Adjusted to apply after the local doublelog patch. commit 1e4bdcfed2c7bda94d5c135cc32a5993ca032501 Author: Nathaniel McCallum Date: Wed Feb 5 10:59:46 2014 -0500 Move OTP sockets to KDC_RUN_DIR Some system configurations expect Unix-domain sockets to live under /run or /var/run, and not other parts of /var where persistent application state lives. Define a new directory KDC_RUN_DIR using $runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run if it's not set) and use that for the default socket path. [ghudson@mit.edu: commit message, otp.rst formatting fix] ticket: 7859 (new) diff --git a/doc/admin/otp.rst b/doc/admin/otp.rst index 0abd5ff..f12c36d 100644 --- a/doc/admin/otp.rst +++ b/doc/admin/otp.rst @@ -23,7 +23,7 @@ the following format:: [otp] = { - server = (default: $KDCDIR/.socket) + server = (default: see below) secret = timeout = (default: 5 [seconds]) retries = (default: 3) @@ -33,7 +33,8 @@ the following format:: If the server field begins with '/', it will be interpreted as a UNIX socket. Otherwise, it is assumed to be in the format host:port. When a UNIX domain socket is specified, the secret field is optional and an -empty secret is used by default. +empty secret is used by default. If the server field is not +specified, it defaults to |kdcrundir|\ ``/.socket``. When forwarding the request over RADIUS, by default the principal is used in the User-Name attribute of the RADIUS packet. The strip_realm diff --git a/doc/conf.py b/doc/conf.py index f015fc8..bc8b2bd 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -231,6 +231,7 @@ if 'mansubs' in tags: sbindir = '``@SBINDIR@``' libdir = '``@LIBDIR@``' localstatedir = '``@LOCALSTATEDIR@``' + runstatedir = '``@RUNSTATEDIR@``' sysconfdir = '``@SYSCONFDIR@``' ccache = '``@CCNAME@``' keytab = '``@KTNAME@``' @@ -243,6 +244,7 @@ else: sbindir = ':ref:`SBINDIR `' libdir = ':ref:`LIBDIR `' localstatedir = ':ref:`LOCALSTATEDIR `' + runstatedir = ':ref:`RUNSTATEDIR `' sysconfdir = ':ref:`SYSCONFDIR `' ccache = ':ref:`DEFCCNAME `' keytab = ':ref:`DEFKTNAME `' @@ -262,6 +264,7 @@ else: rst_epilog += '.. |sbindir| replace:: %s\n' % sbindir rst_epilog += '.. |libdir| replace:: %s\n' % libdir rst_epilog += '.. |kdcdir| replace:: %s\\ ``/krb5kdc``\n' % localstatedir + rst_epilog += '.. |kdcrundir| replace:: %s\\ ``/krb5kdc``\n' % runstatedir rst_epilog += '.. |sysconfdir| replace:: %s\n' % sysconfdir rst_epilog += '.. |ccache| replace:: %s\n' % ccache rst_epilog += '.. |keytab| replace:: %s\n' % keytab diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst index 89b8f4c..838dabb 100644 --- a/doc/mitK5defaults.rst +++ b/doc/mitK5defaults.rst @@ -17,6 +17,7 @@ KDC config file :ref:`kdc.conf(5)` |kdcdir|\ ``/kdc.conf`` **KRB KDC database path (DB2) |kdcdir|\ ``/principal`` Master key :ref:`stash_definition` |kdcdir|\ ``/.k5.``\ *realm* Admin server ACL file :ref:`kadm5.acl(5)` |kdcdir|\ ``/kadm5.acl`` +OTP socket directory |kdcrundir| Plugin base directory |libdir|\ ``/krb5/plugins`` :ref:`rcache_definition` directory ``/var/tmp`` **KRB5RCACHEDIR** Master key default enctype |defmkey| @@ -64,6 +65,7 @@ Description Symbolic name Custom build path Typical User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` +Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run`` Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}`` diff --git a/src/Makefile.in b/src/Makefile.in index a8bc990..1725093 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -64,6 +64,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \ $(KRB5_AD_MODULE_DIR) \ $(KRB5_LIBKRB5_MODULE_DIR) \ @localstatedir@ @localstatedir@/krb5kdc \ + @runstatedir@ @runstatedir@/krb5kdc \ $(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \ $(PKGCONFIG_DIR) diff --git a/src/configure.in b/src/configure.in index 2145d54..c2eaf78 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1,5 +1,11 @@ K5_AC_INIT([aclocal.m4]) +# If $runstatedir isn't set by autoconf (<2.70), set it manually. +if test x"$runstatedir" == x; then + runstatedir=$localstatedir/run +fi +AC_SUBST(runstatedir) + CONFIG_RULES KRB5_VERSION=K5_VERSION AC_SUBST(KRB5_VERSION) diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in index a6bb7c5..b07e16a 100644 --- a/src/doc/Makefile.in +++ b/src/doc/Makefile.in @@ -7,6 +7,7 @@ DOXYGEN=doxygen docsrc=$(top_srcdir)/../doc localstatedir=@localstatedir@ +runstatedir=@runstatedir@ sysconfdir=@sysconfdir@ DEFCCNAME=@DEFCCNAME@ DEFKTNAME=@DEFKTNAME@ @@ -113,6 +114,7 @@ paths.py: echo 'sbindir = "``$(SERVER_BINDIR)``"' >> $@ echo 'libdir = "``$(KRB5_LIBDIR)``"' >> $@ echo 'localstatedir = "``$(localstatedir)``"' >> $@ + echo 'runstatedir = "``$(runstatedir)``"' >> $@ echo 'sysconfdir = "``$(sysconfdir)``"' >> $@ echo 'ccache = "``$(DEFCCNAME)``"' >> $@ echo 'keytab = "``$(DEFKTNAME)``"' >> $@ diff --git a/src/include/Makefile.in b/src/include/Makefile.in index e13042a..f83ff4e 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -53,6 +53,7 @@ autoconf.stamp: $(srcdir)/autoconf.h.in $(BUILDTOP)/config.status SYSCONFDIR = @sysconfdir@ LOCALSTATEDIR = @localstatedir@ +RUNSTATEDIR = @runstatedir@ BINDIR = @bindir@ SBINDIR = @sbindir@ LIBDIR = @libdir@ @@ -66,6 +67,7 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \ -e "s+@MODULEDIR+$(MODULE_DIR)+" \ -e "s+@GSSMODULEDIR+$(GSS_MODULE_DIR)+" \ -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ + -e 's+@RUNSTATEDIR+$(RUNSTATEDIR)+' \ -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' \ -e 's+:/etc/krb5.conf:/etc/krb5.conf"+:/etc/krb5.conf"+' \ -e 's+"/etc/krb5.conf:/etc/krb5.conf"+"/etc/krb5.conf"+' \ diff --git a/src/include/osconf.hin b/src/include/osconf.hin index 90ab86d..871503a 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin @@ -59,6 +59,7 @@ #define PLUGIN_EXT "@DYNOBJEXT" #define KDC_DIR "@LOCALSTATEDIR/krb5kdc" +#define KDC_RUN_DIR "@RUNSTATEDIR/krb5kdc" #define DEFAULT_KDB_FILE KDC_DIR "/principal" #define DEFAULT_KEYFILE_STUB KDC_DIR "/.k5." #define KRB5_DEFAULT_ADMIN_ACL KDC_DIR "/krb5_adm.acl" diff --git a/src/man/Makefile.in b/src/man/Makefile.in index 4dd2448..2b9c892 100644 --- a/src/man/Makefile.in +++ b/src/man/Makefile.in @@ -5,6 +5,7 @@ SPHINX_BUILD=sphinx-build GROFF=@GROFF@ GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c localstatedir=@localstatedir@ +runstatedir=@runstatedir@ sysconfdir=@sysconfdir@ DEFCCNAME=@DEFCCNAME@ DEFKTNAME=@DEFKTNAME@ @@ -44,6 +45,7 @@ $(docsrc)/version.py: $(top_srcdir)/patchlevel.h -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \ -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \ -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \ + -e 's|@RUNSTATEDIR@|$(runstatedir)|g' \ -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \ -e 's|@CCNAME@|$(DEFCCNAME)|g' \ -e 's|@KTNAME@|$(DEFKTNAME)|g' \ diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c index a4d7e3b..4643dff 100644 --- a/src/plugins/preauth/otp/otp_state.c +++ b/src/plugins/preauth/otp/otp_state.c @@ -40,7 +40,7 @@ #endif #define DEFAULT_TYPE_NAME "DEFAULT" -#define DEFAULT_SOCKET_FMT KDC_DIR "/%s.socket" +#define DEFAULT_SOCKET_FMT KDC_RUN_DIR "/%s.socket" #define DEFAULT_TIMEOUT 5 #define DEFAULT_RETRIES 3 #define MAX_SECRET_LEN 1024