From 1d2c6c8ba6e28e32b0a298532ce1226cbc7ebbd4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 5 Aug 2009 14:45:14 -0400
Subject: [PATCH] Make socket paths a compile-time option

Previously, we had hardcoded the paths for the NSS, PAM and
private PAM sockets to /var/lib/sss/pipes. With this patch, we
will specify the sockets with --with-pipe-path.
---
 server/Makefile.am                  |    3 +++
 server/providers/data_provider_be.c |    1 -
 server/providers/krb5/krb5_auth.c   |    1 -
 server/providers/proxy.c            |    1 -
 server/responder/nss/nsssrv.h       |    1 -
 server/responder/pam/pamsrv.c       |    1 -
 sss_client/Makefile.am              |    7 ++++++-
 sss_client/configure.ac             |   19 +++++++++++++++++++
 sss_client/sss_cli.h                |    6 ------
 sssd.spec.in                        |   13 +++++++++----
 10 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/server/Makefile.am b/server/Makefile.am
index 4b3eec2..ca88608 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -117,6 +117,9 @@ AM_CPPFLAGS = -Wall \
     -DSHADOW_UTILS_PATH=\"$(shadow_utils_path)\" \
     -DSSSD_INTROSPECT_PATH=\"$(dbusinstropectdir)\" \
     -DSSSD_CONF_DIR=\"$(sssdconfdir)\" \
+    -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \
+    -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \
+    -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\" \
     -DUSE_MMAP=1 \
     -DLOCALEDIR=\"\$(localedir)\"
 
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 2e0c1cf..8ee4975 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -50,7 +50,6 @@
 #include "providers/dp_sbus.h"
 #include "monitor/monitor_sbus.h"
 #include "monitor/monitor_interfaces.h"
-#include "../sss_client/sss_cli.h"
 
 #define BE_CONF_ENTRY "config/domains/%s"
 
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index 24250b9..ffbfd7b 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -37,7 +37,6 @@
 #include "util/util.h"
 #include "providers/dp_backend.h"
 #include "db/sysdb.h"
-#include "../sss_client/sss_cli.h"
 #include "krb5_plugin/sssd_krb5_locator_plugin.h"
 #include "providers/krb5/krb5_auth.h"
 
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index 106530f..2aee533 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -31,7 +31,6 @@
 #include "util/util.h"
 #include "providers/dp_backend.h"
 #include "db/sysdb.h"
-#include "../sss_client/sss_cli.h"
 
 struct proxy_nss_ops {
     enum nss_status (*getpwnam_r)(const char *name, struct passwd *result,
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index cbbb9cc..ad6492f 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -28,7 +28,6 @@
 #include "talloc.h"
 #include "tevent.h"
 #include "ldb.h"
-#include "../sss_client/sss_cli.h"
 #include "dbus/dbus.h"
 #include "sbus/sssd_dbus.h"
 #include "responder/common/responder_packet.h"
diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c
index ef01e97..eca835b 100644
--- a/server/responder/pam/pamsrv.c
+++ b/server/responder/pam/pamsrv.c
@@ -49,7 +49,6 @@
 #include "monitor/monitor_interfaces.h"
 #include "sbus/sbus_client.h"
 #include "responder/pam/pamsrv.h"
-#include "../sss_client/sss_cli.h"
 
 #define PAM_SBUS_SERVICE_VERSION 0x0001
 #define PAM_SBUS_SERVICE_NAME "pam"
diff --git a/sss_client/Makefile.am b/sss_client/Makefile.am
index 4552720..7333e4c 100644
--- a/sss_client/Makefile.am
+++ b/sss_client/Makefile.am
@@ -1,9 +1,14 @@
 SUBDIRS = po
 
+pipepath=@pipepath@
+
 topdir=.
 AM_CPPFLAGS = \
     -I$(topdir) \
-    -DLOCALEDIR=\"\$(localedir)\"
+    -DLOCALEDIR=\"\$(localedir)\" \
+    -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \
+    -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \
+    -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\"
 ACLOCAL_AMFLAGS = -I m4
 
 AM_CFLAGS =
diff --git a/sss_client/configure.ac b/sss_client/configure.ac
index 97fc83d..7d443ed 100644
--- a/sss_client/configure.ac
+++ b/sss_client/configure.ac
@@ -37,6 +37,25 @@ AC_DEFUN([BUILD_WITH_AUX_INFO],
                                 [Build with -aux-info output])])
   ])
 AM_CONDITIONAL([WANT_AUX_INFO], [test x$with_aux_info = xyes])
+BUILD_WITH_AUX_INFO
+
+AC_DEFUN([WITH_PIPE_PATH],
+  [ AC_ARG_WITH([pipe-path],
+                [AC_HELP_STRING([--with-pipe-path=PATH],
+                                [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]]
+                               )
+                ]
+               )
+    config_pipepath="\"VARDIR\"/lib/sss/pipes"
+    pipepath="${localstatedir}/lib/sss/pipes"
+    if test x"$with_pipe_path" != x; then
+        config_pipepath=$with_pipe_path
+        pipepath=$with_pipe_path
+    fi
+    AC_SUBST(pipepath)
+    AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects])
+  ])
+WITH_PIPE_PATH
 
 AC_CONFIG_FILES([Makefile po/Makefile.in])
 AC_OUTPUT
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 63daf7b..f1ccba9 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -15,12 +15,6 @@
 #include <pwd.h>
 #include <grp.h>
 
-/* SELinux will have a better way to regulate access if they are seprate
- * Also a change in one of the pipes will not affect the others */
-#define SSS_NSS_SOCKET_NAME "/var/lib/sss/pipes/nss"
-#define SSS_PAM_SOCKET_NAME "/var/lib/sss/pipes/pam"
-#define SSS_PAM_PRIV_SOCKET_NAME "/var/lib/sss/pipes/private/pam"
-
 #define SSS_NSS_PROTOCOL_VERSION 1
 #define SSS_PAM_PROTOCOL_VERSION 2
 
diff --git a/sssd.spec.in b/sssd.spec.in
index aa284ff..7e8bfce 100644
--- a/sssd.spec.in
+++ b/sssd.spec.in
@@ -20,6 +20,9 @@ Requires(preun):  initscripts chkconfig
 Requires(postun): /sbin/service
 
 %define servicename sssd
+%define sssdstatedir %{_localstatedir}/lib/sss
+%define dbpath %{sssdstatedir}/db
+%define pipepath %{sssdstatedir}/lib/sss/pipes
 
 ### Build Dependencies ###
 
@@ -58,6 +61,8 @@ services for projects like FreeIPA.
 %build
 %configure \
     --without-tests \
+    --with-db-path=%{dbpath} \
+    --with-pipe-path=%{pipepath} \
     --with-init-dir=%{_initrddir} \
     --enable-nsslibdir=/%{_lib}
 
@@ -100,10 +105,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/%{name}/
 %{_libdir}/ldb/memberof.so
 %{_libdir}/krb5/plugins/libkrb5/*
-%dir %{_sharedstatedir}/sss/
-%attr(700,root,root) %dir %{_sharedstatedir}/sss/db
-%dir %{_sharedstatedir}/sss/pipes
-%attr(700,root,root) %dir %{_sharedstatedir}/sss/pipes/private
+%dir %{sssdstatedir}
+%attr(700,root,root) %dir %{dbpath}
+%dir %{pipepath}
+%attr(700,root,root) %dir %{pipepath}/private
 %dir %{_sysconfdir}/sssd
 %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
 /%{_lib}/libnss_sss.so.2
-- 
1.6.2.5