diff options
Diffstat (limited to 'install.freeipa')
-rw-r--r-- | install.freeipa | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/install.freeipa b/install.freeipa new file mode 100644 index 000000000000..4d2bd0e9788a --- /dev/null +++ b/install.freeipa @@ -0,0 +1,47 @@ +post_upgrade() { + # Has the client been configured? + restore=0 + test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}') + + if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then + if ! grep -Eq '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null; then + echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew + cat /etc/krb5.conf >> /etc/krb5.conf.ipanew + mv /etc/krb5.conf.ipanew /etc/krb5.conf + fi + fi + + # Has the client been configured? + restore=0 + test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' \ + && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' \ + | awk '{print $1}') + + if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then + if grep -Eq '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then + sed -r ' + /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d + ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew + + if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then + sed -ri ' + s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ + s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/ + ' /etc/ssh/sshd_config.ipanew + elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then + sed -ri ' + s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ + s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/ + ' /etc/ssh/sshd_config.ipanew + elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then + sed -ri ' + s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/ + s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/ + ' /etc/ssh/sshd_config.ipanew + fi + + mv /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config + chmod 600 /etc/ssh/sshd_config + fi + fi +} |