File 0009_usr_etc.patch of Package krb5
From 9c4561487d2b072908decf3da29d76204e10e4cc Mon Sep 17 00:00:00 2001
From: Anthony Iliopoulos <ailiop@suse.com>
Date: Fri, 5 Dec 2025 13:21:53 +0100
Subject: [PATCH] krb5: usr etc fixes
---
doc/admin/conf_files/krb5_conf.rst | 14 ++++++++++++--
doc/conf.py | 5 ++++-
src/configure.ac | 28 ++++++++++++++++++++++++++++
src/doc/Makefile.in | 23 +++++++++++++++++++----
src/include/osconf.hin | 1 +
src/lib/krb5/os/init_os_ctx.c | 27 +++++++++++++++++++++++++++
src/man/Makefile.in | 9 ++++++++-
7 files changed, 99 insertions(+), 8 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index e0c7a633094e..a169b6e36a8c 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -7,8 +7,14 @@ The krb5.conf file contains Kerberos configuration information,
including the locations of KDCs and admin servers for the Kerberos
realms of interest, defaults for the current realm and for Kerberos
applications, and mappings of hostnames onto Kerberos realms.
-Normally, you should install your krb5.conf file in the directory
-``/etc``. You can override the default location by setting the
+Normally, you should install your indivual krb5.conf file in the directory
+``/etc``.
+
+.. only:: use_vendordir
+ If there is no individual one the dafault one |vendorkrb5conf| will
+ be taken.
+
+You can override the default location by setting the
environment variable **KRB5_CONFIG**. Multiple colon-separated
filenames may be specified in **KRB5_CONFIG**; all files which are
present will be read. Starting in release 1.14, directory names can
@@ -1271,6 +1277,10 @@ FILES
|krb5conf|
+.. only:: use_vendordir
+
+ |vendorkrb5conf| if |krb5conf| is not there.
+
SEE ALSO
--------
diff --git a/doc/conf.py b/doc/conf.py
index 60835e9361a9..88eee1d60d37 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -239,6 +239,7 @@ if 'mansubs' in tags:
localstatedir = '``@LOCALSTATEDIR@``'
runstatedir = '``@RUNSTATEDIR@``'
sysconfdir = '``@SYSCONFDIR@``'
+ vendordir = '``@VENDORDIR@``'
ccache = '``@CCNAME@``'
keytab = '``@KTNAME@``'
ckeytab = '``@CKTNAME@``'
@@ -253,6 +254,7 @@ else:
localstatedir = ':ref:`LOCALSTATEDIR <paths>`'
runstatedir = ':ref:`RUNSTATEDIR <paths>`'
sysconfdir = ':ref:`SYSCONFDIR <paths>`'
+ vendordir = ':ref:`VENDORDIR <paths>`'
ccache = ':ref:`DEFCCNAME <paths>`'
keytab = ':ref:`DEFKTNAME <paths>`'
ckeytab = ':ref:`DEFCKTNAME <paths>`'
@@ -278,8 +280,9 @@ else:
rst_epilog += '.. |keytab| replace:: %s\n' % keytab
rst_epilog += '.. |ckeytab| replace:: %s\n' % ckeytab
rst_epilog += '.. |pkcs11_modname| replace:: %s\n' % pkcs11_modname
+ rst_epilog += '.. |vendorkrb5conf| replace:: %s/krb5.conf\n' % vendordir
+ rst_epilog += '.. |krb5conf| replace:: %s/krb5.conf\n' % sysconfdir
rst_epilog += '''
-.. |krb5conf| replace:: ``/etc/krb5.conf``
.. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal``
.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac``
.. |defmkey| replace:: ``aes256-cts-hmac-sha1-96``
diff --git a/src/configure.ac b/src/configure.ac
index 53936759e883..9c372193be35 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -1451,6 +1451,34 @@ fi
AC_SUBST(OSX)
AC_SUBST(MACOS_FRAMEWORK)
+# Vendordir
+AC_ARG_WITH([vendordir],
+ AS_HELP_STRING([--with-vendordir=DIR], [Directory for distribution provided configuration files]),
+ [ if test ! -z "$with_vendordir" ; then
+ case $with_vendordir in
+ yes|no)
+ VENDORDIR="/usr/etc"
+ ;;
+ /*)
+ VENDORDIR="$with_vendordir"
+ ;;
+ *)
+ AC_MSG_ERROR(You must specify an absolute path to --with-vendordir=DIR)
+ ;;
+ esac
+ fi
+ ],
+ [])
+
+AS_IF([test "x$with_vendordir" != x], [
+ AC_DEFINE([USE_VENDORDIR], [1], [Define to 1 to use vendordir])
+ AC_DEFINE_UNQUOTED(VENDORDIR, "$VENDORDIR", [location of vendor configuration files])
+ AC_SUBST(VENDORDIR)
+ USE_VENDORDIR="1"
+ AC_SUBST(USE_VENDORDIR)
+ AC_MSG_NOTICE([Used vendor dir: $with_vendordir])
+])
+
# Build-time default ccache, keytab, and client keytab names. These
# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
# DEFCKTNAME. Otherwise, we try to get the OS defaults from
diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in
index a1b0cff0a453..d0c8a66cfc15 100644
--- a/src/doc/Makefile.in
+++ b/src/doc/Makefile.in
@@ -11,6 +11,8 @@ DEFCCNAME=@DEFCCNAME@
DEFKTNAME=@DEFKTNAME@
DEFCKTNAME=@DEFCKTNAME@
PKCS11_MODNAME=@PKCS11_MODNAME@
+VENDORDIR=@VENDORDIR@
+USE_VENDORDIR=@USE_VENDORDIR@
RST_SOURCES= _static \
_templates \
@@ -43,7 +45,11 @@ LATEXOPTS=
# make -f Makefile.in SPHINX_ARGS= htmlsrc
html: composite
rm -rf $(docsrc)/html
- $(SPHINX_BUILD) -q rst_composite $(docsrc)/html
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -q rst_composite -t use_vendordir $(docsrc)/html; \
+ else \
+ $(SPHINX_BUILD) -q rst_composite $(docsrc)/html; \
+ fi
# Dummy target for use in an unconfigured source tree.
htmlsrc:
@@ -55,17 +61,25 @@ htmlsrc:
substhtml: composite paths.py
rm -rf html_subst
cp paths.py rst_composite
- $(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -t pathsubs -q -t use_vendordir rst_composite html_subst; \
+ else \
+ $(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst; \
+ fi
# Create an ASCII (okay, UTF-8) version of the NOTICE file
notice.txt: $(docsrc)/conf.py $(docsrc)/notice.rst $(docsrc)/version.py
- $(SPHINX_BUILD) -b text -t notice -q $(docsrc) .
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -b text -t notice -t use_vendordir -q $(docsrc) .; \
+ else \
+ $(SPHINX_BUILD) -b text -t notice -q $(docsrc) .; \
+ fi
NOTICE: notice.txt
cp notice.txt $(top_srcdir)/../NOTICE
$(PDFDIR): composite
- $(SPHINX_BUILD) -b latex -q rst_composite $(PDFDIR)
+ $(SPHINX_BUILD) -b latex -q -t $(USEVENDORDIR) rst_composite $(PDFDIR)
# sphinx-build generates a gmake-specific Makefile that we don't use
mv $(PDFDIR)/Makefile $(PDFDIR)/GMakefile
@@ -116,6 +130,7 @@ paths.py:
echo 'localstatedir = "``$(localstatedir)``"' >> $@
echo 'runstatedir = "``$(runstatedir)``"' >> $@
echo 'sysconfdir = "``$(sysconfdir)``"' >> $@
+ echo 'vendordir = "``$(VENDORDIR)``"' >> $@
echo 'ccache = "``$(DEFCCNAME)``"' >> $@
echo 'keytab = "``$(DEFKTNAME)``"' >> $@
echo 'ckeytab = "``$(DEFCKTNAME)``"' >> $@
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index c14297535623..9dbd27288316 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -53,6 +53,7 @@
#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf@SYSCONFCONF"
#define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH
#endif
+#define SYSCONFDIR "@SYSCONFDIR"
#endif /* _WINDOWS */
#ifdef _WIN32
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index c35007888051..ad963b7ecd49 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -25,6 +25,11 @@
*/
#define NEED_WINDOWS
+#define KRB5_CONF "krb5.conf"
+
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
#include "k5-int.h"
#include "os-proto.h"
@@ -294,12 +299,34 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
unsigned int ent_len;
const char *s, *t;
+#ifdef USE_VENDORDIR
+ int re = 0;
+ struct stat stats;
+
+ if (!secure)
+ filepath = secure_getenv("KRB5_CONFIG");
+
+ if (!filepath) {
+ re = asprintf(&filepath, "%s/%s", SYSCONFDIR, KRB5_CONF);
+ if(re<0)
+ return ENOMEM;
+
+ if (stat(filepath, &stats) < 0)
+ {
+ free(filepath);
+ re = asprintf(&filepath, "%s/%s", VENDORDIR, KRB5_CONF);
+ if(re<0)
+ return ENOMEM;
+ }
+ }
+#else
if (secure) {
filepath = DEFAULT_SECURE_PROFILE_PATH;
} else {
filepath = secure_getenv("KRB5_CONFIG");
if (!filepath) filepath = DEFAULT_PROFILE_PATH;
}
+#endif /* USE_VENDORDIR */
/* count the distinct filename components */
for(s = filepath, n_entries = 1; *s; s++) {
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index 85cae0914eba..9f7ccaffab9a 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -9,6 +9,8 @@ DEFCCNAME=@DEFCCNAME@
DEFKTNAME=@DEFKTNAME@
DEFCKTNAME=@DEFCKTNAME@
PKCS11_MODNAME=@PKCS11_MODNAME@
+vendordir=@VENDORDIR@
+USE_VENDORDIR=@USE_VENDORDIR@
MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadm5.acl.sub kadmin.sub \
kadmind.sub kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub \
@@ -26,7 +28,11 @@ docsrc=$(top_srcdir)/../doc
# manpage writer outputs near the end of its output files.
man: $(docsrc)/version.py
rm -rf rst_man
- $(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -q -t mansubs -t use_vendordir -b man $(docsrc) rst_man; \
+ else \
+ $(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man; \
+ fi
for f in rst_man/*.[0-9]; do \
name=`echo $$f | sed -e 's|^.*/\(.*\)\.[0-9]$$|\1|'`; \
sed -e '/^\.\\" $$/d' \
@@ -46,6 +52,7 @@ $(docsrc)/version.py: $(top_srcdir)/patchlevel.h
-e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \
-e 's|@RUNSTATEDIR@|$(runstatedir)|g' \
-e 's|@SYSCONFDIR@|$(sysconfdir)|g' \
+ -e 's|@VENDOR_DIR@|$(vendordir)|g' \
-e 's|@CCNAME@|$(DEFCCNAME)|g' \
-e 's|@KTNAME@|$(DEFKTNAME)|g' \
-e 's|@CKTNAME@|$(DEFCKTNAME)|g' \
--
2.52.0
