rpms / adcli

Clone
Source Code
GIT

Blame SOURCES/0017-Only-update-attributes-given-on-the-command-line.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   7ddab3d4d1ed2ed03d405c6eeb3ac9cadd141225
  2.   SOURCES
  3.   0017-Only-update-attributes-given-on-the-command-line.patch
Blob History Raw
7ddab3 
From 27c7dde2c0e84c3bb610d1aadb0fd8faff70d3fa Mon Sep 17 00:00:00 2001
7ddab3 
From: Sumit Bose <sbose@redhat.com>
7ddab3 
Date: Fri, 1 Jun 2018 21:26:47 +0200
7ddab3 
Subject: [PATCH 17/23] Only update attributes given on the command line
7ddab3
7ddab3 
When updating attributes of the LDAP computer object we only want to
7ddab3 
update attributes which are related to options given on the command
7ddab3 
line. Otherwise a simple call of 'adcli update' to check if the machine
7ddab3 
account password needs an update might unexpectedly reset other
7ddab3 
attributes as well.
7ddab3
7ddab3 
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
7ddab3 
           https://bugzilla.redhat.com/show_bug.cgi?id=1545568
7ddab3 
           https://bugzilla.redhat.com/show_bug.cgi?id=1538730
7ddab3 
---
7ddab3 
 library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
7ddab3 
 1 file changed, 30 insertions(+), 5 deletions(-)
7ddab3
7ddab3 
diff --git a/library/adenroll.c b/library/adenroll.c
7ddab3 
index eca3c37..ee845ef 100644
7ddab3 
--- a/library/adenroll.c
7ddab3 
+++ b/library/adenroll.c
7ddab3 
@@ -99,8 +99,11 @@ struct _adcli_enroll {
7ddab3 
 	int user_princpal_generate;
7ddab3
7ddab3 
 	char *os_name;
7ddab3 
+	int os_name_explicit;
7ddab3 
 	char *os_version;
7ddab3 
+	int os_version_explicit;
7ddab3 
 	char *os_service_pack;
7ddab3 
+	int os_service_pack_explicit;
7ddab3
7ddab3 
 	krb5_kvno kvno;
7ddab3 
 	char *keytab_name;
7ddab3 
@@ -113,6 +116,7 @@ struct _adcli_enroll {
7ddab3 
 	int computer_password_lifetime_explicit;
7ddab3 
 	char *samba_data_tool;
7ddab3 
 	bool trusted_for_delegation;
7ddab3 
+	int trusted_for_delegation_explicit;
7ddab3 
 };
7ddab3
7ddab3 
 static adcli_result
7ddab3 
@@ -1212,7 +1216,11 @@ update_computer_account (adcli_enroll *enroll)
7ddab3 
 	ldap = adcli_conn_get_ldap_connection (enroll->conn);
7ddab3 
 	return_if_fail (ldap != NULL);
7ddab3
7ddab3 
-	{
7ddab3 
+	/* Only update attributes which are explicitly given on the command
7ddab3 
+	 * line. Otherwise 'adcli update' must be always called with the same
7ddab3 
+	 * set of options to make sure existing attributes are not deleted or
7ddab3 
+	 * overwritten with different values. */
7ddab3 
+	if (enroll->host_fqdn_explicit) {
7ddab3 
 		char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
7ddab3 
 		LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
7ddab3 
 		LDAPMod *mods[] = { &dNSHostName, NULL };
7ddab3 
@@ -1220,7 +1228,7 @@ update_computer_account (adcli_enroll *enroll)
7ddab3 
 		res |= update_computer_attribute (enroll, ldap, mods);
7ddab3 
 	}
7ddab3
7ddab3 
-	if (res == ADCLI_SUCCESS) {
7ddab3 
+	if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
7ddab3 
 		char *vals_userAccountControl[] = { NULL , NULL };
7ddab3 
 		LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } };
7ddab3 
 		LDAPMod *mods[] = { &userAccountControl, NULL };
7ddab3 
@@ -1240,12 +1248,25 @@ update_computer_account (adcli_enroll *enroll)
7ddab3 
 		LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } };
7ddab3 
 		char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL };
7ddab3 
 		LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } };
7ddab3 
-		LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL };
7ddab3 
+		LDAPMod *mods[] = { NULL, NULL, NULL, NULL };
7ddab3 
+		size_t c = 0;
7ddab3
7ddab3 
-		res |= update_computer_attribute (enroll, ldap, mods);
7ddab3 
+		if (enroll->os_name_explicit) {
7ddab3 
+			mods[c++] = &operatingSystem;
7ddab3 
+		}
7ddab3 
+		if (enroll->os_version_explicit) {
7ddab3 
+			mods[c++] = &operatingSystemVersion;
7ddab3 
+		}
7ddab3 
+		if (enroll->os_service_pack_explicit) {
7ddab3 
+			mods[c++] = &operatingSystemServicePack;
7ddab3 
+		}
7ddab3 
+
7ddab3 
+		if (c != 0) {
7ddab3 
+			res |= update_computer_attribute (enroll, ldap, mods);
7ddab3 
+		}
7ddab3 
 	}
7ddab3
7ddab3 
-	if (res == ADCLI_SUCCESS) {
7ddab3 
+	if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) {
7ddab3 
 		char *vals_userPrincipalName[] = { enroll->user_principal, NULL };
7ddab3 
 		LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, };
7ddab3 
 		LDAPMod *mods[] = { &userPrincipalName, NULL, };
7ddab3 
@@ -2337,6 +2358,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll,
7ddab3 
 	if (value && value[0] == '\0')
7ddab3 
 		value = NULL;
7ddab3 
 	_adcli_str_set (&enroll->os_name, value);
7ddab3 
+	enroll->os_name_explicit = 1;
7ddab3 
 }
7ddab3
7ddab3 
 const char *
7ddab3 
@@ -2354,6 +2376,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll,
7ddab3 
 	if (value && value[0] == '\0')
7ddab3 
 		value = NULL;
7ddab3 
 	_adcli_str_set (&enroll->os_version, value);
7ddab3 
+	enroll->os_version_explicit = 1;
7ddab3 
 }
7ddab3
7ddab3 
 const char *
7ddab3 
@@ -2371,6 +2394,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll,
7ddab3 
 	if (value && value[0] == '\0')
7ddab3 
 		value = NULL;
7ddab3 
 	_adcli_str_set (&enroll->os_service_pack, value);
7ddab3 
+	enroll->os_service_pack_explicit = 1;
7ddab3 
 }
7ddab3
7ddab3 
 const char *
7ddab3 
@@ -2450,4 +2474,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll,
7ddab3 
 	return_if_fail (enroll != NULL);
7ddab3
7ddab3 
 	enroll->trusted_for_delegation = value;
7ddab3 
+	enroll->trusted_for_delegation_explicit = 1;
7ddab3 
 }
7ddab3 
--
7ddab3 
2.14.4
7ddab3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation