rpms
/
realmd
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import realmd-0.17.1-1.el9

Browse Source
i9c changed/i9c/realmd-0.17.1-1.el9
MSVSphere Packaging Team 2 years ago
parent c360369581
commit ab94e600dd
10 changed files with 14 additions and 477 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/realmd-0.17.0.tar.gz
SOURCES/realmd-0.17.1.tar.gz

2
.realmd.metadata
Unescape View File

@ -1 +1 @@
c29f4819713b8af59b53ed0aecb0b273d5bf2b46 SOURCES/realmd-0.17.0.tar.gz
681f7f532daa62a08f2f2d6c9d4a1a04c4c793a3 SOURCES/realmd-0.17.1.tar.gz

61
SOURCES/0001-build-add-with-vendor-error-message-configure-option.patch
Unescape View File

@ -1,61 +0,0 @@
From 4ef597d15df246f4121266aaf3e291e3f06f6f4a Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 10 Mar 2021 17:57:07 +0100
Subject: [PATCH 1/2] build: add --with-vendor-error-message configure option
With the new configure option --with-vendor-error-message a packager or
a distribution can add a message if realmd returns with an error.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889386
---
configure.ac | 15 +++++++++++++++
tools/realm.c | 7 +++++++
2 files changed, 22 insertions(+)
diff --git a/configure.ac b/configure.ac
index ee067d9..05ec1bf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -51,6 +51,21 @@ fi
AC_SUBST(DISTRO)
+# -----------------------------------------------------------------------------
+# Vendor error message
+
+AC_ARG_WITH([vendor-error-message],
+ [AS_HELP_STRING([--with-vendor-error-message=ARG],
+ [Add a vendor specific error message shown if a realm command fails]
+ )],
+ [AS_IF([test "x$withval" != "x"],
+ [AC_DEFINE_UNQUOTED([VENDOR_MSG],
+ ["$withval"],
+ [Vendor specific error message])],
+ [AC_MSG_ERROR([--with-vendor-error-message requires an argument])]
+ )],
+ [])
+
# -----------------------------------------------------------------------------
# Basic tools
diff --git a/tools/realm.c b/tools/realm.c
index 1530f09..8fdca16 100644
--- a/tools/realm.c
+++ b/tools/realm.c
@@ -287,6 +287,13 @@ main (int argc,
ret = (realm_commands[i].function) (client, argc, argv);
g_object_unref (client);
+#ifdef VENDOR_MSG
+ if (ret != 0) {
+ g_printerr (VENDOR_MSG"\n");
+ }
+
+#endif
+
break;
}
}
--
2.30.2

36
SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch
Unescape View File

@ -1,36 +0,0 @@
From 05100771ea6bd775caae705bb53f76a0816f3b81 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 11 May 2021 11:13:06 +0200
Subject: [PATCH] doc: add computer-name to realm man page
---
doc/manual/realm.xml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml
index 9160a8a..b4dc27c 100644
--- a/doc/manual/realm.xml
+++ b/doc/manual/realm.xml
@@ -222,6 +222,19 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com
supported for all realms. By default the membership software
is automatically selected.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--computer-name=xxx</option></term>
+ <listitem>
+ <para>This option only applies to Active
+ Directory realms. Specify this option to
+ override the default name used when creating
+ the computer account. The system's FQDN will
+ still be saved in the dNSHostName attribute.</para>
+ <para>Specify the name as a string of 15 or
+ fewer characters that is a valid NetBIOS
+ computer name.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><option>--no-password</option></term>
<listitem><para>Perform the join automatically without
--
2.31.1

78
SOURCES/0001-ldap-add-socket-timeout.patch
Unescape View File

@ -1,78 +0,0 @@
From 370bf84857d5674a092f46fa5932a0c92ad5bbf5 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 24 Nov 2021 17:25:18 +0100
Subject: [PATCH] ldap: add socket timeout
During the discovery phase realmd tries to open LDAP connections to
multiple DC addresses returned by DNS. When cleaning up we have to call
ldap_destroy() to release the resources allocated for the LDAP context.
ldap_destroy() tries to send a LDAP unbind request independent of the
connection state. If the related address is block by a firewall or a not
properly routed IPv6 address there might be no reply on the TCP level
and the request might be stuck for quite some tome in the kernel.
To avoid the unexpected long delays will block realmd this patch lowers
the timeout considerably to 5s. As multiple other timeouts this value is
currently hardcoded.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1817869
---
service/realm-ldap.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/service/realm-ldap.c b/service/realm-ldap.c
index bdfb96c..f7b6d13 100644
--- a/service/realm-ldap.c
+++ b/service/realm-ldap.c
@@ -22,6 +22,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <netinet/tcp.h>
#include <errno.h>
@@ -179,6 +180,7 @@ static GSourceFuncs socket_source_funcs = {
/* Not included in ldap.h but documented */
int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp);
+#define LDAP_SOCKET_TIMEOUT 5
GSource *
realm_ldap_connect_anonymous (GSocketAddress *address,
@@ -202,6 +204,8 @@ realm_ldap_connect_anonymous (GSocketAddress *address,
int opt_rc;
int ldap_opt_val;
const char *errmsg = NULL;
+ struct timeval tv = {LDAP_SOCKET_TIMEOUT, 0};
+ unsigned int milli = LDAP_SOCKET_TIMEOUT * 1000;
g_return_val_if_fail (G_IS_INET_SOCKET_ADDRESS (address), NULL);
@@ -244,6 +248,23 @@ realm_ldap_connect_anonymous (GSocketAddress *address,
if (!g_unix_set_fd_nonblocking (ls->sock, FALSE, NULL))
g_warning ("couldn't set to blocking");
+ /* Lower the kernel defaults which might be minutes to hours */
+ rc = setsockopt (ls->sock, SOL_SOCKET, SO_RCVTIMEO,
+ &tv, sizeof (tv));
+ if (rc != 0) {
+ g_warning ("couldn't set SO_RCVTIMEO");
+ }
+ rc = setsockopt (ls->sock, SOL_SOCKET, SO_SNDTIMEO,
+ &tv, sizeof (tv));
+ if (rc != 0) {
+ g_warning ("couldn't set SO_SNDTIMEO");
+ }
+ rc = setsockopt (ls->sock, IPPROTO_TCP, TCP_USER_TIMEOUT,
+ &milli, sizeof (milli));
+ if (rc != 0) {
+ g_warning ("couldn't set TCP_USER_TIMEOUT");
+ }
+
if (family == G_SOCKET_FAMILY_IPV4) {
url = g_strdup_printf ("%s://%s:%d",
use_ldaps ? "ldaps" : "ldap",
--
2.34.1

128
SOURCES/0001-samba-use-new-Samba-4.15-command-line-options.patch
Unescape View File

@ -1,128 +0,0 @@
From 68f73b78a34299ee37dd06e2ab3ede8985fa277b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 14 Dec 2021 15:32:32 +0100
Subject: [PATCH] samba: use new Samba-4.15 command line options
Samba-4.15 changed a couple of command line options of the net utility.
This patch adds a configure option to select the new or the old style.
If the option is not used configure tries to call the net utility to
check for the options. If this fails the old style is used.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2028530
---
configure.ac | 34 ++++++++++++++++++++++++++++++++++
service/realm-samba-enroll.c | 18 +++++++++++++-----
2 files changed, 47 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index ea51f92..ddc25d0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -227,6 +227,40 @@ LDAP_CFLAGS=""
AC_SUBST(LDAP_LIBS)
AC_SUBST(LDAP_CFLAGS)
+# -------------------------------------------------------------------
+# Samba
+
+AC_ARG_WITH(new-samba-cli-options,
+ AS_HELP_STRING([--with-new-samba-cli-options=yes/no],
+ [Use new command line options introduced with Samba-4.15,
+ if not provided the output of 'net help' is checked or old
+ style options are used]))
+
+if test "$with_new_samba_cli_options" = "no"; then
+ AC_MSG_RESULT([Using old Samba command line options])
+elif test "$with_new_samba_cli_options" = "yes"; then
+ AC_DEFINE_UNQUOTED(WITH_NEW_SAMBA_CLI_OPTS, 1,
+ [Use new command line options introduced with Samba-4.15])
+ AC_MSG_RESULT([Using new Samba command line options])
+else
+ AC_PATH_PROG([SAMBA_NET], [net])
+ if test ! -x "$SAMBA_NET"; then
+ AC_MSG_NOTICE([Could not find Samba's net utility, ]
+ [assuming old style command line options, ]
+ [please install the net utility for proper detection.])
+ else
+ AC_MSG_CHECKING([for --debug-stdout option of net])
+ if AC_RUN_LOG([$SAMBA_NET help 2>&1 |grep -- '--debug-stdout' > /dev/null]); then
+ AC_DEFINE_UNQUOTED(WITH_NEW_SAMBA_CLI_OPTS, 1,
+ [Use new command line options introduced with Samba-4.15])
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ fi
+fi
+
+
# -------------------------------------------------------------------
# Directories
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
index 5624a08..8b2ee38 100644
--- a/service/realm-samba-enroll.c
+++ b/service/realm-samba-enroll.c
@@ -37,6 +37,14 @@
#include <sys/socket.h>
#include <netdb.h>
+#ifdef WITH_NEW_SAMBA_CLI_OPTS
+#define SMBCLI_KERBEROS "--use-kerberos=required"
+#define SMBCLI_CONF "--configfile"
+#else
+#define SMBCLI_KERBEROS "-k"
+#define SMBCLI_CONF "-s"
+#endif
+
typedef struct {
GDBusMethodInvocation *invocation;
gchar *join_args[8];
@@ -260,7 +268,7 @@ begin_net_process (JoinClosure *join,
/* Use our custom smb.conf */
g_ptr_array_add (args, (gpointer)realm_settings_path ("net"));
if (join->custom_smb_conf) {
- g_ptr_array_add (args, "-s");
+ g_ptr_array_add (args, SMBCLI_CONF);
g_ptr_array_add (args, join->custom_smb_conf);
}
@@ -370,7 +378,7 @@ on_join_do_keytab (GObject *source,
} else {
begin_net_process (join, NULL,
on_keytab_do_finish, g_object_ref (task),
- "-k", "ads", "keytab", "create", NULL);
+ SMBCLI_KERBEROS, "ads", "keytab", "create", NULL);
}
g_object_unref (task);
@@ -428,7 +436,7 @@ begin_join (GTask *task,
begin_net_process (join, join->password_input,
on_join_do_keytab, g_object_ref (task),
"-U", join->user_name,
- "-k", "ads", "join", join->disco->domain_name,
+ SMBCLI_KERBEROS, "ads", "join", join->disco->domain_name,
join->join_args[0], join->join_args[1],
join->join_args[2], join->join_args[3],
join->join_args[4], NULL);
@@ -437,7 +445,7 @@ begin_join (GTask *task,
} else {
begin_net_process (join, NULL,
on_join_do_keytab, g_object_ref (task),
- "-k", "ads", "join", join->disco->domain_name,
+ SMBCLI_KERBEROS, "ads", "join", join->disco->domain_name,
join->join_args[0], join->join_args[1],
join->join_args[2], join->join_args[3],
join->join_args[4], NULL);
@@ -543,7 +551,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
join->envvar = g_strdup_printf ("KRB5CCNAME=%s", cred->x.ccache.file);
begin_net_process (join, NULL,
on_leave_complete, g_object_ref (task),
- "-k", "ads", "leave", NULL);
+ SMBCLI_KERBEROS, "ads", "leave", NULL);
break;
default:
g_return_if_reached ();
--
2.34.1

36
SOURCES/0001-switch-to-authselect.patch
Unescape View File

@ -1,36 +0,0 @@
From 32645f2fc1ddfb2eed7069fd749602619f26ed37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 19 Feb 2018 11:51:06 +0100
Subject: [PATCH] switch to authselect
---
service/realmd-redhat.conf | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
index e39fad525c716d1ed99715280cd5d497b9039427..26cf6147f352e1b48c3261fa42707d816428f879 100644
--- a/service/realmd-redhat.conf
+++ b/service/realmd-redhat.conf
@@ -23,15 +23,15 @@ adcli = /usr/sbin/adcli
freeipa-client = /usr/sbin/ipa-client-install
[commands]
-winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
+winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
+winbind-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
winbind-enable-service = /usr/bin/systemctl enable winbind.service
winbind-disable-service = /usr/bin/systemctl disable winbind.service
winbind-restart-service = /usr/bin/systemctl restart winbind.service
winbind-stop-service = /usr/bin/systemctl stop winbind.service
-sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
+sssd-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select sssd with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
+sssd-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
sssd-enable-service = /usr/bin/systemctl enable sssd.service
sssd-disable-service = /usr/bin/systemctl disable sssd.service
sssd-restart-service = /usr/bin/systemctl restart sssd.service
--
2.9.3

38
SOURCES/0001-syslog-avoid-duplicate-log-messages.patch
Unescape View File

@ -1,38 +0,0 @@
From 720ddd02100ab8592e081aed425c9455b397a462 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 25 Nov 2021 14:36:10 +0100
Subject: [PATCH] syslog: avoid duplicate log messages
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2024248
---
service/realm-diagnostics.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/service/realm-diagnostics.c b/service/realm-diagnostics.c
index 850b2e3..6aa5288 100644
--- a/service/realm-diagnostics.c
+++ b/service/realm-diagnostics.c
@@ -55,12 +55,20 @@ log_syslog_and_debug (GDBusMethodInvocation *invocation,
while ((ptr = memchr (at, '\n', length)) != NULL) {
*ptr = '\0';
if (line_buffer && line_buffer->len > 0) {
+#ifdef WITH_JOURNAL
+ /* Call realm_daemon_syslog directly to add
+ * REALMD_OPERATION to the jounrnal */
realm_daemon_syslog (operation, log_level, "%s%s", line_buffer->str, at);
+#else
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s%s", line_buffer->str, at);
+#endif
g_string_set_size (line_buffer, 0);
} else {
+#ifdef WITH_JOURNAL
realm_daemon_syslog (operation, log_level, "%s", at);
+#else
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", at);
+#endif
}
*ptr = '\n';
--
2.34.1

77
SOURCES/0002-configure-update-some-macros-for-autoconf-2.71.patch
Unescape View File

@ -1,77 +0,0 @@
From cff19e9044e3f389a14fbc5e98366a31107d4a02 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 6 Apr 2021 15:23:54 +0200
Subject: [PATCH 2/2] configure: update some macros for autoconf-2.71
---
configure.ac | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 05ec1bf..4dac5a9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_PREREQ(2.63)
+AC_PREREQ([2.63])
AC_INIT([realmd], [0.17.0],
[https://gitlab.freedesktop.org/realmd/realmd/-/issues],
@@ -69,8 +69,7 @@ AC_ARG_WITH([vendor-error-message],
# -----------------------------------------------------------------------------
# Basic tools
-AC_GNU_SOURCE
-AC_ISC_POSIX
+AC_USE_SYSTEM_EXTENSIONS
AC_PROG_CC
AC_PROG_CPP
AM_PROG_CC_C_O
@@ -109,7 +108,7 @@ AC_SUBST(POLKIT_LIBS)
AC_MSG_CHECKING([systemd unit directory])
AC_ARG_WITH(systemd-unit-dir,
- AC_HELP_STRING([--with-systemd-unit-dir],
+ AS_HELP_STRING([--with-systemd-unit-dir],
[Directory to install systemd service file]))
if test "$with_systemd_unit_dir" = "" -o "$with_systemd_unit_dir" = "yes"; then
@@ -136,7 +135,7 @@ AC_SUBST(dbus_systemd_service)
AC_MSG_RESULT($with_systemd_unit_dir)
AC_ARG_WITH(systemd-journal,
- AC_HELP_STRING([--with-systemd-journal],
+ AS_HELP_STRING([--with-systemd-journal],
[Use systemd's journal for logging]))
if test "$with_systemd_journal" != "no"; then
@@ -245,7 +244,7 @@ AC_SUBST(POLKIT_ACTION_DIR)
AC_MSG_CHECKING([whether to build documentation])
AC_ARG_ENABLE(doc,
- AC_HELP_STRING([--enable-doc],
+ AS_HELP_STRING([--enable-doc],
[Disable building documentation])
)
@@ -314,7 +313,7 @@ AC_SUBST(GENHTML)
AC_MSG_CHECKING([for debug mode])
AC_ARG_ENABLE(debug,
- AC_HELP_STRING([--enable-debug=no/default/yes],
+ AS_HELP_STRING([--enable-debug=no/default/yes],
[Turn on or off debugging])
)
@@ -397,7 +396,7 @@ AC_SUBST(TEST_MODE)
privatedir='${prefix}/lib/realmd'
AC_MSG_CHECKING([private directory])
AC_ARG_WITH(private-dir,
- AC_HELP_STRING([--with-private-dir=DIR],
+ AS_HELP_STRING([--with-private-dir=DIR],
[Directory to install realmd system defaults (default: ${prefix}/lib/realmd)]))
if test -n "$with_private_dir"; then
--
2.30.2

33
SPECS/realmd.spec
Unescape View File

@ -1,28 +1,15 @@
Name: realmd
Version: 0.17.0
Release: 9%{?dist}
Version: 0.17.1
Release: 1%{?dist}
Summary: Kerberos realm enrollment service
License: LGPLv2+
URL: https://gitlab.freedesktop.org/realmd/realmd
Source0: https://gitlab.freedesktop.org/sbose/realmd/uploads/b13a87292762bdad3ecbfe65bbb57211/realmd-%{version}.tar.gz
Source0: https://gitlab.freedesktop.org/realmd/realmd/uploads/204d05bd487908ece2ce2705a01d2b26/realmd-%{version}.tar.gz
Patch1: 0001-switch-to-authselect.patch
Patch2: 0001-build-add-with-vendor-error-message-configure-option.patch
Patch3: 0002-configure-update-some-macros-for-autoconf-2.71.patch
Patch4: 0001-doc-add-computer-name-to-realm-man-page.patch
# rhbz#1978255 - regression in realmd/Sanity/realmd-service-sanity
Patch5: ipa-packages.patch
# rhbz#2038260 - realmd operations hang if a DC is unreachable
Patch6: 0001-ldap-add-socket-timeout.patch
# rhbz#2038268 - realmd logs are duplicated
Patch7: 0001-syslog-avoid-duplicate-log-messages.patch
# rhbz#2028530 - realm join needs to updated to use the command line options of
# Samba's net command
Patch8: 0001-samba-use-new-Samba-4.15-command-line-options.patch
### Downstream Patches ###
# In RHEL the RHEL the FreeIPA packages are call only ipa-* while upstream is
# using freeipa-*, the following patch applies the needed changes.
Patch0100: ipa-packages.patch
BuildRequires: make
BuildRequires: gcc
@ -95,7 +82,7 @@ make install DESTDIR=%{buildroot}
%files -f realmd.lang
%doc AUTHORS COPYING NEWS README
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
%{_sbindir}/realm
%dir %{_prefix}/lib/realmd
%{_libexecdir}/realmd
@ -116,6 +103,10 @@ make install DESTDIR=%{buildroot}
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.17.0-9
- Rebuilt for MSVSphere 9.1.
* Fri Oct 14 2022 Sumit Bose <sbose@redhat.com> - 0.17.1-1
- Update to upstream release 0.17.1
Resolves: rhbz#2129050, rhbz#2133839
* Tue Jan 11 2022 Sumit Bose <sbose@redhat.com> - 0.17.0-9
- enforce new Samba command line options
Resolves: rhbz#2028530

Write Preview
Loading…
Cancel
Save