From ce1c553c67590a6b481c8731687856efecab54ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steffen=20=E2=80=9Csaz=E2=80=9D=20Zieger?= <github@saz.sh>
Date: Thu, 30 Oct 2025 15:18:43 +0100
Subject: [PATCH] use proper sshd binary location in config validate command

---
 manifests/server/config.pp      |  2 +-
 manifests/server/config_file.pp |  2 +-
 manifests/server/instances.pp   |  2 +-
 spec/classes/init_spec.rb       | 10 +++++++++-
 spec/classes/server_spec.rb     | 21 ++++++++++++++++++++-
 5 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index 4b5f45fd..2c78b5eb 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -11,7 +11,7 @@
 
   case $ssh::server::validate_sshd_file {
     true: {
-      $sshd_validate_cmd = '/usr/sbin/sshd -tf %'
+      $sshd_validate_cmd = "${ssh::server::sshd_binary} -tf %"
     }
     default: {
       $sshd_validate_cmd = undef
diff --git a/manifests/server/config_file.pp b/manifests/server/config_file.pp
index a9930240..c122e2f4 100644
--- a/manifests/server/config_file.pp
+++ b/manifests/server/config_file.pp
@@ -22,7 +22,7 @@
 
   case $ssh::server::validate_sshd_file {
     true: {
-      $sshd_validate_cmd = '/usr/sbin/sshd -tf %'
+      $sshd_validate_cmd = "${ssh::server::sshd_binary} -tf %"
     }
     default: {
       $sshd_validate_cmd = undef
diff --git a/manifests/server/instances.pp b/manifests/server/instances.pp
index 049dcd28..f366aab1 100644
--- a/manifests/server/instances.pp
+++ b/manifests/server/instances.pp
@@ -46,7 +46,7 @@
   if $facts['kernel'] == 'Linux' {
     case $validate_config_file {
       true: {
-        $validate_cmd = '/usr/sbin/sshd -tf %'
+        $validate_cmd = "${ssh::server::sshd_binary} -tf %"
       }
       default: {
         $validate_cmd = undef
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 738bce0d..2246e219 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -134,7 +134,15 @@
           }
         end
 
-        it { is_expected.to contain_concat('/etc/ssh/sshd_config').with_validate_cmd('/usr/sbin/sshd -tf %') }
+        sshd_binary = case os_facts[:os]['family']
+                      when 'FreeBSD'
+                        '/usr/local/sbin/sshd'
+                      when 'Archlinux'
+                        '/usr/bin/sshd'
+                      else
+                        '/usr/sbin/sshd'
+                      end
+        it { is_expected.to contain_concat('/etc/ssh/sshd_config').with_validate_cmd("#{sshd_binary} -tf %") }
       end
 
       context 'without resource purging' do
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
index a5266ef0..db9614d9 100644
--- a/spec/classes/server_spec.rb
+++ b/spec/classes/server_spec.rb
@@ -76,7 +76,26 @@
           }
         end
 
-        it { is_expected.to contain_concat('/etc/ssh/sshd_config').with_validate_cmd('/usr/sbin/sshd -tf %') }
+        sshd_binary = case os_facts[:os]['family']
+                      when 'FreeBSD'
+                        '/usr/local/sbin/sshd'
+                      when 'Archlinux'
+                        '/usr/bin/sshd'
+                      else
+                        '/usr/sbin/sshd'
+                      end
+        it { is_expected.to contain_concat('/etc/ssh/sshd_config').with_validate_cmd("#{sshd_binary} -tf %") }
+      end
+
+      context 'with a different sshd_binary location' do
+        let :params do
+          {
+            validate_sshd_file: true,
+            sshd_binary: '/usr/another_bin/sshd'
+          }
+        end
+
+        it { is_expected.to contain_concat('/etc/ssh/sshd_config').with_validate_cmd('/usr/another_bin/sshd -tf %') }
       end
 
       context 'with a different sshd_config location' do