diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-11-08 14:09:04 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-11-17 15:14:21 -0500 |
commit | bf304533ce4dd003c451580323a6588e4d80b440 (patch) | |
tree | 2baddfc26391bfe17a36378893fba8cc2267c68f | |
parent | b3fbb7cbea69b768b11dbbf530ed77d65010d428 (diff) | |
download | freeipa-ipa-1-2.tar.gz freeipa-ipa-1-2.tar.xz freeipa-ipa-1-2.zip |
Use PATH in env when running commands to find binaries.ipa-1-2
Fedora 14 moved the kerberos binaries from /usr/kerberos/[s]bin to
/usr/[s]bin. Pass PATH to the environment in ipautil.run() so we can
work universally across distributions.
Bug 650725
-rw-r--r-- | ipa-admintools/ipa-change-master-key | 6 | ||||
-rw-r--r-- | ipa-python/ipautil.py | 9 | ||||
-rw-r--r-- | ipa-radius-server/plugins/radiusinstance.py | 2 | ||||
-rw-r--r-- | ipa-server/ipa-fix-CVE-2008-3274 | 6 | ||||
-rw-r--r-- | ipa-server/ipaserver/installutils.py | 2 | ||||
-rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 2 |
6 files changed, 15 insertions, 12 deletions
diff --git a/ipa-admintools/ipa-change-master-key b/ipa-admintools/ipa-change-master-key index a4e943992..0c669cc18 100644 --- a/ipa-admintools/ipa-change-master-key +++ b/ipa-admintools/ipa-change-master-key @@ -223,7 +223,7 @@ def main(): os.environ['KRB5_CONFIG'] = ourkrb5conf #Backup the kerberos key material for recovery if needed - args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile] + args = ["kdb5_util", "dump", "-verbose", backupfile] print "Performing safety backup of the key material" try: output = ipa.ipautil.run(args) @@ -239,7 +239,7 @@ def main(): print "" #Convert the kerberos keys to the new master key - args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile] + args = ["kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile] print "Converting key material to new master key" try: output = ipa.ipautil.run(args) @@ -302,7 +302,7 @@ def main(): print "A backup copy of the old stash file should be saved in "+bkpstashfile #Finally upload the converted principals - args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile] + args = ["kdb5_util", "load", "-verbose", "-update", convertfile] print "Uploading converted key material" try: output = ipa.ipautil.run(args) diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py index d604225c5..7682d9933 100644 --- a/ipa-python/ipautil.py +++ b/ipa-python/ipautil.py @@ -82,12 +82,15 @@ def write_tmp_file(txt): return fd -def run(args, stdin=None): +def run(args, stdin=None, env=None): + if env is None: + env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} + if stdin: - p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) + p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env) stdout,stderr = p.communicate(stdin) else: - p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) + p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env) stdout,stderr = p.communicate() logging.info(stdout) diff --git a/ipa-radius-server/plugins/radiusinstance.py b/ipa-radius-server/plugins/radiusinstance.py index 1dd5e6695..385f65f37 100644 --- a/ipa-radius-server/plugins/radiusinstance.py +++ b/ipa-radius-server/plugins/radiusinstance.py @@ -125,7 +125,7 @@ class RadiusInstance(service.Service): except os.error: logging.error("Failed to remove %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH) - (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") + (kwrite, kread, kerr) = os.popen3("kadmin.local") kwrite.write("addprinc -randkey %s\n" % (self.principal)) kwrite.flush() kwrite.write("ktadd -k %s %s\n" % (radius_util.RADIUS_IPA_KEYTAB_FILEPATH, self.principal)) diff --git a/ipa-server/ipa-fix-CVE-2008-3274 b/ipa-server/ipa-fix-CVE-2008-3274 index 41d3abc96..ce8c5e143 100644 --- a/ipa-server/ipa-fix-CVE-2008-3274 +++ b/ipa-server/ipa-fix-CVE-2008-3274 @@ -236,7 +236,7 @@ def change_mkey(password = None, quiet = False): os.environ['KRB5_CONFIG'] = ourkrb5conf #Backup the kerberos key material for recovery if needed - args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile] + args = ["kdb5_util", "dump", "-verbose", backupfile] print "Performing safety backup of the key material" try: output = ipa.ipautil.run(args) @@ -252,7 +252,7 @@ def change_mkey(password = None, quiet = False): print "" #Convert the kerberos keys to the new master key - args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile] + args = ["kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile] print "Converting key material to new master key" try: output = ipa.ipautil.run(args) @@ -315,7 +315,7 @@ def change_mkey(password = None, quiet = False): print "A backup copy of the old stash file should be saved in "+bkpstashfile #Finally upload the converted principals - args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile] + args = ["kdb5_util", "load", "-verbose", "-update", convertfile] print "Uploading converted key material" try: output = ipa.ipautil.run(args) diff --git a/ipa-server/ipaserver/installutils.py b/ipa-server/ipaserver/installutils.py index 563b168e8..aed2fe9ea 100644 --- a/ipa-server/ipaserver/installutils.py +++ b/ipa-server/ipaserver/installutils.py @@ -229,7 +229,7 @@ def set_directive(filename, directive, value): fd.close() def kadmin(command): - ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command]) + ipautil.run(["kadmin.local", "-q", command]) def kadmin_addprinc(principal): kadmin("addprinc -randkey " + principal) diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index c26228a2d..a7e44c52d 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -312,7 +312,7 @@ class KrbInstance(service.Service): if not replica: #populate the directory with the realm structure - args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] + args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] try: ipautil.run(args) except ipautil.CalledProcessError, e: |