Compare commits
4 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
de017b7ecf | ||
|
|
6e243e45b0 | ||
|
|
a4c60255ef | ||
|
|
8f286a0ecf |
6 changed files with 153 additions and 250 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -16,5 +16,3 @@
|
|||
/adcli-0.8.2.tar.gz
|
||||
/adcli-0.9.0.tar.gz
|
||||
/adcli-0.9.1.tar.gz
|
||||
/adcli-0.9.2.tar.gz
|
||||
/adcli-0.9.3.1.tar.gz
|
||||
|
|
|
|||
|
|
@ -0,0 +1,60 @@
|
|||
From 0353d704879f20983184f8bded4f16538d72f7cc Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 10 Mar 2021 18:12:09 +0100
|
||||
Subject: [PATCH] build: add --with-vendor-error-message configure option
|
||||
|
||||
With the new configure option --with-vendor-error-message a packager or
|
||||
a distribution can add a message if adcli returns with an error.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889386
|
||||
---
|
||||
configure.ac | 15 +++++++++++++++
|
||||
tools/tools.c | 6 ++++++
|
||||
2 files changed, 21 insertions(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index baa0d3b..7dfba97 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -123,6 +123,21 @@ if test "$sasl_invalid" = "yes"; then
|
||||
AC_MSG_ERROR([Couldn't find Cyrus SASL headers])
|
||||
fi
|
||||
|
||||
+# --------------------------------------------------------------------
|
||||
+# Vendor error message
|
||||
+
|
||||
+AC_ARG_WITH([vendor-error-message],
|
||||
+ [AS_HELP_STRING([--with-vendor-error-message=ARG],
|
||||
+ [Add a vendor specific error message shown if a adcli command fails]
|
||||
+ )],
|
||||
+ [AS_IF([test "x$withval" != "x"],
|
||||
+ [AC_DEFINE_UNQUOTED([VENDOR_MSG],
|
||||
+ ["$withval"],
|
||||
+ [Vendor specific error message])],
|
||||
+ [AC_MSG_ERROR([--with-vendor-error-message requires an argument])]
|
||||
+ )],
|
||||
+ [])
|
||||
+
|
||||
# --------------------------------------------------------------------
|
||||
# Documentation options
|
||||
|
||||
diff --git a/tools/tools.c b/tools/tools.c
|
||||
index d0dcf98..84bbba9 100644
|
||||
--- a/tools/tools.c
|
||||
+++ b/tools/tools.c
|
||||
@@ -538,6 +538,12 @@ main (int argc,
|
||||
|
||||
if (conn)
|
||||
adcli_conn_unref (conn);
|
||||
+#ifdef VENDOR_MSG
|
||||
+ if (ret != 0) {
|
||||
+ fprintf (stderr, VENDOR_MSG"\n");
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return ret;
|
||||
}
|
||||
|
||||
--
|
||||
2.30.2
|
||||
|
||||
84
0001-configure-update-some-macros-for-autoconf-2.71.patch
Normal file
84
0001-configure-update-some-macros-for-autoconf-2.71.patch
Normal file
|
|
@ -0,0 +1,84 @@
|
|||
From a8492d71a6db8565544444eef11de8c733c95ef8 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 6 Apr 2021 19:32:07 +0200
|
||||
Subject: [PATCH] configure: update some macros for autoconf-2.71
|
||||
|
||||
---
|
||||
configure.ac | 10 +++++-----
|
||||
library/Makefile.am | 2 +-
|
||||
tools/Makefile.am | 2 +-
|
||||
3 files changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 7dfba97..c6ff31d 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1,4 +1,4 @@
|
||||
-AC_PREREQ(2.61)
|
||||
+AC_PREREQ([2.61])
|
||||
|
||||
AC_INIT([adcli],
|
||||
[0.9.1],
|
||||
@@ -33,7 +33,7 @@ LT_INIT([dlopen disable-static])
|
||||
AC_PROG_CC
|
||||
AC_PROG_CPP
|
||||
AM_PROG_CC_C_O
|
||||
-AM_PROG_LIBTOOL
|
||||
+LT_INIT
|
||||
|
||||
# -------------------------------------------------------------------
|
||||
# Kerberos
|
||||
@@ -143,7 +143,7 @@ AC_ARG_WITH([vendor-error-message],
|
||||
|
||||
AC_MSG_CHECKING([whether to build documentation])
|
||||
AC_ARG_ENABLE(doc,
|
||||
- AC_HELP_STRING([--enable-doc],
|
||||
+ AS_HELP_STRING([--enable-doc],
|
||||
[Disable building documentation])
|
||||
)
|
||||
|
||||
@@ -180,7 +180,7 @@ doc_status=$enable_doc
|
||||
|
||||
AC_MSG_CHECKING([for debug mode])
|
||||
AC_ARG_ENABLE(debug,
|
||||
- AC_HELP_STRING([--enable-debug=no/default/yes],
|
||||
+ AS_HELP_STRING([--enable-debug=no/default/yes],
|
||||
[Turn on or off debugging]))
|
||||
|
||||
if test "$enable_debug" != "no"; then
|
||||
@@ -308,7 +308,7 @@ fi
|
||||
|
||||
AC_MSG_CHECKING([where is Samba's net utility])
|
||||
AC_ARG_WITH([samba_data_tool],
|
||||
- AC_HELP_STRING([--with-samba-data-tool=/path],
|
||||
+ AS_HELP_STRING([--with-samba-data-tool=/path],
|
||||
[Path to Samba's net utility]),
|
||||
[],
|
||||
[with_samba_data_tool=/usr/bin/net])
|
||||
diff --git a/library/Makefile.am b/library/Makefile.am
|
||||
index 4829555..e046606 100644
|
||||
--- a/library/Makefile.am
|
||||
+++ b/library/Makefile.am
|
||||
@@ -1,6 +1,6 @@
|
||||
include $(top_srcdir)/Makefile.decl
|
||||
|
||||
-INCLUDES = \
|
||||
+AM_CPPFLAGS = \
|
||||
-I$(top_srcdir) \
|
||||
-DADCLI_UNSTABLE_API \
|
||||
-DHOST_TRIPLET=\"$(host_triplet)\" \
|
||||
diff --git a/tools/Makefile.am b/tools/Makefile.am
|
||||
index 1cdf451..71ec14d 100644
|
||||
--- a/tools/Makefile.am
|
||||
+++ b/tools/Makefile.am
|
||||
@@ -1,6 +1,6 @@
|
||||
include $(top_srcdir)/Makefile.decl
|
||||
|
||||
-INCLUDES = \
|
||||
+AM_CPPFLAGS = \
|
||||
-I$(top_srcdir) \
|
||||
-I$(top_srcdir)/library \
|
||||
-DKRB5_CONFIG=\""$(sysconfdir)/krb5.conf"\" \
|
||||
--
|
||||
2.30.2
|
||||
|
||||
|
|
@ -1,117 +0,0 @@
|
|||
From 9c31bb06590f2d96a2d6d8ce87dc3273c283a671 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 19 Dec 2025 14:48:13 +0100
|
||||
Subject: [PATCH] enroll: fix issues if default keytab is used
|
||||
|
||||
librkb5 returns the default keytab with a 'FILE:' prefix which must be
|
||||
removed before calling libselinux functions to operate on the keytab
|
||||
file.
|
||||
|
||||
Resolves: https://issues.redhat.com/browse/RHEL-78631
|
||||
---
|
||||
library/adenroll.c | 32 ++++++++++++++++++++------------
|
||||
library/adenroll.h | 3 +--
|
||||
tools/computer.c | 6 +++---
|
||||
3 files changed, 24 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/library/adenroll.c b/library/adenroll.c
|
||||
index 20ad198..9484cbf 100644
|
||||
--- a/library/adenroll.c
|
||||
+++ b/library/adenroll.c
|
||||
@@ -2116,30 +2116,38 @@ ensure_host_keytab (adcli_result res,
|
||||
return ADCLI_SUCCESS;
|
||||
}
|
||||
|
||||
-adcli_result
|
||||
-ensure_host_keytab_selinux_context (adcli_result res,
|
||||
- adcli_enroll *enroll)
|
||||
+void
|
||||
+restore_host_keytab_selinux_context (adcli_enroll *enroll)
|
||||
{
|
||||
#ifdef BUILD_SELINUX_POLICY
|
||||
int ret;
|
||||
-
|
||||
- if (res != ADCLI_SUCCESS)
|
||||
- return res;
|
||||
+ krb5_context k5;
|
||||
+ const char *name_start;
|
||||
|
||||
if (enroll->keytab_name == NULL) {
|
||||
_adcli_info ("No keytab name available, skipping SELinux restorecon.");
|
||||
- return ADCLI_SUCCESS;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ name_start = enroll->keytab_name;
|
||||
+ if (strncmp (name_start, "FILE:", 5) == 0) {
|
||||
+ name_start = enroll->keytab_name + 5;
|
||||
}
|
||||
|
||||
- ret = selinux_restorecon (adcli_enroll_get_keytab_name (enroll), 0);
|
||||
+ if (enroll->keytab != NULL) {
|
||||
+ k5 = adcli_conn_get_krb5_context (enroll->conn);
|
||||
+ krb5_kt_close (k5, enroll->keytab);
|
||||
+ enroll->keytab = NULL;
|
||||
+ }
|
||||
+
|
||||
+ ret = selinux_restorecon (name_start, 0);
|
||||
if (ret != 0) {
|
||||
- _adcli_err ("Failed to set SELinux context for %s with error %d: %s",
|
||||
- enroll->keytab_name, ret, strerror (ret));
|
||||
- return ADCLI_ERR_FAIL;
|
||||
+ _adcli_err ("Failed to set SELinux context for %s with error %d: %s, ignored",
|
||||
+ name_start, ret, strerror (errno));
|
||||
}
|
||||
#endif
|
||||
|
||||
- return ADCLI_SUCCESS;
|
||||
+ return;
|
||||
}
|
||||
|
||||
|
||||
diff --git a/library/adenroll.h b/library/adenroll.h
|
||||
index 79eb7a8..5aba81b 100644
|
||||
--- a/library/adenroll.h
|
||||
+++ b/library/adenroll.h
|
||||
@@ -192,6 +192,5 @@ void adcli_enroll_set_samba_data_tool (adcli_enroll *enroll,
|
||||
|
||||
const char * adcli_enroll_get_samba_data_tool (adcli_enroll *enroll);
|
||||
|
||||
-adcli_result ensure_host_keytab_selinux_context (adcli_result res,
|
||||
- adcli_enroll *enroll);
|
||||
+void restore_host_keytab_selinux_context (adcli_enroll *enroll);
|
||||
#endif /* ADENROLL_H_ */
|
||||
diff --git a/tools/computer.c b/tools/computer.c
|
||||
index ee027dc..f056366 100644
|
||||
--- a/tools/computer.c
|
||||
+++ b/tools/computer.c
|
||||
@@ -520,7 +520,7 @@ adcli_tool_computer_join (adcli_conn *conn,
|
||||
else if (show_password)
|
||||
dump_password (conn, enroll);
|
||||
|
||||
- ensure_host_keytab_selinux_context (ADCLI_SUCCESS, enroll);
|
||||
+ restore_host_keytab_selinux_context (enroll);
|
||||
|
||||
adcli_enroll_unref (enroll);
|
||||
|
||||
@@ -655,7 +655,7 @@ adcli_tool_computer_update (adcli_conn *conn,
|
||||
else if (show_password)
|
||||
dump_password (conn, enroll);
|
||||
|
||||
- ensure_host_keytab_selinux_context (ADCLI_SUCCESS, enroll);
|
||||
+ restore_host_keytab_selinux_context (enroll);
|
||||
|
||||
adcli_enroll_unref (enroll);
|
||||
|
||||
@@ -1275,7 +1275,7 @@ adcli_tool_computer_managed_service_account (adcli_conn *conn,
|
||||
else if (show_password)
|
||||
dump_password (conn, enroll);
|
||||
|
||||
- ensure_host_keytab_selinux_context (ADCLI_SUCCESS, enroll);
|
||||
+ restore_host_keytab_selinux_context (enroll);
|
||||
|
||||
adcli_enroll_unref (enroll);
|
||||
|
||||
--
|
||||
2.52.0
|
||||
|
||||
138
adcli.spec
138
adcli.spec
|
|
@ -1,16 +1,13 @@
|
|||
%global with_selinux 1
|
||||
%global selinuxtype targeted
|
||||
%global modulename adcli
|
||||
|
||||
Name: adcli
|
||||
Version: 0.9.3.1
|
||||
Version: 0.9.1
|
||||
Release: 4%{?dist}
|
||||
Summary: Active Directory enrollment
|
||||
License: LGPL-2.1-or-later
|
||||
License: LGPLv2+
|
||||
URL: https://gitlab.freedesktop.org/realmd/adcli
|
||||
Source0: https://gitlab.freedesktop.org/-/project/1196/uploads/5a1c55410c0965835b81fbd28d820d46/adcli-%{version}.tar.gz
|
||||
Source0: https://gitlab.freedesktop.org/sbose/adcli/uploads/30880d967e79cee789194435e70fbf30/adcli-%{version}.tar.gz
|
||||
|
||||
Patch1: 0001-enroll-fix-issues-if-default-keytab-is-used.patch
|
||||
Patch1: 0001-build-add-with-vendor-error-message-configure-option.patch
|
||||
Patch2: 0001-configure-update-some-macros-for-autoconf-2.71.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: intltool pkgconfig
|
||||
|
|
@ -21,13 +18,6 @@ BuildRequires: openldap-devel
|
|||
BuildRequires: libxslt
|
||||
BuildRequires: xmlto
|
||||
BuildRequires: make
|
||||
BuildRequires: libnetapi-devel
|
||||
|
||||
# Build dependencies for SELinux policy
|
||||
%if %{with selinux}
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: selinux-policy-devel
|
||||
%endif
|
||||
|
||||
Requires: cyrus-sasl-gssapi
|
||||
Conflicts: adcli-doc < %{version}-%{release}
|
||||
|
|
@ -36,31 +26,10 @@ Conflicts: adcli-doc < %{version}-%{release}
|
|||
# the adcli tool itself is to be used by callers
|
||||
Obsoletes: adcli-devel < 0.5
|
||||
|
||||
%if %{with selinux}
|
||||
# This ensures that the *-selinux package and all it’s dependencies are not
|
||||
# pulled into containers and other systems that do not use SELinux. The
|
||||
# policy defines types and file contexts for client and server.
|
||||
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
|
||||
%endif
|
||||
|
||||
%description
|
||||
adcli is a tool for joining an Active Directory domain using
|
||||
standard LDAP and Kerberos calls.
|
||||
|
||||
%if %{with selinux}
|
||||
# SELinux subpackage
|
||||
%package selinux
|
||||
Summary: The adcli SELinux policy
|
||||
BuildArch: noarch
|
||||
Requires: selinux-policy-%{selinuxtype}
|
||||
Requires(post): selinux-policy-%{selinuxtype}
|
||||
%{?selinux_requires_min}
|
||||
|
||||
%description selinux
|
||||
Custom SELinux policy module for adcli to make sure generated Kerberos keytab
|
||||
files have the right SELinux context.
|
||||
%endif
|
||||
|
||||
%define _hardened_build 1
|
||||
|
||||
%prep
|
||||
|
|
@ -73,43 +42,24 @@ autoreconf --force --install --verbose
|
|||
--with-vendor-error-message='Please check\n https://red.ht/support_rhel_ad \nto get help for common issues.' \
|
||||
%endif
|
||||
%{nil}
|
||||
%make_build
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
%make_install
|
||||
make install DESTDIR=%{buildroot}
|
||||
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%if %{with selinux}
|
||||
# SELinux contexts are saved so that only affected files can be
|
||||
# relabeled after the policy module installation
|
||||
%pre selinux
|
||||
%selinux_relabel_pre -s %{selinuxtype}
|
||||
|
||||
%post selinux
|
||||
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp
|
||||
|
||||
%postun selinux
|
||||
if [ $1 -eq 0 ]; then
|
||||
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
||||
fi
|
||||
|
||||
%posttrans selinux
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
%endif
|
||||
|
||||
%files
|
||||
%{_sbindir}/adcli
|
||||
%doc AUTHORS COPYING ChangeLog NEWS README
|
||||
%doc %{_mandir}/*/*
|
||||
|
||||
%package doc
|
||||
Summary: The adcli documentation package
|
||||
Summary: adcli documentation
|
||||
BuildArch: noarch
|
||||
Conflicts: adcli < %{version}-%{release}
|
||||
|
||||
|
|
@ -121,79 +71,7 @@ documentation.
|
|||
%files doc
|
||||
%doc %{_datadir}/doc/adcli/*
|
||||
|
||||
%if %{with selinux}
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
|
||||
|
||||
* Fri Dec 19 2025 Sumit Bose <sbose@redhat.com> - 0.9.3.1-3
|
||||
- Fix issue with restoring SELinux file label
|
||||
|
||||
* Tue Dec 16 2025 Sumit Bose <sbose@redhat.com> - 0.9.3.1-2
|
||||
- Use selinux_requires_min to avoid policycoreutils-python-utils dependency
|
||||
Resolves: rhbz#2422451
|
||||
|
||||
* Tue Dec 09 2025 Sumit Bose <sbose@redhat.com> - 0.9.3.1-1
|
||||
- Rebase to latest upstream version
|
||||
|
||||
* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
|
||||
|
||||
* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
|
||||
|
||||
* Wed Nov 20 2024 Sumit Bose <sbose@redhat.com> - 0.9.2-8
|
||||
- support for Samba's offline join and static analyser fixes
|
||||
|
||||
* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
|
||||
|
||||
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Wed Oct 18 2023 Sumit Bose <sbose@redhat.com> - 0.9.2-4
|
||||
- migrated to SPDX license
|
||||
|
||||
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Thu Sep 29 2022 Sumit Bose <sbose@redhat.com> - 0.9.2-1
|
||||
- Update to upstream release 0.9.2
|
||||
|
||||
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Wed Jul 28 2021 Sumit Bose <sbose@redhat.com> - 0.9.1-9
|
||||
- Add ns_get16() and ns_get32() to configure check
|
||||
Resolves: rhbz#1984891
|
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Mon Jun 28 2021 Sumit Bose <sbose@redhat.com> - 0.9.1-7
|
||||
- Add user-passwd sub-command
|
||||
- Add setattr/delattr option
|
||||
|
||||
* Thu Jun 03 2021 Sumit Bose <sbose@redhat.com> - 0.9.1-6
|
||||
- Add fix for dont-expire-password option
|
||||
|
||||
* Wed Jun 02 2021 Sumit Bose <sbose@redhat.com> - 0.9.1-5
|
||||
- Add dont-expire-password option and coverity fixes
|
||||
|
||||
* Wed Apr 07 2021 Sumit Bose <sbose@redhat.com> - 0.9.1-4
|
||||
- Add macro updates for autoconf-2.71 and downstream gating
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (adcli-0.9.3.1.tar.gz) = 3f501173b5344b38f33a3f65faec9e894da81b44b37bb161da103d8a29459d8807dfe566a5dd0a8c7eec466567b6cca4331c81dd70158b5478a61b03be37355d
|
||||
SHA512 (adcli-0.9.1.tar.gz) = 60562720bf28f2dec06f272bdb875e3486f223e77f8a9e96b3468d17dbebdf9ddabd147d7e65c5de9ba7d4e8c033ad6d28a4012d03297c7de25b78ef4890746d
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue