krb5 commit: Change default client keytab name
Greg Hudson
ghudson at MIT.EDU
Thu Aug 2 01:30:39 EDT 2012
https://github.com/krb5/krb5/commit/a57a510cc16506e60c5c0648d092f9ad3668d1b9
commit a57a510cc16506e60c5c0648d092f9ad3668d1b9
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Aug 2 01:27:47 2012 -0400
Change default client keytab name
Change the default client keytab name, if not overridden at build
time, to FILE:$localstatedir/krb5/user/%{euid}/client.keytab.
Introduce a second file from the autoconf archives in order to
recursively expand $localstatedir within configure.in.
doc/rst_source/mitK5defaults.rst | 10 ++-
src/aclocal.m4 | 1 +
src/config/ac-archive/relpaths.m4 | 155 +++++++++++++++++++++++++++++++++++++
src/configure.in | 9 ++-
4 files changed, 170 insertions(+), 5 deletions(-)
diff --git a/doc/rst_source/mitK5defaults.rst b/doc/rst_source/mitK5defaults.rst
index 444854d..d0b86ac 100644
--- a/doc/rst_source/mitK5defaults.rst
+++ b/doc/rst_source/mitK5defaults.rst
@@ -66,7 +66,11 @@ Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/l
Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var``
Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin``
Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc``
-Default ccache name DEFCCNAME ``/tmp/krb5cc_%{UID}`` ``/tmp/krb5cc_%{UID}``
-Default keytab name DEFKTNAME ``/etc/krb5.keytab`` ``/etc/krb5.keytab``
-Default client keytab name DEFCKTNAME ``/etc/krb5.client-keytab`` ``/etc/krb5.client-keytab``
+Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}``
+Default keytab name DEFKTNAME ``FILE:/etc/krb5.keytab`` ``FILE:/etc/krb5.keytab``
========================== ============= =========================== ===========================
+
+The default client keytab name (DEFCKTNAME) typically defaults to
+``FILE:/usr/local/var/krb5/user/%{euid}/client.keytab`` for a custom
+build. A native build will typically use a path which will vary
+according to the operating system's layout of ``/var``.
diff --git a/src/aclocal.m4 b/src/aclocal.m4
index 7dbee06..2c17e46 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -1630,6 +1630,7 @@ fi])
dnl
dnl
m4_include(config/ac-archive/acx_pthread.m4)
+m4_include(config/ac-archive/relpaths.m4)
dnl
dnl
dnl
diff --git a/src/config/ac-archive/relpaths.m4 b/src/config/ac-archive/relpaths.m4
new file mode 100644
index 0000000..15f24b3
--- /dev/null
+++ b/src/config/ac-archive/relpaths.m4
@@ -0,0 +1,155 @@
+dnl @synopsis adl_COMPUTE_RELATIVE_PATHS(PATH_LIST)
+dnl
+dnl PATH_LIST is a space-separated list of colon-separated triplets of
+dnl the form 'FROM:TO:RESULT'. This function iterates over these
+dnl triplets and set $RESULT to the relative path from $FROM to $TO.
+dnl Note that $FROM and $TO needs to be absolute filenames for this
+dnl macro to success.
+dnl
+dnl For instance,
+dnl
+dnl first=/usr/local/bin
+dnl second=/usr/local/share
+dnl adl_COMPUTE_RELATIVE_PATHS([first:second:fs second:first:sf])
+dnl # $fs is set to ../share
+dnl # $sf is set to ../bin
+dnl
+dnl $FROM and $TO are both eval'ed recursively and normalized, this
+dnl means that you can call this macro with autoconf's dirnames like
+dnl `prefix' or `datadir'. For example:
+dnl
+dnl adl_COMPUTE_RELATIVE_PATHS([bindir:datadir:bin_to_data])
+dnl
+dnl adl_COMPUTE_RELATIVE_PATHS should also works with DOS filenames.
+dnl
+dnl You may want to use this macro in order to make your package
+dnl relocatable. Instead of hardcoding $datadir into your programs just
+dnl encode $bin_to_data and try to determine $bindir at run-time.
+dnl
+dnl This macro requires adl_NORMALIZE_PATH.
+dnl
+dnl @category Misc
+dnl @author Alexandre Duret-Lutz <duret_g at epita.fr>
+dnl @version 2001-05-25
+dnl @license GPLWithACException
+
+AC_DEFUN([adl_COMPUTE_RELATIVE_PATHS],
+[for _lcl_i in $1; do
+ _lcl_from=\[$]`echo "[$]_lcl_i" | sed 's,:.*$,,'`
+ _lcl_to=\[$]`echo "[$]_lcl_i" | sed 's,^[[^:]]*:,,' | sed 's,:[[^:]]*$,,'`
+ _lcl_result_var=`echo "[$]_lcl_i" | sed 's,^.*:,,'`
+ adl_RECURSIVE_EVAL([[$]_lcl_from], [_lcl_from])
+ adl_RECURSIVE_EVAL([[$]_lcl_to], [_lcl_to])
+ _lcl_notation="$_lcl_from$_lcl_to"
+ adl_NORMALIZE_PATH([_lcl_from],['/'])
+ adl_NORMALIZE_PATH([_lcl_to],['/'])
+ adl_COMPUTE_RELATIVE_PATH([_lcl_from], [_lcl_to], [_lcl_result_tmp])
+ adl_NORMALIZE_PATH([_lcl_result_tmp],["[$]_lcl_notation"])
+ eval $_lcl_result_var='[$]_lcl_result_tmp'
+done])
+
+## Note:
+## *****
+## The following helper macros are too fragile to be used out
+## of adl_COMPUTE_RELATIVE_PATHS (mainly because they assume that
+## paths are normalized), that's why I'm keeping them in the same file.
+## Still, some of them maybe worth to reuse.
+
+dnl adl_COMPUTE_RELATIVE_PATH(FROM, TO, RESULT)
+dnl ===========================================
+dnl Compute the relative path to go from $FROM to $TO and set the value
+dnl of $RESULT to that value. This function work on raw filenames
+dnl (for instead it will considerate /usr//local and /usr/local as
+dnl two distinct paths), you should really use adl_COMPUTE_REALTIVE_PATHS
+dnl instead to have the paths sanitized automatically.
+dnl
+dnl For instance:
+dnl first_dir=/somewhere/on/my/disk/bin
+dnl second_dir=/somewhere/on/another/disk/share
+dnl adl_COMPUTE_RELATIVE_PATH(first_dir, second_dir, first_to_second)
+dnl will set $first_to_second to '../../../another/disk/share'.
+AC_DEFUN([adl_COMPUTE_RELATIVE_PATH],
+[adl_COMPUTE_COMMON_PATH([$1], [$2], [_lcl_common_prefix])
+adl_COMPUTE_BACK_PATH([$1], [_lcl_common_prefix], [_lcl_first_rel])
+adl_COMPUTE_SUFFIX_PATH([$2], [_lcl_common_prefix], [_lcl_second_suffix])
+$3="[$]_lcl_first_rel[$]_lcl_second_suffix"])
+
+dnl adl_COMPUTE_COMMON_PATH(LEFT, RIGHT, RESULT)
+dnl ============================================
+dnl Compute the common path to $LEFT and $RIGHT and set the result to $RESULT.
+dnl
+dnl For instance:
+dnl first_path=/somewhere/on/my/disk/bin
+dnl second_path=/somewhere/on/another/disk/share
+dnl adl_COMPUTE_COMMON_PATH(first_path, second_path, common_path)
+dnl will set $common_path to '/somewhere/on'.
+AC_DEFUN([adl_COMPUTE_COMMON_PATH],
+[$3=''
+_lcl_second_prefix_match=''
+while test "[$]_lcl_second_prefix_match" != 0; do
+ _lcl_first_prefix=`expr "x[$]$1" : "x\([$]$3/*[[^/]]*\)"`
+ _lcl_second_prefix_match=`expr "x[$]$2" : "x[$]_lcl_first_prefix"`
+ if test "[$]_lcl_second_prefix_match" != 0; then
+ if test "[$]_lcl_first_prefix" != "[$]$3"; then
+ $3="[$]_lcl_first_prefix"
+ else
+ _lcl_second_prefix_match=0
+ fi
+ fi
+done])
+
+dnl adl_COMPUTE_SUFFIX_PATH(PATH, SUBPATH, RESULT)
+dnl ==============================================
+dnl Substrack $SUBPATH from $PATH, and set the resulting suffix
+dnl (or the empty string if $SUBPATH is not a subpath of $PATH)
+dnl to $RESULT.
+dnl
+dnl For instace:
+dnl first_path=/somewhere/on/my/disk/bin
+dnl second_path=/somewhere/on
+dnl adl_COMPUTE_SUFFIX_PATH(first_path, second_path, common_path)
+dnl will set $common_path to '/my/disk/bin'.
+AC_DEFUN([adl_COMPUTE_SUFFIX_PATH],
+[$3=`expr "x[$]$1" : "x[$]$2/*\(.*\)"`])
+
+dnl adl_COMPUTE_BACK_PATH(PATH, SUBPATH, RESULT)
+dnl ============================================
+dnl Compute the relative path to go from $PATH to $SUBPATH, knowing that
+dnl $SUBPATH is a subpath of $PATH (any other words, only repeated '../'
+dnl should be needed to move from $PATH to $SUBPATH) and set the value
+dnl of $RESULT to that value. If $SUBPATH is not a subpath of PATH,
+dnl set $RESULT to the empty string.
+dnl
+dnl For instance:
+dnl first_path=/somewhere/on/my/disk/bin
+dnl second_path=/somewhere/on
+dnl adl_COMPUTE_BACK_PATH(first_path, second_path, back_path)
+dnl will set $back_path to '../../../'.
+AC_DEFUN([adl_COMPUTE_BACK_PATH],
+[adl_COMPUTE_SUFFIX_PATH([$1], [$2], [_lcl_first_suffix])
+$3=''
+_lcl_tmp='xxx'
+while test "[$]_lcl_tmp" != ''; do
+ _lcl_tmp=`expr "x[$]_lcl_first_suffix" : "x[[^/]]*/*\(.*\)"`
+ if test "[$]_lcl_first_suffix" != ''; then
+ _lcl_first_suffix="[$]_lcl_tmp"
+ $3="../[$]$3"
+ fi
+done])
+
+
+dnl adl_RECURSIVE_EVAL(VALUE, RESULT)
+dnl =================================
+dnl Interpolate the VALUE in loop until it doesn't change,
+dnl and set the result to $RESULT.
+dnl WARNING: It's easy to get an infinite loop with some unsane input.
+AC_DEFUN([adl_RECURSIVE_EVAL],
+[_lcl_receval="$1"
+$2=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix"
+ test "x$exec_prefix" = xNONE && exec_prefix="${prefix}"
+ _lcl_receval_old=''
+ while test "[$]_lcl_receval_old" != "[$]_lcl_receval"; do
+ _lcl_receval_old="[$]_lcl_receval"
+ eval _lcl_receval="\"[$]_lcl_receval\""
+ done
+ echo "[$]_lcl_receval")`])
diff --git a/src/configure.in b/src/configure.in
index c7c92d9..9e9c94f 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1276,8 +1276,13 @@ fi
if test "${DEFCCNAME+set}" != set; then
DEFCCNAME=FILE:/tmp/krb5cc_%{uid}
fi
-: "${DEFKTNAME=FILE:/etc/krb5.keytab}"
-: "${DEFCKTNAME=FILE:/etc/krb5.client-keytab}"
+if test "${DEFKTNAME+set}" != set; then
+ DEFKTNAME=FILE:/etc/krb5.keytab
+fi
+if test "${DEFCKTNAME+set}" != set; then
+ adl_RECURSIVE_EVAL($localstatedir, exp_localstatedir)
+ DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab
+fi
AC_MSG_NOTICE([Default ccache name: $DEFCCNAME])
AC_MSG_NOTICE([Default keytab name: $DEFKTNAME])
AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME])
More information about the cvs-krb5
mailing list