diff --git a/0001-Various-fixes-for-issues-found-by-static-code-scanne.patch b/0001-Various-fixes-for-issues-found-by-static-code-scanne.patch new file mode 100644 index 0000000000000000000000000000000000000000..3244b9aed33ac6c336667e05a4d8778a8a6c7f12 --- /dev/null +++ b/0001-Various-fixes-for-issues-found-by-static-code-scanne.patch @@ -0,0 +1,242 @@ +From 1e6fe345218bc089c385711fbbb9941df6672b66 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 13 Nov 2024 16:28:21 +0100 +Subject: [PATCH 1/2] Various fixes for issues found by static code scanners + +--- + service/realm-adcli-enroll.c | 10 +++++----- + service/realm-ini-config.c | 1 + + service/realm-kerberos.c | 11 +++++++---- + service/realm-ldap.c | 9 +++++++-- + service/realm-samba-winbind.c | 1 + + service/realm-samba.c | 5 ++--- + tools/realm-client.c | 16 ++++++++++------ + 7 files changed, 33 insertions(+), 20 deletions(-) + +diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c +index c913987..c58175e 100644 +--- a/service/realm-adcli-enroll.c ++++ b/service/realm-adcli-enroll.c +@@ -226,10 +226,10 @@ realm_adcli_enroll_join_async (RealmDisco *disco, + + if (input) + g_bytes_unref (input); +- free (ccache_arg); +- free (upn_arg); +- free (server_arg); +- free (ou_arg); ++ g_free (ccache_arg); ++ g_free (upn_arg); ++ g_free (server_arg); ++ g_free (ou_arg); + } + + gboolean +@@ -319,7 +319,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco, + if (input) + g_bytes_unref (input); + +- free (ccache_arg); ++ g_free (ccache_arg); + g_free (server_arg); + } + +diff --git a/service/realm-ini-config.c b/service/realm-ini-config.c +index 2e6813b..7bbea34 100644 +--- a/service/realm-ini-config.c ++++ b/service/realm-ini-config.c +@@ -650,6 +650,7 @@ realm_ini_config_read_file (RealmIniConfig *self, + + if (err != NULL) { + g_propagate_error (error, err); ++ g_free (contents); + return FALSE; + } + +diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c +index 7994e1e..8810f87 100644 +--- a/service/realm-kerberos.c ++++ b/service/realm-kerberos.c +@@ -300,7 +300,7 @@ join_or_leave (RealmKerberos *self, + { + RealmKerberosMembershipIface *iface = REALM_KERBEROS_MEMBERSHIP_GET_IFACE (self); + RealmKerberosMembership *membership = REALM_KERBEROS_MEMBERSHIP (self); +- RealmCredential *cred; ++ RealmCredential *cred = NULL; + MethodClosure *method; + GError *error = NULL; + +@@ -317,6 +317,7 @@ join_or_leave (RealmKerberos *self, + cred = realm_credential_parse (credential, &error); + if (error != NULL) { + g_dbus_method_invocation_return_gerror (invocation, error); ++ realm_credential_unref (cred); + g_error_free (error); + return; + } +@@ -331,6 +332,8 @@ join_or_leave (RealmKerberos *self, + if (!realm_invocation_lock_daemon (invocation)) { + g_dbus_method_invocation_return_error (invocation, REALM_ERROR, REALM_ERROR_BUSY, + _("Already running another action")); ++ realm_credential_unref (cred); ++ g_error_free (error); + return; + } + +@@ -1067,7 +1070,7 @@ flush_keytab_entries (krb5_context ctx, + count = 0; + } + +- code = krb5_kt_free_entry (ctx, &entry); ++ code = krb5_free_keytab_entry_contents (ctx, &entry); + return_val_if_krb5_failed (ctx, code, FALSE); + } + +@@ -1175,13 +1178,13 @@ realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name) + && name_data->data[name_data->length - 1] == '$') { + netbios_name = g_strndup (name_data->data, name_data->length - 1); + if (netbios_name == NULL) { +- code = krb5_kt_free_entry (ctx, &entry); ++ code = krb5_free_keytab_entry_contents (ctx, &entry); + warn_if_krb5_failed (ctx, code); + break; + } + } + } +- code = krb5_kt_free_entry (ctx, &entry); ++ code = krb5_free_keytab_entry_contents (ctx, &entry); + warn_if_krb5_failed (ctx, code); + } + } +diff --git a/service/realm-ldap.c b/service/realm-ldap.c +index f7b6d13..c28e8d1 100644 +--- a/service/realm-ldap.c ++++ b/service/realm-ldap.c +@@ -228,6 +228,7 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + /* Not an expected failure */ + if (ls->sock < 0) { + g_critical ("couldn't open socket to: %s: %s", addrname, strerror (errno)); ++ g_free (addrname); + return NULL; + } + +@@ -236,8 +237,10 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + + native_len = g_socket_address_get_native_size (address); + native = g_malloc (native_len); +- if (!g_socket_address_to_native (address, native, native_len, NULL)) ++ if (!g_socket_address_to_native (address, native, native_len, NULL)) { ++ g_free (addrname); + g_return_val_if_reached (NULL); ++ } + + if (connect (ls->sock, native, native_len) < 0 && + errno != EINPROGRESS) { +@@ -280,6 +283,7 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + g_free (url); + + g_free (native); ++ g_free (addrname); + + /* Not an expected failure */ + if (rc != LDAP_SUCCESS) { +@@ -326,6 +330,7 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + + case G_SOCKET_PROTOCOL_UDP: + url = g_strdup_printf ("cldap://%s:%d", addrname, port); ++ g_free (addrname); + + /* + * HACK: ldap_init_fd() does not work for UDP, otherwise we +@@ -367,11 +372,11 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + break; + + default: ++ g_free (addrname); + g_return_val_if_reached (NULL); + break; + } + +- g_free (addrname); + + version = LDAP_VERSION3; + if (ldap_set_option (ls->ldap, LDAP_OPT_PROTOCOL_VERSION, &version) != 0) +diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c +index 61988eb..30f0433 100644 +--- a/service/realm-samba-winbind.c ++++ b/service/realm-samba-winbind.c +@@ -154,6 +154,7 @@ realm_samba_winbind_configure_async (RealmIniConfig *config, + realm_ini_config_finish_change (config, &error); + g_free (idmap_config_backend); + g_free (idmap_config_range); ++ g_free (idmap_config_schema_mode); + } + + /* Setup pam_winbind.conf with decent defaults matching our expectations */ +diff --git a/service/realm-samba.c b/service/realm-samba.c +index 677c848..bc976f1 100644 +--- a/service/realm-samba.c ++++ b/service/realm-samba.c +@@ -134,10 +134,9 @@ lookup_login_prefix (RealmSamba *self) + return NULL; + + separator = realm_ini_config_get (self->config, REALM_SAMBA_CONFIG_GLOBAL, "winbind separator"); +- if (separator == NULL) +- separator = g_strdup ("\\"); + +- return g_strdup_printf ("%s%s", workgroup, separator); ++ return g_strdup_printf ("%s%s", workgroup, ++ separator != NULL ? separator : "\\"); + } + + typedef struct { +diff --git a/tools/realm-client.c b/tools/realm-client.c +index 06420ea..a63652d 100644 +--- a/tools/realm-client.c ++++ b/tools/realm-client.c +@@ -287,8 +287,8 @@ realm_client_new_installer (gboolean verbose, + socket = g_socket_new_from_fd (pair[0], &error); + if (error != NULL) { + realm_handle_error (error, _("Couldn't create socket")); +- close(pair[0]); +- close(pair[1]); ++ close (pair[0]); ++ close (pair[1]); + return NULL; + } + +@@ -296,11 +296,12 @@ realm_client_new_installer (gboolean verbose, + G_SPAWN_LEAVE_DESCRIPTORS_OPEN | G_SPAWN_DO_NOT_REAP_CHILD, + NULL, NULL, &pid, &error); + +- close(pair[1]); ++ close (pair[1]); + + if (error != NULL) { + realm_handle_error (error, _("Couldn't run realmd")); +- close(pair[0]); ++ close (pair[0]); ++ g_object_unref (socket); + return NULL; + } + +@@ -770,11 +771,14 @@ build_ccache_credential (const gchar *user_name, + if (ccache) { + ret = copy_or_kinit_to_ccache (krb5, ccache, user_name, realm_name, error); + krb5_cc_close (krb5, ccache); +- krb5_free_context (krb5); + } ++ krb5_free_context (krb5); + +- if (!ret) ++ if (!ret) { ++ g_unlink (filename); ++ g_free (filename); + return NULL; ++ } + + result = read_file_into_variant (filename); + +-- +2.48.1 + diff --git a/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch b/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch new file mode 100644 index 0000000000000000000000000000000000000000..c2c8e3e0e9957e3849e04945b22c750c917437fe --- /dev/null +++ b/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch @@ -0,0 +1,74 @@ +From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 13 Jun 2023 18:02:52 +0200 +Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option + +realmd checks if the 'ad_server' option is set in sssd.conf before +calling adcli to remove the host from the AD server. If set the value is +used as value for dcli's '--domain-controller' option. But if multiple +names are set in sssd.conf this currently fails because the whole string +is used. + +With this patch the 'ad_server' option is properly evaluated and only +the first domain controller name is used. +--- + service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++- + 1 file changed, 35 insertions(+), 1 deletion(-) + +diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c +index 2817e73..096b6c5 100644 +--- a/service/realm-sssd-ad.c ++++ b/service/realm-sssd-ad.c +@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm, + return g_task_propagate_boolean (G_TASK (result), error); + } + ++static gchar *get_ad_server_from_config (RealmKerberos *realm) ++{ ++ RealmSssd *sssd = REALM_SSSD (realm); ++ RealmIniConfig *config; ++ const gchar *section; ++ gchar **servers; ++ gchar *tmp; ++ size_t c; ++ gchar *value = NULL; ++ ++ config = realm_sssd_get_config (sssd); ++ section = realm_sssd_get_config_section (sssd); ++ ++ if (section == NULL) { ++ return NULL; ++ } ++ ++ servers = realm_ini_config_get_list (config, section, "ad_server", ","); ++ /* Only use the first server defined given in 'ad_server' and ignore ++ * '_srv_'. */ ++ if (servers != NULL) { ++ for (c = 0; servers[c] != NULL; c++) { ++ tmp = g_strstrip (servers[c]); ++ if (strcasecmp ("_srv_", tmp) != 0) { ++ value = g_strdup (tmp); ++ break; ++ } ++ } ++ g_strfreev (servers); ++ } ++ ++ return value; ++} ++ + static void + realm_sssd_ad_discover_myself (RealmKerberos *realm, + RealmDisco *disco) +@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm, + if (section == NULL) + return; + +- value = realm_ini_config_get (config, section, "ad_server"); ++ value = get_ad_server_from_config (realm); + g_free (disco->explicit_server); + disco->explicit_server = value; + +-- +2.43.0 + diff --git a/0001-sssd-package-fix.patch b/0001-sssd-package-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..acf5dcfcd53bc4b0f56236a7254860324df95b14 --- /dev/null +++ b/0001-sssd-package-fix.patch @@ -0,0 +1,72 @@ +From 4299bd81279830e48b93f163049179aff14d1402 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 5 Feb 2024 08:58:56 +0100 +Subject: [PATCH] sssd package fix + +--- + dbus/realm-dbus-constants.h | 1 + + service/realm-sssd-ad.c | 3 +++ + service/realmd-redhat-authconfig.conf | 5 ++++- + service/realmd-redhat.conf | 5 ++++- + 4 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h +index d2c2a8b..e49034b 100644 +--- a/dbus/realm-dbus-constants.h ++++ b/dbus/realm-dbus-constants.h +@@ -78,6 +78,7 @@ G_BEGIN_DECLS + #define REALM_DBUS_IDENTIFIER_IPA "ipa" + #define REALM_DBUS_IDENTIFIER_FREEIPA "freeipa" + #define REALM_DBUS_IDENTIFIER_SSSD "sssd" ++#define REALM_DBUS_IDENTIFIER_SSSD_AD "sssd-ad" + #define REALM_DBUS_IDENTIFIER_SAMBA "samba" + #define REALM_DBUS_IDENTIFIER_ADCLI "adcli" + #define REALM_DBUS_IDENTIFIER_EXAMPLE "example" +diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c +index 096b6c5..64bb488 100644 +--- a/service/realm-sssd-ad.c ++++ b/service/realm-sssd-ad.c +@@ -46,18 +46,21 @@ typedef struct { + + static const gchar *ADCLI_PACKAGES[] = { + REALM_DBUS_IDENTIFIER_SSSD, ++ REALM_DBUS_IDENTIFIER_SSSD_AD, + REALM_DBUS_IDENTIFIER_ADCLI, + NULL + }; + + static const gchar *SAMBA_PACKAGES[] = { + REALM_DBUS_IDENTIFIER_SSSD, ++ REALM_DBUS_IDENTIFIER_SSSD_AD, + REALM_DBUS_IDENTIFIER_SAMBA, + NULL + }; + + static const gchar *ALL_PACKAGES[] = { + REALM_DBUS_IDENTIFIER_SSSD, ++ REALM_DBUS_IDENTIFIER_SSSD_AD, + REALM_DBUS_IDENTIFIER_ADCLI, + REALM_DBUS_IDENTIFIER_SAMBA, + NULL +diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf +index 2b11c30..12ec3c3 100644 +--- a/service/realmd-redhat.conf ++++ b/service/realmd-redhat.conf +@@ -13,10 +13,13 @@ oddjob = /usr/sbin/oddjobd + oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir + + [sssd-packages] +-sssd = /usr/sbin/sssd ++sssd-common = /usr/sbin/sssd + oddjob = /usr/sbin/oddjobd + oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir + ++[sssd-ad-packages] ++sssd-ad = /usr/libexec/sssd/gpo_child ++ + [adcli-packages] + adcli = /usr/sbin/adcli + +-- +2.43.0 + diff --git a/0001-tools-fix-ccache-handling-for-leave-operation.patch b/0001-tools-fix-ccache-handling-for-leave-operation.patch new file mode 100644 index 0000000000000000000000000000000000000000..01a3a2adcc42ac6a7e7510bb129100b99342c1fd --- /dev/null +++ b/0001-tools-fix-ccache-handling-for-leave-operation.patch @@ -0,0 +1,69 @@ +From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 10 Jan 2024 09:18:20 +0100 +Subject: [PATCH] tools: fix ccache handling for leave operation + +krb5_cc_initialize() must be called before anything can be written into +a ccache. + +While checking the available credential types the order/preference was +not respected. + +Resolves: https://issues.redhat.com/browse/SSSD-6420 +--- + tools/realm-client.c | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git a/tools/realm-client.c b/tools/realm-client.c +index c386e64..06420ea 100644 +--- a/tools/realm-client.c ++++ b/tools/realm-client.c +@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported, + GVariantIter iter; + const gchar *type; + const gchar *owner; +- +- g_variant_iter_init (&iter, supported); +- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { +- if (g_strcmp0 (credential_type_1, type) == 0 || +- g_strcmp0 (credential_type_2, type) == 0) { +- *ret_owner = owner; +- return type; ++ const gchar *list[] = {credential_type_1, credential_type_2, NULL}; ++ size_t c; ++ ++ for (c = 0; list[c] != NULL; c++) { ++ g_variant_iter_init (&iter, supported); ++ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { ++ if (g_strcmp0 (list[c], type) == 0) { ++ *ret_owner = owner; ++ return type; ++ } + } + } + +@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5, + memset (&mcred, 0, sizeof (mcred)); + mcred.client = principal; + mcred.server = server; +- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND; +- mcred.times.endtime = mcred.times.starttime; + + code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES, + &mcred, &creds); +@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5, + return FALSE; + } + ++ code = krb5_cc_initialize (krb5, ccache, creds.client); ++ if (code != 0) { ++ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code)); ++ return FALSE; ++ } ++ + code = krb5_cc_store_cred (krb5, ccache, &creds); + krb5_free_cred_contents (krb5, &creds); + +-- +2.43.0 + diff --git a/0002-service-fix-error-message-when-removing-host-from-AD.patch b/0002-service-fix-error-message-when-removing-host-from-AD.patch new file mode 100644 index 0000000000000000000000000000000000000000..c5968d3967ba57fcd72738d51c6a39fef29d31c9 --- /dev/null +++ b/0002-service-fix-error-message-when-removing-host-from-AD.patch @@ -0,0 +1,88 @@ +From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 1 Dec 2023 12:14:06 +0100 +Subject: [PATCH 2/3] service: fix error message when removing host from AD + +If there is an error while trying to remove the host from AD with the +help of adcli the error message talks about "joining" which might be +irritating when figuring out the reason for the failure. This patch +adds a better message when leaving the domain. +--- + service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++------- + 1 file changed, 27 insertions(+), 7 deletions(-) + +diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c +index e0d752b..c913987 100644 +--- a/service/realm-adcli-enroll.c ++++ b/service/realm-adcli-enroll.c +@@ -25,9 +25,10 @@ + #include "realm-settings.h" + + static void +-on_join_process (GObject *source, +- GAsyncResult *result, +- gpointer user_data) ++on_join_leave_process (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data, ++ gboolean is_join) + { + GTask *task = G_TASK (user_data); + GError *error = NULL; +@@ -39,15 +40,18 @@ on_join_process (GObject *source, + switch (status) { + case 2: /* ADCLI_ERR_UNEXPECTED */ + g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL, +- "Internal unexpected error joining the domain"); ++ is_join ? "Internal unexpected error joining the domain" ++ : "Internal unexpected error removing host from the domain"); + break; + case 6: /* ADCLI_ERR_CREDENTIALS */ + g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED, +- "Insufficient permissions to join the domain"); ++ is_join ? "Insufficient permissions to join the domain" ++ : "Insufficient permissions to remove the host from the domain"); + break; + default: + g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED, +- "Failed to join the domain"); ++ is_join ? "Failed to join the domain" ++ : "Failed to remove the host from the domain"); + break; + } + } +@@ -64,6 +68,22 @@ on_join_process (GObject *source, + g_object_unref (task); + } + ++static void ++on_join_process (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ on_join_leave_process (source, result, user_data, TRUE); ++} ++ ++static void ++on_leave_process (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ on_join_leave_process (source, result, user_data, FALSE); ++} ++ + void + realm_adcli_enroll_join_async (RealmDisco *disco, + RealmCredential *cred, +@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco, + g_ptr_array_add (args, NULL); + + realm_command_runv_async ((gchar **)args->pdata, environ, input, +- invocation, on_join_process, ++ invocation, on_leave_process, + g_object_ref (task)); + + g_ptr_array_free (args, TRUE); +-- +2.43.0 + diff --git a/0003-doc-fix-reference-in-realmd.conf-man-page.patch b/0003-doc-fix-reference-in-realmd.conf-man-page.patch new file mode 100644 index 0000000000000000000000000000000000000000..a03a09a018aa850df4989b8e4a97df8cc3bd898b --- /dev/null +++ b/0003-doc-fix-reference-in-realmd.conf-man-page.patch @@ -0,0 +1,26 @@ +From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 1 Dec 2023 13:07:10 +0100 +Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page + +--- + doc/manual/realmd.conf.xml | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml +index 72b706c..ad17639 100644 +--- a/doc/manual/realmd.conf.xml ++++ b/doc/manual/realmd.conf.xml +@@ -110,7 +110,8 @@ default-client = sssd + + + Some callers of realmd such as the +- realm ++ realm ++ 8 + command line tool allow specifying which client software should + be used. Others, such as GNOME Control Center, simplify choose + the default. +-- +2.43.0 + diff --git a/realmd-0.17.1.tar.gz b/realmd-0.17.1.tar.gz index ab308e62763ae12abc3484ebaf327a191d905025..c69fcc16291b582af7782ea2dafbdb384d8482e4 100644 Binary files a/realmd-0.17.1.tar.gz and b/realmd-0.17.1.tar.gz differ diff --git a/realmd.spec b/realmd.spec index d0a28c9c00a446a9dcdfdea6e8a3bc28c513efe7..d4610b3384234dbf5f3e9ab6ebb0711f2436800d 100644 --- a/realmd.spec +++ b/realmd.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 %define _hardened_build 1 Name: realmd @@ -8,11 +8,16 @@ Summary: DBus service for configuring kerberos and other online identities. License: LGPLv2+ URL: https://gitlab.freedesktop.org/realmd/realmd -Source0: https://gitlab.freedesktop.org/realmd/realmd/-/archive/%{version}/realmd-%{version}.tar.gz -Source1: realmd-anolis.conf +Source0: https://gitlab.freedesktop.org/realmd/realmd/uploads/204d05bd487908ece2ce2705a01d2b26/realmd-0.17.1.tar.gz # add support for anolis os Patch1001: 1001-add-support-for-anolis-os.patch +Patch1002: 0001-Various-fixes-for-issues-found-by-static-code-scanne.patch +Patch1003: 0002-service-fix-error-message-when-removing-host-from-AD.patch +Patch1004: 0001-tools-fix-ccache-handling-for-leave-operation.patch +Patch1005: 0003-doc-fix-reference-in-realmd.conf-man-page.patch +Patch1006: 0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch +Patch1007: 0001-sssd-package-fix.patch BuildRequires: make BuildRequires: gcc @@ -29,6 +34,7 @@ BuildRequires: systemd-devel BuildRequires: libxslt BuildRequires: xmlto BuildRequires: python3 vim +BuildRequires: samba-common-tools Requires: authselect Requires: polkit Conflicts: realmd-devel-docs < %{version}-%{release} @@ -103,6 +109,13 @@ make check %doc ChangeLog %changelog +* Tue Oct 28 2025 wenyuzifang - 0.17.1-3 +- Fix memory leaks, prevent undefined behavior, and ensure proper resource cleanup for stability and security. +- Improve error message accuracy when removing a host from Active Directory to avoid confusion. +- Fix ccache initialization and enforce credential preference order to ensure reliable domain leave operations. +- Fix documentation markup to ensure correct rendering of man pages and improve semantic accuracy. +- Fix handling of multiple ad_server entries and ensure compatibility with adcli by using the first valid domain controller. +- Ensure complete AD integration by detecting and requiring the sssd-ad package during domain join. * Tue May 14 2024 Bo Ren - 0.17.1-2 - update source