Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5461>.

Honza

--
Jan Cholasta
From 7e03d1370ce82843280c82c6ed13a77214ff92dd Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Fri, 20 Nov 2015 09:35:43 +0100
Subject: [PATCH] client install: do not corrupt OpenSSH config with Match
 sections

https://fedorahosted.org/freeipa/ticket/5461
---
 ipa-client/ipa-install/ipa-client-install | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3011d25..05a550b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1332,6 +1332,7 @@ def change_ssh_config(filename, changes, sections):
     section_keys = tuple(key.lower() for key in sections)
 
     lines = []
+    in_section = False
     for line in f:
         line = line.rstrip('\n')
         pline = line.strip()
@@ -1340,7 +1341,7 @@ def change_ssh_config(filename, changes, sections):
             continue
         option = pline.split()[0].lower()
         if option in section_keys:
-            lines.append(line)
+            in_section = True
             break
         if option in change_keys:
             line = '#' + line
@@ -1348,6 +1349,9 @@ def change_ssh_config(filename, changes, sections):
     for option, value in changes.items():
         if value is not None:
             lines.append('%s %s' % (option, value))
+    if in_section:
+        lines.append('')
+        lines.append(line)
     for line in f:
         line = line.rstrip('\n')
         lines.append(line)
@@ -1388,7 +1392,7 @@ def configure_ssh_config(fstore, options):
         changes['VerifyHostKeyDNS'] = 'yes'
         changes['HostKeyAlgorithms'] = 'ssh-rsa,ssh-dss'
 
-    change_ssh_config(ssh_config, changes, ['Host'])
+    change_ssh_config(ssh_config, changes, ['Host', 'Match'])
     root_logger.info('Configured %s', ssh_config)
 
 def configure_sshd_config(fstore, options):
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to