From 08c71703a44d8aec308781351c3a9dd4a4ba94a7 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Feb 13 2017 17:10:55 +0000
Subject: Remove is_fips_enabled checks in installers and ipactl


https://fedorahosted.org/freeipa/ticket/5695

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>

---

diff --git a/install/tools/ipactl b/install/tools/ipactl
index c34f1cb..f375a87 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -543,9 +543,6 @@ def main():
     elif args[0] != "start" and args[0] != "stop" and args[0] != "restart" and args[0] != "status":
         raise IpactlError("Unrecognized action [" + args[0] + "]", 2)
 
-    if tasks.is_fips_enabled():
-        raise IpactlError("Starting IPA server in FIPS mode is not supported")
-
     # check if IPA is configured at all
     try:
         check_IPA_configuration()
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index aa3449c..2b01b0d 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -1953,11 +1953,6 @@ def install_check(options):
             "You must be root to run ipa-client-install.",
             rval=CLIENT_INSTALL_ERROR)
 
-    if tasks.is_fips_enabled():
-        raise ScriptError(
-            "Installing IPA client in FIPS mode is not supported",
-            rval=CLIENT_INSTALL_ERROR)
-
     tasks.check_selinux_status()
 
     if is_ipa_client_installed(fstore, on_master=options.on_master):
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index ef943f7..8178d4e 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -304,10 +304,6 @@ def install_check(installer):
     external_ca_file = installer._external_ca_file
     http_ca_cert = installer._ca_cert
 
-    if tasks.is_fips_enabled():
-        raise RuntimeError(
-            "Installing IPA server in FIPS mode is not supported")
-
     tasks.check_selinux_status()
 
     if options.master_password:
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 24cc661..fcb979c 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -527,10 +527,6 @@ def check_remote_version(api):
 
 
 def common_check(no_ntp):
-    if tasks.is_fips_enabled():
-        raise RuntimeError(
-            "Installing IPA server in FIPS mode is not supported")
-
     tasks.check_selinux_status()
 
     if is_ipa_configured():
@@ -646,7 +642,12 @@ def install_check(installer):
     filename = installer.replica_file
     installer._enrollment_performed = False
 
-    # check FIPS, selinux status, http and DS ports, NTP conflicting services
+    if tasks.is_fips_enabled():
+        raise RuntimeError(
+            "Installing IPA server in FIPS mode on domain level 0 is not "
+            "supported")
+
+    # check selinux status, http and DS ports, NTP conflicting services
     common_check(options.no_ntp)
 
     client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
@@ -942,7 +943,7 @@ def promote_check(installer):
     installer._enrollment_performed = False
     installer._top_dir = tempfile.mkdtemp("ipa")
 
-    # check FIPS, selinux status, http and DS ports, NTP conflicting services
+    # check selinux status, http and DS ports, NTP conflicting services
     common_check(options.no_ntp)
 
     client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)