From 6cb26b2d4ea21bc9f44f8448e2749b4624ff0581 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Apr 20 2017 10:04:18 +0000 Subject: [PATCH 1/2] sssd: catch NoServiceError exception SSSDConfig throws an NoServiceError exception if the service is not yet present in the configuration file. We need to catch it and create the service manually in such situation. --- diff --git a/authinfo.py b/authinfo.py index 7ef7453..510e6d5 100644 --- a/authinfo.py +++ b/authinfo.py @@ -3113,7 +3113,10 @@ class AuthInfo: if not self.sssdConfig: return True - pam = self.sssdConfig.get_service('pam') + try: + pam = self.sssdConfig.get_service('pam') + except SSSDConfig.NoServiceError: + pam = self.sssdConfig.new_service('pam') if self.enableSmartcard and self.enableSSSDAuth and self.smartcardModule == "sssd" : pam.set_option('pam_cert_auth', 'True') From 21d40abf3bf7b683f8462e1ed9aec6c9202cf95b Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Apr 20 2017 10:52:29 +0000 Subject: [PATCH 2/2] sssd: do not write SSSD PAM if there is no domain configured Otherwise we would write sssd.conf but since it doesn't contain any domain, the configuration is invalid and sssd wouldn't start. --- diff --git a/authinfo.py b/authinfo.py index 510e6d5..05b0ec5 100644 --- a/authinfo.py +++ b/authinfo.py @@ -3112,6 +3112,10 @@ class AuthInfo: def writeSSSDPAM(self): if not self.sssdConfig: return True + + if not self.sssdDomain and not self.implicitSSSD: + # do not write to sssd.conf since there is no domain configured + return True try: pam = self.sssdConfig.get_service('pam') @@ -3140,8 +3144,6 @@ class AuthInfo: all_configs[CFG_SSSD].backup(self.backupDir) - self.writeSSSDPAM() - if not self.sssdDomain: if not self.implicitSSSD: # do not create a domain that would be incomplete anyway @@ -3150,8 +3152,11 @@ class AuthInfo: self.sssdDomain = self.sssdConfig.new_domain(SSSD_AUTHCONFIG_DOMAIN) except SSSDConfig.DomainAlreadyExistsError: self.sssdDomain = self.sssdConfig.get_domain(SSSD_AUTHCONFIG_DOMAIN) + + self.writeSSSDPAM() + domain = self.sssdDomain - + try: self.sssdConfig.get_service('autofs') except SSSDConfig.NoServiceError: