From d8f2ad281d0790f2ad8ccc4265c711c68bd2f9c8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 28 Jul 2016 11:04:36 +0200
Subject: [PATCH] Adapt to Arch Linux

---
 Makefile.am                                  |  5 +--
 authinfo.py                                  | 51 ++++++----------------------
 man/en/Makefile.am                           |  2 +-
 man/en/authconfig.8                          |  8 ++---
 man/en/system-auth-ac.5                      | 20 ++---------
 man/en/{postlogin-ac.5 => system-login-ac.5} |  0
 6 files changed, 20 insertions(+), 66 deletions(-)
 rename man/en/{postlogin-ac.5 => system-login-ac.5} (100%)

diff --git a/Makefile.am b/Makefile.am
index e12373a697e822c22a738dcd7b1a6be46fa0289d..f1339da39055c7206b88070ad14627848619a7ad 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,10 +25,7 @@ install-data-local:
 	mkdir -p $(DESTDIR)/$(backupdir)
 	touch $(DESTDIR)/$(sysconfigdir)/authconfig
 	touch $(DESTDIR)/$(pamdir)/system-auth-ac
-	touch $(DESTDIR)/$(pamdir)/password-auth-ac
-	touch $(DESTDIR)/$(pamdir)/fingerprint-auth-ac
-	touch $(DESTDIR)/$(pamdir)/smartcard-auth-ac
-	touch $(DESTDIR)/$(pamdir)/postlogin-ac
+	touch $(DESTDIR)/$(pamdir)/system-login-ac
 
 uninstall-local:
 	$(RM) $(DESTDIR)/$(bindir)/authconfig
diff --git a/authinfo.py b/authinfo.py
index 1203a71114d0b700ff57802ece89b4a3e5351572..36e38418213c5c074178b8398ede8ade106d4c09 100644
--- a/authinfo.py
+++ b/authinfo.py
@@ -60,8 +60,8 @@ SYSCONFDIR = "/etc"
 AUTH_PAM_SERVICE = "system-auth"
 AUTH_PAM_SERVICE_AC = "system-auth-ac"
 
-POSTLOGIN_PAM_SERVICE = "postlogin"
-POSTLOGIN_PAM_SERVICE_AC = "postlogin-ac"
+POSTLOGIN_PAM_SERVICE = "system-login"
+POSTLOGIN_PAM_SERVICE_AC = "system-login-ac"
 
 PASSWORD_AUTH_PAM_SERVICE = "password-auth"
 PASSWORD_AUTH_PAM_SERVICE_AC = "password-auth-ac"
@@ -75,7 +75,7 @@ SMARTCARD_AUTH_PAM_SERVICE_AC = "smartcard-auth-ac"
 SSSD_AUTHCONFIG_DOMAIN = "default"
 
 if "lib64" in str(globals()["acutil"]):
-	LIBDIR = "/usr/lib64"
+	LIBDIR = "/lib64"
 else:
-	LIBDIR = "/usr/lib"
+	LIBDIR = "/lib"
 
@@ -994,9 +994,6 @@ class SafeFile:
 		self.file.flush()
 		os.fsync(self.file.fileno())
 		os.rename(self.file.name, self.filename)
-		if self.missing:
-			call(["/usr/sbin/restorecon", self.filename],
-				stderr=os.open('/dev/null', os.O_WRONLY))
 
 	def close(self):
 		# we may have renamed the temp file, need to catch OSError
@@ -1086,13 +1083,6 @@ class FileBackup:
 		if rv and os.path.isfile(backuppath):
 			rv = self.safeCopy(backuppath, self.origPath)
 
-		try:
-			if rv:
-				call(["/usr/sbin/restorecon", self.origPath],
-					stderr=os.open('/dev/null', os.O_WRONLY))
-		except (IOError, OSError):
-			pass
-
 		return rv
 
 def readCache():
@@ -1163,8 +1153,8 @@ class CacheBackup(FileBackup):
 # indexes for the configs
 (CFG_YP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
 	CFG_KRB, CFG_PAM_PKCS11, CFG_SMB, CFG_NSSWITCH, CFG_CACHE,
-	CFG_PAM, CFG_POSTLOGIN_PAM, CFG_PASSWORD_PAM, CFG_FINGERPRINT_PAM, CFG_SMARTCARD_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
-	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 28))
+	CFG_PAM, CFG_POSTLOGIN_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
+	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 25))
 all_configs = [
 	FileBackup("yp.conf", SYSCONFDIR+"/yp.conf"),
 	FileBackup("nss_ldap.conf", SYSCONFDIR+"/nss_ldap.conf"),
@@ -1178,12 +1168,9 @@ all_configs = [
 	FileBackup("nsswitch.conf", SYSCONFDIR+"/nsswitch.conf"),
 	CacheBackup("cacheenabled.conf", ""),
 	FileBackup("system-auth-ac", SYSCONFDIR+"/pam.d/"+AUTH_PAM_SERVICE_AC),
-	FileBackup("postlogin-ac", SYSCONFDIR+"/pam.d/"+POSTLOGIN_PAM_SERVICE_AC),
-	FileBackup("password-auth-ac", SYSCONFDIR+"/pam.d/"+PASSWORD_AUTH_PAM_SERVICE_AC),
-	FileBackup("fingerprint-auth-ac", SYSCONFDIR+"/pam.d/"+FINGERPRINT_AUTH_PAM_SERVICE_AC),
-	FileBackup("smartcard-auth-ac", SYSCONFDIR+"/pam.d/"+SMARTCARD_AUTH_PAM_SERVICE_AC),
-	FileBackup("authconfig", SYSCONFDIR+"/sysconfig/authconfig"),
-	FileBackup("network", SYSCONFDIR+"/sysconfig/network"),
+	FileBackup("system-login-ac", SYSCONFDIR+"/pam.d/"+POSTLOGIN_PAM_SERVICE_AC),
+	FileBackup("authconfig", SYSCONFDIR+"/conf.d/authconfig"),
+	FileBackup("nisdomainname", SYSCONFDIR+"/nisdomainname"),
 	FileBackup("libuser.conf", SYSCONFDIR+"/libuser.conf"),
 	FileBackup("pwquality.conf", SYSCONFDIR+"/security/pwquality.conf"),
 	FileBackup("login.defs", SYSCONFDIR+"/login.defs"),
@@ -2263,7 +2250,7 @@ class AuthInfo:
 		except IOError:
 			return False
 
-		tmp = shv.getValue("NISDOMAIN")
+		tmp = shv.getValue("NISDOMAINNAME")
 		if tmp:
 			self.nisLocalDomain = tmp
 
@@ -3661,8 +3648,7 @@ class AuthInfo:
 				pass
 
 	def checkPAMLinked(self):
-		for dest in [AUTH_PAM_SERVICE, POSTLOGIN_PAM_SERVICE, PASSWORD_AUTH_PAM_SERVICE,
-                                FINGERPRINT_AUTH_PAM_SERVICE, SMARTCARD_AUTH_PAM_SERVICE]:
+		for dest in [AUTH_PAM_SERVICE, POSTLOGIN_PAM_SERVICE]:
 			dest = SYSCONFDIR + "/pam.d/" + dest
 			f = os.path.isfile(dest)
 			l = os.path.islink(dest)
@@ -3745,9 +3731,6 @@ class AuthInfo:
 		self.module_missing = {}
 		self.writePAMService(STANDARD, CFG_PAM, AUTH_PAM_SERVICE_AC, AUTH_PAM_SERVICE)
 		self.writePAMService(POSTLOGIN, CFG_POSTLOGIN_PAM, POSTLOGIN_PAM_SERVICE_AC, POSTLOGIN_PAM_SERVICE)
-		self.writePAMService(PASSWORD_ONLY, CFG_PASSWORD_PAM, PASSWORD_AUTH_PAM_SERVICE_AC, PASSWORD_AUTH_PAM_SERVICE)
-		self.writePAMService(FINGERPRINT, CFG_FINGERPRINT_PAM, FINGERPRINT_AUTH_PAM_SERVICE_AC, FINGERPRINT_AUTH_PAM_SERVICE)
-		self.writePAMService(SMARTCARD, CFG_SMARTCARD_PAM, SMARTCARD_AUTH_PAM_SERVICE_AC, SMARTCARD_AUTH_PAM_SERVICE)
 		return True
 
 	def writeSysconfig(self):
@@ -3794,7 +3777,7 @@ class AuthInfo:
 		except IOError:
 			return False
 
-		shv.setValue("NISDOMAIN", self.nisDomain)
+		shv.setValue("NISDOMAINNAME", self.nisDomain)
 
 		shv.write(0o644)
 		shv.close()
@@ -4056,7 +4039,6 @@ class AuthInfo:
 			if not nostart:
 				os.system("/bin/domainname " + self.nisDomain)
 			try:
-				os.system("[[ $(getsebool allow_ypbind) == *off* ]] && setsebool -P allow_ypbind 1")
 				os.stat(PATH_RPCBIND)
 				Service.enable("rpcbind")
 				if not nostart:
@@ -4075,7 +4057,6 @@ class AuthInfo:
 			if not nostart:
 				os.system("/bin/domainname \"(none)\"")
 			try:
-				os.system("[[ $(getsebool allow_ypbind) == *on* ]] && setsebool -P allow_ypbind 0")
 				os.stat(PATH_YPBIND)
 				if not nostart:
 					try:
@@ -4092,16 +4073,6 @@ class AuthInfo:
 			not self.implicitSSSD,
 			PATH_NSLCD,
 			"nslcd", nostart)
-		if self.enableLDAP:
-			try:
-				os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *off* ]] && setsebool -P authlogin_nsswitch_use_ldap 1")
-			except OSError:
-				pass
-		else:
-			try:
-				os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *on* ]] && setsebool -P authlogin_nsswitch_use_ldap 0")
-			except OSError:
-				pass
 		return True
 
 	def toggleWinbindService(self, nostart):
diff --git a/man/en/Makefile.am b/man/en/Makefile.am
index c4fa4408b68f3df2faf49ad9553d4edc6c66ae02..473afcac11af95fed1ae30dbf91b098f37d186a9 100644
--- a/man/en/Makefile.am
+++ b/man/en/Makefile.am
@@ -1,3 +1,3 @@
 man8_MANS = authconfig.8 cacertdir_rehash.8
-man5_MANS = system-auth-ac.5 fingerprint-auth-ac.5 password-auth-ac.5 smartcard-auth-ac.5 postlogin-ac.5
+man5_MANS = system-auth-ac.5 system-login-ac.5
 EXTRA_DIST = $(man8_MANS) $(man5_MANS)
diff --git a/man/en/authconfig.8 b/man/en/authconfig.8
index 7338dc8d12de3484982cc3dfc29fd841be6d9890..ae93aa5b4f2fda383c3d9aa5c41a4a3868883af5 100644
--- a/man/en/authconfig.8
+++ b/man/en/authconfig.8
@@ -11,7 +11,7 @@ authconfig, authconfig-tui \- an interface for configuring system authentication
 .in -7
 .SH DESCRIPTION
 \fBauthconfig\fR provides a simple method of configuring
-/etc/sysconfig/network to handle NIS, as well as /etc/passwd and
+/etc/nisdomainname to handle NIS, as well as /etc/passwd and
 /etc/shadow, the files used for shadow password support.  Basic LDAP,
 Kerberos 5, and Winbind client configuration is also provided.
 
@@ -70,7 +70,7 @@ Kerberos (\fB--enablekrb5\fR) for authentication.
 
 In case \fISSSD\fR does not support some feature of the legacy services that are
 required for the site configuration, the use of the legacy services can be forced
-by setting FORCELEGACY=yes in \fB/etc/sysconfig/authconfig\fP.
+by setting FORCELEGACY=yes in \fB/etc/conf.d/authconfig\fP.
 
 The list of options mentioned here in the manual page is not exhaustive, please
 refer to \fBauthconfig --help\fR for the complete list of the options.
@@ -109,7 +109,7 @@ fails on \fB--update\fR action, 7 if Winbind domain join fails.
 .PD 0
 .TP
 .TP
-.FN /etc/sysconfig/authconfig
+.FN /etc/conf.d/authconfig
 Used to track whether or not particular authentication mechanisms are enabled.
 Currently includes variables named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH,
 USEWINBIND, USEWINBINDAUTH, USENIS, USELDAP, and others.
@@ -122,7 +122,7 @@ Used for shadow password support.
 .FN /etc/yp.conf
 Configuration file for NIS support.
 .TP
-.FN /etc/sysconfig/network
+.FN /etc/nisdomainname
 Another configuration file for NIS support.
 .TP
 .FN /etc/ldap.conf
diff --git a/man/en/system-auth-ac.5 b/man/en/system-auth-ac.5
index 8c55e1956afaade9e8317ae73839c0d522cb3ee1..c1b7aaf981d8c3529e0cd8973d90ca7d9ac5c5e1 100644
--- a/man/en/system-auth-ac.5
+++ b/man/en/system-auth-ac.5
@@ -1,8 +1,7 @@
 .TH SYSTEM-AUTH-AC 5 "2010 March 31" "Red Hat, Inc."
 .SH NAME
 
-system-auth-ac, password-auth-ac, smartcard-auth-ac,
-fingerprint-auth-ac, postlogin-ac \- Common configuration files for
+system-auth-ac, system-login-ac \- Common configuration files for
 PAMified services written by authconfig(8)
 
 .SH SYNOPSIS
@@ -29,23 +28,10 @@ and writes the configuration to this file. The symlink is not changed on
 subsequent configuration changes even if it points elsewhere. This allows
 system administrators to override the configuration written by authconfig.
 
-The authconfig now writes the authentication modules also into additional PAM
-configuration files \fB/etc/pam.d/password-auth-ac\fR,
-\fB/etc/pam.d/smartcard-auth-ac\fR, and \fB/etc/pam.d/fingerprint-auth-ac\fR.
-These configuration files contain only modules which perform
-authentication with the respective kinds of authentication tokens.
-For example \fB/etc/pam.d/smartcard-auth[-ac]\fR will not contain
-\fBpam_unix\fR and \fBpam_ldap\fR modules and \fB/etc/pam.d/password-auth[-ac]\fR
-will not contain \fBpam_pkcs11\fR and \fBpam_fprintd\fR modules.
-
-The file \fB/etc/pam.d/postlogin-ac\fR contains common services
+The file \fB/etc/pam.d/system-login-ac\fR contains common services
 to be invoked after login. An example can be a module that encrypts an
 user's filesystem or user's keyring and is decrypted by his password.
 
-The PAM configuration files of services which are accessed by remote
-connections such as sshd or ftpd now include the \fB/etc/pam.d/password-auth\fR
-configuration file instead of \fB/etc/pam.d/system-auth\fR.
-
 
 .SH EXAMPLE
 Configure system to use pam_tally2 for configuration of maximum number of
@@ -78,4 +64,4 @@ session         include         system-auth-ac
 None known.
 
 .SH "SEE ALSO"
-authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)
+authconfig(8), authconfig-gtk(8), pam(8)
diff --git a/man/en/postlogin-ac.5 b/man/en/system-login-ac.5
similarity index 100%
rename from man/en/postlogin-ac.5
rename to man/en/system-login-ac.5
-- 
2.9.3