diff --git a/0001-delete-do-not-exit-if-keytab-cannot-be-read.patch b/0001-delete-do-not-exit-if-keytab-cannot-be-read.patch new file mode 100644 index 0000000..15aaf07 --- /dev/null +++ b/0001-delete-do-not-exit-if-keytab-cannot-be-read.patch @@ -0,0 +1,32 @@ +From 40d3be22f6e518e4354aa7c3d0278291fcbed32f Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 5 Jun 2020 17:06:58 +0200 +Subject: [PATCH] delete: do not exit if keytab cannot be read + +Reading the keytab is not required when deleting a host object in AD. It +is only needed in the case where the host was added with a manual set +NetBIOS name (--computer-name option) which does not match the short +hostname and no computer name was given at the delete-computer command +line. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1840752 +--- + tools/computer.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tools/computer.c b/tools/computer.c +index 292c4d8..a90c4b2 100644 +--- a/tools/computer.c ++++ b/tools/computer.c +@@ -952,8 +952,6 @@ adcli_tool_computer_delete (adcli_conn *conn, + if (res != ADCLI_SUCCESS) { + warnx ("couldn't lookup domain info from keytab: %s", + adcli_get_last_error ()); +- adcli_enroll_unref (enroll); +- return -res; + } + + res = adcli_conn_connect (conn); +-- +2.26.2 + diff --git a/0001-tools-disable-SSSD-s-locator-plugin.patch b/0001-tools-disable-SSSD-s-locator-plugin.patch new file mode 100644 index 0000000..07d791e --- /dev/null +++ b/0001-tools-disable-SSSD-s-locator-plugin.patch @@ -0,0 +1,41 @@ +From 50d580c58dab5928cadfc6ca82aedccee58eaced Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 5 Jun 2020 17:28:28 +0200 +Subject: [PATCH] tools: disable SSSD's locator plugin + +MIT's libkrb5 checks available locator plugins first before checking the +config file. This might cause issues when the locator plugin returns a +different DC than the one used for the LDAP connection if some data must +be replicated. + +This patch sets the SSSD_KRB5_LOCATOR_DISABLE environment variable to +'true' to disable SSSD's locator plugin for adcli. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762633 +--- + tools/tools.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/tools.c b/tools/tools.c +index 9d422f2..1b6d879 100644 +--- a/tools/tools.c ++++ b/tools/tools.c +@@ -296,6 +296,7 @@ cleanup_krb5_conf_directory (void) + } + + unsetenv ("KRB5_CONFIG"); ++ unsetenv ("SSSD_KRB5_LOCATOR_DISABLE"); + } + + static void +@@ -394,6 +395,7 @@ setup_krb5_conf_directory (adcli_conn *conn) + adcli_krb5_conf_filename = filename; + adcli_krb5_d_directory = snippets; + setenv ("KRB5_CONFIG", adcli_krb5_conf_filename, 1); ++ setenv ("SSSD_KRB5_LOCATOR_DISABLE", "true", 1); + + } else { + free (filename); +-- +2.26.2 + diff --git a/adcli.spec b/adcli.spec index 2bcc27a..9dd5ce5 100644 --- a/adcli.spec +++ b/adcli.spec @@ -1,6 +1,6 @@ Name: adcli Version: 0.9.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Active Directory enrollment License: LGPLv2+ URL: http://cgit.freedesktop.org/realmd/adcli @@ -12,6 +12,8 @@ Patch3: 0003-add-description-option-to-join-and-update.patch Patch4: 0004-Use-GSS-SPNEGO-if-available.patch Patch5: 0005-add-option-use-ldaps.patch Patch6: 0006-discovery-fix.patch +Patch7: 0001-delete-do-not-exit-if-keytab-cannot-be-read.patch +Patch8: 0001-tools-disable-SSSD-s-locator-plugin.patch BuildRequires: gcc @@ -70,6 +72,9 @@ documentation. %doc %{_datadir}/doc/adcli/* %changelog +* Mon Jun 08 2020 Sumit Bose - 0.9.0-2 +- Include the latest upstream patches + * Wed Mar 18 2020 Sumit Bose - 0.9.0-1 - Update to upstream release 0.9.0 and latest patches