File 0009-UsrEtc-support.patch of Package krb5
From dc722198ce66a132c9980fc210a2e2ef401ba127 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Fri, 29 Aug 2025 20:29:04 +0200
Subject: [PATCH 9/9] UsrEtc support
---
doc/admin/conf_files/krb5_conf.rst | 14 ++++++++++++--
doc/conf.py | 5 ++++-
src/configure.ac | 28 ++++++++++++++++++++++++++++
src/doc/Makefile.in | 23 +++++++++++++++++++----
src/include/osconf.hin | 1 +
src/lib/krb5/os/init_os_ctx.c | 27 +++++++++++++++++++++++++++
src/man/Makefile.in | 9 ++++++++-
7 files changed, 99 insertions(+), 8 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index e0c7a6330..a169b6e36 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -7,8 +7,14 @@ The krb5.conf file contains Kerberos configuration information,
including the locations of KDCs and admin servers for the Kerberos
realms of interest, defaults for the current realm and for Kerberos
applications, and mappings of hostnames onto Kerberos realms.
-Normally, you should install your krb5.conf file in the directory
-``/etc``. You can override the default location by setting the
+Normally, you should install your indivual krb5.conf file in the directory
+``/etc``.
+
+.. only:: use_vendordir
+ If there is no individual one the dafault one |vendorkrb5conf| will
+ be taken.
+
+You can override the default location by setting the
environment variable **KRB5_CONFIG**. Multiple colon-separated
filenames may be specified in **KRB5_CONFIG**; all files which are
present will be read. Starting in release 1.14, directory names can
@@ -1271,6 +1277,10 @@ FILES
|krb5conf|
+.. only:: use_vendordir
+
+ |vendorkrb5conf| if |krb5conf| is not there.
+
SEE ALSO
--------
diff --git a/doc/conf.py b/doc/conf.py
index 60835e936..88eee1d60 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -239,6 +239,7 @@ if 'mansubs' in tags:
localstatedir = '``@LOCALSTATEDIR@``'
runstatedir = '``@RUNSTATEDIR@``'
sysconfdir = '``@SYSCONFDIR@``'
+ vendordir = '``@VENDORDIR@``'
ccache = '``@CCNAME@``'
keytab = '``@KTNAME@``'
ckeytab = '``@CKTNAME@``'
@@ -253,6 +254,7 @@ else:
localstatedir = ':ref:`LOCALSTATEDIR <paths>`'
runstatedir = ':ref:`RUNSTATEDIR <paths>`'
sysconfdir = ':ref:`SYSCONFDIR <paths>`'
+ vendordir = ':ref:`VENDORDIR <paths>`'
ccache = ':ref:`DEFCCNAME <paths>`'
keytab = ':ref:`DEFKTNAME <paths>`'
ckeytab = ':ref:`DEFCKTNAME <paths>`'
@@ -278,8 +280,9 @@ else:
rst_epilog += '.. |keytab| replace:: %s\n' % keytab
rst_epilog += '.. |ckeytab| replace:: %s\n' % ckeytab
rst_epilog += '.. |pkcs11_modname| replace:: %s\n' % pkcs11_modname
+ rst_epilog += '.. |vendorkrb5conf| replace:: %s/krb5.conf\n' % vendordir
+ rst_epilog += '.. |krb5conf| replace:: %s/krb5.conf\n' % sysconfdir
rst_epilog += '''
-.. |krb5conf| replace:: ``/etc/krb5.conf``
.. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal``
.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac``
.. |defmkey| replace:: ``aes256-cts-hmac-sha1-96``
diff --git a/src/configure.ac b/src/configure.ac
index 53936759e..9c372193b 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -1451,6 +1451,34 @@ fi
AC_SUBST(OSX)
AC_SUBST(MACOS_FRAMEWORK)
+# Vendordir
+AC_ARG_WITH([vendordir],
+ AS_HELP_STRING([--with-vendordir=DIR], [Directory for distribution provided configuration files]),
+ [ if test ! -z "$with_vendordir" ; then
+ case $with_vendordir in
+ yes|no)
+ VENDORDIR="/usr/etc"
+ ;;
+ /*)
+ VENDORDIR="$with_vendordir"
+ ;;
+ *)
+ AC_MSG_ERROR(You must specify an absolute path to --with-vendordir=DIR)
+ ;;
+ esac
+ fi
+ ],
+ [])
+
+AS_IF([test "x$with_vendordir" != x], [
+ AC_DEFINE([USE_VENDORDIR], [1], [Define to 1 to use vendordir])
+ AC_DEFINE_UNQUOTED(VENDORDIR, "$VENDORDIR", [location of vendor configuration files])
+ AC_SUBST(VENDORDIR)
+ USE_VENDORDIR="1"
+ AC_SUBST(USE_VENDORDIR)
+ AC_MSG_NOTICE([Used vendor dir: $with_vendordir])
+])
+
# Build-time default ccache, keytab, and client keytab names. These
# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
# DEFCKTNAME. Otherwise, we try to get the OS defaults from
diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in
index a1b0cff0a..d0c8a66cf 100644
--- a/src/doc/Makefile.in
+++ b/src/doc/Makefile.in
@@ -11,6 +11,8 @@ DEFCCNAME=@DEFCCNAME@
DEFKTNAME=@DEFKTNAME@
DEFCKTNAME=@DEFCKTNAME@
PKCS11_MODNAME=@PKCS11_MODNAME@
+VENDORDIR=@VENDORDIR@
+USE_VENDORDIR=@USE_VENDORDIR@
RST_SOURCES= _static \
_templates \
@@ -43,7 +45,11 @@ LATEXOPTS=
# make -f Makefile.in SPHINX_ARGS= htmlsrc
html: composite
rm -rf $(docsrc)/html
- $(SPHINX_BUILD) -q rst_composite $(docsrc)/html
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -q rst_composite -t use_vendordir $(docsrc)/html; \
+ else \
+ $(SPHINX_BUILD) -q rst_composite $(docsrc)/html; \
+ fi
# Dummy target for use in an unconfigured source tree.
htmlsrc:
@@ -55,17 +61,25 @@ htmlsrc:
substhtml: composite paths.py
rm -rf html_subst
cp paths.py rst_composite
- $(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -t pathsubs -q -t use_vendordir rst_composite html_subst; \
+ else \
+ $(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst; \
+ fi
# Create an ASCII (okay, UTF-8) version of the NOTICE file
notice.txt: $(docsrc)/conf.py $(docsrc)/notice.rst $(docsrc)/version.py
- $(SPHINX_BUILD) -b text -t notice -q $(docsrc) .
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -b text -t notice -t use_vendordir -q $(docsrc) .; \
+ else \
+ $(SPHINX_BUILD) -b text -t notice -q $(docsrc) .; \
+ fi
NOTICE: notice.txt
cp notice.txt $(top_srcdir)/../NOTICE
$(PDFDIR): composite
- $(SPHINX_BUILD) -b latex -q rst_composite $(PDFDIR)
+ $(SPHINX_BUILD) -b latex -q -t $(USEVENDORDIR) rst_composite $(PDFDIR)
# sphinx-build generates a gmake-specific Makefile that we don't use
mv $(PDFDIR)/Makefile $(PDFDIR)/GMakefile
@@ -116,6 +130,7 @@ paths.py:
echo 'localstatedir = "``$(localstatedir)``"' >> $@
echo 'runstatedir = "``$(runstatedir)``"' >> $@
echo 'sysconfdir = "``$(sysconfdir)``"' >> $@
+ echo 'vendordir = "``$(VENDORDIR)``"' >> $@
echo 'ccache = "``$(DEFCCNAME)``"' >> $@
echo 'keytab = "``$(DEFKTNAME)``"' >> $@
echo 'ckeytab = "``$(DEFCKTNAME)``"' >> $@
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index c14297535..9dbd27288 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -53,6 +53,7 @@
#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf@SYSCONFCONF"
#define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH
#endif
+#define SYSCONFDIR "@SYSCONFDIR"
#endif /* _WINDOWS */
#ifdef _WIN32
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index c35007888..a4e4205a1 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -25,11 +25,16 @@
*/
#define NEED_WINDOWS
+#define KRB5_CONF "krb5.conf"
#include "k5-int.h"
#include "os-proto.h"
#include "../krb/int-proto.h"
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
+
#if defined(_WIN32)
#include <winsock.h>
#include <Shlobj.h>
@@ -294,12 +299,34 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
unsigned int ent_len;
const char *s, *t;
+#ifdef USE_VENDORDIR
+ int re = 0;
+ struct stat stats;
+
+ if (!secure)
+ filepath = secure_getenv("KRB5_CONFIG");
+
+ if (!filepath) {
+ re = asprintf(&filepath, "%s/%s", SYSCONFDIR, KRB5_CONF);
+ if(re<0)
+ return ENOMEM;
+
+ if (stat(filepath, &stats) < 0)
+ {
+ free(filepath);
+ re = asprintf(&filepath, "%s/%s", VENDORDIR, KRB5_CONF);
+ if(re<0)
+ return ENOMEM;
+ }
+ }
+#else
if (secure) {
filepath = DEFAULT_SECURE_PROFILE_PATH;
} else {
filepath = secure_getenv("KRB5_CONFIG");
if (!filepath) filepath = DEFAULT_PROFILE_PATH;
}
+#endif /* USE_VENDORDIR */
/* count the distinct filename components */
for(s = filepath, n_entries = 1; *s; s++) {
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index 85cae0914..9f7ccaffa 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -9,6 +9,8 @@ DEFCCNAME=@DEFCCNAME@
DEFKTNAME=@DEFKTNAME@
DEFCKTNAME=@DEFCKTNAME@
PKCS11_MODNAME=@PKCS11_MODNAME@
+vendordir=@VENDORDIR@
+USE_VENDORDIR=@USE_VENDORDIR@
MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadm5.acl.sub kadmin.sub \
kadmind.sub kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub \
@@ -26,7 +28,11 @@ docsrc=$(top_srcdir)/../doc
# manpage writer outputs near the end of its output files.
man: $(docsrc)/version.py
rm -rf rst_man
- $(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man
+ if test "$(USE_VENDORDIR)" == "1" ; then \
+ $(SPHINX_BUILD) -q -t mansubs -t use_vendordir -b man $(docsrc) rst_man; \
+ else \
+ $(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man; \
+ fi
for f in rst_man/*.[0-9]; do \
name=`echo $$f | sed -e 's|^.*/\(.*\)\.[0-9]$$|\1|'`; \
sed -e '/^\.\\" $$/d' \
@@ -46,6 +52,7 @@ $(docsrc)/version.py: $(top_srcdir)/patchlevel.h
-e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \
-e 's|@RUNSTATEDIR@|$(runstatedir)|g' \
-e 's|@SYSCONFDIR@|$(sysconfdir)|g' \
+ -e 's|@VENDOR_DIR@|$(vendordir)|g' \
-e 's|@CCNAME@|$(DEFCCNAME)|g' \
-e 's|@KTNAME@|$(DEFKTNAME)|g' \
-e 's|@CKTNAME@|$(DEFCKTNAME)|g' \
--
2.51.0
