ALT:nsswitch.conf: Make sss a primary service for automount

stanislavlevin · Jun 29, 2022 · 5f39f18 · 5f39f18
1 parent 8ea8d44
commit 5f39f18
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 4 deletions.
diff --git a/ipaclient/install/ipa_client_automount.py b/ipaclient/install/ipa_client_automount.py
@@ -230,6 +230,7 @@ def uninstall(fstore, statestore):
 
  print("Restoring configuration")
 
+ tasks.disable_nsswitch_automount(statestore)
  for filepath in RESTORE_FILES:
  if fstore.has_file(filepath):
  fstore.restore_file(filepath)
@@ -497,6 +498,7 @@ def configure_automount():
  sys.exit("Installation aborted")
 
  try:
+ tasks.enable_nsswitch_automount(statestore)
  configure_nfs(fstore, statestore, options)
  configure_autofs_sssd(fstore, statestore, autodiscover, options)
  configure_autofs_common(fstore, statestore, options)

diff --git a/ipaplatform/altlinux/tasks.py b/ipaplatform/altlinux/tasks.py
@@ -11,6 +11,7 @@
 from ipaplatform.paths import paths
 from ipapython import directivesetter
 from ipapython import ipautil
+from ipapython.ipachangeconf import IPAChangeConf
 
 
 class ALTLinuxTaskNamespace(RedHatTaskNamespace):
@@ -30,6 +31,59 @@ def restore_pre_ipa_client_configuration(
  def set_nisdomain(self, nisdomain):
  return True
 
+ def enable_nsswitch_automount(self, statestore):
+ database = "automount"
+ conf = IPAChangeConf("IPA automount installer")
+ conf.setOptionAssignment(":")
+
+ # Read the existing configuration
+ with open(paths.NSSWITCH_CONF) as f:
+ opts = conf.parse(f)
+
+ raw_database_entry = conf.findOpts(opts, "option", database)[1]
+
+ # Detect the list of already configured services
+ if not raw_database_entry:
+ # If there is no database entry, database is not present in
+ # the nsswitch.conf
+ configured_services = ["files"]
+ statestore.backup_state("ipaclient_automount", "nss", "")
+ else:
+ configured_services = raw_database_entry["value"].strip().split()
+ statestore.backup_state(
+ "ipaclient_automount", "nss", " ".join(configured_services)
+ )
+
+ added_services = ["sss"]
+ # drop already configured service if it matches
+ configured_services = [
+ s
+ for s in configured_services
+ if s not in added_services
+ ]
+
+ new_value = " " + " ".join(added_services + configured_services)
+
+ # Set new services as sources for database
+ opts = [conf.setOption(database, new_value)]
+
+ conf.changeConf(paths.NSSWITCH_CONF, opts)
+
+ def disable_nsswitch_automount(self, statestore):
+ nss_state = statestore.get_state("ipaclient_automount", "nss")
+ if nss_state is None:
+ # nothing to do
+ return
+
+ conf = IPAChangeConf("IPA automount installer")
+ conf.setOptionAssignment(":")
+ if nss_state == "":
+ opts = [conf.rmOption("automount")]
+ else:
+ opts = [conf.setOption("automount", " " + nss_state)]
+ conf.changeConf(paths.NSSWITCH_CONF, opts)
+ statestore.delete_state("ipaclient_automount", "nss")
+
  def modify_nsswitch_pam_stack(
  self, sssd, mkhomedir, fstore, statestore, sudo=True, subid=False
  ):

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
@@ -210,6 +210,18 @@ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, fstore, statestore,
 
  raise NotImplementedError()
 
+ def enable_nsswitch_automount(self, statestore):
+ """
+ Sets automount database in nsswitch.conf to 'sss' as a primary service
+ """
+ raise NotImplementedError()
+
+ def disable_nsswitch_automount(self, statestore):
+ """
+ Restores back automount database in nsswitch.conf
+ """
+ raise NotImplementedError()
+
  def modify_pam_to_use_krb5(self, statestore):
  """
  Configure pam stack to allow kerberos authentication.
@@ -399,7 +411,7 @@ def get_pkcs11_modules(self):
 
  def configure_nsswitch_database(self, fstore, database, services,
  preserve=True, append=True,
- default_value=()):
+ default_value=(), reorder=False):
  """
  Edits the specified nsswitch.conf database (e.g. passwd, group,
  sudoers) to use the specified service(s).
@@ -415,6 +427,8 @@ def configure_nsswitch_database(self, fstore, database, services,
  The next arguments modify the behaviour if preserve=True:
  append - if True, the services will be appended, if False,
  prepended
+ reorder - if True, reorder of matching services is allowed.
+ If False, reorder of matching services is not allowed.
  default_value - list of services that are considered as default (if
  the database is not mentioned in nsswitch.conf),
  e.g. ['files']
@@ -444,9 +458,21 @@ def configure_nsswitch_database(self, fstore, database, services,
  configured_services = raw_database_entry[
  'value'].strip().split()
 
- # Make sure no service is added if already mentioned in the list
- added_services = [s for s in services
- if s not in configured_services]
+ if reorder:
+ added_services = services[:]
+ # drop already configured service if it matches
+ configured_services = [
+ s
+ for s in configured_services
+ if s not in added_services
+ ]
+ else:
+ # Make sure no service is added if already mentioned in the list
+ added_services = [
+ s
+ for s in services
+ if s not in configured_services
+ ]
 
  # Prepend / append the list of new services
  if append: