subject:"\[Freeipa\-devel\] \[PATCH\] 606 IPA v1.2.2 binary location fix"

Re: [Freeipa-devel] [PATCH] 606 IPA v1.2.2 binary location fix

2010-11-17 Thread Rob Crittenden


Rob Crittenden wrote:

Fix for IPA v1.2.2 bug https://bugzilla.redhat.com/show_bug.cgi?id=650725

The problem is in Fedora 14 the kerberos binaries were moved so our
tools all fail. This makes the run() call more generic by using PATH to
find binaries.

rob


Reviewed in bug, pushed to ipa-1-2 branch.

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 606 IPA v1.2.2 binary location fix

2010-11-08 Thread Rob Crittenden


Fix for IPA v1.2.2 bug https://bugzilla.redhat.com/show_bug.cgi?id=650725

The problem is in Fedora 14 the kerberos binaries were moved so our 
tools all fail. This makes the run() call more generic by using PATH to 
find binaries.


rob
>From 5c26c970f01d9fa5e1f0783d6b3326578c46eb94 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Mon, 8 Nov 2010 14:09:04 -0500
Subject: [PATCH] Use PATH in env when running commands to find binaries.

Fedora 14 moved the kerberos binaries from /usr/kerberos/[s]bin to
/usr/[s]bin. Pass PATH to the environment in ipautil.run() so we can
work universally across distributions.

Bug 650725
---
 ipa-admintools/ipa-change-master-key|6 +++---
 ipa-python/ipautil.py   |9 ++---
 ipa-radius-server/plugins/radiusinstance.py |2 +-
 ipa-server/ipa-fix-CVE-2008-3274|6 +++---
 ipa-server/ipaserver/installutils.py|2 +-
 ipa-server/ipaserver/krbinstance.py |2 +-
 6 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/ipa-admintools/ipa-change-master-key b/ipa-admintools/ipa-change-master-key
index a4e9439..0c669cc 100644
--- a/ipa-admintools/ipa-change-master-key
+++ b/ipa-admintools/ipa-change-master-key
@@ -223,7 +223,7 @@ def main():
 os.environ['KRB5_CONFIG'] = ourkrb5conf
 
 #Backup the kerberos key material for recovery if needed
-args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile]
+args = ["kdb5_util", "dump", "-verbose", backupfile]
 print "Performing safety backup of the key material"
 try:
 output = ipa.ipautil.run(args)
@@ -239,7 +239,7 @@ def main():
 print ""
 
 #Convert the kerberos keys to the new master key
-args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
+args = ["kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
 print "Converting key material to new master key"
 try:
 output = ipa.ipautil.run(args)
@@ -302,7 +302,7 @@ def main():
 print "A backup copy of the old stash file should be saved in "+bkpstashfile
 
 #Finally upload the converted principals
-args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile]
+args = ["kdb5_util", "load", "-verbose", "-update", convertfile]
 print "Uploading converted key material"
 try:
 output = ipa.ipautil.run(args)
diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py
index d604225..7682d99 100644
--- a/ipa-python/ipautil.py
+++ b/ipa-python/ipautil.py
@@ -82,12 +82,15 @@ def write_tmp_file(txt):
 
 return fd
 
-def run(args, stdin=None):
+def run(args, stdin=None, env=None):
+if env is None:
+env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
+
 if stdin:
-p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
 stdout,stderr = p.communicate(stdin)
 else:
-p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
 stdout,stderr = p.communicate()
 
 logging.info(stdout)
diff --git a/ipa-radius-server/plugins/radiusinstance.py b/ipa-radius-server/plugins/radiusinstance.py
index 1dd5e66..385f65f 100644
--- a/ipa-radius-server/plugins/radiusinstance.py
+++ b/ipa-radius-server/plugins/radiusinstance.py
@@ -125,7 +125,7 @@ class RadiusInstance(service.Service):
 except os.error:
 logging.error("Failed to remove %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH)
 
-(kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
+(kwrite, kread, kerr) = os.popen3("kadmin.local")
 kwrite.write("addprinc -randkey %s\n" % (self.principal))
 kwrite.flush()
 kwrite.write("ktadd -k %s %s\n" % (radius_util.RADIUS_IPA_KEYTAB_FILEPATH, self.principal))
diff --git a/ipa-server/ipa-fix-CVE-2008-3274 b/ipa-server/ipa-fix-CVE-2008-3274
index 41d3abc..ce8c5e1 100644
--- a/ipa-server/ipa-fix-CVE-2008-3274
+++ b/ipa-server/ipa-fix-CVE-2008-3274
@@ -236,7 +236,7 @@ def change_mkey(password = None, quiet = False):
 os.environ['KRB5_CONFIG'] = ourkrb5conf
 
 #Backup the kerberos key material for recovery if needed
-args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile]
+args = ["kdb5_util", "dump", "-verbose", backupfile]
 print "Performing safety backup of the key material"
 try:
 output = ipa.ipautil.run(args)
@@ -252,7 +252,7 @@ def change_mkey(password = None, quiet = False):
 print ""
 
 #Convert the kerberos keys to the new master key
-args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-ve

Re: [Freeipa-devel] [PATCH] 606 IPA v1.2.2 binary location fix

[Freeipa-devel] [PATCH] 606 IPA v1.2.2 binary location fix

2 matches

Site Navigation

Mail list logo

Footer information