use a constant instead of /var/lib/sss/keytabs

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2021-01-22 17:29:15 +02:00 · 2021-01-22 17:29:15 +02:00 · 54e5ffc000
commit 54e5ffc000
parent ae7cd4702d
3 changed files with 7 additions and 4 deletions
--- a/install/oddjob/com.redhat.idm.trust-fetch-domains.in
+++ b/install/oddjob/com.redhat.idm.trust-fetch-domains.in
@ -178,7 +178,9 @@ api.Backend.ldap2.connect(ccache_name)

 # Retrieve own NetBIOS name and trusted forest's name.
 # We use script's input to retrieve the trusted forest's name to sanitize input
-# for file-level access as we might need to wipe out keytab in /var/lib/sss/keytabs
+# for file-level access as we might need to wipe out keytab in
+# paths.SSSD_KEYTABS_DIR
+
 own_trust_dn = DN(
    ("cn", api.env.domain), ("cn", "ad"), ("cn", "etc"), api.env.basedn
 )
@ -200,7 +202,7 @@ rc = 0
 # to take precedence.
 with ipautil.private_krb5_config(trusted_domain, options.server) as cfg_file:
    if not (options.admin and options.password):
-        oneway_keytab_name = os.path.join("/var/lib/sss/keytabs/",
+        oneway_keytab_name = os.path.join(paths.SSSD_KEYTABS_DIR,
                                          trusted_domain + ".keytab")

        oneway_principal = str(
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@ -346,6 +346,7 @@ class BasePathNamespace:
    SSSD_PUBCONF_DIR = "/var/lib/sss/pubconf"
    SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
    SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
+    SSSD_KEYTABS_DIR = "/var/lib/sss/keytabs"
    VAR_LOG_AUDIT = "/var/log/audit/audit.log"
    VAR_LOG_HTTPD_DIR = "/var/log/httpd"
    VAR_LOG_HTTPD_ERROR = "/var/log/httpd/error_log"
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@ -1018,8 +1018,8 @@ def uninstall_master(host, ignore_topology_disconnect=True,
                      paths.IPA_RENEWAL_LOCK,
                      paths.REPLICA_INFO_GPG_TEMPLATE % host.hostname],
                     raiseonerr=False)
-    host.run_command("find /var/lib/sss/keytabs -name '*.keytab' | "
-                     "xargs rm -fv", raiseonerr=False)
+    host.run_command("find %s -name '*.keytab' | "
+                     "xargs rm -fv" % paths.SSSD_KEYTABS_DIR, raiseonerr=False)
    host.run_command("find /run/ipa -name 'krb5*' | xargs rm -fv",
                     raiseonerr=False)
    if clean: