Blame SOURCES/0002-Only-update-attributes-given-on-the-command-line.patch

776d17
From 5eca1f995ced1ce4ddead4471ac7ac9037bedb73 Mon Sep 17 00:00:00 2001
776d17
From: Sumit Bose <sbose@redhat.com>
776d17
Date: Fri, 1 Jun 2018 21:26:47 +0200
776d17
Subject: [PATCH 2/7] Only update attributes given on the command line
776d17
776d17
When updating attributes of the LDAP computer object we only want to
776d17
update attributes which are related to options given on the command
776d17
line. Otherwise a simple call of 'adcli update' to check if the machine
776d17
account password needs an update might unexpectedly reset other
776d17
attributes as well.
776d17
776d17
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1547013
776d17
           https://bugzilla.redhat.com/show_bug.cgi?id=1545568
776d17
           https://bugzilla.redhat.com/show_bug.cgi?id=1538730
776d17
---
776d17
 library/adenroll.c | 35 ++++++++++++++++++++++++++++++-----
776d17
 1 file changed, 30 insertions(+), 5 deletions(-)
776d17
776d17
diff --git a/library/adenroll.c b/library/adenroll.c
776d17
index 7c59078..2be6796 100644
776d17
--- a/library/adenroll.c
776d17
+++ b/library/adenroll.c
776d17
@@ -99,8 +99,11 @@ struct _adcli_enroll {
776d17
 	int user_princpal_generate;
776d17
 
776d17
 	char *os_name;
776d17
+	int os_name_explicit;
776d17
 	char *os_version;
776d17
+	int os_version_explicit;
776d17
 	char *os_service_pack;
776d17
+	int os_service_pack_explicit;
776d17
 
776d17
 	krb5_kvno kvno;
776d17
 	char *keytab_name;
776d17
@@ -113,6 +116,7 @@ struct _adcli_enroll {
776d17
 	int computer_password_lifetime_explicit;
776d17
 	char *samba_data_tool;
776d17
 	bool trusted_for_delegation;
776d17
+	int trusted_for_delegation_explicit;
776d17
 };
776d17
 
776d17
 static adcli_result
776d17
@@ -1212,7 +1216,11 @@ update_computer_account (adcli_enroll *enroll)
776d17
 	ldap = adcli_conn_get_ldap_connection (enroll->conn);
776d17
 	return_if_fail (ldap != NULL);
776d17
 
776d17
-	{
776d17
+	/* Only update attributes which are explicitly given on the command
776d17
+	 * line. Otherwise 'adcli update' must be always called with the same
776d17
+	 * set of options to make sure existing attributes are not deleted or
776d17
+	 * overwritten with different values. */
776d17
+	if (enroll->host_fqdn_explicit) {
776d17
 		char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
776d17
 		LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
776d17
 		LDAPMod *mods[] = { &dNSHostName, NULL };
776d17
@@ -1220,7 +1228,7 @@ update_computer_account (adcli_enroll *enroll)
776d17
 		res |= update_computer_attribute (enroll, ldap, mods);
776d17
 	}
776d17
 
776d17
-	if (res == ADCLI_SUCCESS) {
776d17
+	if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
776d17
 		char *vals_userAccountControl[] = { NULL , NULL };
776d17
 		LDAPMod userAccountControl = { LDAP_MOD_REPLACE, "userAccountControl", { vals_userAccountControl, } };
776d17
 		LDAPMod *mods[] = { &userAccountControl, NULL };
776d17
@@ -1240,12 +1248,25 @@ update_computer_account (adcli_enroll *enroll)
776d17
 		LDAPMod operatingSystemVersion = { LDAP_MOD_REPLACE, "operatingSystemVersion", { vals_operatingSystemVersion, } };
776d17
 		char *vals_operatingSystemServicePack[] = { enroll->os_service_pack, NULL };
776d17
 		LDAPMod operatingSystemServicePack = { LDAP_MOD_REPLACE, "operatingSystemServicePack", { vals_operatingSystemServicePack, } };
776d17
-		LDAPMod *mods[] = { &operatingSystem, &operatingSystemVersion, &operatingSystemServicePack, NULL };
776d17
+		LDAPMod *mods[] = { NULL, NULL, NULL, NULL };
776d17
+		size_t c = 0;
776d17
 
776d17
-		res |= update_computer_attribute (enroll, ldap, mods);
776d17
+		if (enroll->os_name_explicit) {
776d17
+			mods[c++] = &operatingSystem;
776d17
+		}
776d17
+		if (enroll->os_version_explicit) {
776d17
+			mods[c++] = &operatingSystemVersion;
776d17
+		}
776d17
+		if (enroll->os_service_pack_explicit) {
776d17
+			mods[c++] = &operatingSystemServicePack;
776d17
+		}
776d17
+
776d17
+		if (c != 0) {
776d17
+			res |= update_computer_attribute (enroll, ldap, mods);
776d17
+		}
776d17
 	}
776d17
 
776d17
-	if (res == ADCLI_SUCCESS) {
776d17
+	if (res == ADCLI_SUCCESS && !enroll->user_princpal_generate) {
776d17
 		char *vals_userPrincipalName[] = { enroll->user_principal, NULL };
776d17
 		LDAPMod userPrincipalName = { LDAP_MOD_REPLACE, "userPrincipalName", { vals_userPrincipalName, }, };
776d17
 		LDAPMod *mods[] = { &userPrincipalName, NULL, };
776d17
@@ -2337,6 +2358,7 @@ adcli_enroll_set_os_name (adcli_enroll *enroll,
776d17
 	if (value && value[0] == '\0')
776d17
 		value = NULL;
776d17
 	_adcli_str_set (&enroll->os_name, value);
776d17
+	enroll->os_name_explicit = 1;
776d17
 }
776d17
 
776d17
 const char *
776d17
@@ -2354,6 +2376,7 @@ adcli_enroll_set_os_version (adcli_enroll *enroll,
776d17
 	if (value && value[0] == '\0')
776d17
 		value = NULL;
776d17
 	_adcli_str_set (&enroll->os_version, value);
776d17
+	enroll->os_version_explicit = 1;
776d17
 }
776d17
 
776d17
 const char *
776d17
@@ -2371,6 +2394,7 @@ adcli_enroll_set_os_service_pack (adcli_enroll *enroll,
776d17
 	if (value && value[0] == '\0')
776d17
 		value = NULL;
776d17
 	_adcli_str_set (&enroll->os_service_pack, value);
776d17
+	enroll->os_service_pack_explicit = 1;
776d17
 }
776d17
 
776d17
 const char *
776d17
@@ -2450,4 +2474,5 @@ adcli_enroll_set_trusted_for_delegation (adcli_enroll *enroll,
776d17
 	return_if_fail (enroll != NULL);
776d17
 
776d17
 	enroll->trusted_for_delegation = value;
776d17
+	enroll->trusted_for_delegation_explicit = 1;
776d17
 }
776d17
-- 
776d17
2.14.4
776d17