From 378ed3c9714a324128176fe5916dc6bce44b72a8 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Dec 10 2012 12:48:24 +0000 Subject: Fix sshd feature check OpenSSH server included in Fedora 18 raises a validation error when the tested AuthorizedKeysCommand/PubKeyAgent option is tested with an empty value. It requires a command with an absolute path to be passed. Due to this issue, sshd support is never configured on Fedora 18. Pass the real agent we will use later to the testing command to avoid this error. --- diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 9757591..7f50b2a 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1063,14 +1063,18 @@ def configure_sshd_config(fstore, options): } if options.sssd and file_exists('/usr/bin/sss_ssh_authorizedkeys'): - (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', '-o', 'AuthorizedKeysCommand='], raiseonerr=False) + authorized_keys_command = '/usr/bin/sss_ssh_authorizedkeys' + (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', + '-o', 'AuthorizedKeysCommand=%s' % authorized_keys_command], raiseonerr=False) if retcode == 0: - changes['AuthorizedKeysCommand'] = '/usr/bin/sss_ssh_authorizedkeys' + changes['AuthorizedKeysCommand'] = authorized_keys_command changes['AuthorizedKeysCommandRunAs'] = None else: - (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', '-o', 'PubKeyAgent='], raiseonerr=False) + authorized_keys_command = '/usr/bin/sss_ssh_authorizedkeys %u' + (stdout, stderr, retcode) = ipautil.run(['sshd', '-t', '-f', '/dev/null', + '-o', 'PubKeyAgent=%s' % authorized_keys_command], raiseonerr=False) if retcode == 0: - changes['PubKeyAgent'] = '/usr/bin/sss_ssh_authorizedkeys %u' + changes['PubKeyAgent'] = authorized_keys_command changes['PubkeyAgentRunAs'] = None else: root_logger.warning("Installed OpenSSH server does not " +