Compare commits
2 Commits
352aaa9d3b
...
8db6342224
Author | SHA1 | Date |
---|---|---|
Sumit Bose | 8db6342224 | |
Sumit Bose | 85a962c524 |
|
@ -7,3 +7,4 @@
|
|||
/realmd-0.16.2.tar.gz
|
||||
/realmd-0.16.3.tar.gz
|
||||
/realmd-0.17.0.tar.gz
|
||||
/realmd-0.17.1.tar.gz
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
681f7f532daa62a08f2f2d6c9d4a1a04c4c793a3 realmd-0.17.1.tar.gz
|
|
@ -1,61 +0,0 @@
|
|||
From 4ef597d15df246f4121266aaf3e291e3f06f6f4a Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 10 Mar 2021 17:57:07 +0100
|
||||
Subject: [PATCH 1/2] build: add --with-vendor-error-message configure option
|
||||
|
||||
With the new configure option --with-vendor-error-message a packager or
|
||||
a distribution can add a message if realmd returns with an error.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889386
|
||||
---
|
||||
configure.ac | 15 +++++++++++++++
|
||||
tools/realm.c | 7 +++++++
|
||||
2 files changed, 22 insertions(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index ee067d9..05ec1bf 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -51,6 +51,21 @@ fi
|
||||
|
||||
AC_SUBST(DISTRO)
|
||||
|
||||
+# -----------------------------------------------------------------------------
|
||||
+# Vendor error message
|
||||
+
|
||||
+AC_ARG_WITH([vendor-error-message],
|
||||
+ [AS_HELP_STRING([--with-vendor-error-message=ARG],
|
||||
+ [Add a vendor specific error message shown if a realm command fails]
|
||||
+ )],
|
||||
+ [AS_IF([test "x$withval" != "x"],
|
||||
+ [AC_DEFINE_UNQUOTED([VENDOR_MSG],
|
||||
+ ["$withval"],
|
||||
+ [Vendor specific error message])],
|
||||
+ [AC_MSG_ERROR([--with-vendor-error-message requires an argument])]
|
||||
+ )],
|
||||
+ [])
|
||||
+
|
||||
# -----------------------------------------------------------------------------
|
||||
# Basic tools
|
||||
|
||||
diff --git a/tools/realm.c b/tools/realm.c
|
||||
index 1530f09..8fdca16 100644
|
||||
--- a/tools/realm.c
|
||||
+++ b/tools/realm.c
|
||||
@@ -287,6 +287,13 @@ main (int argc,
|
||||
ret = (realm_commands[i].function) (client, argc, argv);
|
||||
g_object_unref (client);
|
||||
|
||||
+#ifdef VENDOR_MSG
|
||||
+ if (ret != 0) {
|
||||
+ g_printerr (VENDOR_MSG"\n");
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
break;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From 05100771ea6bd775caae705bb53f76a0816f3b81 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 11 May 2021 11:13:06 +0200
|
||||
Subject: [PATCH] doc: add computer-name to realm man page
|
||||
|
||||
---
|
||||
doc/manual/realm.xml | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml
|
||||
index 9160a8a..b4dc27c 100644
|
||||
--- a/doc/manual/realm.xml
|
||||
+++ b/doc/manual/realm.xml
|
||||
@@ -222,6 +222,19 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com
|
||||
supported for all realms. By default the membership software
|
||||
is automatically selected.</para></listitem>
|
||||
</varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <term><option>--computer-name=xxx</option></term>
|
||||
+ <listitem>
|
||||
+ <para>This option only applies to Active
|
||||
+ Directory realms. Specify this option to
|
||||
+ override the default name used when creating
|
||||
+ the computer account. The system's FQDN will
|
||||
+ still be saved in the dNSHostName attribute.</para>
|
||||
+ <para>Specify the name as a string of 15 or
|
||||
+ fewer characters that is a valid NetBIOS
|
||||
+ computer name.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>--no-password</option></term>
|
||||
<listitem><para>Perform the join automatically without
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
From 370bf84857d5674a092f46fa5932a0c92ad5bbf5 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 24 Nov 2021 17:25:18 +0100
|
||||
Subject: [PATCH] ldap: add socket timeout
|
||||
|
||||
During the discovery phase realmd tries to open LDAP connections to
|
||||
multiple DC addresses returned by DNS. When cleaning up we have to call
|
||||
ldap_destroy() to release the resources allocated for the LDAP context.
|
||||
ldap_destroy() tries to send a LDAP unbind request independent of the
|
||||
connection state. If the related address is block by a firewall or a not
|
||||
properly routed IPv6 address there might be no reply on the TCP level
|
||||
and the request might be stuck for quite some tome in the kernel.
|
||||
|
||||
To avoid the unexpected long delays will block realmd this patch lowers
|
||||
the timeout considerably to 5s. As multiple other timeouts this value is
|
||||
currently hardcoded.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1817869
|
||||
---
|
||||
service/realm-ldap.c | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/service/realm-ldap.c b/service/realm-ldap.c
|
||||
index bdfb96c..f7b6d13 100644
|
||||
--- a/service/realm-ldap.c
|
||||
+++ b/service/realm-ldap.c
|
||||
@@ -22,6 +22,7 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
+#include <netinet/tcp.h>
|
||||
|
||||
#include <errno.h>
|
||||
|
||||
@@ -179,6 +180,7 @@ static GSourceFuncs socket_source_funcs = {
|
||||
|
||||
/* Not included in ldap.h but documented */
|
||||
int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp);
|
||||
+#define LDAP_SOCKET_TIMEOUT 5
|
||||
|
||||
GSource *
|
||||
realm_ldap_connect_anonymous (GSocketAddress *address,
|
||||
@@ -202,6 +204,8 @@ realm_ldap_connect_anonymous (GSocketAddress *address,
|
||||
int opt_rc;
|
||||
int ldap_opt_val;
|
||||
const char *errmsg = NULL;
|
||||
+ struct timeval tv = {LDAP_SOCKET_TIMEOUT, 0};
|
||||
+ unsigned int milli = LDAP_SOCKET_TIMEOUT * 1000;
|
||||
|
||||
g_return_val_if_fail (G_IS_INET_SOCKET_ADDRESS (address), NULL);
|
||||
|
||||
@@ -244,6 +248,23 @@ realm_ldap_connect_anonymous (GSocketAddress *address,
|
||||
if (!g_unix_set_fd_nonblocking (ls->sock, FALSE, NULL))
|
||||
g_warning ("couldn't set to blocking");
|
||||
|
||||
+ /* Lower the kernel defaults which might be minutes to hours */
|
||||
+ rc = setsockopt (ls->sock, SOL_SOCKET, SO_RCVTIMEO,
|
||||
+ &tv, sizeof (tv));
|
||||
+ if (rc != 0) {
|
||||
+ g_warning ("couldn't set SO_RCVTIMEO");
|
||||
+ }
|
||||
+ rc = setsockopt (ls->sock, SOL_SOCKET, SO_SNDTIMEO,
|
||||
+ &tv, sizeof (tv));
|
||||
+ if (rc != 0) {
|
||||
+ g_warning ("couldn't set SO_SNDTIMEO");
|
||||
+ }
|
||||
+ rc = setsockopt (ls->sock, IPPROTO_TCP, TCP_USER_TIMEOUT,
|
||||
+ &milli, sizeof (milli));
|
||||
+ if (rc != 0) {
|
||||
+ g_warning ("couldn't set TCP_USER_TIMEOUT");
|
||||
+ }
|
||||
+
|
||||
if (family == G_SOCKET_FAMILY_IPV4) {
|
||||
url = g_strdup_printf ("%s://%s:%d",
|
||||
use_ldaps ? "ldaps" : "ldap",
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,128 +0,0 @@
|
|||
From 68f73b78a34299ee37dd06e2ab3ede8985fa277b Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 14 Dec 2021 15:32:32 +0100
|
||||
Subject: [PATCH] samba: use new Samba-4.15 command line options
|
||||
|
||||
Samba-4.15 changed a couple of command line options of the net utility.
|
||||
This patch adds a configure option to select the new or the old style.
|
||||
If the option is not used configure tries to call the net utility to
|
||||
check for the options. If this fails the old style is used.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2028530
|
||||
---
|
||||
configure.ac | 34 ++++++++++++++++++++++++++++++++++
|
||||
service/realm-samba-enroll.c | 18 +++++++++++++-----
|
||||
2 files changed, 47 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index ea51f92..ddc25d0 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -227,6 +227,40 @@ LDAP_CFLAGS=""
|
||||
AC_SUBST(LDAP_LIBS)
|
||||
AC_SUBST(LDAP_CFLAGS)
|
||||
|
||||
+# -------------------------------------------------------------------
|
||||
+# Samba
|
||||
+
|
||||
+AC_ARG_WITH(new-samba-cli-options,
|
||||
+ AS_HELP_STRING([--with-new-samba-cli-options=yes/no],
|
||||
+ [Use new command line options introduced with Samba-4.15,
|
||||
+ if not provided the output of 'net help' is checked or old
|
||||
+ style options are used]))
|
||||
+
|
||||
+if test "$with_new_samba_cli_options" = "no"; then
|
||||
+ AC_MSG_RESULT([Using old Samba command line options])
|
||||
+elif test "$with_new_samba_cli_options" = "yes"; then
|
||||
+ AC_DEFINE_UNQUOTED(WITH_NEW_SAMBA_CLI_OPTS, 1,
|
||||
+ [Use new command line options introduced with Samba-4.15])
|
||||
+ AC_MSG_RESULT([Using new Samba command line options])
|
||||
+else
|
||||
+ AC_PATH_PROG([SAMBA_NET], [net])
|
||||
+ if test ! -x "$SAMBA_NET"; then
|
||||
+ AC_MSG_NOTICE([Could not find Samba's net utility, ]
|
||||
+ [assuming old style command line options, ]
|
||||
+ [please install the net utility for proper detection.])
|
||||
+ else
|
||||
+ AC_MSG_CHECKING([for --debug-stdout option of net])
|
||||
+ if AC_RUN_LOG([$SAMBA_NET help 2>&1 |grep -- '--debug-stdout' > /dev/null]); then
|
||||
+ AC_DEFINE_UNQUOTED(WITH_NEW_SAMBA_CLI_OPTS, 1,
|
||||
+ [Use new command line options introduced with Samba-4.15])
|
||||
+ AC_MSG_RESULT([yes])
|
||||
+ else
|
||||
+ AC_MSG_RESULT([no])
|
||||
+ fi
|
||||
+ fi
|
||||
+fi
|
||||
+
|
||||
+
|
||||
# -------------------------------------------------------------------
|
||||
# Directories
|
||||
|
||||
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
|
||||
index 5624a08..8b2ee38 100644
|
||||
--- a/service/realm-samba-enroll.c
|
||||
+++ b/service/realm-samba-enroll.c
|
||||
@@ -37,6 +37,14 @@
|
||||
#include <sys/socket.h>
|
||||
#include <netdb.h>
|
||||
|
||||
+#ifdef WITH_NEW_SAMBA_CLI_OPTS
|
||||
+#define SMBCLI_KERBEROS "--use-kerberos=required"
|
||||
+#define SMBCLI_CONF "--configfile"
|
||||
+#else
|
||||
+#define SMBCLI_KERBEROS "-k"
|
||||
+#define SMBCLI_CONF "-s"
|
||||
+#endif
|
||||
+
|
||||
typedef struct {
|
||||
GDBusMethodInvocation *invocation;
|
||||
gchar *join_args[8];
|
||||
@@ -260,7 +268,7 @@ begin_net_process (JoinClosure *join,
|
||||
/* Use our custom smb.conf */
|
||||
g_ptr_array_add (args, (gpointer)realm_settings_path ("net"));
|
||||
if (join->custom_smb_conf) {
|
||||
- g_ptr_array_add (args, "-s");
|
||||
+ g_ptr_array_add (args, SMBCLI_CONF);
|
||||
g_ptr_array_add (args, join->custom_smb_conf);
|
||||
}
|
||||
|
||||
@@ -370,7 +378,7 @@ on_join_do_keytab (GObject *source,
|
||||
} else {
|
||||
begin_net_process (join, NULL,
|
||||
on_keytab_do_finish, g_object_ref (task),
|
||||
- "-k", "ads", "keytab", "create", NULL);
|
||||
+ SMBCLI_KERBEROS, "ads", "keytab", "create", NULL);
|
||||
}
|
||||
|
||||
g_object_unref (task);
|
||||
@@ -428,7 +436,7 @@ begin_join (GTask *task,
|
||||
begin_net_process (join, join->password_input,
|
||||
on_join_do_keytab, g_object_ref (task),
|
||||
"-U", join->user_name,
|
||||
- "-k", "ads", "join", join->disco->domain_name,
|
||||
+ SMBCLI_KERBEROS, "ads", "join", join->disco->domain_name,
|
||||
join->join_args[0], join->join_args[1],
|
||||
join->join_args[2], join->join_args[3],
|
||||
join->join_args[4], NULL);
|
||||
@@ -437,7 +445,7 @@ begin_join (GTask *task,
|
||||
} else {
|
||||
begin_net_process (join, NULL,
|
||||
on_join_do_keytab, g_object_ref (task),
|
||||
- "-k", "ads", "join", join->disco->domain_name,
|
||||
+ SMBCLI_KERBEROS, "ads", "join", join->disco->domain_name,
|
||||
join->join_args[0], join->join_args[1],
|
||||
join->join_args[2], join->join_args[3],
|
||||
join->join_args[4], NULL);
|
||||
@@ -543,7 +551,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
|
||||
join->envvar = g_strdup_printf ("KRB5CCNAME=%s", cred->x.ccache.file);
|
||||
begin_net_process (join, NULL,
|
||||
on_leave_complete, g_object_ref (task),
|
||||
- "-k", "ads", "leave", NULL);
|
||||
+ SMBCLI_KERBEROS, "ads", "leave", NULL);
|
||||
break;
|
||||
default:
|
||||
g_return_if_reached ();
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -0,0 +1,74 @@
|
|||
From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 13 Jun 2023 18:02:52 +0200
|
||||
Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option
|
||||
|
||||
realmd checks if the 'ad_server' option is set in sssd.conf before
|
||||
calling adcli to remove the host from the AD server. If set the value is
|
||||
used as value for dcli's '--domain-controller' option. But if multiple
|
||||
names are set in sssd.conf this currently fails because the whole string
|
||||
is used.
|
||||
|
||||
With this patch the 'ad_server' option is properly evaluated and only
|
||||
the first domain controller name is used.
|
||||
---
|
||||
service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 35 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
|
||||
index 2817e73..096b6c5 100644
|
||||
--- a/service/realm-sssd-ad.c
|
||||
+++ b/service/realm-sssd-ad.c
|
||||
@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm,
|
||||
return g_task_propagate_boolean (G_TASK (result), error);
|
||||
}
|
||||
|
||||
+static gchar *get_ad_server_from_config (RealmKerberos *realm)
|
||||
+{
|
||||
+ RealmSssd *sssd = REALM_SSSD (realm);
|
||||
+ RealmIniConfig *config;
|
||||
+ const gchar *section;
|
||||
+ gchar **servers;
|
||||
+ gchar *tmp;
|
||||
+ size_t c;
|
||||
+ gchar *value = NULL;
|
||||
+
|
||||
+ config = realm_sssd_get_config (sssd);
|
||||
+ section = realm_sssd_get_config_section (sssd);
|
||||
+
|
||||
+ if (section == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ servers = realm_ini_config_get_list (config, section, "ad_server", ",");
|
||||
+ /* Only use the first server defined given in 'ad_server' and ignore
|
||||
+ * '_srv_'. */
|
||||
+ if (servers != NULL) {
|
||||
+ for (c = 0; servers[c] != NULL; c++) {
|
||||
+ tmp = g_strstrip (servers[c]);
|
||||
+ if (strcasecmp ("_srv_", tmp) != 0) {
|
||||
+ value = g_strdup (tmp);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ g_strfreev (servers);
|
||||
+ }
|
||||
+
|
||||
+ return value;
|
||||
+}
|
||||
+
|
||||
static void
|
||||
realm_sssd_ad_discover_myself (RealmKerberos *realm,
|
||||
RealmDisco *disco)
|
||||
@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm,
|
||||
if (section == NULL)
|
||||
return;
|
||||
|
||||
- value = realm_ini_config_get (config, section, "ad_server");
|
||||
+ value = get_ad_server_from_config (realm);
|
||||
g_free (disco->explicit_server);
|
||||
disco->explicit_server = value;
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From 32645f2fc1ddfb2eed7069fd749602619f26ed37 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 19 Feb 2018 11:51:06 +0100
|
||||
Subject: [PATCH] switch to authselect
|
||||
|
||||
---
|
||||
service/realmd-redhat.conf | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
|
||||
index e39fad525c716d1ed99715280cd5d497b9039427..26cf6147f352e1b48c3261fa42707d816428f879 100644
|
||||
--- a/service/realmd-redhat.conf
|
||||
+++ b/service/realmd-redhat.conf
|
||||
@@ -23,15 +23,15 @@ adcli = /usr/sbin/adcli
|
||||
freeipa-client = /usr/sbin/ipa-client-install
|
||||
|
||||
[commands]
|
||||
-winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
|
||||
-winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
|
||||
+winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
|
||||
+winbind-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
|
||||
winbind-enable-service = /usr/bin/systemctl enable winbind.service
|
||||
winbind-disable-service = /usr/bin/systemctl disable winbind.service
|
||||
winbind-restart-service = /usr/bin/systemctl restart winbind.service
|
||||
winbind-stop-service = /usr/bin/systemctl stop winbind.service
|
||||
|
||||
-sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
|
||||
-sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
|
||||
+sssd-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select sssd with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
|
||||
+sssd-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
|
||||
sssd-enable-service = /usr/bin/systemctl enable sssd.service
|
||||
sssd-disable-service = /usr/bin/systemctl disable sssd.service
|
||||
sssd-restart-service = /usr/bin/systemctl restart sssd.service
|
||||
--
|
||||
2.9.3
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
From 720ddd02100ab8592e081aed425c9455b397a462 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Thu, 25 Nov 2021 14:36:10 +0100
|
||||
Subject: [PATCH] syslog: avoid duplicate log messages
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2024248
|
||||
---
|
||||
service/realm-diagnostics.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/service/realm-diagnostics.c b/service/realm-diagnostics.c
|
||||
index 850b2e3..6aa5288 100644
|
||||
--- a/service/realm-diagnostics.c
|
||||
+++ b/service/realm-diagnostics.c
|
||||
@@ -55,12 +55,20 @@ log_syslog_and_debug (GDBusMethodInvocation *invocation,
|
||||
while ((ptr = memchr (at, '\n', length)) != NULL) {
|
||||
*ptr = '\0';
|
||||
if (line_buffer && line_buffer->len > 0) {
|
||||
+#ifdef WITH_JOURNAL
|
||||
+ /* Call realm_daemon_syslog directly to add
|
||||
+ * REALMD_OPERATION to the jounrnal */
|
||||
realm_daemon_syslog (operation, log_level, "%s%s", line_buffer->str, at);
|
||||
+#else
|
||||
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s%s", line_buffer->str, at);
|
||||
+#endif
|
||||
g_string_set_size (line_buffer, 0);
|
||||
} else {
|
||||
+#ifdef WITH_JOURNAL
|
||||
realm_daemon_syslog (operation, log_level, "%s", at);
|
||||
+#else
|
||||
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", at);
|
||||
+#endif
|
||||
}
|
||||
|
||||
*ptr = '\n';
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 10 Jan 2024 09:18:20 +0100
|
||||
Subject: [PATCH] tools: fix ccache handling for leave operation
|
||||
|
||||
krb5_cc_initialize() must be called before anything can be written into
|
||||
a ccache.
|
||||
|
||||
While checking the available credential types the order/preference was
|
||||
not respected.
|
||||
|
||||
Resolves: https://issues.redhat.com/browse/SSSD-6420
|
||||
---
|
||||
tools/realm-client.c | 25 ++++++++++++++++---------
|
||||
1 file changed, 16 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/tools/realm-client.c b/tools/realm-client.c
|
||||
index c386e64..06420ea 100644
|
||||
--- a/tools/realm-client.c
|
||||
+++ b/tools/realm-client.c
|
||||
@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported,
|
||||
GVariantIter iter;
|
||||
const gchar *type;
|
||||
const gchar *owner;
|
||||
-
|
||||
- g_variant_iter_init (&iter, supported);
|
||||
- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
||||
- if (g_strcmp0 (credential_type_1, type) == 0 ||
|
||||
- g_strcmp0 (credential_type_2, type) == 0) {
|
||||
- *ret_owner = owner;
|
||||
- return type;
|
||||
+ const gchar *list[] = {credential_type_1, credential_type_2, NULL};
|
||||
+ size_t c;
|
||||
+
|
||||
+ for (c = 0; list[c] != NULL; c++) {
|
||||
+ g_variant_iter_init (&iter, supported);
|
||||
+ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
||||
+ if (g_strcmp0 (list[c], type) == 0) {
|
||||
+ *ret_owner = owner;
|
||||
+ return type;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5,
|
||||
memset (&mcred, 0, sizeof (mcred));
|
||||
mcred.client = principal;
|
||||
mcred.server = server;
|
||||
- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND;
|
||||
- mcred.times.endtime = mcred.times.starttime;
|
||||
|
||||
code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES,
|
||||
&mcred, &creds);
|
||||
@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
+ code = krb5_cc_initialize (krb5, ccache, creds.client);
|
||||
+ if (code != 0) {
|
||||
+ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
code = krb5_cc_store_cred (krb5, ccache, &creds);
|
||||
krb5_free_cred_contents (krb5, &creds);
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
From cff19e9044e3f389a14fbc5e98366a31107d4a02 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 6 Apr 2021 15:23:54 +0200
|
||||
Subject: [PATCH 2/2] configure: update some macros for autoconf-2.71
|
||||
|
||||
---
|
||||
configure.ac | 15 +++++++--------
|
||||
1 file changed, 7 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 05ec1bf..4dac5a9 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1,4 +1,4 @@
|
||||
-AC_PREREQ(2.63)
|
||||
+AC_PREREQ([2.63])
|
||||
|
||||
AC_INIT([realmd], [0.17.0],
|
||||
[https://gitlab.freedesktop.org/realmd/realmd/-/issues],
|
||||
@@ -69,8 +69,7 @@ AC_ARG_WITH([vendor-error-message],
|
||||
# -----------------------------------------------------------------------------
|
||||
# Basic tools
|
||||
|
||||
-AC_GNU_SOURCE
|
||||
-AC_ISC_POSIX
|
||||
+AC_USE_SYSTEM_EXTENSIONS
|
||||
AC_PROG_CC
|
||||
AC_PROG_CPP
|
||||
AM_PROG_CC_C_O
|
||||
@@ -109,7 +108,7 @@ AC_SUBST(POLKIT_LIBS)
|
||||
|
||||
AC_MSG_CHECKING([systemd unit directory])
|
||||
AC_ARG_WITH(systemd-unit-dir,
|
||||
- AC_HELP_STRING([--with-systemd-unit-dir],
|
||||
+ AS_HELP_STRING([--with-systemd-unit-dir],
|
||||
[Directory to install systemd service file]))
|
||||
|
||||
if test "$with_systemd_unit_dir" = "" -o "$with_systemd_unit_dir" = "yes"; then
|
||||
@@ -136,7 +135,7 @@ AC_SUBST(dbus_systemd_service)
|
||||
AC_MSG_RESULT($with_systemd_unit_dir)
|
||||
|
||||
AC_ARG_WITH(systemd-journal,
|
||||
- AC_HELP_STRING([--with-systemd-journal],
|
||||
+ AS_HELP_STRING([--with-systemd-journal],
|
||||
[Use systemd's journal for logging]))
|
||||
|
||||
if test "$with_systemd_journal" != "no"; then
|
||||
@@ -245,7 +244,7 @@ AC_SUBST(POLKIT_ACTION_DIR)
|
||||
|
||||
AC_MSG_CHECKING([whether to build documentation])
|
||||
AC_ARG_ENABLE(doc,
|
||||
- AC_HELP_STRING([--enable-doc],
|
||||
+ AS_HELP_STRING([--enable-doc],
|
||||
[Disable building documentation])
|
||||
)
|
||||
|
||||
@@ -314,7 +313,7 @@ AC_SUBST(GENHTML)
|
||||
|
||||
AC_MSG_CHECKING([for debug mode])
|
||||
AC_ARG_ENABLE(debug,
|
||||
- AC_HELP_STRING([--enable-debug=no/default/yes],
|
||||
+ AS_HELP_STRING([--enable-debug=no/default/yes],
|
||||
[Turn on or off debugging])
|
||||
)
|
||||
|
||||
@@ -397,7 +396,7 @@ AC_SUBST(TEST_MODE)
|
||||
privatedir='${prefix}/lib/realmd'
|
||||
AC_MSG_CHECKING([private directory])
|
||||
AC_ARG_WITH(private-dir,
|
||||
- AC_HELP_STRING([--with-private-dir=DIR],
|
||||
+ AS_HELP_STRING([--with-private-dir=DIR],
|
||||
[Directory to install realmd system defaults (default: ${prefix}/lib/realmd)]))
|
||||
|
||||
if test -n "$with_private_dir"; then
|
||||
--
|
||||
2.30.2
|
||||
|
|
@ -0,0 +1,88 @@
|
|||
From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 1 Dec 2023 12:14:06 +0100
|
||||
Subject: [PATCH 2/3] service: fix error message when removing host from AD
|
||||
|
||||
If there is an error while trying to remove the host from AD with the
|
||||
help of adcli the error message talks about "joining" which might be
|
||||
irritating when figuring out the reason for the failure. This patch
|
||||
adds a better message when leaving the domain.
|
||||
---
|
||||
service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++-------
|
||||
1 file changed, 27 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
|
||||
index e0d752b..c913987 100644
|
||||
--- a/service/realm-adcli-enroll.c
|
||||
+++ b/service/realm-adcli-enroll.c
|
||||
@@ -25,9 +25,10 @@
|
||||
#include "realm-settings.h"
|
||||
|
||||
static void
|
||||
-on_join_process (GObject *source,
|
||||
- GAsyncResult *result,
|
||||
- gpointer user_data)
|
||||
+on_join_leave_process (GObject *source,
|
||||
+ GAsyncResult *result,
|
||||
+ gpointer user_data,
|
||||
+ gboolean is_join)
|
||||
{
|
||||
GTask *task = G_TASK (user_data);
|
||||
GError *error = NULL;
|
||||
@@ -39,15 +40,18 @@ on_join_process (GObject *source,
|
||||
switch (status) {
|
||||
case 2: /* ADCLI_ERR_UNEXPECTED */
|
||||
g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
|
||||
- "Internal unexpected error joining the domain");
|
||||
+ is_join ? "Internal unexpected error joining the domain"
|
||||
+ : "Internal unexpected error removing host from the domain");
|
||||
break;
|
||||
case 6: /* ADCLI_ERR_CREDENTIALS */
|
||||
g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
|
||||
- "Insufficient permissions to join the domain");
|
||||
+ is_join ? "Insufficient permissions to join the domain"
|
||||
+ : "Insufficient permissions to remove the host from the domain");
|
||||
break;
|
||||
default:
|
||||
g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED,
|
||||
- "Failed to join the domain");
|
||||
+ is_join ? "Failed to join the domain"
|
||||
+ : "Failed to remove the host from the domain");
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -64,6 +68,22 @@ on_join_process (GObject *source,
|
||||
g_object_unref (task);
|
||||
}
|
||||
|
||||
+static void
|
||||
+on_join_process (GObject *source,
|
||||
+ GAsyncResult *result,
|
||||
+ gpointer user_data)
|
||||
+{
|
||||
+ on_join_leave_process (source, result, user_data, TRUE);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+on_leave_process (GObject *source,
|
||||
+ GAsyncResult *result,
|
||||
+ gpointer user_data)
|
||||
+{
|
||||
+ on_join_leave_process (source, result, user_data, FALSE);
|
||||
+}
|
||||
+
|
||||
void
|
||||
realm_adcli_enroll_join_async (RealmDisco *disco,
|
||||
RealmCredential *cred,
|
||||
@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco,
|
||||
g_ptr_array_add (args, NULL);
|
||||
|
||||
realm_command_runv_async ((gchar **)args->pdata, environ, input,
|
||||
- invocation, on_join_process,
|
||||
+ invocation, on_leave_process,
|
||||
g_object_ref (task));
|
||||
|
||||
g_ptr_array_free (args, TRUE);
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 1 Dec 2023 13:07:10 +0100
|
||||
Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page
|
||||
|
||||
---
|
||||
doc/manual/realmd.conf.xml | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
|
||||
index 72b706c..ad17639 100644
|
||||
--- a/doc/manual/realmd.conf.xml
|
||||
+++ b/doc/manual/realmd.conf.xml
|
||||
@@ -110,7 +110,8 @@ default-client = sssd
|
||||
</para>
|
||||
|
||||
<para>Some callers of <command>realmd</command> such as the
|
||||
- <link linkend="realm"><command>realm</command></link>
|
||||
+ <citerefentry><refentrytitle>realm</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry>
|
||||
command line tool allow specifying which client software should
|
||||
be used. Others, such as GNOME Control Center, simplify choose
|
||||
the default.</para>
|
||||
--
|
||||
2.43.0
|
||||
|
50
realmd.spec
50
realmd.spec
|
@ -1,28 +1,20 @@
|
|||
Name: realmd
|
||||
Version: 0.17.0
|
||||
Release: 9%{?dist}
|
||||
Version: 0.17.1
|
||||
Release: 2%{?dist}
|
||||
Summary: Kerberos realm enrollment service
|
||||
License: LGPLv2+
|
||||
License: LGPL-2.1-or-later
|
||||
URL: https://gitlab.freedesktop.org/realmd/realmd
|
||||
Source0: https://gitlab.freedesktop.org/sbose/realmd/uploads/b13a87292762bdad3ecbfe65bbb57211/realmd-%{version}.tar.gz
|
||||
Source0: https://gitlab.freedesktop.org/realmd/realmd/uploads/204d05bd487908ece2ce2705a01d2b26/realmd-%{version}.tar.gz
|
||||
|
||||
Patch1: 0001-switch-to-authselect.patch
|
||||
Patch2: 0001-build-add-with-vendor-error-message-configure-option.patch
|
||||
Patch3: 0002-configure-update-some-macros-for-autoconf-2.71.patch
|
||||
Patch4: 0001-doc-add-computer-name-to-realm-man-page.patch
|
||||
Patch0001: 0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
|
||||
Patch0002: 0002-service-fix-error-message-when-removing-host-from-AD.patch
|
||||
Patch0003: 0003-doc-fix-reference-in-realmd.conf-man-page.patch
|
||||
Patch0004: 0001-tools-fix-ccache-handling-for-leave-operation.patch
|
||||
|
||||
# rhbz#1978255 - regression in realmd/Sanity/realmd-service-sanity
|
||||
Patch5: ipa-packages.patch
|
||||
|
||||
# rhbz#2038260 - realmd operations hang if a DC is unreachable
|
||||
Patch6: 0001-ldap-add-socket-timeout.patch
|
||||
|
||||
# rhbz#2038268 - realmd logs are duplicated
|
||||
Patch7: 0001-syslog-avoid-duplicate-log-messages.patch
|
||||
|
||||
# rhbz#2028530 - realm join needs to updated to use the command line options of
|
||||
# Samba's net command
|
||||
Patch8: 0001-samba-use-new-Samba-4.15-command-line-options.patch
|
||||
### Downstream Patches ###
|
||||
# In RHEL the RHEL the FreeIPA packages are call only ipa-* while upstream is
|
||||
# using freeipa-*, the following patch applies the needed changes.
|
||||
Patch0100: ipa-packages.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
|
@ -74,13 +66,13 @@ autoreconf -fi
|
|||
%endif
|
||||
%{nil}
|
||||
|
||||
make %{?_smp_mflags}
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
%make_install
|
||||
|
||||
%find_lang realmd
|
||||
|
||||
|
@ -95,7 +87,7 @@ make install DESTDIR=%{buildroot}
|
|||
|
||||
%files -f realmd.lang
|
||||
%doc AUTHORS COPYING NEWS README
|
||||
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
|
||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
|
||||
%{_sbindir}/realm
|
||||
%dir %{_prefix}/lib/realmd
|
||||
%{_libexecdir}/realmd
|
||||
|
@ -113,6 +105,18 @@ make install DESTDIR=%{buildroot}
|
|||
%doc ChangeLog
|
||||
|
||||
%changelog
|
||||
* Tue Feb 20 2024 Sumit Bose <sbose@redhat.com>
|
||||
- Use make macros https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
- migrated to SPDX license
|
||||
- allow multiple names and _srv_ ad_server option
|
||||
Resolves: jira#RHEL-12112
|
||||
- fix ccache handling for leave operation
|
||||
Resolves: jira#RHEL-5104
|
||||
|
||||
* Fri Oct 14 2022 Sumit Bose <sbose@redhat.com> - 0.17.1-1
|
||||
- Update to upstream release 0.17.1
|
||||
Resolves: rhbz#2129050, rhbz#2133839
|
||||
|
||||
* Tue Jan 11 2022 Sumit Bose <sbose@redhat.com> - 0.17.0-9
|
||||
- enforce new Samba command line options
|
||||
Resolves: rhbz#2028530
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (realmd-0.17.0.tar.gz) = 1bde6d97abc7c9b792889f9a35a17e0551af049865facd7db1a35981971a2c0ae1f60ab578d66f8662b33238936472d8afe3ec6b90dd9e148846b318d6f0a82b
|
||||
SHA512 (realmd-0.17.1.tar.gz) = 24f6b1fd149f2cd9e8019be1cb1638d8bc25845238ced224512a212d9de47305cf2b0c613c203a92fff0987a94cc9e08f9b45b93eedd54593b0c34f3875d1480
|
||||
|
|
Loading…
Reference in New Issue