341f9a
Name:           adcli
341f9a
Version:        0.8.1
525d54
Release:        16%{?dist}.1
341f9a
Summary:        Active Directory enrollment
341f9a
License:        LGPLv2+
341f9a
URL:            http://cgit.freedesktop.org/realmd/adcli
341f9a
Source0:        http://www.freedesktop.org/software/realmd/releases/adcli-%{version}.tar.gz
341f9a
Patch1:         0001-library-Fix-check-for-EAGAIN-or-EINTR.patch
341f9a
Patch2:         0002-Patch-to-adcli.xml-to-fix-documentation-error.patch
341f9a
Patch3:         0003-Remove-n-or-r-n-from-stdin-password.patch
341f9a
Patch4:         0001-delete-use-keytab-data-to-determine-realm-and-NetBIO.patch
743651
Patch5:         0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch
743651
Patch6:         0002-Use-strdup-if-offset-are-used.patch
ee944e
Patch7:         0001-correct-spelling-of-adcli_tool_computer_delete-descr.patch
ee944e
Patch8:         0001-doc-Update-the-documentation-about-the-default-kerbe.patch
ee944e
Patch9:         0002-doc-explain-that-all-credential-cache-types-are-supp.patch
ee944e
Patch10:        0003-library-add-adcli_conn_is_writeable.patch
ee944e
Patch11:        0004-Handle-kvno-increment-for-RODCs.patch
743651
a302cd
Patch12:        0001-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch
a302cd
Patch13:        0002-library-add-_adcli_bin_sid_to_str.patch
a302cd
Patch14:        0003-library-add-_adcli_call_external_program.patch
a302cd
Patch15:        0004-library-add-_adcli_ldap_parse_sid.patch
a302cd
Patch16:        0005-library-add-lookup_domain_sid.patch
a302cd
Patch17:        0006-library-add-adcli_conn_get_domain_sid.patch
a302cd
Patch18:        0007-tools-add-option-add-samba-data.patch
a302cd
Patch19:        0008-tools-store-Samba-data-if-requested.patch
a302cd
Patch20:        0009-make-Samba-data-tool-configurable.patch
a302cd
a302cd
Patch21:        0001-Add-trusted-for-delegation-option.patch
a302cd
Patch22:        0002-Only-update-attributes-given-on-the-command-line.patch
a302cd
Patch23:        0003-update-allow-to-add-service-names.patch
a302cd
Patch24:        0004-Calculate-enctypes-in-a-separate-function.patch
a302cd
Patch25:        0005-join-add-all-attributes-while-creating-computer-obje.patch
a302cd
Patch26:        0006-util-add-_adcli_strv_remove_unsorted.patch
a302cd
Patch27:        0007-Add-add-service-principal-and-remove-service-princip.patch
a302cd
Patch28:        0001-adcli_conn_is_writeable-do-not-crash-id-domain_disco.patch
a302cd
a302cd
# Additional fixes for rhbz#1593240
a302cd
Patch29:        0001-fix-typo-in-flag-value.patch
a302cd
Patch30:        0002-_adcli_call_external_program-silence-noisy-debug-mes.patch
a302cd
a302cd
# rhbz#1608212
a302cd
Patch31:        0003-Do-not-add-service-principals-twice.patch
a302cd
a302cd
# Additional fixed for rhbz#1547014
a302cd
Patch32:        0004-Do-not-depend-on-default_realm-in-krb5.conf.patch
c65420
341f9a
# rhbz#1649868
0f80db
Patch33:        0001-adutil-add-_adcli_strv_add_unique.patch
0f80db
Patch34:        0002-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch
0f80db
341f9a
# Patch35 is replaced by Patch49 - Patch55
c65420
341f9a
# rhbz#1642546 - adcli exports kerberos ticket with old kvno
341f9a
Patch36:        0001-Increment-kvno-after-password-change-with-user-creds.patch
341f9a
341f9a
# rhbz#1595911 - [RFE] Have `adcli join` work without FQDN in `hostname` output
341f9a
#                with some additional man page fixes from rhbz#1440533
341f9a
Patch37:        0001-doc-fix-typos-in-the-adcli-man-page.patch
341f9a
Patch38:        0001-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch
341f9a
341f9a
# rhbz#1644311 - Improve handling of service principals
341f9a
Patch39:        0001-join-always-add-service-principals.patch
341f9a
Patch40:        0002-library-return-error-if-no-matching-key-was-found.patch
341f9a
341f9a
# rhbz#1337489 - [RFE] adcli command with --unix-* options doesn't update
341f9a
#                values in UnixAttributes Tab for user
341f9a
Patch41:        0001-create-user-add-nis-domain-option.patch
341f9a
Patch42:        0002-create-user-try-to-find-NIS-domain-if-needed.patch
341f9a
341f9a
# rhbz#1630187 - [RFE] adcli join should preserve SPN added by adcli preset-computer
341f9a
Patch43:        0001-ensure_keytab_principals-do-not-leak-memory-when-cal.patch
341f9a
Patch44:        0002-library-make-_adcli_strv_has_ex-public.patch
341f9a
Patch45:        0003-library-_adcli_krb5_build_principal-allow-principals.patch
341f9a
Patch46:        0004-library-make-sure-server-side-SPNs-are-preserved.patch
341f9a
341f9a
# rhbz#1622583 - [RFE] Need an option for adcli command which will show domain join status.
341f9a
Patch47:        0001-Implement-adcli-testjoin.patch
341f9a
341f9a
# rhbz#1630187 - [RFE] adcli join should preserve SPN added by adcli preset-computer - additional patch
341f9a
Patch48:        0001-library-add-missing-strdup.patch
341f9a
341f9a
# rhbz#1588596 - many adcli-krb5-????? directories are created /tmp
341f9a
Patch49:        0001-tools-remove-errx-from-computer-commands.patch
341f9a
Patch50:        0002-tools-remove-errx-from-user-and-group-commands.patch
341f9a
Patch51:        0003-tools-remove-errx-from-info-commands.patch
341f9a
Patch52:        0004-tools-remove-errx-from-adcli_read_password_func.patch
341f9a
Patch53:        0005-tools-remove-errx-from-setup_krb5_conf_directory.patch
341f9a
Patch54:        0006-tools-entry-remove-errx-from-parse_option.patch
341f9a
Patch55:        0007-tools-computer-remove-errx-from-parse_option.patch
341f9a
bfd5b6
# rhbz#1665162 - adcli is failing with "Couldn't add keytab entries: FILE:/etc/krb5.keytab: Cannot allocate memory" (edit)
bfd5b6
Patch56:        0001-Fix-for-issues-found-by-Coverity.patch
bfd5b6
Patch57:        0001-adenroll-make-sure-only-allowed-enctypes-are-used-in.patch
bfd5b6
Patch58:        0002-adconn-add-adcli_conn_set_krb5_context.patch
bfd5b6
Patch59:        0003-adenroll-add-adcli_enroll_get_permitted_keytab_encty.patch
bfd5b6
Patch60:        0004-adenroll-use-only-enctypes-permitted-by-Kerberos-con.patch
bfd5b6
bfd5b6
# Coverity fix related to fixes for rhbz#1665162
bfd5b6
Patch61:        0001-Fix-for-issue-found-by-Coverity.patch
bfd5b6
bfd5b6
# rhbz#1683745 - Issue is that with arcfour-hmac as first encryption type
bfd5b6
Patch62:        0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch
bfd5b6
bfd5b6
# rhbz#1738573 - adcli update --add-samba-data does not work as expected
bfd5b6
Patch63:        0001-doc-explain-how-to-force-password-reset.patch
bfd5b6
bfd5b6
# rhbz#1685138 - adcli info should send netlogin pings to all domain controllers, not only a subset
bfd5b6
Patch64:        0001-Make-adcli-info-DC-location-mechanism-more-compliant.patch
bfd5b6
bfd5b6
# rhbz#1786776 - adcli should be able to Force LDAPS over 636 with AD Access Provider w.r.t sssd (RHEL7)
bfd5b6
Patch65:         0001-Use-GSS-SPNEGO-if-available.patch
bfd5b6
Patch66:         0002-add-option-use-ldaps.patch
bfd5b6
c3d619
#rhbz#1774622 - Update' adcli update --add-samba-data ' info under correct section in man adcli
c3d619
Patch67:         0001-man-move-note-to-the-right-section.patch
c3d619
c3d619
# rhbz#1802258 - [abrt] [faf] adcli: raise(): /usr/sbin/adcli killed by 6
c3d619
Patch68:         0001-discovery-fix.patch
c3d619
c3d619
# rhbz#1840752 - No longer able to delete computer from AD using adcli
c3d619
Patch69:         0001-delete-do-not-exit-if-keytab-cannot-be-read.patch
c3d619
c3d619
# rhbz#1762633 - adcli: presetting $computer in $domain domain failed: Cannot set computer password: Authentication error
c3d619
Patch70:         0001-tools-disable-SSSD-s-locator-plugin.patch
c3d619
525d54
# rhbz#1871436 - adcli: couldn't connect to KEYRING:persistent:0:krb_ccache_jgrrBI8
525d54
Patch71:         0001-man-explain-optional-parameter-of-login-ccache-bette.patch
525d54
Patch72:         0002-man-make-handling-of-optional-credential-cache-more-.patch
525d54
341f9a
BuildRequires:  intltool pkgconfig
341f9a
BuildRequires:  libtool
341f9a
BuildRequires:  gettext-devel
341f9a
BuildRequires:  krb5-devel
341f9a
BuildRequires:  openldap-devel
341f9a
BuildRequires:  libxslt
341f9a
BuildRequires:  xmlto
341f9a
341f9a
Requires:       cyrus-sasl-gssapi
c65420
c65420
# adcli no longer has a library of development files
c65420
# the adcli tool itself is to be used by callers
341f9a
Obsoletes:      adcli-devel < 0.5
c65420
c65420
%description
c65420
adcli is a library and tool for joining an Active Directory domain using
c65420
standard LDAP and Kerberos calls.
c65420
c65420
%define _hardened_build 1
c65420
c65420
%prep
341f9a
%autosetup -p1
c65420
c65420
%build
a302cd
autoreconf --force --install --verbose
c65420
%configure --disable-static --disable-silent-rules
c65420
make %{?_smp_mflags}
c65420
c65420
%check
c65420
make check
c65420
c65420
%install
c65420
make install DESTDIR=%{buildroot}
c65420
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
c65420
c65420
%post -p /sbin/ldconfig
c65420
c65420
%postun -p /sbin/ldconfig
c65420
c65420
%clean
c65420
c65420
%files
c65420
%{_sbindir}/adcli
c65420
%doc AUTHORS COPYING ChangeLog NEWS README
6c0d2f
%doc %{_datadir}/doc/adcli
6c0d2f
%doc %{_mandir}/*/*
c65420
c65420
%changelog
525d54
* Mon Nov 23 2020 Sumit Bose <sbose@redhat.com> - 0.8.1-16.1
525d54
- add missing patch for [#1871436]
525d54
525d54
* Mon Nov 23 2020 Sumit Bose <sbose@redhat.com> - 0.8.1-16
525d54
- adcli: couldn't connect to KEYRING:persistent:0:krb_ccache_jgrrBI8 [#1871436]
525d54
c3d619
* Mon Jun 08 2020 Sumit Bose <sbose@redhat.com> - 0.8.1-15
c3d619
- More fixes for RHEL-7.9
c3d619
- No longer able to delete computer from AD using adcli [#1840752]
c3d619
- adcli: presetting $computer in $domain domain failed: Cannot set computer
c3d619
  password: Authentication error [#1762633]
c3d619
c3d619
* Sun Apr 19 2020 Sumit Bose <sbose@redhat.com> - 0.8.1-14
c3d619
- Fixes for RHEL-7.9
c3d619
- Update' adcli update --add-samba-data ' info under correct section in man adcli [#1774622]
c3d619
- [abrt] [faf] adcli: raise(): /usr/sbin/adcli killed by 6 [#1802258]
c3d619
bfd5b6
* Tue Jan 14 2020 Sumit Bose <sbose@redhat.com> - 0.8.1-13
bfd5b6
- adcli should be able to Force LDAPS over 636 with AD Access Provider w.r.t sssd [#1786776]
bfd5b6
bfd5b6
* Wed Sep 04 2019 Sumit Bose <sbose@redhat.com> - 0.8.1-12
bfd5b6
- adcli info should send netlogin pings to all domain controllers, not only a subset [#1685138]
bfd5b6
bfd5b6
* Tue Aug 27 2019 Sumit Bose <sbose@redhat.com> - 0.8.1-11
bfd5b6
- Fixes and improvements for RHEL-7.8
bfd5b6
- Issue is that with arcfour-hmac as first encryption type in the config ... [#1683745]
bfd5b6
- adcli update --add-samba-data does not work as expected [#1738573]
bfd5b6
bfd5b6
* Mon Aug 12 2019 Sumit Bose <sbose@redhat.com> - 0.8.1-10
bfd5b6
- adcli is failing with "Couldn't add keytab entries: FILE:/etc/krb5.keytab:
bfd5b6
  Cannot allocate memory" [1665162]
bfd5b6
341f9a
* Thu May 02 2019 Sumit Bose <sbose@redhat.com> - 0.8.1-9
341f9a
- Fixes for RHEL-7.7 updates
341f9a
- additional patch for [RFE] adcli join should preserve SPN added by adcli
341f9a
  preset-computer [#1630187]
341f9a
- new patches for many adcli-krb5-????? directories are created /tmp [#1588596]
341f9a
341f9a
* Fri Mar 22 2019 Sumit Bose <sbose@redhat.com> - 0.8.1-8
341f9a
- Various updates for RHEL-7.7
341f9a
- many adcli-krb5-????? directories are created /tmp [#1588596]
341f9a
- adcli exports kerberos ticket with old kvno [#1642546]
341f9a
- [RFE] Have `adcli join` work without FQDN in `hostname` output [#1595911]
341f9a
- Improve handling of service principals [#1644311]
341f9a
- [RFE] adcli command with --unix-* options doesn't update
341f9a
  values in UnixAttributes Tab for user [#1337489]
341f9a
- [RFE] adcli join should preserve SPN added by adcli preset-computer [#1630187]
341f9a
- [RFE] Need an option for adcli command which will show domain join status. [#1622583]
341f9a
341f9a
* Wed Jan 16 2019 Sumit Bose <sbose@redhat.com> - 0.8.1-7
341f9a
- use autosetup macro to simplify patch handling
341f9a
- fixed rpmlint warnings in the spec file
341f9a
- join failed if hostname is not FQDN [#1649868]
0f80db
a302cd
* Tue Aug 14 2018 Sumit Bose <sbose@redhat.com> - 0.8.1-6
a302cd
- Couldn't set service principals on computer account [#1608212]
a302cd
- additional fix #1547014 and #1593240
a302cd
a302cd
* Tue Jun 19 2018 Sumit Bose <sbose@redhat.com> - 0.8.1-5
a302cd
- enable "Trust this computer for delegation to any service (Kerberos only)" [#1538730]
a302cd
- realm join fails with Insufficient permissions [#1542354]
a302cd
- adcli update option cannot add principals for computer object [#1545568]
a302cd
- adcli refuses to add service principals [#1547013]
a302cd
- [RFE] Support adding SPN of a different host [#1547014]
a302cd
- adcli segfaults during AD join RHEL 7.5 [#1575554]
a302cd
ee944e
* Thu Nov 02 2017 Sumit Bose <sbose@redhat.com> - 0.8.1-4
ee944e
- adcli doesn't update kvno while joining system to AD domain (RODC) [#1471021]
ee944e
- adcli_tool_computer_delete description spelling [#1450179]
ee944e
- adcli man page should not only mention FILE type credential caches [#1423871]
ee944e
743651
* Wed Aug 24 2016 Sumit Bose <sbose@redhat.com> - 0.8.1-3
743651
- fix crash when name is specified on the command line and detect names with
743651
  lower case characters [#1359773]
743651
743651
* Mon Jul 25 2016 Sumit Bose <sbose@redhat.com> - 0.8.1-2
743651
- delete: use keytab data to determine realm and NetBIOS name [#1359773]
743651
* Thu May 19 2016 Sumit Bose <sbose@redhat.com> - 0.8.1-1
743651
- Update to upstream release 0.8.1
743651
- Rebase adcli in RHEL-7.3 to version 0.8.0 [#1292530]
743651
- Support Host Keytab renewal [#1288485]
743651
- realmd not joining AD so ssh gssapi-with-mic works [#1061371]
743651
- technically wrong length checks in binary parsers  [#1027905]
743651
- avoid alloca in _adcli_ldap_have_in_mod [#1027889]
743651
- [RFE] adcli --stdin-password should be able to strip newline character from
743651
  the input [#1134330]
743651
6c0d2f
* Thu Jan 30 2014 Stef Walter <stefw@redhat.com> - 0.7.5-4
6c0d2f
- Fix incorrect ownership of manual page directory [#1057563]
6c0d2f
6c0d2f
* Tue Jan 28 2014 Daniel Mach <dmach@redhat.com> - 0.7.5-3
6c0d2f
- Mass rebuild 2014-01-24
6c0d2f
6c0d2f
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.7.5-2
6c0d2f
- Mass rebuild 2013-12-27
6c0d2f
c65420
* Fri Sep 13 2013 Stef Walter <stefw@redhat.com> - 0.7.5-1
c65420
- Update to upstream point release 0.7.5
c65420
- Workaround for discovery via IPv6 address [#1004442]
c65420
- Correctly put IPv6 addresses in temporary krb5.conf
c65420
c65420
* Mon Sep 09 2013 Stef Walter <stefw@redhat.com> - 0.7.4-1
c65420
- Update to upstream point release 0.7.4
c65420
- Correctly handle truncating long host names [#1001667]
c65420
- Try to contact all available addresses for discovery [#1004442]
c65420
- Build fixes [#1004823]
c65420
c65420
* Wed Aug 07 2013 Stef Walter <stefw@redhat.com> - 0.7.3-1
c65420
- Update to upstream point release 0.7.3
c65420
- Don't try to set encryption types on Windows 2003
c65420
c65420
* Mon Jul 22 2013 Stef Walter <stefw@redhat.com> - 0.7.2-1
c65420
- Update to upstream point release 0.7.2
c65420
- Part of fix for bug [#967008]
c65420
c65420
* Tue Jun 11 2013 Stef Walter <stefw@redhat.com> - 0.7.1-3
c65420
- Run 'make check' when building the package
c65420
c65420
* Mon May 13 2013 Stef Walter <stefw@redhat.com> - 0.7.1-2
c65420
- Bump version to get around botched update
c65420
c65420
* Mon May 13 2013 Stef Walter <stefw@redhat.com> - 0.7.1-1
c65420
- Update to upstream 0.7.1 release
c65420
- Fix problems with salt discovery [#961399]
c65420
c65420
* Mon May 06 2013 Stef Walter <stefw@redhat.com> - 0.7-1
c65420
- Work around broken krb5 with empty passwords [#960001]
c65420
- Fix memory corruption issue [#959999]
c65420
- Update to 0.7, fixing various bugs
c65420
c65420
* Mon Apr 29 2013 Stef Walter <stefw@redhat.com> - 0.6-1
c65420
- Update to 0.6, fixing various bugs
c65420
c65420
* Wed Apr 10 2013 Stef walter <stefw@redhat.com> - 0.5-2
c65420
- Add appropriate Obsoletes line for libadcli removal
c65420
c65420
* Wed Apr 10 2013 Stef Walter <stefw@redhat.com> - 0.5-1
c65420
- Update to upstream 0.5 version
c65420
- No more libadcli, and thus no adcli-devel
c65420
- Many new adcli commands
c65420
- Documentation
c65420
c65420
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-2
c65420
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
c65420
c65420
* Mon Nov 12 2012 Stef Walter <stefw@redhat.com> - 0.4-1
c65420
- Update for 0.4 version, fixing various bugs
c65420
c65420
* Sat Oct 20 2012 Stef Walter <stefw@redhat.com> - 0.3-1
c65420
- Update for 0.3 version
c65420
c65420
* Tue Sep 4 2012 Stef Walter <stefw@redhat.com> - 0.2-1
c65420
- Update for 0.2 version
c65420
c65420
* Wed Aug 15 2012 Stef Walter <stefw@redhat.com> - 0.1-1
c65420
- Initial 0.1 package