[packages/adcli] - updated to 0.9.3.1
qboosh
qboosh at pld-linux.org
Sat May 9 13:52:27 CEST 2026
commit 08b6ef99775a3c2b97d0b4f1bb701d04c77b5e68
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sat May 9 13:52:23 2026 +0200
- updated to 0.9.3.1
adcli-heimdal.patch | 87 +++++++++++++++++++++++++++++++++++------------------
adcli.spec | 16 +++++++---
2 files changed, 69 insertions(+), 34 deletions(-)
---
diff --git a/adcli.spec b/adcli.spec
index 24a9114..0b9de38 100644
--- a/adcli.spec
+++ b/adcli.spec
@@ -2,17 +2,18 @@
#
# Conditional build:
%bcond_with krb5 # use MIT KRB5 instead of Heimdal Kerberos
+%bcond_with selinux # SELinux support (requires policy sources)
#
Summary: Helper library and tools for Active Directory client operations
Summary(pl.UTF-8): Biblioteka pomocnicza i narzędzia do operacji klienckich usługi Active Directory
Name: adcli
-Version: 0.9.2
-Release: 2
+Version: 0.9.3.1
+Release: 1
License: LGPL v2+
Group: Applications/System
#Source0Download: https://gitlab.freedesktop.org/realmd/adcli/-/releases
-Source0: https://gitlab.freedesktop.org/realmd/adcli/uploads/ea560656ac921b3fe0d455976aaae9be/%{name}-%{version}.tar.gz
-# Source0-md5: 7f6ae35ac2c16632812641c724b32e30
+Source0: https://gitlab.freedesktop.org/-/project/1196/uploads/5a1c55410c0965835b81fbd28d820d46/%{name}-%{version}.tar.gz
+# Source0-md5: 0826e7b6cac1df6dd1b6509507b384ed
Patch0: %{name}-heimdal.patch
URL: https://www.freedesktop.org/software/realmd/adcli/
BuildRequires: cyrus-sasl-devel
@@ -21,6 +22,11 @@ BuildRequires: cyrus-sasl-devel
BuildRequires: libxslt-progs
BuildRequires: openldap-devel
BuildRequires: xmlto
+%if %{with selinux}
+BuildRequires: libselinux-devel
+# policy sources (/usr/share/selinux/devel/Makefile)
+BuildRequires: selinux-policy-???
+%endif
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
@@ -36,7 +42,9 @@ Directory.
%build
%configure \
+ %{!?with_selinux:--disable-selinux-support} \
--disable-silent-rules
+
%{__make}
%install
diff --git a/adcli-heimdal.patch b/adcli-heimdal.patch
index 553aa5c..8f36cb1 100644
--- a/adcli-heimdal.patch
+++ b/adcli-heimdal.patch
@@ -76,8 +76,8 @@
#include <ldap.h>
typedef enum {
---- adcli-0.9.2/library/adenroll.c.orig 2022-09-28 13:23:05.000000000 +0200
-+++ adcli-0.9.2/library/adenroll.c 2025-03-02 10:27:04.407010335 +0100
+--- adcli-0.9.3.1/library/adenroll.c.orig 2025-11-21 11:47:40.000000000 +0100
++++ adcli-0.9.3.1/library/adenroll.c 2026-05-09 13:33:28.311957804 +0200
@@ -28,7 +28,7 @@
#include "seq.h"
@@ -87,7 +87,7 @@
#include <ldap.h>
#include <sasl/sasl.h>
-@@ -774,7 +774,7 @@ calculate_enctypes (adcli_enroll *enroll
+@@ -777,7 +777,7 @@ calculate_enctypes (adcli_enroll *enroll
}
new_value = _adcli_krb5_format_enctypes (new_enctypes);
@@ -96,7 +96,7 @@
if (new_value == NULL) {
free (value);
_adcli_warn ("The encryption types desired are not available in active directory");
-@@ -1542,7 +1542,7 @@ set_password_with_user_creds (adcli_enro
+@@ -1655,7 +1655,7 @@ set_password_with_user_creds (adcli_enro
message ? ": " : "", message ? message : "");
res = ADCLI_ERR_CREDENTIALS;
#ifdef HAVE_KRB5_CHPW_MESSAGE
@@ -105,7 +105,7 @@
#else
free (message);
#endif
-@@ -1614,7 +1614,7 @@ set_password_with_computer_creds (adcli_
+@@ -1728,7 +1728,7 @@ set_password_with_computer_creds (adcli_
message ? ": " : "", message ? message : "");
res = ADCLI_ERR_CREDENTIALS;
#ifdef HAVE_KRB5_CHPW_MESSAGE
@@ -114,7 +114,7 @@
#else
free (message);
#endif
-@@ -2010,10 +2010,10 @@ ensure_host_keytab (adcli_result res,
+@@ -2102,10 +2102,10 @@ ensure_host_keytab (adcli_result res,
return res;
if (!enroll->keytab_name) {
@@ -127,7 +127,25 @@
return_unexpected_if_fail (code == 0);
enroll->keytab_name = name;
-@@ -2039,13 +2039,13 @@ load_keytab_entry (krb5_context k5,
+@@ -2156,7 +2156,7 @@ search_realm_in_keytab_entry (krb5_conte
+
+ /* Skip over any entry without a principal or realm */
+ principal = entry->principal;
+- if (!principal || !principal->realm.length)
++ if (!principal || !krb5_realm_length(principal->realm))
+ return TRUE;
+
+ /* Use realm from the first HOST$ entry, if any */
+@@ -2165,7 +2165,7 @@ search_realm_in_keytab_entry (krb5_conte
+ return_val_if_fail (code == 0, FALSE);
+
+ if (_adcli_str_has_suffix (name, "$") && !strchr (name, '/')) {
+- value = _adcli_str_dupn (principal->realm.data, principal->realm.length);
++ value = _adcli_str_dupn (krb5_realm_data(principal->realm), krb5_realm_length(principal->realm));
+ adcli_conn_set_domain_realm (enroll->conn, value);
+ _adcli_info ("Found realm in keytab: %s", value);
+ free (value);
+@@ -2191,13 +2191,13 @@ load_keytab_entry (krb5_context k5,
/* Skip over any entry without a principal or realm */
principal = entry->principal;
@@ -143,7 +161,7 @@
adcli_conn_set_domain_realm (enroll->conn, value);
_adcli_info ("Found realm in keytab: %s", value);
realm = adcli_conn_get_domain_realm (enroll->conn);
-@@ -2054,7 +2054,7 @@ load_keytab_entry (krb5_context k5,
+@@ -2206,7 +2206,7 @@ load_keytab_entry (krb5_context k5,
/* Only look at entries that match the realm */
len = strlen (realm);
@@ -152,7 +170,7 @@
return TRUE;
code = krb5_unparse_name_flags (k5, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
-@@ -2164,6 +2164,7 @@ build_principal_salts (adcli_enroll *enr
+@@ -2331,6 +2331,7 @@ build_principal_salts (adcli_enroll *enr
{
krb5_error_code code;
krb5_data *salts;
@@ -160,7 +178,7 @@
const int count = 3;
int i = 0;
-@@ -2171,8 +2172,9 @@ build_principal_salts (adcli_enroll *enr
+@@ -2338,8 +2339,9 @@ build_principal_salts (adcli_enroll *enr
return_val_if_fail (salts != NULL, NULL);
/* Build up the salts, first a standard kerberos salt */
@@ -171,7 +189,7 @@
/* Then a Windows 2003 computer account salt */
code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[i++]);
-@@ -2287,7 +2289,7 @@ add_principal_to_keytab (adcli_enroll *e
+@@ -2456,7 +2458,7 @@ add_principal_to_keytab (adcli_enroll *e
salts = build_principal_salts (enroll, k5, principal);
if (salts == NULL) {
@@ -180,7 +198,7 @@
return ADCLI_ERR_UNEXPECTED;
}
-@@ -2309,7 +2311,7 @@ add_principal_to_keytab (adcli_enroll *e
+@@ -2478,7 +2480,7 @@ add_principal_to_keytab (adcli_enroll *e
free_principal_salts (k5, salts);
}
@@ -189,7 +207,7 @@
if (code != 0) {
_adcli_err ("Couldn't add keytab entries: %s: %s",
-@@ -2660,7 +2662,11 @@ adcli_enroll_add_keytab_for_service_acco
+@@ -3003,7 +3005,11 @@ adcli_enroll_add_keytab_for_service_acco
adcli_result res;
krb5_context k5;
krb5_error_code code;
@@ -201,7 +219,7 @@
char *lc_dom_name;
int ret;
-@@ -3214,7 +3220,7 @@ adcli_enroll_set_keytab_name (adcli_enro
+@@ -3557,7 +3563,7 @@ adcli_enroll_set_keytab_name (adcli_enro
if (enroll->keytab_name_is_krb5) {
k5 = adcli_conn_get_krb5_context (enroll->conn);
return_if_fail (k5 != NULL);
@@ -210,7 +228,7 @@
} else {
free (enroll->keytab_name);
}
-@@ -3300,7 +3306,7 @@ adcli_enroll_get_permitted_keytab_enctyp
+@@ -3643,7 +3649,7 @@ adcli_enroll_get_permitted_keytab_enctyp
new_enctypes = calloc (c + 1, sizeof (krb5_enctype));
if (new_enctypes == NULL) {
@@ -219,7 +237,7 @@
return NULL;
}
-@@ -3317,7 +3323,7 @@ adcli_enroll_get_permitted_keytab_enctyp
+@@ -3660,7 +3666,7 @@ adcli_enroll_get_permitted_keytab_enctyp
}
}
@@ -228,7 +246,7 @@
return new_enctypes;
}
-@@ -3723,11 +3729,15 @@ test_adcli_enroll_get_permitted_keytab_e
+@@ -4066,11 +4072,15 @@ test_adcli_enroll_get_permitted_keytab_e
assert_num_eq (enctypes[c], permitted_enctypes[c]);
}
assert_num_eq (enctypes[c], 0);
@@ -245,7 +263,7 @@
check_enctypes[2] = 0;
adcli_enroll_set_keytab_enctypes (enroll, check_enctypes);
-@@ -3735,9 +3745,9 @@ test_adcli_enroll_get_permitted_keytab_e
+@@ -4078,9 +4088,9 @@ test_adcli_enroll_get_permitted_keytab_e
assert_ptr_not_null (enctypes);
assert_num_eq (enctypes[0], permitted_enctypes[0]);
assert_num_eq (enctypes[1], 0);
@@ -257,8 +275,8 @@
adcli_enroll_unref (enroll);
adcli_conn_unref (conn);
---- adcli-0.9.2/library/adkrb5.c.orig 2022-04-29 07:30:33.000000000 +0200
-+++ adcli-0.9.2/library/adkrb5.c 2025-03-02 10:11:23.548774068 +0100
+--- adcli-0.9.3.1/library/adkrb5.c.orig 2025-09-02 21:16:34.000000000 +0200
++++ adcli-0.9.3.1/library/adkrb5.c 2026-05-09 13:47:49.250627032 +0200
@@ -27,7 +27,7 @@
#include "adprivate.h"
@@ -268,7 +286,7 @@
#include <assert.h>
#include <ctype.h>
-@@ -82,7 +82,7 @@ _adcli_krb5_keytab_clear (krb5_context k
+@@ -83,7 +83,7 @@ _adcli_krb5_keytab_clear (krb5_context k
/* See if we should remove this entry */
if (!match_func (k5, &entry, match_data)) {
@@ -277,7 +295,7 @@
continue;
}
-@@ -95,7 +95,7 @@ _adcli_krb5_keytab_clear (krb5_context k
+@@ -96,7 +96,7 @@ _adcli_krb5_keytab_clear (krb5_context k
return_val_if_fail (code == 0, code);
code = krb5_kt_remove_entry (k5, keytab, &entry);
@@ -286,7 +304,16 @@
if (code != 0)
return code;
-@@ -225,7 +225,7 @@ match_enctype_and_kvno (krb5_context k5,
+@@ -228,7 +228,7 @@ match_principal_and_kvno_and_enctype (kr
+ assert (closure->principal);
+ assert (closure->enctype);
+
+- code = krb5_c_enctype_compare (k5, closure->enctype, entry->key.enctype,
++ code = krb5_c_enctype_compare (k5, closure->enctype, krb5_keyblock_get_enctype(&entry->keyblock),
+ &similar);
+
+ if (code == 0 && entry->vno == closure->kvno && similar) {
+@@ -259,7 +259,7 @@ match_enctype_and_kvno (krb5_context k5,
assert (closure->enctype);
@@ -295,7 +322,7 @@
&similar);
if (code == 0 && entry->vno == closure->kvno && similar) {
-@@ -262,12 +262,12 @@ _adcli_krb5_get_keyblock (krb5_context k
+@@ -296,12 +296,12 @@ _adcli_krb5_get_keyblock (krb5_context k
/* See if we should remove this entry */
if (!match_func (k5, &entry, match_data)) {
@@ -311,7 +338,7 @@
break;
-@@ -300,7 +300,7 @@ _adcli_krb5_keytab_copy_entries (krb5_co
+@@ -335,7 +335,7 @@ _adcli_krb5_keytab_copy_entries (krb5_co
memset (&entry, 0, sizeof (entry));
@@ -320,7 +347,7 @@
match_enctype_and_kvno, &closure);
if (code != 0 || closure.matched == 0) {
return code != 0 ? code : ENOKEY;
-@@ -312,7 +312,7 @@ _adcli_krb5_keytab_copy_entries (krb5_co
+@@ -369,7 +369,7 @@ _adcli_krb5_keytab_copy_entries (krb5_co
code = krb5_kt_add_entry (k5, keytab, &entry);
entry.principal = NULL;
@@ -329,7 +356,7 @@
if (code != 0)
return code;
-@@ -335,9 +335,10 @@ _adcli_krb5_keytab_add_entries (krb5_con
+@@ -392,9 +392,10 @@ _adcli_krb5_keytab_add_entries (krb5_con
int i;
for (i = 0; enctypes[i] != 0; i++) {
@@ -341,7 +368,7 @@
if (code != 0)
return code;
-@@ -347,7 +348,7 @@ _adcli_krb5_keytab_add_entries (krb5_con
+@@ -404,7 +405,7 @@ _adcli_krb5_keytab_add_entries (krb5_con
code = krb5_kt_add_entry (k5, keytab, &entry);
entry.principal = NULL;
@@ -350,7 +377,7 @@
if (code != 0)
return code;
-@@ -441,11 +442,12 @@ _adcli_krb5_w2k3_salt (krb5_context k5,
+@@ -498,11 +499,12 @@ _adcli_krb5_w2k3_salt (krb5_context k5,
const char *host_netbios,
krb5_data *salt)
{
@@ -364,7 +391,7 @@
/*
* The format for the w2k3 computer account salt is:
-@@ -455,37 +457,37 @@ _adcli_krb5_w2k3_salt (krb5_context k5,
+@@ -512,37 +514,37 @@ _adcli_krb5_w2k3_salt (krb5_context k5,
realm = krb5_princ_realm (k5, principal);
host_length = strlen (host_netbios);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/adcli.git/commitdiff/08b6ef99775a3c2b97d0b4f1bb701d04c77b5e68
More information about the pld-cvs-commit
mailing list