From 54b62df055fda613aa985ccd971968123c0ad113 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Fri, 25 Sep 2015 18:00:30 +0200
Subject: [PATCH] do not overwrite files with local users/groups when restoring
 authconfig

the patch fixes regression in ipa-restore caused by overwriting /etc/passwd,
/etc/shadow and fiends during restore of authconfig configuration files. These
files are now excluded from authconfig backup dir.

https://fedorahosted.org/freeipa/ticket/5328

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 ipaplatform/redhat/authconfig.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py
index edefee8b2b4922ad67cdbac158615ef32c776bb4..7b06d583d8f8dba3df589edf73ec20f7b80c20a4 100644
--- a/ipaplatform/redhat/authconfig.py
+++ b/ipaplatform/redhat/authconfig.py
@@ -19,7 +19,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipapython import ipautil
+import os
 
+FILES_TO_NOT_BACKUP = ['passwd', 'group', 'shadow', 'gshadow']
 
 class RedHatAuthConfig(object):
     """
@@ -88,5 +90,15 @@ class RedHatAuthConfig(object):
     def backup(self, path):
         ipautil.run(["/usr/sbin/authconfig", "--savebackup", path])
 
+        # do not backup these files since we don't want to mess with
+        # users/groups during restore. Authconfig doesn't seem to mind about
+        # having them deleted from backup dir
+        files_to_remove = [os.path.join(path, f) for f in FILES_TO_NOT_BACKUP]
+        for filename in files_to_remove:
+            try:
+                os.remove(filename)
+            except OSError:
+                pass
+
     def restore(self, path):
         ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path])
-- 
2.4.3