From ec3c397cf50ace03f920502f34bca612f62333bf Mon Sep 17 00:00:00 2001

From: Andrew Austin <aaustin@one.verizon.com>

Date: Sun, 17 Apr 2016 12:17:04 -0500

Subject: [PATCH 1/3] Support manually setting computer name

This change adds a computer-name option to the realm configuration.

When set, the computer-name string will be used in place of either the

system's hostname or an automatically truncated netbios name when joining

an active directory domain.

https://bugs.freedesktop.org/show_bug.cgi?id=93739

Signed-off-by: Stef Walter <stefw@redhat.com>

 * Squashed fixup patch

---

 dbus/realm-dbus-constants.h  |  1 +

 service/realm-adcli-enroll.c | 11 +++++++++--

 service/realm-options.c      | 21 +++++++++++++++++++++

 service/realm-options.h      |  3 +++

 service/realm-samba-enroll.c | 26 ++++++++++++++++++++------

 service/realm-samba.c        | 10 +++++++++-

 service/realm-sssd-ad.c      |  9 ++++++---

 7 files changed, 69 insertions(+), 12 deletions(-)

diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h

index c68e958..3a67a00 100644

--- a/dbus/realm-dbus-constants.h

+++ b/dbus/realm-dbus-constants.h

@@ -66,6 +66,7 @@ G_BEGIN_DECLS

 #define   REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE    "membership-software"

 #define   REALM_DBUS_OPTION_USER_PRINCIPAL         "user-principal"

 #define   REALM_DBUS_OPTION_MANAGE_SYSTEM          "manage-system"

+#define   REALM_DBUS_OPTION_COMPUTER_NAME          "computer-name"

 #define   REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY   "active-directory"

 #define   REALM_DBUS_IDENTIFIER_WINBIND            "winbind"

diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c

index ef1b563..0c506f9 100644

--- a/service/realm-adcli-enroll.c

+++ b/service/realm-adcli-enroll.c

@@ -84,6 +84,7 @@ realm_adcli_enroll_join_async (RealmDisco *disco,

 	gchar *upn_arg = NULL;

 	gchar *server_arg = NULL;

 	gchar *ou_arg = NULL;

+	const gchar *computer_name = NULL;

 	g_return_if_fail (cred != NULL);

 	g_return_if_fail (disco != NULL);

@@ -114,7 +115,14 @@ realm_adcli_enroll_join_async (RealmDisco *disco,

 		g_ptr_array_add (args, (gpointer)disco->explicit_server);

 	}

-	if (disco->explicit_netbios) {

+		/* Pass manually configured or truncated computer name to adcli */

+		computer_name = realm_options_computer_name (options, disco->domain_name);

+		if (computer_name != NULL) {

+			realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",

+			                        computer_name);

+			g_ptr_array_add (args, "--computer-name");

+			g_ptr_array_add (args, (gpointer)computer_name);

+		} else if (disco->explicit_netbios) {

 		realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s",

 		                        disco->explicit_netbios);

 		g_ptr_array_add (args, "--computer-name");

@@ -192,7 +200,6 @@ realm_adcli_enroll_join_async (RealmDisco *disco,

 	if (input)

 		g_bytes_unref (input);

-

 	free (ccache_arg);

 	free (upn_arg);

 	free (server_arg);

diff --git a/service/realm-options.c b/service/realm-options.c

index bba3ee4..b9f59c6 100644

--- a/service/realm-options.c

+++ b/service/realm-options.c

@@ -159,3 +159,24 @@ realm_options_check_domain_name (const gchar *name)

 	return TRUE;

 }

+

+const gchar *

+realm_options_computer_name (GVariant *options,

+                           const gchar *realm_name)

+{

+	const gchar *computer_name = NULL;

+	gchar *section;

+

+	if (options) {

+		if (!g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_NAME, "&s", &computer_name))

+			computer_name = NULL;

+	}

+

+	if (realm_name && !computer_name) {

+		section = g_utf8_casefold (realm_name, -1);

+		computer_name = realm_settings_value (section, REALM_DBUS_OPTION_COMPUTER_NAME);

+		g_free (section);

+	}

+

+	return g_strdup (computer_name);

+}

diff --git a/service/realm-options.h b/service/realm-options.h

index 4890cba..e31cddc 100644

--- a/service/realm-options.h

+++ b/service/realm-options.h

@@ -41,6 +41,9 @@ gboolean       realm_options_qualify_names            (const gchar *realm_name);

 gboolean       realm_options_check_domain_name        (const gchar *domain_name);

+const gchar *  realm_options_computer_name           (GVariant *options,

+                                                       const gchar *realm_name);

+

 G_END_DECLS

 #endif /* __REALM_OPTIONS_H__ */

diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c

index e749764..f2392a9 100644

--- a/service/realm-samba-enroll.c

+++ b/service/realm-samba-enroll.c

@@ -84,27 +84,37 @@ fallback_workgroup (const gchar *realm)

 static JoinClosure *

 join_closure_init (GTask *task,

                    RealmDisco *disco,

+                   GVariant *options,

                    GDBusMethodInvocation *invocation)

 {

 	JoinClosure *join;

 	gchar *workgroup;

 	GError *error = NULL;

 	int temp_fd;

+	const gchar *explicit_computer_name = NULL;

+	const gchar *authid = NULL;

 	join = g_new0 (JoinClosure, 1);

 	join->disco = realm_disco_ref (disco);

 	join->invocation = invocation ? g_object_ref (invocation) : NULL;

 	g_task_set_task_data (task, join, join_closure_free);

+	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);

+	/* Set netbios name to explicit or truncated name if available */

+	if (explicit_computer_name != NULL)

+		authid = explicit_computer_name;

+	else if (disco->explicit_netbios)

+		authid = disco->explicit_netbios;

+

 	join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);

 	realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,

 	                      "security", "ads",

 	                      "kerberos method", "system keytab",

 	                      "realm", disco->kerberos_realm,

-	                      "netbios name", disco->explicit_netbios,

+	                      "netbios name", authid,

 	                      NULL);

-	/*

+    /*

 	 * Samba complains if we don't set a 'workgroup' setting for the realm we're

 	 * going to join. If we didn't yet manage to lookup the workgroup, then go ahead

 	 * and assume that the first domain component is the workgroup name.

@@ -377,14 +387,18 @@ realm_samba_enroll_join_async (RealmDisco *disco,

 {

 	GTask *task;

 	JoinClosure *join;

+	const gchar *explicit_computer_name;

 	g_return_if_fail (disco != NULL);

 	g_return_if_fail (cred != NULL);

 	task = g_task_new (NULL, NULL, callback, user_data);

-	join = join_closure_init (task, disco, invocation);

-

-	if (disco->explicit_netbios) {

+	join = join_closure_init (task, disco, options, invocation);

+	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);

+	if (explicit_computer_name != NULL) {

+		realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",

+		                        explicit_computer_name);

+	} else if (disco->explicit_netbios) {

 		realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s",

 		                        disco->explicit_netbios);

 	}

@@ -448,7 +462,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,

 	JoinClosure *join;

 	task = g_task_new (NULL, NULL, callback, user_data);

-	join = join_closure_init (task, disco, invocation);

+	join = join_closure_init (task, disco, options, invocation);

 	switch (cred->type) {

 	case REALM_CREDENTIAL_PASSWORD:

diff --git a/service/realm-samba.c b/service/realm-samba.c

index eca65aa..5cf2aa8 100644

--- a/service/realm-samba.c

+++ b/service/realm-samba.c

@@ -183,6 +183,13 @@ on_join_do_winbind (GObject *source,

 	GHashTable *settings = NULL;

 	GError *error = NULL;

 	const gchar *name;

+	const gchar *computer_name;

+

+	computer_name = realm_options_computer_name (enroll->options, enroll->disco->domain_name);

+	/* Use truncated name if set and explicit name is not available */

+	if (enroll->disco->explicit_netbios && computer_name == NULL)

+		computer_name = enroll->disco->explicit_netbios;

+

 	realm_samba_enroll_join_finish (result, &error);

 	if (error == NULL) {

@@ -192,12 +199,13 @@ on_join_do_winbind (GObject *source,

 		                         "workgroup", enroll->disco->workgroup,

 		                         "template homedir", realm_settings_string ("users", "default-home"),

 		                         "template shell", realm_settings_string ("users", "default-shell"),

-		                         "netbios name", enroll->disco->explicit_netbios,

+		                         "netbios name", computer_name,

 		                         "password server", enroll->disco->explicit_server,

 		                         "kerberos method", "system keytab",

 		                         NULL);

 	}

+

 	if (error == NULL) {

 		name = realm_kerberos_get_name (REALM_KERBEROS (self));

 		realm_samba_winbind_configure_async (self->config, name, enroll->options,

diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c

index c7ffe8a..5ed384d 100644

--- a/service/realm-sssd-ad.c

+++ b/service/realm-sssd-ad.c

@@ -163,6 +163,7 @@ configure_sssd_for_domain (RealmIniConfig *config,

 	GString *realmd_tags;

 	const gchar *access_provider;

 	const gchar *shell;

+    const gchar *explicit_computer_name;

 	gchar *authid = NULL;

 	gboolean qualify;

 	gboolean ret;

@@ -172,17 +173,19 @@ configure_sssd_for_domain (RealmIniConfig *config,

 	home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));

 	qualify = realm_options_qualify_names (disco->domain_name);

 	shell = realm_settings_string ("users", "default-shell");

-

+	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);

 	realmd_tags = g_string_new ("");

 	if (realm_options_manage_system (options, disco->domain_name))

 		g_string_append (realmd_tags, "manages-system ");

 	g_string_append (realmd_tags, use_adcli ? "joined-with-adcli " : "joined-with-samba ");

 	/*

-	 * Explicitly set the netbios authid for sssd to use in this case, since

+	 * Explicitly set the netbios authid for sssd to use in these cases, since

 	 * otherwise sssd won't know which kerberos principal to use

 	 */

-	if (disco->explicit_netbios)

+	if (explicit_computer_name != NULL)

+		authid = g_strdup_printf ("%s$", explicit_computer_name);

+	else if (disco->explicit_netbios)

 		authid = g_strdup_printf ("%s$", disco->explicit_netbios);

 	ret = realm_sssd_config_add_domain (config, disco->domain_name, error,

-- 

2.7.4