From ab1e838311a6c17bfa22977fc09c7a674ed2f669 Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Thu, 9 May 2019 20:20:20 +0200
Subject: [PATCH] Update adcli patches
---
...dle-empty-string-in-client-site-name.patch | 2 +-
...002-Move-the-empty-client-site-check.patch | 2 +-
...e-only-check-when-looking-for-the-Ne.patch | 2 +-
.../0004-Use-strdup-if-offsets-are-used.patch | 2 +-
...-of-adcli_tool_computer_delete-descr.patch | 2 +-
...-all-credential-cache-types-are-supp.patch | 2 +-
...-library-add-adcli_conn_is_writeable.patch | 2 +-
...0008-Handle-kvno-increment-for-RODCs.patch | 2 +-
...09-library-add-_adcli_bin_sid_to_str.patch | 2 +-
...ary-add-_adcli_call_external_program.patch | 2 +-
...11-library-add-_adcli_ldap_parse_sid.patch | 2 +-
.../0012-library-add-lookup_domain_sid.patch | 2 +-
...ibrary-add-adcli_conn_get_domain_sid.patch | 2 +-
...0014-tools-add-option-add-samba-data.patch | 2 +-
...-tools-store-Samba-data-if-requested.patch | 2 +-
...16-make-Samba-data-tool-configurable.patch | 15 +-
...in-test_check_nt_time_string_lifetim.patch | 2 +-
.../adcli/0018-fix-typo-in-flag-value.patch | 2 +-
...19-Add-trusted-for-delegation-option.patch | 2 +-
...attributes-given-on-the-command-line.patch | 2 +-
...21-update-allow-to-add-service-names.patch | 2 +-
...late-enctypes-in-a-separate-function.patch | 2 +-
...ributes-while-creating-computer-obje.patch | 2 +-
...util-add-_adcli_strv_remove_unsorted.patch | 2 +-
...principal-and-remove-service-princip.patch | 2 +-
...-Do-not-add-service-principals-twice.patch | 2 +-
...-doc-fix-typos-in-the-adcli-man-page.patch | 2 +-
...rnal_program-silence-noisy-debug-mes.patch | 2 +-
...depend-on-default_realm-in-krb5.conf.patch | 2 +-
...030-Fix-for-issues-found-by-Coverity.patch | 2 +-
...DC-location-mechanism-more-compliant.patch | 216 ++++++++++
...-data-tool-needs-to-take-an-argument.patch | 35 ++
...33-adutil-add-_adcli_strv_add_unique.patch | 134 ++++++
...cli_strv_add_unique-for-service-prin.patch | 83 ++++
...perly-release-internal-data-on-error.patch | 152 +++++++
...fter-password-change-with-user-creds.patch | 32 ++
...ddrinfo-with-AI_CANONNAME-to-find-a-.patch | 93 ++++
...38-create-user-add-nis-domain-option.patch | 71 ++++
...ser-try-to-find-NIS-domain-if-needed.patch | 147 +++++++
...0-join-always-add-service-principals.patch | 86 ++++
...n-error-if-no-matching-key-was-found.patch | 35 ++
...incipals-do-not-leak-memory-when-cal.patch | 72 ++++
...brary-make-_adcli_strv_has_ex-public.patch | 42 ++
...rb5_build_principal-allow-principals.patch | 42 ++
...-sure-server-side-SPNs-are-preserved.patch | 82 ++++
.../adcli/0046-Implement-adcli-testjoin.patch | 181 ++++++++
.../0047-library-add-missing-strdup.patch | 34 ++
...perly-release-internal-data-on-error.patch | 152 +++++++
...s-remove-errx-from-computer-commands.patch | 328 +++++++++++++++
...ve-errx-from-user-and-group-commands.patch | 398 ++++++++++++++++++
...tools-remove-errx-from-info-commands.patch | 53 +++
...e-errx-from-adcli_read_password_func.patch | 42 ++
...-errx-from-setup_krb5_conf_directory.patch | 63 +++
...-entry-remove-errx-from-parse_option.patch | 175 ++++++++
...mputer-remove-errx-from-parse_option.patch | 294 +++++++++++++
55 files changed, 3085 insertions(+), 30 deletions(-)
create mode 100644 patches/adcli/0031-Make-adcli-info-DC-location-mechanism-more-compliant.patch
create mode 100644 patches/adcli/0032-samba-data-tool-needs-to-take-an-argument.patch
create mode 100644 patches/adcli/0033-adutil-add-_adcli_strv_add_unique.patch
create mode 100644 patches/adcli/0034-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch
create mode 100644 patches/adcli/0035-tools-properly-release-internal-data-on-error.patch
create mode 100644 patches/adcli/0036-Increment-kvno-after-password-change-with-user-creds.patch
create mode 100644 patches/adcli/0037-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch
create mode 100644 patches/adcli/0038-create-user-add-nis-domain-option.patch
create mode 100644 patches/adcli/0039-create-user-try-to-find-NIS-domain-if-needed.patch
create mode 100644 patches/adcli/0040-join-always-add-service-principals.patch
create mode 100644 patches/adcli/0041-library-return-error-if-no-matching-key-was-found.patch
create mode 100644 patches/adcli/0042-ensure_keytab_principals-do-not-leak-memory-when-cal.patch
create mode 100644 patches/adcli/0043-library-make-_adcli_strv_has_ex-public.patch
create mode 100644 patches/adcli/0044-library-_adcli_krb5_build_principal-allow-principals.patch
create mode 100644 patches/adcli/0045-library-make-sure-server-side-SPNs-are-preserved.patch
create mode 100644 patches/adcli/0046-Implement-adcli-testjoin.patch
create mode 100644 patches/adcli/0047-library-add-missing-strdup.patch
create mode 100644 patches/adcli/0048-Revert-tools-properly-release-internal-data-on-error.patch
create mode 100644 patches/adcli/0049-tools-remove-errx-from-computer-commands.patch
create mode 100644 patches/adcli/0050-tools-remove-errx-from-user-and-group-commands.patch
create mode 100644 patches/adcli/0051-tools-remove-errx-from-info-commands.patch
create mode 100644 patches/adcli/0052-tools-remove-errx-from-adcli_read_password_func.patch
create mode 100644 patches/adcli/0053-tools-remove-errx-from-setup_krb5_conf_directory.patch
create mode 100644 patches/adcli/0054-tools-entry-remove-errx-from-parse_option.patch
create mode 100644 patches/adcli/0055-tools-computer-remove-errx-from-parse_option.patch
diff --git a/patches/adcli/0001-Handle-empty-string-in-client-site-name.patch b/patches/adcli/0001-Handle-empty-string-in-client-site-name.patch
index 5394654..f833c69 100644
--- a/patches/adcli/0001-Handle-empty-string-in-client-site-name.patch
+++ b/patches/adcli/0001-Handle-empty-string-in-client-site-name.patch
@@ -1,7 +1,7 @@
From 213116ea8a16a10f4def750d92095c250b51def7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 7 Oct 2016 13:57:44 +0200
-Subject: [PATCH 01/30] Handle empty string in client site name
+Subject: [PATCH 01/55] Handle empty string in client site name
parse_disco_string() returns an empty string if there is no client site
name in the NetLogon reply. Later in the code only a NULL check is used
diff --git a/patches/adcli/0002-Move-the-empty-client-site-check.patch b/patches/adcli/0002-Move-the-empty-client-site-check.patch
index e56b930..747127b 100644
--- a/patches/adcli/0002-Move-the-empty-client-site-check.patch
+++ b/patches/adcli/0002-Move-the-empty-client-site-check.patch
@@ -1,7 +1,7 @@
From 85146804c219b2d4a62f315a0988536af7a53911 Mon Sep 17 00:00:00 2001
From: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Date: Thu, 30 Mar 2017 12:50:33 +0200
-Subject: [PATCH 02/30] Move the empty client site check
+Subject: [PATCH 02/55] Move the empty client site check
Currently this check will SEGV(NULL ptr access) if the parsing
of Netlogon discovery data fails. Move the empty check to where the
diff --git a/patches/adcli/0003-Remove-upper-case-only-check-when-looking-for-the-Ne.patch b/patches/adcli/0003-Remove-upper-case-only-check-when-looking-for-the-Ne.patch
index d43dd3b..708cd75 100644
--- a/patches/adcli/0003-Remove-upper-case-only-check-when-looking-for-the-Ne.patch
+++ b/patches/adcli/0003-Remove-upper-case-only-check-when-looking-for-the-Ne.patch
@@ -1,7 +1,7 @@
From 7c95c61a86c5801d551d1042900b0e2e671891ce Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 24 Aug 2016 15:37:41 +0200
-Subject: [PATCH 03/30] Remove upper-case only check when looking for the
+Subject: [PATCH 03/55] Remove upper-case only check when looking for the
NetBIOS name
It is a convention to use only upper-case letters for NetBIOS names but
diff --git a/patches/adcli/0004-Use-strdup-if-offsets-are-used.patch b/patches/adcli/0004-Use-strdup-if-offsets-are-used.patch
index 79cf3ea..011bf5e 100644
--- a/patches/adcli/0004-Use-strdup-if-offsets-are-used.patch
+++ b/patches/adcli/0004-Use-strdup-if-offsets-are-used.patch
@@ -1,7 +1,7 @@
From 90c1e96cf3eea8718aa97a6fb97aa2029ef64670 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 24 Aug 2016 16:19:36 +0200
-Subject: [PATCH 04/30] Use strdup() if offsets are used
+Subject: [PATCH 04/55] Use strdup() if offsets are used
Strings with an offset to the original starting point must be copied
because otherwise they cannot be properly freed later.
diff --git a/patches/adcli/0005-correct-spelling-of-adcli_tool_computer_delete-descr.patch b/patches/adcli/0005-correct-spelling-of-adcli_tool_computer_delete-descr.patch
index c86228d..0b8c310 100644
--- a/patches/adcli/0005-correct-spelling-of-adcli_tool_computer_delete-descr.patch
+++ b/patches/adcli/0005-correct-spelling-of-adcli_tool_computer_delete-descr.patch
@@ -1,7 +1,7 @@
From 99b2d00ea848db46898ae111a10739f9a9c7bf3e Mon Sep 17 00:00:00 2001
From: Striker Leggette <striker@redhat.com>
Date: Wed, 1 Nov 2017 11:16:39 +0100
-Subject: [PATCH 05/30] correct spelling of 'adcli_tool_computer_delete'
+Subject: [PATCH 05/55] correct spelling of 'adcli_tool_computer_delete'
description
---
diff --git a/patches/adcli/0006-doc-explain-that-all-credential-cache-types-are-supp.patch b/patches/adcli/0006-doc-explain-that-all-credential-cache-types-are-supp.patch
index 32deba0..e8702ff 100644
--- a/patches/adcli/0006-doc-explain-that-all-credential-cache-types-are-supp.patch
+++ b/patches/adcli/0006-doc-explain-that-all-credential-cache-types-are-supp.patch
@@ -1,7 +1,7 @@
From 8bfeba525a104f39c9ede7601035d934cd062437 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 1 Nov 2017 12:01:18 +0100
-Subject: [PATCH 06/30] doc: explain that all credential cache types are
+Subject: [PATCH 06/55] doc: explain that all credential cache types are
supported
---
diff --git a/patches/adcli/0007-library-add-adcli_conn_is_writeable.patch b/patches/adcli/0007-library-add-adcli_conn_is_writeable.patch
index 0a12706..0fb8f15 100644
--- a/patches/adcli/0007-library-add-adcli_conn_is_writeable.patch
+++ b/patches/adcli/0007-library-add-adcli_conn_is_writeable.patch
@@ -1,7 +1,7 @@
From d9721f64ca3bb3467898c06aa8470aec73a0d0d8 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 1 Nov 2017 16:29:19 +0100
-Subject: [PATCH 07/30] library: add adcli_conn_is_writeable()
+Subject: [PATCH 07/55] library: add adcli_conn_is_writeable()
---
library/adconn.c | 11 +++++++++++
diff --git a/patches/adcli/0008-Handle-kvno-increment-for-RODCs.patch b/patches/adcli/0008-Handle-kvno-increment-for-RODCs.patch
index 52058a7..0a03c1a 100644
--- a/patches/adcli/0008-Handle-kvno-increment-for-RODCs.patch
+++ b/patches/adcli/0008-Handle-kvno-increment-for-RODCs.patch
@@ -1,7 +1,7 @@
From 4edc04768f6b28312404312e7012c700661a4ee3 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 1 Nov 2017 17:14:05 +0100
-Subject: [PATCH 08/30] Handle kvno increment for RODCs
+Subject: [PATCH 08/55] Handle kvno increment for RODCs
Since the actual password change does not happen on the read-only domain
controller (RODC) the kvno change has to be replicated back which might
diff --git a/patches/adcli/0009-library-add-_adcli_bin_sid_to_str.patch b/patches/adcli/0009-library-add-_adcli_bin_sid_to_str.patch
index 5edb665..477c20e 100644
--- a/patches/adcli/0009-library-add-_adcli_bin_sid_to_str.patch
+++ b/patches/adcli/0009-library-add-_adcli_bin_sid_to_str.patch
@@ -1,7 +1,7 @@
From 2f08e7992d484563c29a1db979e2a95691dbb170 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 14:37:05 +0100
-Subject: [PATCH 09/30] library: add _adcli_bin_sid_to_str()
+Subject: [PATCH 09/55] library: add _adcli_bin_sid_to_str()
Convert a binary SID to the string representation.
diff --git a/patches/adcli/0010-library-add-_adcli_call_external_program.patch b/patches/adcli/0010-library-add-_adcli_call_external_program.patch
index fd76fbc..02e334e 100644
--- a/patches/adcli/0010-library-add-_adcli_call_external_program.patch
+++ b/patches/adcli/0010-library-add-_adcli_call_external_program.patch
@@ -1,7 +1,7 @@
From e25c49fc8be4df614e74a98e0d5dfecbf0af6020 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 14:39:17 +0100
-Subject: [PATCH 10/30] library: add _adcli_call_external_program()
+Subject: [PATCH 10/55] library: add _adcli_call_external_program()
Allow adcli to call an external program given by an absolute path name
and an array of options. stdin and stdout can be used if needed.
diff --git a/patches/adcli/0011-library-add-_adcli_ldap_parse_sid.patch b/patches/adcli/0011-library-add-_adcli_ldap_parse_sid.patch
index 77f2b4e..2042851 100644
--- a/patches/adcli/0011-library-add-_adcli_ldap_parse_sid.patch
+++ b/patches/adcli/0011-library-add-_adcli_ldap_parse_sid.patch
@@ -1,7 +1,7 @@
From 64fb4f01d38c0f01554bc35e949ba4838247c72e Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 14:44:45 +0100
-Subject: [PATCH 11/30] library: add _adcli_ldap_parse_sid()
+Subject: [PATCH 11/55] library: add _adcli_ldap_parse_sid()
Get a binary SID from a LDAP message and return it in the string
representation.
diff --git a/patches/adcli/0012-library-add-lookup_domain_sid.patch b/patches/adcli/0012-library-add-lookup_domain_sid.patch
index 6455ad7..0fe95fc 100644
--- a/patches/adcli/0012-library-add-lookup_domain_sid.patch
+++ b/patches/adcli/0012-library-add-lookup_domain_sid.patch
@@ -1,7 +1,7 @@
From d00590ada9094c47ed39e4e3a4e1d80bff126f8f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 14:40:46 +0100
-Subject: [PATCH 12/30] library: add lookup_domain_sid()
+Subject: [PATCH 12/55] library: add lookup_domain_sid()
Read the domain SID from the default naming context AD object and store
it in adcli_conn.
diff --git a/patches/adcli/0013-library-add-adcli_conn_get_domain_sid.patch b/patches/adcli/0013-library-add-adcli_conn_get_domain_sid.patch
index 265f71d..0d3f349 100644
--- a/patches/adcli/0013-library-add-adcli_conn_get_domain_sid.patch
+++ b/patches/adcli/0013-library-add-adcli_conn_get_domain_sid.patch
@@ -1,7 +1,7 @@
From 839ab7f8248aea897ae95b20d8bb79222c4bf21e Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 18:23:03 +0100
-Subject: [PATCH 13/30] library: add adcli_conn_get_domain_sid()
+Subject: [PATCH 13/55] library: add adcli_conn_get_domain_sid()
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
diff --git a/patches/adcli/0014-tools-add-option-add-samba-data.patch b/patches/adcli/0014-tools-add-option-add-samba-data.patch
index b53fbda..74cf419 100644
--- a/patches/adcli/0014-tools-add-option-add-samba-data.patch
+++ b/patches/adcli/0014-tools-add-option-add-samba-data.patch
@@ -1,7 +1,7 @@
From 9e2be6f374d6d9107a34acfcd6fa551190d756d5 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 14:46:00 +0100
-Subject: [PATCH 14/30] tools: add option --add-samba-data
+Subject: [PATCH 14/55] tools: add option --add-samba-data
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
diff --git a/patches/adcli/0015-tools-store-Samba-data-if-requested.patch b/patches/adcli/0015-tools-store-Samba-data-if-requested.patch
index 125c112..25d6c15 100644
--- a/patches/adcli/0015-tools-store-Samba-data-if-requested.patch
+++ b/patches/adcli/0015-tools-store-Samba-data-if-requested.patch
@@ -1,7 +1,7 @@
From a79e03c5a559389c5c9c0e9d72831e5fe5c62f54 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 18:24:15 +0100
-Subject: [PATCH 15/30] tools: store Samba data if requested
+Subject: [PATCH 15/55] tools: store Samba data if requested
Use Samba's net utility to add the machine account password and the
domain SID to the Samba configuration.
diff --git a/patches/adcli/0016-make-Samba-data-tool-configurable.patch b/patches/adcli/0016-make-Samba-data-tool-configurable.patch
index 0e557a5..552797e 100644
--- a/patches/adcli/0016-make-Samba-data-tool-configurable.patch
+++ b/patches/adcli/0016-make-Samba-data-tool-configurable.patch
@@ -1,7 +1,7 @@
From 9fa4b8d2bd98525212a019bfa62c2f132614faba Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 1 Feb 2018 14:26:22 +0100
-Subject: [PATCH 16/30] make Samba data tool configurable
+Subject: [PATCH 16/55] make Samba data tool configurable
Allow to specify an alternative path to Samba's net utility at configure
time and at run time.
@@ -11,6 +11,7 @@ https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
+ .gitignore | 1 +
configure.ac | 13 ++++++++++++
doc/adcli.xml | 21 ++++++++++++++++++-
doc/samba_data_tool_path.xml.in | 1 +
@@ -20,6 +21,18 @@ Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
7 files changed, 95 insertions(+), 8 deletions(-)
create mode 100644 doc/samba_data_tool_path.xml.in
+diff --git a/.gitignore b/.gitignore
+index b49a065..c64f4e7 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -46,6 +46,7 @@ Makefile.in
+ /doc/adcli.8
+ /doc/html/
+ /doc/version.xml
++/doc/samba_data_tool_path.xml
+
+ /po/POTFILES
+ /po/stamp-po
diff --git a/configure.ac b/configure.ac
index fe86638..68877c7 100644
--- a/configure.ac
diff --git a/patches/adcli/0017-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch b/patches/adcli/0017-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch
index 0679266..2e87462 100644
--- a/patches/adcli/0017-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch
+++ b/patches/adcli/0017-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch
@@ -1,7 +1,7 @@
From 1b31d18c574e820d50c80e6973e8d6031a305410 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 14:39:46 +0100
-Subject: [PATCH 17/30] Fix memory leak in test_check_nt_time_string_lifetime
+Subject: [PATCH 17/55] Fix memory leak in test_check_nt_time_string_lifetime
The test added with 650e5d33ef31437a049fb454ad3dc5457c56abe7 introduced
a small memory leak.
diff --git a/patches/adcli/0018-fix-typo-in-flag-value.patch b/patches/adcli/0018-fix-typo-in-flag-value.patch
index b5aa68e..6e1c134 100644
--- a/patches/adcli/0018-fix-typo-in-flag-value.patch
+++ b/patches/adcli/0018-fix-typo-in-flag-value.patch
@@ -1,7 +1,7 @@
From 12e13aaea8ab999540ad62e91829fc3d1815fac1 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 8 Aug 2018 12:03:01 +0200
-Subject: [PATCH 18/30] fix typo in flag value
+Subject: [PATCH 18/55] fix typo in flag value
---
library/adenroll.h | 2 +-
diff --git a/patches/adcli/0019-Add-trusted-for-delegation-option.patch b/patches/adcli/0019-Add-trusted-for-delegation-option.patch
index 7ba48ee..1d5cfc7 100644
--- a/patches/adcli/0019-Add-trusted-for-delegation-option.patch
+++ b/patches/adcli/0019-Add-trusted-for-delegation-option.patch
@@ -1,7 +1,7 @@
From b1da8a2fbe739cc8754de712711d84956848a7ea Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 31 May 2018 18:27:37 +0200
-Subject: [PATCH 19/30] Add trusted-for-delegation option
+Subject: [PATCH 19/55] Add trusted-for-delegation option
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1538730
---
diff --git a/patches/adcli/0020-Only-update-attributes-given-on-the-command-line.patch b/patches/adcli/0020-Only-update-attributes-given-on-the-command-line.patch
index 1bc9313..c45ddb1 100644
--- a/patches/adcli/0020-Only-update-attributes-given-on-the-command-line.patch
+++ b/patches/adcli/0020-Only-update-attributes-given-on-the-command-line.patch
@@ -1,7 +1,7 @@
From 32d8f994120cbb9b5b8b4bb1f7e80798bf82da20 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 1 Jun 2018 21:26:47 +0200
-Subject: [PATCH 20/30] Only update attributes given on the command line
+Subject: [PATCH 20/55] Only update attributes given on the command line
When updating attributes of the LDAP computer object we only want to
update attributes which are related to options given on the command
diff --git a/patches/adcli/0021-update-allow-to-add-service-names.patch b/patches/adcli/0021-update-allow-to-add-service-names.patch
index cff8161..096a211 100644
--- a/patches/adcli/0021-update-allow-to-add-service-names.patch
+++ b/patches/adcli/0021-update-allow-to-add-service-names.patch
@@ -1,7 +1,7 @@
From 8396b9bca05fec8022758c6930f1e594252ae296 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 4 Jun 2018 10:49:33 +0200
-Subject: [PATCH 21/30] update: allow to add service names
+Subject: [PATCH 21/55] update: allow to add service names
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
https://bugzilla.redhat.com/show_bug.cgi?id=1545568
diff --git a/patches/adcli/0022-Calculate-enctypes-in-a-separate-function.patch b/patches/adcli/0022-Calculate-enctypes-in-a-separate-function.patch
index 02f9a55..33fb3ad 100644
--- a/patches/adcli/0022-Calculate-enctypes-in-a-separate-function.patch
+++ b/patches/adcli/0022-Calculate-enctypes-in-a-separate-function.patch
@@ -1,7 +1,7 @@
From 19c56937a7e2a1e2fd184c131587377bc2d24fbb Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 6 Jun 2018 16:31:32 +0200
-Subject: [PATCH 22/30] Calculate enctypes in a separate function
+Subject: [PATCH 22/55] Calculate enctypes in a separate function
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1542354
---
diff --git a/patches/adcli/0023-join-add-all-attributes-while-creating-computer-obje.patch b/patches/adcli/0023-join-add-all-attributes-while-creating-computer-obje.patch
index 8f0297d..cc867a6 100644
--- a/patches/adcli/0023-join-add-all-attributes-while-creating-computer-obje.patch
+++ b/patches/adcli/0023-join-add-all-attributes-while-creating-computer-obje.patch
@@ -1,7 +1,7 @@
From 6ea7637f75c3ec74f2ee196f2f599643b34b3c14 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 11 Jun 2018 09:44:49 +0200
-Subject: [PATCH 23/30] join: add all attributes while creating computer object
+Subject: [PATCH 23/55] join: add all attributes while creating computer object
It is possible to create special accounts which can only join a computer
to a domain but is not allowed to do any further operations which the
diff --git a/patches/adcli/0024-util-add-_adcli_strv_remove_unsorted.patch b/patches/adcli/0024-util-add-_adcli_strv_remove_unsorted.patch
index a1893c8..9179a0f 100644
--- a/patches/adcli/0024-util-add-_adcli_strv_remove_unsorted.patch
+++ b/patches/adcli/0024-util-add-_adcli_strv_remove_unsorted.patch
@@ -1,7 +1,7 @@
From 163730cf8c91fc8dc4f44eb1eca45daa3abf3ed8 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 14 Jun 2018 16:48:22 +0200
-Subject: [PATCH 24/30] util: add _adcli_strv_remove_unsorted
+Subject: [PATCH 24/55] util: add _adcli_strv_remove_unsorted
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547014
---
diff --git a/patches/adcli/0025-Add-add-service-principal-and-remove-service-princip.patch b/patches/adcli/0025-Add-add-service-principal-and-remove-service-princip.patch
index 14a7a8b..ba3fca7 100644
--- a/patches/adcli/0025-Add-add-service-principal-and-remove-service-princip.patch
+++ b/patches/adcli/0025-Add-add-service-principal-and-remove-service-princip.patch
@@ -1,7 +1,7 @@
From bb828f22f76d5281c6bb3724fbdee3916e178407 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 14 Jun 2018 16:49:26 +0200
-Subject: [PATCH 25/30] Add add-service-principal and remove-service-principal
+Subject: [PATCH 25/55] Add add-service-principal and remove-service-principal
options
Currently it is only possible to specific a service name for service
diff --git a/patches/adcli/0026-Do-not-add-service-principals-twice.patch b/patches/adcli/0026-Do-not-add-service-principals-twice.patch
index 7d53fbc..088fe15 100644
--- a/patches/adcli/0026-Do-not-add-service-principals-twice.patch
+++ b/patches/adcli/0026-Do-not-add-service-principals-twice.patch
@@ -1,7 +1,7 @@
From f448aeaebb39efa300f05ef3c2bb8b2e8f18fb82 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 13 Aug 2018 17:32:24 +0200
-Subject: [PATCH 26/30] Do not add service principals twice
+Subject: [PATCH 26/55] Do not add service principals twice
---
library/adenroll.c | 23 +++++++++++++++++++----
diff --git a/patches/adcli/0027-doc-fix-typos-in-the-adcli-man-page.patch b/patches/adcli/0027-doc-fix-typos-in-the-adcli-man-page.patch
index 3441caf..6985087 100644
--- a/patches/adcli/0027-doc-fix-typos-in-the-adcli-man-page.patch
+++ b/patches/adcli/0027-doc-fix-typos-in-the-adcli-man-page.patch
@@ -1,7 +1,7 @@
From 1143163c367b8473dc3d0ea696eed3c30ccd634b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 5 Jul 2018 13:06:26 +0200
-Subject: [PATCH 27/30] doc: fix typos in the adcli man page
+Subject: [PATCH 27/55] doc: fix typos in the adcli man page
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1440533
---
diff --git a/patches/adcli/0028-_adcli_call_external_program-silence-noisy-debug-mes.patch b/patches/adcli/0028-_adcli_call_external_program-silence-noisy-debug-mes.patch
index bf60763..7ff3776 100644
--- a/patches/adcli/0028-_adcli_call_external_program-silence-noisy-debug-mes.patch
+++ b/patches/adcli/0028-_adcli_call_external_program-silence-noisy-debug-mes.patch
@@ -1,7 +1,7 @@
From 185a8b7378665d1d0ef7dd4d5a78438459bad9e0 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 8 Aug 2018 12:17:18 +0200
-Subject: [PATCH 28/30] _adcli_call_external_program: silence noisy debug
+Subject: [PATCH 28/55] _adcli_call_external_program: silence noisy debug
message
---
diff --git a/patches/adcli/0029-Do-not-depend-on-default_realm-in-krb5.conf.patch b/patches/adcli/0029-Do-not-depend-on-default_realm-in-krb5.conf.patch
index 15bf8c7..85a964c 100644
--- a/patches/adcli/0029-Do-not-depend-on-default_realm-in-krb5.conf.patch
+++ b/patches/adcli/0029-Do-not-depend-on-default_realm-in-krb5.conf.patch
@@ -1,7 +1,7 @@
From 6686c72985bc14adecf9e7db6c5fea891b7a5ef5 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 13 Aug 2018 18:24:58 +0200
-Subject: [PATCH 29/30] Do not depend on default_realm in krb5.conf
+Subject: [PATCH 29/55] Do not depend on default_realm in krb5.conf
---
library/adenroll.c | 4 +++-
diff --git a/patches/adcli/0030-Fix-for-issues-found-by-Coverity.patch b/patches/adcli/0030-Fix-for-issues-found-by-Coverity.patch
index 49c6ab3..2f6e901 100644
--- a/patches/adcli/0030-Fix-for-issues-found-by-Coverity.patch
+++ b/patches/adcli/0030-Fix-for-issues-found-by-Coverity.patch
@@ -1,7 +1,7 @@
From 3c93c96eb6ea2abd3869921ee4c89e1a4d9e4c44 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 14 Aug 2018 13:08:52 +0200
-Subject: [PATCH 30/30] Fix for issues found by Coverity
+Subject: [PATCH 30/55] Fix for issues found by Coverity
---
library/adenroll.c | 12 ++++++------
diff --git a/patches/adcli/0031-Make-adcli-info-DC-location-mechanism-more-compliant.patch b/patches/adcli/0031-Make-adcli-info-DC-location-mechanism-more-compliant.patch
new file mode 100644
index 0000000..7e9f846
--- /dev/null
+++ b/patches/adcli/0031-Make-adcli-info-DC-location-mechanism-more-compliant.patch
@@ -0,0 +1,216 @@
+From 0a0d0f66409eb83e06b7dc50543c2f6c15a36bc4 Mon Sep 17 00:00:00 2001
+From: Alexey A Nikitin <nikitin@amazon.com>
+Date: Mon, 29 Oct 2018 20:40:36 -0700
+Subject: [PATCH 31/55] Make 'adcli info' DC location mechanism more compliant
+ with [MS-ADTS] and [MS-NRPC]
+
+AD specifications say that DC locator must attempt to find a suitable DC for the client. That means going through all of the DCs in SRV RRs one by one until one of them answers.
+
+The problem with adcli's original behavior is that it queries only five DCs from SRV, ever. This becomes a problem if for any reason there is a large number of DCs in the domain from which the client cannot get a CLDAP response.
+---
+ library/addisco.c | 146 +++++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 94 insertions(+), 52 deletions(-)
+
+diff --git a/library/addisco.c b/library/addisco.c
+index 8cc5bf0..6e73ead 100644
+--- a/library/addisco.c
++++ b/library/addisco.c
+@@ -41,8 +41,10 @@
+ #include <string.h>
+ #include <time.h>
+
+-/* Number of servers to do discovery against */
+-#define DISCO_COUNT 5
++/* Number of servers to do discovery against.
++ * For AD DS maximum number of DCs is 1200.
++ */
++#define DISCO_COUNT 1200
+
+ /* The time period in which to do rapid requests */
+ #define DISCO_FEVER 1
+@@ -454,6 +456,51 @@ parse_disco (LDAP *ldap,
+ }
+
+ static int
++ldap_disco_poller (LDAP **ldap,
++ LDAPMessage **message,
++ adcli_disco **results,
++ const char **addrs)
++{
++ int found = ADCLI_DISCO_UNUSABLE;
++ int close_ldap;
++ int parsed;
++ int ret = 0;
++ struct timeval tvpoll = { 0, 0 };
++
++ switch (ldap_result (*ldap, LDAP_RES_ANY, 1, &tvpoll, message)) {
++ case LDAP_RES_SEARCH_ENTRY:
++ case LDAP_RES_SEARCH_RESULT:
++ parsed = parse_disco (*ldap, *addrs, *message, results);
++ if (parsed > found)
++ found = parsed;
++ ldap_msgfree (*message);
++ close_ldap = 1;
++ break;
++ case -1:
++ ldap_get_option (*ldap, LDAP_OPT_RESULT_CODE, &ret);
++ close_ldap = 1;
++ break;
++ default:
++ ldap_msgfree (*message);
++ close_ldap = 0;
++ break;
++ }
++
++ if (ret != LDAP_SUCCESS) {
++ _adcli_ldap_handle_failure (*ldap, ADCLI_ERR_CONFIG,
++ "Couldn't perform discovery search");
++ }
++
++ /* Done with this connection */
++ if (close_ldap) {
++ ldap_unbind_ext_s (*ldap, NULL, NULL);
++ *ldap = NULL;
++ }
++
++ return found;
++}
++
++static int
+ ldap_disco (const char *domain,
+ srvinfo *srv,
+ adcli_disco **results)
+@@ -477,6 +524,7 @@ ldap_disco (const char *domain,
+ int num, i;
+ int ret;
+ int have_any = 0;
++ struct timeval interval;
+
+ if (domain) {
+ value = _adcli_ldap_escape_filter (domain);
+@@ -540,7 +588,6 @@ ldap_disco (const char *domain,
+ version = LDAP_VERSION3;
+ ldap_set_option (ldap[num], LDAP_OPT_PROTOCOL_VERSION, &version);
+ ldap_set_option (ldap[num], LDAP_OPT_REFERRALS , 0);
+- _adcli_info ("Sending netlogon pings to domain controller: %s", url);
+ addrs[num] = srv->hostname;
+ have_any = 1;
+ num++;
+@@ -555,70 +602,65 @@ ldap_disco (const char *domain,
+ freeaddrinfo (res);
+ }
+
+- /* Wait for the first response. Poor mans fd watch */
+- for (started = now = time (NULL);
+- have_any && found != ADCLI_DISCO_USABLE && now < started + DISCO_TIME;
+- now = time (NULL)) {
++ /* Initial send and short time wait */
++ interval.tv_sec = 0;
++ for (i = 0; ADCLI_DISCO_UNUSABLE == found && i < num; ++i) {
++ int parsed;
++
++ if (NULL == ldap[i])
++ continue;
+
+- struct timeval tvpoll = { 0, 0 };
+- struct timeval interval;
++ have_any = 1;
++ _adcli_info ("Sending NetLogon ping to domain controller: %s", addrs[i]);
+
+- /* If in the initial period, send feverishly */
+- if (now < started + DISCO_FEVER) {
+- interval.tv_sec = 0;
+- interval.tv_usec = 100 * 1000;
++ ret = ldap_search_ext (ldap[i], "", LDAP_SCOPE_BASE,
++ filter, attrs, 0, NULL, NULL, NULL,
++ -1, &msgidp);
++
++ if (ret != LDAP_SUCCESS) {
++ _adcli_ldap_handle_failure (ldap[i], ADCLI_ERR_CONFIG,
++ "Couldn't perform discovery search");
++ ldap_unbind_ext_s (ldap[i], NULL, NULL);
++ ldap[i] = NULL;
++ }
++
++ /* From https://msdn.microsoft.com/en-us/library/ff718294.aspx first
++ * five DCs are given 0.4 seconds timeout, next five are given 0.2
++ * seconds, and the rest are given 0.1 seconds
++ */
++ if (i < 5) {
++ interval.tv_usec = 400000;
++ } else if (i < 10) {
++ interval.tv_usec = 200000;
+ } else {
+- interval.tv_sec = 1;
+- interval.tv_usec = 0;
++ interval.tv_usec = 100000;
+ }
++ select (0, NULL, NULL, NULL, &interval);
++
++ parsed = ldap_disco_poller (&(ldap[i]), &message, results, &(addrs[i]));
++ if (parsed > found)
++ found = parsed;
++ }
++
++ /* Wait some more until LDAP timeout (DISCO_TIME) */
++ for (started = now = time (NULL);
++ have_any && ADCLI_DISCO_UNUSABLE == found && now < started + DISCO_TIME;
++ now = time (NULL)) {
+
+ select (0, NULL, NULL, NULL, &interval);
+
+ have_any = 0;
+- for (i = 0; found != ADCLI_DISCO_USABLE && i < num; i++) {
+- int close_ldap;
++ for (i = 0; ADCLI_DISCO_UNUSABLE == found && i < num; ++i) {
+ int parsed;
+
+ if (ldap[i] == NULL)
+ continue;
+
+- ret = 0;
+ have_any = 1;
+- switch (ldap_result (ldap[i], LDAP_RES_ANY, 1, &tvpoll, &message)) {
+- case LDAP_RES_SEARCH_ENTRY:
+- case LDAP_RES_SEARCH_RESULT:
+- parsed = parse_disco (ldap[i], addrs[i], message, results);
+- if (parsed > found)
+- found = parsed;
+- ldap_msgfree (message);
+- close_ldap = 1;
+- break;
+- case 0:
+- ret = ldap_search_ext (ldap[i], "", LDAP_SCOPE_BASE,
+- filter, attrs, 0, NULL, NULL, NULL,
+- -1, &msgidp);
+- close_ldap = (ret != 0);
+- break;
+- case -1:
+- ldap_get_option (ldap[i], LDAP_OPT_RESULT_CODE, &ret);
+- close_ldap = 1;
+- break;
+- default:
+- ldap_msgfree (message);
+- close_ldap = 0;
+- break;
+- }
+-
+- if (ret != LDAP_SUCCESS) {
+- _adcli_ldap_handle_failure (ldap[i], ADCLI_ERR_CONFIG,
+- "Couldn't perform discovery search");
+- }
+
+- /* Done with this connection */
+- if (close_ldap) {
+- ldap_unbind_ext_s (ldap[i], NULL, NULL);
+- ldap[i] = NULL;
+- }
++ parsed = ldap_disco_poller (&(ldap[i]), &message, results, &(addrs[i]));
++ if (parsed > found)
++ found = parsed;
+ }
+ }
+
+--
+2.11.0
+
diff --git a/patches/adcli/0032-samba-data-tool-needs-to-take-an-argument.patch b/patches/adcli/0032-samba-data-tool-needs-to-take-an-argument.patch
new file mode 100644
index 0000000..708453f
--- /dev/null
+++ b/patches/adcli/0032-samba-data-tool-needs-to-take-an-argument.patch
@@ -0,0 +1,35 @@
+From 4bc96c69fbb93eb1fe9fcef6c6d942c296852e03 Mon Sep 17 00:00:00 2001
+From: George Hartzell <ghartzell@audentestx.com>
+Date: Mon, 14 Jan 2019 17:40:42 -0800
+Subject: [PATCH 32/55] samba-data-tool needs to take an argument
+
+See https://gitlab.freedesktop.org/realmd/adcli/issues/15
+---
+ tools/computer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/computer.c b/tools/computer.c
+index 377d449..3813f0a 100644
+--- a/tools/computer.c
++++ b/tools/computer.c
+@@ -367,7 +367,7 @@ adcli_tool_computer_join (adcli_conn *conn,
+ { "show-details", no_argument, NULL, opt_show_details },
+ { "show-password", no_argument, NULL, opt_show_password },
+ { "add-samba-data", no_argument, NULL, opt_add_samba_data },
+- { "samba-data-tool", no_argument, NULL, opt_samba_data_tool },
++ { "samba-data-tool", required_argument, 0, opt_samba_data_tool },
+ { "verbose", no_argument, NULL, opt_verbose },
+ { "help", no_argument, NULL, 'h' },
+ { 0 },
+@@ -474,7 +474,7 @@ adcli_tool_computer_update (adcli_conn *conn,
+ { "show-details", no_argument, NULL, opt_show_details },
+ { "show-password", no_argument, NULL, opt_show_password },
+ { "add-samba-data", no_argument, NULL, opt_add_samba_data },
+- { "samba-data-tool", no_argument, NULL, opt_samba_data_tool },
++ { "samba-data-tool", required_argument, 0, opt_samba_data_tool },
+ { "verbose", no_argument, NULL, opt_verbose },
+ { "help", no_argument, NULL, 'h' },
+ { 0 },
+--
+2.11.0
+
diff --git a/patches/adcli/0033-adutil-add-_adcli_strv_add_unique.patch b/patches/adcli/0033-adutil-add-_adcli_strv_add_unique.patch
new file mode 100644
index 0000000..4ca5179
--- /dev/null
+++ b/patches/adcli/0033-adutil-add-_adcli_strv_add_unique.patch
@@ -0,0 +1,134 @@
+From 85d127fd52a8469f9f3ce0d1130fe17e756fdd75 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 16 Nov 2018 13:32:33 +0100
+Subject: [PATCH 33/55] adutil: add _adcli_strv_add_unique
+
+_adcli_strv_add_unique checks is the new value already exists in the
+strv before adding it. Check can be done case-sensitive or not.
+
+Related to https://gitlab.freedesktop.org/realmd/adcli/issues/16
+---
+ library/adprivate.h | 5 +++++
+ library/adutil.c | 65 +++++++++++++++++++++++++++++++++++++++++++++--------
+ 2 files changed, 61 insertions(+), 9 deletions(-)
+
+diff --git a/library/adprivate.h b/library/adprivate.h
+index bc9df6d..0806430 100644
+--- a/library/adprivate.h
++++ b/library/adprivate.h
+@@ -111,6 +111,11 @@ char ** _adcli_strv_add (char **strv,
+ char *string,
+ int *length) GNUC_WARN_UNUSED;
+
++char ** _adcli_strv_add_unique (char **strv,
++ char *string,
++ int *length,
++ bool case_sensitive) GNUC_WARN_UNUSED;
++
+ void _adcli_strv_remove_unsorted (char **strv,
+ const char *string,
+ int *length);
+diff --git a/library/adutil.c b/library/adutil.c
+index 17d2caa..76ea158 100644
+--- a/library/adutil.c
++++ b/library/adutil.c
+@@ -221,6 +221,34 @@ _adcli_strv_add (char **strv,
+ return seq_push (strv, length, string);
+ }
+
++static int
++_adcli_strv_has_ex (char **strv,
++ const char *str,
++ int (* compare) (const char *match, const char*value))
++{
++ int i;
++
++ for (i = 0; strv && strv[i] != NULL; i++) {
++ if (compare (strv[i], str) == 0)
++ return 1;
++ }
++
++ return 0;
++}
++
++char **
++_adcli_strv_add_unique (char **strv,
++ char *string,
++ int *length,
++ bool case_sensitive)
++{
++ if (_adcli_strv_has_ex (strv, string, case_sensitive ? strcmp : strcasecmp) == 1) {
++ return strv;
++ }
++
++ return _adcli_strv_add (strv, string, length);
++}
++
+ #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+
+ void
+@@ -241,19 +269,11 @@ _adcli_strv_remove_unsorted (char **strv,
+ (seq_compar)strcasecmp, free);
+ }
+
+-
+ int
+ _adcli_strv_has (char **strv,
+ const char *str)
+ {
+- int i;
+-
+- for (i = 0; strv && strv[i] != NULL; i++) {
+- if (strcmp (strv[i], str) == 0)
+- return 1;
+- }
+-
+- return 0;
++ return _adcli_strv_has_ex (strv, str, strcmp);
+ }
+
+ void
+@@ -705,6 +725,32 @@ test_strv_add_free (void)
+ }
+
+ static void
++test_strv_add_unique_free (void)
++{
++ char **strv = NULL;
++
++ strv = _adcli_strv_add_unique (strv, strdup ("one"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("one"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("two"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("two"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("tWo"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("three"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("three"), NULL, false);
++ strv = _adcli_strv_add_unique (strv, strdup ("TWO"), NULL, true);
++
++ assert_num_eq (_adcli_strv_len (strv), 4);
++
++ assert_str_eq (strv[0], "one");
++ assert_str_eq (strv[1], "two");
++ assert_str_eq (strv[2], "three");
++ assert_str_eq (strv[3], "TWO");
++ assert (strv[4] == NULL);
++
++ _adcli_strv_free (strv);
++}
++
++
++static void
+ test_strv_dup (void)
+ {
+ char *values[] = { "one", "two", "three", NULL };
+@@ -856,6 +902,7 @@ main (int argc,
+ char *argv[])
+ {
+ test_func (test_strv_add_free, "/util/strv_add_free");
++ test_func (test_strv_add_unique_free, "/util/strv_add_unique_free");
+ test_func (test_strv_dup, "/util/strv_dup");
+ test_func (test_strv_count, "/util/strv_count");
+ test_func (test_check_nt_time_string_lifetime, "/util/check_nt_time_string_lifetime");
+--
+2.11.0
+
diff --git a/patches/adcli/0034-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch b/patches/adcli/0034-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch
new file mode 100644
index 0000000..2ac6642
--- /dev/null
+++ b/patches/adcli/0034-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch
@@ -0,0 +1,83 @@
+From 0c027538f398b3823bedbfbf5f388ad97784a0ec Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 16 Nov 2018 13:32:59 +0100
+Subject: [PATCH 34/55] adenroll: use _adcli_strv_add_unique for service
+ principals
+
+Check if service principals is already in the list before adding it.
+
+Related to https://gitlab.freedesktop.org/realmd/adcli/issues/16
+---
+ library/adenroll.c | 31 ++++++++-----------------------
+ 1 file changed, 8 insertions(+), 23 deletions(-)
+
+diff --git a/library/adenroll.c b/library/adenroll.c
+index de2242a..e02f403 100644
+--- a/library/adenroll.c
++++ b/library/adenroll.c
+@@ -313,7 +313,6 @@ add_service_names_to_service_principals (adcli_enroll *enroll)
+ char *name;
+ int length = 0;
+ int i;
+- size_t c;
+
+ if (enroll->service_principals != NULL) {
+ length = seq_count (enroll->service_principals);
+@@ -322,28 +321,14 @@ add_service_names_to_service_principals (adcli_enroll *enroll)
+ for (i = 0; enroll->service_names[i] != NULL; i++) {
+ if (asprintf (&name, "%s/%s", enroll->service_names[i], enroll->computer_name) < 0)
+ return_unexpected_if_reached ();
+- for (c = 0; enroll->service_principals != NULL && enroll->service_principals[c] != NULL; c++) {
+- if (strcmp (name, enroll->service_principals[c]) == 0) {
+- break;
+- }
+- }
+- if (enroll->service_principals == NULL || enroll->service_principals[c] == NULL) {
+- enroll->service_principals = _adcli_strv_add (enroll->service_principals,
+- name, &length);
+- }
++ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
++ name, &length, false);
+
+ if (enroll->host_fqdn) {
+ if (asprintf (&name, "%s/%s", enroll->service_names[i], enroll->host_fqdn) < 0)
+ return_unexpected_if_reached ();
+- for (c = 0; enroll->service_principals != NULL && enroll->service_principals[c] != NULL; c++) {
+- if (strcmp (name, enroll->service_principals[c]) == 0) {
+- break;
+- }
+- }
+- if (enroll->service_principals == NULL || enroll->service_principals[c] == NULL) {
+- enroll->service_principals = _adcli_strv_add (enroll->service_principals,
+- name, &length);
+- }
++ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
++ name, &length, false);
+ }
+ }
+
+@@ -364,9 +349,9 @@ add_and_remove_service_principals (adcli_enroll *enroll)
+ list = adcli_enroll_get_service_principals_to_add (enroll);
+ if (list != NULL) {
+ for (c = 0; list[c] != NULL; c++) {
+- enroll->service_principals = _adcli_strv_add (enroll->service_principals,
+- strdup (list[c]),
+- &length);
++ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
++ strdup (list[c]),
++ &length, false);
+ if (enroll->service_principals == NULL) {
+ return ADCLI_ERR_UNEXPECTED;
+ }
+@@ -1525,7 +1510,7 @@ load_keytab_entry (krb5_context k5,
+ value = strdup (name);
+ return_val_if_fail (value != NULL, FALSE);
+ _adcli_info ("Found service principal in keytab: %s", value);
+- enroll->service_principals = _adcli_strv_add (enroll->service_principals, value, NULL);
++ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals, value, NULL, false);
+ }
+ }
+
+--
+2.11.0
+
diff --git a/patches/adcli/0035-tools-properly-release-internal-data-on-error.patch b/patches/adcli/0035-tools-properly-release-internal-data-on-error.patch
new file mode 100644
index 0000000..67afd83
--- /dev/null
+++ b/patches/adcli/0035-tools-properly-release-internal-data-on-error.patch
@@ -0,0 +1,152 @@
+From 41fdcb1af885d99a91e27406e9343b322f67756a Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 28 Jun 2018 20:13:26 +0200
+Subject: [PATCH 35/55] tools: properly release internal data on error
+
+Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/computer.c | 39 ++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 36 insertions(+), 3 deletions(-)
+
+diff --git a/tools/computer.c b/tools/computer.c
+index 3813f0a..112340e 100644
+--- a/tools/computer.c
++++ b/tools/computer.c
+@@ -415,11 +415,16 @@ adcli_tool_computer_join (adcli_conn *conn,
+
+ if (argc == 1)
+ adcli_conn_set_domain_name (conn, argv[0]);
+- else if (argc > 1)
++ else if (argc > 1) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (2, "extra arguments specified");
++ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -427,6 +432,8 @@ adcli_tool_computer_join (adcli_conn *conn,
+
+ res = adcli_enroll_join (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "joining domain %s failed: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -525,12 +532,16 @@ adcli_tool_computer_update (adcli_conn *conn,
+
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't lookup domain info from keytab: %s",
+ adcli_get_last_error ());
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -538,6 +549,8 @@ adcli_tool_computer_update (adcli_conn *conn,
+
+ res = adcli_enroll_update (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "updating membership with domain %s failed: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -630,6 +643,8 @@ adcli_tool_computer_preset (adcli_conn *conn,
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -643,6 +658,8 @@ adcli_tool_computer_preset (adcli_conn *conn,
+
+ res = adcli_enroll_join (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "presetting %s in %s domain failed: %s", argv[i],
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -707,11 +724,16 @@ adcli_tool_computer_reset (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1)
++ if (argc != 1) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (EUSAGE, "specify one host name of computer account to reset");
++ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -722,6 +744,8 @@ adcli_tool_computer_reset (adcli_conn *conn,
+
+ res = adcli_enroll_password (enroll, 0);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "resetting %s in %s domain failed: %s", argv[0],
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -781,19 +805,26 @@ adcli_tool_computer_delete (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc > 1)
++ if (argc > 1) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (EUSAGE, "specify one host name of computer account to delete");
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't lookup domain info from keytab: %s",
+ adcli_get_last_error ());
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -804,6 +835,8 @@ adcli_tool_computer_delete (adcli_conn *conn,
+
+ res = adcli_enroll_delete (enroll, 0);
+ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
+ errx (-res, "deleting %s in %s domain failed: %s", argv[0],
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+--
+2.11.0
+
diff --git a/patches/adcli/0036-Increment-kvno-after-password-change-with-user-creds.patch b/patches/adcli/0036-Increment-kvno-after-password-change-with-user-creds.patch
new file mode 100644
index 0000000..5d66c70
--- /dev/null
+++ b/patches/adcli/0036-Increment-kvno-after-password-change-with-user-creds.patch
@@ -0,0 +1,32 @@
+From 5cf1723c308e21cdbe9b98ed2aaa42cb997456fb Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 15 Mar 2019 14:31:12 +0100
+Subject: [PATCH 36/55] Increment kvno after password change with user creds
+
+Originally only the host credential part was fixed in the context of
+https://bugs.freedesktop.org/show_bug.cgi?id=91185. This patch adds the
+fix to the case when user credentials are used.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1642546
+---
+ library/adenroll.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/library/adenroll.c b/library/adenroll.c
+index e02f403..58362c2 100644
+--- a/library/adenroll.c
++++ b/library/adenroll.c
+@@ -1057,6 +1057,10 @@ set_password_with_user_creds (adcli_enroll *enroll)
+ #endif
+ } else {
+ _adcli_info ("Set computer password");
++ if (enroll->kvno > 0) {
++ enroll->kvno++;
++ _adcli_info ("kvno incremented to %d", enroll->kvno);
++ }
+ res = ADCLI_SUCCESS;
+ }
+
+--
+2.11.0
+
diff --git a/patches/adcli/0037-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch b/patches/adcli/0037-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch
new file mode 100644
index 0000000..265f63a
--- /dev/null
+++ b/patches/adcli/0037-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch
@@ -0,0 +1,93 @@
+From 85b835f8258a57e3b23de47a255dddd822d5bfb3 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 15 Mar 2019 17:33:44 +0100
+Subject: [PATCH 37/55] library: use getaddrinfo with AI_CANONNAME to find a
+ FQDN
+
+Currently adcli creates service principals only with a short name if the
+hostname of the client is a short name. This would fail is
+Kerberos/GSSAPI clients will use the fully-qualified domain name (FQDN)
+to access the host.
+
+With this patch adcli tries to expand the short name by calling
+getaddrinfo with the AI_CANONNAME hint.
+
+Related to https://gitlab.freedesktop.org/realmd/adcli/issues/1
+---
+ doc/adcli.xml | 6 +++++-
+ library/adconn.c | 30 +++++++++++++++++++++++++++++-
+ 2 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/doc/adcli.xml b/doc/adcli.xml
+index 97dec08..4722c3a 100644
+--- a/doc/adcli.xml
++++ b/doc/adcli.xml
+@@ -228,7 +228,11 @@ Password for Administrator:
+ <term><option>-H, --host-fqdn=<parameter>host</parameter></option></term>
+ <listitem><para>Override the local machine's fully qualified
+ domain name. If not specified, the local machine's hostname
+- will be retrieved via <function>gethostname()</function>.</para></listitem>
++ will be retrieved via <function>gethostname()</function>.
++ If <function>gethostname()</function> only returns a short name
++ <function>getaddrinfo()</function> with the AI_CANONNAME hint
++ is called to expand the name to a fully qualified domain
++ name.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-K, --host-keytab=<parameter>/path/to/keytab</parameter></option></term>
+diff --git a/library/adconn.c b/library/adconn.c
+index e2250e3..f6c23d3 100644
+--- a/library/adconn.c
++++ b/library/adconn.c
+@@ -86,11 +86,36 @@ struct _adcli_conn_ctx {
+ krb5_keytab keytab;
+ };
+
++static char *try_to_get_fqdn (const char *host_name)
++{
++ int ret;
++ char *fqdn = NULL;
++ struct addrinfo *res;
++ struct addrinfo hints;
++
++ memset (&hints, 0, sizeof (struct addrinfo));
++ hints.ai_socktype = SOCK_DGRAM;
++ hints.ai_flags = AI_CANONNAME;
++
++ ret = getaddrinfo (host_name, NULL, &hints, &res);
++ if (ret != 0) {
++ _adcli_err ("Failed to find FQDN: %s", gai_strerror (ret));
++ return NULL;
++ }
++
++ fqdn = strdup (res->ai_canonname);
++
++ freeaddrinfo (res);
++
++ return fqdn;
++}
++
+ static adcli_result
+ ensure_host_fqdn (adcli_result res,
+ adcli_conn *conn)
+ {
+ char hostname[HOST_NAME_MAX + 1];
++ char *fqdn = NULL;
+ int ret;
+
+ if (res != ADCLI_SUCCESS)
+@@ -107,7 +132,10 @@ ensure_host_fqdn (adcli_result res,
+ return ADCLI_ERR_UNEXPECTED;
+ }
+
+- conn->host_fqdn = strdup (hostname);
++ if (strchr (hostname, '.') == NULL) {
++ fqdn = try_to_get_fqdn (hostname);
++ }
++ conn->host_fqdn = fqdn != NULL ? fqdn : strdup (hostname);
+ return_unexpected_if_fail (conn->host_fqdn != NULL);
+ return ADCLI_SUCCESS;
+ }
+--
+2.11.0
+
diff --git a/patches/adcli/0038-create-user-add-nis-domain-option.patch b/patches/adcli/0038-create-user-add-nis-domain-option.patch
new file mode 100644
index 0000000..54413ae
--- /dev/null
+++ b/patches/adcli/0038-create-user-add-nis-domain-option.patch
@@ -0,0 +1,71 @@
+From 1457b4a7623a8ae58fb8d6a652d1cc44904b8863 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 18 Mar 2019 11:02:57 +0100
+Subject: [PATCH 38/55] create-user: add nis-domain option
+
+Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2
+---
+ doc/adcli.xml | 8 ++++++++
+ tools/entry.c | 6 ++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/doc/adcli.xml b/doc/adcli.xml
+index 4722c3a..18620c0 100644
+--- a/doc/adcli.xml
++++ b/doc/adcli.xml
+@@ -531,6 +531,14 @@ $ adcli create-user Fry --domain=domain.example.com \
+ the new created user account, which should be the user's
+ numeric primary user id.</para></listitem>
+ </varlistentry>
++ <varlistentry>
++ <term><option>--nis-domain=<parameter>nis_domain</parameter></option></term>
++ <listitem><para>Set the <code>msSFU30NisDomain</code> attribute of
++ the new created user account, which should be the user's
++ NIS domain is the NIS/YP service of Active Directory's Services for Unix (SFU)
++ are used. This is needed to let the 'UNIX attributes' tab of older Active
++ Directoy versions show the set UNIX specific attributes.</para></listitem>
++ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+diff --git a/tools/entry.c b/tools/entry.c
+index 7b6a200..69ce62c 100644
+--- a/tools/entry.c
++++ b/tools/entry.c
+@@ -52,6 +52,7 @@ typedef enum {
+ opt_unix_uid,
+ opt_unix_gid,
+ opt_unix_shell,
++ opt_nis_domain,
+ } Option;
+
+ static adcli_tool_desc common_usages[] = {
+@@ -62,6 +63,7 @@ static adcli_tool_desc common_usages[] = {
+ { opt_unix_uid, "unix uid number" },
+ { opt_unix_gid, "unix gid number" },
+ { opt_unix_shell, "unix shell" },
++ { opt_nis_domain, "NIS domain" },
+ { opt_domain, "active directory domain name" },
+ { opt_domain_realm, "kerberos realm for the domain" },
+ { opt_domain_controller, "domain directory server to connect to" },
+@@ -159,6 +161,7 @@ adcli_tool_user_create (adcli_conn *conn,
+ { "unix-uid", required_argument, NULL, opt_unix_uid },
+ { "unix-gid", required_argument, NULL, opt_unix_gid },
+ { "unix-shell", required_argument, NULL, opt_unix_shell },
++ { "nis-domain", required_argument, NULL, opt_nis_domain },
+ { "domain-ou", required_argument, NULL, opt_domain_ou },
+ { "domain", required_argument, NULL, opt_domain },
+ { "domain-realm", required_argument, NULL, opt_domain_realm },
+@@ -200,6 +203,9 @@ adcli_tool_user_create (adcli_conn *conn,
+ case opt_unix_shell:
+ adcli_attrs_add (attrs, "loginShell", optarg, NULL);
+ break;
++ case opt_nis_domain:
++ adcli_attrs_add (attrs, "msSFU30NisDomain", optarg, NULL);
++ break;
+ case opt_domain_ou:
+ ou = optarg;
+ break;
+--
+2.11.0
+
diff --git a/patches/adcli/0039-create-user-try-to-find-NIS-domain-if-needed.patch b/patches/adcli/0039-create-user-try-to-find-NIS-domain-if-needed.patch
new file mode 100644
index 0000000..cad3c85
--- /dev/null
+++ b/patches/adcli/0039-create-user-try-to-find-NIS-domain-if-needed.patch
@@ -0,0 +1,147 @@
+From 408880a11879b1a57a450e25c77ef2e310bdffd5 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 18 Mar 2019 16:45:54 +0100
+Subject: [PATCH 39/55] create-user: try to find NIS domain if needed
+
+Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2
+---
+ doc/adcli.xml | 4 +++-
+ library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
+ library/adentry.h | 2 ++
+ tools/entry.c | 16 ++++++++++++++++
+ 4 files changed, 65 insertions(+), 1 deletion(-)
+
+diff --git a/doc/adcli.xml b/doc/adcli.xml
+index 18620c0..af73433 100644
+--- a/doc/adcli.xml
++++ b/doc/adcli.xml
+@@ -537,7 +537,9 @@ $ adcli create-user Fry --domain=domain.example.com \
+ the new created user account, which should be the user's
+ NIS domain is the NIS/YP service of Active Directory's Services for Unix (SFU)
+ are used. This is needed to let the 'UNIX attributes' tab of older Active
+- Directoy versions show the set UNIX specific attributes.</para></listitem>
++ Directoy versions show the set UNIX specific attributes. If not specified
++ adcli will try to determine the NIS domain automatically if needed.
++ </para></listitem>
+ </varlistentry>
+ </variablelist>
+
+diff --git a/library/adentry.c b/library/adentry.c
+index 9b9e1c6..1cc0518 100644
+--- a/library/adentry.c
++++ b/library/adentry.c
+@@ -484,3 +484,47 @@ adcli_entry_new_group (adcli_conn *conn,
+ return_val_if_fail (sam_name != NULL, NULL);
+ return entry_new (conn, "group", group_entry_builder, sam_name);
+ }
++
++adcli_result
++adcli_get_nis_domain (adcli_entry *entry,
++ adcli_attrs *attrs)
++{
++ LDAP *ldap;
++ const char *ldap_attrs[] = { "cn", NULL };
++ LDAPMessage *results;
++ LDAPMessage *ldap_entry;
++ char *base;
++ const char *filter = "objectClass=msSFU30DomainInfo";
++ char *cn;
++ int ret;
++
++ ldap = adcli_conn_get_ldap_connection (entry->conn);
++ return_unexpected_if_fail (ldap != NULL);
++
++ if (asprintf (&base, "CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s",
++ adcli_conn_get_default_naming_context (entry->conn)) < 0) {
++ return_unexpected_if_reached ();
++ }
++
++ ret = ldap_search_ext_s (ldap, base, LDAP_SCOPE_SUB, filter, (char **)ldap_attrs,
++ 0, NULL, NULL, NULL, -1, &results);
++
++ free (base);
++
++ if (ret != LDAP_SUCCESS) {
++ /* No NIS domain available */
++ ldap_msgfree (results);
++ return ADCLI_SUCCESS;
++ }
++
++ ldap_entry = ldap_first_entry (ldap, results);
++ if (ldap_entry != NULL) {
++ cn = _adcli_ldap_parse_value (ldap, ldap_entry, "cn");
++ return_unexpected_if_fail (cn != NULL);
++
++ adcli_attrs_add (attrs, "msSFU30NisDomain", cn, NULL);
++ }
++ ldap_msgfree (results);
++
++ return ADCLI_SUCCESS;
++}
+diff --git a/library/adentry.h b/library/adentry.h
+index eb8bc00..ae90689 100644
+--- a/library/adentry.h
++++ b/library/adentry.h
+@@ -58,4 +58,6 @@ const char * adcli_entry_get_sam_name (adcli_entry *entry);
+
+ const char * adcli_entry_get_dn (adcli_entry *entry);
+
++adcli_result adcli_get_nis_domain (adcli_entry *entry,
++ adcli_attrs *attrs);
+ #endif /* ADENTRY_H_ */
+diff --git a/tools/entry.c b/tools/entry.c
+index 69ce62c..de56586 100644
+--- a/tools/entry.c
++++ b/tools/entry.c
+@@ -153,6 +153,8 @@ adcli_tool_user_create (adcli_conn *conn,
+ adcli_attrs *attrs;
+ const char *ou = NULL;
+ int opt;
++ bool has_unix_attr = false;
++ bool has_nis_domain = false;
+
+ struct option options[] = {
+ { "display-name", required_argument, NULL, opt_display_name },
+@@ -193,18 +195,23 @@ adcli_tool_user_create (adcli_conn *conn,
+ break;
+ case opt_unix_home:
+ adcli_attrs_add (attrs, "unixHomeDirectory", optarg, NULL);
++ has_unix_attr = true;
+ break;
+ case opt_unix_uid:
+ adcli_attrs_add (attrs, "uidNumber", optarg, NULL);
++ has_unix_attr = true;
+ break;
+ case opt_unix_gid:
+ adcli_attrs_add (attrs, "gidNumber", optarg, NULL);
++ has_unix_attr = true;
+ break;
+ case opt_unix_shell:
+ adcli_attrs_add (attrs, "loginShell", optarg, NULL);
++ has_unix_attr = true;
+ break;
+ case opt_nis_domain:
+ adcli_attrs_add (attrs, "msSFU30NisDomain", optarg, NULL);
++ has_nis_domain = true;
+ break;
+ case opt_domain_ou:
+ ou = optarg;
+@@ -242,6 +249,15 @@ adcli_tool_user_create (adcli_conn *conn,
+ adcli_get_last_error ());
+ }
+
++ if (has_unix_attr && !has_nis_domain) {
++ res = adcli_get_nis_domain (entry, attrs);
++ if (res != ADCLI_SUCCESS) {
++ adcli_entry_unref (entry);
++ adcli_attrs_free (attrs);
++ errx (-res, "couldn't get NIS domain");
++ }
++ }
++
+ res = adcli_entry_create (entry, attrs);
+ if (res != ADCLI_SUCCESS) {
+ errx (-res, "creating user %s in domain %s failed: %s",
+--
+2.11.0
+
diff --git a/patches/adcli/0040-join-always-add-service-principals.patch b/patches/adcli/0040-join-always-add-service-principals.patch
new file mode 100644
index 0000000..b165ba0
--- /dev/null
+++ b/patches/adcli/0040-join-always-add-service-principals.patch
@@ -0,0 +1,86 @@
+From cd296bf24e7cc56fb8d00bad7e9a56c539894309 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 19 Mar 2019 20:44:36 +0100
+Subject: [PATCH 40/55] join: always add service principals
+
+If currently --service-name is given during the join only the service
+names given by this option are added as service principal names. As a
+result the default 'host' service principal name might be missing which
+might cause issues e.g. with SSSD and sshd.
+
+The patch makes sure the default service principals 'host' and
+'RestrictedKrbHost' are always added during join.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
+---
+ library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
+ 1 file changed, 30 insertions(+), 6 deletions(-)
+
+diff --git a/library/adenroll.c b/library/adenroll.c
+index 58362c2..d1f746c 100644
+--- a/library/adenroll.c
++++ b/library/adenroll.c
+@@ -288,16 +288,23 @@ ensure_computer_password (adcli_result res,
+ }
+
+ static adcli_result
+-ensure_service_names (adcli_result res,
+- adcli_enroll *enroll)
++ensure_default_service_names (adcli_enroll *enroll)
+ {
+ int length = 0;
+
+- if (res != ADCLI_SUCCESS)
+- return res;
++ if (enroll->service_names != NULL) {
++ length = seq_count (enroll->service_names);
+
+- if (enroll->service_names || enroll->service_principals)
+- return ADCLI_SUCCESS;
++ /* Make sure there is no entry with an unexpected case. AD
++ * would not care but since the client side is case-sensitive
++ * we should make sure we use the expected spelling. */
++ seq_remove_unsorted (enroll->service_names,
++ &length, "host",
++ (seq_compar)strcasecmp, free);
++ seq_remove_unsorted (enroll->service_names,
++ &length, "RestrictedKrbHost",
++ (seq_compar)strcasecmp, free);
++ }
+
+ /* The default ones specified by MS */
+ enroll->service_names = _adcli_strv_add (enroll->service_names,
+@@ -308,6 +315,19 @@ ensure_service_names (adcli_result res,
+ }
+
+ static adcli_result
++ensure_service_names (adcli_result res,
++ adcli_enroll *enroll)
++{
++ if (res != ADCLI_SUCCESS)
++ return res;
++
++ if (enroll->service_names || enroll->service_principals)
++ return ADCLI_SUCCESS;
++
++ return ensure_default_service_names (enroll);
++}
++
++static adcli_result
+ add_service_names_to_service_principals (adcli_enroll *enroll)
+ {
+ char *name;
+@@ -2039,6 +2059,10 @@ adcli_enroll_join (adcli_enroll *enroll,
+ if (res != ADCLI_SUCCESS)
+ return res;
+
++ res = ensure_default_service_names (enroll);
++ if (res != ADCLI_SUCCESS)
++ return res;
++
+ res = adcli_enroll_prepare (enroll, flags);
+ if (res != ADCLI_SUCCESS)
+ return res;
+--
+2.11.0
+
diff --git a/patches/adcli/0041-library-return-error-if-no-matching-key-was-found.patch b/patches/adcli/0041-library-return-error-if-no-matching-key-was-found.patch
new file mode 100644
index 0000000..2f7d7e8
--- /dev/null
+++ b/patches/adcli/0041-library-return-error-if-no-matching-key-was-found.patch
@@ -0,0 +1,35 @@
+From 4987a21f4839ab7ea50e932c72df05075efb89b3 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 21 Mar 2019 15:05:33 +0100
+Subject: [PATCH 41/55] library: return error if no matching key was found
+
+To avoid a misleading debug message indicating success a proper erro
+code should be returned the no matching key was found when trying to
+copy an keytab entry for a new principal.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
+---
+ library/adkrb5.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/library/adkrb5.c b/library/adkrb5.c
+index 033c181..7f77373 100644
+--- a/library/adkrb5.c
++++ b/library/adkrb5.c
+@@ -298,11 +298,10 @@ _adcli_krb5_keytab_copy_entries (krb5_context k5,
+
+ code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key,
+ match_enctype_and_kvno, &closure);
+- if (code != 0) {
+- return code;
++ if (code != 0 || closure.matched == 0) {
++ return code != 0 ? code : ENOKEY;
+ }
+
+-
+ entry.principal = principal;
+ entry.vno = kvno;
+
+--
+2.11.0
+
diff --git a/patches/adcli/0042-ensure_keytab_principals-do-not-leak-memory-when-cal.patch b/patches/adcli/0042-ensure_keytab_principals-do-not-leak-memory-when-cal.patch
new file mode 100644
index 0000000..5613100
--- /dev/null
+++ b/patches/adcli/0042-ensure_keytab_principals-do-not-leak-memory-when-cal.patch
@@ -0,0 +1,72 @@
+From 3a84c2469c31967bc22c0490456f07723ef5fc86 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 20 Mar 2019 11:01:50 +0100
+Subject: [PATCH 42/55] ensure_keytab_principals: do not leak memory when
+ called twice
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
+---
+ library/adenroll.c | 32 +++++++++++++++++++++-----------
+ 1 file changed, 21 insertions(+), 11 deletions(-)
+
+diff --git a/library/adenroll.c b/library/adenroll.c
+index d1f746c..48cb4cf 100644
+--- a/library/adenroll.c
++++ b/library/adenroll.c
+@@ -413,6 +413,25 @@ ensure_service_principals (adcli_result res,
+ return res;
+ }
+
++static void enroll_clear_keytab_principals (adcli_enroll *enroll)
++{
++ krb5_context k5;
++ size_t c;
++
++ if (enroll->keytab_principals) {
++ k5 = adcli_conn_get_krb5_context (enroll->conn);
++ return_if_fail (k5 != NULL);
++
++ for (c = 0; enroll->keytab_principals[c] != NULL; c++)
++ krb5_free_principal (k5, enroll->keytab_principals[c]);
++
++ free (enroll->keytab_principals);
++ enroll->keytab_principals = NULL;
++ }
++
++ return;
++}
++
+ static adcli_result
+ ensure_keytab_principals (adcli_result res,
+ adcli_enroll *enroll)
+@@ -430,6 +449,7 @@ ensure_keytab_principals (adcli_result res,
+ k5 = adcli_conn_get_krb5_context (enroll->conn);
+ return_unexpected_if_fail (k5 != NULL);
+
++ enroll_clear_keytab_principals (enroll);
+ enroll->keytab_principals = calloc (count + 3, sizeof (krb5_principal));
+ return_unexpected_if_fail (enroll->keytab_principals != NULL);
+ at = 0;
+@@ -1860,18 +1880,8 @@ static void
+ enroll_clear_state (adcli_enroll *enroll)
+ {
+ krb5_context k5;
+- int i;
+-
+- if (enroll->keytab_principals) {
+- k5 = adcli_conn_get_krb5_context (enroll->conn);
+- return_if_fail (k5 != NULL);
+-
+- for (i = 0; enroll->keytab_principals[i] != NULL; i++)
+- krb5_free_principal (k5, enroll->keytab_principals[i]);
+
+- free (enroll->keytab_principals);
+- enroll->keytab_principals = NULL;
+- }
++ enroll_clear_keytab_principals (enroll);
+
+ if (enroll->keytab) {
+ k5 = adcli_conn_get_krb5_context (enroll->conn);
+--
+2.11.0
+
diff --git a/patches/adcli/0043-library-make-_adcli_strv_has_ex-public.patch b/patches/adcli/0043-library-make-_adcli_strv_has_ex-public.patch
new file mode 100644
index 0000000..9bf6414
--- /dev/null
+++ b/patches/adcli/0043-library-make-_adcli_strv_has_ex-public.patch
@@ -0,0 +1,42 @@
+From e1b45e66bc185f5db4c252e1f3fb1b4400b4538e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 22 Mar 2019 10:36:38 +0100
+Subject: [PATCH 43/55] library: make _adcli_strv_has_ex public
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
+---
+ library/adprivate.h | 4 ++++
+ library/adutil.c | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/library/adprivate.h b/library/adprivate.h
+index 0806430..55e6234 100644
+--- a/library/adprivate.h
++++ b/library/adprivate.h
+@@ -125,6 +125,10 @@ void _adcli_strv_free (char **strv);
+ int _adcli_strv_has (char **strv,
+ const char *str);
+
++int _adcli_strv_has_ex (char **strv,
++ const char *str,
++ int (* compare) (const char *match, const char*value));
++
+ char ** _adcli_strv_dup (char **strv) GNUC_WARN_UNUSED;
+
+ char * _adcli_strv_join (char **strv,
+diff --git a/library/adutil.c b/library/adutil.c
+index 76ea158..9b0c47f 100644
+--- a/library/adutil.c
++++ b/library/adutil.c
+@@ -221,7 +221,7 @@ _adcli_strv_add (char **strv,
+ return seq_push (strv, length, string);
+ }
+
+-static int
++int
+ _adcli_strv_has_ex (char **strv,
+ const char *str,
+ int (* compare) (const char *match, const char*value))
+--
+2.11.0
+
diff --git a/patches/adcli/0044-library-_adcli_krb5_build_principal-allow-principals.patch b/patches/adcli/0044-library-_adcli_krb5_build_principal-allow-principals.patch
new file mode 100644
index 0000000..061c6f2
--- /dev/null
+++ b/patches/adcli/0044-library-_adcli_krb5_build_principal-allow-principals.patch
@@ -0,0 +1,42 @@
+From 10a4dbb5978b6f05cf75f820d97da908e735ace8 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 22 Mar 2019 10:37:11 +0100
+Subject: [PATCH 44/55] library: _adcli_krb5_build_principal allow principals
+ as names
+
+Make _adcli_krb5_build_principal a bit more robust by checking if the
+given name already contains a realm suffix.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
+---
+ library/adkrb5.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/library/adkrb5.c b/library/adkrb5.c
+index 7f77373..da835d7 100644
+--- a/library/adkrb5.c
++++ b/library/adkrb5.c
+@@ -41,12 +41,16 @@ _adcli_krb5_build_principal (krb5_context k5,
+ krb5_principal *principal)
+ {
+ krb5_error_code code;
+- char *name;
++ char *name = NULL;
+
+- if (asprintf (&name, "%s@%s", user, realm) < 0)
+- return_val_if_reached (ENOMEM);
++ /* Use user if user contains a @-character and add @realm otherwise */
++ if (strchr (user, '@') == NULL) {
++ if (asprintf (&name, "%s@%s", user, realm) < 0) {
++ return_val_if_reached (ENOMEM);
++ }
++ }
+
+- code = krb5_parse_name (k5, name, principal);
++ code = krb5_parse_name (k5, name != NULL ? name : user, principal);
+ return_val_if_fail (code == 0, code);
+
+ free (name);
+--
+2.11.0
+
diff --git a/patches/adcli/0045-library-make-sure-server-side-SPNs-are-preserved.patch b/patches/adcli/0045-library-make-sure-server-side-SPNs-are-preserved.patch
new file mode 100644
index 0000000..06a2057
--- /dev/null
+++ b/patches/adcli/0045-library-make-sure-server-side-SPNs-are-preserved.patch
@@ -0,0 +1,82 @@
+From 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 22 Mar 2019 10:37:57 +0100
+Subject: [PATCH 45/55] library: make sure server side SPNs are preserved
+
+adcli should not delete service principal names (SPNs) unexpectedly. If
+a SPN was added on the server while presetting a host or updating an
+existing entry and upcoming adcli join or update should preserver this
+change.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
+---
+ library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
+
+diff --git a/library/adenroll.c b/library/adenroll.c
+index 48cb4cf..1cce86a 100644
+--- a/library/adenroll.c
++++ b/library/adenroll.c
+@@ -1962,6 +1962,47 @@ adcli_enroll_prepare (adcli_enroll *enroll,
+ }
+
+ static adcli_result
++add_server_side_service_principals (adcli_enroll *enroll)
++{
++ char **spn_list;
++ LDAP *ldap;
++ size_t c;
++ int length = 0;
++ adcli_result res;
++
++ ldap = adcli_conn_get_ldap_connection (enroll->conn);
++ assert (ldap != NULL);
++
++ spn_list = _adcli_ldap_parse_values (ldap, enroll->computer_attributes,
++ "servicePrincipalName");
++ if (spn_list == NULL) {
++ return ADCLI_SUCCESS;
++ }
++
++ if (enroll->service_principals != NULL) {
++ length = seq_count (enroll->service_principals);
++ }
++
++ for (c = 0; spn_list[c] != NULL; c++) {
++ _adcli_info ("Checking %s", spn_list[c]);
++ if (!_adcli_strv_has_ex (enroll->service_principals_to_remove, spn_list[c], strcasecmp)) {
++ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
++ spn_list[c], &length, false);
++ assert (enroll->service_principals != NULL);
++ _adcli_info (" Added %s", spn_list[c]);
++ }
++ }
++ _adcli_strv_free (spn_list);
++
++ res = ensure_keytab_principals (ADCLI_SUCCESS, enroll);
++ if (res != ADCLI_SUCCESS) {
++ return res;
++ }
++
++ return ADCLI_SUCCESS;
++}
++
++static adcli_result
+ enroll_join_or_update_tasks (adcli_enroll *enroll,
+ adcli_enroll_flags flags)
+ {
+@@ -2019,6 +2060,11 @@ enroll_join_or_update_tasks (adcli_enroll *enroll,
+ update_and_calculate_enctypes (enroll);
+ update_computer_account (enroll);
+
++ res = add_server_side_service_principals (enroll);
++ if (res != ADCLI_SUCCESS) {
++ return res;
++ }
++
+ /* service_names is only set from input on the command line, so no
+ * additional check for explicit is needed here */
+ if (enroll->service_names != NULL) {
+--
+2.11.0
+
diff --git a/patches/adcli/0046-Implement-adcli-testjoin.patch b/patches/adcli/0046-Implement-adcli-testjoin.patch
new file mode 100644
index 0000000..a20f1be
--- /dev/null
+++ b/patches/adcli/0046-Implement-adcli-testjoin.patch
@@ -0,0 +1,181 @@
+From 6fd99ff6c5dd6ef0be8d942989b1c6dcee3102d9 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 22 Mar 2019 12:37:39 +0100
+Subject: [PATCH 46/55] Implement 'adcli testjoin'
+
+By calling adcli testjoin it will be checked if the host credentials
+stored in the keytab are still valid.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1622583
+---
+ doc/adcli.xml | 34 ++++++++++++++++++++++++++
+ tools/computer.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ tools/tools.c | 1 +
+ tools/tools.h | 4 ++++
+ 4 files changed, 111 insertions(+)
+
+diff --git a/doc/adcli.xml b/doc/adcli.xml
+index af73433..9605b4a 100644
+--- a/doc/adcli.xml
++++ b/doc/adcli.xml
+@@ -44,6 +44,9 @@
+ <command>adcli update</command>
+ </cmdsynopsis>
+ <cmdsynopsis>
++ <command>adcli testjoin</command>
++ </cmdsynopsis>
++ <cmdsynopsis>
+ <command>adcli create-user</command>
+ <arg choice="opt">--domain=domain.example.com</arg>
+ <arg choice="plain">user</arg>
+@@ -474,6 +477,37 @@ $ adcli update --login-ccache=/tmp/krbcc_123
+
+ </refsect1>
+
++<refsect1 id='testjoin'>
++ <title>Testing if the machine account password is valid</title>
++
++ <para><command>adcli testjoin</command> uses the current credentials in
++ the keytab and tries to authenticate with the machine account to the AD
++ domain. If this works the machine account password and the join are
++ still valid. If it fails the machine account password or the whole
++ machine account have to be refreshed with
++ <command>adcli join</command> or <command>adcli update</command>.
++ </para>
++
++<programlisting>
++$ adcli testjoin
++</programlisting>
++
++ <para>Only the global options not related to authentication are
++ available, additionally you can specify the following options to
++ control how this operation is done.</para>
++
++ <variablelist>
++ <varlistentry>
++ <term><option>-K, --host-keytab=<parameter>/path/to/keytab</parameter></option></term>
++ <listitem><para>Specify the path to the host keytab where
++ current host credentials are stored and the new ones
++ will be written to. If not specified, the default
++ location will be used, usually
++ <filename>/etc/krb5.keytab</filename>.</para></listitem>
++ </varlistentry>
++ </variablelist>
++</refsect1>
++
+ <refsect1 id='create_user'>
+ <title>Creating a User</title>
+
+diff --git a/tools/computer.c b/tools/computer.c
+index 112340e..610ed2b 100644
+--- a/tools/computer.c
++++ b/tools/computer.c
+@@ -566,6 +566,78 @@ adcli_tool_computer_update (adcli_conn *conn,
+ return 0;
+ }
+
++int
++adcli_tool_computer_testjoin (adcli_conn *conn,
++ int argc,
++ char *argv[])
++{
++ adcli_enroll *enroll;
++ adcli_result res;
++ const char *ktname;
++ int opt;
++
++ struct option options[] = {
++ { "domain", required_argument, NULL, opt_domain },
++ { "domain-controller", required_argument, NULL, opt_domain_controller },
++ { "host-keytab", required_argument, 0, opt_host_keytab },
++ { "verbose", no_argument, NULL, opt_verbose },
++ { "help", no_argument, NULL, 'h' },
++ { 0 },
++ };
++
++ static adcli_tool_desc usages[] = {
++ { 0, "usage: adcli testjoin" },
++ { 0 },
++ };
++
++ enroll = adcli_enroll_new (conn);
++ if (enroll == NULL)
++ errx (-1, "unexpected memory problems");
++
++ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
++ switch (opt) {
++ case 'h':
++ case '?':
++ case ':':
++ adcli_tool_usage (options, usages);
++ adcli_tool_usage (options, common_usages);
++ adcli_enroll_unref (enroll);
++ return opt == 'h' ? 0 : 2;
++ default:
++ parse_option ((Option)opt, optarg, conn, enroll);
++ break;
++ }
++ }
++
++ /* Force use of a keytab to test the join/machine account password */
++ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_COMPUTER_ACCOUNT);
++ ktname = adcli_enroll_get_keytab_name (enroll);
++ adcli_conn_set_login_keytab_name (conn, ktname ? ktname : "");
++
++ res = adcli_enroll_load (enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
++ errx (-res, "couldn't lookup domain info from keytab: %s",
++ adcli_get_last_error ());
++ }
++
++ res = adcli_conn_connect (conn);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ adcli_conn_unref (conn);
++ errx (-res, "couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ }
++
++ printf ("Sucessfully validated join to domain %s\n",
++ adcli_conn_get_domain_name (conn));
++
++ adcli_enroll_unref (enroll);
++
++ return 0;
++}
+
+ int
+ adcli_tool_computer_preset (adcli_conn *conn,
+diff --git a/tools/tools.c b/tools/tools.c
+index 915130e..c4e2851 100644
+--- a/tools/tools.c
++++ b/tools/tools.c
+@@ -55,6 +55,7 @@ struct {
+ { "info", adcli_tool_info, "Print information about a domain", CONNECTION_LESS },
+ { "join", adcli_tool_computer_join, "Join this machine to a domain", },
+ { "update", adcli_tool_computer_update, "Update machine membership in a domain", },
++ { "testjoin", adcli_tool_computer_testjoin, "Test if machine account password is valid", },
+ { "preset-computer", adcli_tool_computer_preset, "Pre setup computers accounts", },
+ { "reset-computer", adcli_tool_computer_reset, "Reset a computer account", },
+ { "delete-computer", adcli_tool_computer_delete, "Delete a computer account", },
+diff --git a/tools/tools.h b/tools/tools.h
+index 6c97ccf..8cebbf9 100644
+--- a/tools/tools.h
++++ b/tools/tools.h
+@@ -70,6 +70,10 @@ int adcli_tool_computer_update (adcli_conn *conn,
+ int argc,
+ char *argv[]);
+
++int adcli_tool_computer_testjoin (adcli_conn *conn,
++ int argc,
++ char *argv[]);
++
+ int adcli_tool_computer_delete (adcli_conn *conn,
+ int argc,
+ char *argv[]);
+--
+2.11.0
+
diff --git a/patches/adcli/0047-library-add-missing-strdup.patch b/patches/adcli/0047-library-add-missing-strdup.patch
new file mode 100644
index 0000000..03da80c
--- /dev/null
+++ b/patches/adcli/0047-library-add-missing-strdup.patch
@@ -0,0 +1,34 @@
+From a64cce9830c2e9c26e120f671b247ee71b45c888 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 12 Apr 2019 17:31:41 +0200
+Subject: [PATCH 47/55] library: add missing strdup
+
+In add_server_side_service_principals _adcli_strv_add_unique is called
+which only adds a string to a list without copying to. Since the
+original list will be freed later the value must be copied.
+
+This issue was introduce with 972f1a2f35829ed89f5353bd204683aa9ad6a2d2
+and hence
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
+---
+ library/adenroll.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/library/adenroll.c b/library/adenroll.c
+index 1cce86a..52aa8a8 100644
+--- a/library/adenroll.c
++++ b/library/adenroll.c
+@@ -1987,7 +1987,8 @@ add_server_side_service_principals (adcli_enroll *enroll)
+ _adcli_info ("Checking %s", spn_list[c]);
+ if (!_adcli_strv_has_ex (enroll->service_principals_to_remove, spn_list[c], strcasecmp)) {
+ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
+- spn_list[c], &length, false);
++ strdup (spn_list[c]),
++ &length, false);
+ assert (enroll->service_principals != NULL);
+ _adcli_info (" Added %s", spn_list[c]);
+ }
+--
+2.11.0
+
diff --git a/patches/adcli/0048-Revert-tools-properly-release-internal-data-on-error.patch b/patches/adcli/0048-Revert-tools-properly-release-internal-data-on-error.patch
new file mode 100644
index 0000000..817b4fc
--- /dev/null
+++ b/patches/adcli/0048-Revert-tools-properly-release-internal-data-on-error.patch
@@ -0,0 +1,152 @@
+From 4950d7aef2bd584d239cb0ec031734f261851af9 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 8 Apr 2019 10:56:54 +0200
+Subject: [PATCH 48/55] Revert "tools: properly release internal data on error"
+
+This reverts commit 41fdcb1af885d99a91e27406e9343b322f67756a.
+---
+ tools/computer.c | 39 +++------------------------------------
+ 1 file changed, 3 insertions(+), 36 deletions(-)
+
+diff --git a/tools/computer.c b/tools/computer.c
+index 610ed2b..bee695c 100644
+--- a/tools/computer.c
++++ b/tools/computer.c
+@@ -415,16 +415,11 @@ adcli_tool_computer_join (adcli_conn *conn,
+
+ if (argc == 1)
+ adcli_conn_set_domain_name (conn, argv[0]);
+- else if (argc > 1) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
++ else if (argc > 1)
+ errx (2, "extra arguments specified");
+- }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -432,8 +427,6 @@ adcli_tool_computer_join (adcli_conn *conn,
+
+ res = adcli_enroll_join (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "joining domain %s failed: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -532,16 +525,12 @@ adcli_tool_computer_update (adcli_conn *conn,
+
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't lookup domain info from keytab: %s",
+ adcli_get_last_error ());
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -549,8 +538,6 @@ adcli_tool_computer_update (adcli_conn *conn,
+
+ res = adcli_enroll_update (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "updating membership with domain %s failed: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -715,8 +702,6 @@ adcli_tool_computer_preset (adcli_conn *conn,
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -730,8 +715,6 @@ adcli_tool_computer_preset (adcli_conn *conn,
+
+ res = adcli_enroll_join (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "presetting %s in %s domain failed: %s", argv[i],
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -796,16 +779,11 @@ adcli_tool_computer_reset (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
++ if (argc != 1)
+ errx (EUSAGE, "specify one host name of computer account to reset");
+- }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -816,8 +794,6 @@ adcli_tool_computer_reset (adcli_conn *conn,
+
+ res = adcli_enroll_password (enroll, 0);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "resetting %s in %s domain failed: %s", argv[0],
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -877,26 +853,19 @@ adcli_tool_computer_delete (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc > 1) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
++ if (argc > 1)
+ errx (EUSAGE, "specify one host name of computer account to delete");
+- }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't lookup domain info from keytab: %s",
+ adcli_get_last_error ());
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+@@ -907,8 +876,6 @@ adcli_tool_computer_delete (adcli_conn *conn,
+
+ res = adcli_enroll_delete (enroll, 0);
+ if (res != ADCLI_SUCCESS) {
+- adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+ errx (-res, "deleting %s in %s domain failed: %s", argv[0],
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
+--
+2.11.0
+
diff --git a/patches/adcli/0049-tools-remove-errx-from-computer-commands.patch b/patches/adcli/0049-tools-remove-errx-from-computer-commands.patch
new file mode 100644
index 0000000..7ac9866
--- /dev/null
+++ b/patches/adcli/0049-tools-remove-errx-from-computer-commands.patch
@@ -0,0 +1,328 @@
+From fa7926c7a9d92bc7c42c610ba6f1706c635aa901 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 15 Apr 2019 17:54:27 +0200
+Subject: [PATCH 49/55] tools: remove errx from computer commands
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/computer.c | 166 +++++++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 107 insertions(+), 59 deletions(-)
+
+diff --git a/tools/computer.c b/tools/computer.c
+index bee695c..9cbbb28 100644
+--- a/tools/computer.c
++++ b/tools/computer.c
+@@ -379,8 +379,10 @@ adcli_tool_computer_join (adcli_conn *conn,
+ };
+
+ enroll = adcli_enroll_new (conn);
+- if (enroll == NULL)
+- errx (-1, "unexpected memory problems");
++ if (enroll == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
+ switch (opt) {
+@@ -415,21 +417,28 @@ adcli_tool_computer_join (adcli_conn *conn,
+
+ if (argc == 1)
+ adcli_conn_set_domain_name (conn, argv[0]);
+- else if (argc > 1)
+- errx (2, "extra arguments specified");
++ else if (argc > 1) {
++ warnx ("extra arguments specified");
++ adcli_enroll_unref (enroll);
++ return 2;
++ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ res = adcli_enroll_join (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "joining domain %s failed: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("joining domain %s failed: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ if (details)
+@@ -486,8 +495,10 @@ adcli_tool_computer_update (adcli_conn *conn,
+ };
+
+ enroll = adcli_enroll_new (conn);
+- if (enroll == NULL)
+- errx (-1, "unexpected memory problems");
++ if (enroll == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
+ switch (opt) {
+@@ -525,22 +536,28 @@ adcli_tool_computer_update (adcli_conn *conn,
+
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't lookup domain info from keytab: %s",
+- adcli_get_last_error ());
++ warnx ("couldn't lookup domain info from keytab: %s",
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ res = adcli_enroll_update (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "updating membership with domain %s failed: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("updating membership with domain %s failed: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ if (details)
+@@ -578,8 +595,10 @@ adcli_tool_computer_testjoin (adcli_conn *conn,
+ };
+
+ enroll = adcli_enroll_new (conn);
+- if (enroll == NULL)
+- errx (-1, "unexpected memory problems");
++ if (enroll == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
+ switch (opt) {
+@@ -604,18 +623,18 @@ adcli_tool_computer_testjoin (adcli_conn *conn,
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
+ adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+- errx (-res, "couldn't lookup domain info from keytab: %s",
+- adcli_get_last_error ());
++ warnx ("couldn't lookup domain info from keytab: %s",
++ adcli_get_last_error ());
++ return -res;
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+ adcli_enroll_unref (enroll);
+- adcli_conn_unref (conn);
+- errx (-res, "couldn't connect to %s domain: %s",
++ warnx ("couldn't connect to %s domain: %s",
+ adcli_conn_get_domain_name (conn),
+ adcli_get_last_error ());
++ return -res;
+ }
+
+ printf ("Sucessfully validated join to domain %s\n",
+@@ -665,8 +684,10 @@ adcli_tool_computer_preset (adcli_conn *conn,
+ };
+
+ enroll = adcli_enroll_new (conn);
+- if (enroll == NULL)
+- errx (-1, "unexpected memory problems");
++ if (enroll == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+ flags = ADCLI_ENROLL_NO_KEYTAB;
+
+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
+@@ -694,17 +715,22 @@ adcli_tool_computer_preset (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc < 1)
+- errx (EUSAGE, "specify one or more host names of computer accounts to preset");
++ if (argc < 1) {
++ warnx ("specify one or more host names of computer accounts to preset");
++ adcli_enroll_unref (enroll);
++ return EUSAGE;
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+ reset_password = (adcli_enroll_get_computer_password (enroll) == NULL);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ for (i = 0; i < argc; i++) {
+@@ -715,9 +741,11 @@ adcli_tool_computer_preset (adcli_conn *conn,
+
+ res = adcli_enroll_join (enroll, flags);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "presetting %s in %s domain failed: %s", argv[i],
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("presetting %s in %s domain failed: %s", argv[i],
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ printf ("computer-name: %s\n", adcli_enroll_get_computer_name (enroll));
+@@ -758,8 +786,10 @@ adcli_tool_computer_reset (adcli_conn *conn,
+ };
+
+ enroll = adcli_enroll_new (conn);
+- if (enroll == NULL)
+- errx (-1, "unexpected memory problems");
++ if (enroll == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
+ switch (opt) {
+@@ -779,14 +809,19 @@ adcli_tool_computer_reset (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1)
+- errx (EUSAGE, "specify one host name of computer account to reset");
++ if (argc != 1) {
++ warnx ("specify one host name of computer account to reset");
++ adcli_enroll_unref (enroll);
++ return EUSAGE;
++ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ parse_fqdn_or_name (enroll, argv[0]);
+@@ -794,9 +829,11 @@ adcli_tool_computer_reset (adcli_conn *conn,
+
+ res = adcli_enroll_password (enroll, 0);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "resetting %s in %s domain failed: %s", argv[0],
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("resetting %s in %s domain failed: %s", argv[0],
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ adcli_enroll_unref (enroll);
+@@ -832,8 +869,10 @@ adcli_tool_computer_delete (adcli_conn *conn,
+ };
+
+ enroll = adcli_enroll_new (conn);
+- if (enroll == NULL)
+- errx (-1, "unexpected memory problems");
++ if (enroll == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ while ((opt = adcli_tool_getopt (argc, argv, options)) != -1) {
+ switch (opt) {
+@@ -853,22 +892,29 @@ adcli_tool_computer_delete (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc > 1)
+- errx (EUSAGE, "specify one host name of computer account to delete");
++ if (argc > 1) {
++ warnx ("specify one host name of computer account to delete");
++ adcli_enroll_unref (enroll);
++ return EUSAGE;
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_enroll_load (enroll);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't lookup domain info from keytab: %s",
+- adcli_get_last_error ());
++ warnx ("couldn't lookup domain info from keytab: %s",
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ if (argc == 1)
+@@ -876,9 +922,11 @@ adcli_tool_computer_delete (adcli_conn *conn,
+
+ res = adcli_enroll_delete (enroll, 0);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "deleting %s in %s domain failed: %s", argv[0],
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("deleting %s in %s domain failed: %s", argv[0],
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_enroll_unref (enroll);
++ return -res;
+ }
+
+ adcli_enroll_unref (enroll);
+--
+2.11.0
+
diff --git a/patches/adcli/0050-tools-remove-errx-from-user-and-group-commands.patch b/patches/adcli/0050-tools-remove-errx-from-user-and-group-commands.patch
new file mode 100644
index 0000000..3eebc83
--- /dev/null
+++ b/patches/adcli/0050-tools-remove-errx-from-user-and-group-commands.patch
@@ -0,0 +1,398 @@
+From cac0fa9df8888245399f2db187e05e31f93d1471 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 15 Apr 2019 17:56:37 +0200
+Subject: [PATCH 50/55] tools: remove errx from user and group commands
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/entry.c | 232 ++++++++++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 154 insertions(+), 78 deletions(-)
+
+diff --git a/tools/entry.c b/tools/entry.c
+index de56586..97ec6e7 100644
+--- a/tools/entry.c
++++ b/tools/entry.c
+@@ -232,21 +232,30 @@ adcli_tool_user_create (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1)
+- errx (2, "specify one user name to create");
++ if (argc != 1) {
++ warnx ("specify one user name to create");
++ adcli_attrs_free (attrs);
++ return 2;
++ }
+
+ entry = adcli_entry_new_user (conn, argv[0]);
+- if (entry == NULL)
+- errx (-1, "unexpected memory problems");
++ if (entry == NULL) {
++ warnx ("unexpected memory problems");
++ adcli_attrs_free (attrs);
++ return -1;
++ }
+ adcli_entry_set_domain_ou (entry, ou);
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ adcli_attrs_free (attrs);
++ return -res;
+ }
+
+ if (has_unix_attr && !has_nis_domain) {
+@@ -254,16 +263,20 @@ adcli_tool_user_create (adcli_conn *conn,
+ if (res != ADCLI_SUCCESS) {
+ adcli_entry_unref (entry);
+ adcli_attrs_free (attrs);
+- errx (-res, "couldn't get NIS domain");
++ warnx ("couldn't get NIS domain");
++ return -res;
+ }
+ }
+
+ res = adcli_entry_create (entry, attrs);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "creating user %s in domain %s failed: %s",
+- adcli_entry_get_sam_name (entry),
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("creating user %s in domain %s failed: %s",
++ adcli_entry_get_sam_name (entry),
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ adcli_attrs_free (attrs);
++ return -res;
+ }
+
+ adcli_entry_unref (entry);
+@@ -317,28 +330,36 @@ adcli_tool_user_delete (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1)
+- errx (2, "specify one user name to delete");
++ if (argc != 1) {
++ warnx ("specify one user name to delete");
++ return 2;
++ }
+
+ entry = adcli_entry_new_user (conn, argv[0]);
+- if (entry == NULL)
+- errx (-1, "unexpected memory problems");
++ if (entry == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ res = adcli_entry_delete (entry);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "deleting user %s in domain %s failed: %s",
+- adcli_entry_get_sam_name (entry),
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("deleting user %s in domain %s failed: %s",
++ adcli_entry_get_sam_name (entry),
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ adcli_entry_unref (entry);
+@@ -404,29 +425,41 @@ adcli_tool_group_create (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1)
+- errx (2, "specify one group to create");
++ if (argc != 1) {
++ warnx ("specify one group to create");
++ adcli_attrs_free (attrs);
++ return 2;
++ }
+
+ entry = adcli_entry_new_group (conn, argv[0]);
+- if (entry == NULL)
+- errx (-1, "unexpected memory problems");
++ if (entry == NULL) {
++ warnx ("unexpected memory problems");
++ adcli_attrs_free (attrs);
++ return -1;
++ }
+ adcli_entry_set_domain_ou (entry, ou);
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to domain %s: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to domain %s: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ adcli_attrs_free (attrs);
++ return -res;
+ }
+
+ res = adcli_entry_create (entry, attrs);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "creating group %s in domain %s failed: %s",
+- adcli_entry_get_sam_name (entry),
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("creating group %s in domain %s failed: %s",
++ adcli_entry_get_sam_name (entry),
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ adcli_attrs_free (attrs);
++ return -res;
+ }
+
+ adcli_entry_unref (entry);
+@@ -480,28 +513,36 @@ adcli_tool_group_delete (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc != 1)
+- errx (2, "specify one group name to delete");
++ if (argc != 1) {
++ warnx ("specify one group name to delete");
++ return 2;
++ }
+
+ entry = adcli_entry_new_group (conn, argv[0]);
+- if (entry == NULL)
+- errx (-1, "unexpected memory problems");
++ if (entry == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ res = adcli_entry_delete (entry);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "deleting group %s in domain %s failed: %s",
+- adcli_entry_get_sam_name (entry),
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("deleting group %s in domain %s failed: %s",
++ adcli_entry_get_sam_name (entry),
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ adcli_entry_unref (entry);
+@@ -509,7 +550,7 @@ adcli_tool_group_delete (adcli_conn *conn,
+ return 0;
+ }
+
+-static void
++static int
+ expand_user_dn_as_member (adcli_conn *conn,
+ adcli_attrs *attrs,
+ const char *user,
+@@ -523,16 +564,19 @@ expand_user_dn_as_member (adcli_conn *conn,
+
+ res = adcli_entry_load (entry);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't lookup user %s in domain %s: %s",
+- user, adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't lookup user %s in domain %s: %s",
++ user, adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ dn = adcli_entry_get_dn (entry);
+ if (dn == NULL) {
+- errx (-ADCLI_ERR_CONFIG,
+- "couldn't found user %s in domain %s",
+- user, adcli_conn_get_domain_name (conn));
++ warnx ("couldn't found user %s in domain %s",
++ user, adcli_conn_get_domain_name (conn));
++ adcli_entry_unref (entry);
++ return -ADCLI_ERR_CONFIG;
+ }
+
+ if (adding)
+@@ -541,6 +585,8 @@ expand_user_dn_as_member (adcli_conn *conn,
+ adcli_attrs_delete1 (attrs, "member", dn);
+
+ adcli_entry_unref (entry);
++
++ return ADCLI_SUCCESS;
+ }
+
+ int
+@@ -590,33 +636,48 @@ adcli_tool_member_add (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc < 2)
+- errx (2, "specify a group name and a user to add");
++ if (argc < 2) {
++ warnx ("specify a group name and a user to add");
++ return 2;
++ }
+
+ entry = adcli_entry_new_group (conn, argv[0]);
+- if (entry == NULL)
+- errx (-1, "unexpected memory problems");
++ if (entry == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ attrs = adcli_attrs_new ();
+
+- for (i = 1; i < argc; i++)
+- expand_user_dn_as_member (conn, attrs, argv[i], 1);
++ for (i = 1; i < argc; i++) {
++ res = expand_user_dn_as_member (conn, attrs, argv[i], 1);
++ if (res != ADCLI_SUCCESS) {
++ adcli_attrs_free (attrs);
++ adcli_entry_unref (entry);
++ return res;
++ }
++ }
+
+ res = adcli_entry_modify (entry, attrs);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "adding member(s) to group %s in domain %s failed: %s",
+- adcli_entry_get_sam_name (entry),
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("adding member(s) to group %s in domain %s failed: %s",
++ adcli_entry_get_sam_name (entry),
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_attrs_free (attrs);
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ adcli_attrs_free (attrs);
+@@ -672,33 +733,48 @@ adcli_tool_member_remove (adcli_conn *conn,
+ argc -= optind;
+ argv += optind;
+
+- if (argc < 2)
+- errx (2, "specify a group name and a user to remove");
++ if (argc < 2) {
++ warnx ("specify a group name and a user to remove");
++ return 2;
++ }
+
+ entry = adcli_entry_new_group (conn, argv[0]);
+- if (entry == NULL)
+- errx (-1, "unexpected memory problems");
++ if (entry == NULL) {
++ warnx ("unexpected memory problems");
++ return -1;
++ }
+
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ res = adcli_conn_connect (conn);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "couldn't connect to %s domain: %s",
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("couldn't connect to %s domain: %s",
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ attrs = adcli_attrs_new ();
+
+- for (i = 1; i < argc; i++)
+- expand_user_dn_as_member (conn, attrs, argv[i], 0);
++ for (i = 1; i < argc; i++) {
++ res = expand_user_dn_as_member (conn, attrs, argv[i], 0);
++ if (res != ADCLI_SUCCESS) {
++ adcli_attrs_free (attrs);
++ adcli_entry_unref (entry);
++ return res;
++ }
++ }
+
+ res = adcli_entry_modify (entry, attrs);
+ if (res != ADCLI_SUCCESS) {
+- errx (-res, "adding member(s) to group %s in domain %s failed: %s",
+- adcli_entry_get_sam_name (entry),
+- adcli_conn_get_domain_name (conn),
+- adcli_get_last_error ());
++ warnx ("adding member(s) to group %s in domain %s failed: %s",
++ adcli_entry_get_sam_name (entry),
++ adcli_conn_get_domain_name (conn),
++ adcli_get_last_error ());
++ adcli_attrs_free (attrs);
++ adcli_entry_unref (entry);
++ return -res;
+ }
+
+ adcli_attrs_free (attrs);
+--
+2.11.0
+
diff --git a/patches/adcli/0051-tools-remove-errx-from-info-commands.patch b/patches/adcli/0051-tools-remove-errx-from-info-commands.patch
new file mode 100644
index 0000000..1bb491d
--- /dev/null
+++ b/patches/adcli/0051-tools-remove-errx-from-info-commands.patch
@@ -0,0 +1,53 @@
+From 4794812cc98c8783921f534d20dae8b44f3826d2 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 15 Apr 2019 17:57:37 +0200
+Subject: [PATCH 51/55] tools: remove errx from info commands
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/info.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/tools/info.c b/tools/info.c
+index e7e20ad..c63e0ff 100644
+--- a/tools/info.c
++++ b/tools/info.c
+@@ -162,21 +162,28 @@ adcli_tool_info (adcli_conn *unused,
+
+ if (argc == 1)
+ domain = argv[0];
+- else if (argc != 0)
+- errx (2, "specify one user name to create");
++ else if (argc != 0) {
++ warnx ("specify one user name to create");
++ return 2;
++ }
+
+ if (server) {
+ adcli_disco_host (server, &disco);
+- if (disco == NULL)
+- errx (1, "couldn't discover domain controller: %s", server);
++ if (disco == NULL) {
++ warnx ("couldn't discover domain controller: %s", server);
++ return 1;
++ }
+ for_host = 1;
+ } else if (domain) {
+ adcli_disco_domain (domain, &disco);
+- if (disco == NULL)
+- errx (1, "couldn't discover domain: %s", domain);
++ if (disco == NULL) {
++ warnx ("couldn't discover domain: %s", domain);
++ return 1;
++ }
+ for_host = 0;
+ } else {
+- errx (2, "specify a domain to discover");
++ warnx ("specify a domain to discover");
++ return 2;
+ }
+
+ print_info (disco, for_host);
+--
+2.11.0
+
diff --git a/patches/adcli/0052-tools-remove-errx-from-adcli_read_password_func.patch b/patches/adcli/0052-tools-remove-errx-from-adcli_read_password_func.patch
new file mode 100644
index 0000000..d2f58ff
--- /dev/null
+++ b/patches/adcli/0052-tools-remove-errx-from-adcli_read_password_func.patch
@@ -0,0 +1,42 @@
+From 251d7d0c71226afb8e51f7bc5794a7a3164f5a20 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 15 Apr 2019 17:59:17 +0200
+Subject: [PATCH 52/55] tools: remove errx from adcli_read_password_func
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/tools.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tools.c b/tools/tools.c
+index c4e2851..bdf6d38 100644
+--- a/tools/tools.c
++++ b/tools/tools.c
+@@ -247,7 +247,9 @@ adcli_read_password_func (adcli_login_type login_type,
+ if (res < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+- err (EFAIL, "couldn't read password from stdin");
++ warn ("couldn't read password from stdin");
++ free (buffer);
++ return NULL;
+
+ } else if (res == 0) {
+ buffer[offset] = '\0';
+@@ -261,8 +263,11 @@ adcli_read_password_func (adcli_login_type login_type,
+ return buffer;
+
+ } else {
+- if (memchr (buffer + offset, 0, res))
+- errx (EUSAGE, "unsupported null character present in password");
++ if (memchr (buffer + offset, 0, res)) {
++ warnx ("unsupported null character present in password");
++ free (buffer);
++ return NULL;
++ }
+ offset += res;
+ }
+ }
+--
+2.11.0
+
diff --git a/patches/adcli/0053-tools-remove-errx-from-setup_krb5_conf_directory.patch b/patches/adcli/0053-tools-remove-errx-from-setup_krb5_conf_directory.patch
new file mode 100644
index 0000000..d193791
--- /dev/null
+++ b/patches/adcli/0053-tools-remove-errx-from-setup_krb5_conf_directory.patch
@@ -0,0 +1,63 @@
+From b8f5d995d30c17eb8bec3ac5e0777ea94f5b76c3 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 15 Apr 2019 18:00:52 +0200
+Subject: [PATCH 53/55] tools: remove errx from setup_krb5_conf_directory
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/tools.c | 38 ++++++++++++++++++++++++--------------
+ 1 file changed, 24 insertions(+), 14 deletions(-)
+
+diff --git a/tools/tools.c b/tools/tools.c
+index bdf6d38..fc9fa9a 100644
+--- a/tools/tools.c
++++ b/tools/tools.c
+@@ -327,21 +327,31 @@ setup_krb5_conf_directory (adcli_conn *conn)
+ }
+
+ if (asprintf (&directory, "%s%sadcli-krb5-XXXXXX", parent,
+- (parent[0] && parent[strlen(parent) - 1] == '/') ? "" : "/") < 0)
+- errx (1, "unexpected: out of memory");
+-
+- if (mkdtemp (directory) == NULL) {
+- errn = errno;
++ (parent[0] && parent[strlen(parent) - 1] == '/') ? "" : "/") < 0) {
++ warnx ("unexpected: out of memory");
++ directory = NULL; /* content is undefined */
+ failed = 1;
+- warnx ("couldn't create temporary directory in: %s: %s",
+- parent, strerror (errn));
+- } else {
+- if (asprintf (&filename, "%s/krb5.conf", directory) < 0 ||
+- asprintf (&snippets, "%s/krb5.d", directory) < 0 ||
+- asprintf (&contents, "includedir %s\n%s%s\n", snippets,
+- krb5_conf ? "include " : "",
+- krb5_conf ? krb5_conf : "") < 0)
+- errx (1, "unexpected: out of memory");
++ }
++
++ if (!failed) {
++ if (mkdtemp (directory) == NULL) {
++ errn = errno;
++ failed = 1;
++ warnx ("couldn't create temporary directory in: %s: %s",
++ parent, strerror (errn));
++ } else {
++ if (asprintf (&filename, "%s/krb5.conf", directory) < 0 ||
++ asprintf (&snippets, "%s/krb5.d", directory) < 0 ||
++ asprintf (&contents, "includedir %s\n%s%s\n", snippets,
++ krb5_conf ? "include " : "",
++ krb5_conf ? krb5_conf : "") < 0) {
++ warnx ("unexpected: out of memory");
++ filename = NULL; /* content is undefined */
++ snippets = NULL; /* content is undefined */
++ contents = NULL; /* content is undefined */
++ failed = 1;
++ }
++ }
+ }
+
+ if (!failed) {
+--
+2.11.0
+
diff --git a/patches/adcli/0054-tools-entry-remove-errx-from-parse_option.patch b/patches/adcli/0054-tools-entry-remove-errx-from-parse_option.patch
new file mode 100644
index 0000000..970f854
--- /dev/null
+++ b/patches/adcli/0054-tools-entry-remove-errx-from-parse_option.patch
@@ -0,0 +1,175 @@
+From d9912e19e48ec482351b9c384140ad71922ec5c0 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 8 Apr 2019 17:22:00 +0200
+Subject: [PATCH 54/55] tools: entry - remove errx from parse_option
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/entry.c | 70 +++++++++++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 47 insertions(+), 23 deletions(-)
+
+diff --git a/tools/entry.c b/tools/entry.c
+index 97ec6e7..f361845 100644
+--- a/tools/entry.c
++++ b/tools/entry.c
+@@ -81,7 +81,7 @@ static adcli_tool_desc common_usages[] = {
+ { 0 },
+ };
+
+-static void
++static int
+ parse_option (Option opt,
+ const char *optarg,
+ adcli_conn *conn)
+@@ -93,54 +93,58 @@ parse_option (Option opt,
+ switch (opt) {
+ case opt_login_ccache:
+ adcli_conn_set_login_ccache_name (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_login_user:
+ adcli_conn_set_login_user (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain:
+ adcli_conn_set_domain_name (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain_realm:
+ adcli_conn_set_domain_realm (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain_controller:
+ adcli_conn_set_domain_controller (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_no_password:
+ if (stdin_password || prompt_password) {
+- errx (EUSAGE, "cannot use --no-password argument with %s",
+- stdin_password ? "--stdin-password" : "--prompt-password");
++ warnx ("cannot use --no-password argument with %s",
++ stdin_password ? "--stdin-password" : "--prompt-password");
++ return EUSAGE;
+ } else {
+ adcli_conn_set_password_func (conn, NULL, NULL, NULL);
+ no_password = 1;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_prompt_password:
+ if (stdin_password || no_password) {
+- errx (EUSAGE, "cannot use --prompt-password argument with %s",
+- stdin_password ? "--stdin-password" : "--no-password");
++ warnx ("cannot use --prompt-password argument with %s",
++ stdin_password ? "--stdin-password" : "--no-password");
++ return EUSAGE;
+ } else {
+ adcli_conn_set_password_func (conn, adcli_prompt_password_func, NULL, NULL);
+ prompt_password = 1;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_stdin_password:
+ if (prompt_password || no_password) {
+- errx (EUSAGE, "cannot use --stdin-password argument with %s",
+- prompt_password ? "--prompt-password" : "--no-password");
++ warnx ("cannot use --stdin-password argument with %s",
++ prompt_password ? "--prompt-password" : "--no-password");
++ return EUSAGE;
+ } else {
+ adcli_conn_set_password_func (conn, adcli_read_password_func, NULL, NULL);
+ stdin_password = 1;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_verbose:
+- return;
++ return ADCLI_SUCCESS;
+ default:
+ assert (0 && "not reached");
+ break;
+ }
+
+- errx (EUSAGE, "failure to parse option '%c'", opt);
++ warnx ("failure to parse option '%c'", opt);
++ return EUSAGE;
+ }
+
+ int
+@@ -224,7 +228,11 @@ adcli_tool_user_create (adcli_conn *conn,
+ adcli_attrs_free (attrs);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn);
++ res = parse_option ((Option)opt, optarg, conn);
++ if (res != ADCLI_SUCCESS) {
++ adcli_attrs_free (attrs);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -322,7 +330,10 @@ adcli_tool_user_delete (adcli_conn *conn,
+ adcli_tool_usage (options, common_usages);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn);
++ res = parse_option ((Option)opt, optarg, conn);
++ if (res != ADCLI_SUCCESS) {
++ return res;
++ }
+ break;
+ }
+ }
+@@ -417,7 +428,11 @@ adcli_tool_group_create (adcli_conn *conn,
+ adcli_attrs_free (attrs);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn);
++ res = parse_option ((Option)opt, optarg, conn);
++ if (res != ADCLI_SUCCESS) {
++ adcli_attrs_free (attrs);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -505,7 +520,10 @@ adcli_tool_group_delete (adcli_conn *conn,
+ adcli_tool_usage (options, common_usages);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn);
++ res = parse_option ((Option)opt, optarg, conn);
++ if (res != ADCLI_SUCCESS) {
++ return res;
++ }
+ break;
+ }
+ }
+@@ -628,7 +646,10 @@ adcli_tool_member_add (adcli_conn *conn,
+ adcli_tool_usage (options, common_usages);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn);
++ res = parse_option ((Option)opt, optarg, conn);
++ if (res != ADCLI_SUCCESS) {
++ return res;
++ }
+ break;
+ }
+ }
+@@ -725,7 +746,10 @@ adcli_tool_member_remove (adcli_conn *conn,
+ adcli_tool_usage (options, common_usages);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn);
++ res = parse_option ((Option)opt, optarg, conn);
++ if (res != ADCLI_SUCCESS) {
++ return res;
++ }
+ break;
+ }
+ }
+--
+2.11.0
+
diff --git a/patches/adcli/0055-tools-computer-remove-errx-from-parse_option.patch b/patches/adcli/0055-tools-computer-remove-errx-from-parse_option.patch
new file mode 100644
index 0000000..917a43d
--- /dev/null
+++ b/patches/adcli/0055-tools-computer-remove-errx-from-parse_option.patch
@@ -0,0 +1,294 @@
+From f127ddef23a532cd9763190527bf79b4e47fa2ab Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 8 Apr 2019 17:33:17 +0200
+Subject: [PATCH 55/55] tools: computer - remove errx from parse_option
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1588596
+---
+ tools/computer.c | 128 ++++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 80 insertions(+), 48 deletions(-)
+
+diff --git a/tools/computer.c b/tools/computer.c
+index 9cbbb28..ac8a203 100644
+--- a/tools/computer.c
++++ b/tools/computer.c
+@@ -159,7 +159,7 @@ static adcli_tool_desc common_usages[] = {
+ { 0 },
+ };
+
+-static void
++static int
+ parse_option (Option opt,
+ const char *optarg,
+ adcli_conn *conn,
+@@ -175,132 +175,139 @@ parse_option (Option opt,
+ switch (opt) {
+ case opt_login_ccache:
+ adcli_conn_set_login_ccache_name (conn, optarg ? optarg : "");
+- return;
++ return ADCLI_SUCCESS;
+ case opt_login_user:
+ if (adcli_conn_get_allowed_login_types (conn) & ADCLI_LOGIN_USER_ACCOUNT) {
+ adcli_conn_set_login_user (conn, optarg);
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+ } else {
+- errx (EUSAGE, "cannot set --user if --login-type not set to 'user'");
++ warnx ("cannot set --user if --login-type not set to 'user'");
++ return EUSAGE;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_login_type:
+ if (optarg && strcmp (optarg, "computer") == 0) {
+- if (adcli_conn_get_login_user (conn) != NULL)
+- errx (EUSAGE, "cannot set --login-type to 'computer' if --user is set");
+- else
++ if (adcli_conn_get_login_user (conn) != NULL) {
++ warnx ("cannot set --login-type to 'computer' if --user is set");
++ return EUSAGE;
++ } else
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_COMPUTER_ACCOUNT);
+ } else if (optarg && strcmp (optarg, "user") == 0) {
+ adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
+
+ } else {
+- errx (EUSAGE, "unknown login type '%s'", optarg);
++ warnx ("unknown login type '%s'", optarg);
++ return EUSAGE;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_host_fqdn:
+ adcli_conn_set_host_fqdn (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_host_keytab:
+ adcli_enroll_set_keytab_name (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_computer_name:
+ adcli_conn_set_computer_name (conn, optarg);
+ adcli_enroll_set_computer_name (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain:
+ adcli_conn_set_domain_name (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain_realm:
+ adcli_conn_set_domain_realm (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain_controller:
+ adcli_conn_set_domain_controller (conn, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_domain_ou:
+ adcli_enroll_set_domain_ou (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_service_name:
+ adcli_enroll_add_service_name (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_no_password:
+ if (stdin_password || prompt_password) {
+- errx (EUSAGE, "cannot use --no-password argument with %s",
+- stdin_password ? "--stdin-password" : "--prompt-password");
++ warnx ("cannot use --no-password argument with %s",
++ stdin_password ? "--stdin-password" : "--prompt-password");
++ return EUSAGE;
+ } else {
+ adcli_conn_set_password_func (conn, NULL, NULL, NULL);
+ no_password = 1;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_prompt_password:
+ if (stdin_password || no_password) {
+- errx (EUSAGE, "cannot use --prompt-password argument with %s",
+- stdin_password ? "--stdin-password" : "--no-password");
++ warnx ("cannot use --prompt-password argument with %s",
++ stdin_password ? "--stdin-password" : "--no-password");
++ return EUSAGE;
+ } else {
+ adcli_conn_set_password_func (conn, adcli_prompt_password_func, NULL, NULL);
+ prompt_password = 1;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_stdin_password:
+ if (prompt_password || no_password) {
+- errx (EUSAGE, "cannot use --stdin-password argument with %s",
+- prompt_password ? "--prompt-password" : "--no-password");
++ warnx ("cannot use --stdin-password argument with %s",
++ prompt_password ? "--prompt-password" : "--no-password");
++ return EUSAGE;
+ } else {
+ adcli_conn_set_password_func (conn, adcli_read_password_func, NULL, NULL);
+ stdin_password = 1;
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_os_name:
+ adcli_enroll_set_os_name (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_os_version:
+ adcli_enroll_set_os_version (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_os_service_pack:
+ adcli_enroll_set_os_service_pack (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_user_principal:
+ if (optarg && optarg[0])
+ adcli_enroll_set_user_principal (enroll, optarg);
+ else
+ adcli_enroll_auto_user_principal (enroll);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_computer_password_lifetime:
+ errno = 0;
+ lifetime = strtoul (optarg, &endptr, 10);
+ if (errno != 0 || *endptr != '\0' || endptr == optarg) {
+- errx (EUSAGE,
+- "failure to parse value '%s' of option 'computer-password-lifetime'; "
+- "expecting non-negative integer indicating the lifetime in days",
+- optarg);
++ warnx ("failure to parse value '%s' of option 'computer-password-lifetime'; "
++ "expecting non-negative integer indicating the lifetime in days",
++ optarg);
++ return EUSAGE;
+ }
+
+ adcli_enroll_set_computer_password_lifetime (enroll, lifetime);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_samba_data_tool:
+ errno = 0;
+ ret = access (optarg, X_OK);
+ if (ret != 0) {
+ ret = errno;
+- errx (EUSAGE, "Failed to access tool to add Samba data: %s", strerror (ret));
++ warnx ("Failed to access tool to add Samba data: %s", strerror (ret));
++ return EUSAGE;
+ } else {
+ adcli_enroll_set_samba_data_tool (enroll, optarg);
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_trusted_for_delegation:
+ if (strcasecmp (optarg, "true") == 0 || strcasecmp (optarg, "yes") == 0) {
+ adcli_enroll_set_trusted_for_delegation (enroll, true);
+ } else {
+ adcli_enroll_set_trusted_for_delegation (enroll, false);
+ }
+- return;
++ return ADCLI_SUCCESS;
+ case opt_add_service_principal:
+ adcli_enroll_add_service_principal_to_add (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_remove_service_principal:
+ adcli_enroll_add_service_principal_to_remove (enroll, optarg);
+- return;
++ return ADCLI_SUCCESS;
+ case opt_verbose:
+- return;
++ return ADCLI_SUCCESS;
+
+ /* Should be handled by caller */
+ case opt_show_details:
+@@ -311,7 +318,8 @@ parse_option (Option opt,
+ break;
+ }
+
+- errx (EUSAGE, "failure to parse option '%c'", opt);
++ warnx ("failure to parse option '%c'", opt);
++ return EUSAGE;
+ }
+
+ static void
+@@ -407,7 +415,11 @@ adcli_tool_computer_join (adcli_conn *conn,
+ adcli_enroll_unref (enroll);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn, enroll);
++ res = parse_option ((Option)opt, optarg, conn, enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -519,7 +531,11 @@ adcli_tool_computer_update (adcli_conn *conn,
+ adcli_enroll_unref (enroll);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn, enroll);
++ res = parse_option ((Option)opt, optarg, conn, enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -610,7 +626,11 @@ adcli_tool_computer_testjoin (adcli_conn *conn,
+ adcli_enroll_unref (enroll);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn, enroll);
++ res = parse_option ((Option)opt, optarg, conn, enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -707,7 +727,11 @@ adcli_tool_computer_preset (adcli_conn *conn,
+ adcli_enroll_unref (enroll);
+ return 2;
+ default:
+- parse_option ((Option)opt, optarg, conn, enroll);
++ res = parse_option ((Option)opt, optarg, conn, enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -801,7 +825,11 @@ adcli_tool_computer_reset (adcli_conn *conn,
+ adcli_enroll_unref (enroll);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn, enroll);
++ res = parse_option ((Option)opt, optarg, conn, enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ return res;
++ }
+ break;
+ }
+ }
+@@ -884,7 +912,11 @@ adcli_tool_computer_delete (adcli_conn *conn,
+ adcli_enroll_unref (enroll);
+ return opt == 'h' ? 0 : 2;
+ default:
+- parse_option ((Option)opt, optarg, conn, enroll);
++ res = parse_option ((Option)opt, optarg, conn, enroll);
++ if (res != ADCLI_SUCCESS) {
++ adcli_enroll_unref (enroll);
++ return res;
++ }
+ break;
+ }
+ }
+--
+2.11.0
+
--
GitLab