diff --git a/.adcli.metadata b/.adcli.metadata index ce56e0d..d18f424 100644 --- a/.adcli.metadata +++ b/.adcli.metadata @@ -1 +1 @@ -4b4ec635447bd2bed8f73f52a2181242d468aab6 SOURCES/adcli-0.7.5.tar.gz +d59965026153a5ee5a0d97d5a9dbd4231cff5574 SOURCES/adcli-0.8.1.tar.gz diff --git a/.gitignore b/.gitignore index 2b78fcf..0493b05 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/adcli-0.7.5.tar.gz +SOURCES/adcli-0.8.1.tar.gz diff --git a/SOURCES/0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch b/SOURCES/0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch new file mode 100644 index 0000000..223ad5b --- /dev/null +++ b/SOURCES/0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch @@ -0,0 +1,31 @@ +From b2d1e74852c2ea4cb6d7cb02d771aebf34c77864 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 24 Aug 2016 15:37:41 +0200 +Subject: [PATCH 1/2] Remove upper-case only check when looking for the NetBIOS + name + +It is a convention to use only upper-case letters for NetBIOS names but +it is not enforced on the AD-side. With the new option to specify a +random NetBIOS name it is possible to create host entries in AD with +lower-case letters in the name. To properly determine the name from the +keytab the upper-case check should be dropped,dc= +--- + library/adenroll.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/library/adenroll.c b/library/adenroll.c +index a15e4be..d1020e9 100644 +--- a/library/adenroll.c ++++ b/library/adenroll.c +@@ -1309,7 +1309,7 @@ load_keytab_entry (krb5_context k5, + if (!enroll->host_fqdn_explicit && !enroll->computer_name_explicit) { + + /* Automatically use the netbios name */ +- if (!enroll->computer_name && len > 1 && _adcli_str_is_up (name) && ++ if (!enroll->computer_name && len > 1 && + _adcli_str_has_suffix (name, "$") && !strchr (name, '/')) { + enroll->computer_name = name; + name[len - 1] = '\0'; +-- +2.7.4 + diff --git a/SOURCES/0001-delete-use-keytab-data-to-determine-realm-and-NetBIO.patch b/SOURCES/0001-delete-use-keytab-data-to-determine-realm-and-NetBIO.patch new file mode 100644 index 0000000..03ce760 --- /dev/null +++ b/SOURCES/0001-delete-use-keytab-data-to-determine-realm-and-NetBIO.patch @@ -0,0 +1,29 @@ +From 038af878713155a87b2e3a25f18b0dd4cf74bd39 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 25 Jul 2016 11:58:21 +0200 +Subject: [PATCH] delete: use keytab data to determine realm and NetBIOS name + +--- + tools/computer.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/tools/computer.c b/tools/computer.c +index 7ad7bf6..d8a58c9 100644 +--- a/tools/computer.c ++++ b/tools/computer.c +@@ -732,6 +732,12 @@ adcli_tool_computer_delete (adcli_conn *conn, + + adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT); + ++ res = adcli_enroll_load (enroll); ++ if (res != ADCLI_SUCCESS) { ++ errx (-res, "couldn't lookup domain info from keytab: %s", ++ adcli_get_last_error ()); ++ } ++ + res = adcli_conn_connect (conn); + if (res != ADCLI_SUCCESS) { + errx (-res, "couldn't connect to %s domain: %s", +-- +2.7.4 + diff --git a/SOURCES/0001-library-Fix-check-for-EAGAIN-or-EINTR.patch b/SOURCES/0001-library-Fix-check-for-EAGAIN-or-EINTR.patch new file mode 100644 index 0000000..e8b7b57 --- /dev/null +++ b/SOURCES/0001-library-Fix-check-for-EAGAIN-or-EINTR.patch @@ -0,0 +1,26 @@ +From 836dcc4ef75d6ae46661e61be73c8b7737f85f68 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Thu, 14 Apr 2016 10:00:13 +0200 +Subject: [PATCH 1/3] library: Fix check for EAGAIN or EINTR + +https://bugs.freedesktop.org/show_bug.cgi?id=71257 +--- + library/adutil.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/library/adutil.c b/library/adutil.c +index 60f9d5e..21ccd27 100644 +--- a/library/adutil.c ++++ b/library/adutil.c +@@ -377,7 +377,7 @@ _adcli_write_all (int fd, + while (len > 0) { + res = write (fd, buf, len); + if (res <= 0) { +- if (errno == EAGAIN && errno == EINTR) ++ if (errno == EAGAIN || errno == EINTR) + continue; + return -errno; + } else { +-- +2.5.5 + diff --git a/SOURCES/0002-Patch-to-adcli.xml-to-fix-documentation-error.patch b/SOURCES/0002-Patch-to-adcli.xml-to-fix-documentation-error.patch new file mode 100644 index 0000000..69734f3 --- /dev/null +++ b/SOURCES/0002-Patch-to-adcli.xml-to-fix-documentation-error.patch @@ -0,0 +1,36 @@ +From 83230282a3b8999d83afb04563589b38420cfa0e Mon Sep 17 00:00:00 2001 +From: Gerard Weatherby +Date: Thu, 28 Jan 2016 22:27:00 +0000 +Subject: [PATCH 2/3] Patch to adcli.xml to fix documentation error + +https://bugs.freedesktop.org/show_bug.cgi?id=93913 +--- + doc/adcli.xml | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/doc/adcli.xml b/doc/adcli.xml +index d8f30a3..a83e321 100644 +--- a/doc/adcli.xml ++++ b/doc/adcli.xml +@@ -428,14 +428,14 @@ $ adcli create-user Fry --domain=domain.example.com \ + + + Set the loginShell attribute of +- the new created user account, which should be the user's +- numeric primary user id. ++ the new created user account, which should be a path to ++ a valid shell. + + + + Set the uidNumber attribute of +- the new created user account, which should be a path to +- a valid shell. ++ the new created user account, which should be the user's ++ numeric primary user id. + + + +-- +2.5.5 + diff --git a/SOURCES/0002-Use-strdup-if-offset-are-used.patch b/SOURCES/0002-Use-strdup-if-offset-are-used.patch new file mode 100644 index 0000000..5b1c2ed --- /dev/null +++ b/SOURCES/0002-Use-strdup-if-offset-are-used.patch @@ -0,0 +1,31 @@ +From 0b24b7ece288641f1d5d6844d1a42ff30b16511a Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 24 Aug 2016 16:19:36 +0200 +Subject: [PATCH 2/2] Use strdup() if offset are used + +Strings with an offset to the original starting point must be copied +because otherwise they cannot be properly freed later. +--- + library/adenroll.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/library/adenroll.c b/library/adenroll.c +index d1020e9..05885d0 100644 +--- a/library/adenroll.c ++++ b/library/adenroll.c +@@ -1318,9 +1318,9 @@ load_keytab_entry (krb5_context k5, + + } else if (!enroll->host_fqdn && _adcli_str_has_prefix (name, "host/") && strchr (name, '.')) { + /* Skip host/ prefix */ +- enroll->host_fqdn = name + 5; +- _adcli_info ("Found host qualified name in keytab: %s", name); +- name = NULL; ++ enroll->host_fqdn = strdup (name + 5); ++ return_val_if_fail (enroll->host_fqdn != NULL, FALSE); ++ _adcli_info ("Found host qualified name in keytab: %s", enroll->host_fqdn); + } + } + +-- +2.7.4 + diff --git a/SOURCES/0003-Remove-n-or-r-n-from-stdin-password.patch b/SOURCES/0003-Remove-n-or-r-n-from-stdin-password.patch new file mode 100644 index 0000000..5d4bc27 --- /dev/null +++ b/SOURCES/0003-Remove-n-or-r-n-from-stdin-password.patch @@ -0,0 +1,31 @@ +From c334771f214e6f0cc2f13edf1032389e7bf74684 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 13 May 2016 18:05:37 +0200 +Subject: [PATCH 3/3] Remove \n or \r\n from stdin password + +https://bugs.freedesktop.org/show_bug.cgi?id=78448 +--- + tools/tools.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tools/tools.c b/tools/tools.c +index 3e3435e..4b243de 100644 +--- a/tools/tools.c ++++ b/tools/tools.c +@@ -250,6 +250,13 @@ adcli_read_password_func (adcli_login_type login_type, + + } else if (res == 0) { + buffer[offset] = '\0'; ++ /* remove new line character */ ++ if (offset > 0 && buffer[offset - 1] == '\n') { ++ buffer[offset - 1] = '\0'; ++ if (offset > 1 && buffer[offset - 2] == '\r') { ++ buffer[offset - 2] = '\0'; ++ } ++ } + return buffer; + + } else { +-- +2.5.5 + diff --git a/SPECS/adcli.spec b/SPECS/adcli.spec index 4bb2e82..2dad527 100644 --- a/SPECS/adcli.spec +++ b/SPECS/adcli.spec @@ -1,10 +1,17 @@ Name: adcli -Version: 0.7.5 -Release: 4%{?dist} +Version: 0.8.1 +Release: 3%{?dist} Summary: Active Directory enrollment License: LGPLv2+ URL: http://cgit.freedesktop.org/realmd/adcli Source0: http://www.freedesktop.org/software/realmd/releases/adcli-%{version}.tar.gz +Patch1: 0001-library-Fix-check-for-EAGAIN-or-EINTR.patch +Patch2: 0002-Patch-to-adcli.xml-to-fix-documentation-error.patch +Patch3: 0003-Remove-n-or-r-n-from-stdin-password.patch +Patch4: 0001-delete-use-keytab-data-to-determine-realm-and-NetBIO.patch +Patch5: 0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch +Patch6: 0002-Use-strdup-if-offset-are-used.patch + BuildRequires: intltool pkgconfig BuildRequires: gettext-devel @@ -27,6 +34,12 @@ standard LDAP and Kerberos calls. %prep %setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %build %configure --disable-static --disable-silent-rules @@ -52,6 +65,22 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %doc %{_mandir}/*/* %changelog +* Wed Aug 24 2016 Sumit Bose - 0.8.1-3 +- fix crash when name is specified on the command line and detect names with + lower case characters [#1359773] + +* Mon Jul 25 2016 Sumit Bose - 0.8.1-2 +- delete: use keytab data to determine realm and NetBIOS name [#1359773] +* Thu May 19 2016 Sumit Bose - 0.8.1-1 +- Update to upstream release 0.8.1 +- Rebase adcli in RHEL-7.3 to version 0.8.0 [#1292530] +- Support Host Keytab renewal [#1288485] +- realmd not joining AD so ssh gssapi-with-mic works [#1061371] +- technically wrong length checks in binary parsers [#1027905] +- avoid alloca in _adcli_ldap_have_in_mod [#1027889] +- [RFE] adcli --stdin-password should be able to strip newline character from + the input [#1134330] + * Thu Jan 30 2014 Stef Walter - 0.7.5-4 - Fix incorrect ownership of manual page directory [#1057563]