rpms / adcli

Clone
Source Code
GIT

Blame SOURCES/0017-Only-update-attributes-given-on-the-command-line.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f441eb202d635716764ab29d41b1954db2e9742f
  2.   SOURCES
  3.   0017-Only-update-attributes-given-on-the-command-line.patch
Blob History Raw
f441eb 
From 27c7dde2c0e84c3bb610d1aadb0fd8faff70d3fa Mon Sep 17 00:00:00 2001
f441eb 
From: Sumit Bose <sbose@redhat.com>
f441eb 
Date: Fri, 1 Jun 2018 21:26:47 +0200
f441eb 
Subject: [PATCH 17/23] Only update attributes given on the command line
f441eb
f441eb 
When updating attributes of the LDAP computer object we only want to
f441eb 
update attributes which are related to options given on the command
f441eb 
line. Otherwise a simple call of 'adcli update' to check if the machine
f441eb 
account password needs an update might unexpectedly reset other
f441eb 
attributes as well.
f441eb
f441eb 
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
f441eb 
           https://bugzilla.redhat.com/show_bug.cgi?id=1545568
f441eb 
           https://bugzilla.redhat.com/show_bug.cgi?id=1538730
f441eb 
---
f441eb 
 library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
f441eb 
 1 file changed, 30 insertions(+), 5 deletions(-)
f441eb
f441eb 
diff --git a/library/adenroll.c b/library/adenroll.c
f441eb 
index eca3c37..ee845ef 100644
f441eb 
--- a/library/adenroll.c
f441eb 
+++ b/library/adenroll.c
f441eb 
@@ -99,8 +99,11 @@ struct _adcli_enroll {
f441eb 
 	int user_princpal_generate;
f441eb
f441eb 
 	char *os_name;
f441eb 
+	int os_name_explicit;
f441eb 
 	char *os_version;
f441eb 
+	int os_version_explicit;
f441eb 
 	char *os_service_pack;
f441eb 
+	int os_service_pack_explicit;
f441eb
f441eb 
 	krb5_kvno kvno;
f441eb 
 	char *keytab_name;
f441eb 
@@ -113,6 +116,7 @@ struct _adcli_enroll {
f441eb 
 	int computer_password_lifetime_explicit;
f441eb 
 	char *samba_data_tool;
f441eb 
 	bool trusted_for_delegation;
f441eb 
+	int trusted_for_delegation_explicit;
f441eb 
 };
f441eb
f441eb 
 static adcli_result
f441eb 
@@ -1212,7 +1216,11 @@ update_computer_account (adcli_enroll *enroll)
f441eb 
 	ldap = adcli_conn_get_ldap_connection (enroll->conn);
f441eb 
 	return_if_fail (ldap != NULL);
f441eb
f441eb 
-	{
f441eb 
+	/* Only update attributes which are explicitly given on the command
f441eb 
+	 * line. Otherwise 'adcli update' must be always called with the same
f441eb 
+	 * set of options to make sure existing attributes are not deleted or
f441eb 
+	 * overwritten with different values. */
f441eb 
+	if (enroll->host_fqdn_explicit) {
f441eb 
 		char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
f441eb 
 		LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
f441eb 
 		LDAPMod *mods[] = { &dNSHostName, NULL };
f441eb 
@@ -1220,7 +1228,7 @@ update_computer_account (adcli_enroll *enroll)
f441eb 
 		res |= update_computer_attribute (enroll, ldap, mods);
f441eb 
 	}
f441eb
f441eb 
-	if (res == ADCLI_SUCCESS) {
f441eb 
+	if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
f441eb 
 		char *vals_userAccountControl[] = { NULL , NULL };
f441eb 
 		LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } };
f441eb 
 		LDAPMod *mods[] = { &userAccountControl, NULL };
f441eb 
@@ -1240,12 +1248,25 @@ update_computer_account (adcli_enroll *enroll)
f441eb 
 		LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } };
f441eb 
 		char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL };
f441eb 
 		LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } };
f441eb 
-		LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL };
f441eb 
+		LDAPMod *mods[] = { NULL, NULL, NULL, NULL };
f441eb 
+		size_t c = 0;
f441eb
f441eb 
-		res |= update_computer_attribute (enroll, ldap, mods);
f441eb 
+		if (enroll->os_name_explicit) {
f441eb 
+			mods[c++] = &operatingSystem;
f441eb 
+		}
f441eb 
+		if (enroll->os_version_explicit) {
f441eb 
+			mods[c++] = &operatingSystemVersion;
f441eb 
+		}
f441eb 
+		if (enroll->os_service_pack_explicit) {
f441eb 
+			mods[c++] = &operatingSystemServicePack;
f441eb 
+		}
f441eb 
+
f441eb 
+		if (c != 0) {
f441eb 
+			res |= update_computer_attribute (enroll, ldap, mods);
f441eb 
+		}
f441eb 
 	}
f441eb
f441eb 
-	if (res == ADCLI_SUCCESS) {
f441eb 
+	if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) {
f441eb 
 		char *vals_userPrincipalName[] = { enroll->user_principal, NULL };
f441eb 
 		LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, };
f441eb 
 		LDAPMod *mods[] = { &userPrincipalName, NULL, };
f441eb 
@@ -2337,6 +2358,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll,
f441eb 
 	if (value && value[0] == '\0')
f441eb 
 		value = NULL;
f441eb 
 	_adcli_str_set (&enroll->os_name, value);
f441eb 
+	enroll->os_name_explicit = 1;
f441eb 
 }
f441eb
f441eb 
 const char *
f441eb 
@@ -2354,6 +2376,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll,
f441eb 
 	if (value && value[0] == '\0')
f441eb 
 		value = NULL;
f441eb 
 	_adcli_str_set (&enroll->os_version, value);
f441eb 
+	enroll->os_version_explicit = 1;
f441eb 
 }
f441eb
f441eb 
 const char *
f441eb 
@@ -2371,6 +2394,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll,
f441eb 
 	if (value && value[0] == '\0')
f441eb 
 		value = NULL;
f441eb 
 	_adcli_str_set (&enroll->os_service_pack, value);
f441eb 
+	enroll->os_service_pack_explicit = 1;
f441eb 
 }
f441eb
f441eb 
 const char *
f441eb 
@@ -2450,4 +2474,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll,
f441eb 
 	return_if_fail (enroll != NULL);
f441eb
f441eb 
 	enroll->trusted_for_delegation = value;
f441eb 
+	enroll->trusted_for_delegation_explicit = 1;
f441eb 
 }
f441eb 
--
f441eb 
2.14.4
f441eb

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation