1 files changed, 202 insertions, 0 deletions
diff --git a/krb5-master-move-otp-sockets.patch b/krb5-master-move-otp-sockets.patch
new file mode 100644
index 0000000..4f7bdac
--- /dev/null
+++ b/krb5-master-move-otp-sockets.patch
@@ -0,0 +1,202 @@
+Adjusted to apply after the local doublelog patch.
+
+commit 1e4bdcfed2c7bda94d5c135cc32a5993ca032501
+Author: Nathaniel McCallum <npmccallum@redhat.com>
+Date:   Wed Feb 5 10:59:46 2014 -0500
+
+    Move OTP sockets to KDC_RUN_DIR
+    
+    Some system configurations expect Unix-domain sockets to live under
+    /run or /var/run, and not other parts of /var where persistent
+    application state lives.  Define a new directory KDC_RUN_DIR using
+    $runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run
+    if it's not set) and use that for the default socket path.
+    
+    [ghudson@mit.edu: commit message, otp.rst formatting fix]
+    
+    ticket: 7859 (new)
+
+diff --git a/doc/admin/otp.rst b/doc/admin/otp.rst
+index 0abd5ff..f12c36d 100644
+--- a/doc/admin/otp.rst
++++ b/doc/admin/otp.rst
+@@ -23,7 +23,7 @@ the following format::
+ 
+     [otp]
+         <name> = {
+-            server = <host:port or filename> (default: $KDCDIR/<name>.socket)
++            server = <host:port or filename> (default: see below)
+             secret = <filename>
+             timeout = <integer> (default: 5 [seconds])
+             retries = <integer> (default: 3)
+@@ -33,7 +33,8 @@ the following format::
+ If the server field begins with '/', it will be interpreted as a UNIX
+ socket.  Otherwise, it is assumed to be in the format host:port.  When
+ a UNIX domain socket is specified, the secret field is optional and an
+-empty secret is used by default.
++empty secret is used by default.  If the server field is not
++specified, it defaults to |kdcrundir|\ ``/<name>.socket``.
+ 
+ When forwarding the request over RADIUS, by default the principal is
+ used in the User-Name attribute of the RADIUS packet.  The strip_realm
+diff --git a/doc/conf.py b/doc/conf.py
+index f015fc8..bc8b2bd 100644
+--- a/doc/conf.py
++++ b/doc/conf.py
+@@ -231,6 +231,7 @@ if 'mansubs' in tags:
+     sbindir = '``@SBINDIR@``'
+     libdir = '``@LIBDIR@``'
+     localstatedir = '``@LOCALSTATEDIR@``'
++    runstatedir = '``@RUNSTATEDIR@``'
+     sysconfdir = '``@SYSCONFDIR@``'
+     ccache = '``@CCNAME@``'
+     keytab = '``@KTNAME@``'
+@@ -243,6 +244,7 @@ else:
+     sbindir = ':ref:`SBINDIR <paths>`'
+     libdir = ':ref:`LIBDIR <paths>`'
+     localstatedir = ':ref:`LOCALSTATEDIR <paths>`'
++    runstatedir = ':ref:`RUNSTATEDIR <paths>`'
+     sysconfdir = ':ref:`SYSCONFDIR <paths>`'
+     ccache = ':ref:`DEFCCNAME <paths>`'
+     keytab = ':ref:`DEFKTNAME <paths>`'
+@@ -262,6 +264,7 @@ else:
+     rst_epilog += '.. |sbindir| replace:: %s\n' % sbindir
+     rst_epilog += '.. |libdir| replace:: %s\n' % libdir
+     rst_epilog += '.. |kdcdir| replace:: %s\\ ``/krb5kdc``\n' % localstatedir
++    rst_epilog += '.. |kdcrundir| replace:: %s\\ ``/krb5kdc``\n' % runstatedir
+     rst_epilog += '.. |sysconfdir| replace:: %s\n' % sysconfdir
+     rst_epilog += '.. |ccache| replace:: %s\n' % ccache
+     rst_epilog += '.. |keytab| replace:: %s\n' % keytab
+diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst
+index 89b8f4c..838dabb 100644
+--- a/doc/mitK5defaults.rst
++++ b/doc/mitK5defaults.rst
+@@ -17,6 +17,7 @@ KDC config file :ref:`kdc.conf(5)`          |kdcdir|\ ``/kdc.conf``        **KRB
+ KDC database path (DB2)                     |kdcdir|\ ``/principal``
+ Master key :ref:`stash_definition`          |kdcdir|\ ``/.k5.``\ *realm*
+ Admin server ACL file :ref:`kadm5.acl(5)`   |kdcdir|\ ``/kadm5.acl``
++OTP socket directory                        |kdcrundir|
+ Plugin base directory                       |libdir|\ ``/krb5/plugins``
+ :ref:`rcache_definition` directory          ``/var/tmp``                   **KRB5RCACHEDIR**
+ Master key default enctype                  |defmkey|
+@@ -64,6 +65,7 @@ Description                 Symbolic name  Custom build path            Typical
+ User programs               BINDIR         ``/usr/local/bin``           ``/usr/bin``
+ Libraries and plugins       LIBDIR         ``/usr/local/lib``           ``/usr/lib``
+ Parent of KDC state dir     LOCALSTATEDIR  ``/usr/local/var``           ``/var``
++Parent of KDC runtime dir   RUNSTATEDIR    ``/usr/local/var/run``       ``/run``
+ Administrative programs     SBINDIR        ``/usr/local/sbin``          ``/usr/sbin``
+ Alternate krb5.conf dir     SYSCONFDIR     ``/usr/local/etc``           ``/etc``
+ Default ccache name         DEFCCNAME      ``FILE:/tmp/krb5cc_%{uid}``  ``FILE:/tmp/krb5cc_%{uid}``
+diff --git a/src/Makefile.in b/src/Makefile.in
+index a8bc990..1725093 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -64,6 +64,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \
+ 		$(KRB5_AD_MODULE_DIR) \
+ 		$(KRB5_LIBKRB5_MODULE_DIR) \
+ 		@localstatedir@ @localstatedir@/krb5kdc \
++		@runstatedir@ @runstatedir@/krb5kdc \
+ 		$(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \
+ 		$(PKGCONFIG_DIR)
+ 
+diff --git a/src/configure.in b/src/configure.in
+index 2145d54..c2eaf78 100644
+--- a/src/configure.in
++++ b/src/configure.in
+@@ -1,5 +1,11 @@
+ K5_AC_INIT([aclocal.m4])
+ 
++# If $runstatedir isn't set by autoconf (<2.70), set it manually.
++if test x"$runstatedir" == x; then
++  runstatedir=$localstatedir/run
++fi
++AC_SUBST(runstatedir)
++
+ CONFIG_RULES
+ KRB5_VERSION=K5_VERSION
+ AC_SUBST(KRB5_VERSION)
+diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in
+index a6bb7c5..b07e16a 100644
+--- a/src/doc/Makefile.in
++++ b/src/doc/Makefile.in
+@@ -7,6 +7,7 @@ DOXYGEN=doxygen
+ 
+ docsrc=$(top_srcdir)/../doc
+ localstatedir=@localstatedir@
++runstatedir=@runstatedir@
+ sysconfdir=@sysconfdir@
+ DEFCCNAME=@DEFCCNAME@
+ DEFKTNAME=@DEFKTNAME@
+@@ -113,6 +114,7 @@ paths.py:
+ 	echo 'sbindir = "``$(SERVER_BINDIR)``"' >> $@
+ 	echo 'libdir = "``$(KRB5_LIBDIR)``"' >> $@
+ 	echo 'localstatedir = "``$(localstatedir)``"' >> $@
++	echo 'runstatedir = "``$(runstatedir)``"' >> $@
+ 	echo 'sysconfdir = "``$(sysconfdir)``"' >> $@
+ 	echo 'ccache = "``$(DEFCCNAME)``"' >> $@
+ 	echo 'keytab = "``$(DEFKTNAME)``"' >> $@
+diff --git a/src/include/Makefile.in b/src/include/Makefile.in
+index e13042a..f83ff4e 100644
+--- a/src/include/Makefile.in
++++ b/src/include/Makefile.in
+@@ -53,6 +53,7 @@ autoconf.stamp: $(srcdir)/autoconf.h.in $(BUILDTOP)/config.status
+ 
+ SYSCONFDIR = @sysconfdir@
+ LOCALSTATEDIR = @localstatedir@
++RUNSTATEDIR = @runstatedir@
+ BINDIR = @bindir@
+ SBINDIR = @sbindir@
+ LIBDIR  = @libdir@
+@@ -66,6 +67,7 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \
+ 		  -e "s+@MODULEDIR+$(MODULE_DIR)+" \
+ 		  -e "s+@GSSMODULEDIR+$(GSS_MODULE_DIR)+" \
+ 		  -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \
++		  -e 's+@RUNSTATEDIR+$(RUNSTATEDIR)+' \
+ 		  -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' \
+ 		  -e 's+:/etc/krb5.conf:/etc/krb5.conf"+:/etc/krb5.conf"+' \
+ 		  -e 's+"/etc/krb5.conf:/etc/krb5.conf"+"/etc/krb5.conf"+' \
+diff --git a/src/include/osconf.hin b/src/include/osconf.hin
+index 90ab86d..871503a 100644
+--- a/src/include/osconf.hin
++++ b/src/include/osconf.hin
+@@ -59,6 +59,7 @@
+ #define PLUGIN_EXT              "@DYNOBJEXT"
+ 
+ #define KDC_DIR                 "@LOCALSTATEDIR/krb5kdc"
++#define KDC_RUN_DIR             "@RUNSTATEDIR/krb5kdc"
+ #define DEFAULT_KDB_FILE        KDC_DIR "/principal"
+ #define DEFAULT_KEYFILE_STUB    KDC_DIR "/.k5."
+ #define KRB5_DEFAULT_ADMIN_ACL  KDC_DIR "/krb5_adm.acl"
+diff --git a/src/man/Makefile.in b/src/man/Makefile.in
+index 4dd2448..2b9c892 100644
+--- a/src/man/Makefile.in
++++ b/src/man/Makefile.in
+@@ -5,6 +5,7 @@ SPHINX_BUILD=sphinx-build
+ GROFF=@GROFF@
+ GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c
+ localstatedir=@localstatedir@
++runstatedir=@runstatedir@
+ sysconfdir=@sysconfdir@
+ DEFCCNAME=@DEFCCNAME@
+ DEFKTNAME=@DEFKTNAME@
+@@ -44,6 +45,7 @@ $(docsrc)/version.py: $(top_srcdir)/patchlevel.h
+ 	    -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \
+ 	    -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \
+ 	    -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \
++	    -e 's|@RUNSTATEDIR@|$(runstatedir)|g' \
+ 	    -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \
+ 	    -e 's|@CCNAME@|$(DEFCCNAME)|g' \
+ 	    -e 's|@KTNAME@|$(DEFKTNAME)|g' \
+diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c
+index a4d7e3b..4643dff 100644
+--- a/src/plugins/preauth/otp/otp_state.c
++++ b/src/plugins/preauth/otp/otp_state.c
+@@ -40,7 +40,7 @@
+ #endif
+ 
+ #define DEFAULT_TYPE_NAME "DEFAULT"
+-#define DEFAULT_SOCKET_FMT KDC_DIR "/%s.socket"
++#define DEFAULT_SOCKET_FMT KDC_RUN_DIR "/%s.socket"
+ #define DEFAULT_TIMEOUT 5
+ #define DEFAULT_RETRIES 3
+ #define MAX_SECRET_LEN 1024