Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:as_python3_module
adcli
0014-Only-update-attributes-given-on-the-comman...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0014-Only-update-attributes-given-on-the-command-line.patch of Package adcli
From 4bffff31b08347dccf13cdf43776ac7d36e58d1f Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 1 Jun 2018 21:26:47 +0200 Subject: [PATCH 14/25] Only update attributes given on the command line When updating attributes of the LDAP computer object we only want to update attributes which are related to options given on the command line. Otherwise a simple call of 'adcli update' to check if the machine account password needs an update might unexpectedly reset other attributes as well. Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013 https://bugzilla.redhat.com/show_bug.cgi?id=1545568 https://bugzilla.redhat.com/show_bug.cgi?id=1538730 --- library/adenroll.c | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/library/adenroll.c b/library/adenroll.c index 691d993..1cc8ffc 100644 --- a/library/adenroll.c +++ b/library/adenroll.c @@ -95,8 +95,11 @@ struct _adcli_enroll { int user_princpal_generate; char *os_name; + int os_name_explicit; char *os_version; + int os_version_explicit; char *os_service_pack; + int os_service_pack_explicit; krb5_kvno kvno; char *keytab_name; @@ -108,6 +111,7 @@ struct _adcli_enroll { unsigned int computer_password_lifetime; int computer_password_lifetime_explicit; bool trusted_for_delegation; + int trusted_for_delegation_explicit; }; static adcli_result @@ -1207,7 +1211,11 @@ update_computer_account (adcli_enroll *enroll) ldap = adcli_conn_get_ldap_connection (enroll->conn); return_if_fail (ldap != NULL); - { + /* Only update attributes which are explicitly given on the command + * line. Otherwise 'adcli update' must be always called with the same + * set of options to make sure existing attributes are not deleted or + * overwritten with different values. */ + if (enroll->host_fqdn_explicit) { char *vals_dNSHostName[] = { enroll->host_fqdn, NULL }; LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } }; LDAPMod *mods[] = { &dNSHostName, NULL }; @@ -1215,7 +1223,7 @@ update_computer_account (adcli_enroll *enroll) res |= update_computer_attribute (enroll, ldap, mods); } - if (res == ADCLI_SUCCESS) { + if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) { char *vals_userAccountControl[] = { NULL , NULL }; LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } }; LDAPMod *mods[] = { &userAccountControl, NULL }; @@ -1235,12 +1243,25 @@ update_computer_account (adcli_enroll *enroll) LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } }; char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL }; LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } }; - LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL }; + LDAPMod *mods[] = { NULL, NULL, NULL, NULL }; + size_t c = 0; - res |= update_computer_attribute (enroll, ldap, mods); + if (enroll->os_name_explicit) { + mods[c++] = &operatingSystem; + } + if (enroll->os_version_explicit) { + mods[c++] = &operatingSystemVersion; + } + if (enroll->os_service_pack_explicit) { + mods[c++] = &operatingSystemServicePack; + } + + if (c != 0) { + res |= update_computer_attribute (enroll, ldap, mods); + } } - if (res == ADCLI_SUCCESS) { + if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) { char *vals_userPrincipalName[] = { enroll->user_principal, NULL }; LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, }; LDAPMod *mods[] = { &userPrincipalName, NULL, }; @@ -2282,6 +2303,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll, if (value && value[0] == '\0') value = NULL; _adcli_str_set (&enroll->os_name, value); + enroll->os_name_explicit = 1; } const char * @@ -2299,6 +2321,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll, if (value && value[0] == '\0') value = NULL; _adcli_str_set (&enroll->os_version, value); + enroll->os_version_explicit = 1; } const char * @@ -2316,6 +2339,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll, if (value && value[0] == '\0') value = NULL; _adcli_str_set (&enroll->os_service_pack, value); + enroll->os_service_pack_explicit = 1; } const char * @@ -2379,4 +2403,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll, return_if_fail (enroll != NULL); enroll->trusted_for_delegation = value; + enroll->trusted_for_delegation_explicit = 1; } -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor