Use PATH in env when running commands to find binaries.ipa-1-2

Fedora 14 moved the kerberos binaries from /usr/kerberos/[s]bin to /usr/[s]bin. Pass PATH to the environment in ipautil.run() so we can work universally across distributions. Bug 650725
author: Rob Crittenden <rcritten@redhat.com> 2010-11-08 14:09:04 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2010-11-17 15:14:21 -0500
commit: bf304533ce4dd003c451580323a6588e4d80b440 (patch)
tree: 2baddfc26391bfe17a36378893fba8cc2267c68f
parent: b3fbb7cbea69b768b11dbbf530ed77d65010d428 (diff)
download: freeipa-ipa-1-2.tar.gz
freeipa-ipa-1-2.tar.xz
freeipa-ipa-1-2.zip
6 files changed, 15 insertions, 12 deletions
diff --git a/ipa-admintools/ipa-change-master-key b/ipa-admintools/ipa-change-master-key
index a4e943992..0c669cc18 100644
--- a/ipa-admintools/ipa-change-master-key
+++ b/ipa-admintools/ipa-change-master-key
@@ -223,7 +223,7 @@ def main():
     os.environ['KRB5_CONFIG'] = ourkrb5conf
 
     #Backup the kerberos key material for recovery if needed
-    args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile]
+    args = ["kdb5_util", "dump", "-verbose", backupfile]
     print "Performing safety backup of the key material"
     try:
         output = ipa.ipautil.run(args)
@@ -239,7 +239,7 @@ def main():
         print ""
 
     #Convert the kerberos keys to the new master key
-    args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
+    args = ["kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
     print "Converting key material to new master key"
     try:
         output = ipa.ipautil.run(args)
@@ -302,7 +302,7 @@ def main():
         print "A backup copy of the old stash file should be saved in "+bkpstashfile
 
     #Finally upload the converted principals
-    args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile]
+    args = ["kdb5_util", "load", "-verbose", "-update", convertfile]
     print "Uploading converted key material"
     try:
         output = ipa.ipautil.run(args)
diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py
index d604225c5..7682d9933 100644
--- a/ipa-python/ipautil.py
+++ b/ipa-python/ipautil.py
@@ -82,12 +82,15 @@ def write_tmp_file(txt):
 
     return fd
 
-def run(args, stdin=None):
+def run(args, stdin=None, env=None):
+    if env is None:
+        env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
+
     if stdin:
-        p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+        p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
         stdout,stderr = p.communicate(stdin)
     else:
-        p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+        p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
         stdout,stderr = p.communicate()
 
     logging.info(stdout)
diff --git a/ipa-radius-server/plugins/radiusinstance.py b/ipa-radius-server/plugins/radiusinstance.py
index 1dd5e6695..385f65f37 100644
--- a/ipa-radius-server/plugins/radiusinstance.py
+++ b/ipa-radius-server/plugins/radiusinstance.py
@@ -125,7 +125,7 @@ class RadiusInstance(service.Service):
         except os.error:
             logging.error("Failed to remove %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH)
 
-        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
+        (kwrite, kread, kerr) = os.popen3("kadmin.local")
         kwrite.write("addprinc -randkey %s\n" % (self.principal))
         kwrite.flush()
         kwrite.write("ktadd -k %s %s\n" % (radius_util.RADIUS_IPA_KEYTAB_FILEPATH, self.principal))
diff --git a/ipa-server/ipa-fix-CVE-2008-3274 b/ipa-server/ipa-fix-CVE-2008-3274
index 41d3abc96..ce8c5e143 100644
--- a/ipa-server/ipa-fix-CVE-2008-3274
+++ b/ipa-server/ipa-fix-CVE-2008-3274
@@ -236,7 +236,7 @@ def change_mkey(password = None, quiet = False):
     os.environ['KRB5_CONFIG'] = ourkrb5conf
 
     #Backup the kerberos key material for recovery if needed
-    args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile]
+    args = ["kdb5_util", "dump", "-verbose", backupfile]
     print "Performing safety backup of the key material"
     try:
         output = ipa.ipautil.run(args)
@@ -252,7 +252,7 @@ def change_mkey(password = None, quiet = False):
         print ""
 
     #Convert the kerberos keys to the new master key
-    args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
+    args = ["kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
     print "Converting key material to new master key"
     try:
         output = ipa.ipautil.run(args)
@@ -315,7 +315,7 @@ def change_mkey(password = None, quiet = False):
         print "A backup copy of the old stash file should be saved in "+bkpstashfile
 
     #Finally upload the converted principals
-    args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile]
+    args = ["kdb5_util", "load", "-verbose", "-update", convertfile]
     print "Uploading converted key material"
     try:
         output = ipa.ipautil.run(args)
diff --git a/ipa-server/ipaserver/installutils.py b/ipa-server/ipaserver/installutils.py
index 563b168e8..aed2fe9ea 100644
--- a/ipa-server/ipaserver/installutils.py
+++ b/ipa-server/ipaserver/installutils.py
@@ -229,7 +229,7 @@ def set_directive(filename, directive, value):
     fd.close()
 
 def kadmin(command):
-    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])
+    ipautil.run(["kadmin.local", "-q", command])
 
 def kadmin_addprinc(principal):
     kadmin("addprinc -randkey " + principal)
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index c26228a2d..a7e44c52d 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -312,7 +312,7 @@ class KrbInstance(service.Service):
 
         if not replica:
             #populate the directory with the realm structure
-            args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
+            args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
             try:
                 ipautil.run(args)
             except ipautil.CalledProcessError, e:
author	Rob Crittenden <rcritten@redhat.com>	2010-11-08 14:09:04 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2010-11-17 15:14:21 -0500
commit	bf304533ce4dd003c451580323a6588e4d80b440 (patch)
tree	2baddfc26391bfe17a36378893fba8cc2267c68f
parent	b3fbb7cbea69b768b11dbbf530ed77d65010d428 (diff)
download	freeipa-ipa-1-2.tar.gz freeipa-ipa-1-2.tar.xz freeipa-ipa-1-2.zip