From f337c17c359c7264395804e6d15e1c294e458dbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:00:00 +0100
Subject: [PATCH 04/11] cli: add opt-out command

To opt-out from authselect managed configuration.
---
 rpm/authselect.spec.in           |  2 +-
 src/cli/authselect-completion.sh |  2 +-
 src/cli/main.c                   |  4 +++-
 src/lib/authselect.c             |  6 ++++++
 src/man/authselect.8.adoc        | 14 ++++++++++++++
 5 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 9f36d0dcf001f953b8384d54f60af25d71ef0321..6e178b88bc2f19cb17692b029430e3eca13dfbef 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -264,7 +264,7 @@ if [ $1 == 0 ] ; then
     # deleted safely. If this fail, the uninstallation must fail to avoid
     # breaking the system by removing PAM files. However, the command can
     # only fail if it can not write to the file system.
-    %{_bindir}/authselect uninstall
+    %{_bindir}/authselect opt-out
 fi
 
 %pre libs
diff --git a/src/cli/authselect-completion.sh b/src/cli/authselect-completion.sh
index 84a63c9ec9278417720f6bde270c498a700ca48d..8f03aee850a088cdf77bf3dda3a2cf017e257709 100644
--- a/src/cli/authselect-completion.sh
+++ b/src/cli/authselect-completion.sh
@@ -191,7 +191,7 @@ _authselect_completions()
 
     COMMANDS=(select apply-changes list list-features show requirements current
               check test enable-feature disable-feature create-profile
-              backup-list backup-remove backup-restore)
+              backup-list backup-remove backup-restore opt-out)
 
     possibleopts="$(get_option_params)"
     if [[ "$possibleopts" != "" ]]; then
diff --git a/src/cli/main.c b/src/cli/main.c
index 575e56f00edfc35ab4b5368ee40a497016d68cc3..db5f6dc2de6f4f58273f0719f8bb77122edfafe5 100644
--- a/src/cli/main.c
+++ b/src/cli/main.c
@@ -967,7 +967,9 @@ int main(int argc, const char **argv)
         CLI_TOOL_COMMAND("backup-list", "List available backups", CLI_CMD_NONE, backup_list),
         CLI_TOOL_COMMAND("backup-remove", "Remove backup", CLI_CMD_REQUIRE_ROOT, backup_remove),
         CLI_TOOL_COMMAND("backup-restore", "Restore from backup", CLI_CMD_REQUIRE_ROOT, backup_restore),
-        CLI_TOOL_COMMAND("uninstall", "Uninstall authselect configuration", CLI_CMD_REQUIRE_ROOT | CLI_CMD_HIDDEN, uninstall),
+        CLI_TOOL_DELIMITER("Other:"),
+        CLI_TOOL_COMMAND("opt-out", "Opt-out from authselect managed configuration", CLI_CMD_REQUIRE_ROOT, uninstall),
+        /* Hidden commands */
         CLI_TOOL_COMMAND("version", "Print authselect version", CLI_CMD_HIDDEN, version),
         CLI_TOOL_LAST
     };
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
index 62a0fde47d122cea21f3738e7badc2fdb6a7c78b..6b8edf32a50a06fdaa583146c1b8a549ba17130a 100644
--- a/src/lib/authselect.c
+++ b/src/lib/authselect.c
@@ -114,6 +114,12 @@ authselect_activate(const char *profile_id,
         goto done;
     }
 
+    if (!is_valid) {
+        ERROR("Changes to the authselect configuration were detected. "
+              "These changes will be overwritten. Please call "
+              "'authselect opt-out' in order to keep them.");
+    }
+
     ret = authselect_profile_activate(profile, features);
 
 done:
diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc
index ff6dc1e234580061e059316451a1ed293cd1502e..47e04106543825a4c0995a22c336bd7d2d1f9c81 100644
--- a/src/man/authselect.8.adoc
+++ b/src/man/authselect.8.adoc
@@ -37,6 +37,12 @@ automatically generate a backup of your current configuration so if you wish
 to go back you can restore it with *authselect backup-restore* command
 (see description below).
 
+OPT-OUT FROM AUTHSELECT
+-----------------------
+To stop authselect from managing your configuration, run *authselect opt-out*.
+This will remove all authselect configuration from your system and you can then
+modify your configuration manually.
+
 AVAILABLE COMMANDS
 ------------------
 To list all available commands run *authselect* without any parameters.
@@ -232,6 +238,14 @@ These commands can be used to manage backed up configurations.
     Restore configuration from backup named _BACKUP_. *Note:* this will
     overwrite current configuration.
 
+OTHER COMMANDS
+--------------
+
+*opt-out*::
+    Remove authselect configuration. This will restore nsswitch and PAM
+    configuration under its system location and authselect will no longer
+    manage it. Run *authselect select* to opt-in again.
+
 COMMON OPTIONS
 --------------
 These options are available with all commands.
-- 
2.34.1