|
 |
59dcbd |
From 5eca1f995ced1ce4ddead4471ac7ac9037bedb73 Mon Sep 17 00:00:00 2001
|
|
|
59dcbd |
From: Sumit Bose <sbose@redhat.com>
|
|
|
59dcbd |
Date: Fri, 1 Jun 2018 21:26:47 +0200
|
|
|
59dcbd |
Subject: [PATCH 2/7] Only update attributes given on the command line
|
|
|
59dcbd |
|
|
|
59dcbd |
When updating attributes of the LDAP computer object we only want to
|
|
|
59dcbd |
update attributes which are related to options given on the command
|
|
|
59dcbd |
line. Otherwise a simple call of 'adcli update' to check if the machine
|
|
|
59dcbd |
account password needs an update might unexpectedly reset other
|
|
|
59dcbd |
attributes as well.
|
|
|
59dcbd |
|
|
|
59dcbd |
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
|
|
|
59dcbd |
https://bugzilla.redhat.com/show_bug.cgi?id=1545568
|
|
|
59dcbd |
https://bugzilla.redhat.com/show_bug.cgi?id=1538730
|
|
|
59dcbd |
---
|
|
|
59dcbd |
library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
|
|
|
59dcbd |
1 file changed, 30 insertions(+), 5 deletions(-)
|
|
|
59dcbd |
|
|
|
59dcbd |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
59dcbd |
index 7c59078..2be6796 100644
|
|
|
59dcbd |
--- a/library/adenroll.c
|
|
|
59dcbd |
+++ b/library/adenroll.c
|
|
|
59dcbd |
@@ -99,8 +99,11 @@ struct _adcli_enroll {
|
|
|
59dcbd |
int user_princpal_generate;
|
|
|
59dcbd |
|
|
|
59dcbd |
char *os_name;
|
|
|
59dcbd |
+ int os_name_explicit;
|
|
|
59dcbd |
char *os_version;
|
|
|
59dcbd |
+ int os_version_explicit;
|
|
|
59dcbd |
char *os_service_pack;
|
|
|
59dcbd |
+ int os_service_pack_explicit;
|
|
|
59dcbd |
|
|
|
59dcbd |
krb5_kvno kvno;
|
|
|
59dcbd |
char *keytab_name;
|
|
|
59dcbd |
@@ -113,6 +116,7 @@ struct _adcli_enroll {
|
|
|
59dcbd |
int computer_password_lifetime_explicit;
|
|
|
59dcbd |
char *samba_data_tool;
|
|
|
59dcbd |
bool trusted_for_delegation;
|
|
|
59dcbd |
+ int trusted_for_delegation_explicit;
|
|
|
59dcbd |
};
|
|
|
59dcbd |
|
|
|
59dcbd |
static adcli_result
|
|
|
59dcbd |
@@ -1212,7 +1216,11 @@ update_computer_account (adcli_enroll *enroll)
|
|
|
59dcbd |
ldap = adcli_conn_get_ldap_connection (enroll->conn);
|
|
|
59dcbd |
return_if_fail (ldap != NULL);
|
|
|
59dcbd |
|
|
|
59dcbd |
- {
|
|
|
59dcbd |
+ /* Only update attributes which are explicitly given on the command
|
|
|
59dcbd |
+ * line. Otherwise 'adcli update' must be always called with the same
|
|
|
59dcbd |
+ * set of options to make sure existing attributes are not deleted or
|
|
|
59dcbd |
+ * overwritten with different values. */
|
|
|
59dcbd |
+ if (enroll->host_fqdn_explicit) {
|
|
|
59dcbd |
char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
|
|
|
59dcbd |
LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
|
|
|
59dcbd |
LDAPMod *mods[] = { &dNSHostName, NULL };
|
|
|
59dcbd |
@@ -1220,7 +1228,7 @@ update_computer_account (adcli_enroll *enroll)
|
|
|
59dcbd |
res |= update_computer_attribute (enroll, ldap, mods);
|
|
|
59dcbd |
}
|
|
|
59dcbd |
|
|
|
59dcbd |
- if (res == ADCLI_SUCCESS) {
|
|
|
59dcbd |
+ if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
|
|
|
59dcbd |
char *vals_userAccountControl[] = { NULL , NULL };
|
|
|
59dcbd |
LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } };
|
|
|
59dcbd |
LDAPMod *mods[] = { &userAccountControl, NULL };
|
|
|
59dcbd |
@@ -1240,12 +1248,25 @@ update_computer_account (adcli_enroll *enroll)
|
|
|
59dcbd |
LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } };
|
|
|
59dcbd |
char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL };
|
|
|
59dcbd |
LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } };
|
|
|
59dcbd |
- LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL };
|
|
|
59dcbd |
+ LDAPMod *mods[] = { NULL, NULL, NULL, NULL };
|
|
|
59dcbd |
+ size_t c = 0;
|
|
|
59dcbd |
|
|
|
59dcbd |
- res |= update_computer_attribute (enroll, ldap, mods);
|
|
|
59dcbd |
+ if (enroll->os_name_explicit) {
|
|
|
59dcbd |
+ mods[c++] = &operatingSystem;
|
|
|
59dcbd |
+ }
|
|
|
59dcbd |
+ if (enroll->os_version_explicit) {
|
|
|
59dcbd |
+ mods[c++] = &operatingSystemVersion;
|
|
|
59dcbd |
+ }
|
|
|
59dcbd |
+ if (enroll->os_service_pack_explicit) {
|
|
|
59dcbd |
+ mods[c++] = &operatingSystemServicePack;
|
|
|
59dcbd |
+ }
|
|
|
59dcbd |
+
|
|
|
59dcbd |
+ if (c != 0) {
|
|
|
59dcbd |
+ res |= update_computer_attribute (enroll, ldap, mods);
|
|
|
59dcbd |
+ }
|
|
|
59dcbd |
}
|
|
|
59dcbd |
|
|
|
59dcbd |
- if (res == ADCLI_SUCCESS) {
|
|
|
59dcbd |
+ if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) {
|
|
|
59dcbd |
char *vals_userPrincipalName[] = { enroll->user_principal, NULL };
|
|
|
59dcbd |
LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, };
|
|
|
59dcbd |
LDAPMod *mods[] = { &userPrincipalName, NULL, };
|
|
|
59dcbd |
@@ -2337,6 +2358,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll,
|
|
|
59dcbd |
if (value && value[0] == '\0')
|
|
|
59dcbd |
value = NULL;
|
|
|
59dcbd |
_adcli_str_set (&enroll->os_name, value);
|
|
|
59dcbd |
+ enroll->os_name_explicit = 1;
|
|
|
59dcbd |
}
|
|
|
59dcbd |
|
|
|
59dcbd |
const char *
|
|
|
59dcbd |
@@ -2354,6 +2376,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll,
|
|
|
59dcbd |
if (value && value[0] == '\0')
|
|
|
59dcbd |
value = NULL;
|
|
|
59dcbd |
_adcli_str_set (&enroll->os_version, value);
|
|
|
59dcbd |
+ enroll->os_version_explicit = 1;
|
|
|
59dcbd |
}
|
|
|
59dcbd |
|
|
|
59dcbd |
const char *
|
|
|
59dcbd |
@@ -2371,6 +2394,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll,
|
|
|
59dcbd |
if (value && value[0] == '\0')
|
|
|
59dcbd |
value = NULL;
|
|
|
59dcbd |
_adcli_str_set (&enroll->os_service_pack, value);
|
|
|
59dcbd |
+ enroll->os_service_pack_explicit = 1;
|
|
|
59dcbd |
}
|
|
|
59dcbd |
|
|
|
59dcbd |
const char *
|
|
|
59dcbd |
@@ -2450,4 +2474,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll,
|
|
|
59dcbd |
return_if_fail (enroll != NULL);
|
|
|
59dcbd |
|
|
|
59dcbd |
enroll->trusted_for_delegation = value;
|
|
|
59dcbd |
+ enroll->trusted_for_delegation_explicit = 1;
|
|
|
59dcbd |
}
|
|
|
59dcbd |
--
|
|
|
59dcbd |
2.14.4
|
|
|
59dcbd |
|