⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.67
Server IP:
50.6.168.112
Server:
Linux server-617809.webnetzimbabwe.com 5.14.0-570.25.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jul 9 04:57:09 EDT 2025 x86_64
Server Software:
Apache
PHP Version:
8.4.10
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
adcli
/
View File Name :
ChangeLog
# Generate automatically. Do not edit. commit 8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5 Author: Sumit Bose <sbose@redhat.com> Date: 2022-09-28 Release version 0.9.2 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e5fb044164979ccdc6a33f8fecfbea7111b76dff Author: Sumit Bose <sbose@redhat.com> Date: 2022-09-28 Fix issues found by Coverity library/addisco.c | 6 +++++- library/adenroll.c | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) commit 8183e456008b9ddb495143f663ad9d56851aeb19 Author: Sumit Bose <sbose@redhat.com> Date: 2022-01-15 adenroll: set password via LDAP instead Kerberos Use LDAP add/mod operation instead of Kerberos to set the machine account password. There was an issue in AD where if PacRequestorEnforcement was set to '2' setting the machine account password via Kerberos would be rejected. This is already fixed on the AD side bit this patch which was created with the help of David Mulder <dmulder@suse.com> might still be useful if setting the machine account password with Kerberos might fail. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039349 Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 doc/adcli.xml | 22 ++++++++ library/adenroll.c | 148 +++++++++++++++++++++++++++++++++++++++++++++++++---- library/adenroll.h | 4 +- tools/computer.c | 13 ++++- 4 files changed, 175 insertions(+), 12 deletions(-) commit 1a6e1d520ce0376a9a44b649ef08085881c87bb4 Author: Sumit Bose <sbose@redhat.com> Date: 2022-09-16 disco: fall back to LDAPS if CLDAP ping was not successful If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/31 library/adconn.c | 38 +++++++++-- library/adconn.h | 7 ++ library/addisco.c | 193 ++++++++++++++++++++++++++++++++++++++++++++++++++---- library/addisco.h | 6 +- tools/info.c | 4 +- 5 files changed, 226 insertions(+), 22 deletions(-) commit 054b24d5837cb32f94b6b659620caca2b567e4f6 Author: Sumit Bose <sbose@redhat.com> Date: 2022-09-15 tools: replace getpass() Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2124030 Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/10 tools/tools.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) commit 0e1aafad7da78ded9ed45fd0638c42876d2a8d6a Author: Sumit Bose <sbose@redhat.com> Date: 2022-09-15 adenroll: write SID before secret to Samba's db Looks like 'net changesecretpw' expects the SID entry to be present to work correctly. This patch will set the SID before trying to set the machine account password. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1991619 library/adenroll.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit d4a898303957f45ff8662885062d4699e9d89937 Author: nordine vallas <nordine.vallas@gmail.com> Date: 2022-08-31 doc: add clarification to add-member command on doc/adcli.xml doc/adcli.xml | 6 ++++-- tools/entry.c | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) commit 601bb55ff453022dad5c548e9dfb0f11691ee05a Author: Samuel Cabrero <scabrero@suse.de> Date: 2022-08-31 tools: Set umask before calling mkdtemp() When adcli is called from sssd it inherits the sssd's umask (0177) and as the default sssd.service file drops CAP_DAC_OVERRIDE, the result is that the directory is created with mode 0600 and the krb5.conf snippet can't be created even running as root. Signed-off-by: Samuel Cabrero <scabrero@suse.de> tools/tools.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 3d77c47356ef152fcd9345053c6001c861bc5426 Author: Robert Schneider <robert.schneider03@sap.com> Date: 2022-05-09 Avoid undefined behaviour in short option parsing The undefined behaviour lead to clashes / misinterpretation of short options on some systems. Note that glibc for example uses the argument of isalnum etc. as an index into a lookup table. tools/tools.c | 5 +++++ 1 file changed, 5 insertions(+) commit 938065a751c0876eb837a27f8c1443fc7d0d2551 Author: Henning Schild <henning@hennsch.de> Date: 2022-01-11 library: include endian.h for le32toh linking against musl libc we need to include that specifically, actually also according to "man 3 endian". library/adutil.c | 1 + 1 file changed, 1 insertion(+) commit d4ac082c62eb5bd1cf9c7fc5ffaa0f9ac94268a7 Author: Thorsten Scherf <tscherf@redhat.com> Date: 2022-01-04 man: Fix typos and use consistent upper case for some keywords doc/adcli-devel.xml | 4 ++-- doc/adcli.xml | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) commit 39a30d75f2fcf92221a383c461e0db048f5f325f Author: Mikhail T <mi@aldan.algebra.com> Date: 2021-10-19 doc: avoid gnu-make specific usage of $< Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/26 doc/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit e841ba7513f3f8b6393183d2dea9adcbf7ba2e44 Author: Sumit Bose <sbose@redhat.com> Date: 2021-07-28 configure: check for ns_get16 and ns_get32 as well With newer versions of glibc res_query() might ba already available in glibc with ns_get16() and ns_get32() still requires libresolv. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984891 configure.ac | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit cd5b6cdcf3e6bfc5776f2865f460f608421dfa3f Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-14 Add delattr option Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690920 doc/adcli.xml | 11 +++++++++ library/adenroll.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adenroll.h | 4 ++++ tools/computer.c | 9 ++++++++ 4 files changed, 90 insertions(+) commit c5b0cee2976682b4fc1aeb02636cc9f2c6dbc2a5 Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-14 Add setattr option With the new option common LDAP attributes can be set. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690920 doc/adcli.xml | 34 +++++++++++ library/adenroll.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++++- library/adenroll.h | 4 ++ tools/computer.c | 10 ++++ 4 files changed, 216 insertions(+), 1 deletion(-) commit 6a673b236dfdfdf9c73cc3d2ccf3949eb1a5ddd0 Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-11 entry: add passwd-user sub-command The new command allows to set or reset a user password with the help of an account privileged to set the password. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1952828 doc/adcli.xml | 20 ++++++++ library/adentry.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adentry.h | 3 ++ tools/entry.c | 99 +++++++++++++++++++++++++++++++++++++++ tools/tools.c | 1 + tools/tools.h | 4 ++ 6 files changed, 265 insertions(+) commit 7148ab196d0a96ede9b5ef463b0481d0fe372b21 Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-11 adcli_entry: add entry_attrs with userAccountControl attribute library/adentry.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit a7a40ce4f47fe40305624b6d86c135b7d27c387d Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-11 library: move UAC flags to a more common header file library/adenroll.c | 8 -------- library/adprivate.h | 8 ++++++++ 2 files changed, 8 insertions(+), 8 deletions(-) commit 0d8482d4ed83677424f6c9428672d225bfdfe4d9 Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-03 Fix for dont-expire-password option and join Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1769644 library/adenroll.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a78116ba0e608050f391223bad3834d48c9adf1b Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-02 Add dont-expire-password option Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1769644 doc/adcli.xml | 28 ++++++++++++++++++++++++++++ library/adenroll.c | 44 +++++++++++++++++++++++++++++++++++++++++++- library/adenroll.h | 4 ++++ tools/computer.c | 12 ++++++++++++ 4 files changed, 87 insertions(+), 1 deletion(-) commit 3c652910d05616ee12c710e2071fc884dde4eaea Author: Sumit Bose <sbose@redhat.com> Date: 2021-06-02 coverity: add missing NULL checks library/adenroll.c | 2 ++ library/adldap.c | 7 +++++++ 2 files changed, 9 insertions(+) commit a8492d71a6db8565544444eef11de8c733c95ef8 Author: Sumit Bose <sbose@redhat.com> Date: 2021-04-06 configure: update some macros for autoconf-2.71 configure.ac | 10 +++++----- library/Makefile.am | 2 +- tools/Makefile.am | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) commit 0353d704879f20983184f8bded4f16538d72f7cc Author: Sumit Bose <sbose@redhat.com> Date: 2021-03-10 build: add --with-vendor-error-message configure option With the new configure option --with-vendor-error-message a packager or a distribution can add a message if adcli returns with an error. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889386 configure.ac | 15 +++++++++++++++ tools/tools.c | 6 ++++++ 2 files changed, 21 insertions(+) commit 9027d9d1aea9db61e37e14c5f9078e89fa39ef5e Author: Sumit Bose <sbose@redhat.com> Date: 2021-02-20 Bump version number NEWS | 10 ++++++++++ configure.ac | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) commit 910adb4ec4f5ea4ea8c491afe09c6984dbad2796 Author: Sumit Bose <sbose@redhat.com> Date: 2021-02-19 Add account-disable option A new option was added to 'adcli update' toggle the ACCOUNTDISABLE flag of AD's userAccountControl LDAP attribute to disable or enable the given host account. 'adcli join' will automatically enable the host account. Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/21 doc/adcli.xml | 6 ++++++ library/adenroll.c | 42 +++++++++++++++++++++++++++++++++++++----- library/adenroll.h | 4 ++++ tools/computer.c | 13 +++++++++++++ 4 files changed, 60 insertions(+), 5 deletions(-) commit 637cc53953ef61c90530ae5eaf26eb4911336465 Author: Sumit Bose <sbose@redhat.com> Date: 2020-12-10 service-account: fix typo in the man page entry Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1906303 doc/adcli.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b94f9712378b8f1fa1bc530c64cb987abb0c43b Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-27 service-account: add random suffix to account name Add a random component to the default managed service account name to avoid name collisions. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 library/adenroll.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) commit 2a695dfe09cafeee3a648d3b969c364f8d3f494f Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-27 enroll: allow fqdn for locate_computer_account Make it possible to find existing manages service account by the fully-qualified name. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 library/adenroll.c | 45 +++++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 14 deletions(-) commit 81c98e367ba4bc8d77668acd31e462ad31cf12be Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-27 enroll: make adcli_enroll_add_keytab_for_service_account public Determine keytab name more early to catch errors more early. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 library/adenroll.c | 13 +++++++------ library/adenroll.h | 2 ++ tools/computer.c | 6 ++++++ 3 files changed, 15 insertions(+), 6 deletions(-) commit 2750f536ac6746756335eec8332060d2365a4126 Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-27 enroll: more filters for random characters Make handling of random strings more flexible. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 library/adenroll.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) commit eea6a8071b5e5df74808903bb15b30acf820ce3f Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-23 enroll: use 'computer' or 'service' in debug messages Use proper account type in debug messages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 library/adenroll.c | 115 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 43 deletions(-) commit 41379f7ad6a9442dd55cc43d832427911e86db31 Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-23 computer: add create-msa sub-command Add new sub-command to create a managed service account in AD. This can be used if LDAP access to AD is needed but the host is already joined to a different domain. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 doc/adcli.xml | 140 +++++++++++++++++++++++++++++++++++++++++++++ library/adenroll.c | 164 +++++++++++++++++++++++++++++++++++++++++++++-------- tools/computer.c | 125 ++++++++++++++++++++++++++++++++++++++++ tools/tools.c | 1 + tools/tools.h | 4 ++ 5 files changed, 409 insertions(+), 25 deletions(-) commit 4e4dbf8d2b437808863f8be85e7f30865d88c7fc Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-23 enroll: add is_service member Add helpers to indicate a managed service account. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112 library/adenroll.c | 17 +++++++++++++++++ library/adenroll.h | 4 ++++ 2 files changed, 21 insertions(+) commit fa5c5fb4f8e7bcadf3e5a3798bd060720fd35eaa Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-20 doc: explain required AD permissions When using a restricted account with adcli some operations might fail because the account might not have all required permissions. The man page is extended and now explains which permissions are needed under given circumstances. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1852080 Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/20 doc/Makefile.am | 10 ++++ doc/adcli.xml | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adenroll.c | 30 +++++++----- 3 files changed, 160 insertions(+), 12 deletions(-) commit beb7abfacc0010987d2cd8ab70f7c373d309eed9 Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-15 join/update: set dNSHostName if not set If during a join or update an existing AD computer object does not have the dNSHostName attribute set it will be set with the current hostname. This is important for cases where the user doing the join or update only has "Validated write to service principal name" for the computer object. The validated write with fully-qualified names can only be successful if dNSHostName is set, see [MS-ADTS] section 3.1.1.5.3.1.1.4 "Validated Writes - servicePrincipalName" for details. Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1734764 library/adenroll.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 76ca1e6737742208d83e016d43a3379e378f8d90 Author: Sumit Bose <sbose@redhat.com> Date: 2020-10-14 tools: add missing use-ldaps option to update and testjoin When adding the use-ldaps option the update and testjoin sub-commands were forgotten. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1883467 tools/computer.c | 2 ++ 1 file changed, 2 insertions(+) commit 88fbb7e2395dec20b37697a213a097909870c21f Author: Sumit Bose <sbose@redhat.com> Date: 2020-08-13 man: make handling of optional credential cache more clear The optional Kerberos credential cache can only be used with the long option name --login-ccache and not with the short version -C. To make this more clear each option get its own entry. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791545 doc/adcli.xml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 93a39bd12db11dd407676f428cfbc30406a88c36 Author: Sumit Bose <sbose@redhat.com> Date: 2020-06-15 man: explain optional parameter of login-ccache better Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791545 doc/adcli.xml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit d70075c597e7ebc1683d407409c45b04110676a0 Author: Sumit Bose <sbose@redhat.com> Date: 2020-06-15 tools: fix typo in show-password help output Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791611 tools/computer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 50d580c58dab5928cadfc6ca82aedccee58eaced Author: Sumit Bose <sbose@redhat.com> Date: 2020-06-05 tools: disable SSSD's locator plugin MIT's libkrb5 checks available locator plugins first before checking the config file. This might cause issues when the locator plugin returns a different DC than the one used for the LDAP connection if some data must be replicated. This patch sets the SSSD_KRB5_LOCATOR_DISABLE environment variable to 'true' to disable SSSD's locator plugin for adcli. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762633 tools/tools.c | 2 ++ 1 file changed, 2 insertions(+) commit 40d3be22f6e518e4354aa7c3d0278291fcbed32f Author: Sumit Bose <sbose@redhat.com> Date: 2020-06-05 delete: do not exit if keytab cannot be read Reading the keytab is not required when deleting a host object in AD. It is only needed in the case where the host was added with a manual set NetBIOS name (--computer-name option) which does not match the short hostname and no computer name was given at the delete-computer command line. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1840752 tools/computer.c | 2 -- 1 file changed, 2 deletions(-) commit 08bac0946de29f3e5de90743ce6dfc7118d4ad20 Author: Sumit Bose <sbose@redhat.com> Date: 2020-02-11 discovery fix Do not continue processing on closed connection. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1802258 library/addisco.c | 1 + 1 file changed, 1 insertion(+) commit 85097245b57f190337225dbdbf6e33b58616c092 Author: Sumit Bose <sbose@redhat.com> Date: 2019-12-19 add option use-ldaps In general using the LDAP port with GSS-SPNEGO should satifiy all requirements an AD DC should have for authentication on an encrypted LDAP connection. But if e.g. the LDAP port is blocked by a firewall using the LDAPS port with TLS encryption might be an alternative. For this use case the --use-ldaps option is added. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420 doc/adcli.xml | 24 +++++++++++++++++ library/adconn.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++------- library/adconn.h | 4 +++ tools/computer.c | 10 +++++++ tools/entry.c | 11 ++++++++ 5 files changed, 119 insertions(+), 9 deletions(-) commit a6f795ba3d6048b32d7863468688bf7f42b2cafd Author: Sumit Bose <sbose@redhat.com> Date: 2019-10-11 Use GSS-SPNEGO if available Currently adcli uses the GSSAPI SASL mechanism for LDAP authentication and to establish encryption. While this works in general it does not handle some of the more advanced features which can be required by AD DCs. The GSS-SPNEGO mechanism can handle them and is used with this patch by adcli if the AD DC indicates that it supports it. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420 library/adconn.c | 35 ++++++++++++++++++++++++++++++++++- library/adconn.h | 3 +++ 2 files changed, 37 insertions(+), 1 deletion(-) commit 3937a2a7db90611aa7a93248233b0c5d31e85a3e Author: Sumit Bose <sbose@redhat.com> Date: 2019-11-27 add description option to join and update This new option allows to set the description LDAP attribute for the AD computer object. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342 doc/adcli.xml | 10 ++++++++++ library/adenroll.c | 29 +++++++++++++++++++++++++++++ library/adenroll.h | 4 ++++ tools/computer.c | 7 +++++++ 4 files changed, 50 insertions(+) commit 0a169bd9b2687293f74bb57694eb82f9769610c9 Author: Sumit Bose <sbose@redhat.com> Date: 2019-11-27 tools: add show-computer command The show-computer command prints the LDAP attributes of the related computer object from AD. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342 doc/adcli.xml | 28 ++++++++++++++++ library/adenroll.c | 78 ++++++++++++++++++++++++++++++++++----------- library/adenroll.h | 5 +++ tools/computer.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/tools.c | 1 + tools/tools.h | 4 +++ 6 files changed, 191 insertions(+), 18 deletions(-) commit d2d3879bdfcea70757a8b0527882e79e8b5c6e70 Author: Sumit Bose <sbose@redhat.com> Date: 2019-11-27 man: move note to the right section Unfortunately the note about the password lifetime was added to the join section. This patch move it to the update section where it belongs to. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573 https://bugzilla.redhat.com/show_bug.cgi?id=1745931 https://bugzilla.redhat.com/show_bug.cgi?id=1774622 doc/adcli.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 1b1528038e084a9f81ea108cffca9c2707623b9c Author: Sumit Bose <sbose@redhat.com> Date: 2019-09-03 Release version 0.9.0 NEWS | 19 +++++++++++++++++++ configure.ac | 6 +++--- 2 files changed, 22 insertions(+), 3 deletions(-) commit 2edc26afda17db1a92703deb16658e9de9f79e14 Author: Sumit Bose <sbose@redhat.com> Date: 2019-09-03 doc: add missing samba_data_tool_path.xml(.in) to EXTRA_DIST doc/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) commit 9b187095edb8c914238419ed51fef6041864f4fc Author: Sumit Bose <sbose@redhat.com> Date: 2019-08-26 doc: explain how to force password reset Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573 doc/adcli.xml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 158468507bb723aa62196846749c23c121d4b298 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-08 Do not use arcfour-hmac-md5 when discovering the salt Since the arcfour-hmac-md5 encryption types does not use salts it cannot be used to discover the right salt. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1683745 library/adkrb5.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) commit 5da6d34e2659f915e830932fd366c635801ecd91 Author: Sumit Bose <sbose@redhat.com> Date: 2019-08-12 Fix for issue found by Coverity Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3 library/adenroll.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit cc3ef52884a48863a81acbfc741735fe09cd85f7 Author: Sumit Bose <sbose@redhat.com> Date: 2019-06-13 adenroll: use only enctypes permitted by Kerberos config Realted to https://gitlab.freedesktop.org/realmd/adcli/issues/3 doc/adcli.xml | 10 ++++++++++ library/adenroll.c | 22 +++++++++++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) commit 0c09070e8beec734e3f0c70e14b0a04788077b73 Author: Sumit Bose <sbose@redhat.com> Date: 2019-06-13 adenroll: add adcli_enroll_get_permitted_keytab_enctypes with tests The new call does not only return the current encryption types set in AD or a default list but filters them with the list of permitted encryption types on the client. This makes sure the client can create and use the keys. Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3 library/Makefile.am | 5 +++ library/adenroll.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adenroll.h | 2 + 3 files changed, 131 insertions(+) commit 2fc259a88be618871cea8ff8b8a13bd3e040aea4 Author: Sumit Bose <sbose@redhat.com> Date: 2019-06-13 adconn: add adcli_conn_set_krb5_context Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3 library/adconn.c | 13 +++++++++++++ library/adconn.h | 3 +++ 2 files changed, 16 insertions(+) commit 341974aae7d0755fc32a0b7e2b34d8e1ef60d195 Author: Sumit Bose <sbose@redhat.com> Date: 2018-12-20 adenroll: make sure only allowed enctypes are used in FIPS mode Related to https://bugzilla.redhat.com/show_bug.cgi?id=1717355 library/adenroll.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) commit f127ddef23a532cd9763190527bf79b4e47fa2ab Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-08 tools: computer - remove errx from parse_option Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/computer.c | 128 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 80 insertions(+), 48 deletions(-) commit d9912e19e48ec482351b9c384140ad71922ec5c0 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-08 tools: entry - remove errx from parse_option Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/entry.c | 70 +++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 23 deletions(-) commit b8f5d995d30c17eb8bec3ac5e0777ea94f5b76c3 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-15 tools: remove errx from setup_krb5_conf_directory Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/tools.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) commit 251d7d0c71226afb8e51f7bc5794a7a3164f5a20 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-15 tools: remove errx from adcli_read_password_func Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/tools.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 4794812cc98c8783921f534d20dae8b44f3826d2 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-15 tools: remove errx from info commands Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/info.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) commit cac0fa9df8888245399f2db187e05e31f93d1471 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-15 tools: remove errx from user and group commands Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/entry.c | 232 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 154 insertions(+), 78 deletions(-) commit fa7926c7a9d92bc7c42c610ba6f1706c635aa901 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-15 tools: remove errx from computer commands Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/computer.c | 166 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 107 insertions(+), 59 deletions(-) commit 4950d7aef2bd584d239cb0ec031734f261851af9 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-08 Revert "tools: properly release internal data on error" This reverts commit 41fdcb1af885d99a91e27406e9343b322f67756a. tools/computer.c | 39 +++------------------------------------ 1 file changed, 3 insertions(+), 36 deletions(-) commit a64cce9830c2e9c26e120f671b247ee71b45c888 Author: Sumit Bose <sbose@redhat.com> Date: 2019-04-12 library: add missing strdup In add_server_side_service_principals _adcli_strv_add_unique is called which only adds a string to a list without copying to. Since the original list will be freed later the value must be copied. This issue was introduce with 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 and hence Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187 library/adenroll.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6fd99ff6c5dd6ef0be8d942989b1c6dcee3102d9 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-22 Implement 'adcli testjoin' By calling adcli testjoin it will be checked if the host credentials stored in the keytab are still valid. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1622583 doc/adcli.xml | 34 ++++++++++++++++++++++++++ tools/computer.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/tools.c | 1 + tools/tools.h | 4 ++++ 4 files changed, 111 insertions(+) commit 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-22 library: make sure server side SPNs are preserved adcli should not delete service principal names (SPNs) unexpectedly. If a SPN was added on the server while presetting a host or updating an existing entry and upcoming adcli join or update should preserver this change. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187 library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) commit 10a4dbb5978b6f05cf75f820d97da908e735ace8 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-22 library: _adcli_krb5_build_principal allow principals as names Make _adcli_krb5_build_principal a bit more robust by checking if the given name already contains a realm suffix. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187 library/adkrb5.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit e1b45e66bc185f5db4c252e1f3fb1b4400b4538e Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-22 library: make _adcli_strv_has_ex public Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187 library/adprivate.h | 4 ++++ library/adutil.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 3a84c2469c31967bc22c0490456f07723ef5fc86 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-20 ensure_keytab_principals: do not leak memory when called twice Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187 library/adenroll.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) commit 4987a21f4839ab7ea50e932c72df05075efb89b3 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-21 library: return error if no matching key was found To avoid a misleading debug message indicating success a proper erro code should be returned the no matching key was found when trying to copy an keytab entry for a new principal. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311 library/adkrb5.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit cd296bf24e7cc56fb8d00bad7e9a56c539894309 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-19 join: always add service principals If currently --service-name is given during the join only the service names given by this option are added as service principal names. As a result the default 'host' service principal name might be missing which might cause issues e.g. with SSSD and sshd. The patch makes sure the default service principals 'host' and 'RestrictedKrbHost' are always added during join. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311 library/adenroll.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) commit 408880a11879b1a57a450e25c77ef2e310bdffd5 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-18 create-user: try to find NIS domain if needed Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2 doc/adcli.xml | 4 +++- library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ library/adentry.h | 2 ++ tools/entry.c | 16 ++++++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) commit 1457b4a7623a8ae58fb8d6a652d1cc44904b8863 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-18 create-user: add nis-domain option Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2 doc/adcli.xml | 8 ++++++++ tools/entry.c | 6 ++++++ 2 files changed, 14 insertions(+) commit 85b835f8258a57e3b23de47a255dddd822d5bfb3 Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-15 library: use getaddrinfo with AI_CANONNAME to find a FQDN Currently adcli creates service principals only with a short name if the hostname of the client is a short name. This would fail is Kerberos/GSSAPI clients will use the fully-qualified domain name (FQDN) to access the host. With this patch adcli tries to expand the short name by calling getaddrinfo with the AI_CANONNAME hint. Related to https://gitlab.freedesktop.org/realmd/adcli/issues/1 doc/adcli.xml | 6 +++++- library/adconn.c | 30 +++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) commit 5cf1723c308e21cdbe9b98ed2aaa42cb997456fb Author: Sumit Bose <sbose@redhat.com> Date: 2019-03-15 Increment kvno after password change with user creds Originally only the host credential part was fixed in the context of https://bugs.freedesktop.org/show_bug.cgi?id=91185. This patch adds the fix to the case when user credentials are used. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1642546 library/adenroll.c | 4 ++++ 1 file changed, 4 insertions(+) commit 41fdcb1af885d99a91e27406e9343b322f67756a Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-28 tools: properly release internal data on error Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1588596 tools/computer.c | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) commit 0c027538f398b3823bedbfbf5f388ad97784a0ec Author: Sumit Bose <sbose@redhat.com> Date: 2018-11-16 adenroll: use _adcli_strv_add_unique for service principals Check if service principals is already in the list before adding it. Related to https://gitlab.freedesktop.org/realmd/adcli/issues/16 library/adenroll.c | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) commit 85d127fd52a8469f9f3ce0d1130fe17e756fdd75 Author: Sumit Bose <sbose@redhat.com> Date: 2018-11-16 adutil: add _adcli_strv_add_unique _adcli_strv_add_unique checks is the new value already exists in the strv before adding it. Check can be done case-sensitive or not. Related to https://gitlab.freedesktop.org/realmd/adcli/issues/16 library/adprivate.h | 5 +++++ library/adutil.c | 65 +++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 61 insertions(+), 9 deletions(-) commit 4bc96c69fbb93eb1fe9fcef6c6d942c296852e03 Author: George Hartzell <ghartzell@audentestx.com> Date: 2019-01-14 samba-data-tool needs to take an argument See https://gitlab.freedesktop.org/realmd/adcli/issues/15 tools/computer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0a0d0f66409eb83e06b7dc50543c2f6c15a36bc4 Author: Alexey A Nikitin <nikitin@amazon.com> Date: 2018-10-29 Make 'adcli info' DC location mechanism more compliant with [MS-ADTS] and [MS-NRPC] AD specifications say that DC locator must attempt to find a suitable DC for the client. That means going through all of the DCs in SRV RRs one by one until one of them answers. The problem with adcli's original behavior is that it queries only five DCs from SRV, ever. This becomes a problem if for any reason there is a large number of DCs in the domain from which the client cannot get a CLDAP response. library/addisco.c | 146 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 94 insertions(+), 52 deletions(-) commit 3c93c96eb6ea2abd3869921ee4c89e1a4d9e4c44 Author: Sumit Bose <sbose@redhat.com> Date: 2018-08-14 Fix for issues found by Coverity library/adenroll.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 6686c72985bc14adecf9e7db6c5fea891b7a5ef5 Author: Sumit Bose <sbose@redhat.com> Date: 2018-08-13 Do not depend on default_realm in krb5.conf library/adenroll.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 185a8b7378665d1d0ef7dd4d5a78438459bad9e0 Author: Sumit Bose <sbose@redhat.com> Date: 2018-08-08 _adcli_call_external_program: silence noisy debug message library/adutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1143163c367b8473dc3d0ea696eed3c30ccd634b Author: Sumit Bose <sbose@redhat.com> Date: 2018-07-05 doc: fix typos in the adcli man page Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1440533 doc/adcli.xml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) commit f448aeaebb39efa300f05ef3c2bb8b2e8f18fb82 Author: Sumit Bose <sbose@redhat.com> Date: 2018-08-13 Do not add service principals twice library/adenroll.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) commit bb828f22f76d5281c6bb3724fbdee3916e178407 Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-14 Add add-service-principal and remove-service-principal options Currently it is only possible to specific a service name for service principals but not to set the full service principal. This is e.g. needed if there is a service running on a host which should be reachable by a different DNS name as well. With this patch service principal can be added and removed by specifying the full name. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547014 doc/adcli.xml | 21 ++++++++ library/adenroll.c | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++-- library/adenroll.h | 8 +++ library/adldap.c | 16 ++++-- tools/computer.c | 13 +++++ 5 files changed, 189 insertions(+), 8 deletions(-) commit 163730cf8c91fc8dc4f44eb1eca45daa3abf3ed8 Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-14 util: add _adcli_strv_remove_unsorted Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547014 library/adprivate.h | 4 ++ library/adutil.c | 21 ++++++++ library/seq.c | 149 +++++++++++++++++++++++++++++++++++++++++++++++++--- library/seq.h | 12 +++++ 4 files changed, 179 insertions(+), 7 deletions(-) commit 6ea7637f75c3ec74f2ee196f2f599643b34b3c14 Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-11 join: add all attributes while creating computer object It is possible to create special accounts which can only join a computer to a domain but is not allowed to do any further operations which the computer object. As a result if such an account is used during the join only the ldapadd operation is permitted but not any later ldapmodify operation. To create the computer object correctly in this case all attributes must be added while the object is created and not later. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1542354 library/adenroll.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) commit 19c56937a7e2a1e2fd184c131587377bc2d24fbb Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-06 Calculate enctypes in a separate function Related to https://bugzilla.redhat.com/show_bug.cgi?id=1542354 library/adenroll.c | 137 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 81 insertions(+), 56 deletions(-) commit 8396b9bca05fec8022758c6930f1e594252ae296 Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-04 update: allow to add service names Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013 https://bugzilla.redhat.com/show_bug.cgi?id=1545568 library/adenroll.c | 136 +++++++++++++++++++++++++++++++++------------------- library/adkrb5.c | 113 +++++++++++++++++++++++++++++++++++++++++++ library/adprivate.h | 6 +++ 3 files changed, 206 insertions(+), 49 deletions(-) commit 32d8f994120cbb9b5b8b4bb1f7e80798bf82da20 Author: Sumit Bose <sbose@redhat.com> Date: 2018-06-01 Only update attributes given on the command line When updating attributes of the LDAP computer object we only want to update attributes which are related to options given on the command line. Otherwise a simple call of 'adcli update' to check if the machine account password needs an update might unexpectedly reset other attributes as well. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013 https://bugzilla.redhat.com/show_bug.cgi?id=1545568 https://bugzilla.redhat.com/show_bug.cgi?id=1538730 library/adenroll.c | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) commit b1da8a2fbe739cc8754de712711d84956848a7ea Author: Sumit Bose <sbose@redhat.com> Date: 2018-05-31 Add trusted-for-delegation option Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1538730 doc/adcli.xml | 14 ++++++++++ library/adenroll.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- library/adenroll.h | 4 +++ tools/computer.c | 12 ++++++++ 4 files changed, 108 insertions(+), 2 deletions(-) commit 12e13aaea8ab999540ad62e91829fc3d1815fac1 Author: Sumit Bose <sbose@redhat.com> Date: 2018-08-08 fix typo in flag value library/adenroll.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b31d18c574e820d50c80e6973e8d6031a305410 Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 Fix memory leak in test_check_nt_time_string_lifetime The test added with 650e5d33ef31437a049fb454ad3dc5457c56abe7 introduced a small memory leak. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> library/adutil.c | 1 + 1 file changed, 1 insertion(+) commit 9fa4b8d2bd98525212a019bfa62c2f132614faba Author: Sumit Bose <sbose@redhat.com> Date: 2018-02-01 make Samba data tool configurable Allow to specify an alternative path to Samba's net utility at configure time and at run time. https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> .gitignore | 1 + configure.ac | 13 ++++++++++++ doc/adcli.xml | 21 ++++++++++++++++++- doc/samba_data_tool_path.xml.in | 1 + library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++------- library/adenroll.h | 5 +++++ tools/computer.c | 16 ++++++++++++++ 7 files changed, 95 insertions(+), 8 deletions(-) commit a79e03c5a559389c5c9c0e9d72831e5fe5c62f54 Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 tools: store Samba data if requested Use Samba's net utility to add the machine account password and the domain SID to the Samba configuration. https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> library/adenroll.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit 9e2be6f374d6d9107a34acfcd6fa551190d756d5 Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 tools: add option --add-samba-data https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> doc/adcli.xml | 30 ++++++++++++++++++++++++++++++ library/adenroll.h | 1 + tools/computer.c | 12 ++++++++++++ 3 files changed, 43 insertions(+) commit 839ab7f8248aea897ae95b20d8bb79222c4bf21e Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 library: add adcli_conn_get_domain_sid() https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> library/adconn.c | 8 ++++++++ library/adconn.h | 2 ++ tools/computer.c | 1 + 3 files changed, 11 insertions(+) commit d00590ada9094c47ed39e4e3a4e1d80bff126f8f Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 library: add lookup_domain_sid() Read the domain SID from the default naming context AD object and store it in adcli_conn. https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> library/adconn.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit 64fb4f01d38c0f01554bc35e949ba4838247c72e Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 library: add _adcli_ldap_parse_sid() Get a binary SID from a LDAP message and return it in the string representation. https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> library/adldap.c | 24 ++++++++++++++++++++++++ library/adprivate.h | 4 ++++ 2 files changed, 28 insertions(+) commit e25c49fc8be4df614e74a98e0d5dfecbf0af6020 Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 library: add _adcli_call_external_program() Allow adcli to call an external program given by an absolute path name and an array of options. stdin and stdout can be used if needed. https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> configure.ac | 28 +++++++ library/adprivate.h | 6 ++ library/adutil.c | 211 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 245 insertions(+) commit 2f08e7992d484563c29a1db979e2a95691dbb170 Author: Sumit Bose <sbose@redhat.com> Date: 2018-01-30 library: add _adcli_bin_sid_to_str() Convert a binary SID to the string representation. https://bugs.freedesktop.org/show_bug.cgi?id=100118 https://gitlab.freedesktop.org/realmd/adcli/issues/6 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> library/adprivate.h | 4 ++ library/adutil.c | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) commit 4edc04768f6b28312404312e7012c700661a4ee3 Author: Sumit Bose <sbose@redhat.com> Date: 2017-11-01 Handle kvno increment for RODCs Since the actual password change does not happen on the read-only domain controller (RODC) the kvno change has to be replicated back which might take some time. So we check the kvno before and after the change if we are connected to a RODC and increment the kvno if needed. library/adenroll.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) commit d9721f64ca3bb3467898c06aa8470aec73a0d0d8 Author: Sumit Bose <sbose@redhat.com> Date: 2017-11-01 library: add adcli_conn_is_writeable() library/adconn.c | 11 +++++++++++ library/adconn.h | 2 ++ 2 files changed, 13 insertions(+) commit 8bfeba525a104f39c9ede7601035d934cd062437 Author: Sumit Bose <sbose@redhat.com> Date: 2017-11-01 doc: explain that all credential cache types are supported doc/adcli.xml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 99b2d00ea848db46898ae111a10739f9a9c7bf3e Author: Striker Leggette <striker@redhat.com> Date: 2017-11-01 correct spelling of 'adcli_tool_computer_delete' description tools/tools.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 90c1e96cf3eea8718aa97a6fb97aa2029ef64670 Author: Sumit Bose <sbose@redhat.com> Date: 2016-08-24 Use strdup() if offsets are used Strings with an offset to the original starting point must be copied because otherwise they cannot be properly freed later. library/adenroll.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7c95c61a86c5801d551d1042900b0e2e671891ce Author: Sumit Bose <sbose@redhat.com> Date: 2016-08-24 Remove upper-case only check when looking for the NetBIOS name It is a convention to use only upper-case letters for NetBIOS names but it is not enforced on the AD-side. With the new option to specify a random NetBIOS name it is possible to create host entries in AD with lower-case letters in the name. To properly determine the name from the keytab the upper-case check should be dropped. library/adenroll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 85146804c219b2d4a62f315a0988536af7a53911 Author: Joakim Tjernlund <joakim.tjernlund@infinera.com> Date: 2017-03-30 Move the empty client site check Currently this check will SEGV(NULL ptr access) if the parsing of Netlogon discovery data fails. Move the empty check to where the disco ptr is always valid. Add a log msg too. Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> https://bugs.freedesktop.org/show_bug.cgi?id=100466 library/addisco.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 213116ea8a16a10f4def750d92095c250b51def7 Author: Sumit Bose <sbose@redhat.com> Date: 2016-10-07 Handle empty string in client site name parse_disco_string() returns an empty string if there is no client site name in the NetLogon reply. Later in the code only a NULL check is used to check for a missing client site name. To make sure the empty string is not used as client site name it should be replaced with NULL. https://bugs.freedesktop.org/show_bug.cgi?id=98143 library/addisco.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 2fd6c6abd329efc06a487bc64a3ba804ffacfeee Author: Stef Walter <stefw@redhat.com> Date: 2016-08-01 Bump version number NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 84b2c879736d4e2481407cdcd23dae0515dcd258 Author: Sumit Bose <sbose@redhat.com> Date: 2016-07-25 delete: use keytab data to determine realm and NetBIOS name https://bugzilla.redhat.com/show_bug.cgi?id=1359773 tools/computer.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 40acf5f12379c8e7c86f2fec34e1e276ede5ef47 Author: Stef Walter <stefw@redhat.com> Date: 2016-06-16 doc: Update the documentation about the default kerberos cache https://bugs.freedesktop.org/show_bug.cgi?id=96544 doc/adcli.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit c334771f214e6f0cc2f13edf1032389e7bf74684 Author: Sumit Bose <sbose@redhat.com> Date: 2016-05-13 Remove \n or \r\n from stdin password https://bugs.freedesktop.org/show_bug.cgi?id=78448 tools/tools.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 83230282a3b8999d83afb04563589b38420cfa0e Author: Gerard Weatherby <GWeatherby@uchc.edu> Date: 2016-01-28 Patch to adcli.xml to fix documentation error https://bugs.freedesktop.org/show_bug.cgi?id=93913 doc/adcli.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 836dcc4ef75d6ae46661e61be73c8b7737f85f68 Author: Stef Walter <stefw@redhat.com> Date: 2016-04-14 library: Fix check for EAGAIN or EINTR https://bugs.freedesktop.org/show_bug.cgi?id=71257 library/adutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 89ff7a711e2c0490131a5c1964e0d18acd530a76 Author: Stef Walter <stefw@redhat.com> Date: 2016-01-19 Bump version number NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 38050e8b593f9587fa5759c6bb717063aa22063a Author: Sumit Bose <sbose@redhat.com> Date: 2016-01-18 Add missing - in adcli man page https://bugzilla.redhat.com/show_bug.cgi?id=1296971 doc/adcli.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 650e5d33ef31437a049fb454ad3dc5457c56abe7 Author: Sumit Bose <sbose@redhat.com> Date: 2016-01-18 Force renewal if password lifetime is 0 even with clock skew https://bugzilla.redhat.com/show_bug.cgi?id=1290731 library/adutil.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 16a6f2e4d28b88bd2d2a1e1e51bde96e8aa0c8ae Author: Stef Walter <stefw@redhat.com> Date: 2015-12-17 Bump version number for release NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 253f37d71f6d42d5055dde6bb17f17805cc3a740 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-11 update: set login keytab based on command line options This fixes a recent regression introduced by: commit ec1fd29641e9f4638d00e3ccaaa20927d126aa9d Allow additional ccache for updates https://bugs.freedesktop.org/show_bug.cgi?id=93400 tools/computer.c | 1 + 1 file changed, 1 insertion(+) commit 6747efc6ae5fea6844ae13a6c0c7da3e30db89c1 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-11 seq_remove: remove redundant NULL check https://bugs.freedesktop.org/show_bug.cgi?id=93399 library/seq.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit aafcc55a6246ba7bcd99ce9dd9f70102dc0f4557 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-11 tools: Add missing break Reviewed-by: Stef Walter <stefw@redhat.com> tools/tools.c | 1 + 1 file changed, 1 insertion(+) commit 3c0a8e6562a22cd38d9d375ee97857dd83fd8f4d Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-11 Make sure res is set in prep_kerberos_and_kinit() Reviewed-by: Stef Walter <stefw@redhat.com> library/adconn.c | 3 +++ 1 file changed, 3 insertions(+) commit eeceff4fab74afa932f6f54686e110119dbbfa9f Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-11 Set umask before calling mkstemp() Reviewed-by: Stef Walter <stefw@redhat.com> library/adconn.c | 4 ++++ 1 file changed, 4 insertions(+) commit 8903f339fdf9d06f960cd5bfa05e804a4b1e7507 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-11 Use reproducible IDs in documentation Reviewed-by: Stef Walter <stefw@redhat.com> doc/adcli.xml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit 2ef4256dc4c6024a3a19e4195d6afce88a624e68 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-09 Call adcli_conn_connect() only once Reviewed-by: Stef Walter <stefw@redhat.com> library/adenroll.c | 8 -------- 1 file changed, 8 deletions(-) commit de8c7d6b6f2aec7cab535132cafbc664c19ff418 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-04 Check host password lifetime https://bugs.freedesktop.org/show_bug.cgi?id=93282 doc/adcli.xml | 7 ++++++ library/adenroll.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++------ library/adenroll.h | 5 +++++ library/adprivate.h | 2 ++ library/adutil.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++ library/adutil.h | 1 + tools/computer.c | 18 +++++++++++++++ 7 files changed, 149 insertions(+), 7 deletions(-) commit a96e9ef412ad24c06eaa54cf8460bce1a9a7f759 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-08 doc: add update sub-command to man page https://bugs.freedesktop.org/show_bug.cgi?id=92908 doc/adcli.xml | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) commit e56592b6516f301a2d28cd91b7a67becc6048eab Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-04 Increment kvno after password change https://bugs.freedesktop.org/show_bug.cgi?id=91185 library/adenroll.c | 4 ++++ 1 file changed, 4 insertions(+) commit eadeb5b04afe11750fbfcf3b8534ab8dbb71a8ca Author: Sumit Bose <sbose@redhat.com> Date: 2015-11-30 Coverity fixes https://bugs.freedesktop.org/show_bug.cgi?id=93222 Signed-off-by: Stef Walter <stefw@redhat.com> * Revert changes for resource cleanup in unexpected conditions See above bug for explanation. * Some whitespace fixes. library/adenroll.c | 20 +++++++++++++------- tools/computer.c | 6 ++++++ tools/entry.c | 2 ++ tools/tools.c | 6 ++++-- 4 files changed, 25 insertions(+), 9 deletions(-) commit c4891294f76dee86081d3d59aedb560aac4dab0f Author: Stef Walter <stefw@redhat.com> Date: 2015-12-07 Teach coverity about unexpected preconditions adcli treats unexpected failures (such as most memory allocation failures) differently from expected, possible failures. We don't do cleanup after the former. This patch tells Coverity that we don't expect these code paths to have defined behavior. https://bugs.freedesktop.org/show_bug.cgi?id=93222 library/adutil.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0450a0754d856a43e85bca252c1f35b1bd74c2cf Author: Stef Walter <stefw@redhat.com> Date: 2015-12-07 library: Don't automatically connect to kerberos For the adconn code, expect that adcli_conn_connect() is called before the shared krb5_context is available. This prevents hard to track bugs with using the shared krb5 context before its profile has been correctly set up. library/adconn.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) commit ec1fd29641e9f4638d00e3ccaaa20927d126aa9d Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-03 Allow additional ccache for updates https://bugs.freedesktop.org/show_bug.cgi?id=92908 Signed-off-by: Stef Walter <stefw@redhat.com> * Removed redundant changes for default keytab tools/computer.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 4694aa7e8781c70dfe9b2d6b99f13456edd2eb2a Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-03 Allow domain option for updates https://bugs.freedesktop.org/show_bug.cgi?id=92908 Reviewed-by: Stef Walter <stefw@redhat.com> tools/computer.c | 1 + 1 file changed, 1 insertion(+) commit a518423ad17ada50d9f9957893f5c1e60f5fe93f Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-03 Drop host/ prefix when deriving fqdn When deriving the fully-qualified name of the host from a keytab entry the 'host/' prefix of the Kerberos principal must be dropped. Signed-off-by: Stef Walter <stefw@redhat.com> * Fixed whitespace https://bugs.freedesktop.org/show_bug.cgi?id=92908 library/adenroll.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9086d3bb70e041a73a78cddf465b611088c9f4f2 Author: Stef Walter <stefw@redhat.com> Date: 2015-11-11 Implement 'adcli update' This is similar to an 'adcli join' but expects to use settings and authentication from a keytab. It also expects to find a computer account already present, rather than creating one. https://bugs.freedesktop.org/show_bug.cgi?id=92908 library/adenroll.c | 206 ++++++++++++++++++++++++++++++++++++++++++++++++----- library/adenroll.h | 5 ++ tools/computer.c | 98 +++++++++++++++++++++++++ tools/tools.c | 1 + tools/tools.h | 4 ++ 5 files changed, 295 insertions(+), 19 deletions(-) commit 9a5654f65ff0d4b49d962e2cf25da3296d251963 Author: Stef Walter <stefw@redhat.com> Date: 2015-11-11 library: Add ability to do computer login with a keytab This will be used by the 'adcli update' command. https://bugs.freedesktop.org/show_bug.cgi?id=92908 library/adconn.c | 79 +++++++++++++++++++++++++++++++++++++++++++++----------- library/adconn.h | 5 ++++ library/adkrb5.c | 2 +- 3 files changed, 70 insertions(+), 16 deletions(-) commit e45e8b9c4a36bc93ec6a6c52750b3d518c489b81 Author: Stef Walter <stefw@redhat.com> Date: 2015-11-11 library: Add some string helpers These will be used by the logic to load settings from a keytab, and used by 'adcli update' functionality. https://bugs.freedesktop.org/show_bug.cgi?id=92908 library/adprivate.h | 11 +++++++++++ library/adutil.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) commit 60e956223b1867fe94cbc356b9a02415ec431d2c Author: Stef Walter <stefw@redhat.com> Date: 2015-11-11 library: Refactor out some kerberos common code Add function for creating a new context, and opening a keytab in the adkrb5.c file. These basically add minimal wrappers that log failures properly, and handle default keytabs. https://bugs.freedesktop.org/show_bug.cgi?id=92908 library/adconn.c | 34 +++++++++++++--------- library/adenroll.c | 19 +++---------- library/adkrb5.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adprivate.h | 12 ++++++++ 4 files changed, 117 insertions(+), 29 deletions(-) commit 4d3804d7e37d4f88a61fa5c8f0865ff2199e9dbf Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-02 Coverity: silence a false positive https://bugs.freedesktop.org/show_bug.cgi?id=93222 Reviewed-by: Stef Walter <stefw@redhat.com> library/adconn.c | 2 ++ 1 file changed, 2 insertions(+) commit eff46bc3d8dce0e03ef6532113a7b01c958ed857 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-02 Fix buffer length checks https://bugs.freedesktop.org/show_bug.cgi?id=86971 Reviewed-by: Stef Walter <stefw@redhat.com> library/addisco.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit a69a89881e6f6032a9f8363c349978572a742a26 Author: Sumit Bose <sbose@redhat.com> Date: 2015-12-02 Replace alloca() by malloc() for arrays https://bugs.freedesktop.org/show_bug.cgi?id=86970 Signed-off-by: Stef Walter <stefw@redhat.com> * Fixed up whitespace after function name library/adldap.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 14c3838354f9c9f197f8be6186cf25d471f21647 Author: Stef Walter <stefw@redhat.com> Date: 2015-10-19 Fix 'make distcheck' issue Makefile.am | 2 -- 1 file changed, 2 deletions(-) commit d500d08f7cd3ac1d2f2e870b9af249d37755f2af Author: Stef Walter <stefw@redhat.com> Date: 2015-10-19 Bump version number NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 135c6d4a293a5fa05bd08342609add116bb5edd7 Author: Stef Walter <stefw@redhat.com> Date: 2015-10-19 Be more helpful with messages about Computer OU library/adenroll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec132a3add4c41a9c1efa6c12b2c900df66151d1 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-07 Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM" Windows doesn't care, as it's mostly case insensitive, but sshd does care here. https://bugs.freedesktop.org/show_bug.cgi?id=84749 library/adenroll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 56ef2c6ea4ab3ee7215a55dabe4585b21874ea23 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-07 Allow autogen.sh to be run when srcdir != builddir autogen.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 4ac6debd81e9d55c67f638d01c939ade61b6031c Author: Stef Walter <stefw@redhat.com> Date: 2013-09-20 doc: Fix typos found by Tomas Babej doc/adcli.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit cfb40bfeda093345bd86a77fa149c357e28968af Author: Stef Walter <stefw@redhat.com> Date: 2013-09-13 Release version 0.7.5 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 906a69ee997ba5edfb1e7d6b538b4612e7ea9d17 Author: Stef Walter <stefw@redhat.com> Date: 2013-09-13 Place IPv6 addresses properly in our temp krb5.conf library/adconn.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 3b4fd1161f15955abc3f2458029eff6e856fb51a Author: Stef Walter <stefw@redhat.com> Date: 2013-09-13 Clarify in verbose output what scheme is used to disco library/addisco.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9fc1b8867a390849096f0a9ffcc0b4fc653d459c Author: Stef Walter <stefw@redhat.com> Date: 2013-09-12 Don't use cldap with IPv6 due to openldap bugs http://www.openldap.org/its/index.cgi/Incoming?id=7694 library/addisco.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 45e0eda44504ea3f6856eba0edc67cd47bf4b882 Author: Stef Walter <stefw@redhat.com> Date: 2013-09-12 Fix regression where exceeded number of servers to disco against library/addisco.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ab21a39509d9a073437bf39a193b5730d0303512 Author: Stef Walter <stefw@redhat.com> Date: 2013-09-12 Stop discovery on a given server when ldap_search_ext() fails library/addisco.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 30b43f988f44f8159e2237db05ab4a6cba2a5772 Author: Stef Walter <stefw@redhat.com> Date: 2013-09-06 Release version 0.7.4 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 167b4e9fefa3a1f535548e756c7cba21c7678eae Author: Stef Walter <stefw@redhat.com> Date: 2013-09-06 Pass correct pointer type to ldap_set_option when setting SSF_MIN Failure on some archs where sizeof(int) != sizeof(ber_len_t) https://bugs.freedesktop.org/show_bug.cgi?id=69038 library/adconn.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 775bed934b0ba6cf7a042486375e370928810eaa Author: Stef Walter <stefw@redhat.com> Date: 2013-09-06 Try to contact all available addresses for discovery Don't just contact each SRV record when doing discovery, but resolve and try to contact each A record. This fixes problems when a machine has both IPv4 and IPv6 records but one of these isn't usable for some reason. https://bugs.freedesktop.org/show_bug.cgi?id=68110 library/addisco.c | 63 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 49 insertions(+), 14 deletions(-) commit 2e82e2a37b01d6e270bb25f36bde3b9b6b6ca35e Author: Stef Walter <stefw@redhat.com> Date: 2013-09-06 Truncate netbios host names to 15 chars Truncate host names the same way Windows clients do. https://bugs.freedesktop.org/show_bug.cgi?id=69016 library/adconn.c | 57 ++++++++++++++++++++++++++++++++++------------------- library/adenroll.c | 23 ++------------------- library/adprivate.h | 2 ++ 3 files changed, 41 insertions(+), 41 deletions(-) commit 57d510214d81cda1bd224d1df2686c64bc3fe700 Author: Stef Walter <stefw@redhat.com> Date: 2013-08-07 Release version 0.7.3 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 2de89825f40352ffdebd1e62ddcd4b74e89596e1 Author: Stef Walter <stefw@redhat.com> Date: 2013-07-23 Don't try to set encryption types on Windows 2003 and earlier These don't have the msDS-supportedEncryptionTypes LDAP attribute, and only support a fixed set of encryption types. https://bugs.freedesktop.org/show_bug.cgi?id=67058 library/adconn.c | 35 +++++++++++++++++++++++++++++++++- library/adconn.h | 13 +++++++++++++ library/adenroll.c | 56 ++++++++++++++++++++++++++++++++++++++++-------------- 3 files changed, 89 insertions(+), 15 deletions(-) commit bed6f5bb0c14f602476f31747eac6e2de44c4467 Author: Stef Walter <stefw@gnome.org> Date: 2013-07-30 Fix uninitialized variable library/adconn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3e937ed8ed677714d1eddb03b5a9cc7e944f1358 Author: Stef Walter <stefw@redhat.com> Date: 2013-07-22 Release version 0.7.2 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit f914fa138cfb0d00f40c8328777f0d7193fb2c4e Author: Stef Walter <stefw@redhat.com> Date: 2013-07-19 Delete current computer if no host specified to delete-computer realmd will use this. realmd lets adcli calculate the current host name during join, and so it makes sense to do the same during delete-computer. https://bugs.freedesktop.org/show_bug.cgi?id=65032 doc/adcli.xml | 4 ++++ tools/computer.c | 7 ++++--- 2 files changed, 8 insertions(+), 3 deletions(-) commit 9fe0c385107a1bb0c2b0f250a08a5df4c485556c Author: Laurent Bigonville <bigon@bigon.be> Date: 2013-07-09 Fix FTBFS on freebsd kernel Set HOST_NAME_MAX to 255 if this is not already defined in the headers. sysconf(3) manpage indicates that this values shouldn't be less than 255. http://bugs.freedesktop.org/show_bug.cgi?id=66456 library/adprivate.h | 4 ++++ 1 file changed, 4 insertions(+) commit 9774ca4a17615163913958b26acf0bd566777c02 Author: Stef Walter <stefw@redhat.com> Date: 2013-06-18 Fix typo of word 'necessary' https://bugs.freedesktop.org/show_bug.cgi?id=65782 tools/computer.c | 2 +- tools/entry.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 084ec6754cac5c49f86ca770a4bde93d46d083e7 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-23 Always show info for --domain-controller if provided tools/info.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 7f83bf30444ddbabfeaf7ba33a4babd5aed3613c Author: Stef Walter <stefw@redhat.com> Date: 2013-05-13 Release version 0.7.1 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 763a9e8f9d61c136b480ef4b634e88c3c5d07ed6 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-13 Fix access of null pointer library/adconn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b50ec4acf87a1ff9a43678465e34aa43a60e36bc Author: Stef Walter <stefw@gnome.org> Date: 2013-05-13 When we recieve an LDAP ping response, don't expect more Don't expect more than one LDAP ping response, if we get one but its either unparseable or the wrong type. Just move on. library/addisco.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a231986d7b77abcf8b9ff4c20f72b71a1adf976 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-13 If automatically determining the salt fails, just guess If automatically determining the kerberos principal salt to use fails, either due to race issues on the server, or other future problems, just guess and use a salt that usually works with Windows 2003 and 2008. library/adenroll.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 5bb9357ddaab00cf28e2be61cd9690a2bdac60e2 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-06 Release version 0.7 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 8fdaed506001a4205b969a290428a1251356ecf8 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-06 Work around krb5_get_init_creds_password() with empty password Put a null password prompter to get around this issue. See: http://mailman.mit.edu/pipermail/krbdev/2013-May/011525.html library/adconn.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) commit bb72ff217c29a62b68367b8e0e5f9fb7f392b53e Author: Stef Walter <stefw@redhat.com> Date: 2013-05-06 Handle KRB5_PREAUTH_FAILED as an invalid password * This happens when password is empty library/adconn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit cb0332f3175ba9fad8e62d37661b5b7b8e6bbea3 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-02 Add some annotations for clang analyzer * And fix highlighted issues .gitignore | 1 + library/addisco.c | 7 +------ library/adenroll.c | 6 ++++++ library/adldap.c | 2 +- library/adprivate.h | 16 +++++++++++++++- library/seq.c | 32 +++++++++++++++++++++++++++++++- library/test.h | 16 +++++++++++++++- tools/computer.c | 4 ++-- tools/tools.c | 14 ++++++++++---- 9 files changed, 82 insertions(+), 16 deletions(-) commit 00e99ec714bba89c2c484fd90c12de600b7c0de0 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-02 Fix use of freed memory library/adconn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 384c262faa085791a06cd56d837d2fb394860120 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-29 Release version 0.6 .gitignore | 3 +++ NEWS | 8 ++++++++ configure.ac | 2 +- 3 files changed, 12 insertions(+), 1 deletion(-) commit b6ba535d30b7894575dd07cdf624c330ffe24d17 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-29 Use ldap_init_fd to better support IP addresses When using an IP address we need to connect to that address but then use the host name discovered in the LDAP URL. OpenLDAP doesn't make this easy to do so use the documented but not-in-headers ldap_init_fd function. configure.ac | 4 ++ library/adconn.c | 110 +++++++++++++++++++++++++++++++++++++++---------------- tools/tools.c | 6 +-- 3 files changed, 86 insertions(+), 34 deletions(-) commit e8447f9cbbef5a73c25bd9890eca29e549a0a3c6 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-25 Add a --one-time-password to join This is equivalent to --login-type=computer and providing the computer password. doc/adcli.xml | 7 +++++++ tools/computer.c | 12 +++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) commit 49733718e55647a5e02f192662fdca3d8e9d4e1b Author: Stef Walter <stefw@redhat.com> Date: 2013-04-25 Add option to print out the machine password after a join doc/adcli.xml | 6 ++++++ tools/computer.c | 26 ++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) commit cda6ec5171d9015514f22b5074746d0914020c2c Author: Stef Walter <stefw@redhat.com> Date: 2013-04-25 Allow processing the computer password more easily in text form Remove shell characters and spaces and so on from auto-generated computer passwords library/adenroll.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 46361aa1366ce9def894249cfbc926585d24e328 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-12 Fine tune the --os-name and --os-version arguments The values should be required https://bugs.freedesktop.org/show_bug.cgi?id=54489 tools/computer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7a3f6105e108312beb2997442ff74bba59c9684f Author: Stef Walter <stefw@redhat.com> Date: 2013-04-11 Add --user-principal argument for joining domains This fills in the userPrincipalName attribute on the account https://bugs.freedesktop.org/show_bug.cgi?id=62755 doc/adcli.xml | 13 +++++++ library/adenroll.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++--- library/adenroll.h | 7 ++++ tools/computer.c | 10 +++++ 4 files changed, 131 insertions(+), 6 deletions(-) commit c2970e74a8568baca541b46efaa55ee53e38c7de Author: Stef Walter <stefw@redhat.com> Date: 2013-04-11 Streamline how extra account attributes are updated * Ignore failures updating auxiliary attributes, with warning https://bugs.freedesktop.org/show_bug.cgi?id=62755 library/adenroll.c | 227 +++++++++++++++++++---------------------------------- 1 file changed, 82 insertions(+), 145 deletions(-) commit b1cad71e241f2bf3b4bc0f6470073dd1f72026af Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Remove the last reference to p11-kit that came over with docs doc/adcli.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 335b28b2b403290b9de927255c8299cba8af1591 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-08 Release version 0.5 NEWS | 18 ++++++++++++++++++ configure.ac | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) commit 31165cd1e869dab58178159b7c4d21312f3f5748 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Don't retrieve kvno if not joining https://bugs.freedesktop.org/show_bug.cgi?id=56149 library/adenroll.c | 4 ++++ 1 file changed, 4 insertions(+) commit 1e20c086a077605e2694df0b8da49923004d218d Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Support using --login-ccache without an argument Just use the default krb5 ccache in that case. library/adconn.c | 15 ++++++++++++++- tools/computer.c | 10 +++++----- tools/entry.c | 12 ++++++------ tools/tools.c | 1 - 4 files changed, 25 insertions(+), 13 deletions(-) commit 428cf878944eca7b0762e1e434cc4895dff98372 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Add support for setting operatingSystem and related attrs * Add new arguments to join command: --os-name --os-version and --os-service-pack * These are not supported when a computer is claiming an account on its own credentials. https://bugs.freedesktop.org/show_bug.cgi?id=54489 doc/adcli.xml | 32 ++++++++++++++++++++ library/Makefile.am | 1 + library/adenroll.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++- library/adenroll.h | 15 ++++++++++ library/adldap.c | 4 +-- tools/computer.c | 35 ++++++++++++++++++++++ 6 files changed, 168 insertions(+), 3 deletions(-) commit e1069eaf9a81f061dbaf55999a5811cc5d9aea2e Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Remove lookup of preferredOU which was incorrect * preferredOU is an attribute on a user or computer, not on the domain as a whole. We cannot use it during joins library/adenroll.c | 45 --------------------------------------------- 1 file changed, 45 deletions(-) commit 2d412510118a1af08e6fba300129282773386292 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Make ADCLI_STRICT=1 abort() when precondition library/adprivate.h | 16 ++-------------- library/adutil.c | 16 ++++++++++++++++ tools/computer.c | 11 ++--------- 3 files changed, 20 insertions(+), 23 deletions(-) commit 834c9f875e33eb28cf063858133e347e73593c54 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-10 Add more documentation for building adcli Makefile.am | 4 +- doc/Makefile.am | 1 + doc/adcli-devel.xml | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++++ doc/adcli-docs.xml | 11 +-- doc/adcli.xml | 2 +- doc/gtk-doc.xsl | 2 +- 6 files changed, 216 insertions(+), 8 deletions(-) commit 0fca72222fec97c975954881463db49deb37989f Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Fix problems connecting without DNS * Pass the actual name that we're trying to connect to to openldap * Tell openldap to pass the right host name to GSSAPI library/adconn.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 74ff6fe7517d4a012bae0cba55c89c2573ca95d1 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 A bit of cleanup of adcli output tools/computer.c | 2 +- tools/info.c | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) commit e16af692fdbb8569ebdb6e8d0f40d426fef5a236 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Allow passing a domain directly on the command line to join command tools/computer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6f4880029a2c002395cc19d4a7558c830f143d87 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Catch more permission failures when joining domain * Windows Server returns all sorts of strange errors when permission problems for joining domain library/adenroll.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 48166f0a3b33a5d69fc09486cc8e0f6848a48867 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Discovery fixes * Discover without DNS * Support libldaps without cldap built in * Better use of discovery data, without going through intermediate LDAP URLs library/adconn.c | 221 ++++++++++++++++++++++++------------------------------ library/adconn.h | 8 -- library/addisco.c | 42 ++++++----- library/addisco.h | 3 +- tools/info.c | 10 +-- 5 files changed, 129 insertions(+), 155 deletions(-) commit d417fcc0c1cb1c89b23aef925ac64e994052eca2 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Fix possible uninitialized variable library/addisco.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 030126689753052daa5323337c765a8b496ecb9a Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Add manual page for adcli and documentation infrastructure .gitignore | 2 + Makefile.am | 21 +- configure.ac | 39 ++ doc/Makefile.am | 68 +++ doc/adcli-docs.xml | 21 + doc/adcli.xml | 529 +++++++++++++++++++++++ doc/gtk-doc.xsl | 897 +++++++++++++++++++++++++++++++++++++++ doc/static/gtk-doc.css | 264 ++++++++++++ doc/static/home.png | Bin 0 -> 654 bytes doc/static/left.png | Bin 0 -> 459 bytes doc/static/right.png | Bin 0 -> 472 bytes doc/static/style.css | 114 +++++ doc/static/up.png | Bin 0 -> 406 bytes doc/version-greater-or-equal.xsl | 54 +++ tools/computer.c | 28 +- 15 files changed, 2023 insertions(+), 14 deletions(-) commit 3fb917556b5e2ad38b5bfbafbcf2f3b60ce90f46 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Add support for adding/removing members from groups * add-member command * remove-member command * Refactor attribute handling, and provide ways to load and modify entries. library/adattrs.c | 157 +++++++++++++++++++++++++++++----------- library/adattrs.h | 27 +++++-- library/adentry.c | 89 +++++++++++++++++++---- library/adentry.h | 7 ++ library/adldap.c | 7 +- tools/entry.c | 212 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- tools/tools.c | 2 + tools/tools.h | 8 +++ 8 files changed, 442 insertions(+), 67 deletions(-) commit 2f50a5d3f36251caa5a1128251618e79d1a9ef6d Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 Add support for creating/deleting groups * create-group command * delete-group command * Refactor a bit to use the same code for user/groups library/Makefile.am | 2 +- library/adcli.h | 3 +- library/adentry.c | 423 ++++++++++++++++++++++++++++++++++++++++ library/{aduser.h => adentry.h} | 27 +-- library/aduser.c | 372 ----------------------------------- tools/Makefile.am | 2 +- tools/{user.c => entry.c} | 198 +++++++++++++++++-- tools/tools.c | 2 + tools/tools.h | 6 +- 9 files changed, 628 insertions(+), 407 deletions(-) commit b089bce11a588f158c36fac0ab86ced756e50ac1 Author: Stef Walter <stefw@redhat.com> Date: 2013-04-09 More expressive logging for ldap errors library/adconn.c | 13 +++--- library/addisco.c | 8 ++-- library/adenroll.c | 115 ++++++++++++++++++++++------------------------------ library/adldap.c | 18 +++++--- library/adprivate.h | 4 +- library/aduser.c | 39 ++++++++---------- 6 files changed, 90 insertions(+), 107 deletions(-) commit 18d13ebdfc7ff1a22b028f1c048bb4964e73f857 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-08 Clean up the adcli arguments * Use --domain-controller consistently to specify the server to connect to. Still accept --domain-server for the 'join' command for backward compatibility * Remove the --ldap-url argument, as --domain-controller is an acceptable replacement. * Use --login-user consistently to specify the admin user who is using adcli. Still accept --user for the 'join' command for backward compatibility. * Use --domain-ou consistently to specify the organizational unit to create objects in. Still accept --computer-ou for the 'join' command for backward compatibility. * Remove some extra info command arguments. library/adconn.c | 38 +++++++++++++++---------------- library/adconn.h | 8 +++---- library/adenroll.c | 56 +++++++++++++++++++++++----------------------- library/adenroll.h | 4 ++-- library/aduser.c | 26 +++++++++++----------- library/aduser.h | 4 ++-- tools/computer.c | 65 ++++++++++++++++++++++++------------------------------ tools/info.c | 43 ++++-------------------------------- tools/user.c | 26 +++++++++++----------- 9 files changed, 114 insertions(+), 156 deletions(-) commit 87932fbd036b60de56294782858627c996ea9cb2 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-08 Implement domain discovery, including support for sites * Add a new 'adcli info' command https://bugs.freedesktop.org/show_bug.cgi?id=54490 library/Makefile.am | 4 +- library/adcli.h | 1 + library/adconn.c | 62 ++--- library/addisco.c | 764 +++++++++++++++++++++++++++++++++++++++++++++++++++ library/addisco.h | 74 +++++ library/getsrvinfo.c | 263 ------------------ library/getsrvinfo.h | 42 --- tools/Makefile.am | 1 + tools/info.c | 219 +++++++++++++++ tools/tools.c | 32 ++- tools/tools.h | 4 + 11 files changed, 1109 insertions(+), 357 deletions(-) commit 5a04b390c75115acf06fedf751ce88ff2dd5207e Author: Stef Walter <stefw@gnome.org> Date: 2013-04-08 Fix possible crash when for a NULL strv library/adutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c581500ceafff6cd59ba690a4400d52929645289 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-08 Less complicated message logging Now that we're not trying to be a library, just use global functions and storage for message callbacks and logging. library/adconn.c | 177 ++++++++++++---------------------------------------- library/adconn.h | 13 ---- library/adenroll.c | 146 +++++++++++++++++++++---------------------- library/adldap.c | 5 +- library/adprivate.h | 24 +++---- library/aduser.c | 34 +++++----- library/adutil.c | 72 +++++++++++++++++++++ library/adutil.h | 10 +++ tools/computer.c | 16 ++--- tools/tools.c | 7 +-- tools/user.c | 8 +-- 11 files changed, 236 insertions(+), 276 deletions(-) commit 86d27165487d53f2b4d631993a1143f11896480c Author: Stef Walter <stefw@gnome.org> Date: 2013-04-08 Use a test framework that supports TAP output For integration with automake 1.13, and perhaps others library/Makefile.am | 4 +- library/adattrs.c | 49 +++++----- library/adldap.c | 41 +++++---- library/adutil.c | 27 +++--- library/seq.c | 133 ++++++++++++++------------- library/test.c | 256 ++++++++++++++++++++++++++++++++++++++++++++++++++++ library/test.h | 135 +++++++++++++++++++++++++++ 7 files changed, 523 insertions(+), 122 deletions(-) commit 6f304721bd72c50102bbb8aff911bd10a6fdaf1f Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 Add support for adding and deleting active directory users .gitignore | 2 + library/Makefile.am | 15 ++- library/adattrs.c | 240 +++++++++++++++++++++++++++++++++ library/adattrs.h | 48 +++++++ library/adcli.h | 1 + library/adenroll.c | 34 +---- library/adldap.c | 232 ++++++++++++++++++++++++++++---- library/adprivate.h | 45 ++++++- library/aduser.c | 377 ++++++++++++++++++++++++++++++++++++++++++++++++++++ library/aduser.h | 51 +++++++ library/adutil.c | 22 ++- tools/Makefile.am | 1 + tools/tools.c | 2 + tools/tools.h | 12 ++ tools/user.c | 326 +++++++++++++++++++++++++++++++++++++++++++++ 15 files changed, 1336 insertions(+), 72 deletions(-) commit dc8333a94dd0b1582e7ad0e63b038635f21bc47c Author: Stef Walter <stefw@gnome.org> Date: 2013-02-12 Implement the 'delete-computer' and 'reset-computer' commands library/adenroll.c | 285 ++++++++++++++++++++++++++++++++++++++++++----------- library/adenroll.h | 6 ++ tools/computer.c | 150 ++++++++++++++++++++++++++++ tools/tools.c | 2 + tools/tools.h | 8 ++ 5 files changed, 391 insertions(+), 60 deletions(-) commit f4dff16da3cef29ccb0282c47252cdf3b4a19d55 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-12 Refactor the command line interface * More intelligent usage output * Rename the 'preset' command to 'preset-computer' * Split the computer tools into a separate file tools/Makefile.am | 3 +- tools/adcli.c | 809 ------------------------------------------------------ tools/computer.c | 414 ++++++++++++++++++++++++++++ tools/tools.c | 491 +++++++++++++++++++++++++++++++++ tools/tools.h | 65 +++++ 5 files changed, 972 insertions(+), 810 deletions(-) commit 08a2ea144aa012e418d0c54728f6c4691c97e76f Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 Add generic sequence code This can be used both as an array an and a sorted lookup table .gitignore | 2 + Makefile.am | 6 + library/Makefile.am | 26 ++- library/adprivate.h | 6 +- library/adutil.c | 119 +++++----- library/seq.c | 612 ++++++++++++++++++++++++++++++++++++++++++++++++++++ library/seq.h | 85 ++++++++ 7 files changed, 802 insertions(+), 54 deletions(-) commit 8958d28c5058bb53458c1ad3cfcd500280c4f7fb Author: Stef Walter <stefw@gnome.org> Date: 2013-02-12 Fix use of CFLAGS for building the library library/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 79fb7cf291ca662332542e165dd777039e9ed2bf Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 Remove coverage files when cleaning build/Makefile.am | 8 ++++++++ library/Makefile.am | 5 +++++ tools/Makefile.am | 5 +++++ 3 files changed, 18 insertions(+) commit 28a75bffc7cd8cca6d0cf6a47dad501f92243983 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 No longer export a library The adcli tool is the main interface for this. Later we may refactor this to use a very different implementation. Makefile.am | 7 ------- configure.ac | 52 --------------------------------------------------- library/Makefile.am | 25 +++---------------------- library/adcli-1.pc.in | 13 ------------- library/adprivate.h | 3 --- library/adutil.c | 6 +++--- library/adutil.h | 5 +++++ tools/Makefile.am | 2 -- tools/adcli.c | 2 +- 9 files changed, 12 insertions(+), 103 deletions(-) commit ccd8fd7f1082950377db4f0e1782a7e38e5c24c8 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 Some autoconf tweaks * Cleanup autoconf warnings * Move m4/ into build/m4 .gitignore | 3 +-- Makefile.am | 3 ++- build/Makefile.am | 0 {m4 => build/m4}/.gitignore | 0 configure.ac | 15 ++++++--------- 5 files changed, 9 insertions(+), 12 deletions(-) commit c37a1edfaa2086d06eb9f1020acd2682c7f81dfb Author: Stef Walter <stefw@gnome.org> Date: 2013-02-19 build: Use the resolv.h header when checking for res_query https://bugzilla.gnome.org/show_bug.cgi?id=60561 configure.ac | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) commit 00aa642282355563f57432ebbc398adfc4b68ecd Author: Stef Walter <stefw@gnome.org> Date: 2012-11-22 When --user is specified don't try computer login tools/adcli.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit c7f6ab8341f7400f963a7e155c33cb312bfb61cd Author: Stef Walter <stefw@gnome.org> Date: 2012-11-22 Only include /etc/krb5.conf if it exists Including an invalid krb5.conf led to failure to init a krb5_context. https://bugs.freedesktop.org/show_bug.cgi?id=57403 tools/adcli.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 377b3d5c3b4870389dd36770500aaa6e3bda63d7 Author: Stef Walter <stefw@gnome.org> Date: 2012-11-22 Check for SASL headers when configuring configure.ac | 9 +++++++++ 1 file changed, 9 insertions(+) commit 0b60a75784e8ea88e32eae8bb23e4e128a8646ef Author: Stef Walter <stefw@gnome.org> Date: 2012-11-22 Unquote error message when ldap not found configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 23b43dd5be2ed8ddaa94b05c7cedbcbbc3f77abd Author: Stef Walter <stefw@gnome.org> Date: 2012-11-13 Don't print out or expose the computer container DN * This is just confusing, and not a common concept * Don't want to have to support this or get questions about it. library/adenroll.c | 7 ------- library/adenroll.h | 2 -- tools/adcli.c | 1 - 3 files changed, 10 deletions(-) commit 34f0d8479480a06f569663cf8a15ac689800da9d Author: Stef Walter <stefw@gnome.org> Date: 2012-11-13 Look up the nETBIOSName correctly * Use the configurationNamingContext and CN=Partitions subtree https://bugzilla.gnome.org/show_bug.cgi?id=57064 library/adconn.c | 45 +++++++++++++++++++++++++++++++++++---------- library/adconn.h | 2 +- library/adenroll.c | 9 +++++---- tools/adcli.c | 2 +- 4 files changed, 42 insertions(+), 16 deletions(-) commit 84676ef669be6a7182c0e0fa4f28a80ce573e952 Author: Stef Walter <stefw@gnome.org> Date: 2012-11-12 Release 0.4 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit cb546913fa993593fdf4e45edbbd6c43f78f5e84 Author: Stef Walter <stefw@gnome.org> Date: 2012-11-12 Use a private krb5.conf file * This helps us connect to the same server consistently. * Allows --domain-server argument to work properly. https://bugs.freedesktop.org/show_bug.cgi?id=55487 library/adconn.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++-- library/adconn.h | 5 +++ library/adprivate.h | 4 ++ library/adutil.c | 27 ++++++++++++ tools/Makefile.am | 1 + tools/adcli.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 261 insertions(+), 4 deletions(-) commit 08bd7b69f0da02ee750fa527453c526e627d182d Author: Stef Walter <stefw@gnome.org> Date: 2012-11-09 Rework how computer account is located and created * Always try to find the account first, using sAMAccountName. * If computer OU is specified enforce that the account is in the right place. * Use terminology 'computer-ou' instead of 'preferred-ou' where appropriate, since it's not just preferred anymore. * Don't allow explicitly setting the computer container, too complicated and not exposed anywhere. https://bugs.freedesktop.org/show_bug.cgi?id=56868 library/adenroll.c | 354 +++++++++++++++++++++++++++++----------------------- library/adenroll.h | 7 +- library/adldap.c | 94 ++++++++++++++ library/adprivate.h | 5 + tools/adcli.c | 4 +- 5 files changed, 303 insertions(+), 161 deletions(-) commit 72c1a9f7bd71d4bc8920b6998e749afb90fe8372 Author: Stef Walter <stefw@gnome.org> Date: 2012-11-09 Don't follow referalls when searching LDAP server https://bugs.freedesktop.org/show_bug.cgi?id=56868 library/adconn.c | 3 +++ 1 file changed, 3 insertions(+) commit 8b793abd22593e8b764a0c0da40794095718697f Author: Stef Walter <stefw@gnome.org> Date: 2012-11-09 Ignore built files .gitignore | 5 +++++ 1 file changed, 5 insertions(+) commit 2db1f46959d1c29394e7a4976ef0f9c895b7cd93 Author: Stef Walter <stefw@gnome.org> Date: 2012-10-30 Fix freeing of uninitialized memory library/adenroll.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 24c6bedfe0862f8d61d5939ee10c9a5a749c9860 Author: Stef Walter <stefw@gnome.org> Date: 2012-10-20 Release version 0.3 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit e2c5f29cc7bc1cca7f3d7c8544d60f0aaacd07f2 Author: Stef Walter <stefw@gnome.org> Date: 2012-10-20 Don't use DNS to lookup the host name for enrollment * Use the computers own concept of what its host name is * The idea is that dynamic DNS is properly set after we join the domain (perhaps by sssd). library/adconn.c | 47 +++-------------------------------------------- 1 file changed, 3 insertions(+), 44 deletions(-) commit 77a8f652493ec999953458b16d064bb62b450b52 Author: Stef Walter <stefw@gnome.org> Date: 2012-10-20 Don't try to update userAccountControl for precreated accounts * When auto-joining or using OTP, don't try to update userAccountControl attribute. * This attribute is not writable by the computer account itself. https://bugs.freedesktop.org/show_bug.cgi?id=56148 library/adenroll.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 590d44b3a00231a1ae2d3e498ad7c1faa96d1845 Author: Stef Walter <stefw@gnome.org> Date: 2012-10-19 Fix an assertion and handle errors correctly when setup fails library/adenroll.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit be76ec644c949ab14b2e3f3a6ef3f4f9778eb7bf Author: Stef Walter <stefw@gnome.org> Date: 2012-10-19 Allow use of host names without any dot. * In the case where DNS isn't working we calculate the computer name from the host name. Allow that name to have no dots. https://bugs.freedesktop.org/show_bug.cgi?id=56147 library/adconn.c | 15 ++++++++++----- library/adenroll.c | 15 ++++++++++----- 2 files changed, 20 insertions(+), 10 deletions(-) commit 909670dba8ada7ab3ecc99483b241face30d3313 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-30 Require LDAP when building adcli configure.ac | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit fef364f413d87dfe0e6111634b7311e9c43850cc Author: Stef Walter <stefw@gnome.org> Date: 2012-09-30 Require libtool to build adcli configure.ac | 1 + 1 file changed, 1 insertion(+) commit b8107de6344b46d695783bac0d1e3b9c5b18e751 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-04 Fix license addresses, and missing header comments library/adcli.h | 4 ++-- library/adconn.c | 4 ++-- library/adconn.h | 4 ++-- library/adenroll.c | 4 ++-- library/adenroll.h | 4 ++-- library/adkrb5.c | 4 ++-- library/adldap.c | 4 ++-- library/adprivate.h | 4 ++-- library/adutil.c | 4 ++-- library/adutil.h | 4 ++-- library/getsrvinfo.c | 4 ++-- library/getsrvinfo.h | 4 ++-- tools/adcli.c | 22 ++++++++++++++++++++++ 13 files changed, 46 insertions(+), 24 deletions(-) commit 06fb3ecbe87b511a03997fb5b0e25e407c939192 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-04 Ignore files built during release process .gitignore | 2 ++ 1 file changed, 2 insertions(+) commit 7e0f823019c004f5849e0dffb42db96dbdafc8d4 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-04 Release version 0.2 * And fix some build warnings NEWS | 9 +++++++++ configure.ac | 2 +- library/adconn.c | 2 +- tools/adcli.c | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) commit 3779c40fc7e9c0fb23f2058ac32421ce65841b56 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-03 Fix erroneous argument number check in preset command tools/adcli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5784dc52c6f042a1c8b343b0d1cf6fac651e699a Author: Stef Walter <stefw@gnome.org> Date: 2012-09-03 Return the correct exit codes * On failure we return the positive values of the result codes in adutil.h tools/adcli.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit a2887aae0b7dc0361e6a045abf96d2e526f3caba Author: Stef Walter <stefw@gnome.org> Date: 2012-09-03 Load the credential cache provided with --login-ccache * We do this so that we can use the ccache when changing the computer password during a one-time-password or automatic join. * This also lets us provide more intelligable error messages library/adconn.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit ad44e157514dff1a0726e72863e9ef9ab6e1ed58 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-03 Implement the --show-details join option * This prints out domain details in a machine parseable format tools/adcli.c | 60 +++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 24 deletions(-) commit b1790c04da4c26e21baa743cc0c7ffb07e2e4aac Author: Stef Walter <stefw@gnome.org> Date: 2012-09-03 Add support for retrieving the short (ie: netbios) domain name library/adconn.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- library/adconn.h | 2 ++ 2 files changed, 48 insertions(+), 2 deletions(-) commit 850c74548fe42d69bc5700e4d38d42af617764af Author: Stef Walter <stefw@gnome.org> Date: 2012-09-03 Rename --login-name to the more common --user argument tools/adcli.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit d1520504e9a5178eec9c571a8e754c108f1bdfb7 Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Cleanup some of the usage/error output to be clearer tools/adcli.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 57c1cd21720235b3913dd496020353014f125532 Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Add --one-time-password to the 'preset' command * Instead of using the default computer account password specify a preset password to use. tools/adcli.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit a71048282117d3e0fc6192c3f04a4fa1087f7e5b Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Make sure long options don't conflict with short tools/adcli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd5a950f26b56e48e8354510ba12eaa8b718f50b Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Print info messages when setting/changing computer account password library/adenroll.c | 2 ++ 1 file changed, 2 insertions(+) commit e6c9d7480149aa01932e3e9c0ca08d7ce0c6a149 Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Implement various ways to prompt/read login or computer password * --no-password does not prompt * --promt-password (default) prompts as expected * --stdin-password reads the password from stdin library/adconn.c | 69 ++++++++++++++++++---------- library/adconn.h | 4 +- tools/adcli.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 174 insertions(+), 33 deletions(-) commit 712d0fcde8c471464ebb91a3d57443fecbf9cf4b Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Specify domain in --domain parameter * We default to domain calculated from host name * This allows cleaner syntax for 'preset' command, and future 'leave' command tools/adcli.c | 50 +++++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 23 deletions(-) commit 23e5b9ed6f8231c3e551c4c24ea73832c9d5233d Author: Stef Walter <stefw@gnome.org> Date: 2012-08-31 Cleanup option parsing * Some options have no short equivalent * Print intelligent usage based on commands tools/Makefile.am | 6 + tools/adcli.c | 380 +++++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 285 insertions(+), 101 deletions(-) commit 05a1cd35665de91d4e2e62188efd09235b8098bc Author: Stef Walter <stefw@gnome.org> Date: 2012-08-23 Update project URLs Makefile.am | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit c9747db817e8796ffb927ffc1583d0b75886417d Author: Stef Walter <stefw@gnome.org> Date: 2012-08-15 Release version 0.1 .gitignore | 1 + NEWS | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 02f2ca343e04b9f319ffe3d681ec6c9f46e4d97f Author: Stef Walter <stefw@gnome.org> Date: 2012-08-09 Don't print '(null)' when using default domain tools/adcli.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8200a052fd5a13c3a3df2b23cc912e70396d0eb4 Author: Stef Walter <stefw@gnome.org> Date: 2012-08-09 Fix memory leak when setting password fails library/adenroll.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) commit bc6c1ea1970cac227e6892419e0bdabe60b487ef Author: Stef Walter <stefw@gnome.org> Date: 2012-08-09 Fix parsing of principals when no default realm is set library/adconn.c | 8 +++++++- library/adenroll.c | 17 ++++++----------- library/adkrb5.c | 2 +- 3 files changed, 14 insertions(+), 13 deletions(-) commit 8241b3c493c5914665413ea92b82b07693a3c77a Author: Stef Walter <stefw@gnome.org> Date: 2012-08-09 Print a better error message if can't create krb5 context library/adconn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ee239e62c91b31e0b8889fa3b6608c958180fbf8 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-21 Fix memory leak of attributes library/adenroll.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e49d523a50a30dec54959d8defc156185e723368 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-21 Set the dNSHostName and servicePrincipalName attributes separately * And ignore failures setting these attributes library/adenroll.c | 109 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 87 insertions(+), 22 deletions(-) commit 1d5301ed61993b40e49ab27e671a1f82456984e4 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-21 Fix regression of prompting for passwords during join tools/adcli.c | 1 + 1 file changed, 1 insertion(+) commit 4b7c7530d2884792abe90c7514cdb19d68a4aaa1 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-21 Fix regression, and crash on NULL keytab, during join library/adenroll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 48bd64594a4b46a6ac88f147b3ebb6ed9a48f0ee Author: Stef Walter <stefw@gnome.org> Date: 2012-07-21 Set msDS-supportedEncryptionTypes correctly * Tell AD about the enctypes we have in our keytab. Either the defaults or the ones the caller requests. * This is done by setting the msDS-supportedEncryptionTypes attribute. * If caller has not explicitly requested certain enctypes try to respect a msDS-supportedEncryptionTypes attribute already present on the computer account. library/adenroll.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++--- library/adkrb5.c | 79 +++++++++++++++++++++++++++++++++++++++++++++ library/adprivate.h | 4 +++ 3 files changed, 170 insertions(+), 5 deletions(-) commit b4c5bc9fdd259eeff4d25eccc1a53d7814065c37 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-21 Fix warning due to constness library/adconn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 100b8f4ad6ac8e92daf2b0ce2e429ac0f350f817 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-20 Fix warning, add const cast library/adconn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1cfa291ca5174cc81f624ae23eb211f9512a42e9 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-20 Clearer messages when setting password fails library/adenroll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d4470cb82ae7ca1e454a673b25e576ffb8971477 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-20 If there are no attributes to update, then don't ldap_modify library/adenroll.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit b94db022b51410ca2975f8ec906487048f861be8 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-20 Use the enroll domain name for calculating the enroll computer name * Rather than the connection computer name, which may just be the one that is used for authentication library/adenroll.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) commit 3ed0a52f3639a12de967be8b91186fbe22c0ab72 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-20 Use kerberos password change/set functions for managing computer password library/adconn.c | 163 +++++++++++++++++++++++++++---------------- library/adenroll.c | 194 +++++++++++++++++++++++++++++++++++++++------------- library/adkrb5.c | 20 ++++++ library/adprivate.h | 15 ++++ tools/adcli.c | 1 + 5 files changed, 284 insertions(+), 109 deletions(-) commit 773b39b507361c8eafa1c309d27f6b2d6e8790a9 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-20 Support authentication with computer accounts * Rename user credentials related methods and variables appropriately * Use term 'computer name' for the local netbios name * Add ability to discover domain info without connecting * Add ability to calculate enroll info without enrolling * Remove one-time-password code we added a few commits ago, and instead use the default/reset computer password library/adconn.c | 332 +++++++++++++++++++++++++++++++++-------- library/adconn.h | 33 ++++- library/adenroll.c | 414 +++++++++++++++++++++++++++------------------------- library/adenroll.h | 26 ++-- library/adldap.c | 28 ++++ library/adprivate.h | 8 + library/adutil.c | 22 +++ tools/adcli.c | 47 +++--- 8 files changed, 604 insertions(+), 306 deletions(-) commit 8a3cede4965074e0b5412752027dfa723aad872a Author: Stef Walter <stefw@gnome.org> Date: 2012-07-18 Rename 'admin' parameters to 'login' So that in the future they can represent host credentials or other login creds library/adconn.c | 92 +++++++++++++++++++++++++++--------------------------- library/adconn.h | 14 ++++----- library/adenroll.c | 7 +++-- tools/adcli.c | 10 +++--- 4 files changed, 62 insertions(+), 61 deletions(-) commit c1154baf81e8d23d0daa8ce28d5d86173c17066c Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 In adcli print out the last error message, instead of generic message library/adconn.c | 44 +++++++++++++++++++++++++++++++++----------- library/adconn.h | 4 ++++ library/adenroll.c | 3 +++ tools/adcli.c | 6 +++--- 4 files changed, 43 insertions(+), 14 deletions(-) commit a769d3905866516379ecf4c3f719f9030c8d2bb8 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Don't automatically overwrite computer accounts during prejoin library/adenroll.c | 17 ++++++++++++----- library/adenroll.h | 1 + tools/adcli.c | 12 +++++++++--- 3 files changed, 22 insertions(+), 8 deletions(-) commit 9e44a2f3460aa878e6327765a97ddcdccb6aacd7 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Only print out one time password if it was generated tools/adcli.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 8315c76f31a7568acb38cf8c9e6eb65a23d9f877 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Print out computer account names clearly when prejoining tools/adcli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e824aaa708df20727a035b56e7702e6ec168e373 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Use simpler passwords for one time passwords * Only consist of isalpha() and isdigit() characters and 60 characters long library/adenroll.c | 90 ++++++++++++++++++++++++++++++++++++++---------------- library/adenroll.h | 7 +++++ tools/adcli.c | 16 +++++----- 3 files changed, 79 insertions(+), 34 deletions(-) commit eacda3bef90193a08e1d6c983a8a083a4d7b69fb Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Rename ad-enroll to adcli and add prejoin support .gitignore | 1 + tools/Makefile.am | 4 +- tools/ad-enroll.c | 190 ------------------------------- tools/adcli.c | 327 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 330 insertions(+), 192 deletions(-) commit d4c4b4bd69540998073457b948c479fb8a8aab58 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Add option to enroll without setting up a keytab library/adenroll.c | 6 +++++- library/adenroll.h | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) commit 25a7306e71483bd46a0045ebb117da4feed28feb Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Clear all state not explicitly set * This makes it simpler to use a single adcli_enroll structure for multiple enrolls, like we want to do for prejoins. library/adenroll.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) commit 3f98a383c283c5410fe2cb2065dcda7b7366373a Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 Correctly null terminate passwords explicitly set * This works around a bug in some krb5 versions * And support using -1 as the length argument library/adenroll.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit cbf0fc117f762b28cad50ba8b6f1061b36921b0a Author: Stef Walter <stefw@gnome.org> Date: 2012-07-19 adcli_enroll_get_host_password() returns const library/adenroll.c | 2 +- library/adenroll.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit e7f7a1d5372be7bb589a6899dee0462774bf453f Author: Stef Walter <stefw@gnome.org> Date: 2012-07-04 Fix use of uninitialized variables library/adldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 697f60c5c4cd9148012375d67f15efff67183bfd Author: Stef Walter <stefw@gnome.org> Date: 2012-07-04 Commit empty m4 directory to git .gitignore | 2 +- m4/.gitignore | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 179eee900ea00af6009820de4ff697adeb78ecd8 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-31 Classify errors correctly when cannot authenticate as admin * This might be the first time we're 'hitting' the server * Some errors signify directory problems, others credential problems. library/adconn.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit a3174b32fb22198ced8815a90f12aaa74fa8745d Author: Stef Walter <stefw@gnome.org> Date: 2012-05-31 Better message when kerberos authenication fails library/adconn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0a59caa653b126494e823459ef02fd2d314e1f0d Author: Stef Walter <stefw@gnome.org> Date: 2012-05-31 Remove unnecessary optimizations * These code paths are rarely used, and the code functions without these equality checks, since we dup before free library/adconn.c | 3 --- library/adenroll.c | 13 ------------- library/adutil.c | 6 ------ 3 files changed, 22 deletions(-) commit a101e0ff822aae3e1670ea8bd87eb33657058d0e Author: Stef Walter <stefw@gnome.org> Date: 2012-05-25 Add more diagnostics to enrollment process library/adenroll.c | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) commit 74457dc32bdab1e0d338cd7f30294e5ac4135af3 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-25 Add support for specifying the domain server explicitly * Also detect which server was connected to library/adconn.c | 40 ++++++++++++++++++++++++++++++++++++++++ library/adconn.h | 5 +++++ tools/ad-enroll.c | 9 +++++++-- 3 files changed, 52 insertions(+), 2 deletions(-) commit 833c0493ff598915da4203f9b4670e1ab2f13ca6 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-25 Setup the host account password to not expire library/adenroll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0fc3076de10e15cdca4f18c98375eac864cd3db7 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-25 Correctly determine which salt to use for keytab library/Makefile.am | 1 + library/adenroll.c | 214 ++++++++++++++++++++++++------------------- library/adkrb5.c | 257 ++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adprivate.h | 40 ++++++++ 4 files changed, 418 insertions(+), 94 deletions(-) commit 66b8683b73e3f8a2d63257bf3f6fdb8ea78386b4 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-24 Return correct error codes when admin account doesn't have right perms * We fudge it a bit when creating the computer account as it's tough to get AD to return a good error code here. library/adenroll.c | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) commit 7d80d041b17514ea18f7a0ad894a1694c87d05cf Author: Stef Walter <stefw@gnome.org> Date: 2012-05-24 Implement writing to the keytab library/adenroll.c | 408 +++++++++++++++++++++++++++++++++++++++++++++++++---- library/adenroll.h | 16 ++- tools/ad-enroll.c | 11 +- 3 files changed, 400 insertions(+), 35 deletions(-) commit 0c688c93a8c8f0a06f67c97208595e53d038d254 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-24 Retrieve the kvno from the computer account library/adenroll.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++- library/adenroll.h | 5 +++ tools/ad-enroll.c | 1 + 3 files changed, 101 insertions(+), 1 deletion(-) commit 66fb648c6f6b6deb13c16e2cf239fdc96821b74f Author: Stef Walter <stefw@gnome.org> Date: 2012-05-24 Correctly format the unicodePwd sent to AD library/adenroll.c | 62 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 46 insertions(+), 16 deletions(-) commit 9417898a425736d92f93f81e8f5dfe7ed9737db3 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-24 Ask for an SSF from ldap bind that signifies encryption library/adconn.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9680b3f9a7f07567c3f6b7d7a6685adb33cfa9e1 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-24 Refactor DNS and LDAP support code into separate files * DNS SRV stuff into getsrvinfo.c and getsrvinfo.h * LDAP helpers into adldap.c library/Makefile.am | 3 +- library/adconn.c | 29 +---- library/adldap.c | 203 +++++++++++++++++++++++++++++++++++ library/adprivate.h | 15 --- library/adutil.c | 140 ------------------------ library/{addnssrv.c => getsrvinfo.c} | 1 + library/getsrvinfo.h | 42 ++++++++ 7 files changed, 249 insertions(+), 184 deletions(-) commit 2581fcc87bafe8ff026b543a5774a33779a373e2 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-14 Add a HACKING document explaining a few things HACKING | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit 6919d5173a4f105333a23f42bc3c85746ce00871 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-14 Update the license to LGPL 2.1 and add headers to files COPYING | 218 ++++++++++++++++++++++++++++------------------------ library/adcli.h | 22 ++++++ library/adconn.c | 22 ++++++ library/adconn.h | 22 ++++++ library/addnssrv.c | 22 ++++++ library/adenroll.c | 22 ++++++ library/adenroll.h | 22 ++++++ library/adprivate.h | 22 ++++++ library/adutil.c | 22 ++++++ library/adutil.h | 22 ++++++ 10 files changed, 317 insertions(+), 99 deletions(-) commit a87c8c776c27b64eade210e388b805bf891d32fc Author: Stef Walter <stefw@gnome.org> Date: 2012-05-14 Rename to adcli .gitignore | 2 +- Makefile.am | 2 +- README | 4 ++-- configure.ac | 8 ++++---- library/Makefile.am | 4 ++-- library/{libadcli-1.pc.in => adcli-1.pc.in} | 0 6 files changed, 10 insertions(+), 10 deletions(-) commit d8983ad461db0d09a36f54e462dcb13dd06dd274 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Implemented adding/modifying computer accounts * Currently get a WILL_NOT_PERFORM from server so this needs further modification library/adconn.c | 23 +--- library/adenroll.c | 322 ++++++++++++++++++++++++++++++++++++++++++++++++++-- library/adenroll.h | 13 +++ library/adprivate.h | 14 ++- library/adutil.c | 93 ++++++++++++++- tools/ad-enroll.c | 4 + 6 files changed, 437 insertions(+), 32 deletions(-) commit 2edc904881c9c96f04cf9dc46f78f56005ce6395 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Lookup computer account and generate host password library/adconn.c | 64 ++-------- library/adconn.h | 2 + library/addnssrv.c | 2 +- library/adenroll.c | 329 +++++++++++++++++++++++++++++++++++++--------------- library/adenroll.h | 43 ++++--- library/adprivate.h | 7 ++ library/adutil.c | 99 ++++++++++++++++ tools/ad-enroll.c | 6 +- 8 files changed, 387 insertions(+), 165 deletions(-) commit 3c4d9d7f7c216cc1f3f9a74e2c93e6f91a3a95a2 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Error code cleanup * Cleanup the error codes so they are more actionable. library/adconn.c | 44 +++++++++++++++++++++++++++----------------- library/addnssrv.c | 5 +++-- library/adenroll.c | 12 ++++++------ library/adutil.c | 16 +++++++++------- library/adutil.h | 41 ++++++++++++++++++++++++++++++++++++++--- 5 files changed, 83 insertions(+), 35 deletions(-) commit 47c47330e7c37a3be738e48ab1b3c39fee21c330 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Use preconditions instead of propogating insane state * Don't propogate memory errors, use preconditions instead * These allow the process to keep functioning in the face of broken calls or a broken system, but without guarantees like lack of memory leaks or completely expected behavior. * Sort of like a kernel non-fatal oops library/adconn.c | 235 +++++++++++++++++++++++++--------------------------- library/adconn.h | 20 ++--- library/addnssrv.c | 9 +- library/adenroll.c | 48 ++++++----- library/adenroll.h | 6 +- library/adprivate.h | 92 ++++++++++++++------ library/adutil.c | 82 ++++++++---------- library/adutil.h | 3 +- tools/ad-enroll.c | 19 ++--- 9 files changed, 268 insertions(+), 246 deletions(-) commit f6d79ec882cc8df7c68a5295e66d9d0545833223 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Validate the computer OU library/adenroll.c | 69 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 53 insertions(+), 16 deletions(-) commit febe9767cc4c06eadf0b974c98942dc7a8356feb Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Lookup or validate the computer OU library/adconn.c | 92 +++++++++++++++++++++++-------- library/adconn.h | 3 + library/adenroll.c | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++- library/adenroll.h | 5 ++ library/adprivate.h | 17 +++++- tools/ad-enroll.c | 9 ++- 6 files changed, 255 insertions(+), 27 deletions(-) commit 08512ced8a3c66ac65f1d6c6f0c916616a7692cf Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Lookup the naming context for AD * And differentiate between connection and authentication problems library/adconn.c | 211 ++++++++++++++++++++++++++++++++++++++-------------- library/adconn.h | 2 + library/adenroll.c | 2 - library/adprivate.h | 3 + library/adutil.c | 15 ++++ tools/ad-enroll.c | 7 +- 6 files changed, 179 insertions(+), 61 deletions(-) commit 349635595606341f55f96ec74c5946d2137f71b2 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Refactor connecting and enrolling separately. library/Makefile.am | 8 +- library/adcli.h | 28 +- library/adconn.c | 853 ++++++++++++++++++++++++++++++++++++++++++ library/adconn.h | 78 ++++ library/adenroll.c | 846 ++++------------------------------------- library/adenroll.h | 63 +--- library/adprivate.h | 25 +- library/{adcli.c => adutil.c} | 49 ++- library/adutil.h | 22 ++ tools/ad-enroll.c | 45 ++- 10 files changed, 1113 insertions(+), 904 deletions(-) commit 5d2a95ce2c565eaa6b88bb08a7b889555cc3cacc Author: Stef Walter <stefw@gnome.org> Date: 2012-05-11 Connect to LDAP and authenticate using GSSAPI configure.ac | 4 +- library/adcli.c | 2 + library/adcli.h | 1 + library/adenroll.c | 224 ++++++++++++++++++++++++++++++++++++++++------------- library/adenroll.h | 3 - tools/ad-enroll.c | 5 +- 6 files changed, 179 insertions(+), 60 deletions(-) commit 61f0b419c7c612543d8cbb104c82111ffe672e6a Author: Stef Walter <stefw@gnome.org> Date: 2012-05-10 Implement kinit and credential functionality library/adcli.c | 5 +- library/adcli.h | 9 +- library/adenroll.c | 325 ++++++++++++++++++++++++++++++++++++++++++++++++---- library/adenroll.h | 71 ++++++++---- library/adprivate.h | 1 + tools/ad-enroll.c | 81 ++++++++++--- 6 files changed, 428 insertions(+), 64 deletions(-) commit 17df6535ed8faa55a5599b4a7b55d986eac83d1b Author: Stef Walter <stefw@gnome.org> Date: 2012-05-10 Discover realms and ldap urls configure.ac | 5 +- library/Makefile.am | 2 + library/adcli.c | 121 +++++++++++++++++++++++++++ library/addnssrv.c | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++ library/adenroll.c | 193 ++++++++++++++++++++++++++++++++++++++++--- library/adenroll.h | 13 +++ library/adprivate.h | 31 +++++++ tools/ad-enroll.c | 17 +++- 8 files changed, 601 insertions(+), 15 deletions(-) commit 6d5e074c271a300daa46a15a1cf638f306ff3d28 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-10 Complete lots of infrastructure * Add some basic arguments * Resolve host fqdn, calculate domain name and netbios name .gitignore | 5 +- Makefile.am | 14 +- Makefile.decl | 14 ++ autogen.sh | 13 -- configure.ac | 27 +-- library/Makefile.am | 22 ++- library/adcli.c | 42 +++++ library/adcli.h | 25 +++ library/adenroll.c | 353 +++++++++++++++++++++++++++++++++++++ library/adenroll.h | 31 ++++ library/adprivate.h | 18 ++ library/libadcli-1.pc.in | 2 +- po/Makefile.in.in | 444 ----------------------------------------------- po/POTFILES.in | 1 - po/Rules-quot | 47 ----- po/boldquot.sed | 10 -- po/en@boldquot.header | 25 --- po/en@quot.header | 22 --- po/insert-header.sin | 23 --- po/quot.sed | 6 - po/remove-potcdate.sin | 19 -- tools/Makefile.am | 16 ++ tools/ad-enroll.c | 102 +++++++++++ 23 files changed, 641 insertions(+), 640 deletions(-) commit 64b1f6b692f9a69433c7458f8bc09bcae80c8821 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-09 Initial commit .gitignore | 41 ++++ AUTHORS | 1 + COPYING | 482 +++++++++++++++++++++++++++++++++++++++++++++++ ChangeLog | 31 +++ Makefile.am | 47 +++++ NEWS | 2 + README | 4 + autogen.sh | 32 ++++ configure.ac | 256 +++++++++++++++++++++++++ doc/version.xml.in | 1 + library/Makefile.am | 32 ++++ library/adenroll.c | 0 library/libadcli-1.pc.in | 13 ++ po/Makefile.in.in | 444 +++++++++++++++++++++++++++++++++++++++++++ po/POTFILES.in | 1 + po/Rules-quot | 47 +++++ po/boldquot.sed | 10 + po/en@boldquot.header | 25 +++ po/en@quot.header | 22 +++ po/insert-header.sin | 23 +++ po/quot.sed | 6 + po/remove-potcdate.sin | 19 ++ 22 files changed, 1539 insertions(+)