diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-12-10 10:09:58 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-12-10 13:48:24 +0100 |
| commit | 378ed3c9714a324128176fe5916dc6bce44b72a8 (patch) | |
| tree | 0a1294005fd90c0d410df9636c0e980387e0496e | |
| parent | 32916d444b038e6d68348b62481a4e2871438568 (diff) | |
| download | freeipa.git-378ed3c9714a324128176fe5916dc6bce44b72a8.tar.gz freeipa.git-378ed3c9714a324128176fe5916dc6bce44b72a8.tar.xz freeipa.git-378ed3c9714a324128176fe5916dc6bce44b72a8.zip | |
Fix sshd feature check
OpenSSH server included in Fedora 18 raises a validation error when
the tested AuthorizedKeysCommand/PubKeyAgent option is tested with
an empty value. It requires a command with an absolute path to be
passed. Due to this issue, sshd support is never configured on
Fedora 18.
Pass the real agent we will use later to the testing command to
avoid this error.
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 97575916..7f50b2a2 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1063,14 +1063,18 @@ def configure_sshd_config(fstore, options): } if options.sssd and file_exists('/usr/bin/sss_ssh_authorizedkeys'): - (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', '-o', 'AuthorizedKeysCommand='], raiseonerr=False) + authorized_keys_command = '/usr/bin/sss_ssh_authorizedkeys' + (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', + '-o', 'AuthorizedKeysCommand=%s' % authorized_keys_command], raiseonerr=False) if retcode == 0: - changes['AuthorizedKeysCommand'] = '/usr/bin/sss_ssh_authorizedkeys' + changes['AuthorizedKeysCommand'] = authorized_keys_command changes['AuthorizedKeysCommandRunAs'] = None else: - (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', '-o', 'PubKeyAgent='], raiseonerr=False) + authorized_keys_command = '/usr/bin/sss_ssh_authorizedkeys %u' + (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', + '-o', 'PubKeyAgent=%s' % authorized_keys_command], raiseonerr=False) if retcode == 0: - changes['PubKeyAgent'] = '/usr/bin/sss_ssh_authorizedkeys %u' + changes['PubKeyAgent'] = authorized_keys_command changes['PubkeyAgentRunAs'] = None else: root_logger.warning("Installed OpenSSH server does not " + |