Blame 0017-Only-update-attributes-given-on-the-command-line.patch

461678c
From 27c7dde2c0e84c3bb610d1aadb0fd8faff70d3fa Mon Sep 17 00:00:00 2001
461678c
From: Sumit Bose <sbose@redhat.com>
461678c
Date: Fri, 1 Jun 2018 21:26:47 +0200
461678c
Subject: [PATCH 17/23] Only update attributes given on the command line
461678c
461678c
When updating attributes of the LDAP computer object we only want to
461678c
update attributes which are related to options given on the command
461678c
line. Otherwise a simple call of 'adcli update' to check if the machine
461678c
account password needs an update might unexpectedly reset other
461678c
attributes as well.
461678c
461678c
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
461678c
           https://bugzilla.redhat.com/show_bug.cgi?id=1545568
461678c
           https://bugzilla.redhat.com/show_bug.cgi?id=1538730
461678c
---
461678c
 library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
461678c
 1 file changed, 30 insertions(+), 5 deletions(-)
461678c
461678c
diff --git a/library/adenroll.c b/library/adenroll.c
461678c
index eca3c37..ee845ef 100644
461678c
--- a/library/adenroll.c
461678c
+++ b/library/adenroll.c
461678c
@@ -99,8 +99,11 @@ struct _adcli_enroll {
461678c
 	int user_princpal_generate;
461678c
 
461678c
 	char *os_name;
461678c
+	int os_name_explicit;
461678c
 	char *os_version;
461678c
+	int os_version_explicit;
461678c
 	char *os_service_pack;
461678c
+	int os_service_pack_explicit;
461678c
 
461678c
 	krb5_kvno kvno;
461678c
 	char *keytab_name;
461678c
@@ -113,6 +116,7 @@ struct _adcli_enroll {
461678c
 	int computer_password_lifetime_explicit;
461678c
 	char *samba_data_tool;
461678c
 	bool trusted_for_delegation;
461678c
+	int trusted_for_delegation_explicit;
461678c
 };
461678c
 
461678c
 static adcli_result
461678c
@@ -1212,7 +1216,11 @@ update_computer_account (adcli_enroll *enroll)
461678c
 	ldap = adcli_conn_get_ldap_connection (enroll->conn);
461678c
 	return_if_fail (ldap != NULL);
461678c
 
461678c
-	{
461678c
+	/* Only update attributes which are explicitly given on the command
461678c
+	 * line. Otherwise 'adcli update' must be always called with the same
461678c
+	 * set of options to make sure existing attributes are not deleted or
461678c
+	 * overwritten with different values. */
461678c
+	if (enroll->host_fqdn_explicit) {
461678c
 		char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
461678c
 		LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
461678c
 		LDAPMod *mods[] = { &dNSHostName, NULL };
461678c
@@ -1220,7 +1228,7 @@ update_computer_account (adcli_enroll *enroll)
461678c
 		res |= update_computer_attribute (enroll, ldap, mods);
461678c
 	}
461678c
 
461678c
-	if (res == ADCLI_SUCCESS) {
461678c
+	if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
461678c
 		char *vals_userAccountControl[] = { NULL , NULL };
461678c
 		LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } };
461678c
 		LDAPMod *mods[] = { &userAccountControl, NULL };
461678c
@@ -1240,12 +1248,25 @@ update_computer_account (adcli_enroll *enroll)
461678c
 		LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } };
461678c
 		char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL };
461678c
 		LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } };
461678c
-		LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL };
461678c
+		LDAPMod *mods[] = { NULL, NULL, NULL, NULL };
461678c
+		size_t c = 0;
461678c
 
461678c
-		res |= update_computer_attribute (enroll, ldap, mods);
461678c
+		if (enroll->os_name_explicit) {
461678c
+			mods[c++] = &operatingSystem;
461678c
+		}
461678c
+		if (enroll->os_version_explicit) {
461678c
+			mods[c++] = &operatingSystemVersion;
461678c
+		}
461678c
+		if (enroll->os_service_pack_explicit) {
461678c
+			mods[c++] = &operatingSystemServicePack;
461678c
+		}
461678c
+
461678c
+		if (c != 0) {
461678c
+			res |= update_computer_attribute (enroll, ldap, mods);
461678c
+		}
461678c
 	}
461678c
 
461678c
-	if (res == ADCLI_SUCCESS) {
461678c
+	if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) {
461678c
 		char *vals_userPrincipalName[] = { enroll->user_principal, NULL };
461678c
 		LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, };
461678c
 		LDAPMod *mods[] = { &userPrincipalName, NULL, };
461678c
@@ -2337,6 +2358,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll,
461678c
 	if (value && value[0] == '\0')
461678c
 		value = NULL;
461678c
 	_adcli_str_set (&enroll->os_name, value);
461678c
+	enroll->os_name_explicit = 1;
461678c
 }
461678c
 
461678c
 const char *
461678c
@@ -2354,6 +2376,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll,
461678c
 	if (value && value[0] == '\0')
461678c
 		value = NULL;
461678c
 	_adcli_str_set (&enroll->os_version, value);
461678c
+	enroll->os_version_explicit = 1;
461678c
 }
461678c
 
461678c
 const char *
461678c
@@ -2371,6 +2394,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll,
461678c
 	if (value && value[0] == '\0')
461678c
 		value = NULL;
461678c
 	_adcli_str_set (&enroll->os_service_pack, value);
461678c
+	enroll->os_service_pack_explicit = 1;
461678c
 }
461678c
 
461678c
 const char *
461678c
@@ -2450,4 +2474,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll,
461678c
 	return_if_fail (enroll != NULL);
461678c
 
461678c
 	enroll->trusted_for_delegation = value;
461678c
+	enroll->trusted_for_delegation_explicit = 1;
461678c
 }
461678c
-- 
461678c
2.14.4
461678c