
+    ) is not None:
+        nss_value = statestore.get_state(
+            'ipa-client-automount-nsswitch', 'previous-automount'
+        )
+        opts = [
+            {
+                'name': 'automount',
+                'type': 'option',
+                'action': 'set',
+                'value': nss_value,
+            },
+            {'name': 'empty', 'type': 'empty'},
+        ]
+        conf = ipachangeconf.IPAChangeConf("IPA automount installer")
+        conf.setOptionAssignment(':')
+        conf.changeConf(paths.NSSWITCH_CONF, opts)
+        tasks.restore_context(paths.NSSWITCH_CONF)
+        statestore.delete_state(
+            'ipa-client-automount-nsswitch', 'previous-automount'
+        )

    if not any(fstore.has_file(f) for f in RESTORE_FILES) or not any(
        statestore.has_state(s) for s in STATES
@ -588,7 +627,7 @@ def configure_automount():

    try:
        if not options.sssd:
-            configure_nsswitch(fstore, options)
+            configure_nsswitch(statestore, options)
        configure_nfs(fstore, statestore, options)
        if options.sssd:
            configure_autofs_sssd(fstore, statestore, autodiscover, options)