# Generate automatically. Do not edit.
commit 8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5
Author: Sumit Bose <sbose@redhat.com>
Date: 2022-09-28
Release version 0.9.2
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e5fb044164979ccdc6a33f8fecfbea7111b76dff
Author: Sumit Bose <sbose@redhat.com>
Date: 2022-09-28
Fix issues found by Coverity
library/addisco.c | 6 +++++-
library/adenroll.c | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
commit 8183e456008b9ddb495143f663ad9d56851aeb19
Author: Sumit Bose <sbose@redhat.com>
Date: 2022-01-15
adenroll: set password via LDAP instead Kerberos
Use LDAP add/mod operation instead of Kerberos to set the machine
account password.
There was an issue in AD where if PacRequestorEnforcement was set to '2'
setting the machine account password via Kerberos would be rejected.
This is already fixed on the AD side bit this patch which was created
with the help of David Mulder <dmulder@suse.com> might still be useful
if setting the machine account password with Kerberos might fail.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039349
Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/27
doc/adcli.xml | 22 ++++++++
library/adenroll.c | 148 +++++++++++++++++++++++++++++++++++++++++++++++++----
library/adenroll.h | 4 +-
tools/computer.c | 13 ++++-
4 files changed, 175 insertions(+), 12 deletions(-)
commit 1a6e1d520ce0376a9a44b649ef08085881c87bb4
Author: Sumit Bose <sbose@redhat.com>
Date: 2022-09-16
disco: fall back to LDAPS if CLDAP ping was not successful
If the --use-ldaps option is used and there is no reply on the CLDAP
389/udp port adcli will try to send the request to the LDAPS port
636/tcp.
Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/31
library/adconn.c | 38 +++++++++--
library/adconn.h | 7 ++
library/addisco.c | 193 ++++++++++++++++++++++++++++++++++++++++++++++++++----
library/addisco.h | 6 +-
tools/info.c | 4 +-
5 files changed, 226 insertions(+), 22 deletions(-)
commit 054b24d5837cb32f94b6b659620caca2b567e4f6
Author: Sumit Bose <sbose@redhat.com>
Date: 2022-09-15
tools: replace getpass()
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2124030
Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/10
tools/tools.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
commit 0e1aafad7da78ded9ed45fd0638c42876d2a8d6a
Author: Sumit Bose <sbose@redhat.com>
Date: 2022-09-15
adenroll: write SID before secret to Samba's db
Looks like 'net changesecretpw' expects the SID entry to be present to
work correctly. This patch will set the SID before trying to set the
machine account password.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1991619
library/adenroll.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
commit d4a898303957f45ff8662885062d4699e9d89937
Author: nordine vallas <nordine.vallas@gmail.com>
Date: 2022-08-31
doc: add clarification to add-member command on doc/adcli.xml
doc/adcli.xml | 6 ++++--
tools/entry.c | 1 +
2 files changed, 5 insertions(+), 2 deletions(-)
commit 601bb55ff453022dad5c548e9dfb0f11691ee05a
Author: Samuel Cabrero <scabrero@suse.de>
Date: 2022-08-31
tools: Set umask before calling mkdtemp()
When adcli is called from sssd it inherits the sssd's umask (0177) and as
the default sssd.service file drops CAP_DAC_OVERRIDE, the result is that
the directory is created with mode 0600 and the krb5.conf snippet can't be
created even running as root.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
tools/tools.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
commit 3d77c47356ef152fcd9345053c6001c861bc5426
Author: Robert Schneider <robert.schneider03@sap.com>
Date: 2022-05-09
Avoid undefined behaviour in short option parsing
The undefined behaviour lead to clashes / misinterpretation of short
options on some systems. Note that glibc for example uses the argument
of isalnum etc. as an index into a lookup table.
tools/tools.c | 5 +++++
1 file changed, 5 insertions(+)
commit 938065a751c0876eb837a27f8c1443fc7d0d2551
Author: Henning Schild <henning@hennsch.de>
Date: 2022-01-11
library: include endian.h for le32toh
linking against musl libc we need to include that specifically, actually
also according to "man 3 endian".
library/adutil.c | 1 +
1 file changed, 1 insertion(+)
commit d4ac082c62eb5bd1cf9c7fc5ffaa0f9ac94268a7
Author: Thorsten Scherf <tscherf@redhat.com>
Date: 2022-01-04
man: Fix typos and use consistent upper case for some keywords
doc/adcli-devel.xml | 4 ++--
doc/adcli.xml | 12 ++++++------
2 files changed, 8 insertions(+), 8 deletions(-)
commit 39a30d75f2fcf92221a383c461e0db048f5f325f
Author: Mikhail T <mi@aldan.algebra.com>
Date: 2021-10-19
doc: avoid gnu-make specific usage of $<
Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/26
doc/Makefile.am | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit e841ba7513f3f8b6393183d2dea9adcbf7ba2e44
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-07-28
configure: check for ns_get16 and ns_get32 as well
With newer versions of glibc res_query() might ba already available in
glibc with ns_get16() and ns_get32() still requires libresolv.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984891
configure.ac | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit cd5b6cdcf3e6bfc5776f2865f460f608421dfa3f
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-14
Add delattr option
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690920
doc/adcli.xml | 11 +++++++++
library/adenroll.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adenroll.h | 4 ++++
tools/computer.c | 9 ++++++++
4 files changed, 90 insertions(+)
commit c5b0cee2976682b4fc1aeb02636cc9f2c6dbc2a5
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-14
Add setattr option
With the new option common LDAP attributes can be set.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690920
doc/adcli.xml | 34 +++++++++++
library/adenroll.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
library/adenroll.h | 4 ++
tools/computer.c | 10 ++++
4 files changed, 216 insertions(+), 1 deletion(-)
commit 6a673b236dfdfdf9c73cc3d2ccf3949eb1a5ddd0
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-11
entry: add passwd-user sub-command
The new command allows to set or reset a user password with the help of
an account privileged to set the password.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1952828
doc/adcli.xml | 20 ++++++++
library/adentry.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adentry.h | 3 ++
tools/entry.c | 99 +++++++++++++++++++++++++++++++++++++++
tools/tools.c | 1 +
tools/tools.h | 4 ++
6 files changed, 265 insertions(+)
commit 7148ab196d0a96ede9b5ef463b0481d0fe372b21
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-11
adcli_entry: add entry_attrs with userAccountControl attribute
library/adentry.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit a7a40ce4f47fe40305624b6d86c135b7d27c387d
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-11
library: move UAC flags to a more common header file
library/adenroll.c | 8 --------
library/adprivate.h | 8 ++++++++
2 files changed, 8 insertions(+), 8 deletions(-)
commit 0d8482d4ed83677424f6c9428672d225bfdfe4d9
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-03
Fix for dont-expire-password option and join
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1769644
library/adenroll.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit a78116ba0e608050f391223bad3834d48c9adf1b
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-02
Add dont-expire-password option
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1769644
doc/adcli.xml | 28 ++++++++++++++++++++++++++++
library/adenroll.c | 44 +++++++++++++++++++++++++++++++++++++++++++-
library/adenroll.h | 4 ++++
tools/computer.c | 12 ++++++++++++
4 files changed, 87 insertions(+), 1 deletion(-)
commit 3c652910d05616ee12c710e2071fc884dde4eaea
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-06-02
coverity: add missing NULL checks
library/adenroll.c | 2 ++
library/adldap.c | 7 +++++++
2 files changed, 9 insertions(+)
commit a8492d71a6db8565544444eef11de8c733c95ef8
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-04-06
configure: update some macros for autoconf-2.71
configure.ac | 10 +++++-----
library/Makefile.am | 2 +-
tools/Makefile.am | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
commit 0353d704879f20983184f8bded4f16538d72f7cc
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-03-10
build: add --with-vendor-error-message configure option
With the new configure option --with-vendor-error-message a packager or
a distribution can add a message if adcli returns with an error.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889386
configure.ac | 15 +++++++++++++++
tools/tools.c | 6 ++++++
2 files changed, 21 insertions(+)
commit 9027d9d1aea9db61e37e14c5f9078e89fa39ef5e
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-02-20
Bump version number
NEWS | 10 ++++++++++
configure.ac | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
commit 910adb4ec4f5ea4ea8c491afe09c6984dbad2796
Author: Sumit Bose <sbose@redhat.com>
Date: 2021-02-19
Add account-disable option
A new option was added to 'adcli update' toggle the ACCOUNTDISABLE flag
of AD's userAccountControl LDAP attribute to disable or enable the given
host account.
'adcli join' will automatically enable the host account.
Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/21
doc/adcli.xml | 6 ++++++
library/adenroll.c | 42 +++++++++++++++++++++++++++++++++++++-----
library/adenroll.h | 4 ++++
tools/computer.c | 13 +++++++++++++
4 files changed, 60 insertions(+), 5 deletions(-)
commit 637cc53953ef61c90530ae5eaf26eb4911336465
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-12-10
service-account: fix typo in the man page entry
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1906303
doc/adcli.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 6b94f9712378b8f1fa1bc530c64cb987abb0c43b
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-27
service-account: add random suffix to account name
Add a random component to the default managed service account name to
avoid name collisions.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
library/adenroll.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
commit 2a695dfe09cafeee3a648d3b969c364f8d3f494f
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-27
enroll: allow fqdn for locate_computer_account
Make it possible to find existing manages service account by the
fully-qualified name.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
library/adenroll.c | 45 +++++++++++++++++++++++++++++++--------------
1 file changed, 31 insertions(+), 14 deletions(-)
commit 81c98e367ba4bc8d77668acd31e462ad31cf12be
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-27
enroll: make adcli_enroll_add_keytab_for_service_account public
Determine keytab name more early to catch errors more early.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
library/adenroll.c | 13 +++++++------
library/adenroll.h | 2 ++
tools/computer.c | 6 ++++++
3 files changed, 15 insertions(+), 6 deletions(-)
commit 2750f536ac6746756335eec8332060d2365a4126
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-27
enroll: more filters for random characters
Make handling of random strings more flexible.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
library/adenroll.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
commit eea6a8071b5e5df74808903bb15b30acf820ce3f
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-23
enroll: use 'computer' or 'service' in debug messages
Use proper account type in debug messages.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
library/adenroll.c | 115 +++++++++++++++++++++++++++++++++--------------------
1 file changed, 72 insertions(+), 43 deletions(-)
commit 41379f7ad6a9442dd55cc43d832427911e86db31
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-23
computer: add create-msa sub-command
Add new sub-command to create a managed service account in AD. This can
be used if LDAP access to AD is needed but the host is already joined to
a different domain.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
doc/adcli.xml | 140 +++++++++++++++++++++++++++++++++++++++++++++
library/adenroll.c | 164 +++++++++++++++++++++++++++++++++++++++++++++--------
tools/computer.c | 125 ++++++++++++++++++++++++++++++++++++++++
tools/tools.c | 1 +
tools/tools.h | 4 ++
5 files changed, 409 insertions(+), 25 deletions(-)
commit 4e4dbf8d2b437808863f8be85e7f30865d88c7fc
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-23
enroll: add is_service member
Add helpers to indicate a managed service account.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
library/adenroll.c | 17 +++++++++++++++++
library/adenroll.h | 4 ++++
2 files changed, 21 insertions(+)
commit fa5c5fb4f8e7bcadf3e5a3798bd060720fd35eaa
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-20
doc: explain required AD permissions
When using a restricted account with adcli some operations might fail
because the account might not have all required permissions. The man
page is extended and now explains which permissions are needed under
given circumstances.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1852080
Resolves: https://gitlab.freedesktop.org/realmd/adcli/-/issues/20
doc/Makefile.am | 10 ++++
doc/adcli.xml | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adenroll.c | 30 +++++++-----
3 files changed, 160 insertions(+), 12 deletions(-)
commit beb7abfacc0010987d2cd8ab70f7c373d309eed9
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-15
join/update: set dNSHostName if not set
If during a join or update an existing AD computer object does not have
the dNSHostName attribute set it will be set with the current hostname.
This is important for cases where the user doing the join or update only
has "Validated write to service principal name" for the computer object.
The validated write with fully-qualified names can only be successful if
dNSHostName is set, see [MS-ADTS] section 3.1.1.5.3.1.1.4 "Validated
Writes - servicePrincipalName" for details.
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1734764
library/adenroll.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
commit 76ca1e6737742208d83e016d43a3379e378f8d90
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-10-14
tools: add missing use-ldaps option to update and testjoin
When adding the use-ldaps option the update and testjoin sub-commands
were forgotten.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1883467
tools/computer.c | 2 ++
1 file changed, 2 insertions(+)
commit 88fbb7e2395dec20b37697a213a097909870c21f
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-08-13
man: make handling of optional credential cache more clear
The optional Kerberos credential cache can only be used with the long
option name --login-ccache and not with the short version -C. To make
this more clear each option get its own entry.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791545
doc/adcli.xml | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
commit 93a39bd12db11dd407676f428cfbc30406a88c36
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-06-15
man: explain optional parameter of login-ccache better
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791545
doc/adcli.xml | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
commit d70075c597e7ebc1683d407409c45b04110676a0
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-06-15
tools: fix typo in show-password help output
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791611
tools/computer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 50d580c58dab5928cadfc6ca82aedccee58eaced
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-06-05
tools: disable SSSD's locator plugin
MIT's libkrb5 checks available locator plugins first before checking the
config file. This might cause issues when the locator plugin returns a
different DC than the one used for the LDAP connection if some data must
be replicated.
This patch sets the SSSD_KRB5_LOCATOR_DISABLE environment variable to
'true' to disable SSSD's locator plugin for adcli.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762633
tools/tools.c | 2 ++
1 file changed, 2 insertions(+)
commit 40d3be22f6e518e4354aa7c3d0278291fcbed32f
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-06-05
delete: do not exit if keytab cannot be read
Reading the keytab is not required when deleting a host object in AD. It
is only needed in the case where the host was added with a manual set
NetBIOS name (--computer-name option) which does not match the short
hostname and no computer name was given at the delete-computer command
line.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1840752
tools/computer.c | 2 --
1 file changed, 2 deletions(-)
commit 08bac0946de29f3e5de90743ce6dfc7118d4ad20
Author: Sumit Bose <sbose@redhat.com>
Date: 2020-02-11
discovery fix
Do not continue processing on closed connection.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1802258
library/addisco.c | 1 +
1 file changed, 1 insertion(+)
commit 85097245b57f190337225dbdbf6e33b58616c092
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-12-19
add option use-ldaps
In general using the LDAP port with GSS-SPNEGO should satifiy all
requirements an AD DC should have for authentication on an encrypted
LDAP connection.
But if e.g. the LDAP port is blocked by a firewall using the LDAPS port
with TLS encryption might be an alternative. For this use case the
--use-ldaps option is added.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420
doc/adcli.xml | 24 +++++++++++++++++
library/adconn.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++-------
library/adconn.h | 4 +++
tools/computer.c | 10 +++++++
tools/entry.c | 11 ++++++++
5 files changed, 119 insertions(+), 9 deletions(-)
commit a6f795ba3d6048b32d7863468688bf7f42b2cafd
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-10-11
Use GSS-SPNEGO if available
Currently adcli uses the GSSAPI SASL mechanism for LDAP authentication
and to establish encryption. While this works in general it does not
handle some of the more advanced features which can be required by AD
DCs.
The GSS-SPNEGO mechanism can handle them and is used with this patch by
adcli if the AD DC indicates that it supports it.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1762420
library/adconn.c | 35 ++++++++++++++++++++++++++++++++++-
library/adconn.h | 3 +++
2 files changed, 37 insertions(+), 1 deletion(-)
commit 3937a2a7db90611aa7a93248233b0c5d31e85a3e
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-11-27
add description option to join and update
This new option allows to set the description LDAP attribute for the AD
computer object.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342
doc/adcli.xml | 10 ++++++++++
library/adenroll.c | 29 +++++++++++++++++++++++++++++
library/adenroll.h | 4 ++++
tools/computer.c | 7 +++++++
4 files changed, 50 insertions(+)
commit 0a169bd9b2687293f74bb57694eb82f9769610c9
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-11-27
tools: add show-computer command
The show-computer command prints the LDAP attributes of the related
computer object from AD.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342
doc/adcli.xml | 28 ++++++++++++++++
library/adenroll.c | 78 ++++++++++++++++++++++++++++++++++-----------
library/adenroll.h | 5 +++
tools/computer.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/tools.c | 1 +
tools/tools.h | 4 +++
6 files changed, 191 insertions(+), 18 deletions(-)
commit d2d3879bdfcea70757a8b0527882e79e8b5c6e70
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-11-27
man: move note to the right section
Unfortunately the note about the password lifetime was added to the join
section. This patch move it to the update section where it belongs to.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573
https://bugzilla.redhat.com/show_bug.cgi?id=1745931
https://bugzilla.redhat.com/show_bug.cgi?id=1774622
doc/adcli.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit 1b1528038e084a9f81ea108cffca9c2707623b9c
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-09-03
Release version 0.9.0
NEWS | 19 +++++++++++++++++++
configure.ac | 6 +++---
2 files changed, 22 insertions(+), 3 deletions(-)
commit 2edc26afda17db1a92703deb16658e9de9f79e14
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-09-03
doc: add missing samba_data_tool_path.xml(.in) to EXTRA_DIST
doc/Makefile.am | 2 ++
1 file changed, 2 insertions(+)
commit 9b187095edb8c914238419ed51fef6041864f4fc
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-08-26
doc: explain how to force password reset
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1738573
doc/adcli.xml | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit 158468507bb723aa62196846749c23c121d4b298
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-08
Do not use arcfour-hmac-md5 when discovering the salt
Since the arcfour-hmac-md5 encryption types does not use salts it cannot
be used to discover the right salt.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1683745
library/adkrb5.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
commit 5da6d34e2659f915e830932fd366c635801ecd91
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-08-12
Fix for issue found by Coverity
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3
library/adenroll.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit cc3ef52884a48863a81acbfc741735fe09cd85f7
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-06-13
adenroll: use only enctypes permitted by Kerberos config
Realted to https://gitlab.freedesktop.org/realmd/adcli/issues/3
doc/adcli.xml | 10 ++++++++++
library/adenroll.c | 22 +++++++++++++++++++---
2 files changed, 29 insertions(+), 3 deletions(-)
commit 0c09070e8beec734e3f0c70e14b0a04788077b73
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-06-13
adenroll: add adcli_enroll_get_permitted_keytab_enctypes with tests
The new call does not only return the current encryption types set in AD
or a default list but filters them with the list of permitted encryption
types on the client. This makes sure the client can create and use the
keys.
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3
library/Makefile.am | 5 +++
library/adenroll.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adenroll.h | 2 +
3 files changed, 131 insertions(+)
commit 2fc259a88be618871cea8ff8b8a13bd3e040aea4
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-06-13
adconn: add adcli_conn_set_krb5_context
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/3
library/adconn.c | 13 +++++++++++++
library/adconn.h | 3 +++
2 files changed, 16 insertions(+)
commit 341974aae7d0755fc32a0b7e2b34d8e1ef60d195
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-12-20
adenroll: make sure only allowed enctypes are used in FIPS mode
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1717355
library/adenroll.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
commit f127ddef23a532cd9763190527bf79b4e47fa2ab
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-08
tools: computer - remove errx from parse_option
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/computer.c | 128 ++++++++++++++++++++++++++++++++++---------------------
1 file changed, 80 insertions(+), 48 deletions(-)
commit d9912e19e48ec482351b9c384140ad71922ec5c0
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-08
tools: entry - remove errx from parse_option
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/entry.c | 70 +++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 47 insertions(+), 23 deletions(-)
commit b8f5d995d30c17eb8bec3ac5e0777ea94f5b76c3
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-15
tools: remove errx from setup_krb5_conf_directory
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/tools.c | 38 ++++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
commit 251d7d0c71226afb8e51f7bc5794a7a3164f5a20
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-15
tools: remove errx from adcli_read_password_func
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/tools.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
commit 4794812cc98c8783921f534d20dae8b44f3826d2
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-15
tools: remove errx from info commands
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/info.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
commit cac0fa9df8888245399f2db187e05e31f93d1471
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-15
tools: remove errx from user and group commands
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/entry.c | 232 ++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 154 insertions(+), 78 deletions(-)
commit fa7926c7a9d92bc7c42c610ba6f1706c635aa901
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-15
tools: remove errx from computer commands
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/computer.c | 166 +++++++++++++++++++++++++++++++++++--------------------
1 file changed, 107 insertions(+), 59 deletions(-)
commit 4950d7aef2bd584d239cb0ec031734f261851af9
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-08
Revert "tools: properly release internal data on error"
This reverts commit 41fdcb1af885d99a91e27406e9343b322f67756a.
tools/computer.c | 39 +++------------------------------------
1 file changed, 3 insertions(+), 36 deletions(-)
commit a64cce9830c2e9c26e120f671b247ee71b45c888
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-04-12
library: add missing strdup
In add_server_side_service_principals _adcli_strv_add_unique is called
which only adds a string to a list without copying to. Since the
original list will be freed later the value must be copied.
This issue was introduce with 972f1a2f35829ed89f5353bd204683aa9ad6a2d2
and hence
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
library/adenroll.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 6fd99ff6c5dd6ef0be8d942989b1c6dcee3102d9
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-22
Implement 'adcli testjoin'
By calling adcli testjoin it will be checked if the host credentials
stored in the keytab are still valid.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1622583
doc/adcli.xml | 34 ++++++++++++++++++++++++++
tools/computer.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/tools.c | 1 +
tools/tools.h | 4 ++++
4 files changed, 111 insertions(+)
commit 972f1a2f35829ed89f5353bd204683aa9ad6a2d2
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-22
library: make sure server side SPNs are preserved
adcli should not delete service principal names (SPNs) unexpectedly. If
a SPN was added on the server while presetting a host or updating an
existing entry and upcoming adcli join or update should preserver this
change.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
commit 10a4dbb5978b6f05cf75f820d97da908e735ace8
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-22
library: _adcli_krb5_build_principal allow principals as names
Make _adcli_krb5_build_principal a bit more robust by checking if the
given name already contains a realm suffix.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
library/adkrb5.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
commit e1b45e66bc185f5db4c252e1f3fb1b4400b4538e
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-22
library: make _adcli_strv_has_ex public
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
library/adprivate.h | 4 ++++
library/adutil.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 3a84c2469c31967bc22c0490456f07723ef5fc86
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-20
ensure_keytab_principals: do not leak memory when called twice
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
library/adenroll.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
commit 4987a21f4839ab7ea50e932c72df05075efb89b3
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-21
library: return error if no matching key was found
To avoid a misleading debug message indicating success a proper erro
code should be returned the no matching key was found when trying to
copy an keytab entry for a new principal.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
library/adkrb5.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
commit cd296bf24e7cc56fb8d00bad7e9a56c539894309
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-19
join: always add service principals
If currently --service-name is given during the join only the service
names given by this option are added as service principal names. As a
result the default 'host' service principal name might be missing which
might cause issues e.g. with SSSD and sshd.
The patch makes sure the default service principals 'host' and
'RestrictedKrbHost' are always added during join.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
commit 408880a11879b1a57a450e25c77ef2e310bdffd5
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-18
create-user: try to find NIS domain if needed
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2
doc/adcli.xml | 4 +++-
library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
library/adentry.h | 2 ++
tools/entry.c | 16 ++++++++++++++++
4 files changed, 65 insertions(+), 1 deletion(-)
commit 1457b4a7623a8ae58fb8d6a652d1cc44904b8863
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-18
create-user: add nis-domain option
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2
doc/adcli.xml | 8 ++++++++
tools/entry.c | 6 ++++++
2 files changed, 14 insertions(+)
commit 85b835f8258a57e3b23de47a255dddd822d5bfb3
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-15
library: use getaddrinfo with AI_CANONNAME to find a FQDN
Currently adcli creates service principals only with a short name if the
hostname of the client is a short name. This would fail is
Kerberos/GSSAPI clients will use the fully-qualified domain name (FQDN)
to access the host.
With this patch adcli tries to expand the short name by calling
getaddrinfo with the AI_CANONNAME hint.
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/1
doc/adcli.xml | 6 +++++-
library/adconn.c | 30 +++++++++++++++++++++++++++++-
2 files changed, 34 insertions(+), 2 deletions(-)
commit 5cf1723c308e21cdbe9b98ed2aaa42cb997456fb
Author: Sumit Bose <sbose@redhat.com>
Date: 2019-03-15
Increment kvno after password change with user creds
Originally only the host credential part was fixed in the context of
https://bugs.freedesktop.org/show_bug.cgi?id=91185. This patch adds the
fix to the case when user credentials are used.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1642546
library/adenroll.c | 4 ++++
1 file changed, 4 insertions(+)
commit 41fdcb1af885d99a91e27406e9343b322f67756a
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-28
tools: properly release internal data on error
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1588596
tools/computer.c | 39 ++++++++++++++++++++++++++++++++++++---
1 file changed, 36 insertions(+), 3 deletions(-)
commit 0c027538f398b3823bedbfbf5f388ad97784a0ec
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-11-16
adenroll: use _adcli_strv_add_unique for service principals
Check if service principals is already in the list before adding it.
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/16
library/adenroll.c | 31 ++++++++-----------------------
1 file changed, 8 insertions(+), 23 deletions(-)
commit 85d127fd52a8469f9f3ce0d1130fe17e756fdd75
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-11-16
adutil: add _adcli_strv_add_unique
_adcli_strv_add_unique checks is the new value already exists in the
strv before adding it. Check can be done case-sensitive or not.
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/16
library/adprivate.h | 5 +++++
library/adutil.c | 65 +++++++++++++++++++++++++++++++++++++++++++++--------
2 files changed, 61 insertions(+), 9 deletions(-)
commit 4bc96c69fbb93eb1fe9fcef6c6d942c296852e03
Author: George Hartzell <ghartzell@audentestx.com>
Date: 2019-01-14
samba-data-tool needs to take an argument
See https://gitlab.freedesktop.org/realmd/adcli/issues/15
tools/computer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 0a0d0f66409eb83e06b7dc50543c2f6c15a36bc4
Author: Alexey A Nikitin <nikitin@amazon.com>
Date: 2018-10-29
Make 'adcli info' DC location mechanism more compliant with [MS-ADTS] and [MS-NRPC]
AD specifications say that DC locator must attempt to find a suitable DC for the client. That means going through all of the DCs in SRV RRs one by one until one of them answers.
The problem with adcli's original behavior is that it queries only five DCs from SRV, ever. This becomes a problem if for any reason there is a large number of DCs in the domain from which the client cannot get a CLDAP response.
library/addisco.c | 146 +++++++++++++++++++++++++++++++++++-------------------
1 file changed, 94 insertions(+), 52 deletions(-)
commit 3c93c96eb6ea2abd3869921ee4c89e1a4d9e4c44
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-08-14
Fix for issues found by Coverity
library/adenroll.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit 6686c72985bc14adecf9e7db6c5fea891b7a5ef5
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-08-13
Do not depend on default_realm in krb5.conf
library/adenroll.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 185a8b7378665d1d0ef7dd4d5a78438459bad9e0
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-08-08
_adcli_call_external_program: silence noisy debug message
library/adutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1143163c367b8473dc3d0ea696eed3c30ccd634b
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-07-05
doc: fix typos in the adcli man page
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1440533
doc/adcli.xml | 44 ++++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 22 deletions(-)
commit f448aeaebb39efa300f05ef3c2bb8b2e8f18fb82
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-08-13
Do not add service principals twice
library/adenroll.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
commit bb828f22f76d5281c6bb3724fbdee3916e178407
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-14
Add add-service-principal and remove-service-principal options
Currently it is only possible to specific a service name for service
principals but not to set the full service principal. This is e.g.
needed if there is a service running on a host which should be reachable
by a different DNS name as well.
With this patch service principal can be added and removed by specifying
the full name.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547014
doc/adcli.xml | 21 ++++++++
library/adenroll.c | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++--
library/adenroll.h | 8 +++
library/adldap.c | 16 ++++--
tools/computer.c | 13 +++++
5 files changed, 189 insertions(+), 8 deletions(-)
commit 163730cf8c91fc8dc4f44eb1eca45daa3abf3ed8
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-14
util: add _adcli_strv_remove_unsorted
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547014
library/adprivate.h | 4 ++
library/adutil.c | 21 ++++++++
library/seq.c | 149 +++++++++++++++++++++++++++++++++++++++++++++++++---
library/seq.h | 12 +++++
4 files changed, 179 insertions(+), 7 deletions(-)
commit 6ea7637f75c3ec74f2ee196f2f599643b34b3c14
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-11
join: add all attributes while creating computer object
It is possible to create special accounts which can only join a computer
to a domain but is not allowed to do any further operations which the
computer object. As a result if such an account is used during the join
only the ldapadd operation is permitted but not any later ldapmodify
operation. To create the computer object correctly in this case all
attributes must be added while the object is created and not later.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1542354
library/adenroll.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 5 deletions(-)
commit 19c56937a7e2a1e2fd184c131587377bc2d24fbb
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-06
Calculate enctypes in a separate function
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1542354
library/adenroll.c | 137 +++++++++++++++++++++++++++++++----------------------
1 file changed, 81 insertions(+), 56 deletions(-)
commit 8396b9bca05fec8022758c6930f1e594252ae296
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-04
update: allow to add service names
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
https://bugzilla.redhat.com/show_bug.cgi?id=1545568
library/adenroll.c | 136 +++++++++++++++++++++++++++++++++-------------------
library/adkrb5.c | 113 +++++++++++++++++++++++++++++++++++++++++++
library/adprivate.h | 6 +++
3 files changed, 206 insertions(+), 49 deletions(-)
commit 32d8f994120cbb9b5b8b4bb1f7e80798bf82da20
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-06-01
Only update attributes given on the command line
When updating attributes of the LDAP computer object we only want to
update attributes which are related to options given on the command
line. Otherwise a simple call of 'adcli update' to check if the machine
account password needs an update might unexpectedly reset other
attributes as well.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
https://bugzilla.redhat.com/show_bug.cgi?id=1545568
https://bugzilla.redhat.com/show_bug.cgi?id=1538730
library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
1 file changed, 30 insertions(+), 5 deletions(-)
commit b1da8a2fbe739cc8754de712711d84956848a7ea
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-05-31
Add trusted-for-delegation option
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1538730
doc/adcli.xml | 14 ++++++++++
library/adenroll.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
library/adenroll.h | 4 +++
tools/computer.c | 12 ++++++++
4 files changed, 108 insertions(+), 2 deletions(-)
commit 12e13aaea8ab999540ad62e91829fc3d1815fac1
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-08-08
fix typo in flag value
library/adenroll.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1b31d18c574e820d50c80e6973e8d6031a305410
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
Fix memory leak in test_check_nt_time_string_lifetime
The test added with 650e5d33ef31437a049fb454ad3dc5457c56abe7 introduced
a small memory leak.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
library/adutil.c | 1 +
1 file changed, 1 insertion(+)
commit 9fa4b8d2bd98525212a019bfa62c2f132614faba
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-02-01
make Samba data tool configurable
Allow to specify an alternative path to Samba's net utility at configure
time and at run time.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
.gitignore | 1 +
configure.ac | 13 ++++++++++++
doc/adcli.xml | 21 ++++++++++++++++++-
doc/samba_data_tool_path.xml.in | 1 +
library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++-------
library/adenroll.h | 5 +++++
tools/computer.c | 16 ++++++++++++++
7 files changed, 95 insertions(+), 8 deletions(-)
commit a79e03c5a559389c5c9c0e9d72831e5fe5c62f54
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
tools: store Samba data if requested
Use Samba's net utility to add the machine account password and the
domain SID to the Samba configuration.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
library/adenroll.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
commit 9e2be6f374d6d9107a34acfcd6fa551190d756d5
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
tools: add option --add-samba-data
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
doc/adcli.xml | 30 ++++++++++++++++++++++++++++++
library/adenroll.h | 1 +
tools/computer.c | 12 ++++++++++++
3 files changed, 43 insertions(+)
commit 839ab7f8248aea897ae95b20d8bb79222c4bf21e
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
library: add adcli_conn_get_domain_sid()
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
library/adconn.c | 8 ++++++++
library/adconn.h | 2 ++
tools/computer.c | 1 +
3 files changed, 11 insertions(+)
commit d00590ada9094c47ed39e4e3a4e1d80bff126f8f
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
library: add lookup_domain_sid()
Read the domain SID from the default naming context AD object and store
it in adcli_conn.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
library/adconn.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
commit 64fb4f01d38c0f01554bc35e949ba4838247c72e
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
library: add _adcli_ldap_parse_sid()
Get a binary SID from a LDAP message and return it in the string
representation.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
library/adldap.c | 24 ++++++++++++++++++++++++
library/adprivate.h | 4 ++++
2 files changed, 28 insertions(+)
commit e25c49fc8be4df614e74a98e0d5dfecbf0af6020
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
library: add _adcli_call_external_program()
Allow adcli to call an external program given by an absolute path name
and an array of options. stdin and stdout can be used if needed.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
configure.ac | 28 +++++++
library/adprivate.h | 6 ++
library/adutil.c | 211 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 245 insertions(+)
commit 2f08e7992d484563c29a1db979e2a95691dbb170
Author: Sumit Bose <sbose@redhat.com>
Date: 2018-01-30
library: add _adcli_bin_sid_to_str()
Convert a binary SID to the string representation.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
library/adprivate.h | 4 ++
library/adutil.c | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 117 insertions(+)
commit 4edc04768f6b28312404312e7012c700661a4ee3
Author: Sumit Bose <sbose@redhat.com>
Date: 2017-11-01
Handle kvno increment for RODCs
Since the actual password change does not happen on the read-only domain
controller (RODC) the kvno change has to be replicated back which might
take some time. So we check the kvno before and after the change if we
are connected to a RODC and increment the kvno if needed.
library/adenroll.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
commit d9721f64ca3bb3467898c06aa8470aec73a0d0d8
Author: Sumit Bose <sbose@redhat.com>
Date: 2017-11-01
library: add adcli_conn_is_writeable()
library/adconn.c | 11 +++++++++++
library/adconn.h | 2 ++
2 files changed, 13 insertions(+)
commit 8bfeba525a104f39c9ede7601035d934cd062437
Author: Sumit Bose <sbose@redhat.com>
Date: 2017-11-01
doc: explain that all credential cache types are supported
doc/adcli.xml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
commit 99b2d00ea848db46898ae111a10739f9a9c7bf3e
Author: Striker Leggette <striker@redhat.com>
Date: 2017-11-01
correct spelling of 'adcli_tool_computer_delete' description
tools/tools.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 90c1e96cf3eea8718aa97a6fb97aa2029ef64670
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-08-24
Use strdup() if offsets are used
Strings with an offset to the original starting point must be copied
because otherwise they cannot be properly freed later.
library/adenroll.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 7c95c61a86c5801d551d1042900b0e2e671891ce
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-08-24
Remove upper-case only check when looking for the NetBIOS name
It is a convention to use only upper-case letters for NetBIOS names but
it is not enforced on the AD-side. With the new option to specify a
random NetBIOS name it is possible to create host entries in AD with
lower-case letters in the name. To properly determine the name from the
keytab the upper-case check should be dropped.
library/adenroll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 85146804c219b2d4a62f315a0988536af7a53911
Author: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Date: 2017-03-30
Move the empty client site check
Currently this check will SEGV(NULL ptr access) if the parsing
of Netlogon discovery data fails. Move the empty check to where the
disco ptr is always valid. Add a log msg too.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
https://bugs.freedesktop.org/show_bug.cgi?id=100466
library/addisco.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
commit 213116ea8a16a10f4def750d92095c250b51def7
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-10-07
Handle empty string in client site name
parse_disco_string() returns an empty string if there is no client site
name in the NetLogon reply. Later in the code only a NULL check is used
to check for a missing client site name. To make sure the empty string
is not used as client site name it should be replaced with NULL.
https://bugs.freedesktop.org/show_bug.cgi?id=98143
library/addisco.c | 8 ++++++++
1 file changed, 8 insertions(+)
commit 2fd6c6abd329efc06a487bc64a3ba804ffacfeee
Author: Stef Walter <stefw@redhat.com>
Date: 2016-08-01
Bump version number
NEWS | 7 +++++++
configure.ac | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
commit 84b2c879736d4e2481407cdcd23dae0515dcd258
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-07-25
delete: use keytab data to determine realm and NetBIOS name
https://bugzilla.redhat.com/show_bug.cgi?id=1359773
tools/computer.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 40acf5f12379c8e7c86f2fec34e1e276ede5ef47
Author: Stef Walter <stefw@redhat.com>
Date: 2016-06-16
doc: Update the documentation about the default kerberos cache
https://bugs.freedesktop.org/show_bug.cgi?id=96544
doc/adcli.xml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit c334771f214e6f0cc2f13edf1032389e7bf74684
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-05-13
Remove \n or \r\n from stdin password
https://bugs.freedesktop.org/show_bug.cgi?id=78448
tools/tools.c | 7 +++++++
1 file changed, 7 insertions(+)
commit 83230282a3b8999d83afb04563589b38420cfa0e
Author: Gerard Weatherby <GWeatherby@uchc.edu>
Date: 2016-01-28
Patch to adcli.xml to fix documentation error
https://bugs.freedesktop.org/show_bug.cgi?id=93913
doc/adcli.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 836dcc4ef75d6ae46661e61be73c8b7737f85f68
Author: Stef Walter <stefw@redhat.com>
Date: 2016-04-14
library: Fix check for EAGAIN or EINTR
https://bugs.freedesktop.org/show_bug.cgi?id=71257
library/adutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 89ff7a711e2c0490131a5c1964e0d18acd530a76
Author: Stef Walter <stefw@redhat.com>
Date: 2016-01-19
Bump version number
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 38050e8b593f9587fa5759c6bb717063aa22063a
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-01-18
Add missing - in adcli man page
https://bugzilla.redhat.com/show_bug.cgi?id=1296971
doc/adcli.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 650e5d33ef31437a049fb454ad3dc5457c56abe7
Author: Sumit Bose <sbose@redhat.com>
Date: 2016-01-18
Force renewal if password lifetime is 0 even with clock skew
https://bugzilla.redhat.com/show_bug.cgi?id=1290731
library/adutil.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
commit 16a6f2e4d28b88bd2d2a1e1e51bde96e8aa0c8ae
Author: Stef Walter <stefw@redhat.com>
Date: 2015-12-17
Bump version number for release
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 253f37d71f6d42d5055dde6bb17f17805cc3a740
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-11
update: set login keytab based on command line options
This fixes a recent regression introduced by:
commit ec1fd29641e9f4638d00e3ccaaa20927d126aa9d
Allow additional ccache for updates
https://bugs.freedesktop.org/show_bug.cgi?id=93400
tools/computer.c | 1 +
1 file changed, 1 insertion(+)
commit 6747efc6ae5fea6844ae13a6c0c7da3e30db89c1
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-11
seq_remove: remove redundant NULL check
https://bugs.freedesktop.org/show_bug.cgi?id=93399
library/seq.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit aafcc55a6246ba7bcd99ce9dd9f70102dc0f4557
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-11
tools: Add missing break
Reviewed-by: Stef Walter <stefw@redhat.com>
tools/tools.c | 1 +
1 file changed, 1 insertion(+)
commit 3c0a8e6562a22cd38d9d375ee97857dd83fd8f4d
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-11
Make sure res is set in prep_kerberos_and_kinit()
Reviewed-by: Stef Walter <stefw@redhat.com>
library/adconn.c | 3 +++
1 file changed, 3 insertions(+)
commit eeceff4fab74afa932f6f54686e110119dbbfa9f
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-11
Set umask before calling mkstemp()
Reviewed-by: Stef Walter <stefw@redhat.com>
library/adconn.c | 4 ++++
1 file changed, 4 insertions(+)
commit 8903f339fdf9d06f960cd5bfa05e804a4b1e7507
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-11
Use reproducible IDs in documentation
Reviewed-by: Stef Walter <stefw@redhat.com>
doc/adcli.xml | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
commit 2ef4256dc4c6024a3a19e4195d6afce88a624e68
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-09
Call adcli_conn_connect() only once
Reviewed-by: Stef Walter <stefw@redhat.com>
library/adenroll.c | 8 --------
1 file changed, 8 deletions(-)
commit de8c7d6b6f2aec7cab535132cafbc664c19ff418
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-04
Check host password lifetime
https://bugs.freedesktop.org/show_bug.cgi?id=93282
doc/adcli.xml | 7 ++++++
library/adenroll.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++------
library/adenroll.h | 5 +++++
library/adprivate.h | 2 ++
library/adutil.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++
library/adutil.h | 1 +
tools/computer.c | 18 +++++++++++++++
7 files changed, 149 insertions(+), 7 deletions(-)
commit a96e9ef412ad24c06eaa54cf8460bce1a9a7f759
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-08
doc: add update sub-command to man page
https://bugs.freedesktop.org/show_bug.cgi?id=92908
doc/adcli.xml | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 86 insertions(+)
commit e56592b6516f301a2d28cd91b7a67becc6048eab
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-04
Increment kvno after password change
https://bugs.freedesktop.org/show_bug.cgi?id=91185
library/adenroll.c | 4 ++++
1 file changed, 4 insertions(+)
commit eadeb5b04afe11750fbfcf3b8534ab8dbb71a8ca
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-11-30
Coverity fixes
https://bugs.freedesktop.org/show_bug.cgi?id=93222
Signed-off-by: Stef Walter <stefw@redhat.com>
* Revert changes for resource cleanup in unexpected conditions
See above bug for explanation.
* Some whitespace fixes.
library/adenroll.c | 20 +++++++++++++-------
tools/computer.c | 6 ++++++
tools/entry.c | 2 ++
tools/tools.c | 6 ++++--
4 files changed, 25 insertions(+), 9 deletions(-)
commit c4891294f76dee86081d3d59aedb560aac4dab0f
Author: Stef Walter <stefw@redhat.com>
Date: 2015-12-07
Teach coverity about unexpected preconditions
adcli treats unexpected failures (such as most memory allocation failures)
differently from expected, possible failures. We don't do cleanup after
the former.
This patch tells Coverity that we don't expect these code paths to
have defined behavior.
https://bugs.freedesktop.org/show_bug.cgi?id=93222
library/adutil.c | 5 +++++
1 file changed, 5 insertions(+)
commit 0450a0754d856a43e85bca252c1f35b1bd74c2cf
Author: Stef Walter <stefw@redhat.com>
Date: 2015-12-07
library: Don't automatically connect to kerberos
For the adconn code, expect that adcli_conn_connect() is called
before the shared krb5_context is available.
This prevents hard to track bugs with using the shared krb5 context
before its profile has been correctly set up.
library/adconn.c | 22 ++++++----------------
1 file changed, 6 insertions(+), 16 deletions(-)
commit ec1fd29641e9f4638d00e3ccaaa20927d126aa9d
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-03
Allow additional ccache for updates
https://bugs.freedesktop.org/show_bug.cgi?id=92908
Signed-off-by: Stef Walter <stefw@redhat.com>
* Removed redundant changes for default keytab
tools/computer.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
commit 4694aa7e8781c70dfe9b2d6b99f13456edd2eb2a
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-03
Allow domain option for updates
https://bugs.freedesktop.org/show_bug.cgi?id=92908
Reviewed-by: Stef Walter <stefw@redhat.com>
tools/computer.c | 1 +
1 file changed, 1 insertion(+)
commit a518423ad17ada50d9f9957893f5c1e60f5fe93f
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-03
Drop host/ prefix when deriving fqdn
When deriving the fully-qualified name of the host from a keytab entry
the 'host/' prefix of the Kerberos principal must be dropped.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed whitespace
https://bugs.freedesktop.org/show_bug.cgi?id=92908
library/adenroll.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 9086d3bb70e041a73a78cddf465b611088c9f4f2
Author: Stef Walter <stefw@redhat.com>
Date: 2015-11-11
Implement 'adcli update'
This is similar to an 'adcli join' but expects to use settings and
authentication from a keytab. It also expects to find a computer
account already present, rather than creating one.
https://bugs.freedesktop.org/show_bug.cgi?id=92908
library/adenroll.c | 206 ++++++++++++++++++++++++++++++++++++++++++++++++-----
library/adenroll.h | 5 ++
tools/computer.c | 98 +++++++++++++++++++++++++
tools/tools.c | 1 +
tools/tools.h | 4 ++
5 files changed, 295 insertions(+), 19 deletions(-)
commit 9a5654f65ff0d4b49d962e2cf25da3296d251963
Author: Stef Walter <stefw@redhat.com>
Date: 2015-11-11
library: Add ability to do computer login with a keytab
This will be used by the 'adcli update' command.
https://bugs.freedesktop.org/show_bug.cgi?id=92908
library/adconn.c | 79 +++++++++++++++++++++++++++++++++++++++++++++-----------
library/adconn.h | 5 ++++
library/adkrb5.c | 2 +-
3 files changed, 70 insertions(+), 16 deletions(-)
commit e45e8b9c4a36bc93ec6a6c52750b3d518c489b81
Author: Stef Walter <stefw@redhat.com>
Date: 2015-11-11
library: Add some string helpers
These will be used by the logic to load settings from a keytab,
and used by 'adcli update' functionality.
https://bugs.freedesktop.org/show_bug.cgi?id=92908
library/adprivate.h | 11 +++++++++++
library/adutil.c | 43 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
commit 60e956223b1867fe94cbc356b9a02415ec431d2c
Author: Stef Walter <stefw@redhat.com>
Date: 2015-11-11
library: Refactor out some kerberos common code
Add function for creating a new context, and opening a keytab
in the adkrb5.c file. These basically add minimal wrappers that
log failures properly, and handle default keytabs.
https://bugs.freedesktop.org/show_bug.cgi?id=92908
library/adconn.c | 34 +++++++++++++---------
library/adenroll.c | 19 +++----------
library/adkrb5.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adprivate.h | 12 ++++++++
4 files changed, 117 insertions(+), 29 deletions(-)
commit 4d3804d7e37d4f88a61fa5c8f0865ff2199e9dbf
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-02
Coverity: silence a false positive
https://bugs.freedesktop.org/show_bug.cgi?id=93222
Reviewed-by: Stef Walter <stefw@redhat.com>
library/adconn.c | 2 ++
1 file changed, 2 insertions(+)
commit eff46bc3d8dce0e03ef6532113a7b01c958ed857
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-02
Fix buffer length checks
https://bugs.freedesktop.org/show_bug.cgi?id=86971
Reviewed-by: Stef Walter <stefw@redhat.com>
library/addisco.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
commit a69a89881e6f6032a9f8363c349978572a742a26
Author: Sumit Bose <sbose@redhat.com>
Date: 2015-12-02
Replace alloca() by malloc() for arrays
https://bugs.freedesktop.org/show_bug.cgi?id=86970
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up whitespace after function name
library/adldap.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
commit 14c3838354f9c9f197f8be6186cf25d471f21647
Author: Stef Walter <stefw@redhat.com>
Date: 2015-10-19
Fix 'make distcheck' issue
Makefile.am | 2 --
1 file changed, 2 deletions(-)
commit d500d08f7cd3ac1d2f2e870b9af249d37755f2af
Author: Stef Walter <stefw@redhat.com>
Date: 2015-10-19
Bump version number
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 135c6d4a293a5fa05bd08342609add116bb5edd7
Author: Stef Walter <stefw@redhat.com>
Date: 2015-10-19
Be more helpful with messages about Computer OU
library/adenroll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit ec132a3add4c41a9c1efa6c12b2c900df66151d1
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-07
Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM"
Windows doesn't care, as it's mostly case insensitive, but sshd
does care here.
https://bugs.freedesktop.org/show_bug.cgi?id=84749
library/adenroll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 56ef2c6ea4ab3ee7215a55dabe4585b21874ea23
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-07
Allow autogen.sh to be run when srcdir != builddir
autogen.sh | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
commit 4ac6debd81e9d55c67f638d01c939ade61b6031c
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-20
doc: Fix typos found by Tomas Babej
doc/adcli.xml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
commit cfb40bfeda093345bd86a77fa149c357e28968af
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-13
Release version 0.7.5
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 906a69ee997ba5edfb1e7d6b538b4612e7ea9d17
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-13
Place IPv6 addresses properly in our temp krb5.conf
library/adconn.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
commit 3b4fd1161f15955abc3f2458029eff6e856fb51a
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-13
Clarify in verbose output what scheme is used to disco
library/addisco.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9fc1b8867a390849096f0a9ffcc0b4fc653d459c
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-12
Don't use cldap with IPv6 due to openldap bugs
http://www.openldap.org/its/index.cgi/Incoming?id=7694
library/addisco.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit 45e0eda44504ea3f6856eba0edc67cd47bf4b882
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-12
Fix regression where exceeded number of servers to disco against
library/addisco.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit ab21a39509d9a073437bf39a193b5730d0303512
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-12
Stop discovery on a given server when ldap_search_ext() fails
library/addisco.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 30b43f988f44f8159e2237db05ab4a6cba2a5772
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-06
Release version 0.7.4
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 167b4e9fefa3a1f535548e756c7cba21c7678eae
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-06
Pass correct pointer type to ldap_set_option when setting SSF_MIN
Failure on some archs where sizeof(int) != sizeof(ber_len_t)
https://bugs.freedesktop.org/show_bug.cgi?id=69038
library/adconn.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 775bed934b0ba6cf7a042486375e370928810eaa
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-06
Try to contact all available addresses for discovery
Don't just contact each SRV record when doing discovery, but
resolve and try to contact each A record.
This fixes problems when a machine has both IPv4 and IPv6 records
but one of these isn't usable for some reason.
https://bugs.freedesktop.org/show_bug.cgi?id=68110
library/addisco.c | 63 ++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 49 insertions(+), 14 deletions(-)
commit 2e82e2a37b01d6e270bb25f36bde3b9b6b6ca35e
Author: Stef Walter <stefw@redhat.com>
Date: 2013-09-06
Truncate netbios host names to 15 chars
Truncate host names the same way Windows clients do.
https://bugs.freedesktop.org/show_bug.cgi?id=69016
library/adconn.c | 57 ++++++++++++++++++++++++++++++++++-------------------
library/adenroll.c | 23 ++-------------------
library/adprivate.h | 2 ++
3 files changed, 41 insertions(+), 41 deletions(-)
commit 57d510214d81cda1bd224d1df2686c64bc3fe700
Author: Stef Walter <stefw@redhat.com>
Date: 2013-08-07
Release version 0.7.3
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 2de89825f40352ffdebd1e62ddcd4b74e89596e1
Author: Stef Walter <stefw@redhat.com>
Date: 2013-07-23
Don't try to set encryption types on Windows 2003 and earlier
These don't have the msDS-supportedEncryptionTypes LDAP
attribute, and only support a fixed set of encryption types.
https://bugs.freedesktop.org/show_bug.cgi?id=67058
library/adconn.c | 35 +++++++++++++++++++++++++++++++++-
library/adconn.h | 13 +++++++++++++
library/adenroll.c | 56 ++++++++++++++++++++++++++++++++++++++++--------------
3 files changed, 89 insertions(+), 15 deletions(-)
commit bed6f5bb0c14f602476f31747eac6e2de44c4467
Author: Stef Walter <stefw@gnome.org>
Date: 2013-07-30
Fix uninitialized variable
library/adconn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3e937ed8ed677714d1eddb03b5a9cc7e944f1358
Author: Stef Walter <stefw@redhat.com>
Date: 2013-07-22
Release version 0.7.2
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit f914fa138cfb0d00f40c8328777f0d7193fb2c4e
Author: Stef Walter <stefw@redhat.com>
Date: 2013-07-19
Delete current computer if no host specified to delete-computer
realmd will use this. realmd lets adcli calculate the current host
name during join, and so it makes sense to do the same during
delete-computer.
https://bugs.freedesktop.org/show_bug.cgi?id=65032
doc/adcli.xml | 4 ++++
tools/computer.c | 7 ++++---
2 files changed, 8 insertions(+), 3 deletions(-)
commit 9fe0c385107a1bb0c2b0f250a08a5df4c485556c
Author: Laurent Bigonville <bigon@bigon.be>
Date: 2013-07-09
Fix FTBFS on freebsd kernel
Set HOST_NAME_MAX to 255 if this is not already defined in the headers.
sysconf(3) manpage indicates that this values shouldn't be less than
255.
http://bugs.freedesktop.org/show_bug.cgi?id=66456
library/adprivate.h | 4 ++++
1 file changed, 4 insertions(+)
commit 9774ca4a17615163913958b26acf0bd566777c02
Author: Stef Walter <stefw@redhat.com>
Date: 2013-06-18
Fix typo of word 'necessary'
https://bugs.freedesktop.org/show_bug.cgi?id=65782
tools/computer.c | 2 +-
tools/entry.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit 084ec6754cac5c49f86ca770a4bde93d46d083e7
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-23
Always show info for --domain-controller if provided
tools/info.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
commit 7f83bf30444ddbabfeaf7ba33a4babd5aed3613c
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-13
Release version 0.7.1
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 763a9e8f9d61c136b480ef4b634e88c3c5d07ed6
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-13
Fix access of null pointer
library/adconn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b50ec4acf87a1ff9a43678465e34aa43a60e36bc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-13
When we recieve an LDAP ping response, don't expect more
Don't expect more than one LDAP ping response, if we get one but
its either unparseable or the wrong type. Just move on.
library/addisco.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2a231986d7b77abcf8b9ff4c20f72b71a1adf976
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-13
If automatically determining the salt fails, just guess
If automatically determining the kerberos principal salt to use fails,
either due to race issues on the server, or other future problems,
just guess and use a salt that usually works with Windows 2003 and 2008.
library/adenroll.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
commit 5bb9357ddaab00cf28e2be61cd9690a2bdac60e2
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-06
Release version 0.7
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 8fdaed506001a4205b969a290428a1251356ecf8
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-06
Work around krb5_get_init_creds_password() with empty password
Put a null password prompter to get around this issue.
See: http://mailman.mit.edu/pipermail/krbdev/2013-May/011525.html
library/adconn.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
commit bb72ff217c29a62b68367b8e0e5f9fb7f392b53e
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-06
Handle KRB5_PREAUTH_FAILED as an invalid password
* This happens when password is empty
library/adconn.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit cb0332f3175ba9fad8e62d37661b5b7b8e6bbea3
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-02
Add some annotations for clang analyzer
* And fix highlighted issues
.gitignore | 1 +
library/addisco.c | 7 +------
library/adenroll.c | 6 ++++++
library/adldap.c | 2 +-
library/adprivate.h | 16 +++++++++++++++-
library/seq.c | 32 +++++++++++++++++++++++++++++++-
library/test.h | 16 +++++++++++++++-
tools/computer.c | 4 ++--
tools/tools.c | 14 ++++++++++----
9 files changed, 82 insertions(+), 16 deletions(-)
commit 00e99ec714bba89c2c484fd90c12de600b7c0de0
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-02
Fix use of freed memory
library/adconn.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 384c262faa085791a06cd56d837d2fb394860120
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-29
Release version 0.6
.gitignore | 3 +++
NEWS | 8 ++++++++
configure.ac | 2 +-
3 files changed, 12 insertions(+), 1 deletion(-)
commit b6ba535d30b7894575dd07cdf624c330ffe24d17
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-29
Use ldap_init_fd to better support IP addresses
When using an IP address we need to connect to that address
but then use the host name discovered in the LDAP URL. OpenLDAP
doesn't make this easy to do so use the documented but not-in-headers
ldap_init_fd function.
configure.ac | 4 ++
library/adconn.c | 110 +++++++++++++++++++++++++++++++++++++++----------------
tools/tools.c | 6 +--
3 files changed, 86 insertions(+), 34 deletions(-)
commit e8447f9cbbef5a73c25bd9890eca29e549a0a3c6
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-25
Add a --one-time-password to join
This is equivalent to --login-type=computer and providing
the computer password.
doc/adcli.xml | 7 +++++++
tools/computer.c | 12 +++++++++---
2 files changed, 16 insertions(+), 3 deletions(-)
commit 49733718e55647a5e02f192662fdca3d8e9d4e1b
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-25
Add option to print out the machine password after a join
doc/adcli.xml | 6 ++++++
tools/computer.c | 26 ++++++++++++++++++++++++--
2 files changed, 30 insertions(+), 2 deletions(-)
commit cda6ec5171d9015514f22b5074746d0914020c2c
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-25
Allow processing the computer password more easily in text form
Remove shell characters and spaces and so on from auto-generated
computer passwords
library/adenroll.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit 46361aa1366ce9def894249cfbc926585d24e328
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-12
Fine tune the --os-name and --os-version arguments
The values should be required
https://bugs.freedesktop.org/show_bug.cgi?id=54489
tools/computer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 7a3f6105e108312beb2997442ff74bba59c9684f
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-11
Add --user-principal argument for joining domains
This fills in the userPrincipalName attribute on the account
https://bugs.freedesktop.org/show_bug.cgi?id=62755
doc/adcli.xml | 13 +++++++
library/adenroll.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++---
library/adenroll.h | 7 ++++
tools/computer.c | 10 +++++
4 files changed, 131 insertions(+), 6 deletions(-)
commit c2970e74a8568baca541b46efaa55ee53e38c7de
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-11
Streamline how extra account attributes are updated
* Ignore failures updating auxiliary attributes, with warning
https://bugs.freedesktop.org/show_bug.cgi?id=62755
library/adenroll.c | 227 +++++++++++++++++++----------------------------------
1 file changed, 82 insertions(+), 145 deletions(-)
commit b1cad71e241f2bf3b4bc0f6470073dd1f72026af
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Remove the last reference to p11-kit that came over with docs
doc/adcli.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 335b28b2b403290b9de927255c8299cba8af1591
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-08
Release version 0.5
NEWS | 18 ++++++++++++++++++
configure.ac | 2 +-
2 files changed, 19 insertions(+), 1 deletion(-)
commit 31165cd1e869dab58178159b7c4d21312f3f5748
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Don't retrieve kvno if not joining
https://bugs.freedesktop.org/show_bug.cgi?id=56149
library/adenroll.c | 4 ++++
1 file changed, 4 insertions(+)
commit 1e20c086a077605e2694df0b8da49923004d218d
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Support using --login-ccache without an argument
Just use the default krb5 ccache in that case.
library/adconn.c | 15 ++++++++++++++-
tools/computer.c | 10 +++++-----
tools/entry.c | 12 ++++++------
tools/tools.c | 1 -
4 files changed, 25 insertions(+), 13 deletions(-)
commit 428cf878944eca7b0762e1e434cc4895dff98372
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Add support for setting operatingSystem and related attrs
* Add new arguments to join command: --os-name --os-version
and --os-service-pack
* These are not supported when a computer is claiming an
account on its own credentials.
https://bugs.freedesktop.org/show_bug.cgi?id=54489
doc/adcli.xml | 32 ++++++++++++++++++++
library/Makefile.am | 1 +
library/adenroll.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
library/adenroll.h | 15 ++++++++++
library/adldap.c | 4 +--
tools/computer.c | 35 ++++++++++++++++++++++
6 files changed, 168 insertions(+), 3 deletions(-)
commit e1069eaf9a81f061dbaf55999a5811cc5d9aea2e
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Remove lookup of preferredOU which was incorrect
* preferredOU is an attribute on a user or computer, not
on the domain as a whole. We cannot use it during joins
library/adenroll.c | 45 ---------------------------------------------
1 file changed, 45 deletions(-)
commit 2d412510118a1af08e6fba300129282773386292
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Make ADCLI_STRICT=1 abort() when precondition
library/adprivate.h | 16 ++--------------
library/adutil.c | 16 ++++++++++++++++
tools/computer.c | 11 ++---------
3 files changed, 20 insertions(+), 23 deletions(-)
commit 834c9f875e33eb28cf063858133e347e73593c54
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-10
Add more documentation for building adcli
Makefile.am | 4 +-
doc/Makefile.am | 1 +
doc/adcli-devel.xml | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++++
doc/adcli-docs.xml | 11 +--
doc/adcli.xml | 2 +-
doc/gtk-doc.xsl | 2 +-
6 files changed, 216 insertions(+), 8 deletions(-)
commit 0fca72222fec97c975954881463db49deb37989f
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Fix problems connecting without DNS
* Pass the actual name that we're trying to connect to to openldap
* Tell openldap to pass the right host name to GSSAPI
library/adconn.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
commit 74ff6fe7517d4a012bae0cba55c89c2573ca95d1
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
A bit of cleanup of adcli output
tools/computer.c | 2 +-
tools/info.c | 16 ++++++++++------
2 files changed, 11 insertions(+), 7 deletions(-)
commit e16af692fdbb8569ebdb6e8d0f40d426fef5a236
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Allow passing a domain directly on the command line to join command
tools/computer.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 6f4880029a2c002395cc19d4a7558c830f143d87
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Catch more permission failures when joining domain
* Windows Server returns all sorts of strange errors when
permission problems for joining domain
library/adenroll.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit 48166f0a3b33a5d69fc09486cc8e0f6848a48867
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Discovery fixes
* Discover without DNS
* Support libldaps without cldap built in
* Better use of discovery data, without going through intermediate
LDAP URLs
library/adconn.c | 221 ++++++++++++++++++++++++------------------------------
library/adconn.h | 8 --
library/addisco.c | 42 ++++++-----
library/addisco.h | 3 +-
tools/info.c | 10 +--
5 files changed, 129 insertions(+), 155 deletions(-)
commit d417fcc0c1cb1c89b23aef925ac64e994052eca2
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Fix possible uninitialized variable
library/addisco.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 030126689753052daa5323337c765a8b496ecb9a
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Add manual page for adcli and documentation infrastructure
.gitignore | 2 +
Makefile.am | 21 +-
configure.ac | 39 ++
doc/Makefile.am | 68 +++
doc/adcli-docs.xml | 21 +
doc/adcli.xml | 529 +++++++++++++++++++++++
doc/gtk-doc.xsl | 897 +++++++++++++++++++++++++++++++++++++++
doc/static/gtk-doc.css | 264 ++++++++++++
doc/static/home.png | Bin 0 -> 654 bytes
doc/static/left.png | Bin 0 -> 459 bytes
doc/static/right.png | Bin 0 -> 472 bytes
doc/static/style.css | 114 +++++
doc/static/up.png | Bin 0 -> 406 bytes
doc/version-greater-or-equal.xsl | 54 +++
tools/computer.c | 28 +-
15 files changed, 2023 insertions(+), 14 deletions(-)
commit 3fb917556b5e2ad38b5bfbafbcf2f3b60ce90f46
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Add support for adding/removing members from groups
* add-member command
* remove-member command
* Refactor attribute handling, and provide ways to load
and modify entries.
library/adattrs.c | 157 +++++++++++++++++++++++++++++-----------
library/adattrs.h | 27 +++++--
library/adentry.c | 89 +++++++++++++++++++----
library/adentry.h | 7 ++
library/adldap.c | 7 +-
tools/entry.c | 212 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
tools/tools.c | 2 +
tools/tools.h | 8 +++
8 files changed, 442 insertions(+), 67 deletions(-)
commit 2f50a5d3f36251caa5a1128251618e79d1a9ef6d
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
Add support for creating/deleting groups
* create-group command
* delete-group command
* Refactor a bit to use the same code for user/groups
library/Makefile.am | 2 +-
library/adcli.h | 3 +-
library/adentry.c | 423 ++++++++++++++++++++++++++++++++++++++++
library/{aduser.h => adentry.h} | 27 +--
library/aduser.c | 372 -----------------------------------
tools/Makefile.am | 2 +-
tools/{user.c => entry.c} | 198 +++++++++++++++++--
tools/tools.c | 2 +
tools/tools.h | 6 +-
9 files changed, 628 insertions(+), 407 deletions(-)
commit b089bce11a588f158c36fac0ab86ced756e50ac1
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-09
More expressive logging for ldap errors
library/adconn.c | 13 +++---
library/addisco.c | 8 ++--
library/adenroll.c | 115 ++++++++++++++++++++++------------------------------
library/adldap.c | 18 +++++---
library/adprivate.h | 4 +-
library/aduser.c | 39 ++++++++----------
6 files changed, 90 insertions(+), 107 deletions(-)
commit 18d13ebdfc7ff1a22b028f1c048bb4964e73f857
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-08
Clean up the adcli arguments
* Use --domain-controller consistently to specify the server
to connect to. Still accept --domain-server for the 'join'
command for backward compatibility
* Remove the --ldap-url argument, as --domain-controller is an
acceptable replacement.
* Use --login-user consistently to specify the admin user who
is using adcli. Still accept --user for the 'join' command
for backward compatibility.
* Use --domain-ou consistently to specify the organizational
unit to create objects in. Still accept --computer-ou for
the 'join' command for backward compatibility.
* Remove some extra info command arguments.
library/adconn.c | 38 +++++++++++++++----------------
library/adconn.h | 8 +++----
library/adenroll.c | 56 +++++++++++++++++++++++-----------------------
library/adenroll.h | 4 ++--
library/aduser.c | 26 +++++++++++-----------
library/aduser.h | 4 ++--
tools/computer.c | 65 ++++++++++++++++++++++++------------------------------
tools/info.c | 43 ++++--------------------------------
tools/user.c | 26 +++++++++++-----------
9 files changed, 114 insertions(+), 156 deletions(-)
commit 87932fbd036b60de56294782858627c996ea9cb2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-08
Implement domain discovery, including support for sites
* Add a new 'adcli info' command
https://bugs.freedesktop.org/show_bug.cgi?id=54490
library/Makefile.am | 4 +-
library/adcli.h | 1 +
library/adconn.c | 62 ++---
library/addisco.c | 764 +++++++++++++++++++++++++++++++++++++++++++++++++++
library/addisco.h | 74 +++++
library/getsrvinfo.c | 263 ------------------
library/getsrvinfo.h | 42 ---
tools/Makefile.am | 1 +
tools/info.c | 219 +++++++++++++++
tools/tools.c | 32 ++-
tools/tools.h | 4 +
11 files changed, 1109 insertions(+), 357 deletions(-)
commit 5a04b390c75115acf06fedf751ce88ff2dd5207e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-08
Fix possible crash when for a NULL strv
library/adutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit c581500ceafff6cd59ba690a4400d52929645289
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-08
Less complicated message logging
Now that we're not trying to be a library, just use global
functions and storage for message callbacks and logging.
library/adconn.c | 177 ++++++++++++----------------------------------------
library/adconn.h | 13 ----
library/adenroll.c | 146 +++++++++++++++++++++----------------------
library/adldap.c | 5 +-
library/adprivate.h | 24 +++----
library/aduser.c | 34 +++++-----
library/adutil.c | 72 +++++++++++++++++++++
library/adutil.h | 10 +++
tools/computer.c | 16 ++---
tools/tools.c | 7 +--
tools/user.c | 8 +--
11 files changed, 236 insertions(+), 276 deletions(-)
commit 86d27165487d53f2b4d631993a1143f11896480c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-08
Use a test framework that supports TAP output
For integration with automake 1.13, and perhaps others
library/Makefile.am | 4 +-
library/adattrs.c | 49 +++++-----
library/adldap.c | 41 +++++----
library/adutil.c | 27 +++---
library/seq.c | 133 ++++++++++++++-------------
library/test.c | 256 ++++++++++++++++++++++++++++++++++++++++++++++++++++
library/test.h | 135 +++++++++++++++++++++++++++
7 files changed, 523 insertions(+), 122 deletions(-)
commit 6f304721bd72c50102bbb8aff911bd10a6fdaf1f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
Add support for adding and deleting active directory users
.gitignore | 2 +
library/Makefile.am | 15 ++-
library/adattrs.c | 240 +++++++++++++++++++++++++++++++++
library/adattrs.h | 48 +++++++
library/adcli.h | 1 +
library/adenroll.c | 34 +----
library/adldap.c | 232 ++++++++++++++++++++++++++++----
library/adprivate.h | 45 ++++++-
library/aduser.c | 377 ++++++++++++++++++++++++++++++++++++++++++++++++++++
library/aduser.h | 51 +++++++
library/adutil.c | 22 ++-
tools/Makefile.am | 1 +
tools/tools.c | 2 +
tools/tools.h | 12 ++
tools/user.c | 326 +++++++++++++++++++++++++++++++++++++++++++++
15 files changed, 1336 insertions(+), 72 deletions(-)
commit dc8333a94dd0b1582e7ad0e63b038635f21bc47c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-12
Implement the 'delete-computer' and 'reset-computer' commands
library/adenroll.c | 285 ++++++++++++++++++++++++++++++++++++++++++-----------
library/adenroll.h | 6 ++
tools/computer.c | 150 ++++++++++++++++++++++++++++
tools/tools.c | 2 +
tools/tools.h | 8 ++
5 files changed, 391 insertions(+), 60 deletions(-)
commit f4dff16da3cef29ccb0282c47252cdf3b4a19d55
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-12
Refactor the command line interface
* More intelligent usage output
* Rename the 'preset' command to 'preset-computer'
* Split the computer tools into a separate file
tools/Makefile.am | 3 +-
tools/adcli.c | 809 ------------------------------------------------------
tools/computer.c | 414 ++++++++++++++++++++++++++++
tools/tools.c | 491 +++++++++++++++++++++++++++++++++
tools/tools.h | 65 +++++
5 files changed, 972 insertions(+), 810 deletions(-)
commit 08a2ea144aa012e418d0c54728f6c4691c97e76f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
Add generic sequence code
This can be used both as an array an and a sorted lookup table
.gitignore | 2 +
Makefile.am | 6 +
library/Makefile.am | 26 ++-
library/adprivate.h | 6 +-
library/adutil.c | 119 +++++-----
library/seq.c | 612 ++++++++++++++++++++++++++++++++++++++++++++++++++++
library/seq.h | 85 ++++++++
7 files changed, 802 insertions(+), 54 deletions(-)
commit 8958d28c5058bb53458c1ad3cfcd500280c4f7fb
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-12
Fix use of CFLAGS for building the library
library/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 79fb7cf291ca662332542e165dd777039e9ed2bf
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
Remove coverage files when cleaning
build/Makefile.am | 8 ++++++++
library/Makefile.am | 5 +++++
tools/Makefile.am | 5 +++++
3 files changed, 18 insertions(+)
commit 28a75bffc7cd8cca6d0cf6a47dad501f92243983
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
No longer export a library
The adcli tool is the main interface for this. Later we may refactor this to use
a very different implementation.
Makefile.am | 7 -------
configure.ac | 52 ---------------------------------------------------
library/Makefile.am | 25 +++----------------------
library/adcli-1.pc.in | 13 -------------
library/adprivate.h | 3 ---
library/adutil.c | 6 +++---
library/adutil.h | 5 +++++
tools/Makefile.am | 2 --
tools/adcli.c | 2 +-
9 files changed, 12 insertions(+), 103 deletions(-)
commit ccd8fd7f1082950377db4f0e1782a7e38e5c24c8
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
Some autoconf tweaks
* Cleanup autoconf warnings
* Move m4/ into build/m4
.gitignore | 3 +--
Makefile.am | 3 ++-
build/Makefile.am | 0
{m4 => build/m4}/.gitignore | 0
configure.ac | 15 ++++++---------
5 files changed, 9 insertions(+), 12 deletions(-)
commit c37a1edfaa2086d06eb9f1020acd2682c7f81dfb
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-19
build: Use the resolv.h header when checking for res_query
https://bugzilla.gnome.org/show_bug.cgi?id=60561
configure.ac | 28 +++++++++++++++++++++++-----
1 file changed, 23 insertions(+), 5 deletions(-)
commit 00aa642282355563f57432ebbc398adfc4b68ecd
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-22
When --user is specified don't try computer login
tools/adcli.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit c7f6ab8341f7400f963a7e155c33cb312bfb61cd
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-22
Only include /etc/krb5.conf if it exists
Including an invalid krb5.conf led to failure to init a
krb5_context.
https://bugs.freedesktop.org/show_bug.cgi?id=57403
tools/adcli.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
commit 377b3d5c3b4870389dd36770500aaa6e3bda63d7
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-22
Check for SASL headers when configuring
configure.ac | 9 +++++++++
1 file changed, 9 insertions(+)
commit 0b60a75784e8ea88e32eae8bb23e4e128a8646ef
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-22
Unquote error message when ldap not found
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 23b43dd5be2ed8ddaa94b05c7cedbcbbc3f77abd
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-13
Don't print out or expose the computer container DN
* This is just confusing, and not a common concept
* Don't want to have to support this or get questions about it.
library/adenroll.c | 7 -------
library/adenroll.h | 2 --
tools/adcli.c | 1 -
3 files changed, 10 deletions(-)
commit 34f0d8479480a06f569663cf8a15ac689800da9d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-13
Look up the nETBIOSName correctly
* Use the configurationNamingContext and CN=Partitions subtree
https://bugzilla.gnome.org/show_bug.cgi?id=57064
library/adconn.c | 45 +++++++++++++++++++++++++++++++++++----------
library/adconn.h | 2 +-
library/adenroll.c | 9 +++++----
tools/adcli.c | 2 +-
4 files changed, 42 insertions(+), 16 deletions(-)
commit 84676ef669be6a7182c0e0fa4f28a80ce573e952
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-12
Release 0.4
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit cb546913fa993593fdf4e45edbbd6c43f78f5e84
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-12
Use a private krb5.conf file
* This helps us connect to the same server consistently.
* Allows --domain-server argument to work properly.
https://bugs.freedesktop.org/show_bug.cgi?id=55487
library/adconn.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++--
library/adconn.h | 5 +++
library/adprivate.h | 4 ++
library/adutil.c | 27 ++++++++++++
tools/Makefile.am | 1 +
tools/adcli.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 261 insertions(+), 4 deletions(-)
commit 08bd7b69f0da02ee750fa527453c526e627d182d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-09
Rework how computer account is located and created
* Always try to find the account first, using sAMAccountName.
* If computer OU is specified enforce that the account is in
the right place.
* Use terminology 'computer-ou' instead of 'preferred-ou' where
appropriate, since it's not just preferred anymore.
* Don't allow explicitly setting the computer container, too
complicated and not exposed anywhere.
https://bugs.freedesktop.org/show_bug.cgi?id=56868
library/adenroll.c | 354 +++++++++++++++++++++++++++++-----------------------
library/adenroll.h | 7 +-
library/adldap.c | 94 ++++++++++++++
library/adprivate.h | 5 +
tools/adcli.c | 4 +-
5 files changed, 303 insertions(+), 161 deletions(-)
commit 72c1a9f7bd71d4bc8920b6998e749afb90fe8372
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-09
Don't follow referalls when searching LDAP server
https://bugs.freedesktop.org/show_bug.cgi?id=56868
library/adconn.c | 3 +++
1 file changed, 3 insertions(+)
commit 8b793abd22593e8b764a0c0da40794095718697f
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-09
Ignore built files
.gitignore | 5 +++++
1 file changed, 5 insertions(+)
commit 2db1f46959d1c29394e7a4976ef0f9c895b7cd93
Author: Stef Walter <stefw@gnome.org>
Date: 2012-10-30
Fix freeing of uninitialized memory
library/adenroll.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 24c6bedfe0862f8d61d5939ee10c9a5a749c9860
Author: Stef Walter <stefw@gnome.org>
Date: 2012-10-20
Release version 0.3
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit e2c5f29cc7bc1cca7f3d7c8544d60f0aaacd07f2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-10-20
Don't use DNS to lookup the host name for enrollment
* Use the computers own concept of what its host name is
* The idea is that dynamic DNS is properly set after we join
the domain (perhaps by sssd).
library/adconn.c | 47 +++--------------------------------------------
1 file changed, 3 insertions(+), 44 deletions(-)
commit 77a8f652493ec999953458b16d064bb62b450b52
Author: Stef Walter <stefw@gnome.org>
Date: 2012-10-20
Don't try to update userAccountControl for precreated accounts
* When auto-joining or using OTP, don't try to update userAccountControl
attribute.
* This attribute is not writable by the computer account itself.
https://bugs.freedesktop.org/show_bug.cgi?id=56148
library/adenroll.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
commit 590d44b3a00231a1ae2d3e498ad7c1faa96d1845
Author: Stef Walter <stefw@gnome.org>
Date: 2012-10-19
Fix an assertion and handle errors correctly when setup fails
library/adenroll.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
commit be76ec644c949ab14b2e3f3a6ef3f4f9778eb7bf
Author: Stef Walter <stefw@gnome.org>
Date: 2012-10-19
Allow use of host names without any dot.
* In the case where DNS isn't working we calculate the computer name
from the host name. Allow that name to have no dots.
https://bugs.freedesktop.org/show_bug.cgi?id=56147
library/adconn.c | 15 ++++++++++-----
library/adenroll.c | 15 ++++++++++-----
2 files changed, 20 insertions(+), 10 deletions(-)
commit 909670dba8ada7ab3ecc99483b241face30d3313
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-30
Require LDAP when building adcli
configure.ac | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
commit fef364f413d87dfe0e6111634b7311e9c43850cc
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-30
Require libtool to build adcli
configure.ac | 1 +
1 file changed, 1 insertion(+)
commit b8107de6344b46d695783bac0d1e3b9c5b18e751
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-04
Fix license addresses, and missing header comments
library/adcli.h | 4 ++--
library/adconn.c | 4 ++--
library/adconn.h | 4 ++--
library/adenroll.c | 4 ++--
library/adenroll.h | 4 ++--
library/adkrb5.c | 4 ++--
library/adldap.c | 4 ++--
library/adprivate.h | 4 ++--
library/adutil.c | 4 ++--
library/adutil.h | 4 ++--
library/getsrvinfo.c | 4 ++--
library/getsrvinfo.h | 4 ++--
tools/adcli.c | 22 ++++++++++++++++++++++
13 files changed, 46 insertions(+), 24 deletions(-)
commit 06fb3ecbe87b511a03997fb5b0e25e407c939192
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-04
Ignore files built during release process
.gitignore | 2 ++
1 file changed, 2 insertions(+)
commit 7e0f823019c004f5849e0dffb42db96dbdafc8d4
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-04
Release version 0.2
* And fix some build warnings
NEWS | 9 +++++++++
configure.ac | 2 +-
library/adconn.c | 2 +-
tools/adcli.c | 2 +-
4 files changed, 12 insertions(+), 3 deletions(-)
commit 3779c40fc7e9c0fb23f2058ac32421ce65841b56
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-03
Fix erroneous argument number check in preset command
tools/adcli.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 5784dc52c6f042a1c8b343b0d1cf6fac651e699a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-03
Return the correct exit codes
* On failure we return the positive values of the result
codes in adutil.h
tools/adcli.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit a2887aae0b7dc0361e6a045abf96d2e526f3caba
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-03
Load the credential cache provided with --login-ccache
* We do this so that we can use the ccache when changing the
computer password during a one-time-password or automatic join.
* This also lets us provide more intelligable error messages
library/adconn.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
commit ad44e157514dff1a0726e72863e9ef9ab6e1ed58
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-03
Implement the --show-details join option
* This prints out domain details in a machine parseable format
tools/adcli.c | 60 +++++++++++++++++++++++++++++++++++------------------------
1 file changed, 36 insertions(+), 24 deletions(-)
commit b1790c04da4c26e21baa743cc0c7ffb07e2e4aac
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-03
Add support for retrieving the short (ie: netbios) domain name
library/adconn.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
library/adconn.h | 2 ++
2 files changed, 48 insertions(+), 2 deletions(-)
commit 850c74548fe42d69bc5700e4d38d42af617764af
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-03
Rename --login-name to the more common --user argument
tools/adcli.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
commit d1520504e9a5178eec9c571a8e754c108f1bdfb7
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Cleanup some of the usage/error output to be clearer
tools/adcli.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 57c1cd21720235b3913dd496020353014f125532
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Add --one-time-password to the 'preset' command
* Instead of using the default computer account password specify
a preset password to use.
tools/adcli.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
commit a71048282117d3e0fc6192c3f04a4fa1087f7e5b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Make sure long options don't conflict with short
tools/adcli.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bd5a950f26b56e48e8354510ba12eaa8b718f50b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Print info messages when setting/changing computer account password
library/adenroll.c | 2 ++
1 file changed, 2 insertions(+)
commit e6c9d7480149aa01932e3e9c0ca08d7ce0c6a149
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Implement various ways to prompt/read login or computer password
* --no-password does not prompt
* --promt-password (default) prompts as expected
* --stdin-password reads the password from stdin
library/adconn.c | 69 ++++++++++++++++++----------
library/adconn.h | 4 +-
tools/adcli.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++----
3 files changed, 174 insertions(+), 33 deletions(-)
commit 712d0fcde8c471464ebb91a3d57443fecbf9cf4b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Specify domain in --domain parameter
* We default to domain calculated from host name
* This allows cleaner syntax for 'preset' command, and
future 'leave' command
tools/adcli.c | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
commit 23e5b9ed6f8231c3e551c4c24ea73832c9d5233d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-31
Cleanup option parsing
* Some options have no short equivalent
* Print intelligent usage based on commands
tools/Makefile.am | 6 +
tools/adcli.c | 380 +++++++++++++++++++++++++++++++++++++++---------------
2 files changed, 285 insertions(+), 101 deletions(-)
commit 05a1cd35665de91d4e2e62188efd09235b8098bc
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-23
Update project URLs
Makefile.am | 2 +-
configure.ac | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit c9747db817e8796ffb927ffc1583d0b75886417d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-15
Release version 0.1
.gitignore | 1 +
NEWS | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
commit 02f2ca343e04b9f319ffe3d681ec6c9f46e4d97f
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-09
Don't print '(null)' when using default domain
tools/adcli.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 8200a052fd5a13c3a3df2b23cc912e70396d0eb4
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-09
Fix memory leak when setting password fails
library/adenroll.c | 34 ++++++++++++++++++++++++++++------
1 file changed, 28 insertions(+), 6 deletions(-)
commit bc6c1ea1970cac227e6892419e0bdabe60b487ef
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-09
Fix parsing of principals when no default realm is set
library/adconn.c | 8 +++++++-
library/adenroll.c | 17 ++++++-----------
library/adkrb5.c | 2 +-
3 files changed, 14 insertions(+), 13 deletions(-)
commit 8241b3c493c5914665413ea92b82b07693a3c77a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-09
Print a better error message if can't create krb5 context
library/adconn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit ee239e62c91b31e0b8889fa3b6608c958180fbf8
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-21
Fix memory leak of attributes
library/adenroll.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit e49d523a50a30dec54959d8defc156185e723368
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-21
Set the dNSHostName and servicePrincipalName attributes separately
* And ignore failures setting these attributes
library/adenroll.c | 109 ++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 87 insertions(+), 22 deletions(-)
commit 1d5301ed61993b40e49ab27e671a1f82456984e4
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-21
Fix regression of prompting for passwords during join
tools/adcli.c | 1 +
1 file changed, 1 insertion(+)
commit 4b7c7530d2884792abe90c7514cdb19d68a4aaa1
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-21
Fix regression, and crash on NULL keytab, during join
library/adenroll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 48bd64594a4b46a6ac88f147b3ebb6ed9a48f0ee
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-21
Set msDS-supportedEncryptionTypes correctly
* Tell AD about the enctypes we have in our keytab. Either the defaults
or the ones the caller requests.
* This is done by setting the msDS-supportedEncryptionTypes attribute.
* If caller has not explicitly requested certain enctypes try to respect
a msDS-supportedEncryptionTypes attribute already present on the
computer account.
library/adenroll.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++---
library/adkrb5.c | 79 +++++++++++++++++++++++++++++++++++++++++++++
library/adprivate.h | 4 +++
3 files changed, 170 insertions(+), 5 deletions(-)
commit b4c5bc9fdd259eeff4d25eccc1a53d7814065c37
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-21
Fix warning due to constness
library/adconn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 100b8f4ad6ac8e92daf2b0ce2e429ac0f350f817
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-20
Fix warning, add const cast
library/adconn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1cfa291ca5174cc81f624ae23eb211f9512a42e9
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-20
Clearer messages when setting password fails
library/adenroll.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit d4470cb82ae7ca1e454a673b25e576ffb8971477
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-20
If there are no attributes to update, then don't ldap_modify
library/adenroll.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit b94db022b51410ca2975f8ec906487048f861be8
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-20
Use the enroll domain name for calculating the enroll computer name
* Rather than the connection computer name, which may just be the
one that is used for authentication
library/adenroll.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
commit 3ed0a52f3639a12de967be8b91186fbe22c0ab72
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-20
Use kerberos password change/set functions for managing computer password
library/adconn.c | 163 +++++++++++++++++++++++++++----------------
library/adenroll.c | 194 +++++++++++++++++++++++++++++++++++++++-------------
library/adkrb5.c | 20 ++++++
library/adprivate.h | 15 ++++
tools/adcli.c | 1 +
5 files changed, 284 insertions(+), 109 deletions(-)
commit 773b39b507361c8eafa1c309d27f6b2d6e8790a9
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-20
Support authentication with computer accounts
* Rename user credentials related methods and variables appropriately
* Use term 'computer name' for the local netbios name
* Add ability to discover domain info without connecting
* Add ability to calculate enroll info without enrolling
* Remove one-time-password code we added a few commits ago, and instead
use the default/reset computer password
library/adconn.c | 332 +++++++++++++++++++++++++++++++++--------
library/adconn.h | 33 ++++-
library/adenroll.c | 414 +++++++++++++++++++++++++++-------------------------
library/adenroll.h | 26 ++--
library/adldap.c | 28 ++++
library/adprivate.h | 8 +
library/adutil.c | 22 +++
tools/adcli.c | 47 +++---
8 files changed, 604 insertions(+), 306 deletions(-)
commit 8a3cede4965074e0b5412752027dfa723aad872a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-18
Rename 'admin' parameters to 'login'
So that in the future they can represent host credentials or other
login creds
library/adconn.c | 92 +++++++++++++++++++++++++++---------------------------
library/adconn.h | 14 ++++-----
library/adenroll.c | 7 +++--
tools/adcli.c | 10 +++---
4 files changed, 62 insertions(+), 61 deletions(-)
commit c1154baf81e8d23d0daa8ce28d5d86173c17066c
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
In adcli print out the last error message, instead of generic message
library/adconn.c | 44 +++++++++++++++++++++++++++++++++-----------
library/adconn.h | 4 ++++
library/adenroll.c | 3 +++
tools/adcli.c | 6 +++---
4 files changed, 43 insertions(+), 14 deletions(-)
commit a769d3905866516379ecf4c3f719f9030c8d2bb8
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Don't automatically overwrite computer accounts during prejoin
library/adenroll.c | 17 ++++++++++++-----
library/adenroll.h | 1 +
tools/adcli.c | 12 +++++++++---
3 files changed, 22 insertions(+), 8 deletions(-)
commit 9e44a2f3460aa878e6327765a97ddcdccb6aacd7
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Only print out one time password if it was generated
tools/adcli.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit 8315c76f31a7568acb38cf8c9e6eb65a23d9f877
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Print out computer account names clearly when prejoining
tools/adcli.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit e824aaa708df20727a035b56e7702e6ec168e373
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Use simpler passwords for one time passwords
* Only consist of isalpha() and isdigit() characters and
60 characters long
library/adenroll.c | 90 ++++++++++++++++++++++++++++++++++++++----------------
library/adenroll.h | 7 +++++
tools/adcli.c | 16 +++++-----
3 files changed, 79 insertions(+), 34 deletions(-)
commit eacda3bef90193a08e1d6c983a8a083a4d7b69fb
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Rename ad-enroll to adcli and add prejoin support
.gitignore | 1 +
tools/Makefile.am | 4 +-
tools/ad-enroll.c | 190 -------------------------------
tools/adcli.c | 327 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 330 insertions(+), 192 deletions(-)
commit d4c4b4bd69540998073457b948c479fb8a8aab58
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Add option to enroll without setting up a keytab
library/adenroll.c | 6 +++++-
library/adenroll.h | 7 ++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
commit 25a7306e71483bd46a0045ebb117da4feed28feb
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Clear all state not explicitly set
* This makes it simpler to use a single adcli_enroll structure
for multiple enrolls, like we want to do for prejoins.
library/adenroll.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 47 insertions(+), 4 deletions(-)
commit 3f98a383c283c5410fe2cb2065dcda7b7366373a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
Correctly null terminate passwords explicitly set
* This works around a bug in some krb5 versions
* And support using -1 as the length argument
library/adenroll.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit cbf0fc117f762b28cad50ba8b6f1061b36921b0a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-19
adcli_enroll_get_host_password() returns const
library/adenroll.c | 2 +-
library/adenroll.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit e7f7a1d5372be7bb589a6899dee0462774bf453f
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-04
Fix use of uninitialized variables
library/adldap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 697f60c5c4cd9148012375d67f15efff67183bfd
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-04
Commit empty m4 directory to git
.gitignore | 2 +-
m4/.gitignore | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
commit 179eee900ea00af6009820de4ff697adeb78ecd8
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-31
Classify errors correctly when cannot authenticate as admin
* This might be the first time we're 'hitting' the server
* Some errors signify directory problems, others credential problems.
library/adconn.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
commit a3174b32fb22198ced8815a90f12aaa74fa8745d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-31
Better message when kerberos authenication fails
library/adconn.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 0a59caa653b126494e823459ef02fd2d314e1f0d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-31
Remove unnecessary optimizations
* These code paths are rarely used, and the code functions
without these equality checks, since we dup before free
library/adconn.c | 3 ---
library/adenroll.c | 13 -------------
library/adutil.c | 6 ------
3 files changed, 22 deletions(-)
commit a101e0ff822aae3e1670ea8bd87eb33657058d0e
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-25
Add more diagnostics to enrollment process
library/adenroll.c | 43 +++++++++++++++++++++++++++++++++----------
1 file changed, 33 insertions(+), 10 deletions(-)
commit 74457dc32bdab1e0d338cd7f30294e5ac4135af3
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-25
Add support for specifying the domain server explicitly
* Also detect which server was connected to
library/adconn.c | 40 ++++++++++++++++++++++++++++++++++++++++
library/adconn.h | 5 +++++
tools/ad-enroll.c | 9 +++++++--
3 files changed, 52 insertions(+), 2 deletions(-)
commit 833c0493ff598915da4203f9b4670e1ab2f13ca6
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-25
Setup the host account password to not expire
library/adenroll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 0fc3076de10e15cdca4f18c98375eac864cd3db7
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-25
Correctly determine which salt to use for keytab
library/Makefile.am | 1 +
library/adenroll.c | 214 ++++++++++++++++++++++++-------------------
library/adkrb5.c | 257 ++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adprivate.h | 40 ++++++++
4 files changed, 418 insertions(+), 94 deletions(-)
commit 66b8683b73e3f8a2d63257bf3f6fdb8ea78386b4
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-24
Return correct error codes when admin account doesn't have right perms
* We fudge it a bit when creating the computer account as it's
tough to get AD to return a good error code here.
library/adenroll.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
commit 7d80d041b17514ea18f7a0ad894a1694c87d05cf
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-24
Implement writing to the keytab
library/adenroll.c | 408 +++++++++++++++++++++++++++++++++++++++++++++++++----
library/adenroll.h | 16 ++-
tools/ad-enroll.c | 11 +-
3 files changed, 400 insertions(+), 35 deletions(-)
commit 0c688c93a8c8f0a06f67c97208595e53d038d254
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-24
Retrieve the kvno from the computer account
library/adenroll.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
library/adenroll.h | 5 +++
tools/ad-enroll.c | 1 +
3 files changed, 101 insertions(+), 1 deletion(-)
commit 66fb648c6f6b6deb13c16e2cf239fdc96821b74f
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-24
Correctly format the unicodePwd sent to AD
library/adenroll.c | 62 ++++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 46 insertions(+), 16 deletions(-)
commit 9417898a425736d92f93f81e8f5dfe7ed9737db3
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-24
Ask for an SSF from ldap bind that signifies encryption
library/adconn.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 9680b3f9a7f07567c3f6b7d7a6685adb33cfa9e1
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-24
Refactor DNS and LDAP support code into separate files
* DNS SRV stuff into getsrvinfo.c and getsrvinfo.h
* LDAP helpers into adldap.c
library/Makefile.am | 3 +-
library/adconn.c | 29 +----
library/adldap.c | 203 +++++++++++++++++++++++++++++++++++
library/adprivate.h | 15 ---
library/adutil.c | 140 ------------------------
library/{addnssrv.c => getsrvinfo.c} | 1 +
library/getsrvinfo.h | 42 ++++++++
7 files changed, 249 insertions(+), 184 deletions(-)
commit 2581fcc87bafe8ff026b543a5774a33779a373e2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-14
Add a HACKING document explaining a few things
HACKING | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
commit 6919d5173a4f105333a23f42bc3c85746ce00871
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-14
Update the license to LGPL 2.1 and add headers to files
COPYING | 218 ++++++++++++++++++++++++++++------------------------
library/adcli.h | 22 ++++++
library/adconn.c | 22 ++++++
library/adconn.h | 22 ++++++
library/addnssrv.c | 22 ++++++
library/adenroll.c | 22 ++++++
library/adenroll.h | 22 ++++++
library/adprivate.h | 22 ++++++
library/adutil.c | 22 ++++++
library/adutil.h | 22 ++++++
10 files changed, 317 insertions(+), 99 deletions(-)
commit a87c8c776c27b64eade210e388b805bf891d32fc
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-14
Rename to adcli
.gitignore | 2 +-
Makefile.am | 2 +-
README | 4 ++--
configure.ac | 8 ++++----
library/Makefile.am | 4 ++--
library/{libadcli-1.pc.in => adcli-1.pc.in} | 0
6 files changed, 10 insertions(+), 10 deletions(-)
commit d8983ad461db0d09a36f54e462dcb13dd06dd274
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Implemented adding/modifying computer accounts
* Currently get a WILL_NOT_PERFORM from server so this needs further
modification
library/adconn.c | 23 +---
library/adenroll.c | 322 ++++++++++++++++++++++++++++++++++++++++++++++++++--
library/adenroll.h | 13 +++
library/adprivate.h | 14 ++-
library/adutil.c | 93 ++++++++++++++-
tools/ad-enroll.c | 4 +
6 files changed, 437 insertions(+), 32 deletions(-)
commit 2edc904881c9c96f04cf9dc46f78f56005ce6395
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Lookup computer account and generate host password
library/adconn.c | 64 ++--------
library/adconn.h | 2 +
library/addnssrv.c | 2 +-
library/adenroll.c | 329 +++++++++++++++++++++++++++++++++++++---------------
library/adenroll.h | 43 ++++---
library/adprivate.h | 7 ++
library/adutil.c | 99 ++++++++++++++++
tools/ad-enroll.c | 6 +-
8 files changed, 387 insertions(+), 165 deletions(-)
commit 3c4d9d7f7c216cc1f3f9a74e2c93e6f91a3a95a2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Error code cleanup
* Cleanup the error codes so they are more actionable.
library/adconn.c | 44 +++++++++++++++++++++++++++-----------------
library/addnssrv.c | 5 +++--
library/adenroll.c | 12 ++++++------
library/adutil.c | 16 +++++++++-------
library/adutil.h | 41 ++++++++++++++++++++++++++++++++++++++---
5 files changed, 83 insertions(+), 35 deletions(-)
commit 47c47330e7c37a3be738e48ab1b3c39fee21c330
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Use preconditions instead of propogating insane state
* Don't propogate memory errors, use preconditions instead
* These allow the process to keep functioning in the face of broken
calls or a broken system, but without guarantees like lack
of memory leaks or completely expected behavior.
* Sort of like a kernel non-fatal oops
library/adconn.c | 235 +++++++++++++++++++++++++---------------------------
library/adconn.h | 20 ++---
library/addnssrv.c | 9 +-
library/adenroll.c | 48 ++++++-----
library/adenroll.h | 6 +-
library/adprivate.h | 92 ++++++++++++++------
library/adutil.c | 82 ++++++++----------
library/adutil.h | 3 +-
tools/ad-enroll.c | 19 ++---
9 files changed, 268 insertions(+), 246 deletions(-)
commit f6d79ec882cc8df7c68a5295e66d9d0545833223
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Validate the computer OU
library/adenroll.c | 69 +++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 53 insertions(+), 16 deletions(-)
commit febe9767cc4c06eadf0b974c98942dc7a8356feb
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Lookup or validate the computer OU
library/adconn.c | 92 +++++++++++++++++++++++--------
library/adconn.h | 3 +
library/adenroll.c | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++-
library/adenroll.h | 5 ++
library/adprivate.h | 17 +++++-
tools/ad-enroll.c | 9 ++-
6 files changed, 255 insertions(+), 27 deletions(-)
commit 08512ced8a3c66ac65f1d6c6f0c916616a7692cf
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Lookup the naming context for AD
* And differentiate between connection and authentication problems
library/adconn.c | 211 ++++++++++++++++++++++++++++++++++++++--------------
library/adconn.h | 2 +
library/adenroll.c | 2 -
library/adprivate.h | 3 +
library/adutil.c | 15 ++++
tools/ad-enroll.c | 7 +-
6 files changed, 179 insertions(+), 61 deletions(-)
commit 349635595606341f55f96ec74c5946d2137f71b2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Refactor connecting and enrolling separately.
library/Makefile.am | 8 +-
library/adcli.h | 28 +-
library/adconn.c | 853 ++++++++++++++++++++++++++++++++++++++++++
library/adconn.h | 78 ++++
library/adenroll.c | 846 ++++-------------------------------------
library/adenroll.h | 63 +---
library/adprivate.h | 25 +-
library/{adcli.c => adutil.c} | 49 ++-
library/adutil.h | 22 ++
tools/ad-enroll.c | 45 ++-
10 files changed, 1113 insertions(+), 904 deletions(-)
commit 5d2a95ce2c565eaa6b88bb08a7b889555cc3cacc
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-11
Connect to LDAP and authenticate using GSSAPI
configure.ac | 4 +-
library/adcli.c | 2 +
library/adcli.h | 1 +
library/adenroll.c | 224 ++++++++++++++++++++++++++++++++++++++++-------------
library/adenroll.h | 3 -
tools/ad-enroll.c | 5 +-
6 files changed, 179 insertions(+), 60 deletions(-)
commit 61f0b419c7c612543d8cbb104c82111ffe672e6a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-10
Implement kinit and credential functionality
library/adcli.c | 5 +-
library/adcli.h | 9 +-
library/adenroll.c | 325 ++++++++++++++++++++++++++++++++++++++++++++++++----
library/adenroll.h | 71 ++++++++----
library/adprivate.h | 1 +
tools/ad-enroll.c | 81 ++++++++++---
6 files changed, 428 insertions(+), 64 deletions(-)
commit 17df6535ed8faa55a5599b4a7b55d986eac83d1b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-10
Discover realms and ldap urls
configure.ac | 5 +-
library/Makefile.am | 2 +
library/adcli.c | 121 +++++++++++++++++++++++++++
library/addnssrv.c | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++
library/adenroll.c | 193 ++++++++++++++++++++++++++++++++++++++++---
library/adenroll.h | 13 +++
library/adprivate.h | 31 +++++++
tools/ad-enroll.c | 17 +++-
8 files changed, 601 insertions(+), 15 deletions(-)
commit 6d5e074c271a300daa46a15a1cf638f306ff3d28
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-10
Complete lots of infrastructure
* Add some basic arguments
* Resolve host fqdn, calculate domain name and netbios name
.gitignore | 5 +-
Makefile.am | 14 +-
Makefile.decl | 14 ++
autogen.sh | 13 --
configure.ac | 27 +--
library/Makefile.am | 22 ++-
library/adcli.c | 42 +++++
library/adcli.h | 25 +++
library/adenroll.c | 353 +++++++++++++++++++++++++++++++++++++
library/adenroll.h | 31 ++++
library/adprivate.h | 18 ++
library/libadcli-1.pc.in | 2 +-
po/Makefile.in.in | 444 -----------------------------------------------
po/POTFILES.in | 1 -
po/Rules-quot | 47 -----
po/boldquot.sed | 10 --
po/en@boldquot.header | 25 ---
po/en@quot.header | 22 ---
po/insert-header.sin | 23 ---
po/quot.sed | 6 -
po/remove-potcdate.sin | 19 --
tools/Makefile.am | 16 ++
tools/ad-enroll.c | 102 +++++++++++
23 files changed, 641 insertions(+), 640 deletions(-)
commit 64b1f6b692f9a69433c7458f8bc09bcae80c8821
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-09
Initial commit
.gitignore | 41 ++++
AUTHORS | 1 +
COPYING | 482 +++++++++++++++++++++++++++++++++++++++++++++++
ChangeLog | 31 +++
Makefile.am | 47 +++++
NEWS | 2 +
README | 4 +
autogen.sh | 32 ++++
configure.ac | 256 +++++++++++++++++++++++++
doc/version.xml.in | 1 +
library/Makefile.am | 32 ++++
library/adenroll.c | 0
library/libadcli-1.pc.in | 13 ++
po/Makefile.in.in | 444 +++++++++++++++++++++++++++++++++++++++++++
po/POTFILES.in | 1 +
po/Rules-quot | 47 +++++
po/boldquot.sed | 10 +
po/en@boldquot.header | 25 +++
po/en@quot.header | 22 +++
po/insert-header.sin | 23 +++
po/quot.sed | 6 +
po/remove-potcdate.sin | 19 ++
22 files changed, 1539 insertions(+)
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell