From 79648a7a446c2afc89ce8c9ae87a29c140875d33 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 21 2020 20:45:28 +0000 Subject: import adcli-0.8.2-4.el8 --- diff --git a/SOURCES/0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch b/SOURCES/0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch new file mode 100644 index 0000000..4c2323c --- /dev/null +++ b/SOURCES/0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch @@ -0,0 +1,63 @@ +From 158468507bb723aa62196846749c23c121d4b298 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 8 Apr 2019 10:55:39 +0200 +Subject: [PATCH] Do not use arcfour-hmac-md5 when discovering the salt + +Since the arcfour-hmac-md5 encryption types does not use salts it cannot +be used to discover the right salt. + +Related to https://bugzilla.redhat.com/show_bug.cgi?id=1683745 +--- + library/adkrb5.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/library/adkrb5.c b/library/adkrb5.c +index da835d7..be3ede5 100644 +--- a/library/adkrb5.c ++++ b/library/adkrb5.c +@@ -395,15 +395,33 @@ _adcli_krb5_keytab_discover_salt (krb5_context k5, + krb5_keytab scratch; + krb5_error_code code; + int i; ++ krb5_enctype *salt_enctypes = NULL; ++ size_t c; ++ size_t s; + + /* TODO: This should be a unique name */ + + code = krb5_kt_resolve (k5, "MEMORY:adcli-discover-salt", &scratch); + return_val_if_fail (code == 0, code); + ++ for (c = 0; enctypes[c] != 0; c++); /* count enctypes */ ++ salt_enctypes = calloc (c + 1, sizeof (krb5_enctype)); ++ return_val_if_fail (salt_enctypes != NULL, ENOMEM); ++ ++ /* ENCTYPE_ARCFOUR_HMAC does not use salts, so it cannot be used to ++ * discover the right salt. */ ++ s = 0; ++ for (c = 0; enctypes[c] != 0; c++) { ++ if (enctypes[c] == ENCTYPE_ARCFOUR_HMAC) { ++ continue; ++ } ++ ++ salt_enctypes[s++] = enctypes[c]; ++ } ++ + for (i = 0; salts[i].data != NULL; i++) { + code = _adcli_krb5_keytab_test_salt (k5, scratch, principal, kvno, +- password, enctypes, &salts[i]); ++ password, salt_enctypes, &salts[i]); + if (code == 0) { + *discovered = i; + break; +@@ -412,6 +430,7 @@ _adcli_krb5_keytab_discover_salt (krb5_context k5, + } + } + ++ free (salt_enctypes); + krb5_kt_close (k5, scratch); + return code; + } +-- +2.21.0 + diff --git a/SOURCES/0001-Fix-for-issue-found-by-Coverity.patch b/SOURCES/0001-Fix-for-issue-found-by-Coverity.patch new file mode 100644 index 0000000..b5159c8 --- /dev/null +++ b/SOURCES/0001-Fix-for-issue-found-by-Coverity.patch @@ -0,0 +1,29 @@ +From 5da6d34e2659f915e830932fd366c635801ecd91 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 12 Aug 2019 17:28:20 +0200 +Subject: [PATCH] Fix for issue found by Coverity + +Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3 +--- + library/adenroll.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/library/adenroll.c b/library/adenroll.c +index 53cd812..524663a 100644 +--- a/library/adenroll.c ++++ b/library/adenroll.c +@@ -2681,7 +2681,10 @@ adcli_enroll_get_permitted_keytab_enctypes (adcli_enroll *enroll) + for (c = 0; cur_enctypes[c] != 0; c++); + + new_enctypes = calloc (c + 1, sizeof (krb5_enctype)); +- return_val_if_fail (new_enctypes != NULL, NULL); ++ if (new_enctypes == NULL) { ++ krb5_free_enctypes (k5, permitted_enctypes); ++ return NULL; ++ } + + n = 0; + for (c = 0; cur_enctypes[c] != 0; c++) { +-- +2.21.0 + diff --git a/SOURCES/0001-doc-explain-how-to-force-password-reset.patch b/SOURCES/0001-doc-explain-how-to-force-password-reset.patch new file mode 100644 index 0000000..f3d25f4 --- /dev/null +++ b/SOURCES/0001-doc-explain-how-to-force-password-reset.patch @@ -0,0 +1,30 @@ +From 9b187095edb8c914238419ed51fef6041864f4fc Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 26 Aug 2019 13:33:24 +0200 +Subject: [PATCH] doc: explain how to force password reset + +Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573 +--- + doc/adcli.xml | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/doc/adcli.xml b/doc/adcli.xml +index 094f577..4f201e0 100644 +--- a/doc/adcli.xml ++++ b/doc/adcli.xml +@@ -330,7 +330,11 @@ Password for Administrator: + important here is currently the + option, see + smb.conf5 +- for details. ++ for details. ++ Note that if the machine account password is not ++ older than 30 days, you have to pass ++ to ++ force the update. + + + +-- +2.21.0 + diff --git a/SOURCES/0001-man-move-note-to-the-right-section.patch b/SOURCES/0001-man-move-note-to-the-right-section.patch new file mode 100644 index 0000000..307dfc9 --- /dev/null +++ b/SOURCES/0001-man-move-note-to-the-right-section.patch @@ -0,0 +1,48 @@ +From d2d3879bdfcea70757a8b0527882e79e8b5c6e70 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 27 Nov 2019 18:26:44 +0100 +Subject: [PATCH] man: move note to the right section + +Unfortunately the note about the password lifetime was added to the join +section. This patch move it to the update section where it belongs to. + +Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573 + https://bugzilla.redhat.com/show_bug.cgi?id=1745931 + https://bugzilla.redhat.com/show_bug.cgi?id=1774622 +--- + doc/adcli.xml | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/doc/adcli.xml b/doc/adcli.xml +index 4f201e0..9faf96a 100644 +--- a/doc/adcli.xml ++++ b/doc/adcli.xml +@@ -330,11 +330,7 @@ Password for Administrator: + important here is currently the + option, see + smb.conf5 +- for details. +- Note that if the machine account password is not +- older than 30 days, you have to pass +- to +- force the update. ++ for details. + + + +@@ -472,7 +468,11 @@ $ adcli update --login-ccache=/tmp/krbcc_123 + important here is currently the + option, see + smb.conf5 +- for details. ++ for details. ++ Note that if the machine account password is not ++ older than 30 days, you have to pass ++ to ++ force the update. + + + +-- +2.21.0 + diff --git a/SOURCES/0001-tools-add-show-computer-command.patch b/SOURCES/0001-tools-add-show-computer-command.patch new file mode 100644 index 0000000..1decaf6 --- /dev/null +++ b/SOURCES/0001-tools-add-show-computer-command.patch @@ -0,0 +1,338 @@ +From 0a169bd9b2687293f74bb57694eb82f9769610c9 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 27 Nov 2019 12:34:45 +0100 +Subject: [PATCH 1/2] tools: add show-computer command + +The show-computer command prints the LDAP attributes of the related +computer object from AD. + +Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342 +--- + doc/adcli.xml | 28 ++++++++++++++ + library/adenroll.c | 78 +++++++++++++++++++++++++++++--------- + library/adenroll.h | 5 +++ + tools/computer.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++ + tools/tools.c | 1 + + tools/tools.h | 4 ++ + 6 files changed, 191 insertions(+), 18 deletions(-) + +diff --git a/doc/adcli.xml b/doc/adcli.xml +index 9faf96a..1f93186 100644 +--- a/doc/adcli.xml ++++ b/doc/adcli.xml +@@ -93,6 +93,11 @@ + --domain=domain.example.com + computer + ++ ++ adcli show-computer ++ --domain=domain.example.com ++ computer ++ + + + +@@ -811,6 +816,29 @@ Password for Administrator: + + + ++ ++ Show Computer Account Attributes ++ ++ adcli show-computer show the computer account ++ attributes stored in AD. The account must already exist. ++ ++ ++$ adcli show-computer --domain=domain.example.com host2 ++Password for Administrator: ++ ++ ++ If the computer name contains a dot, then it is ++ treated as fully qualified host name, otherwise it is treated ++ as short computer name. ++ ++ If no computer name is specified, then the host name of the ++ computer adcli is running on is used, as returned by ++ gethostname(). ++ ++ The various global options can be used. ++ ++ ++ + + Bugs + +diff --git a/library/adenroll.c b/library/adenroll.c +index 524663a..8d2adeb 100644 +--- a/library/adenroll.c ++++ b/library/adenroll.c +@@ -71,6 +71,21 @@ static krb5_enctype v51_earlier_enctypes[] = { + 0 + }; + ++static char *default_ad_ldap_attrs[] = { ++ "sAMAccountName", ++ "userPrincipalName", ++ "msDS-KeyVersionNumber", ++ "msDS-supportedEncryptionTypes", ++ "dNSHostName", ++ "servicePrincipalName", ++ "operatingSystem", ++ "operatingSystemVersion", ++ "operatingSystemServicePack", ++ "pwdLastSet", ++ "userAccountControl", ++ NULL, ++}; ++ + /* Some constants for the userAccountControl AD LDAP attribute, see e.g. + * https://support.microsoft.com/en-us/help/305144/how-to-use-the-useraccountcontrol-flags-to-manipulate-user-account-pro + * for details. */ +@@ -1213,19 +1228,6 @@ retrieve_computer_account (adcli_enroll *enroll) + char *end; + int ret; + +- char *attrs[] = { +- "msDS-KeyVersionNumber", +- "msDS-supportedEncryptionTypes", +- "dNSHostName", +- "servicePrincipalName", +- "operatingSystem", +- "operatingSystemVersion", +- "operatingSystemServicePack", +- "pwdLastSet", +- "userAccountControl", +- NULL, +- }; +- + assert (enroll->computer_dn != NULL); + assert (enroll->computer_attributes == NULL); + +@@ -1233,7 +1235,8 @@ retrieve_computer_account (adcli_enroll *enroll) + assert (ldap != NULL); + + ret = ldap_search_ext_s (ldap, enroll->computer_dn, LDAP_SCOPE_BASE, +- "(objectClass=*)", attrs, 0, NULL, NULL, NULL, -1, ++ "(objectClass=*)", default_ad_ldap_attrs, ++ 0, NULL, NULL, NULL, -1, + &enroll->computer_attributes); + + if (ret != LDAP_SUCCESS) { +@@ -2179,12 +2182,11 @@ adcli_enroll_load (adcli_enroll *enroll) + } + + adcli_result +-adcli_enroll_update (adcli_enroll *enroll, +- adcli_enroll_flags flags) ++adcli_enroll_read_computer_account (adcli_enroll *enroll, ++ adcli_enroll_flags flags) + { + adcli_result res = ADCLI_SUCCESS; + LDAP *ldap; +- char *value; + + return_unexpected_if_fail (enroll != NULL); + +@@ -2214,7 +2216,18 @@ adcli_enroll_update (adcli_enroll *enroll, + } + + /* Get information about the computer account */ +- res = retrieve_computer_account (enroll); ++ return retrieve_computer_account (enroll); ++} ++ ++adcli_result ++adcli_enroll_update (adcli_enroll *enroll, ++ adcli_enroll_flags flags) ++{ ++ adcli_result res = ADCLI_SUCCESS; ++ LDAP *ldap; ++ char *value; ++ ++ res = adcli_enroll_read_computer_account (enroll, flags); + if (res != ADCLI_SUCCESS) + return res; + +@@ -2242,6 +2255,35 @@ adcli_enroll_update (adcli_enroll *enroll, + return enroll_join_or_update_tasks (enroll, flags); + } + ++adcli_result ++adcli_enroll_show_computer_attribute (adcli_enroll *enroll) ++{ ++ LDAP *ldap; ++ size_t c; ++ char **vals; ++ size_t v; ++ ++ ldap = adcli_conn_get_ldap_connection (enroll->conn); ++ assert (ldap != NULL); ++ ++ for (c = 0; default_ad_ldap_attrs[c] != NULL; c++) { ++ vals = _adcli_ldap_parse_values (ldap, ++ enroll->computer_attributes, ++ default_ad_ldap_attrs[c]); ++ printf ("%s:\n", default_ad_ldap_attrs[c]); ++ if (vals == NULL) { ++ printf (" - not set -\n"); ++ } else { ++ for (v = 0; vals[v] != NULL; v++) { ++ printf (" %s\n", vals[v]); ++ } ++ } ++ _adcli_strv_free (vals); ++ } ++ ++ return ADCLI_SUCCESS; ++} ++ + adcli_result + adcli_enroll_delete (adcli_enroll *enroll, + adcli_enroll_flags delete_flags) +diff --git a/library/adenroll.h b/library/adenroll.h +index 1d5d00d..11eb517 100644 +--- a/library/adenroll.h ++++ b/library/adenroll.h +@@ -46,6 +46,11 @@ adcli_result adcli_enroll_join (adcli_enroll *enroll, + adcli_result adcli_enroll_update (adcli_enroll *enroll, + adcli_enroll_flags flags); + ++adcli_result adcli_enroll_read_computer_account (adcli_enroll *enroll, ++ adcli_enroll_flags flags); ++ ++adcli_result adcli_enroll_show_computer_attribute (adcli_enroll *enroll); ++ + adcli_result adcli_enroll_delete (adcli_enroll *enroll, + adcli_enroll_flags delete_flags); + +diff --git a/tools/computer.c b/tools/computer.c +index ac8a203..c8b96a4 100644 +--- a/tools/computer.c ++++ b/tools/computer.c +@@ -964,3 +964,96 @@ adcli_tool_computer_delete (adcli_conn *conn, + adcli_enroll_unref (enroll); + return 0; + } ++ ++int ++adcli_tool_computer_show (adcli_conn *conn, ++ int argc, ++ char *argv[]) ++{ ++ adcli_enroll *enroll; ++ adcli_result res; ++ int opt; ++ ++ struct option options[] = { ++ { "domain", required_argument, NULL, opt_domain }, ++ { "domain-realm", required_argument, NULL, opt_domain_realm }, ++ { "domain-controller", required_argument, NULL, opt_domain_controller }, ++ { "login-user", required_argument, NULL, opt_login_user }, ++ { "login-ccache", optional_argument, NULL, opt_login_ccache }, ++ { "login-type", required_argument, NULL, opt_login_type }, ++ { "no-password", no_argument, 0, opt_no_password }, ++ { "stdin-password", no_argument, 0, opt_stdin_password }, ++ { "prompt-password", no_argument, 0, opt_prompt_password }, ++ { "verbose", no_argument, NULL, opt_verbose }, ++ { "help", no_argument, NULL, 'h' }, ++ { 0 }, ++ }; ++ ++ static adcli_tool_desc usages[] = { ++ { 0, "usage: adcli show-computer --domain=xxxx host1.example.com" }, ++ { 0 }, ++ }; ++ ++ enroll = adcli_enroll_new (conn); ++ if (enroll == NULL) { ++ warnx ("unexpected memory problems"); ++ return -1; ++ } ++ ++ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) { ++ switch (opt) { ++ case 'h': ++ case '?': ++ case ':': ++ adcli_tool_usage (options, usages); ++ adcli_tool_usage (options, common_usages); ++ adcli_enroll_unref (enroll); ++ return opt == 'h' ? 0 : 2; ++ default: ++ res = parse_option ((Option)opt, optarg, conn, enroll); ++ if (res != ADCLI_SUCCESS) { ++ adcli_enroll_unref (enroll); ++ return res; ++ } ++ break; ++ } ++ } ++ ++ argc -= optind; ++ argv += optind; ++ ++ res = adcli_conn_connect (conn); ++ if (res != ADCLI_SUCCESS) { ++ warnx ("couldn't connect to %s domain: %s", ++ adcli_conn_get_domain_name (conn), ++ adcli_get_last_error ()); ++ adcli_enroll_unref (enroll); ++ return -res; ++ } ++ ++ if (argc == 1) { ++ parse_fqdn_or_name (enroll, argv[0]); ++ } ++ ++ res = adcli_enroll_read_computer_account (enroll, 0); ++ if (res != ADCLI_SUCCESS) { ++ warnx ("couldn't read data for %s: %s", ++ adcli_enroll_get_host_fqdn (enroll) != NULL ++ ? adcli_enroll_get_host_fqdn (enroll) ++ : adcli_enroll_get_computer_name (enroll), ++ adcli_get_last_error ()); ++ adcli_enroll_unref (enroll); ++ return -res; ++ } ++ ++ res = adcli_enroll_show_computer_attribute (enroll); ++ if (res != ADCLI_SUCCESS) { ++ warnx ("couldn't print data for %s: %s", ++ argv[0], adcli_get_last_error ()); ++ adcli_enroll_unref (enroll); ++ return -res; ++ } ++ ++ adcli_enroll_unref (enroll); ++ return 0; ++} +diff --git a/tools/tools.c b/tools/tools.c +index fc9fa9a..9d422f2 100644 +--- a/tools/tools.c ++++ b/tools/tools.c +@@ -59,6 +59,7 @@ struct { + { "preset-computer", adcli_tool_computer_preset, "Pre setup computers accounts", }, + { "reset-computer", adcli_tool_computer_reset, "Reset a computer account", }, + { "delete-computer", adcli_tool_computer_delete, "Delete a computer account", }, ++ { "show-computer", adcli_tool_computer_show, "Show computer account attributes stored in AD", }, + { "create-user", adcli_tool_user_create, "Create a user account", }, + { "delete-user", adcli_tool_user_delete, "Delete a user account", }, + { "create-group", adcli_tool_group_create, "Create a group", }, +diff --git a/tools/tools.h b/tools/tools.h +index 8cebbf9..3702875 100644 +--- a/tools/tools.h ++++ b/tools/tools.h +@@ -78,6 +78,10 @@ int adcli_tool_computer_delete (adcli_conn *conn, + int argc, + char *argv[]); + ++int adcli_tool_computer_show (adcli_conn *conn, ++ int argc, ++ char *argv[]); ++ + int adcli_tool_user_create (adcli_conn *conn, + int argc, + char *argv[]); +-- +2.21.0 + diff --git a/SOURCES/0002-add-description-option-to-join-and-update.patch b/SOURCES/0002-add-description-option-to-join-and-update.patch new file mode 100644 index 0000000..a36dfc9 --- /dev/null +++ b/SOURCES/0002-add-description-option-to-join-and-update.patch @@ -0,0 +1,183 @@ +From 3937a2a7db90611aa7a93248233b0c5d31e85a3e Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 27 Nov 2019 14:48:32 +0100 +Subject: [PATCH 2/2] add description option to join and update + +This new option allows to set the description LDAP attribute for the AD +computer object. + +Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342 +--- + doc/adcli.xml | 10 ++++++++++ + library/adenroll.c | 29 +++++++++++++++++++++++++++++ + library/adenroll.h | 4 ++++ + tools/computer.c | 7 +++++++ + 4 files changed, 50 insertions(+) + +diff --git a/doc/adcli.xml b/doc/adcli.xml +index 1f93186..dd30435 100644 +--- a/doc/adcli.xml ++++ b/doc/adcli.xml +@@ -275,6 +275,11 @@ Password for Administrator: + Set the operating system version on the computer + account. Not set by default. + ++ ++ ++ Set the description attribute on the computer ++ account. Not set by default. ++ + + + Additional service name for a kerberos +@@ -416,6 +421,11 @@ $ adcli update --login-ccache=/tmp/krbcc_123 + Set the operating system version on the computer + account. Not set by default. + ++ ++ ++ Set the description attribute on the computer ++ account. Not set by default. ++ + + + Additional service name for a Kerberos +diff --git a/library/adenroll.c b/library/adenroll.c +index 8d2adeb..246f658 100644 +--- a/library/adenroll.c ++++ b/library/adenroll.c +@@ -83,6 +83,7 @@ static char *default_ad_ldap_attrs[] = { + "operatingSystemServicePack", + "pwdLastSet", + "userAccountControl", ++ "description", + NULL, + }; + +@@ -143,6 +144,7 @@ struct _adcli_enroll { + char *samba_data_tool; + bool trusted_for_delegation; + int trusted_for_delegation_explicit; ++ char *description; + }; + + static adcli_result +@@ -756,6 +758,8 @@ create_computer_account (adcli_enroll *enroll, + char *vals_userPrincipalName[] = { enroll->user_principal, NULL }; + LDAPMod userPrincipalName = { LDAP_MOD_ADD, "userPrincipalName", { vals_userPrincipalName, }, }; + LDAPMod servicePrincipalName = { LDAP_MOD_ADD, "servicePrincipalName", { enroll->service_principals, } }; ++ char *vals_description[] = { enroll->description, NULL }; ++ LDAPMod description = { LDAP_MOD_ADD, "description", { vals_description, }, }; + + char *val = NULL; + +@@ -774,6 +778,7 @@ create_computer_account (adcli_enroll *enroll, + &operatingSystemServicePack, + &userPrincipalName, + &servicePrincipalName, ++ &description, + NULL + }; + +@@ -1460,6 +1465,14 @@ update_computer_account (adcli_enroll *enroll) + res |= update_computer_attribute (enroll, ldap, mods); + } + ++ if (res == ADCLI_SUCCESS && enroll->description != NULL) { ++ char *vals_description[] = { enroll->description, NULL }; ++ LDAPMod description = { LDAP_MOD_REPLACE, "description", { vals_description, }, }; ++ LDAPMod *mods[] = { &description, NULL, }; ++ ++ res |= update_computer_attribute (enroll, ldap, mods); ++ } ++ + if (res != 0) + _adcli_info ("Updated existing computer account: %s", enroll->computer_dn); + } +@@ -2899,6 +2912,22 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll, + enroll->trusted_for_delegation_explicit = 1; + } + ++void ++adcli_enroll_set_description (adcli_enroll *enroll, const char *value) ++{ ++ return_if_fail (enroll != NULL); ++ if (value != NULL && value[0] != '\0') { ++ _adcli_str_set (&enroll->description, value); ++ } ++} ++ ++const char * ++adcli_enroll_get_desciption (adcli_enroll *enroll) ++{ ++ return_val_if_fail (enroll != NULL, NULL); ++ return enroll->description; ++} ++ + const char ** + adcli_enroll_get_service_principals_to_add (adcli_enroll *enroll) + { +diff --git a/library/adenroll.h b/library/adenroll.h +index 11eb517..0606169 100644 +--- a/library/adenroll.h ++++ b/library/adenroll.h +@@ -126,6 +126,10 @@ bool adcli_enroll_get_trusted_for_delegation (adcli_enroll *enroll + void adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll, + bool value); + ++const char * adcli_enroll_get_desciption (adcli_enroll *enroll); ++void adcli_enroll_set_description (adcli_enroll *enroll, ++ const char *value); ++ + krb5_kvno adcli_enroll_get_kvno (adcli_enroll *enroll); + + void adcli_enroll_set_kvno (adcli_enroll *enroll, +diff --git a/tools/computer.c b/tools/computer.c +index c8b96a4..840e334 100644 +--- a/tools/computer.c ++++ b/tools/computer.c +@@ -112,6 +112,7 @@ typedef enum { + opt_trusted_for_delegation, + opt_add_service_principal, + opt_remove_service_principal, ++ opt_description, + } Option; + + static adcli_tool_desc common_usages[] = { +@@ -142,6 +143,7 @@ static adcli_tool_desc common_usages[] = { + "in the userAccountControl attribute", }, + { opt_add_service_principal, "add the given service principal to the account\n" }, + { opt_remove_service_principal, "remove the given service principal from the account\n" }, ++ { opt_description, "add a description to the account\n" }, + { opt_no_password, "don't prompt for or read a password" }, + { opt_prompt_password, "prompt for a password if necessary" }, + { opt_stdin_password, "read a password from stdin (until EOF) if\n" +@@ -306,6 +308,9 @@ parse_option (Option opt, + case opt_remove_service_principal: + adcli_enroll_add_service_principal_to_remove (enroll, optarg); + return ADCLI_SUCCESS; ++ case opt_description: ++ adcli_enroll_set_description (enroll, optarg); ++ return ADCLI_SUCCESS; + case opt_verbose: + return ADCLI_SUCCESS; + +@@ -369,6 +374,7 @@ adcli_tool_computer_join (adcli_conn *conn, + { "os-name", required_argument, NULL, opt_os_name }, + { "os-version", required_argument, NULL, opt_os_version }, + { "os-service-pack", optional_argument, NULL, opt_os_service_pack }, ++ { "description", optional_argument, NULL, opt_description }, + { "user-principal", optional_argument, NULL, opt_user_principal }, + { "trusted-for-delegation", required_argument, NULL, opt_trusted_for_delegation }, + { "add-service-principal", required_argument, NULL, opt_add_service_principal }, +@@ -487,6 +493,7 @@ adcli_tool_computer_update (adcli_conn *conn, + { "os-name", required_argument, NULL, opt_os_name }, + { "os-version", required_argument, NULL, opt_os_version }, + { "os-service-pack", optional_argument, NULL, opt_os_service_pack }, ++ { "description", optional_argument, NULL, opt_description }, + { "user-principal", optional_argument, NULL, opt_user_principal }, + { "computer-password-lifetime", optional_argument, NULL, opt_computer_password_lifetime }, + { "trusted-for-delegation", required_argument, NULL, opt_trusted_for_delegation }, +-- +2.21.0 + diff --git a/SPECS/adcli.spec b/SPECS/adcli.spec index 371dfe4..5a5336b 100644 --- a/SPECS/adcli.spec +++ b/SPECS/adcli.spec @@ -1,6 +1,6 @@ Name: adcli Version: 0.8.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Active Directory enrollment License: LGPLv2+ URL: http://cgit.freedesktop.org/realmd/adcli @@ -90,6 +90,20 @@ Patch52: 0002-adconn-add-adcli_conn_set_krb5_context.patch Patch53: 0003-adenroll-add-adcli_enroll_get_permitted_keytab_encty.patch Patch54: 0004-adenroll-use-only-enctypes-permitted-by-Kerberos-con.patch +# rhbz#1745931 - adcli update --add-samba-data does not work as expected +Patch55: 0001-doc-explain-how-to-force-password-reset.patch +Patch56: 0001-man-move-note-to-the-right-section.patch + +# rhbz#1745932 - Issue is that with arcfour-hmac as first encryption type +Patch57: 0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch + +Patch58: 0001-Fix-for-issue-found-by-Coverity.patch + +# rhbz#1737342 - [RFE] enhancement adcli to set description attribute and to +# show all AD attributes +Patch59: 0001-tools-add-show-computer-command.patch +Patch60: 0002-add-description-option-to-join-and-update.patch + BuildRequires: gcc BuildRequires: intltool pkgconfig BuildRequires: libtool @@ -150,6 +164,12 @@ documentation. %doc %{_datadir}/doc/adcli/* %changelog +* Thu Nov 28 2019 Sumit Bose - 0.8.2-4 +- adcli update --add-samba-data does not work as expected [#1745931] +- Issue is that with arcfour-hmac as first encryption type [#1745932] +- [RFE] enhancement adcli to set description attribute and to show all AD + attributes [#1737342] + * Fri Jun 14 2019 Sumit Bose - 0.8.2-3 - use autosetup macro to simplify patch handling - fixed rpmlint warnings in the spec file