Name: adcli Version: 0.8.1 Release: 14%{?dist} Summary: Active Directory enrollment License: LGPLv2+ URL: http://cgit.freedesktop.org/realmd/adcli Source0: http://www.freedesktop.org/software/realmd/releases/adcli-%{version}.tar.gz Patch1: 0001-library-Fix-check-for-EAGAIN-or-EINTR.patch Patch2: 0002-Patch-to-adcli.xml-to-fix-documentation-error.patch Patch3: 0003-Remove-n-or-r-n-from-stdin-password.patch Patch4: 0001-delete-use-keytab-data-to-determine-realm-and-NetBIO.patch Patch5: 0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch Patch6: 0002-Use-strdup-if-offset-are-used.patch Patch7: 0001-correct-spelling-of-adcli_tool_computer_delete-descr.patch Patch8: 0001-doc-Update-the-documentation-about-the-default-kerbe.patch Patch9: 0002-doc-explain-that-all-credential-cache-types-are-supp.patch Patch10: 0003-library-add-adcli_conn_is_writeable.patch Patch11: 0004-Handle-kvno-increment-for-RODCs.patch Patch12: 0001-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch Patch13: 0002-library-add-_adcli_bin_sid_to_str.patch Patch14: 0003-library-add-_adcli_call_external_program.patch Patch15: 0004-library-add-_adcli_ldap_parse_sid.patch Patch16: 0005-library-add-lookup_domain_sid.patch Patch17: 0006-library-add-adcli_conn_get_domain_sid.patch Patch18: 0007-tools-add-option-add-samba-data.patch Patch19: 0008-tools-store-Samba-data-if-requested.patch Patch20: 0009-make-Samba-data-tool-configurable.patch Patch21: 0001-Add-trusted-for-delegation-option.patch Patch22: 0002-Only-update-attributes-given-on-the-command-line.patch Patch23: 0003-update-allow-to-add-service-names.patch Patch24: 0004-Calculate-enctypes-in-a-separate-function.patch Patch25: 0005-join-add-all-attributes-while-creating-computer-obje.patch Patch26: 0006-util-add-_adcli_strv_remove_unsorted.patch Patch27: 0007-Add-add-service-principal-and-remove-service-princip.patch Patch28: 0001-adcli_conn_is_writeable-do-not-crash-id-domain_disco.patch # Additional fixes for rhbz#1593240 Patch29: 0001-fix-typo-in-flag-value.patch Patch30: 0002-_adcli_call_external_program-silence-noisy-debug-mes.patch # rhbz#1608212 Patch31: 0003-Do-not-add-service-principals-twice.patch # Additional fixed for rhbz#1547014 Patch32: 0004-Do-not-depend-on-default_realm-in-krb5.conf.patch # rhbz#1649868 Patch33: 0001-adutil-add-_adcli_strv_add_unique.patch Patch34: 0002-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch # Patch35 is replaced by Patch49 - Patch55 # rhbz#1642546 - adcli exports kerberos ticket with old kvno Patch36: 0001-Increment-kvno-after-password-change-with-user-creds.patch # rhbz#1595911 - [RFE] Have `adcli join` work without FQDN in `hostname` output # with some additional man page fixes from rhbz#1440533 Patch37: 0001-doc-fix-typos-in-the-adcli-man-page.patch Patch38: 0001-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch # rhbz#1644311 - Improve handling of service principals Patch39: 0001-join-always-add-service-principals.patch Patch40: 0002-library-return-error-if-no-matching-key-was-found.patch # rhbz#1337489 - [RFE] adcli command with --unix-* options doesn't update # values in UnixAttributes Tab for user Patch41: 0001-create-user-add-nis-domain-option.patch Patch42: 0002-create-user-try-to-find-NIS-domain-if-needed.patch # rhbz#1630187 - [RFE] adcli join should preserve SPN added by adcli preset-computer Patch43: 0001-ensure_keytab_principals-do-not-leak-memory-when-cal.patch Patch44: 0002-library-make-_adcli_strv_has_ex-public.patch Patch45: 0003-library-_adcli_krb5_build_principal-allow-principals.patch Patch46: 0004-library-make-sure-server-side-SPNs-are-preserved.patch # rhbz#1622583 - [RFE] Need an option for adcli command which will show domain join status. Patch47: 0001-Implement-adcli-testjoin.patch # rhbz#1630187 - [RFE] adcli join should preserve SPN added by adcli preset-computer - additional patch Patch48: 0001-library-add-missing-strdup.patch # rhbz#1588596 - many adcli-krb5-????? directories are created /tmp Patch49: 0001-tools-remove-errx-from-computer-commands.patch Patch50: 0002-tools-remove-errx-from-user-and-group-commands.patch Patch51: 0003-tools-remove-errx-from-info-commands.patch Patch52: 0004-tools-remove-errx-from-adcli_read_password_func.patch Patch53: 0005-tools-remove-errx-from-setup_krb5_conf_directory.patch Patch54: 0006-tools-entry-remove-errx-from-parse_option.patch Patch55: 0007-tools-computer-remove-errx-from-parse_option.patch # rhbz#1665162 - adcli is failing with "Couldn't add keytab entries: FILE:/etc/krb5.keytab: Cannot allocate memory" (edit) Patch56: 0001-Fix-for-issues-found-by-Coverity.patch Patch57: 0001-adenroll-make-sure-only-allowed-enctypes-are-used-in.patch Patch58: 0002-adconn-add-adcli_conn_set_krb5_context.patch Patch59: 0003-adenroll-add-adcli_enroll_get_permitted_keytab_encty.patch Patch60: 0004-adenroll-use-only-enctypes-permitted-by-Kerberos-con.patch # Coverity fix related to fixes for rhbz#1665162 Patch61: 0001-Fix-for-issue-found-by-Coverity.patch # rhbz#1683745 - Issue is that with arcfour-hmac as first encryption type Patch62: 0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch # rhbz#1738573 - adcli update --add-samba-data does not work as expected Patch63: 0001-doc-explain-how-to-force-password-reset.patch # rhbz#1685138 - adcli info should send netlogin pings to all domain controllers, not only a subset Patch64: 0001-Make-adcli-info-DC-location-mechanism-more-compliant.patch # rhbz#1786776 - adcli should be able to Force LDAPS over 636 with AD Access Provider w.r.t sssd (RHEL7) Patch65: 0001-Use-GSS-SPNEGO-if-available.patch Patch66: 0002-add-option-use-ldaps.patch #rhbz#1774622 - Update' adcli update --add-samba-data ' info under correct section in man adcli Patch67: 0001-man-move-note-to-the-right-section.patch # rhbz#1802258 - [abrt] [faf] adcli: raise(): /usr/sbin/adcli killed by 6 Patch68: 0001-discovery-fix.patch BuildRequires: intltool pkgconfig BuildRequires: libtool BuildRequires: gettext-devel BuildRequires: krb5-devel BuildRequires: openldap-devel BuildRequires: libxslt BuildRequires: xmlto Requires: cyrus-sasl-gssapi # adcli no longer has a library of development files # the adcli tool itself is to be used by callers Obsoletes: adcli-devel < 0.5 %description adcli is a library and tool for joining an Active Directory domain using standard LDAP and Kerberos calls. %define _hardened_build 1 %prep %autosetup -p1 %build autoreconf --force --install --verbose %configure --disable-static --disable-silent-rules make %{?_smp_mflags} %check make check %install make install DESTDIR=%{buildroot} find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %clean %files %{_sbindir}/adcli %doc AUTHORS COPYING ChangeLog NEWS README %doc %{_datadir}/doc/adcli %doc %{_mandir}/*/* %changelog * Sun Apr 19 2020 Sumit Bose - 0.8.1-14 - Fixes for RHEL-7.9 - Update' adcli update --add-samba-data ' info under correct section in man adcli [#1774622] - [abrt] [faf] adcli: raise(): /usr/sbin/adcli killed by 6 [#1802258] * Tue Jan 14 2020 Sumit Bose - 0.8.1-13 - adcli should be able to Force LDAPS over 636 with AD Access Provider w.r.t sssd [#1786776] * Wed Sep 04 2019 Sumit Bose - 0.8.1-12 - adcli info should send netlogin pings to all domain controllers, not only a subset [#1685138] * Tue Aug 27 2019 Sumit Bose - 0.8.1-11 - Fixes and improvements for RHEL-7.8 - Issue is that with arcfour-hmac as first encryption type in the config ... [#1683745] - adcli update --add-samba-data does not work as expected [#1738573] * Mon Aug 12 2019 Sumit Bose - 0.8.1-10 - adcli is failing with "Couldn't add keytab entries: FILE:/etc/krb5.keytab: Cannot allocate memory" [1665162] * Thu May 02 2019 Sumit Bose - 0.8.1-9 - Fixes for RHEL-7.7 updates - additional patch for [RFE] adcli join should preserve SPN added by adcli preset-computer [#1630187] - new patches for many adcli-krb5-????? directories are created /tmp [#1588596] * Fri Mar 22 2019 Sumit Bose - 0.8.1-8 - Various updates for RHEL-7.7 - many adcli-krb5-????? directories are created /tmp [#1588596] - adcli exports kerberos ticket with old kvno [#1642546] - [RFE] Have `adcli join` work without FQDN in `hostname` output [#1595911] - Improve handling of service principals [#1644311] - [RFE] adcli command with --unix-* options doesn't update values in UnixAttributes Tab for user [#1337489] - [RFE] adcli join should preserve SPN added by adcli preset-computer [#1630187] - [RFE] Need an option for adcli command which will show domain join status. [#1622583] * Wed Jan 16 2019 Sumit Bose - 0.8.1-7 - use autosetup macro to simplify patch handling - fixed rpmlint warnings in the spec file - join failed if hostname is not FQDN [#1649868] * Tue Aug 14 2018 Sumit Bose - 0.8.1-6 - Couldn't set service principals on computer account [#1608212] - additional fix #1547014 and #1593240 * Tue Jun 19 2018 Sumit Bose - 0.8.1-5 - enable "Trust this computer for delegation to any service (Kerberos only)" [#1538730] - realm join fails with Insufficient permissions [#1542354] - adcli update option cannot add principals for computer object [#1545568] - adcli refuses to add service principals [#1547013] - [RFE] Support adding SPN of a different host [#1547014] - adcli segfaults during AD join RHEL 7.5 [#1575554] * Thu Nov 02 2017 Sumit Bose - 0.8.1-4 - adcli doesn't update kvno while joining system to AD domain (RODC) [#1471021] - adcli_tool_computer_delete description spelling [#1450179] - adcli man page should not only mention FILE type credential caches [#1423871] * Wed Aug 24 2016 Sumit Bose - 0.8.1-3 - fix crash when name is specified on the command line and detect names with lower case characters [#1359773] * Mon Jul 25 2016 Sumit Bose - 0.8.1-2 - delete: use keytab data to determine realm and NetBIOS name [#1359773] * Thu May 19 2016 Sumit Bose - 0.8.1-1 - Update to upstream release 0.8.1 - Rebase adcli in RHEL-7.3 to version 0.8.0 [#1292530] - Support Host Keytab renewal [#1288485] - realmd not joining AD so ssh gssapi-with-mic works [#1061371] - technically wrong length checks in binary parsers [#1027905] - avoid alloca in _adcli_ldap_have_in_mod [#1027889] - [RFE] adcli --stdin-password should be able to strip newline character from the input [#1134330] * Thu Jan 30 2014 Stef Walter - 0.7.5-4 - Fix incorrect ownership of manual page directory [#1057563] * Tue Jan 28 2014 Daniel Mach - 0.7.5-3 - Mass rebuild 2014-01-24 * Fri Dec 27 2013 Daniel Mach - 0.7.5-2 - Mass rebuild 2013-12-27 * Fri Sep 13 2013 Stef Walter - 0.7.5-1 - Update to upstream point release 0.7.5 - Workaround for discovery via IPv6 address [#1004442] - Correctly put IPv6 addresses in temporary krb5.conf * Mon Sep 09 2013 Stef Walter - 0.7.4-1 - Update to upstream point release 0.7.4 - Correctly handle truncating long host names [#1001667] - Try to contact all available addresses for discovery [#1004442] - Build fixes [#1004823] * Wed Aug 07 2013 Stef Walter - 0.7.3-1 - Update to upstream point release 0.7.3 - Don't try to set encryption types on Windows 2003 * Mon Jul 22 2013 Stef Walter - 0.7.2-1 - Update to upstream point release 0.7.2 - Part of fix for bug [#967008] * Tue Jun 11 2013 Stef Walter - 0.7.1-3 - Run 'make check' when building the package * Mon May 13 2013 Stef Walter - 0.7.1-2 - Bump version to get around botched update * Mon May 13 2013 Stef Walter - 0.7.1-1 - Update to upstream 0.7.1 release - Fix problems with salt discovery [#961399] * Mon May 06 2013 Stef Walter - 0.7-1 - Work around broken krb5 with empty passwords [#960001] - Fix memory corruption issue [#959999] - Update to 0.7, fixing various bugs * Mon Apr 29 2013 Stef Walter - 0.6-1 - Update to 0.6, fixing various bugs * Wed Apr 10 2013 Stef walter - 0.5-2 - Add appropriate Obsoletes line for libadcli removal * Wed Apr 10 2013 Stef Walter - 0.5-1 - Update to upstream 0.5 version - No more libadcli, and thus no adcli-devel - Many new adcli commands - Documentation * Wed Feb 13 2013 Fedora Release Engineering - 0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Mon Nov 12 2012 Stef Walter - 0.4-1 - Update for 0.4 version, fixing various bugs * Sat Oct 20 2012 Stef Walter - 0.3-1 - Update for 0.3 version * Tue Sep 4 2012 Stef Walter - 0.2-1 - Update for 0.2 version * Wed Aug 15 2012 Stef Walter - 0.1-1 - Initial 0.1 package