rpms / adcli

Clone
Source Code
GIT

Blame SOURCES/0017-Only-update-attributes-given-on-the-command-line.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   48b328b15ee2fe80ee037e06013c45bbcd9b4a73
  2.   SOURCES
  3.   0017-Only-update-attributes-given-on-the-command-line.patch
Blob History Raw
48b328 
From 27c7dde2c0e84c3bb610d1aadb0fd8faff70d3fa Mon Sep 17 00:00:00 2001
48b328 
From: Sumit Bose <sbose@redhat.com>
48b328 
Date: Fri, 1 Jun 2018 21:26:47 +0200
48b328 
Subject: [PATCH 17/23] Only update attributes given on the command line
48b328
48b328 
When updating attributes of the LDAP computer object we only want to
48b328 
update attributes which are related to options given on the command
48b328 
line. Otherwise a simple call of 'adcli update' to check if the machine
48b328 
account password needs an update might unexpectedly reset other
48b328 
attributes as well.
48b328
48b328 
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
48b328 
           https://bugzilla.redhat.com/show_bug.cgi?id=1545568
48b328 
           https://bugzilla.redhat.com/show_bug.cgi?id=1538730
48b328 
---
48b328 
 library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
48b328 
 1 file changed, 30 insertions(+), 5 deletions(-)
48b328
48b328 
diff --git a/library/adenroll.c b/library/adenroll.c
48b328 
index eca3c37..ee845ef 100644
48b328 
--- a/library/adenroll.c
48b328 
+++ b/library/adenroll.c
48b328 
@@ -99,8 +99,11 @@ struct _adcli_enroll {
48b328 
 	int user_princpal_generate;
48b328
48b328 
 	char *os_name;
48b328 
+	int os_name_explicit;
48b328 
 	char *os_version;
48b328 
+	int os_version_explicit;
48b328 
 	char *os_service_pack;
48b328 
+	int os_service_pack_explicit;
48b328
48b328 
 	krb5_kvno kvno;
48b328 
 	char *keytab_name;
48b328 
@@ -113,6 +116,7 @@ struct _adcli_enroll {
48b328 
 	int computer_password_lifetime_explicit;
48b328 
 	char *samba_data_tool;
48b328 
 	bool trusted_for_delegation;
48b328 
+	int trusted_for_delegation_explicit;
48b328 
 };
48b328
48b328 
 static adcli_result
48b328 
@@ -1212,7 +1216,11 @@ update_computer_account (adcli_enroll *enroll)
48b328 
 	ldap = adcli_conn_get_ldap_connection (enroll->conn);
48b328 
 	return_if_fail (ldap != NULL);
48b328
48b328 
-	{
48b328 
+	/* Only update attributes which are explicitly given on the command
48b328 
+	 * line. Otherwise 'adcli update' must be always called with the same
48b328 
+	 * set of options to make sure existing attributes are not deleted or
48b328 
+	 * overwritten with different values. */
48b328 
+	if (enroll->host_fqdn_explicit) {
48b328 
 		char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
48b328 
 		LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
48b328 
 		LDAPMod *mods[] = { &dNSHostName, NULL };
48b328 
@@ -1220,7 +1228,7 @@ update_computer_account (adcli_enroll *enroll)
48b328 
 		res |= update_computer_attribute (enroll, ldap, mods);
48b328 
 	}
48b328
48b328 
-	if (res == ADCLI_SUCCESS) {
48b328 
+	if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
48b328 
 		char *vals_userAccountControl[] = { NULL , NULL };
48b328 
 		LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } };
48b328 
 		LDAPMod *mods[] = { &userAccountControl, NULL };
48b328 
@@ -1240,12 +1248,25 @@ update_computer_account (adcli_enroll *enroll)
48b328 
 		LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } };
48b328 
 		char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL };
48b328 
 		LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } };
48b328 
-		LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL };
48b328 
+		LDAPMod *mods[] = { NULL, NULL, NULL, NULL };
48b328 
+		size_t c = 0;
48b328
48b328 
-		res |= update_computer_attribute (enroll, ldap, mods);
48b328 
+		if (enroll->os_name_explicit) {
48b328 
+			mods[c++] = &operatingSystem;
48b328 
+		}
48b328 
+		if (enroll->os_version_explicit) {
48b328 
+			mods[c++] = &operatingSystemVersion;
48b328 
+		}
48b328 
+		if (enroll->os_service_pack_explicit) {
48b328 
+			mods[c++] = &operatingSystemServicePack;
48b328 
+		}
48b328 
+
48b328 
+		if (c != 0) {
48b328 
+			res |= update_computer_attribute (enroll, ldap, mods);
48b328 
+		}
48b328 
 	}
48b328
48b328 
-	if (res == ADCLI_SUCCESS) {
48b328 
+	if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) {
48b328 
 		char *vals_userPrincipalName[] = { enroll->user_principal, NULL };
48b328 
 		LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, };
48b328 
 		LDAPMod *mods[] = { &userPrincipalName, NULL, };
48b328 
@@ -2337,6 +2358,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll,
48b328 
 	if (value && value[0] == '\0')
48b328 
 		value = NULL;
48b328 
 	_adcli_str_set (&enroll->os_name, value);
48b328 
+	enroll->os_name_explicit = 1;
48b328 
 }
48b328
48b328 
 const char *
48b328 
@@ -2354,6 +2376,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll,
48b328 
 	if (value && value[0] == '\0')
48b328 
 		value = NULL;
48b328 
 	_adcli_str_set (&enroll->os_version, value);
48b328 
+	enroll->os_version_explicit = 1;
48b328 
 }
48b328
48b328 
 const char *
48b328 
@@ -2371,6 +2394,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll,
48b328 
 	if (value && value[0] == '\0')
48b328 
 		value = NULL;
48b328 
 	_adcli_str_set (&enroll->os_service_pack, value);
48b328 
+	enroll->os_service_pack_explicit = 1;
48b328 
 }
48b328
48b328 
 const char *
48b328 
@@ -2450,4 +2474,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll,
48b328 
 	return_if_fail (enroll != NULL);
48b328
48b328 
 	enroll->trusted_for_delegation = value;
48b328 
+	enroll->trusted_for_delegation_explicit = 1;
48b328 
 }
48b328 
--
48b328 
2.14.4
48b328

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation