From b27ad6e9f956a2485eee09b647b45c4901a1f928 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Wed, 14 Aug 2019 21:47:31 +0200 Subject: [PATCH] ipa-client-automount: always restore nsswitch.conf at uninstall time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ipa-client-automount used to only restore nsswitch.conf when sssd was not used. However authselect's default profile is now sssd so always restore nsswitch.conf's automount configuration to 'files sssd'. Note that the behavior seen before commit: a0e846f56c8de3b549d1d284087131da13135e34 would always restore nsswitch.conf to the previous state which in some cases was wrong. Fixes: https://pagure.io/freeipa/issue/8038 Signed-off-by: François Cami Reviewed-By: Francois Cami Reviewed-By: Rob Crittenden --- ipaclient/install/ipa_client_automount.py | 69 ++++++++++++++++++----- 1 file changed, 54 insertions(+), 15 deletions(-) diff --git a/ipaclient/install/ipa_client_automount.py b/ipaclient/install/ipa_client_automount.py index fa07598e6..a1dc2a18c 100644 --- a/ipaclient/install/ipa_client_automount.py +++ b/ipaclient/install/ipa_client_automount.py @@ -177,18 +177,30 @@ def configure_xml(fstore): print("Configured %s" % authconf) -def configure_nsswitch(fstore, options): +def configure_nsswitch(statestore, options): """ - Point automount to ldap in nsswitch.conf. This function is for non-SSSD - setups only + Point automount to ldap in nsswitch.conf. + This function is for non-SSSD setups only. """ - fstore.backup_file(paths.NSSWITCH_CONF) - conf = ipachangeconf.IPAChangeConf("IPA Installer") conf.setOptionAssignment(':') - nss_value = ' files ldap' + with open(paths.NSSWITCH_CONF, 'r') as f: + current_opts = conf.parse(f) + current_nss_value = conf.findOpts( + current_opts, name='automount', type='option' + )[1] + if current_nss_value is None: + # no automount database present + current_nss_value = False # None cannot be backed up + else: + current_nss_value = current_nss_value['value'] + statestore.backup_state( + 'ipa-client-automount-nsswitch', 'previous-automount', + current_nss_value + ) + nss_value = ' files ldap' opts = [ { 'name': 'automount', @@ -198,7 +210,6 @@ def configure_nsswitch(fstore, options): }, {'name': 'empty', 'type': 'empty'}, ] - conf.changeConf(paths.NSSWITCH_CONF, opts) print("Configured %s" % paths.NSSWITCH_CONF) @@ -322,19 +333,47 @@ def configure_autofs_common(fstore, statestore, options): def uninstall(fstore, statestore): RESTORE_FILES = [ paths.SYSCONFIG_AUTOFS, - paths.NSSWITCH_CONF, paths.AUTOFS_LDAP_AUTH_CONF, paths.SYSCONFIG_NFS, paths.IDMAPD_CONF, ] STATES = ['autofs', 'rpcidmapd', 'rpcgssd'] - # automount only touches /etc/nsswitch.conf if LDAP is - # used. Don't restore it otherwise. - if statestore.get_state('authconfig', 'sssd') or ( - statestore.get_state('authselect', 'profile') == 'sssd' - ): - RESTORE_FILES.remove(paths.NSSWITCH_CONF) + if statestore.get_state( + 'ipa-client-automount-nsswitch', 'previous-automount' + ) is False: + # Previous nsswitch.conf had no automount database configured + # so remove it. + conf = ipachangeconf.IPAChangeConf("IPA automount installer") + conf.setOptionAssignment(':') + changes = [conf.rmOption('automount')] + conf.changeConf(paths.NSSWITCH_CONF, changes) + tasks.restore_context(paths.NSSWITCH_CONF) + statestore.delete_state( + 'ipa-client-automount-nsswitch', 'previous-automount' + ) + elif statestore.get_state( + 'ipa-client-automount-nsswitch', 'previous-automount' + ) is not None: + nss_value = statestore.get_state( + 'ipa-client-automount-nsswitch', 'previous-automount' + ) + opts = [ + { + 'name': 'automount', + 'type': 'option', + 'action': 'set', + 'value': nss_value, + }, + {'name': 'empty', 'type': 'empty'}, + ] + conf = ipachangeconf.IPAChangeConf("IPA automount installer") + conf.setOptionAssignment(':') + conf.changeConf(paths.NSSWITCH_CONF, opts) + tasks.restore_context(paths.NSSWITCH_CONF) + statestore.delete_state( + 'ipa-client-automount-nsswitch', 'previous-automount' + ) if not any(fstore.has_file(f) for f in RESTORE_FILES) or not any( statestore.has_state(s) for s in STATES @@ -588,7 +627,7 @@ def configure_automount(): try: if not options.sssd: - configure_nsswitch(fstore, options) + configure_nsswitch(statestore, options) configure_nfs(fstore, statestore, options) if options.sssd: configure_autofs_sssd(fstore, statestore, autodiscover, options)