rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0006-ipa-advise-fallback-to-usr-libexec-platform-python-i.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   b3b562596324be7855e36335f1197a9f35db1753
  2.   SOURCES
  3.   0006-ipa-advise-fallback-to-usr-libexec-platform-python-i.patch
Blob History Raw
dc4945 
From 8abfcf8b2de98bbce7d7774e0a87bcf19fd0614a Mon Sep 17 00:00:00 2001
dc4945 
From: Florence Blanc-Renaud <flo@redhat.com>
dc4945 
Date: Mon, 4 May 2020 17:18:03 +0200
dc4945 
Subject: [PATCH] ipa-advise: fallback to /usr/libexec/platform-python if
dc4945 
 python3 not found
dc4945
dc4945 
when ipa-advise generates a script to configure a client for smart card
dc4945 
auth, the script calls python3 to configure SSSD. The issue happens
dc4945 
if the server (when ipa-advise is run) and the client do not have
dc4945 
the same path for python3 command.
dc4945
dc4945 
By default, try to use python3 but if the command is not found, fallback
dc4945 
to /usr/libexec/platform-python (which is the python3 path on RHEL8).
dc4945
dc4945 
Fixes: https://pagure.io/freeipa/issue/8311
dc4945 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
dc4945 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
dc4945 
---
dc4945 
 ipaserver/advise/plugins/smart_card_auth.py | 11 ++++++++++-
dc4945 
 1 file changed, 10 insertions(+), 1 deletion(-)
dc4945
dc4945 
diff --git a/ipaserver/advise/plugins/smart_card_auth.py b/ipaserver/advise/plugins/smart_card_auth.py
dc4945 
index 6484f66f609858a9764d491391af04d605e7981e..310139ca218386d4cd1d4854e68ae4ee4bb8195c 100644
dc4945 
--- a/ipaserver/advise/plugins/smart_card_auth.py
dc4945 
+++ b/ipaserver/advise/plugins/smart_card_auth.py
dc4945 
@@ -348,9 +348,18 @@ class config_client_for_smart_card_auth(common_smart_card_auth_config):
dc4945 
     def configure_pam_cert_auth(self):
dc4945 
         self.log.comment('Set pam_cert_auth=True in /etc/sssd/sssd.conf')
dc4945 
         self.log.comment('This step is required only when authselect is used')
dc4945 
+        # If the advise command is run on RHEL7 or fedora but the client
dc4945 
+        # is rhel8, python3 executable may be in a different location
dc4945 
+        # Find the right python path first
dc4945 
+        self.log.command("python3 --version >/dev/null 2>&1")
dc4945 
+        self.log.commands_on_predicate(
dc4945 
+            '[ "$?" -eq 0 ]',
dc4945 
+            ['PYTHON3CMD=python3'],
dc4945 
+            ['PYTHON3CMD=/usr/libexec/platform-python']
dc4945 
+        )
dc4945 
         self.log.commands_on_predicate(
dc4945 
             '[ -f "/usr/bin/authselect" ]',
dc4945 
-            ["python3 -c 'from SSSDConfig import SSSDConfig; "
dc4945 
+            ["${PYTHON3CMD} -c 'from SSSDConfig import SSSDConfig; "
dc4945 
              "c = SSSDConfig(); c.import_config(); "
dc4945 
              "c.set(\"pam\", \"pam_cert_auth\", \"True\"); "
dc4945 
              "c.write()'"])
dc4945 
--
dc4945 
2.25.4
dc4945

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation