diff --git a/0001-man-move-note-to-the-right-section.patch b/0001-man-move-note-to-the-right-section.patch deleted file mode 100644 index 2adbaca73318b7ffa742338d7b9389190c041f6b..0000000000000000000000000000000000000000 --- a/0001-man-move-note-to-the-right-section.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d2d3879bdfcea70757a8b0527882e79e8b5c6e70 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 27 Nov 2019 18:26:44 +0100 -Subject: [PATCH] man: move note to the right section - -Unfortunately the note about the password lifetime was added to the join -section. This patch move it to the update section where it belongs to. - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573 - https://bugzilla.redhat.com/show_bug.cgi?id=1745931 - https://bugzilla.redhat.com/show_bug.cgi?id=1774622 ---- - doc/adcli.xml | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/doc/adcli.xml b/doc/adcli.xml -index 4f201e0..9faf96a 100644 ---- a/doc/adcli.xml -+++ b/doc/adcli.xml -@@ -330,11 +330,7 @@ Password for Administrator: - important here is currently the - option, see - smb.conf5 -- for details. -- Note that if the machine account password is not -- older than 30 days, you have to pass -- to -- force the update. -+ for details. - - - -@@ -472,7 +468,11 @@ $ adcli update --login-ccache=/tmp/krbcc_123 - important here is currently the - option, see - smb.conf5 -- for details. -+ for details. -+ Note that if the machine account password is not -+ older than 30 days, you have to pass -+ to -+ force the update. - - - --- -2.23.0 - diff --git a/0002-tools-add-show-computer-command.patch b/0002-tools-add-show-computer-command.patch deleted file mode 100644 index fc4065fb3379f8f4f1f50ad5c8cf085815ffea55..0000000000000000000000000000000000000000 --- a/0002-tools-add-show-computer-command.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 0a169bd9b2687293f74bb57694eb82f9769610c9 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 27 Nov 2019 12:34:45 +0100 -Subject: [PATCH] tools: add show-computer command - -The show-computer command prints the LDAP attributes of the related -computer object from AD. - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342 ---- - doc/adcli.xml | 28 ++++++++++++++ - library/adenroll.c | 78 +++++++++++++++++++++++++++++--------- - library/adenroll.h | 5 +++ - tools/computer.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++ - tools/tools.c | 1 + - tools/tools.h | 4 ++ - 6 files changed, 191 insertions(+), 18 deletions(-) - -diff --git a/doc/adcli.xml b/doc/adcli.xml -index 9faf96a..1f93186 100644 ---- a/doc/adcli.xml -+++ b/doc/adcli.xml -@@ -93,6 +93,11 @@ - --domain=domain.example.com - computer - -+ -+ adcli show-computer -+ --domain=domain.example.com -+ computer -+ - - - -@@ -811,6 +816,29 @@ Password for Administrator: - - - -+ -+ Show Computer Account Attributes -+ -+ adcli show-computer show the computer account -+ attributes stored in AD. The account must already exist. -+ -+ -+$ adcli show-computer --domain=domain.example.com host2 -+Password for Administrator: -+ -+ -+ If the computer name contains a dot, then it is -+ treated as fully qualified host name, otherwise it is treated -+ as short computer name. -+ -+ If no computer name is specified, then the host name of the -+ computer adcli is running on is used, as returned by -+ gethostname(). -+ -+ The various global options can be used. -+ -+ -+ - - Bugs - -diff --git a/library/adenroll.c b/library/adenroll.c -index 524663a..8d2adeb 100644 ---- a/library/adenroll.c -+++ b/library/adenroll.c -@@ -71,6 +71,21 @@ static krb5_enctype v51_earlier_enctypes[] = { - 0 - }; - -+static char *default_ad_ldap_attrs[] = { -+ "sAMAccountName", -+ "userPrincipalName", -+ "msDS-KeyVersionNumber", -+ "msDS-supportedEncryptionTypes", -+ "dNSHostName", -+ "servicePrincipalName", -+ "operatingSystem", -+ "operatingSystemVersion", -+ "operatingSystemServicePack", -+ "pwdLastSet", -+ "userAccountControl", -+ NULL, -+}; -+ - /* Some constants for the userAccountControl AD LDAP attribute, see e.g. - * https://support.microsoft.com/en-us/help/305144/how-to-use-the-useraccountcontrol-flags-to-manipulate-user-account-pro - * for details. */ -@@ -1213,19 +1228,6 @@ retrieve_computer_account (adcli_enroll *enroll) - char *end; - int ret; - -- char *attrs[] = { -- "msDS-KeyVersionNumber", -- "msDS-supportedEncryptionTypes", -- "dNSHostName", -- "servicePrincipalName", -- "operatingSystem", -- "operatingSystemVersion", -- "operatingSystemServicePack", -- "pwdLastSet", -- "userAccountControl", -- NULL, -- }; -- - assert (enroll->computer_dn != NULL); - assert (enroll->computer_attributes == NULL); - -@@ -1233,7 +1235,8 @@ retrieve_computer_account (adcli_enroll *enroll) - assert (ldap != NULL); - - ret = ldap_search_ext_s (ldap, enroll->computer_dn, LDAP_SCOPE_BASE, -- "(objectClass=*)", attrs, 0, NULL, NULL, NULL, -1, -+ "(objectClass=*)", default_ad_ldap_attrs, -+ 0, NULL, NULL, NULL, -1, - &enroll->computer_attributes); - - if (ret != LDAP_SUCCESS) { -@@ -2179,12 +2182,11 @@ adcli_enroll_load (adcli_enroll *enroll) - } - - adcli_result --adcli_enroll_update (adcli_enroll *enroll, -- adcli_enroll_flags flags) -+adcli_enroll_read_computer_account (adcli_enroll *enroll, -+ adcli_enroll_flags flags) - { - adcli_result res = ADCLI_SUCCESS; - LDAP *ldap; -- char *value; - - return_unexpected_if_fail (enroll != NULL); - -@@ -2214,7 +2216,18 @@ adcli_enroll_update (adcli_enroll *enroll, - } - - /* Get information about the computer account */ -- res = retrieve_computer_account (enroll); -+ return retrieve_computer_account (enroll); -+} -+ -+adcli_result -+adcli_enroll_update (adcli_enroll *enroll, -+ adcli_enroll_flags flags) -+{ -+ adcli_result res = ADCLI_SUCCESS; -+ LDAP *ldap; -+ char *value; -+ -+ res = adcli_enroll_read_computer_account (enroll, flags); - if (res != ADCLI_SUCCESS) - return res; - -@@ -2242,6 +2255,35 @@ adcli_enroll_update (adcli_enroll *enroll, - return enroll_join_or_update_tasks (enroll, flags); - } - -+adcli_result -+adcli_enroll_show_computer_attribute (adcli_enroll *enroll) -+{ -+ LDAP *ldap; -+ size_t c; -+ char **vals; -+ size_t v; -+ -+ ldap = adcli_conn_get_ldap_connection (enroll->conn); -+ assert (ldap != NULL); -+ -+ for (c = 0; default_ad_ldap_attrs[c] != NULL; c++) { -+ vals = _adcli_ldap_parse_values (ldap, -+ enroll->computer_attributes, -+ default_ad_ldap_attrs[c]); -+ printf ("%s:\n", default_ad_ldap_attrs[c]); -+ if (vals == NULL) { -+ printf (" - not set -\n"); -+ } else { -+ for (v = 0; vals[v] != NULL; v++) { -+ printf (" %s\n", vals[v]); -+ } -+ } -+ _adcli_strv_free (vals); -+ } -+ -+ return ADCLI_SUCCESS; -+} -+ - adcli_result - adcli_enroll_delete (adcli_enroll *enroll, - adcli_enroll_flags delete_flags) -diff --git a/library/adenroll.h b/library/adenroll.h -index 1d5d00d..11eb517 100644 ---- a/library/adenroll.h -+++ b/library/adenroll.h -@@ -46,6 +46,11 @@ adcli_result adcli_enroll_join (adcli_enroll *enroll, - adcli_result adcli_enroll_update (adcli_enroll *enroll, - adcli_enroll_flags flags); - -+adcli_result adcli_enroll_read_computer_account (adcli_enroll *enroll, -+ adcli_enroll_flags flags); -+ -+adcli_result adcli_enroll_show_computer_attribute (adcli_enroll *enroll); -+ - adcli_result adcli_enroll_delete (adcli_enroll *enroll, - adcli_enroll_flags delete_flags); - -diff --git a/tools/computer.c b/tools/computer.c -index ac8a203..c8b96a4 100644 ---- a/tools/computer.c -+++ b/tools/computer.c -@@ -964,3 +964,96 @@ adcli_tool_computer_delete (adcli_conn *conn, - adcli_enroll_unref (enroll); - return 0; - } -+ -+int -+adcli_tool_computer_show (adcli_conn *conn, -+ int argc, -+ char *argv[]) -+{ -+ adcli_enroll *enroll; -+ adcli_result res; -+ int opt; -+ -+ struct option options[] = { -+ { "domain", required_argument, NULL, opt_domain }, -+ { "domain-realm", required_argument, NULL, opt_domain_realm }, -+ { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "login-user", required_argument, NULL, opt_login_user }, -+ { "login-ccache", optional_argument, NULL, opt_login_ccache }, -+ { "login-type", required_argument, NULL, opt_login_type }, -+ { "no-password", no_argument, 0, opt_no_password }, -+ { "stdin-password", no_argument, 0, opt_stdin_password }, -+ { "prompt-password", no_argument, 0, opt_prompt_password }, -+ { "verbose", no_argument, NULL, opt_verbose }, -+ { "help", no_argument, NULL, 'h' }, -+ { 0 }, -+ }; -+ -+ static adcli_tool_desc usages[] = { -+ { 0, "usage: adcli show-computer --domain=xxxx host1.example.com" }, -+ { 0 }, -+ }; -+ -+ enroll = adcli_enroll_new (conn); -+ if (enroll == NULL) { -+ warnx ("unexpected memory problems"); -+ return -1; -+ } -+ -+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) { -+ switch (opt) { -+ case 'h': -+ case '?': -+ case ':': -+ adcli_tool_usage (options, usages); -+ adcli_tool_usage (options, common_usages); -+ adcli_enroll_unref (enroll); -+ return opt == 'h' ? 0 : 2; -+ default: -+ res = parse_option ((Option)opt, optarg, conn, enroll); -+ if (res != ADCLI_SUCCESS) { -+ adcli_enroll_unref (enroll); -+ return res; -+ } -+ break; -+ } -+ } -+ -+ argc -= optind; -+ argv += optind; -+ -+ res = adcli_conn_connect (conn); -+ if (res != ADCLI_SUCCESS) { -+ warnx ("couldn't connect to %s domain: %s", -+ adcli_conn_get_domain_name (conn), -+ adcli_get_last_error ()); -+ adcli_enroll_unref (enroll); -+ return -res; -+ } -+ -+ if (argc == 1) { -+ parse_fqdn_or_name (enroll, argv[0]); -+ } -+ -+ res = adcli_enroll_read_computer_account (enroll, 0); -+ if (res != ADCLI_SUCCESS) { -+ warnx ("couldn't read data for %s: %s", -+ adcli_enroll_get_host_fqdn (enroll) != NULL -+ ? adcli_enroll_get_host_fqdn (enroll) -+ : adcli_enroll_get_computer_name (enroll), -+ adcli_get_last_error ()); -+ adcli_enroll_unref (enroll); -+ return -res; -+ } -+ -+ res = adcli_enroll_show_computer_attribute (enroll); -+ if (res != ADCLI_SUCCESS) { -+ warnx ("couldn't print data for %s: %s", -+ argv[0], adcli_get_last_error ()); -+ adcli_enroll_unref (enroll); -+ return -res; -+ } -+ -+ adcli_enroll_unref (enroll); -+ return 0; -+} -diff --git a/tools/tools.c b/tools/tools.c -index fc9fa9a..9d422f2 100644 ---- a/tools/tools.c -+++ b/tools/tools.c -@@ -59,6 +59,7 @@ struct { - { "preset-computer", adcli_tool_computer_preset, "Pre setup computers accounts", }, - { "reset-computer", adcli_tool_computer_reset, "Reset a computer account", }, - { "delete-computer", adcli_tool_computer_delete, "Delete a computer account", }, -+ { "show-computer", adcli_tool_computer_show, "Show computer account attributes stored in AD", }, - { "create-user", adcli_tool_user_create, "Create a user account", }, - { "delete-user", adcli_tool_user_delete, "Delete a user account", }, - { "create-group", adcli_tool_group_create, "Create a group", }, -diff --git a/tools/tools.h b/tools/tools.h -index 8cebbf9..3702875 100644 ---- a/tools/tools.h -+++ b/tools/tools.h -@@ -78,6 +78,10 @@ int adcli_tool_computer_delete (adcli_conn *conn, - int argc, - char *argv[]); - -+int adcli_tool_computer_show (adcli_conn *conn, -+ int argc, -+ char *argv[]); -+ - int adcli_tool_user_create (adcli_conn *conn, - int argc, - char *argv[]); --- -2.23.0 - diff --git a/0003-add-description-option-to-join-and-update.patch b/0003-add-description-option-to-join-and-update.patch deleted file mode 100644 index 6cefb972de25631b3ebf3cb684d2c78b965b07ed..0000000000000000000000000000000000000000 --- a/0003-add-description-option-to-join-and-update.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 3937a2a7db90611aa7a93248233b0c5d31e85a3e Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 27 Nov 2019 14:48:32 +0100 -Subject: [PATCH] add description option to join and update - -This new option allows to set the description LDAP attribute for the AD -computer object. - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342 ---- - doc/adcli.xml | 10 ++++++++++ - library/adenroll.c | 29 +++++++++++++++++++++++++++++ - library/adenroll.h | 4 ++++ - tools/computer.c | 7 +++++++ - 4 files changed, 50 insertions(+) - -diff --git a/doc/adcli.xml b/doc/adcli.xml -index 1f93186..dd30435 100644 ---- a/doc/adcli.xml -+++ b/doc/adcli.xml -@@ -275,6 +275,11 @@ Password for Administrator: - Set the operating system version on the computer - account. Not set by default. - -+ -+ -+ Set the description attribute on the computer -+ account. Not set by default. -+ - - - Additional service name for a kerberos -@@ -416,6 +421,11 @@ $ adcli update --login-ccache=/tmp/krbcc_123 - Set the operating system version on the computer - account. Not set by default. - -+ -+ -+ Set the description attribute on the computer -+ account. Not set by default. -+ - - - Additional service name for a Kerberos -diff --git a/library/adenroll.c b/library/adenroll.c -index 8d2adeb..246f658 100644 ---- a/library/adenroll.c -+++ b/library/adenroll.c -@@ -83,6 +83,7 @@ static char *default_ad_ldap_attrs[] = { - "operatingSystemServicePack", - "pwdLastSet", - "userAccountControl", -+ "description", - NULL, - }; - -@@ -143,6 +144,7 @@ struct _adcli_enroll { - char *samba_data_tool; - bool trusted_for_delegation; - int trusted_for_delegation_explicit; -+ char *description; - }; - - static adcli_result -@@ -756,6 +758,8 @@ create_computer_account (adcli_enroll *enroll, - char *vals_userPrincipalName[] = { enroll->user_principal, NULL }; - LDAPMod userPrincipalName = { LDAP_MOD_ADD, "userPrincipalName", { vals_userPrincipalName, }, }; - LDAPMod servicePrincipalName = { LDAP_MOD_ADD, "servicePrincipalName", { enroll->service_principals, } }; -+ char *vals_description[] = { enroll->description, NULL }; -+ LDAPMod description = { LDAP_MOD_ADD, "description", { vals_description, }, }; - - char *val = NULL; - -@@ -774,6 +778,7 @@ create_computer_account (adcli_enroll *enroll, - &operatingSystemServicePack, - &userPrincipalName, - &servicePrincipalName, -+ &description, - NULL - }; - -@@ -1460,6 +1465,14 @@ update_computer_account (adcli_enroll *enroll) - res |= update_computer_attribute (enroll, ldap, mods); - } - -+ if (res == ADCLI_SUCCESS && enroll->description != NULL) { -+ char *vals_description[] = { enroll->description, NULL }; -+ LDAPMod description = { LDAP_MOD_REPLACE, "description", { vals_description, }, }; -+ LDAPMod *mods[] = { &description, NULL, }; -+ -+ res |= update_computer_attribute (enroll, ldap, mods); -+ } -+ - if (res != 0) - _adcli_info ("Updated existing computer account: %s", enroll->computer_dn); - } -@@ -2899,6 +2912,22 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll, - enroll->trusted_for_delegation_explicit = 1; - } - -+void -+adcli_enroll_set_description (adcli_enroll *enroll, const char *value) -+{ -+ return_if_fail (enroll != NULL); -+ if (value != NULL && value[0] != '\0') { -+ _adcli_str_set (&enroll->description, value); -+ } -+} -+ -+const char * -+adcli_enroll_get_desciption (adcli_enroll *enroll) -+{ -+ return_val_if_fail (enroll != NULL, NULL); -+ return enroll->description; -+} -+ - const char ** - adcli_enroll_get_service_principals_to_add (adcli_enroll *enroll) - { -diff --git a/library/adenroll.h b/library/adenroll.h -index 11eb517..0606169 100644 ---- a/library/adenroll.h -+++ b/library/adenroll.h -@@ -126,6 +126,10 @@ bool adcli_enroll_get_trusted_for_delegation (adcli_enroll *enroll - void adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll, - bool value); - -+const char * adcli_enroll_get_desciption (adcli_enroll *enroll); -+void adcli_enroll_set_description (adcli_enroll *enroll, -+ const char *value); -+ - krb5_kvno adcli_enroll_get_kvno (adcli_enroll *enroll); - - void adcli_enroll_set_kvno (adcli_enroll *enroll, -diff --git a/tools/computer.c b/tools/computer.c -index c8b96a4..840e334 100644 ---- a/tools/computer.c -+++ b/tools/computer.c -@@ -112,6 +112,7 @@ typedef enum { - opt_trusted_for_delegation, - opt_add_service_principal, - opt_remove_service_principal, -+ opt_description, - } Option; - - static adcli_tool_desc common_usages[] = { -@@ -142,6 +143,7 @@ static adcli_tool_desc common_usages[] = { - "in the userAccountControl attribute", }, - { opt_add_service_principal, "add the given service principal to the account\n" }, - { opt_remove_service_principal, "remove the given service principal from the account\n" }, -+ { opt_description, "add a description to the account\n" }, - { opt_no_password, "don't prompt for or read a password" }, - { opt_prompt_password, "prompt for a password if necessary" }, - { opt_stdin_password, "read a password from stdin (until EOF) if\n" -@@ -306,6 +308,9 @@ parse_option (Option opt, - case opt_remove_service_principal: - adcli_enroll_add_service_principal_to_remove (enroll, optarg); - return ADCLI_SUCCESS; -+ case opt_description: -+ adcli_enroll_set_description (enroll, optarg); -+ return ADCLI_SUCCESS; - case opt_verbose: - return ADCLI_SUCCESS; - -@@ -369,6 +374,7 @@ adcli_tool_computer_join (adcli_conn *conn, - { "os-name", required_argument, NULL, opt_os_name }, - { "os-version", required_argument, NULL, opt_os_version }, - { "os-service-pack", optional_argument, NULL, opt_os_service_pack }, -+ { "description", optional_argument, NULL, opt_description }, - { "user-principal", optional_argument, NULL, opt_user_principal }, - { "trusted-for-delegation", required_argument, NULL, opt_trusted_for_delegation }, - { "add-service-principal", required_argument, NULL, opt_add_service_principal }, -@@ -487,6 +493,7 @@ adcli_tool_computer_update (adcli_conn *conn, - { "os-name", required_argument, NULL, opt_os_name }, - { "os-version", required_argument, NULL, opt_os_version }, - { "os-service-pack", optional_argument, NULL, opt_os_service_pack }, -+ { "description", optional_argument, NULL, opt_description }, - { "user-principal", optional_argument, NULL, opt_user_principal }, - { "computer-password-lifetime", optional_argument, NULL, opt_computer_password_lifetime }, - { "trusted-for-delegation", required_argument, NULL, opt_trusted_for_delegation }, --- -2.23.0 - diff --git a/0004-Use-GSS-SPNEGO-if-available.patch b/0004-Use-GSS-SPNEGO-if-available.patch deleted file mode 100644 index fd5613f3e8334da37df7a123332ec2c61c636c3e..0000000000000000000000000000000000000000 --- a/0004-Use-GSS-SPNEGO-if-available.patch +++ /dev/null @@ -1,124 +0,0 @@ -From a6f795ba3d6048b32d7863468688bf7f42b2cafd Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Fri, 11 Oct 2019 16:39:25 +0200 -Subject: [PATCH] Use GSS-SPNEGO if available - -Currently adcli uses the GSSAPI SASL mechanism for LDAP authentication -and to establish encryption. While this works in general it does not -handle some of the more advanced features which can be required by AD -DCs. - -The GSS-SPNEGO mechanism can handle them and is used with this patch by -adcli if the AD DC indicates that it supports it. - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420 ---- - library/adconn.c | 35 ++++++++++++++++++++++++++++++++++- - library/adconn.h | 3 +++ - 2 files changed, 37 insertions(+), 1 deletion(-) - -diff --git a/library/adconn.c b/library/adconn.c -index bcaced8..ffb54f9 100644 ---- a/library/adconn.c -+++ b/library/adconn.c -@@ -77,6 +77,7 @@ struct _adcli_conn_ctx { - char *default_naming_context; - char *configuration_naming_context; - char **supported_capabilities; -+ char **supported_sasl_mechs; - - /* Connect state */ - LDAP *ldap; -@@ -845,6 +846,7 @@ connect_and_lookup_naming (adcli_conn *conn, - "defaultNamingContext", - "configurationNamingContext", - "supportedCapabilities", -+ "supportedSASLMechanisms", - NULL - }; - -@@ -897,6 +899,11 @@ connect_and_lookup_naming (adcli_conn *conn, - "supportedCapabilities"); - } - -+ if (conn->supported_sasl_mechs == NULL) { -+ conn->supported_sasl_mechs = _adcli_ldap_parse_values (ldap, results, -+ "supportedSASLMechanisms"); -+ } -+ - ldap_msgfree (results); - - if (conn->default_naming_context == NULL) { -@@ -1022,6 +1029,7 @@ authenticate_to_directory (adcli_conn *conn) - OM_uint32 minor; - ber_len_t ssf; - int ret; -+ const char *mech = "GSSAPI"; - - if (conn->ldap_authenticated) - return ADCLI_SUCCESS; -@@ -1038,7 +1046,11 @@ authenticate_to_directory (adcli_conn *conn) - ret = ldap_set_option (conn->ldap, LDAP_OPT_X_SASL_SSF_MIN, &ssf); - return_unexpected_if_fail (ret == 0); - -- ret = ldap_sasl_interactive_bind_s (conn->ldap, NULL, "GSSAPI", NULL, NULL, -+ if (adcli_conn_server_has_sasl_mech (conn, "GSS-SPNEGO")) { -+ mech = "GSS-SPNEGO"; -+ } -+ -+ ret = ldap_sasl_interactive_bind_s (conn->ldap, NULL, mech, NULL, NULL, - LDAP_SASL_QUIET, sasl_interact, NULL); - - /* Clear the credential cache GSSAPI to use (for this thread) */ -@@ -1231,6 +1243,7 @@ conn_free (adcli_conn *conn) - free (conn->default_naming_context); - free (conn->configuration_naming_context); - _adcli_strv_free (conn->supported_capabilities); -+ _adcli_strv_free (conn->supported_sasl_mechs); - - free (conn->computer_name); - free (conn->host_fqdn); -@@ -1606,6 +1619,26 @@ adcli_conn_server_has_capability (adcli_conn *conn, - return 0; - } - -+bool -+adcli_conn_server_has_sasl_mech (adcli_conn *conn, -+ const char *mech) -+{ -+ int i; -+ -+ return_val_if_fail (conn != NULL, false); -+ return_val_if_fail (mech != NULL, false); -+ -+ if (!conn->supported_sasl_mechs) -+ return false; -+ -+ for (i = 0; conn->supported_sasl_mechs[i] != NULL; i++) { -+ if (strcasecmp (mech, conn->supported_sasl_mechs[i]) == 0) -+ return true; -+ } -+ -+ return false; -+} -+ - bool adcli_conn_is_writeable (adcli_conn *conn) - { - disco_dance_if_necessary (conn); -diff --git a/library/adconn.h b/library/adconn.h -index 1ad5715..37ebdd9 100644 ---- a/library/adconn.h -+++ b/library/adconn.h -@@ -149,6 +149,9 @@ void adcli_conn_set_krb5_conf_dir (adcli_conn *conn, - int adcli_conn_server_has_capability (adcli_conn *conn, - const char *capability); - -+bool adcli_conn_server_has_sasl_mech (adcli_conn *conn, -+ const char *mech); -+ - bool adcli_conn_is_writeable (adcli_conn *conn); - - #endif /* ADCONN_H_ */ --- -2.23.0 - diff --git a/0005-add-option-use-ldaps.patch b/0005-add-option-use-ldaps.patch deleted file mode 100644 index c296f3fe1950782b2eaa15aee2815ae29c686c02..0000000000000000000000000000000000000000 --- a/0005-add-option-use-ldaps.patch +++ /dev/null @@ -1,378 +0,0 @@ -From 85097245b57f190337225dbdbf6e33b58616c092 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Thu, 19 Dec 2019 07:22:33 +0100 -Subject: [PATCH] add option use-ldaps - -In general using the LDAP port with GSS-SPNEGO should satifiy all -requirements an AD DC should have for authentication on an encrypted -LDAP connection. - -But if e.g. the LDAP port is blocked by a firewall using the LDAPS port -with TLS encryption might be an alternative. For this use case the ---use-ldaps option is added. - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420 ---- - doc/adcli.xml | 24 +++++++++++++++ - library/adconn.c | 79 ++++++++++++++++++++++++++++++++++++++++++------ - library/adconn.h | 4 +++ - tools/computer.c | 10 ++++++ - tools/entry.c | 11 +++++++ - 5 files changed, 119 insertions(+), 9 deletions(-) - -diff --git a/doc/adcli.xml b/doc/adcli.xml -index dd30435..acced25 100644 ---- a/doc/adcli.xml -+++ b/doc/adcli.xml -@@ -128,6 +128,30 @@ - If not specified, then an appropriate domain controller - is automatically discovered. - -+ -+ -+ Connect to the domain controller -+ with LDAPS. By default the LDAP port is used and SASL -+ GSS-SPNEGO or GSSAPI is used for authentication and to -+ establish encryption. This should satisfy all -+ requirements set on the server side and LDAPS should -+ only be used if the LDAP port is not accessible due to -+ firewalls or other reasons. -+ Please note that the place where CA certificates -+ can be found to validate the AD DC certificates -+ must be configured in the OpenLDAP configuration -+ file, e.g. /etc/openldap/ldap.conf. -+ As an alternative it can be specified with the help of -+ an environment variable, e.g. -+ -+$ LDAPTLS_CACERT=/path/to/ad_dc_ca_cert.pem adcli join --use-ldaps -D domain.example.com -+... -+ -+ Please see -+ ldap.conf -+ 5 for details. -+ -+ - - - Use the specified kerberos credential -diff --git a/library/adconn.c b/library/adconn.c -index ffb54f9..7bab852 100644 ---- a/library/adconn.c -+++ b/library/adconn.c -@@ -70,6 +70,7 @@ struct _adcli_conn_ctx { - char *domain_name; - char *domain_realm; - char *domain_controller; -+ bool use_ldaps; - char *canonical_host; - char *domain_short; - char *domain_sid; -@@ -773,7 +774,8 @@ int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap - - static LDAP * - connect_to_address (const char *host, -- const char *canonical_host) -+ const char *canonical_host, -+ bool use_ldaps) - { - struct addrinfo *res = NULL; - struct addrinfo *ai; -@@ -783,6 +785,16 @@ connect_to_address (const char *host, - char *url; - int sock; - int rc; -+ int opt_rc; -+ const char *port = "389"; -+ const char *proto = "ldap"; -+ const char *errmsg = NULL; -+ -+ if (use_ldaps) { -+ port = "636"; -+ proto = "ldaps"; -+ _adcli_info ("Using LDAPS to connect to %s", host); -+ } - - memset (&hints, '\0', sizeof(hints)); - #ifdef AI_ADDRCONFIG -@@ -794,7 +806,7 @@ connect_to_address (const char *host, - if (!canonical_host) - canonical_host = host; - -- rc = getaddrinfo (host, "389", &hints, &res); -+ rc = getaddrinfo (host, port, &hints, &res); - if (rc != 0) { - _adcli_err ("Couldn't resolve host name: %s: %s", host, gai_strerror (rc)); - return NULL; -@@ -810,7 +822,7 @@ connect_to_address (const char *host, - close (sock); - } else { - error = 0; -- if (asprintf (&url, "ldap://%s", canonical_host) < 0) -+ if (asprintf (&url, "%s://%s", proto, canonical_host) < 0) - return_val_if_reached (NULL); - rc = ldap_init_fd (sock, 1, url, &ldap); - free (url); -@@ -820,6 +832,25 @@ connect_to_address (const char *host, - ldap_err2string (rc)); - break; - } -+ -+ if (use_ldaps) { -+ rc = ldap_install_tls (ldap); -+ if (rc != LDAP_SUCCESS) { -+ opt_rc = ldap_get_option (ldap, -+ LDAP_OPT_DIAGNOSTIC_MESSAGE, -+ (void *) &errmsg); -+ if (opt_rc != LDAP_SUCCESS) { -+ errmsg = NULL; -+ } -+ _adcli_err ("Couldn't initialize TLS [%s]: %s", -+ ldap_err2string (rc), -+ errmsg == NULL ? "- no details -" -+ : errmsg); -+ ldap_unbind_ext_s (ldap, NULL, NULL); -+ ldap = NULL; -+ break; -+ } -+ } - } - } - -@@ -856,7 +887,8 @@ connect_and_lookup_naming (adcli_conn *conn, - if (!canonical_host) - canonical_host = disco->host_addr; - -- ldap = connect_to_address (disco->host_addr, canonical_host); -+ ldap = connect_to_address (disco->host_addr, canonical_host, -+ adcli_conn_get_use_ldaps (conn)); - if (ldap == NULL) - return ADCLI_ERR_DIRECTORY; - -@@ -1041,14 +1073,28 @@ authenticate_to_directory (adcli_conn *conn) - status = gss_krb5_ccache_name (&minor, conn->login_ccache_name, NULL); - return_unexpected_if_fail (status == 0); - -- /* Clumsily tell ldap + cyrus-sasl that we want encryption */ -- ssf = 1; -- ret = ldap_set_option (conn->ldap, LDAP_OPT_X_SASL_SSF_MIN, &ssf); -- return_unexpected_if_fail (ret == 0); -+ if (adcli_conn_get_use_ldaps (conn)) { -+ /* do not use SASL encryption on LDAPS connection */ -+ ssf = 0; -+ ret = ldap_set_option (conn->ldap, LDAP_OPT_X_SASL_SSF_MIN, &ssf); -+ return_unexpected_if_fail (ret == 0); -+ ret = ldap_set_option (conn->ldap, LDAP_OPT_X_SASL_SSF_MAX, &ssf); -+ return_unexpected_if_fail (ret == 0); -+ } else { -+ /* Clumsily tell ldap + cyrus-sasl that we want encryption */ -+ ssf = 1; -+ ret = ldap_set_option (conn->ldap, LDAP_OPT_X_SASL_SSF_MIN, &ssf); -+ return_unexpected_if_fail (ret == 0); -+ } - -- if (adcli_conn_server_has_sasl_mech (conn, "GSS-SPNEGO")) { -+ /* There are issues with cryrus-sasl and GSS-SPNEGO with TLS even if -+ * ssf_max is set to 0. To be on the safe side GSS-SPNEGO is only used -+ * without LDAPS. */ -+ if (adcli_conn_server_has_sasl_mech (conn, "GSS-SPNEGO") -+ && !adcli_conn_get_use_ldaps (conn)) { - mech = "GSS-SPNEGO"; - } -+ _adcli_info ("Using %s for SASL bind", mech); - - ret = ldap_sasl_interactive_bind_s (conn->ldap, NULL, mech, NULL, NULL, - LDAP_SASL_QUIET, sasl_interact, NULL); -@@ -1230,6 +1276,7 @@ adcli_conn_new (const char *domain_name) - conn->refs = 1; - conn->logins_allowed = ADCLI_LOGIN_COMPUTER_ACCOUNT | ADCLI_LOGIN_USER_ACCOUNT; - adcli_conn_set_domain_name (conn, domain_name); -+ adcli_conn_set_use_ldaps (conn, false); - return conn; - } - -@@ -1389,6 +1436,20 @@ adcli_conn_set_domain_controller (adcli_conn *conn, - no_more_disco (conn); - } - -+bool -+adcli_conn_get_use_ldaps (adcli_conn *conn) -+{ -+ return_val_if_fail (conn != NULL, NULL); -+ return conn->use_ldaps; -+} -+ -+void -+adcli_conn_set_use_ldaps (adcli_conn *conn, bool value) -+{ -+ return_if_fail (conn != NULL); -+ conn->use_ldaps = value; -+} -+ - const char * - adcli_conn_get_domain_short (adcli_conn *conn) - { -diff --git a/library/adconn.h b/library/adconn.h -index 37ebdd9..1d5faa8 100644 ---- a/library/adconn.h -+++ b/library/adconn.h -@@ -89,6 +89,10 @@ const char * adcli_conn_get_domain_controller (adcli_conn *conn); - void adcli_conn_set_domain_controller (adcli_conn *conn, - const char *value); - -+bool adcli_conn_get_use_ldaps (adcli_conn *conn); -+void adcli_conn_set_use_ldaps (adcli_conn *conn, -+ bool value); -+ - const char * adcli_conn_get_domain_short (adcli_conn *conn); - - const char * adcli_conn_get_domain_sid (adcli_conn *conn); -diff --git a/tools/computer.c b/tools/computer.c -index 840e334..292c4d8 100644 ---- a/tools/computer.c -+++ b/tools/computer.c -@@ -113,12 +113,14 @@ typedef enum { - opt_add_service_principal, - opt_remove_service_principal, - opt_description, -+ opt_use_ldaps, - } Option; - - static adcli_tool_desc common_usages[] = { - { opt_domain, "active directory domain name" }, - { opt_domain_realm, "kerberos realm for the domain" }, - { opt_domain_controller, "domain controller to connect to" }, -+ { opt_use_ldaps, "use LDAPS port for communication" }, - { opt_host_fqdn, "override the fully qualified domain name of the\n" - "local machine" }, - { opt_host_keytab, "filename for the host kerberos keytab" }, -@@ -311,6 +313,9 @@ parse_option (Option opt, - case opt_description: - adcli_enroll_set_description (enroll, optarg); - return ADCLI_SUCCESS; -+ case opt_use_ldaps: -+ adcli_conn_set_use_ldaps (conn, true); -+ return ADCLI_SUCCESS; - case opt_verbose: - return ADCLI_SUCCESS; - -@@ -357,6 +362,7 @@ adcli_tool_computer_join (adcli_conn *conn, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, - { "domain-server", required_argument, NULL, opt_domain_controller }, /* compat */ -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "user", required_argument, NULL, opt_login_user }, /* compat */ - { "login-ccache", optional_argument, NULL, opt_login_ccache }, -@@ -688,6 +694,7 @@ adcli_tool_computer_preset (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "domain-ou", required_argument, NULL, opt_domain_ou }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, -@@ -800,6 +807,7 @@ adcli_tool_computer_reset (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "login-type", required_argument, NULL, opt_login_type }, -@@ -888,6 +896,7 @@ adcli_tool_computer_delete (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "no-password", no_argument, 0, opt_no_password }, -@@ -985,6 +994,7 @@ adcli_tool_computer_show (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "login-type", required_argument, NULL, opt_login_type }, -diff --git a/tools/entry.c b/tools/entry.c -index f361845..05e4313 100644 ---- a/tools/entry.c -+++ b/tools/entry.c -@@ -53,6 +53,7 @@ typedef enum { - opt_unix_gid, - opt_unix_shell, - opt_nis_domain, -+ opt_use_ldaps, - } Option; - - static adcli_tool_desc common_usages[] = { -@@ -67,6 +68,7 @@ static adcli_tool_desc common_usages[] = { - { opt_domain, "active directory domain name" }, - { opt_domain_realm, "kerberos realm for the domain" }, - { opt_domain_controller, "domain directory server to connect to" }, -+ { opt_use_ldaps, "use LDAPS port for communication" }, - { opt_login_ccache, "kerberos credential cache file which contains\n" - "ticket to used to connect to the domain" }, - { opt_login_user, "user (usually administrative) login name of\n" -@@ -136,6 +138,9 @@ parse_option (Option opt, - stdin_password = 1; - } - return ADCLI_SUCCESS; -+ case opt_use_ldaps: -+ adcli_conn_set_use_ldaps (conn, true); -+ return ADCLI_SUCCESS; - case opt_verbose: - return ADCLI_SUCCESS; - default: -@@ -172,6 +177,7 @@ adcli_tool_user_create (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "no-password", no_argument, 0, opt_no_password }, -@@ -306,6 +312,7 @@ adcli_tool_user_delete (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "no-password", no_argument, 0, opt_no_password }, -@@ -394,6 +401,7 @@ adcli_tool_group_create (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "domain-ou", required_argument, NULL, opt_domain_ou }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, -@@ -496,6 +504,7 @@ adcli_tool_group_delete (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "no-password", no_argument, 0, opt_no_password }, -@@ -622,6 +631,7 @@ adcli_tool_member_add (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "no-password", no_argument, 0, opt_no_password }, -@@ -722,6 +732,7 @@ adcli_tool_member_remove (adcli_conn *conn, - { "domain", required_argument, NULL, opt_domain }, - { "domain-realm", required_argument, NULL, opt_domain_realm }, - { "domain-controller", required_argument, NULL, opt_domain_controller }, -+ { "use-ldaps", no_argument, 0, opt_use_ldaps }, - { "login-user", required_argument, NULL, opt_login_user }, - { "login-ccache", optional_argument, NULL, opt_login_ccache }, - { "no-password", no_argument, 0, opt_no_password }, --- -2.23.0 - diff --git a/0006-discovery-fix.patch b/0006-discovery-fix.patch deleted file mode 100644 index 011d93139e188d0e2d0b885de658bd2223d30b75..0000000000000000000000000000000000000000 --- a/0006-discovery-fix.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 08bac0946de29f3e5de90743ce6dfc7118d4ad20 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 11 Feb 2020 17:42:03 +0100 -Subject: [PATCH] discovery fix - -Do not continue processing on closed connection. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1802258 ---- - library/addisco.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/library/addisco.c b/library/addisco.c -index 6e73ead..f3b3546 100644 ---- a/library/addisco.c -+++ b/library/addisco.c -@@ -622,6 +622,7 @@ ldap_disco (const char *domain, - "Couldn't perform discovery search"); - ldap_unbind_ext_s (ldap[i], NULL, NULL); - ldap[i] = NULL; -+ continue; - } - - /* From https://msdn.microsoft.com/en-us/library/ff718294.aspx first --- -2.23.0 - diff --git a/0007-delete-do-not-exit-if-keytab-cannot-be-read.patch b/0007-delete-do-not-exit-if-keytab-cannot-be-read.patch deleted file mode 100644 index 5b803fa16ef24cf7ef09038b59b2478e18006c63..0000000000000000000000000000000000000000 --- a/0007-delete-do-not-exit-if-keytab-cannot-be-read.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 40d3be22f6e518e4354aa7c3d0278291fcbed32f Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Fri, 5 Jun 2020 17:06:58 +0200 -Subject: [PATCH] delete: do not exit if keytab cannot be read - -Reading the keytab is not required when deleting a host object in AD. It -is only needed in the case where the host was added with a manual set -NetBIOS name (--computer-name option) which does not match the short -hostname and no computer name was given at the delete-computer command -line. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1840752 ---- - tools/computer.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/tools/computer.c b/tools/computer.c -index 292c4d8..a90c4b2 100644 ---- a/tools/computer.c -+++ b/tools/computer.c -@@ -952,8 +952,6 @@ adcli_tool_computer_delete (adcli_conn *conn, - if (res != ADCLI_SUCCESS) { - warnx ("couldn't lookup domain info from keytab: %s", - adcli_get_last_error ()); -- adcli_enroll_unref (enroll); -- return -res; - } - - res = adcli_conn_connect (conn); --- -2.23.0 - diff --git a/0008-tools-disable-SSSD-s-locator-plugin.patch b/0008-tools-disable-SSSD-s-locator-plugin.patch deleted file mode 100644 index a1c0436f310c905391719dac3a05b6647331165f..0000000000000000000000000000000000000000 --- a/0008-tools-disable-SSSD-s-locator-plugin.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 50d580c58dab5928cadfc6ca82aedccee58eaced Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Fri, 5 Jun 2020 17:28:28 +0200 -Subject: [PATCH] tools: disable SSSD's locator plugin - -MIT's libkrb5 checks available locator plugins first before checking the -config file. This might cause issues when the locator plugin returns a -different DC than the one used for the LDAP connection if some data must -be replicated. - -This patch sets the SSSD_KRB5_LOCATOR_DISABLE environment variable to -'true' to disable SSSD's locator plugin for adcli. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762633 ---- - tools/tools.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tools/tools.c b/tools/tools.c -index 9d422f2..1b6d879 100644 ---- a/tools/tools.c -+++ b/tools/tools.c -@@ -296,6 +296,7 @@ cleanup_krb5_conf_directory (void) - } - - unsetenv ("KRB5_CONFIG"); -+ unsetenv ("SSSD_KRB5_LOCATOR_DISABLE"); - } - - static void -@@ -394,6 +395,7 @@ setup_krb5_conf_directory (adcli_conn *conn) - adcli_krb5_conf_filename = filename; - adcli_krb5_d_directory = snippets; - setenv ("KRB5_CONFIG", adcli_krb5_conf_filename, 1); -+ setenv ("SSSD_KRB5_LOCATOR_DISABLE", "true", 1); - - } else { - free (filename); --- -2.23.0 - diff --git a/adcli-0.9.0.tar.gz b/adcli-0.9.0.tar.gz deleted file mode 100644 index cb9973eafcdf209a3a1e0dc6df3ca52604be47c7..0000000000000000000000000000000000000000 Binary files a/adcli-0.9.0.tar.gz and /dev/null differ diff --git a/adcli-0.9.1.tar.gz b/adcli-0.9.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b4a833fdde81d59bf5088f329166fec4be9d2713 Binary files /dev/null and b/adcli-0.9.1.tar.gz differ diff --git a/adcli.spec b/adcli.spec index 876a4d1f045f85e6088f4ff2811d80a03af24928..9a7758f060faff3590a40fe525211b5e768bf4fd 100644 --- a/adcli.spec +++ b/adcli.spec @@ -1,20 +1,11 @@ Name: adcli -Version: 0.9.0 +Version: 0.9.1 Release: 1 Summary: A helper library and tools for Active Directory client operations Group: Development/Libraries License: LGPLv2+ -URL: http://cgit.freedesktop.org/realmd/adcli -Source0: https://gitlab.freedesktop.org/realmd/adcli/uploads/02d8757266c24fdc10822306582287bf/adcli-%{version}.tar.gz - -Patch0: 0001-man-move-note-to-the-right-section.patch -Patch1: 0002-tools-add-show-computer-command.patch -Patch2: 0003-add-description-option-to-join-and-update.patch -Patch3: 0004-Use-GSS-SPNEGO-if-available.patch -Patch4: 0005-add-option-use-ldaps.patch -Patch5: 0006-discovery-fix.patch -Patch6: 0007-delete-do-not-exit-if-keytab-cannot-be-read.patch -Patch7: 0008-tools-disable-SSSD-s-locator-plugin.patch +URL: https://gitlab.freedesktop.org/realmd/adcli +Source0: https://gitlab.freedesktop.org/sbose/adcli/uploads/30880d967e79cee789194435e70fbf30/adcli-%{version}.tar.gz BuildRequires: gcc intltool pkgconfig libtool gettext-devel krb5-devel BuildRequires: openldap-devel libxslt xmlto git @@ -76,6 +67,9 @@ rm -rf %{buildroot} %doc %{_mandir}/man8/* %changelog +* Tue Jul 27 2021 fuanan - 0.9.1-1 +- update to 0.9.1 + * Thu Jul 23 2020 Liquor - 0.9.0-1 - update to 0.9.0