Merge pull request #11728 from jan-cerny/issue_11708

Disallow spaces in SSSD certificate_verification option

linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml

@@ -26,6 +26,6 @@
       path: /etc/sssd/conf.d/certificate_verification.conf
       section: sssd
       option: certificate_verification
-      value: "ocsp_dgst = {{ var_sssd_certificate_verification_digest_function }}"
+      value: "ocsp_dgst={{ var_sssd_certificate_verification_digest_function }}"
       state: present
       mode: 0600

linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh

@@ -13,6 +13,6 @@ umask u=rw,go=
 
 MAIN_CONF="/etc/sssd/conf.d/certificate_verification.conf"
 
-{{{ bash_ensure_ini_config("$MAIN_CONF /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf", "sssd", "certificate_verification", "ocsp_dgst = $var_sssd_certificate_verification_digest_function") }}}
+{{{ bash_ensure_ini_config("$MAIN_CONF /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf", "sssd", "certificate_verification", "ocsp_dgst=$var_sssd_certificate_verification_digest_function") }}}
 
 umask $OLD_UMASK

linux_os/guide/services/sssd/sssd_certificate_verification/oval/shared.xml

@@ -16,7 +16,7 @@
 
     <ind:textfilecontent54_object id="obj_{{{rule_id}}}" version="1">
         <ind:filepath operation="pattern match">^/etc/sssd/(sssd|conf\.d/.*)\.conf$</ind:filepath>
-        <ind:pattern operation="pattern match">^[\s]*\[sssd](?:[^\n\[]*\n+)+?[\s]*certificate_verification\s*=\s*ocsp_dgst\s*=\s*(\w+)$</ind:pattern>
+        <ind:pattern operation="pattern match">^[\s]*\[sssd](?:[^\n\[]*\n+)+?[\s]*certificate_verification\s*=\s*ocsp_dgst=(\w+)$</ind:pattern>
         <ind:instance datatype="int">1</ind:instance>
     </ind:textfilecontent54_object>
 

linux_os/guide/services/sssd/sssd_certificate_verification/tests/spaces.fail.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = sssd-common
+
+mkdir -p /etc/sssd/conf.d
+touch /etc/sssd/sssd.conf
+echo -e "[sssd]\ncertificate_verification = ocsp_dgst = sha1" >> /etc/sssd/sssd.conf