Blob Blame History Raw
Name:		adcli
Version:	0.8.2
Release:	9%{?dist}
Summary:	Active Directory enrollment
License:	LGPLv2+
URL:		http://cgit.freedesktop.org/realmd/adcli
Source0:	http://www.freedesktop.org/software/realmd/releases/adcli-%{version}.tar.gz

Patch1:		0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch
Patch2:		0002-Use-strdup-if-offset-are-used.patch
Patch3:		0003-correct-spelling-of-adcli_tool_computer_delete-descr.patch
Patch4:		0004-doc-explain-that-all-credential-cache-types-are-supp.patch
Patch5:		0005-library-add-adcli_conn_is_writeable.patch
Patch6:		0006-Handle-kvno-increment-for-RODCs.patch
Patch7:		0007-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch
Patch8:		0008-library-add-_adcli_bin_sid_to_str.patch
Patch9:		0009-library-add-_adcli_call_external_program.patch
Patch10:	0010-library-add-_adcli_ldap_parse_sid.patch
Patch11:	0011-library-add-lookup_domain_sid.patch
Patch12:	0012-library-add-adcli_conn_get_domain_sid.patch
Patch13:	0013-tools-add-option-add-samba-data.patch
Patch14:	0014-tools-store-Samba-data-if-requested.patch
Patch15:	0015-make-Samba-data-tool-configurable.patch
Patch16:	0016-Add-trusted-for-delegation-option.patch
Patch17:	0017-Only-update-attributes-given-on-the-command-line.patch
Patch18:	0018-update-allow-to-add-service-names.patch
Patch19:	0019-Calculate-enctypes-in-a-separate-function.patch
Patch20:	0020-join-add-all-attributes-while-creating-computer-obje.patch
Patch21:	0021-util-add-_adcli_strv_remove_unsorted.patch
Patch22:	0022-Add-add-service-principal-and-remove-service-princip.patch
Patch23:	0023-adcli_conn_is_writeable-do-not-crash-id-domain_disco.patch
Patch24:	0024-doc-fix-typos-in-the-adcli-man-page.patch

Patch25:	0001-fix-typo-in-flag-value.patch
Patch26:	0002-_adcli_call_external_program-silence-noisy-debug-mes.patch
Patch27:	0003-Do-not-add-service-principals-twice.patch
Patch28:	0004-Do-not-depend-on-default_realm-in-krb5.conf.patch

# rhbz#1677194 -  Realm cannot join domain when hostname is not FQDN
Patch29:	0001-adutil-add-_adcli_strv_add_unique.patch
Patch30:	0002-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch

# Forward port of RHEL-7.7 ticket rhbz#1642546 - adcli exports kerberos ticket
# with old kvno
Patch31:	0001-Increment-kvno-after-password-change-with-user-creds.patch

# Forward port of RHEL-7.7 ticket rhbz#1595911 - [RFE] Have `adcli join` work
# without FQDN in `hostname` output
Patch32:	0001-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch

# Forward port of RHEL-7.7 ticket rhbz#1644311 - Improve handling of service
# principals
Patch33:	0001-join-always-add-service-principals.patch
Patch34:	0002-library-return-error-if-no-matching-key-was-found.patch

# Forward port of RHEL-7.7 ticket rhbz#1337489 - [RFE] adcli command with
# --unix-* options doesn't update values in UnixAttributes Tab for user
Patch35:	0001-create-user-add-nis-domain-option.patch
Patch36:	0002-create-user-try-to-find-NIS-domain-if-needed.patch

# Forward port of RHEL-7.7 ticket rhbz#1630187 - [RFE] adcli join should
# preserve SPN added by adcli preset-computer
Patch37:	0001-ensure_keytab_principals-do-not-leak-memory-when-cal.patch
Patch38:	0002-library-make-_adcli_strv_has_ex-public.patch
Patch39:	0003-library-_adcli_krb5_build_principal-allow-principals.patch
Patch40:	0004-library-make-sure-server-side-SPNs-are-preserved.patch

# Forward port of RHEL-7.7 ticket rhbz#1622583 - [RFE] Need an option for adcli
# command which will show domain join status.
Patch41:	0001-Implement-adcli-testjoin.patch

# Forward port of RHEL-7.7 ticket rhbz#1630187 - [RFE] adcli join should
# preserve SPN added by adcli preset-computer - additional patch
Patch42:	0001-library-add-missing-strdup.patch

# Forward port of RHEL-7.7 ticket rhbz#1588596 - many adcli-krb5-?????
# directories are created /tmp
Patch43:	0001-tools-remove-errx-from-computer-commands.patch
Patch44:	0002-tools-remove-errx-from-user-and-group-commands.patch
Patch45:	0003-tools-remove-errx-from-info-commands.patch
Patch46:	0004-tools-remove-errx-from-adcli_read_password_func.patch
Patch47:	0005-tools-remove-errx-from-setup_krb5_conf_directory.patch
Patch48:	0006-tools-entry-remove-errx-from-parse_option.patch
Patch49:	0007-tools-computer-remove-errx-from-parse_option.patch

# rhbz#1717355 - `adcli join` fails in FIPS enabled environment
Patch50:	0001-Fix-for-issues-found-by-Coverity.patch
Patch51:	0001-adenroll-make-sure-only-allowed-enctypes-are-used-in.patch
Patch52:	0002-adconn-add-adcli_conn_set_krb5_context.patch
Patch53:	0003-adenroll-add-adcli_enroll_get_permitted_keytab_encty.patch
Patch54:	0004-adenroll-use-only-enctypes-permitted-by-Kerberos-con.patch

# rhbz#1745931 - adcli update --add-samba-data does not work as expected
Patch55:	0001-doc-explain-how-to-force-password-reset.patch
Patch56:	0001-man-move-note-to-the-right-section.patch

# rhbz#1745932 - Issue is that with arcfour-hmac as first encryption type
Patch57:	0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch

Patch58:	0001-Fix-for-issue-found-by-Coverity.patch

# rhbz#1737342 - [RFE] enhancement adcli to set description attribute and to
# show all AD attributes
Patch59:	0001-tools-add-show-computer-command.patch
Patch60:	0002-add-description-option-to-join-and-update.patch

Patch61:	0001-Use-GSS-SPNEGO-if-available.patch
Patch62:	0002-add-option-use-ldaps.patch

# rhbz#1806260 - [abrt] [faf] adcli: raise(): /usr/sbin/adcli killed by 6
Patch63:	0001-Make-adcli-info-DC-location-mechanism-more-compliant.patch
Patch64:	0001-discovery-fix.patch

# rhbz#1846882 - No longer able to delete computer from AD using adcli
Patch65:	0001-delete-do-not-exit-if-keytab-cannot-be-read.patch

# rhbz#1846878 - adcli: presetting $computer in $domain domain failed: Cannot
# set computer password: Authentication error
Patch66:	0001-tools-disable-SSSD-s-locator-plugin.patch

# rhbz#1791611 - Typo in adcli update --help option
Patch67:	0001-tools-fix-typo-in-show-password-help-output.patch

# rhbz#1791545 - Manpage and help does not explain the use of "-C" option
Patch68:	0001-man-explain-optional-parameter-of-login-ccache-bette.patch
Patch69:	0001-man-make-handling-of-optional-credential-cache-more-.patch

# rhbz#1883467 - Add --use-ldaps option to adcli update as well
Patch70:	0001-tools-add-missing-use-ldaps-option-to-update-and-tes.patch

# rhbz#1734764 - Cannot join a pre-staged Computer Account on AD in Custom OU
# using Delegated user
Patch71:	0001-join-update-set-dNSHostName-if-not-set.patch

# rhbz#1852080 - missing documentation for required AD rights for adcli join
# and net join
Patch72:	0001-doc-add-missing-samba_data_tool_path.xml-.in-to-EXTR.patch
Patch73:	0001-doc-explain-required-AD-permissions.patch

# rhbz#1854112 - [RFE] Add new mode to just create an AD account to be able to
# connect to LDAP
Patch74:	0001-enroll-add-is_service-member.patch
Patch75:	0002-computer-add-create-msa-sub-command.patch
Patch76:	0003-enroll-use-computer-or-service-in-debug-messages.patch
Patch77:	0004-enroll-more-filters-for-random-characters.patch
Patch78:	0005-enroll-make-adcli_enroll_add_keytab_for_service_acco.patch
Patch79:	0006-enroll-allow-fqdn-for-locate_computer_account.patch
Patch80:	0007-service-account-add-random-suffix-to-account-name.patch

# rhbz#1906303 - Typo in CREATE A SERVICE ACCOUNT section of man page of adcli
Patch81:	0001-service-account-fix-typo-in-the-man-page-entry.patch

BuildRequires:	gcc
BuildRequires:	intltool pkgconfig
BuildRequires:	libtool
BuildRequires:	gettext-devel
BuildRequires:	krb5-devel
BuildRequires:	openldap-devel
BuildRequires:	libxslt
BuildRequires:	xmlto

Requires:	cyrus-sasl-gssapi

# adcli no longer has a library of development files
# the adcli tool itself is to be used by callers
Obsoletes:	adcli-devel < 0.5

%description
adcli is a tool for joining an Active Directory domain using
standard LDAP and Kerberos calls.

%define _hardened_build 1

%prep
%autosetup -p1

%build
autoreconf --force --install --verbose
%configure --disable-static --disable-silent-rules
make %{?_smp_mflags}

%check
make check

%install
make install DESTDIR=%{buildroot}
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%clean

%files
%{_sbindir}/adcli
%doc AUTHORS COPYING ChangeLog NEWS README
%doc %{_mandir}/*/*

%package doc
Summary: adcli documentation
BuildArch: noarch

%description doc
adcli is a tool for joining an Active Directory domain using
standard LDAP and Kerberos calls. This package contains its
documentation.

%files doc
%doc %{_datadir}/doc/adcli/*

%changelog
* Fri Dec 11 2020 Sumit Bose <sbose@redhat,com> - 0.8.2-9
- Typo in CREATE A SERVICE ACCOUNT section of man page of adcli [#1906303]

* Wed Nov 11 2020 Sumit Bose <sbose@redhat.com> - 0.8.2-8
- Add --use-ldaps option to adcli update as well [#1883467]
- Cannot join a pre-staged Computer Account on AD in Custom OU using Delegated
  user [#1734764]
- missing documentation for required AD rights for adcli join and net
  join [#1852080]
- [RFE] Add new mode to just create an AD account to be able to connect to
  LDAP [#1854112]

* Thu Aug 13 2020 Sumit Bose <sbose@redhat.com> - 0.8.2-7
- Improve "-C" option description in man page even more [#1791545]

* Mon Jun 15 2020 Sumit Bose <sbose@redhat.com> - 0.8.2-6
- [abrt] [faf] adcli: raise(): /usr/sbin/adcli killed by 6 [#1806260]
- No longer able to delete computer from AD using adcli [#1846882]
- adcli: presetting $computer in $domain domain failed: Cannot set computer
  password: Authentication error [#1846878]
- Typo in adcli update --help option [#1791611]
- Manpage and help does not explain the use of "-C" option [#1791545]

* Wed Jan 29 2020 Sumit Bose <sbose@redhat.com> - 0.8.2-5
- adcli should be able to Force LDAPS over 636 with AD Access Provider w.r.t
  sssd [#1762420]

* Thu Nov 28 2019 Sumit Bose <sbose@redhat.com> - 0.8.2-4
- adcli update --add-samba-data does not work as expected [#1745931]
- Issue is that with arcfour-hmac as first encryption type [#1745932]
- [RFE] enhancement adcli to set description attribute and to show all AD
  attributes [#1737342]

* Fri Jun 14 2019 Sumit Bose <sbose@redhat.com> - 0.8.2-3
- use autosetup macro to simplify patch handling
- fixed rpmlint warnings in the spec file
- join failed if hostname is not FQDN [#1677194]
- adcli join fails in FIPS enabled environment [#1717355]
- forward port of RHEL-7.7 fixes and enhancements

* Tue Oct 09 2018 Sumit Bose <sbose@redhat.com> - 0.8.2-2
- Do not add service principals twice and related fixes
- Resolves: rhbz#1631734

* Thu Jul 05 2018 Sumit Bose <sbose@redhat.com> - 0.8.2-1
- Update to upstream release 0.8.2
- various other fixes and improvements from the latest Fedora update

* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Thu Dec 17 2015 Sumit Bose <sbose@redhat.com> - 0.8.0-1
- Update to upstream release 0.8.0

* Mon Oct 19 2015 Stef Walter <stefw@redhat.com> - 0.7.6-1
- Fix issue with keytab use with sshd
- Resolves: rhbz#1267319
- Put documentation in a subpackage

* Tue Jun 16 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Thu Jan 30 2014 Stef Walter <stefw@redhat.com> - 0.7.5-2
- Fix incorrect ownership of manual page directory

* Fri Sep 13 2013 Stef Walter <stefw@redhat.com> - 0.7.5-1
- Update to upstream point release 0.7.5
- Workaround for discovery via IPv6 address
- Correctly put IPv6 addresses in temporary krb5.conf

* Mon Sep 09 2013 Stef Walter <stefw@redhat.com> - 0.7.4-1
- Update to upstream point release 0.7.4
- Correctly handle truncating long host names
- Try to contact all available addresses for discovery
- Build fixes

* Wed Aug 07 2013 Stef Walter <stefw@redhat.com> - 0.7.3-1
- Update to upstream point release 0.7.3
- Don't try to set encryption types on Windows 2003

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Mon Jul 22 2013 Stef Walter <stefw@redhat.com> - 0.7.2-1
- Update to upstream point release 0.7.2
- Part of fix for bug [#961244]

* Mon Jul 15 2013 Stef Walter <stefw@redhat.com> - 0.7.1-4
- Build with verbose output logging

* Tue Jun 11 2013 Stef Walter <stefw@redhat.com> - 0.7.1-3
- Run 'make check' when building the package

* Mon May 13 2013 Stef Walter <stefw@redhat.com> - 0.7.1-2
- Bump version to get around botched update

* Mon May 13 2013 Stef Walter <stefw@redhat.com> - 0.7.1-1
- Update to upstream 0.7.1 release
- Fix problems with salt discovery [#961399]

* Mon May 06 2013 Stef Walter <stefw@redhat.com> - 0.7-1
- Work around broken krb5 with empty passwords [#960001]
- Fix memory corruption issue [#959999]
- Update to 0.7, fixing various bugs

* Mon Apr 29 2013 Stef Walter <stefw@redhat.com> - 0.6-1
- Update to 0.6, fixing various bugs

* Wed Apr 10 2013 Stef walter <stefw@redhat.com> - 0.5-2
- Add appropriate Obsoletes line for libadcli removal

* Wed Apr 10 2013 Stef Walter <stefw@redhat.com> - 0.5-1
- Update to upstream 0.5 version
- No more libadcli, and thus no adcli-devel
- Many new adcli commands
- Documentation

* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Nov 12 2012 Stef Walter <stefw@redhat.com> - 0.4-1
- Update for 0.4 version, fixing various bugs

* Sat Oct 20 2012 Stef Walter <stefw@redhat.com> - 0.3-1
- Update for 0.3 version

* Tue Sep 4 2012 Stef Walter <stefw@redhat.com> - 0.2-1
- Update for 0.2 version

* Wed Aug 15 2012 Stef Walter <stefw@redhat.com> - 0.1-1
- Initial 0.1 package