From ec3c397cf50ace03f920502f34bca612f62333bf Mon Sep 17 00:00:00 2001
From: Andrew Austin <aaustin@one.verizon.com>
Date: Sun, 17 Apr 2016 12:17:04 -0500
Subject: [PATCH 1/3] Support manually setting computer name
This change adds a computer-name option to the realm configuration.
When set, the computer-name string will be used in place of either the
system's hostname or an automatically truncated netbios name when joining
an active directory domain.
https://bugs.freedesktop.org/show_bug.cgi?id=93739
Signed-off-by: Stef Walter <stefw@redhat.com>
* Squashed fixup patch
---
dbus/realm-dbus-constants.h | 1 +
service/realm-adcli-enroll.c | 11 +++++++++--
service/realm-options.c | 21 +++++++++++++++++++++
service/realm-options.h | 3 +++
service/realm-samba-enroll.c | 26 ++++++++++++++++++++------
service/realm-samba.c | 10 +++++++++-
service/realm-sssd-ad.c | 9 ++++++---
7 files changed, 69 insertions(+), 12 deletions(-)
diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
index c68e958..3a67a00 100644
--- a/dbus/realm-dbus-constants.h
+++ b/dbus/realm-dbus-constants.h
@@ -66,6 +66,7 @@ G_BEGIN_DECLS
#define REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE "membership-software"
#define REALM_DBUS_OPTION_USER_PRINCIPAL "user-principal"
#define REALM_DBUS_OPTION_MANAGE_SYSTEM "manage-system"
+#define REALM_DBUS_OPTION_COMPUTER_NAME "computer-name"
#define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory"
#define REALM_DBUS_IDENTIFIER_WINBIND "winbind"
diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
index ef1b563..0c506f9 100644
--- a/service/realm-adcli-enroll.c
+++ b/service/realm-adcli-enroll.c
@@ -84,6 +84,7 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
gchar *upn_arg = NULL;
gchar *server_arg = NULL;
gchar *ou_arg = NULL;
+ const gchar *computer_name = NULL;
g_return_if_fail (cred != NULL);
g_return_if_fail (disco != NULL);
@@ -114,7 +115,14 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
g_ptr_array_add (args, (gpointer)disco->explicit_server);
}
- if (disco->explicit_netbios) {
+ /* Pass manually configured or truncated computer name to adcli */
+ computer_name = realm_options_computer_name (options, disco->domain_name);
+ if (computer_name != NULL) {
+ realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
+ computer_name);
+ g_ptr_array_add (args, "--computer-name");
+ g_ptr_array_add (args, (gpointer)computer_name);
+ } else if (disco->explicit_netbios) {
realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s",
disco->explicit_netbios);
g_ptr_array_add (args, "--computer-name");
@@ -192,7 +200,6 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
if (input)
g_bytes_unref (input);
-
free (ccache_arg);
free (upn_arg);
free (server_arg);
diff --git a/service/realm-options.c b/service/realm-options.c
index bba3ee4..b9f59c6 100644
--- a/service/realm-options.c
+++ b/service/realm-options.c
@@ -159,3 +159,24 @@ realm_options_check_domain_name (const gchar *name)
return TRUE;
}
+
+const gchar *
+realm_options_computer_name (GVariant *options,
+ const gchar *realm_name)
+{
+ const gchar *computer_name = NULL;
+ gchar *section;
+
+ if (options) {
+ if (!g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_NAME, "&s", &computer_name))
+ computer_name = NULL;
+ }
+
+ if (realm_name && !computer_name) {
+ section = g_utf8_casefold (realm_name, -1);
+ computer_name = realm_settings_value (section, REALM_DBUS_OPTION_COMPUTER_NAME);
+ g_free (section);
+ }
+
+ return g_strdup (computer_name);
+}
diff --git a/service/realm-options.h b/service/realm-options.h
index 4890cba..e31cddc 100644
--- a/service/realm-options.h
+++ b/service/realm-options.h
@@ -41,6 +41,9 @@ gboolean realm_options_qualify_names (const gchar *realm_name);
gboolean realm_options_check_domain_name (const gchar *domain_name);
+const gchar * realm_options_computer_name (GVariant *options,
+ const gchar *realm_name);
+
G_END_DECLS
#endif /* __REALM_OPTIONS_H__ */
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
index e749764..f2392a9 100644
--- a/service/realm-samba-enroll.c
+++ b/service/realm-samba-enroll.c
@@ -84,27 +84,37 @@ fallback_workgroup (const gchar *realm)
static JoinClosure *
join_closure_init (GTask *task,
RealmDisco *disco,
+ GVariant *options,
GDBusMethodInvocation *invocation)
{
JoinClosure *join;
gchar *workgroup;
GError *error = NULL;
int temp_fd;
+ const gchar *explicit_computer_name = NULL;
+ const gchar *authid = NULL;
join = g_new0 (JoinClosure, 1);
join->disco = realm_disco_ref (disco);
join->invocation = invocation ? g_object_ref (invocation) : NULL;
g_task_set_task_data (task, join, join_closure_free);
+ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
+ /* Set netbios name to explicit or truncated name if available */
+ if (explicit_computer_name != NULL)
+ authid = explicit_computer_name;
+ else if (disco->explicit_netbios)
+ authid = disco->explicit_netbios;
+
join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);
realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,
"security", "ads",
"kerberos method", "system keytab",
"realm", disco->kerberos_realm,
- "netbios name", disco->explicit_netbios,
+ "netbios name", authid,
NULL);
- /*
+ /*
* Samba complains if we don't set a 'workgroup' setting for the realm we're
* going to join. If we didn't yet manage to lookup the workgroup, then go ahead
* and assume that the first domain component is the workgroup name.
@@ -377,14 +387,18 @@ realm_samba_enroll_join_async (RealmDisco *disco,
{
GTask *task;
JoinClosure *join;
+ const gchar *explicit_computer_name;
g_return_if_fail (disco != NULL);
g_return_if_fail (cred != NULL);
task = g_task_new (NULL, NULL, callback, user_data);
- join = join_closure_init (task, disco, invocation);
-
- if (disco->explicit_netbios) {
+ join = join_closure_init (task, disco, options, invocation);
+ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
+ if (explicit_computer_name != NULL) {
+ realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
+ explicit_computer_name);
+ } else if (disco->explicit_netbios) {
realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s",
disco->explicit_netbios);
}
@@ -448,7 +462,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
JoinClosure *join;
task = g_task_new (NULL, NULL, callback, user_data);
- join = join_closure_init (task, disco, invocation);
+ join = join_closure_init (task, disco, options, invocation);
switch (cred->type) {
case REALM_CREDENTIAL_PASSWORD:
diff --git a/service/realm-samba.c b/service/realm-samba.c
index eca65aa..5cf2aa8 100644
--- a/service/realm-samba.c
+++ b/service/realm-samba.c
@@ -183,6 +183,13 @@ on_join_do_winbind (GObject *source,
GHashTable *settings = NULL;
GError *error = NULL;
const gchar *name;
+ const gchar *computer_name;
+
+ computer_name = realm_options_computer_name (enroll->options, enroll->disco->domain_name);
+ /* Use truncated name if set and explicit name is not available */
+ if (enroll->disco->explicit_netbios && computer_name == NULL)
+ computer_name = enroll->disco->explicit_netbios;
+
realm_samba_enroll_join_finish (result, &error);
if (error == NULL) {
@@ -192,12 +199,13 @@ on_join_do_winbind (GObject *source,
"workgroup", enroll->disco->workgroup,
"template homedir", realm_settings_string ("users", "default-home"),
"template shell", realm_settings_string ("users", "default-shell"),
- "netbios name", enroll->disco->explicit_netbios,
+ "netbios name", computer_name,
"password server", enroll->disco->explicit_server,
"kerberos method", "system keytab",
NULL);
}
+
if (error == NULL) {
name = realm_kerberos_get_name (REALM_KERBEROS (self));
realm_samba_winbind_configure_async (self->config, name, enroll->options,
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
index c7ffe8a..5ed384d 100644
--- a/service/realm-sssd-ad.c
+++ b/service/realm-sssd-ad.c
@@ -163,6 +163,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
GString *realmd_tags;
const gchar *access_provider;
const gchar *shell;
+ const gchar *explicit_computer_name;
gchar *authid = NULL;
gboolean qualify;
gboolean ret;
@@ -172,17 +173,19 @@ configure_sssd_for_domain (RealmIniConfig *config,
home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
qualify = realm_options_qualify_names (disco->domain_name);
shell = realm_settings_string ("users", "default-shell");
-
+ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
realmd_tags = g_string_new ("");
if (realm_options_manage_system (options, disco->domain_name))
g_string_append (realmd_tags, "manages-system ");
g_string_append (realmd_tags, use_adcli ? "joined-with-adcli " : "joined-with-samba ");
/*
- * Explicitly set the netbios authid for sssd to use in this case, since
+ * Explicitly set the netbios authid for sssd to use in these cases, since
* otherwise sssd won't know which kerberos principal to use
*/
- if (disco->explicit_netbios)
+ if (explicit_computer_name != NULL)
+ authid = g_strdup_printf ("%s$", explicit_computer_name);
+ else if (disco->explicit_netbios)
authid = g_strdup_printf ("%s$", disco->explicit_netbios);
ret = realm_sssd_config_add_domain (config, disco->domain_name, error,
--
2.7.4