From 8abfcf8b2de98bbce7d7774e0a87bcf19fd0614a Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 4 May 2020 17:18:03 +0200 Subject: [PATCH] ipa-advise: fallback to /usr/libexec/platform-python if python3 not found when ipa-advise generates a script to configure a client for smart card auth, the script calls python3 to configure SSSD. The issue happens if the server (when ipa-advise is run) and the client do not have the same path for python3 command. By default, try to use python3 but if the command is not found, fallback to /usr/libexec/platform-python (which is the python3 path on RHEL8). Fixes: https://pagure.io/freeipa/issue/8311 Reviewed-By: Christian Heimes Reviewed-By: Christian Heimes --- ipaserver/advise/plugins/smart_card_auth.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/ipaserver/advise/plugins/smart_card_auth.py b/ipaserver/advise/plugins/smart_card_auth.py index 6484f66f609858a9764d491391af04d605e7981e..310139ca218386d4cd1d4854e68ae4ee4bb8195c 100644 --- a/ipaserver/advise/plugins/smart_card_auth.py +++ b/ipaserver/advise/plugins/smart_card_auth.py @@ -348,9 +348,18 @@ class config_client_for_smart_card_auth(common_smart_card_auth_config): def configure_pam_cert_auth(self): self.log.comment('Set pam_cert_auth=True in /etc/sssd/sssd.conf') self.log.comment('This step is required only when authselect is used') + # If the advise command is run on RHEL7 or fedora but the client + # is rhel8, python3 executable may be in a different location + # Find the right python path first + self.log.command("python3 --version >/dev/null 2>&1") + self.log.commands_on_predicate( + '[ "$?" -eq 0 ]', + ['PYTHON3CMD=python3'], + ['PYTHON3CMD=/usr/libexec/platform-python'] + ) self.log.commands_on_predicate( '[ -f "/usr/bin/authselect" ]', - ["python3 -c 'from SSSDConfig import SSSDConfig; " + ["${PYTHON3CMD} -c 'from SSSDConfig import SSSDConfig; " "c = SSSDConfig(); c.import_config(); " "c.set(\"pam\", \"pam_cert_auth\", \"True\"); " "c.write()'"]) -- 2.25.4