krb5 commit: Move OTP sockets to KDC_RUN_DIR
Greg Hudson
ghudson at MIT.EDU
Thu Feb 6 17:06:03 EST 2014
https://github.com/krb5/krb5/commit/1e4bdcfed2c7bda94d5c135cc32a5993ca032501
commit 1e4bdcfed2c7bda94d5c135cc32a5993ca032501
Author: Nathaniel McCallum <npmccallum at redhat.com>
Date: Wed Feb 5 10:59:46 2014 -0500
Move OTP sockets to KDC_RUN_DIR
Some system configurations expect Unix-domain sockets to live under
/run or /var/run, and not other parts of /var where persistent
application state lives. Define a new directory KDC_RUN_DIR using
$runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run
if it's not set) and use that for the default socket path.
[ghudson at mit.edu: commit message, otp.rst formatting fix]
ticket: 7859 (new)
doc/admin/otp.rst | 5 +++--
doc/conf.py | 3 +++
doc/mitK5defaults.rst | 2 ++
src/Makefile.in | 1 +
src/configure.in | 6 ++++++
src/doc/Makefile.in | 2 ++
src/include/Makefile.in | 2 ++
src/include/osconf.hin | 1 +
src/man/Makefile.in | 2 ++
src/plugins/preauth/otp/otp_state.c | 2 +-
10 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/doc/admin/otp.rst b/doc/admin/otp.rst
index 0abd5ff..f12c36d 100644
--- a/doc/admin/otp.rst
+++ b/doc/admin/otp.rst
@@ -23,7 +23,7 @@ the following format::
[otp]
<name> = {
- server = <host:port or filename> (default: $KDCDIR/<name>.socket)
+ server = <host:port or filename> (default: see below)
secret = <filename>
timeout = <integer> (default: 5 [seconds])
retries = <integer> (default: 3)
@@ -33,7 +33,8 @@ the following format::
If the server field begins with '/', it will be interpreted as a UNIX
socket. Otherwise, it is assumed to be in the format host:port. When
a UNIX domain socket is specified, the secret field is optional and an
-empty secret is used by default.
+empty secret is used by default. If the server field is not
+specified, it defaults to |kdcrundir|\ ``/<name>.socket``.
When forwarding the request over RADIUS, by default the principal is
used in the User-Name attribute of the RADIUS packet. The strip_realm
diff --git a/doc/conf.py b/doc/conf.py
index f015fc8..bc8b2bd 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -231,6 +231,7 @@ if 'mansubs' in tags:
sbindir = '``@SBINDIR@``'
libdir = '``@LIBDIR@``'
localstatedir = '``@LOCALSTATEDIR@``'
+ runstatedir = '``@RUNSTATEDIR@``'
sysconfdir = '``@SYSCONFDIR@``'
ccache = '``@CCNAME@``'
keytab = '``@KTNAME@``'
@@ -243,6 +244,7 @@ else:
sbindir = ':ref:`SBINDIR <paths>`'
libdir = ':ref:`LIBDIR <paths>`'
localstatedir = ':ref:`LOCALSTATEDIR <paths>`'
+ runstatedir = ':ref:`RUNSTATEDIR <paths>`'
sysconfdir = ':ref:`SYSCONFDIR <paths>`'
ccache = ':ref:`DEFCCNAME <paths>`'
keytab = ':ref:`DEFKTNAME <paths>`'
@@ -262,6 +264,7 @@ else:
rst_epilog += '.. |sbindir| replace:: %s\n' % sbindir
rst_epilog += '.. |libdir| replace:: %s\n' % libdir
rst_epilog += '.. |kdcdir| replace:: %s\\ ``/krb5kdc``\n' % localstatedir
+ rst_epilog += '.. |kdcrundir| replace:: %s\\ ``/krb5kdc``\n' % runstatedir
rst_epilog += '.. |sysconfdir| replace:: %s\n' % sysconfdir
rst_epilog += '.. |ccache| replace:: %s\n' % ccache
rst_epilog += '.. |keytab| replace:: %s\n' % keytab
diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst
index 89b8f4c..838dabb 100644
--- a/doc/mitK5defaults.rst
+++ b/doc/mitK5defaults.rst
@@ -17,6 +17,7 @@ KDC config file :ref:`kdc.conf(5)` |kdcdir|\ ``/kdc.conf`` **KRB
KDC database path (DB2) |kdcdir|\ ``/principal``
Master key :ref:`stash_definition` |kdcdir|\ ``/.k5.``\ *realm*
Admin server ACL file :ref:`kadm5.acl(5)` |kdcdir|\ ``/kadm5.acl``
+OTP socket directory |kdcrundir|
Plugin base directory |libdir|\ ``/krb5/plugins``
:ref:`rcache_definition` directory ``/var/tmp`` **KRB5RCACHEDIR**
Master key default enctype |defmkey|
@@ -64,6 +65,7 @@ Description Symbolic name Custom build path Typical
User programs BINDIR ``/usr/local/bin`` ``/usr/bin``
Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib``
Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var``
+Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run``
Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin``
Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc``
Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}``
diff --git a/src/Makefile.in b/src/Makefile.in
index a8bc990..1725093 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -64,6 +64,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \
$(KRB5_AD_MODULE_DIR) \
$(KRB5_LIBKRB5_MODULE_DIR) \
@localstatedir@ @localstatedir@/krb5kdc \
+ @runstatedir@ @runstatedir@/krb5kdc \
$(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \
$(PKGCONFIG_DIR)
diff --git a/src/configure.in b/src/configure.in
index 2145d54..c2eaf78 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1,5 +1,11 @@
K5_AC_INIT([aclocal.m4])
+# If $runstatedir isn't set by autoconf (<2.70), set it manually.
+if test x"$runstatedir" == x; then
+ runstatedir=$localstatedir/run
+fi
+AC_SUBST(runstatedir)
+
CONFIG_RULES
KRB5_VERSION=K5_VERSION
AC_SUBST(KRB5_VERSION)
diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in
index a6bb7c5..b07e16a 100644
--- a/src/doc/Makefile.in
+++ b/src/doc/Makefile.in
@@ -7,6 +7,7 @@ DOXYGEN=doxygen
docsrc=$(top_srcdir)/../doc
localstatedir=@localstatedir@
+runstatedir=@runstatedir@
sysconfdir=@sysconfdir@
DEFCCNAME=@DEFCCNAME@
DEFKTNAME=@DEFKTNAME@
@@ -113,6 +114,7 @@ paths.py:
echo 'sbindir = "``$(SERVER_BINDIR)``"' >> $@
echo 'libdir = "``$(KRB5_LIBDIR)``"' >> $@
echo 'localstatedir = "``$(localstatedir)``"' >> $@
+ echo 'runstatedir = "``$(runstatedir)``"' >> $@
echo 'sysconfdir = "``$(sysconfdir)``"' >> $@
echo 'ccache = "``$(DEFCCNAME)``"' >> $@
echo 'keytab = "``$(DEFKTNAME)``"' >> $@
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index e13042a..f83ff4e 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -53,6 +53,7 @@ autoconf.stamp: $(srcdir)/autoconf.h.in $(BUILDTOP)/config.status
SYSCONFDIR = @sysconfdir@
LOCALSTATEDIR = @localstatedir@
+RUNSTATEDIR = @runstatedir@
BINDIR = @bindir@
SBINDIR = @sbindir@
LIBDIR = @libdir@
@@ -66,6 +67,7 @@ PROCESS_REPLACE = -e "s+ at KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \
-e "s+ at MODULEDIR+$(MODULE_DIR)+" \
-e "s+ at GSSMODULEDIR+$(GSS_MODULE_DIR)+" \
-e 's+ at LOCALSTATEDIR+$(LOCALSTATEDIR)+' \
+ -e 's+ at RUNSTATEDIR+$(RUNSTATEDIR)+' \
-e 's+ at SYSCONFDIR+$(SYSCONFDIR)+' \
-e 's+ at DYNOBJEXT+$(DYNOBJEXT)+'
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 90ab86d..871503a 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -59,6 +59,7 @@
#define PLUGIN_EXT "@DYNOBJEXT"
#define KDC_DIR "@LOCALSTATEDIR/krb5kdc"
+#define KDC_RUN_DIR "@RUNSTATEDIR/krb5kdc"
#define DEFAULT_KDB_FILE KDC_DIR "/principal"
#define DEFAULT_KEYFILE_STUB KDC_DIR "/.k5."
#define KRB5_DEFAULT_ADMIN_ACL KDC_DIR "/krb5_adm.acl"
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index 4dd2448..2b9c892 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -5,6 +5,7 @@ SPHINX_BUILD=sphinx-build
GROFF=@GROFF@
GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c
localstatedir=@localstatedir@
+runstatedir=@runstatedir@
sysconfdir=@sysconfdir@
DEFCCNAME=@DEFCCNAME@
DEFKTNAME=@DEFKTNAME@
@@ -44,6 +45,7 @@ $(docsrc)/version.py: $(top_srcdir)/patchlevel.h
-e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \
-e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \
-e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \
+ -e 's|@RUNSTATEDIR@|$(runstatedir)|g' \
-e 's|@SYSCONFDIR@|$(sysconfdir)|g' \
-e 's|@CCNAME@|$(DEFCCNAME)|g' \
-e 's|@KTNAME@|$(DEFKTNAME)|g' \
diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c
index a4d7e3b..4643dff 100644
--- a/src/plugins/preauth/otp/otp_state.c
+++ b/src/plugins/preauth/otp/otp_state.c
@@ -40,7 +40,7 @@
#endif
#define DEFAULT_TYPE_NAME "DEFAULT"
-#define DEFAULT_SOCKET_FMT KDC_DIR "/%s.socket"
+#define DEFAULT_SOCKET_FMT KDC_RUN_DIR "/%s.socket"
#define DEFAULT_TIMEOUT 5
#define DEFAULT_RETRIES 3
#define MAX_SECRET_LEN 1024
More information about the cvs-krb5
mailing list