Blame SOURCES/0001-join-update-set-dNSHostName-if-not-set.patch

436d93
From beb7abfacc0010987d2cd8ab70f7c373d309eed9 Mon Sep 17 00:00:00 2001
436d93
From: Sumit Bose <sbose@redhat.com>
436d93
Date: Thu, 15 Oct 2020 18:01:12 +0200
436d93
Subject: [PATCH] join/update: set dNSHostName if not set
436d93
436d93
If during a join or update an existing AD computer object does not have
436d93
the dNSHostName attribute set it will be set with the current hostname.
436d93
This is important for cases where the user doing the join or update only
436d93
has "Validated write to service principal name" for the computer object.
436d93
The validated write with fully-qualified names can only be successful if
436d93
dNSHostName is set, see [MS-ADTS] section 3.1.1.5.3.1.1.4 "Validated
436d93
Writes - servicePrincipalName" for details.
436d93
436d93
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1734764
436d93
---
436d93
 library/adenroll.c | 16 ++++++++++++----
436d93
 1 file changed, 12 insertions(+), 4 deletions(-)
436d93
436d93
diff --git a/library/adenroll.c b/library/adenroll.c
436d93
index 246f658..e745295 100644
436d93
--- a/library/adenroll.c
436d93
+++ b/library/adenroll.c
436d93
@@ -1403,21 +1403,29 @@ update_computer_account (adcli_enroll *enroll)
436d93
 {
436d93
 	int res = 0;
436d93
 	LDAP *ldap;
436d93
+	char *value = NULL;
436d93
 
436d93
 	ldap = adcli_conn_get_ldap_connection (enroll->conn);
436d93
 	return_if_fail (ldap != NULL);
436d93
 
436d93
 	/* Only update attributes which are explicitly given on the command
436d93
-	 * line. Otherwise 'adcli update' must be always called with the same
436d93
-	 * set of options to make sure existing attributes are not deleted or
436d93
-	 * overwritten with different values. */
436d93
-	if (enroll->host_fqdn_explicit) {
436d93
+	 * line or not set in the existing AD object. Otherwise 'adcli update'
436d93
+	 * must be always called with the same set of options to make sure
436d93
+	 * existing attributes are not deleted or overwritten with different
436d93
+	 * values. */
436d93
+	if (enroll->computer_attributes != NULL) {
436d93
+		value = _adcli_ldap_parse_value (ldap,
436d93
+		                                 enroll->computer_attributes,
436d93
+		                                 "dNSHostName");
436d93
+	}
436d93
+	if (enroll->host_fqdn_explicit || value == NULL ) {
436d93
 		char *vals_dNSHostName[] = { enroll->host_fqdn, NULL };
436d93
 		LDAPMod dNSHostName = { LDAP_MOD_REPLACE, "dNSHostName", { vals_dNSHostName, } };
436d93
 		LDAPMod *mods[] = { &dNSHostName, NULL };
436d93
 
436d93
 		res |= update_computer_attribute (enroll, ldap, mods);
436d93
 	}
436d93
+	free (value);
436d93
 
436d93
 	if (res == ADCLI_SUCCESS && enroll->trusted_for_delegation_explicit) {
436d93
 		char *vals_userAccountControl[] = { NULL , NULL };
436d93
-- 
436d93
2.28.0
436d93