diff options
Diffstat (limited to 'krb5-master-move-otp-sockets.patch')
-rw-r--r-- | krb5-master-move-otp-sockets.patch | 202 |
1 files changed, 202 insertions, 0 deletions
diff --git a/krb5-master-move-otp-sockets.patch b/krb5-master-move-otp-sockets.patch new file mode 100644 index 0000000..4f7bdac --- /dev/null +++ b/krb5-master-move-otp-sockets.patch @@ -0,0 +1,202 @@ +Adjusted to apply after the local doublelog patch. + +commit 1e4bdcfed2c7bda94d5c135cc32a5993ca032501 +Author: Nathaniel McCallum <npmccallum@redhat.com> +Date: Wed Feb 5 10:59:46 2014 -0500 + + Move OTP sockets to KDC_RUN_DIR + + Some system configurations expect Unix-domain sockets to live under + /run or /var/run, and not other parts of /var where persistent + application state lives. Define a new directory KDC_RUN_DIR using + $runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run + if it's not set) and use that for the default socket path. + + [ghudson@mit.edu: commit message, otp.rst formatting fix] + + ticket: 7859 (new) + +diff --git a/doc/admin/otp.rst b/doc/admin/otp.rst +index 0abd5ff..f12c36d 100644 +--- a/doc/admin/otp.rst ++++ b/doc/admin/otp.rst +@@ -23,7 +23,7 @@ the following format:: + + [otp] + <name> = { +- server = <host:port or filename> (default: $KDCDIR/<name>.socket) ++ server = <host:port or filename> (default: see below) + secret = <filename> + timeout = <integer> (default: 5 [seconds]) + retries = <integer> (default: 3) +@@ -33,7 +33,8 @@ the following format:: + If the server field begins with '/', it will be interpreted as a UNIX + socket. Otherwise, it is assumed to be in the format host:port. When + a UNIX domain socket is specified, the secret field is optional and an +-empty secret is used by default. ++empty secret is used by default. If the server field is not ++specified, it defaults to |kdcrundir|\ ``/<name>.socket``. + + When forwarding the request over RADIUS, by default the principal is + used in the User-Name attribute of the RADIUS packet. The strip_realm +diff --git a/doc/conf.py b/doc/conf.py +index f015fc8..bc8b2bd 100644 +--- a/doc/conf.py ++++ b/doc/conf.py +@@ -231,6 +231,7 @@ if 'mansubs' in tags: + sbindir = '``@SBINDIR@``' + libdir = '``@LIBDIR@``' + localstatedir = '``@LOCALSTATEDIR@``' ++ runstatedir = '``@RUNSTATEDIR@``' + sysconfdir = '``@SYSCONFDIR@``' + ccache = '``@CCNAME@``' + keytab = '``@KTNAME@``' +@@ -243,6 +244,7 @@ else: + sbindir = ':ref:`SBINDIR <paths>`' + libdir = ':ref:`LIBDIR <paths>`' + localstatedir = ':ref:`LOCALSTATEDIR <paths>`' ++ runstatedir = ':ref:`RUNSTATEDIR <paths>`' + sysconfdir = ':ref:`SYSCONFDIR <paths>`' + ccache = ':ref:`DEFCCNAME <paths>`' + keytab = ':ref:`DEFKTNAME <paths>`' +@@ -262,6 +264,7 @@ else: + rst_epilog += '.. |sbindir| replace:: %s\n' % sbindir + rst_epilog += '.. |libdir| replace:: %s\n' % libdir + rst_epilog += '.. |kdcdir| replace:: %s\\ ``/krb5kdc``\n' % localstatedir ++ rst_epilog += '.. |kdcrundir| replace:: %s\\ ``/krb5kdc``\n' % runstatedir + rst_epilog += '.. |sysconfdir| replace:: %s\n' % sysconfdir + rst_epilog += '.. |ccache| replace:: %s\n' % ccache + rst_epilog += '.. |keytab| replace:: %s\n' % keytab +diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst +index 89b8f4c..838dabb 100644 +--- a/doc/mitK5defaults.rst ++++ b/doc/mitK5defaults.rst +@@ -17,6 +17,7 @@ KDC config file :ref:`kdc.conf(5)` |kdcdir|\ ``/kdc.conf`` **KRB + KDC database path (DB2) |kdcdir|\ ``/principal`` + Master key :ref:`stash_definition` |kdcdir|\ ``/.k5.``\ *realm* + Admin server ACL file :ref:`kadm5.acl(5)` |kdcdir|\ ``/kadm5.acl`` ++OTP socket directory |kdcrundir| + Plugin base directory |libdir|\ ``/krb5/plugins`` + :ref:`rcache_definition` directory ``/var/tmp`` **KRB5RCACHEDIR** + Master key default enctype |defmkey| +@@ -64,6 +65,7 @@ Description Symbolic name Custom build path Typical + User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` + Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` + Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` ++Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run`` + Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` + Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` + Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}`` +diff --git a/src/Makefile.in b/src/Makefile.in +index a8bc990..1725093 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -64,6 +64,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \ + $(KRB5_AD_MODULE_DIR) \ + $(KRB5_LIBKRB5_MODULE_DIR) \ + @localstatedir@ @localstatedir@/krb5kdc \ ++ @runstatedir@ @runstatedir@/krb5kdc \ + $(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \ + $(PKGCONFIG_DIR) + +diff --git a/src/configure.in b/src/configure.in +index 2145d54..c2eaf78 100644 +--- a/src/configure.in ++++ b/src/configure.in +@@ -1,5 +1,11 @@ + K5_AC_INIT([aclocal.m4]) + ++# If $runstatedir isn't set by autoconf (<2.70), set it manually. ++if test x"$runstatedir" == x; then ++ runstatedir=$localstatedir/run ++fi ++AC_SUBST(runstatedir) ++ + CONFIG_RULES + KRB5_VERSION=K5_VERSION + AC_SUBST(KRB5_VERSION) +diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in +index a6bb7c5..b07e16a 100644 +--- a/src/doc/Makefile.in ++++ b/src/doc/Makefile.in +@@ -7,6 +7,7 @@ DOXYGEN=doxygen + + docsrc=$(top_srcdir)/../doc + localstatedir=@localstatedir@ ++runstatedir=@runstatedir@ + sysconfdir=@sysconfdir@ + DEFCCNAME=@DEFCCNAME@ + DEFKTNAME=@DEFKTNAME@ +@@ -113,6 +114,7 @@ paths.py: + echo 'sbindir = "``$(SERVER_BINDIR)``"' >> $@ + echo 'libdir = "``$(KRB5_LIBDIR)``"' >> $@ + echo 'localstatedir = "``$(localstatedir)``"' >> $@ ++ echo 'runstatedir = "``$(runstatedir)``"' >> $@ + echo 'sysconfdir = "``$(sysconfdir)``"' >> $@ + echo 'ccache = "``$(DEFCCNAME)``"' >> $@ + echo 'keytab = "``$(DEFKTNAME)``"' >> $@ +diff --git a/src/include/Makefile.in b/src/include/Makefile.in +index e13042a..f83ff4e 100644 +--- a/src/include/Makefile.in ++++ b/src/include/Makefile.in +@@ -53,6 +53,7 @@ autoconf.stamp: $(srcdir)/autoconf.h.in $(BUILDTOP)/config.status + + SYSCONFDIR = @sysconfdir@ + LOCALSTATEDIR = @localstatedir@ ++RUNSTATEDIR = @runstatedir@ + BINDIR = @bindir@ + SBINDIR = @sbindir@ + LIBDIR = @libdir@ +@@ -66,6 +67,7 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \ + -e "s+@MODULEDIR+$(MODULE_DIR)+" \ + -e "s+@GSSMODULEDIR+$(GSS_MODULE_DIR)+" \ + -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ ++ -e 's+@RUNSTATEDIR+$(RUNSTATEDIR)+' \ + -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' \ + -e 's+:/etc/krb5.conf:/etc/krb5.conf"+:/etc/krb5.conf"+' \ + -e 's+"/etc/krb5.conf:/etc/krb5.conf"+"/etc/krb5.conf"+' \ +diff --git a/src/include/osconf.hin b/src/include/osconf.hin +index 90ab86d..871503a 100644 +--- a/src/include/osconf.hin ++++ b/src/include/osconf.hin +@@ -59,6 +59,7 @@ + #define PLUGIN_EXT "@DYNOBJEXT" + + #define KDC_DIR "@LOCALSTATEDIR/krb5kdc" ++#define KDC_RUN_DIR "@RUNSTATEDIR/krb5kdc" + #define DEFAULT_KDB_FILE KDC_DIR "/principal" + #define DEFAULT_KEYFILE_STUB KDC_DIR "/.k5." + #define KRB5_DEFAULT_ADMIN_ACL KDC_DIR "/krb5_adm.acl" +diff --git a/src/man/Makefile.in b/src/man/Makefile.in +index 4dd2448..2b9c892 100644 +--- a/src/man/Makefile.in ++++ b/src/man/Makefile.in +@@ -5,6 +5,7 @@ SPHINX_BUILD=sphinx-build + GROFF=@GROFF@ + GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c + localstatedir=@localstatedir@ ++runstatedir=@runstatedir@ + sysconfdir=@sysconfdir@ + DEFCCNAME=@DEFCCNAME@ + DEFKTNAME=@DEFKTNAME@ +@@ -44,6 +45,7 @@ $(docsrc)/version.py: $(top_srcdir)/patchlevel.h + -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \ + -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \ + -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \ ++ -e 's|@RUNSTATEDIR@|$(runstatedir)|g' \ + -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \ + -e 's|@CCNAME@|$(DEFCCNAME)|g' \ + -e 's|@KTNAME@|$(DEFKTNAME)|g' \ +diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c +index a4d7e3b..4643dff 100644 +--- a/src/plugins/preauth/otp/otp_state.c ++++ b/src/plugins/preauth/otp/otp_state.c +@@ -40,7 +40,7 @@ + #endif + + #define DEFAULT_TYPE_NAME "DEFAULT" +-#define DEFAULT_SOCKET_FMT KDC_DIR "/%s.socket" ++#define DEFAULT_SOCKET_FMT KDC_RUN_DIR "/%s.socket" + #define DEFAULT_TIMEOUT 5 + #define DEFAULT_RETRIES 3 + #define MAX_SECRET_LEN 1024 |