summarylogtreecommitdiffstats
path: root/0001-Adapt-to-Arch-Linux.patch
blob: 16e4395802ba4acf8063d2e0b36acba61eeb298e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
From f18cee1f17886ef4d54ea44e4ecc34f45df6abb6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 28 Jul 2016 11:04:36 +0200
Subject: [PATCH] Adapt to Arch Linux

---
 Makefile.am              |  2 +-
 authinfo.py              | 51 +++++++++++-------------------------------------
 man/en/Makefile.am       |  2 +-
 man/en/authconfig.8      |  8 ++++----
 man/en/postlogin-ac.5    |  1 -
 man/en/system-auth-ac.5  | 20 +++----------------
 man/en/system-login-ac.5 |  1 +
 7 files changed, 21 insertions(+), 64 deletions(-)
 delete mode 100644 man/en/postlogin-ac.5
 create mode 100644 man/en/system-login-ac.5

diff --git a/Makefile.am b/Makefile.am
index 0bc08a8..ca066eb 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -51,7 +51,7 @@ install-data-local: authconfig.desktop
 	touch $(DESTDIR)/$(pamdir)/password-auth-ac
 	touch $(DESTDIR)/$(pamdir)/fingerprint-auth-ac
 	touch $(DESTDIR)/$(pamdir)/smartcard-auth-ac
-	touch $(DESTDIR)/$(pamdir)/postlogin-ac
+	touch $(DESTDIR)/$(pamdir)/system-login-ac
 	mkdir -p $(DESTDIR)/$(datadir)/applications
 	desktop-file-install \
 		--dir=$(DESTDIR)/$(datadir)/applications \
diff --git a/authinfo.py b/authinfo.py
index 4e05a95..0a875a4 100644
--- a/authinfo.py
+++ b/authinfo.py
@@ -60,8 +60,8 @@ SYSCONFDIR = "/etc"
 AUTH_PAM_SERVICE = "system-auth"
 AUTH_PAM_SERVICE_AC = "system-auth-ac"
 
-POSTLOGIN_PAM_SERVICE = "postlogin"
-POSTLOGIN_PAM_SERVICE_AC = "postlogin-ac"
+POSTLOGIN_PAM_SERVICE = "system-login"
+POSTLOGIN_PAM_SERVICE_AC = "system-login-ac"
 
 PASSWORD_AUTH_PAM_SERVICE = "password-auth"
 PASSWORD_AUTH_PAM_SERVICE_AC = "password-auth-ac"
@@ -75,7 +75,7 @@ SMARTCARD_AUTH_PAM_SERVICE_AC = "smartcard-auth-ac"
 SSSD_AUTHCONFIG_DOMAIN = "default"
 
 if "lib64" in str(globals()["acutil"]):
-	LIBDIR = "/lib64"
+	LIBDIR = "/lib"
 else:
 	LIBDIR = "/lib"	
 
@@ -1055,9 +1055,6 @@ class SafeFile:
 		self.file.flush()
 		os.fsync(self.file.fileno())
 		os.rename(self.file.name, self.filename)
-		if self.missing:
-			call(["/usr/sbin/restorecon", self.filename],
-				stderr=os.open('/dev/null', os.O_WRONLY))
 
 	def close(self):
 		# we may have renamed the temp file, need to catch OSError
@@ -1147,13 +1144,6 @@ class FileBackup:
 		if rv and os.path.isfile(backuppath):
 			rv = self.safeCopy(backuppath, self.origPath)
 
-		try:
-			if rv:
-				call(["/usr/sbin/restorecon", self.origPath],
-					stderr=os.open('/dev/null', os.O_WRONLY))
-		except (IOError, OSError):
-			pass
-
 		return rv
 
 def readCache():
@@ -1224,8 +1214,8 @@ class CacheBackup(FileBackup):
 # indexes for the configs
 (CFG_HESIOD, CFG_YP, CFG_LDAP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
 	CFG_KRB, CFG_PAM_PKCS11, CFG_SMB, CFG_NSSWITCH, CFG_CACHE,
-	CFG_PAM, CFG_POSTLOGIN_PAM, CFG_PASSWORD_PAM, CFG_FINGERPRINT_PAM, CFG_SMARTCARD_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
-	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 30))
+	CFG_PAM, CFG_POSTLOGIN_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
+	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 27))
 all_configs = [
 	FileBackup("hesiod.conf", SYSCONFDIR+"/hesiod.conf"),
 	FileBackup("yp.conf", SYSCONFDIR+"/yp.conf"),
@@ -1241,12 +1231,9 @@ all_configs = [
 	FileBackup("nsswitch.conf", SYSCONFDIR+"/nsswitch.conf"),
 	CacheBackup("cacheenabled.conf", ""),
 	FileBackup("system-auth-ac", SYSCONFDIR+"/pam.d/"+AUTH_PAM_SERVICE_AC),
-	FileBackup("postlogin-ac", SYSCONFDIR+"/pam.d/"+POSTLOGIN_PAM_SERVICE_AC),
-	FileBackup("password-auth-ac", SYSCONFDIR+"/pam.d/"+PASSWORD_AUTH_PAM_SERVICE_AC),
-	FileBackup("fingerprint-auth-ac", SYSCONFDIR+"/pam.d/"+FINGERPRINT_AUTH_PAM_SERVICE_AC),
-	FileBackup("smartcard-auth-ac", SYSCONFDIR+"/pam.d/"+SMARTCARD_AUTH_PAM_SERVICE_AC),
-	FileBackup("authconfig", SYSCONFDIR+"/sysconfig/authconfig"),
-	FileBackup("network", SYSCONFDIR+"/sysconfig/network"),
+	FileBackup("system-login-ac", SYSCONFDIR+"/pam.d/"+POSTLOGIN_PAM_SERVICE_AC),
+	FileBackup("authconfig", SYSCONFDIR+"/conf.d/authconfig"),
+	FileBackup("nisdomainname", SYSCONFDIR+"/nisdomainname"),
 	FileBackup("libuser.conf", SYSCONFDIR+"/libuser.conf"),
 	FileBackup("pwquality.conf", SYSCONFDIR+"/security/pwquality.conf"),
 	FileBackup("login.defs", SYSCONFDIR+"/login.defs"),
@@ -2436,7 +2423,7 @@ class AuthInfo:
 		except IOError:
 			return False
 
-		tmp = shv.getValue("NISDOMAIN")
+		tmp = shv.getValue("NISDOMAINNAME")
 		if tmp:
 			self.nisLocalDomain = tmp
 
@@ -3881,8 +3868,7 @@ class AuthInfo:
 				pass
 
 	def checkPAMLinked(self):
-		for dest in [AUTH_PAM_SERVICE, POSTLOGIN_PAM_SERVICE, PASSWORD_AUTH_PAM_SERVICE,
-                                FINGERPRINT_AUTH_PAM_SERVICE, SMARTCARD_AUTH_PAM_SERVICE]:
+		for dest in [AUTH_PAM_SERVICE, POSTLOGIN_PAM_SERVICE]:
 			dest = SYSCONFDIR + "/pam.d/" + dest
 			f = os.path.isfile(dest)
 			l = os.path.islink(dest)
@@ -3967,9 +3953,6 @@ class AuthInfo:
 		self.module_missing = {}
 		self.writePAMService(STANDARD, CFG_PAM, AUTH_PAM_SERVICE_AC, AUTH_PAM_SERVICE)
 		self.writePAMService(POSTLOGIN, CFG_POSTLOGIN_PAM, POSTLOGIN_PAM_SERVICE_AC, POSTLOGIN_PAM_SERVICE)
-		self.writePAMService(PASSWORD_ONLY, CFG_PASSWORD_PAM, PASSWORD_AUTH_PAM_SERVICE_AC, PASSWORD_AUTH_PAM_SERVICE)
-		self.writePAMService(FINGERPRINT, CFG_FINGERPRINT_PAM, FINGERPRINT_AUTH_PAM_SERVICE_AC, FINGERPRINT_AUTH_PAM_SERVICE)
-		self.writePAMService(SMARTCARD, CFG_SMARTCARD_PAM, SMARTCARD_AUTH_PAM_SERVICE_AC, SMARTCARD_AUTH_PAM_SERVICE)
 		return True
 
 	def writeSysconfig(self):
@@ -4024,7 +4007,7 @@ class AuthInfo:
 		except IOError:
 			return False
 
-		shv.setValue("NISDOMAIN", self.nisDomain)
+		shv.setValue("NISDOMAINNAME", self.nisDomain)
 
 		shv.write(0o644)
 		shv.close()
@@ -4364,7 +4347,6 @@ class AuthInfo:
 			if not nostart:
 				os.system("/bin/domainname " + self.nisDomain)
 			try:
-				os.system("[[ $(getsebool allow_ypbind) == *off* ]] && setsebool -P allow_ypbind 1")
 				os.stat(PATH_RPCBIND)
 				Service.enable("rpcbind")
 				if not nostart:
@@ -4383,7 +4365,6 @@ class AuthInfo:
 			if not nostart:
 				os.system("/bin/domainname \"(none)\"")
 			try:
-				os.system("[[ $(getsebool allow_ypbind) == *on* ]] && setsebool -P allow_ypbind 0")
 				os.stat(PATH_YPBIND)
 				if not nostart:
 					try:
@@ -4400,16 +4381,6 @@ class AuthInfo:
 			not self.implicitSSSD,
 			PATH_NSLCD,
 			"nslcd", nostart)
-		if self.enableLDAP:
-			try:
-				os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *off* ]] && setsebool -P authlogin_nsswitch_use_ldap 1")
-			except OSError:
-				pass
-		else:
-			try:
-				os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *on* ]] && setsebool -P authlogin_nsswitch_use_ldap 0")
-			except OSError:
-				pass
 		return True
 
 	def toggleWinbindService(self, nostart):
diff --git a/man/en/Makefile.am b/man/en/Makefile.am
index f8139af..5445e78 100644
--- a/man/en/Makefile.am
+++ b/man/en/Makefile.am
@@ -1,4 +1,4 @@
 man8_MANS = authconfig.8 authconfig-tui.8 authconfig-gtk.8 system-config-authentication.8 \
  cacertdir_rehash.8
-man5_MANS = system-auth-ac.5 fingerprint-auth-ac.5 password-auth-ac.5 smartcard-auth-ac.5 postlogin-ac.5
+man5_MANS = system-auth-ac.5 fingerprint-auth-ac.5 password-auth-ac.5 smartcard-auth-ac.5 system-login-ac.5
 EXTRA_DIST = $(man8_MANS) $(man5_MANS)
diff --git a/man/en/authconfig.8 b/man/en/authconfig.8
index 45e6f2b..d38a731 100644
--- a/man/en/authconfig.8
+++ b/man/en/authconfig.8
@@ -11,7 +11,7 @@ authconfig, authconfig-tui \- an interface for configuring system authentication
 .in -7
 .SH DESCRIPTION
 \fBauthconfig\fR provides a simple method of configuring
-/etc/sysconfig/network to handle NIS, as well as /etc/passwd and
+/etc/nisdomainname to handle NIS, as well as /etc/passwd and
 /etc/shadow, the files used for shadow password support.  Basic LDAP,
 Kerberos 5, and Winbind client configuration is also provided.
 
@@ -70,7 +70,7 @@ Kerberos (\fB--enablekrb5\fR) for authentication.
 
 In case \fISSSD\fR does not support some feature of the legacy services that are
 required for the site configuration, the use of the legacy services can be forced
-by setting FORCELEGACY=yes in \fB/etc/sysconfig/authconfig\fP.
+by setting FORCELEGACY=yes in \fB/etc/conf.d/authconfig\fP.
 
 The list of options mentioned here in the manual page is not exhaustive, please
 refer to \fBauthconfig --help\fR for the complete list of the options.
@@ -129,7 +129,7 @@ return the same codes as \fBauthconfig\fR.
 .PD 0
 .TP
 .TP
-.FN /etc/sysconfig/authconfig
+.FN /etc/conf.d/authconfig
 Used to track whether or not particular authentication mechanisms are enabled.
 Currently includes variables named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH,
 USESMBAUTH, USEWINBIND, USEWINBINDAUTH, USEHESIOD, USENIS, USELDAP, and others.
@@ -142,7 +142,7 @@ Used for shadow password support.
 .FN /etc/yp.conf
 Configuration file for NIS support.
 .TP
-.FN /etc/sysconfig/network
+.FN /etc/nisdomainname
 Another configuration file for NIS support.
 .TP
 .FN /etc/ldap.conf
diff --git a/man/en/postlogin-ac.5 b/man/en/postlogin-ac.5
deleted file mode 100644
index 3550f54..0000000
--- a/man/en/postlogin-ac.5
+++ /dev/null
@@ -1 +0,0 @@
-.so man5/system-auth-ac.5
diff --git a/man/en/system-auth-ac.5 b/man/en/system-auth-ac.5
index 8c55e19..c1b7aaf 100644
--- a/man/en/system-auth-ac.5
+++ b/man/en/system-auth-ac.5
@@ -1,8 +1,7 @@
 .TH SYSTEM-AUTH-AC 5 "2010 March 31" "Red Hat, Inc."
 .SH NAME
 
-system-auth-ac, password-auth-ac, smartcard-auth-ac,
-fingerprint-auth-ac, postlogin-ac \- Common configuration files for
+system-auth-ac, system-login-ac \- Common configuration files for
 PAMified services written by authconfig(8)
 
 .SH SYNOPSIS
@@ -29,23 +28,10 @@ and writes the configuration to this file. The symlink is not changed on
 subsequent configuration changes even if it points elsewhere. This allows
 system administrators to override the configuration written by authconfig.
 
-The authconfig now writes the authentication modules also into additional PAM
-configuration files \fB/etc/pam.d/password-auth-ac\fR,
-\fB/etc/pam.d/smartcard-auth-ac\fR, and \fB/etc/pam.d/fingerprint-auth-ac\fR.
-These configuration files contain only modules which perform
-authentication with the respective kinds of authentication tokens.
-For example \fB/etc/pam.d/smartcard-auth[-ac]\fR will not contain
-\fBpam_unix\fR and \fBpam_ldap\fR modules and \fB/etc/pam.d/password-auth[-ac]\fR
-will not contain \fBpam_pkcs11\fR and \fBpam_fprintd\fR modules.
-
-The file \fB/etc/pam.d/postlogin-ac\fR contains common services
+The file \fB/etc/pam.d/system-login-ac\fR contains common services
 to be invoked after login. An example can be a module that encrypts an
 user's filesystem or user's keyring and is decrypted by his password.
 
-The PAM configuration files of services which are accessed by remote
-connections such as sshd or ftpd now include the \fB/etc/pam.d/password-auth\fR
-configuration file instead of \fB/etc/pam.d/system-auth\fR.
-
 
 .SH EXAMPLE
 Configure system to use pam_tally2 for configuration of maximum number of
@@ -78,4 +64,4 @@ session         include         system-auth-ac
 None known.
 
 .SH "SEE ALSO"
-authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)
+authconfig(8), authconfig-gtk(8), pam(8)
diff --git a/man/en/system-login-ac.5 b/man/en/system-login-ac.5
new file mode 100644
index 0000000..3550f54
--- /dev/null
+++ b/man/en/system-login-ac.5
@@ -0,0 +1 @@
+.so man5/system-auth-ac.5
-- 
2.7.4