From 313ccd75397ae3a1801e1532f460519c657adae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 11 Sep 2018 11:03:36 +0200 Subject: [PATCH 07/16] compat: use current configuration unless other profile is selected This makes sure that 'authconfig --updateall' or 'authconfig --enablexyz --updateall' will not override current authselect profile if /etc/authconfig/sysconfig does not exist. Resolves: https://github.com/pbrezina/authselect/issues/82 --- src/compat/authcompat.py.in.in | 61 ++++++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 11 deletions(-) diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in index 4fa9a6afc1d62aa9dde41b525d473168e6dc2901..96b2c69ce2c10afe6b689a8c4b64aa1e83245b34 100755 --- a/src/compat/authcompat.py.in.in +++ b/src/compat/authcompat.py.in.in @@ -39,9 +39,11 @@ def eprint(*args, **kwargs): class Command: TEST = False - def __init__(self, command, args, input=None): + def __init__(self, command, args, input=None, check=True): self.args = [command] + args self.input = input.encode() if input is not None else None + self.check = check + self.result = None def run(self): print(_("Executing: %s") % ' '.join(self.args)) @@ -49,10 +51,10 @@ class Command: if self.TEST: return - subprocess.run(self.args, check=True, - input=self.input, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + self.result = subprocess.run(self.args, check=self.check, + input=self.input, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) class Service: def __init__(self, name): @@ -506,24 +508,61 @@ class AuthCompat: 'winbindkrb5' : 'with-krb5' } - profile = "sssd" - if self.options.getBool("nis"): + # Read current configuration first. + (profile, features) = self.getCurrentAuthselectConfig() + + # Change profile if requested. + if (self.options.getBool("ldap") or self.options.getBool("ldapauth") or + self.options.getBool("sssd") or self.options.getBool("sssdauth")): + profile = "sssd" + elif self.options.getBool("nis"): profile = "nis" elif self.options.getBool("winbind"): profile = "winbind" + # Default to sssd + if profile is None: + profile = "sssd" + + # Add enabled and remove disabled features. + for option, feature in map.items(): + if not self.options.isset(option): + continue + + enabled = self.options.getBool(option) + if enabled: + features.append(feature) + else: + while feature in features: + features.remove(feature) + + # Remove duplicates. The order is not kept but that does not matter. + features = list(set(features)) + # Always run with --force. This is either first call of authconfig # in installation script or it is run on already configured system. # We want to use authselect in both cases anyway, since authconfig # would change the configuration either way. - args = ["select", profile, "--force"] - for option, feature in map.items(): - if self.options.getBool(option): - args.append(feature) + args = ["select", profile] + args.extend(features) + args.append("--force") cmd = Command(Path.System('cmd-authselect'), args) cmd.run() + def getCurrentAuthselectConfig(self): + cmd = Command(Path.System('cmd-authselect'), ['check'], check=False) + cmd.run() + + if cmd.result.returncode != 0: + return (None, []) + + cmd = Command(Path.System('cmd-authselect'), ['current', '--raw']) + cmd.run() + + current = cmd.result.stdout.decode("utf-8").split() + return (current[0], current[1:]) + def writeConfiguration(self): configs = [ Configuration.LDAP(self.options), -- 2.17.1