diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..db1c834
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/realmd-0.16.1.tar.gz
diff --git a/.realmd.metadata b/.realmd.metadata
new file mode 100644
index 0000000..1a53878
--- /dev/null
+++ b/.realmd.metadata
@@ -0,0 +1 @@
+f761e3a1b1c9843e195581c77b0c0bbf6263ce17 SOURCES/realmd-0.16.1.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/0001-Add-os-name-and-os-version-command-line-options.patch b/SOURCES/0001-Add-os-name-and-os-version-command-line-options.patch
new file mode 100644
index 0000000..6d282c4
--- /dev/null
+++ b/SOURCES/0001-Add-os-name-and-os-version-command-line-options.patch
@@ -0,0 +1,182 @@
+From ca6684a68d2a9887c2e06e58a7fdfa3d327c8052 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 28 Jun 2016 18:14:09 +0200
+Subject: [PATCH] Add os-name and os-version command line options
+
+---
+ dbus/realm-dbus-constants.h | 2 ++
+ doc/manual/realm.xml | 12 ++++++++++++
+ doc/manual/realmd.conf.xml | 5 +++++
+ service/realm-adcli-enroll.c | 4 ++--
+ service/realm-options.c | 18 ++++++++++++++++++
+ service/realm-options.h | 3 +++
+ service/realm-samba-enroll.c | 4 ++--
+ tools/realm-join.c | 8 ++++++++
+ 8 files changed, 52 insertions(+), 4 deletions(-)
+
+diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
+index 3a67a00..9cd30ef 100644
+--- a/dbus/realm-dbus-constants.h
++++ b/dbus/realm-dbus-constants.h
+@@ -67,6 +67,8 @@ G_BEGIN_DECLS
+ #define REALM_DBUS_OPTION_USER_PRINCIPAL "user-principal"
+ #define REALM_DBUS_OPTION_MANAGE_SYSTEM "manage-system"
+ #define REALM_DBUS_OPTION_COMPUTER_NAME "computer-name"
++#define REALM_DBUS_OPTION_OS_NAME "os-name"
++#define REALM_DBUS_OPTION_OS_VERSION "os-version"
+
+ #define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory"
+ #define REALM_DBUS_IDENTIFIER_WINBIND "winbind"
+diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml
+index baa0d8c..6724d80 100644
+--- a/doc/manual/realm.xml
++++ b/doc/manual/realm.xml
+@@ -243,6 +243,18 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com
+ the value for this option, then a principal will be set
+ in the form of <literal>host/shortname@REALM</literal></para></listitem>
+ </varlistentry>
++ <varlistentry>
++ <term><option>--os-name=xxx</option></term>
++ <listitem><para>The name of the operation system of the
++ client. When joining an AD domain the value is store in
++ the matching AD attribute.</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><option>--os-version=xxx</option></term>
++ <listitem><para>The version of the operation system of the
++ client. When joining an AD domain the value is store in
++ the matching AD attribute.</para></listitem>
++ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
+index f8c87b9..7853230 100644
+--- a/doc/manual/realmd.conf.xml
++++ b/doc/manual/realmd.conf.xml
+@@ -149,6 +149,11 @@ domain.example.com
+
+ <para>This is an Active Directory specific option.</para>
+
++ <para>It is also possible to use the <option>--os-name</option>
++ or <option>--os-version</option> argument of the
++ <command>realm</command> command to override the default
++ values.</para>
++
+ <informalexample>
+ <programlisting language="js">
+ [active-directory]
+diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
+index 0c506f9..05947fa 100644
+--- a/service/realm-adcli-enroll.c
++++ b/service/realm-adcli-enroll.c
+@@ -139,13 +139,13 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+ g_ptr_array_add (args, (gpointer)computer_ou);
+ }
+
+- os = realm_settings_value ("active-directory", "os-name");
++ os = realm_options_ad_specific (options, "os-name");
+ if (os != NULL && !g_str_equal (os, "")) {
+ g_ptr_array_add (args, "--os-name");
+ g_ptr_array_add (args, (gpointer)os);
+ }
+
+- os = realm_settings_value ("active-directory", "os-version");
++ os = realm_options_ad_specific (options, "os-version");
+ if (os != NULL && !g_str_equal (os, "")) {
+ g_ptr_array_add (args, "--os-version");
+ g_ptr_array_add (args, (gpointer)os);
+diff --git a/service/realm-options.c b/service/realm-options.c
+index b9f59c6..bd804ea 100644
+--- a/service/realm-options.c
++++ b/service/realm-options.c
+@@ -180,3 +180,21 @@ realm_options_computer_name (GVariant *options,
+
+ return g_strdup (computer_name);
+ }
++
++const gchar *
++realm_options_ad_specific (GVariant *options,
++ const gchar *option_name)
++{
++ const gchar *value = NULL;
++
++ if (options) {
++ if (!g_variant_lookup (options, option_name, "&s", &value))
++ value = NULL;
++ }
++
++ if (!value) {
++ value = realm_settings_value ("active-directory", option_name);
++ }
++
++ return g_strdup (value);
++}
+diff --git a/service/realm-options.h b/service/realm-options.h
+index e31cddc..7a1355e 100644
+--- a/service/realm-options.h
++++ b/service/realm-options.h
+@@ -44,6 +44,9 @@ gboolean realm_options_check_domain_name (const gchar *domain_name)
+ const gchar * realm_options_computer_name (GVariant *options,
+ const gchar *realm_name);
+
++const gchar * realm_options_ad_specific (GVariant *options,
++ const gchar *option_name);
++
+ G_END_DECLS
+
+ #endif /* __REALM_OPTIONS_H__ */
+diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
+index f2392a9..c81aed2 100644
+--- a/service/realm-samba-enroll.c
++++ b/service/realm-samba-enroll.c
+@@ -335,11 +335,11 @@ begin_join (GTask *task,
+ }
+ }
+
+- os = realm_settings_value ("active-directory", "os-name");
++ os = realm_options_ad_specific(options, "os-name");
+ if (os != NULL && !g_str_equal (os, ""))
+ join->join_args[at++] = g_strdup_printf ("osName=%s", os);
+
+- os = realm_settings_value ("active-directory", "os-version");
++ os = realm_options_ad_specific(options, "os-version");
+ if (os != NULL && !g_str_equal (os, ""))
+ join->join_args[at++] = g_strdup_printf ("osVer=%s", os);
+
+diff --git a/tools/realm-join.c b/tools/realm-join.c
+index 3685bb9..8e46c20 100644
+--- a/tools/realm-join.c
++++ b/tools/realm-join.c
+@@ -169,6 +169,8 @@ typedef struct {
+ gchar *user;
+ gchar *computer_ou;
+ gchar *computer_name;
++ gchar *os_name;
++ gchar *os_version;
+ gchar *client_software;
+ gchar *server_software;
+ gchar *membership_software;
+@@ -241,6 +243,8 @@ perform_join (RealmClient *client,
+
+ options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou,
+ REALM_DBUS_OPTION_COMPUTER_NAME, args->computer_name,
++ REALM_DBUS_OPTION_OS_NAME, args->os_name,
++ REALM_DBUS_OPTION_OS_VERSION, args->os_version,
+ REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software,
+ REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal,
+ args->automatic_id_mapping_set ?
+@@ -288,6 +292,10 @@ realm_join (RealmClient *client,
+ N_("Computer OU DN to join"), NULL },
+ { "computer-name", 0, 0, G_OPTION_ARG_STRING, &args.computer_name,
+ N_("Use specific computer name instead of hostname"), NULL },
++ { "os-name", 0, 0, G_OPTION_ARG_STRING, &args.os_name,
++ N_("Use specific operation system name"), NULL },
++ { "os-version", 0, 0, G_OPTION_ARG_STRING, &args.os_version,
++ N_("Use specific operation system version"), NULL },
+ { "client-software", 0, 0, G_OPTION_ARG_STRING, &args.client_software,
+ N_("Use specific client software"), NULL },
+ { "server-software", 0, 0, G_OPTION_ARG_STRING, &args.server_software,
+--
+2.7.4
+
diff --git a/SOURCES/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch b/SOURCES/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
new file mode 100644
index 0000000..894fe93
--- /dev/null
+++ b/SOURCES/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
@@ -0,0 +1,168 @@
+From b11d891a50c2f70e3c02b880e0199583b8df186c Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 31 May 2018 16:16:08 +0200
+Subject: [PATCH] Find NetBIOS name in keytab while leaving
+
+If realmd is used with Samba as membership software, i.e. Samba's net
+utility, the NetBIOS name must be known when leaving a domain. The most
+reliable way to find it is by searching the keytab for NAME$@REALM type
+entries and use the NAME as the NetBIOS name.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1370457
+---
+ service/realm-kerberos.c | 64 ++++++++++++++++++++++++++++++++++++
+ service/realm-kerberos.h | 2 ++
+ service/realm-samba-enroll.c | 17 ++++++++--
+ 3 files changed, 80 insertions(+), 3 deletions(-)
+
+diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
+index 54d1ed7..d6d109f 100644
+--- a/service/realm-kerberos.c
++++ b/service/realm-kerberos.c
+@@ -1130,3 +1130,67 @@ realm_kerberos_flush_keytab (const gchar *realm_name,
+ return ret;
+
+ }
++
++gchar *
++realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name)
++{
++ krb5_error_code code;
++ krb5_keytab keytab = NULL;
++ krb5_context ctx;
++ krb5_kt_cursor cursor = NULL;
++ krb5_keytab_entry entry;
++ krb5_principal realm_princ = NULL;
++ gchar *princ_name = NULL;
++ gchar *netbios_name = NULL;
++ krb5_data *name_data;
++
++ code = krb5_init_context (&ctx);
++ if (code != 0) {
++ return NULL;
++ }
++
++ princ_name = g_strdup_printf ("user@%s", realm_name);
++ code = krb5_parse_name (ctx, princ_name, &realm_princ);
++ g_free (princ_name);
++
++ if (code == 0) {
++ code = krb5_kt_default (ctx, &keytab);
++ }
++
++ if (code == 0) {
++ code = krb5_kt_start_seq_get (ctx, keytab, &cursor);
++ }
++
++ if (code == 0) {
++ while (!krb5_kt_next_entry (ctx, keytab, &entry, &cursor) && netbios_name == NULL) {
++ if (krb5_realm_compare (ctx, realm_princ, entry.principal)) {
++ name_data = krb5_princ_component (ctx, entry.principal, 0);
++ if (name_data != NULL
++ && name_data->length > 0
++ && name_data->data[name_data->length - 1] == '$') {
++ netbios_name = g_strndup (name_data->data, name_data->length - 1);
++ if (netbios_name == NULL) {
++ code = krb5_kt_free_entry (ctx, &entry);
++ warn_if_krb5_failed (ctx, code);
++ break;
++ }
++ }
++ }
++ code = krb5_kt_free_entry (ctx, &entry);
++ warn_if_krb5_failed (ctx, code);
++ }
++ }
++
++ code = krb5_kt_end_seq_get (ctx, keytab, &cursor);
++ warn_if_krb5_failed (ctx, code);
++
++ code = krb5_kt_close (ctx, keytab);
++ warn_if_krb5_failed (ctx, code);
++
++ krb5_free_principal (ctx, realm_princ);
++
++ krb5_free_context (ctx);
++
++ return netbios_name;
++
++}
+diff --git a/service/realm-kerberos.h b/service/realm-kerberos.h
+index 0447e4d..58cfe07 100644
+--- a/service/realm-kerberos.h
++++ b/service/realm-kerberos.h
+@@ -88,6 +88,8 @@ gchar * realm_kerberos_format_login (RealmKerberos *self,
+ gboolean realm_kerberos_flush_keytab (const gchar *realm_name,
+ GError **error);
+
++gchar * realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name);
++
+ const gchar * realm_kerberos_get_name (RealmKerberos *self);
+
+ const gchar * realm_kerberos_get_realm_name (RealmKerberos *self);
+diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
+index 76e7b79..f5edca3 100644
+--- a/service/realm-samba-enroll.c
++++ b/service/realm-samba-enroll.c
+@@ -85,7 +85,8 @@ static JoinClosure *
+ join_closure_init (GTask *task,
+ RealmDisco *disco,
+ GVariant *options,
+- GDBusMethodInvocation *invocation)
++ GDBusMethodInvocation *invocation,
++ gboolean do_join)
+ {
+ JoinClosure *join;
+ gchar *workgroup;
+@@ -93,6 +94,7 @@ join_closure_init (GTask *task,
+ int temp_fd;
+ const gchar *explicit_computer_name = NULL;
+ const gchar *authid = NULL;
++ gchar *name_from_keytab = NULL;
+
+ join = g_new0 (JoinClosure, 1);
+ join->disco = realm_disco_ref (disco);
+@@ -106,6 +108,14 @@ join_closure_init (GTask *task,
+ else if (disco->explicit_netbios)
+ authid = disco->explicit_netbios;
+
++ /* try to get the NetBIOS name from the keytab while leaving the domain */
++ if (explicit_computer_name == NULL && !do_join) {
++ name_from_keytab = realm_kerberos_get_netbios_name_from_keytab(disco->kerberos_realm);
++ if (name_from_keytab != NULL) {
++ authid = name_from_keytab;
++ }
++ }
++
+ join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);
+ realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,
+ "security", "ads",
+@@ -151,6 +161,7 @@ join_closure_init (GTask *task,
+ g_warning ("Couldn't create temp file in: %s", g_get_tmp_dir ());
+ }
+
++ g_free (name_from_keytab);
+ return join;
+ }
+
+@@ -393,7 +404,7 @@ realm_samba_enroll_join_async (RealmDisco *disco,
+ g_return_if_fail (cred != NULL);
+
+ task = g_task_new (NULL, NULL, callback, user_data);
+- join = join_closure_init (task, disco, options, invocation);
++ join = join_closure_init (task, disco, options, invocation, TRUE);
+ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
+ if (explicit_computer_name != NULL) {
+ realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
+@@ -462,7 +473,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
+ JoinClosure *join;
+
+ task = g_task_new (NULL, NULL, callback, user_data);
+- join = join_closure_init (task, disco, options, invocation);
++ join = join_closure_init (task, disco, options, invocation, FALSE);
+
+ switch (cred->type) {
+ case REALM_CREDENTIAL_PASSWORD:
+--
+2.17.1
+
diff --git a/SOURCES/0001-Fix-issues-found-by-Coverity.patch b/SOURCES/0001-Fix-issues-found-by-Coverity.patch
new file mode 100644
index 0000000..ee9e081
--- /dev/null
+++ b/SOURCES/0001-Fix-issues-found-by-Coverity.patch
@@ -0,0 +1,42 @@
+From f413ee60dcd538603f0db608899799113fba053f Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 14 Aug 2018 14:09:48 +0200
+Subject: [PATCH] Fix issues found by Coverity
+
+---
+ service/realm-kerberos.c | 5 ++++-
+ service/realm-packages.c | 2 +-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
+index d6d109f..252e256 100644
+--- a/service/realm-kerberos.c
++++ b/service/realm-kerberos.c
+@@ -980,7 +980,10 @@ realm_kerberos_set_details (RealmKerberos *self,
+ if (name == NULL)
+ break;
+ value = va_arg (va, const gchar *);
+- g_return_if_fail (value != NULL);
++ if (value == NULL) {
++ va_end (va);
++ g_return_if_reached ();
++ }
+
+ values[0] = g_variant_new_string (name);
+ values[1] = g_variant_new_string (value);
+diff --git a/service/realm-packages.c b/service/realm-packages.c
+index 9a6984c..5976439 100644
+--- a/service/realm-packages.c
++++ b/service/realm-packages.c
+@@ -567,7 +567,7 @@ lookup_required_files_and_packages (const gchar **package_sets,
+ g_ptr_array_add (packages, NULL);
+ *result_packages = (gchar **)g_ptr_array_free (packages, FALSE);
+ } else {
+- g_ptr_array_free (files, TRUE);
++ g_ptr_array_free (packages, TRUE);
+ }
+
+ if (result_files) {
+--
+2.17.1
+
diff --git a/SOURCES/0001-Fix-man-page-reference-in-systemd-service-file.patch b/SOURCES/0001-Fix-man-page-reference-in-systemd-service-file.patch
new file mode 100644
index 0000000..fe46620
--- /dev/null
+++ b/SOURCES/0001-Fix-man-page-reference-in-systemd-service-file.patch
@@ -0,0 +1,24 @@
+From e8d9d5e9817627dcf208ac742debcc9dc320752d Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 27 Jul 2016 19:06:29 +0200
+Subject: [PATCH] Fix man page reference in systemd service file
+
+---
+ dbus/realmd.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dbus/realmd.service.in b/dbus/realmd.service.in
+index b3bcf7a..64c1090 100644
+--- a/dbus/realmd.service.in
++++ b/dbus/realmd.service.in
+@@ -1,6 +1,6 @@
+ [Unit]
+ Description=Realm and Domain Configuration
+-Documentation=man:realmd(8)
++Documentation=man:realm(8)
+
+ [Service]
+ Type=dbus
+--
+2.7.4
+
diff --git a/SOURCES/0001-Make-DBus-aware-of-systemd.patch b/SOURCES/0001-Make-DBus-aware-of-systemd.patch
new file mode 100644
index 0000000..a12ff02
--- /dev/null
+++ b/SOURCES/0001-Make-DBus-aware-of-systemd.patch
@@ -0,0 +1,53 @@
+From 03f949a0b394ab954fc68f33e092dc0bb1fec406 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 28 Jun 2016 14:41:01 +0200
+Subject: [PATCH] Make DBus aware of systemd
+
+---
+ Makefile.am | 1 +
+ configure.ac | 7 +++++++
+ dbus/org.freedesktop.realmd.service.in | 1 +
+ 3 files changed, 9 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 52de3dc..c81f048 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -49,6 +49,7 @@ SED_SUBST = sed \
+ -e 's,[@]abs_srcdir[@],$(abs_srcdir),g' \
+ -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]privatedir[@],$(privatedir),g' \
++ -e 's,[@]dbus_systemd_service[@],$(dbus_systemd_service),g' \
+ -e 's,[@]PACKAGE[@],$(PACKAGE),g' \
+ -e 's,[@]VERSION[@],$(VERSION),g' \
+ $(NULL)
+diff --git a/configure.ac b/configure.ac
+index 032cdaa..0376887 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -110,6 +110,13 @@ fi
+ SYSTEMD_UNIT_DIR="$with_systemd_unit_dir"
+ AC_SUBST(SYSTEMD_UNIT_DIR)
+ AM_CONDITIONAL(WITH_SYSTEMD, [test -n "$with_systemd_unit_dir"])
++
++dbus_systemd_service=""
++if test -n "$with_systemd_unit_dir"; then
++ dbus_systemd_service="SystemdService=realmd.service"
++fi
++AC_SUBST(dbus_systemd_service)
++
+ AC_MSG_RESULT($with_systemd_unit_dir)
+
+ AC_ARG_WITH(systemd-journal,
+diff --git a/dbus/org.freedesktop.realmd.service.in b/dbus/org.freedesktop.realmd.service.in
+index 834e23f..51132f6 100644
+--- a/dbus/org.freedesktop.realmd.service.in
++++ b/dbus/org.freedesktop.realmd.service.in
+@@ -2,3 +2,4 @@
+ Name=org.freedesktop.realmd
+ Exec=@privatedir@/realmd
+ User=root
++@dbus_systemd_service@
+--
+2.7.4
+
diff --git a/SOURCES/0001-Support-manually-setting-computer-name.patch b/SOURCES/0001-Support-manually-setting-computer-name.patch
new file mode 100644
index 0000000..985e340
--- /dev/null
+++ b/SOURCES/0001-Support-manually-setting-computer-name.patch
@@ -0,0 +1,261 @@
+From ec3c397cf50ace03f920502f34bca612f62333bf Mon Sep 17 00:00:00 2001
+From: Andrew Austin <aaustin@one.verizon.com>
+Date: Sun, 17 Apr 2016 12:17:04 -0500
+Subject: [PATCH 1/3] Support manually setting computer name
+
+This change adds a computer-name option to the realm configuration.
+When set, the computer-name string will be used in place of either the
+system's hostname or an automatically truncated netbios name when joining
+an active directory domain.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=93739
+
+Signed-off-by: Stef Walter <stefw@redhat.com>
+ * Squashed fixup patch
+---
+ dbus/realm-dbus-constants.h | 1 +
+ service/realm-adcli-enroll.c | 11 +++++++++--
+ service/realm-options.c | 21 +++++++++++++++++++++
+ service/realm-options.h | 3 +++
+ service/realm-samba-enroll.c | 26 ++++++++++++++++++++------
+ service/realm-samba.c | 10 +++++++++-
+ service/realm-sssd-ad.c | 9 ++++++---
+ 7 files changed, 69 insertions(+), 12 deletions(-)
+
+diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
+index c68e958..3a67a00 100644
+--- a/dbus/realm-dbus-constants.h
++++ b/dbus/realm-dbus-constants.h
+@@ -66,6 +66,7 @@ G_BEGIN_DECLS
+ #define REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE "membership-software"
+ #define REALM_DBUS_OPTION_USER_PRINCIPAL "user-principal"
+ #define REALM_DBUS_OPTION_MANAGE_SYSTEM "manage-system"
++#define REALM_DBUS_OPTION_COMPUTER_NAME "computer-name"
+
+ #define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory"
+ #define REALM_DBUS_IDENTIFIER_WINBIND "winbind"
+diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
+index ef1b563..0c506f9 100644
+--- a/service/realm-adcli-enroll.c
++++ b/service/realm-adcli-enroll.c
+@@ -84,6 +84,7 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+ gchar *upn_arg = NULL;
+ gchar *server_arg = NULL;
+ gchar *ou_arg = NULL;
++ const gchar *computer_name = NULL;
+
+ g_return_if_fail (cred != NULL);
+ g_return_if_fail (disco != NULL);
+@@ -114,7 +115,14 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+ g_ptr_array_add (args, (gpointer)disco->explicit_server);
+ }
+
+- if (disco->explicit_netbios) {
++ /* Pass manually configured or truncated computer name to adcli */
++ computer_name = realm_options_computer_name (options, disco->domain_name);
++ if (computer_name != NULL) {
++ realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
++ computer_name);
++ g_ptr_array_add (args, "--computer-name");
++ g_ptr_array_add (args, (gpointer)computer_name);
++ } else if (disco->explicit_netbios) {
+ realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s",
+ disco->explicit_netbios);
+ g_ptr_array_add (args, "--computer-name");
+@@ -192,7 +200,6 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+
+ if (input)
+ g_bytes_unref (input);
+-
+ free (ccache_arg);
+ free (upn_arg);
+ free (server_arg);
+diff --git a/service/realm-options.c b/service/realm-options.c
+index bba3ee4..b9f59c6 100644
+--- a/service/realm-options.c
++++ b/service/realm-options.c
+@@ -159,3 +159,24 @@ realm_options_check_domain_name (const gchar *name)
+
+ return TRUE;
+ }
++
++const gchar *
++realm_options_computer_name (GVariant *options,
++ const gchar *realm_name)
++{
++ const gchar *computer_name = NULL;
++ gchar *section;
++
++ if (options) {
++ if (!g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_NAME, "&s", &computer_name))
++ computer_name = NULL;
++ }
++
++ if (realm_name && !computer_name) {
++ section = g_utf8_casefold (realm_name, -1);
++ computer_name = realm_settings_value (section, REALM_DBUS_OPTION_COMPUTER_NAME);
++ g_free (section);
++ }
++
++ return g_strdup (computer_name);
++}
+diff --git a/service/realm-options.h b/service/realm-options.h
+index 4890cba..e31cddc 100644
+--- a/service/realm-options.h
++++ b/service/realm-options.h
+@@ -41,6 +41,9 @@ gboolean realm_options_qualify_names (const gchar *realm_name);
+
+ gboolean realm_options_check_domain_name (const gchar *domain_name);
+
++const gchar * realm_options_computer_name (GVariant *options,
++ const gchar *realm_name);
++
+ G_END_DECLS
+
+ #endif /* __REALM_OPTIONS_H__ */
+diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
+index e749764..f2392a9 100644
+--- a/service/realm-samba-enroll.c
++++ b/service/realm-samba-enroll.c
+@@ -84,27 +84,37 @@ fallback_workgroup (const gchar *realm)
+ static JoinClosure *
+ join_closure_init (GTask *task,
+ RealmDisco *disco,
++ GVariant *options,
+ GDBusMethodInvocation *invocation)
+ {
+ JoinClosure *join;
+ gchar *workgroup;
+ GError *error = NULL;
+ int temp_fd;
++ const gchar *explicit_computer_name = NULL;
++ const gchar *authid = NULL;
+
+ join = g_new0 (JoinClosure, 1);
+ join->disco = realm_disco_ref (disco);
+ join->invocation = invocation ? g_object_ref (invocation) : NULL;
+ g_task_set_task_data (task, join, join_closure_free);
+
++ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
++ /* Set netbios name to explicit or truncated name if available */
++ if (explicit_computer_name != NULL)
++ authid = explicit_computer_name;
++ else if (disco->explicit_netbios)
++ authid = disco->explicit_netbios;
++
+ join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);
+ realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,
+ "security", "ads",
+ "kerberos method", "system keytab",
+ "realm", disco->kerberos_realm,
+- "netbios name", disco->explicit_netbios,
++ "netbios name", authid,
+ NULL);
+
+- /*
++ /*
+ * Samba complains if we don't set a 'workgroup' setting for the realm we're
+ * going to join. If we didn't yet manage to lookup the workgroup, then go ahead
+ * and assume that the first domain component is the workgroup name.
+@@ -377,14 +387,18 @@ realm_samba_enroll_join_async (RealmDisco *disco,
+ {
+ GTask *task;
+ JoinClosure *join;
++ const gchar *explicit_computer_name;
+
+ g_return_if_fail (disco != NULL);
+ g_return_if_fail (cred != NULL);
+
+ task = g_task_new (NULL, NULL, callback, user_data);
+- join = join_closure_init (task, disco, invocation);
+-
+- if (disco->explicit_netbios) {
++ join = join_closure_init (task, disco, options, invocation);
++ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
++ if (explicit_computer_name != NULL) {
++ realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
++ explicit_computer_name);
++ } else if (disco->explicit_netbios) {
+ realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s",
+ disco->explicit_netbios);
+ }
+@@ -448,7 +462,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
+ JoinClosure *join;
+
+ task = g_task_new (NULL, NULL, callback, user_data);
+- join = join_closure_init (task, disco, invocation);
++ join = join_closure_init (task, disco, options, invocation);
+
+ switch (cred->type) {
+ case REALM_CREDENTIAL_PASSWORD:
+diff --git a/service/realm-samba.c b/service/realm-samba.c
+index eca65aa..5cf2aa8 100644
+--- a/service/realm-samba.c
++++ b/service/realm-samba.c
+@@ -183,6 +183,13 @@ on_join_do_winbind (GObject *source,
+ GHashTable *settings = NULL;
+ GError *error = NULL;
+ const gchar *name;
++ const gchar *computer_name;
++
++ computer_name = realm_options_computer_name (enroll->options, enroll->disco->domain_name);
++ /* Use truncated name if set and explicit name is not available */
++ if (enroll->disco->explicit_netbios && computer_name == NULL)
++ computer_name = enroll->disco->explicit_netbios;
++
+
+ realm_samba_enroll_join_finish (result, &error);
+ if (error == NULL) {
+@@ -192,12 +199,13 @@ on_join_do_winbind (GObject *source,
+ "workgroup", enroll->disco->workgroup,
+ "template homedir", realm_settings_string ("users", "default-home"),
+ "template shell", realm_settings_string ("users", "default-shell"),
+- "netbios name", enroll->disco->explicit_netbios,
++ "netbios name", computer_name,
+ "password server", enroll->disco->explicit_server,
+ "kerberos method", "system keytab",
+ NULL);
+ }
+
++
+ if (error == NULL) {
+ name = realm_kerberos_get_name (REALM_KERBEROS (self));
+ realm_samba_winbind_configure_async (self->config, name, enroll->options,
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index c7ffe8a..5ed384d 100644
+--- a/service/realm-sssd-ad.c
++++ b/service/realm-sssd-ad.c
+@@ -163,6 +163,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
+ GString *realmd_tags;
+ const gchar *access_provider;
+ const gchar *shell;
++ const gchar *explicit_computer_name;
+ gchar *authid = NULL;
+ gboolean qualify;
+ gboolean ret;
+@@ -172,17 +173,19 @@ configure_sssd_for_domain (RealmIniConfig *config,
+ home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
+ qualify = realm_options_qualify_names (disco->domain_name);
+ shell = realm_settings_string ("users", "default-shell");
+-
++ explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
+ realmd_tags = g_string_new ("");
+ if (realm_options_manage_system (options, disco->domain_name))
+ g_string_append (realmd_tags, "manages-system ");
+ g_string_append (realmd_tags, use_adcli ? "joined-with-adcli " : "joined-with-samba ");
+
+ /*
+- * Explicitly set the netbios authid for sssd to use in this case, since
++ * Explicitly set the netbios authid for sssd to use in these cases, since
+ * otherwise sssd won't know which kerberos principal to use
+ */
+- if (disco->explicit_netbios)
++ if (explicit_computer_name != NULL)
++ authid = g_strdup_printf ("%s$", explicit_computer_name);
++ else if (disco->explicit_netbios)
+ authid = g_strdup_printf ("%s$", disco->explicit_netbios);
+
+ ret = realm_sssd_config_add_domain (config, disco->domain_name, error,
+--
+2.7.4
+
diff --git a/SOURCES/0001-Use-current-idmap-options-for-smb.conf.patch b/SOURCES/0001-Use-current-idmap-options-for-smb.conf.patch
new file mode 100644
index 0000000..ea34960
--- /dev/null
+++ b/SOURCES/0001-Use-current-idmap-options-for-smb.conf.patch
@@ -0,0 +1,185 @@
+From e683fb573bc09893ec541be29751560cea30ce3f Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 30 May 2018 13:10:57 +0200
+Subject: [PATCH] Use current idmap options for smb.conf
+
+Samba change some time ago the way how to configure id-mapping. With
+this patch realmd will use the current supported options when creating
+smb.conf.
+
+A new option --legacy-samba-config is added to use the old options if
+realmd is used with Samba 3.5 or earlier.
+
+Related to https://bugzilla.redhat.com/show_bug.cgi?id=1484072
+---
+ dbus/realm-dbus-constants.h | 1 +
+ doc/manual/realmd.conf.xml | 17 ++++++++++++
+ service/realm-samba-enroll.c | 2 +-
+ service/realm-samba-enroll.h | 3 +++
+ service/realm-samba-winbind.c | 63 ++++++++++++++++++++++++++++++++++---------
+ 5 files changed, 72 insertions(+), 14 deletions(-)
+
+diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
+index 9cd30ef..40ffa2d 100644
+--- a/dbus/realm-dbus-constants.h
++++ b/dbus/realm-dbus-constants.h
+@@ -69,6 +69,7 @@ G_BEGIN_DECLS
+ #define REALM_DBUS_OPTION_COMPUTER_NAME "computer-name"
+ #define REALM_DBUS_OPTION_OS_NAME "os-name"
+ #define REALM_DBUS_OPTION_OS_VERSION "os-version"
++#define REALM_DBUS_OPTION_LEGACY_SMB_CONF "legacy-samba-config"
+
+ #define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory"
+ #define REALM_DBUS_IDENTIFIER_WINBIND "winbind"
+diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
+index 7853230..a2b577c 100644
+--- a/doc/manual/realmd.conf.xml
++++ b/doc/manual/realmd.conf.xml
+@@ -192,6 +192,23 @@ automatic-install = no
+ </listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term><option>legacy-samba-config</option></term>
++ <listitem>
++ <para>Set this to <parameter>yes</parameter> to create a Samba
++ configuration file with id-mapping options used by Samba-3.5
++ and earlier version.</para>
++
++ <informalexample>
++<programlisting language="js">
++[service]
++legacy-samba-config = no
++# legacy-samba-config = yes
++</programlisting>
++ </informalexample>
++ </listitem>
++ </varlistentry>
++
+ </variablelist>
+ </refsect1>
+
+diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
+index c81aed2..76e7b79 100644
+--- a/service/realm-samba-enroll.c
++++ b/service/realm-samba-enroll.c
+@@ -69,7 +69,7 @@ join_closure_free (gpointer data)
+ g_free (join);
+ }
+
+-static gchar *
++gchar *
+ fallback_workgroup (const gchar *realm)
+ {
+ const gchar *pos;
+diff --git a/service/realm-samba-enroll.h b/service/realm-samba-enroll.h
+index 84e8b2f..310ec65 100644
+--- a/service/realm-samba-enroll.h
++++ b/service/realm-samba-enroll.h
+@@ -46,6 +46,9 @@ void realm_samba_enroll_leave_async (RealmDisco *disco,
+ gboolean realm_samba_enroll_leave_finish (GAsyncResult *result,
+ GError **error);
+
++gchar *
++fallback_workgroup (const gchar *realm);
++
+ G_END_DECLS
+
+ #endif /* __REALM_SAMBA_ENROLL_H__ */
+diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
+index a7ddec3..9335e26 100644
+--- a/service/realm-samba-winbind.c
++++ b/service/realm-samba-winbind.c
+@@ -21,8 +21,10 @@
+ #include "realm-options.h"
+ #include "realm-samba-config.h"
+ #include "realm-samba-winbind.h"
++#include "realm-samba-enroll.h"
+ #include "realm-settings.h"
+ #include "realm-service.h"
++#include "dbus/realm-dbus-constants.h"
+
+ #include <glib/gstdio.h>
+
+@@ -80,6 +82,10 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
+ RealmIniConfig *pwc;
+ GTask *task;
+ GError *error = NULL;
++ gchar *workgroup = NULL;
++ gchar *idmap_config_backend = NULL;
++ gchar *idmap_config_range = NULL;
++ gchar *idmap_config_schema_mode = NULL;
+
+ g_return_if_fail (config != NULL);
+ g_return_if_fail (invocation != NULL || G_IS_DBUS_METHOD_INVOCATION (invocation));
+@@ -100,23 +106,54 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
+ "template shell", realm_settings_string ("users", "default-shell"),
+ NULL);
+
+- if (realm_options_automatic_mapping (options, domain_name)) {
+- realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
+- "idmap uid", "10000-2000000",
+- "idmap gid", "10000-2000000",
+- "idmap backend", "tdb",
+- "idmap schema", NULL,
+- NULL);
++ if (realm_settings_boolean ("service", REALM_DBUS_OPTION_LEGACY_SMB_CONF, FALSE)) {
++ if (realm_options_automatic_mapping (options, domain_name)) {
++ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
++ "idmap uid", "10000-2000000",
++ "idmap gid", "10000-2000000",
++ "idmap backend", "tdb",
++ "idmap schema", NULL,
++ NULL);
++ } else {
++ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
++ "idmap uid", "500-4294967296",
++ "idmap gid", "500-4294967296",
++ "idmap backend", "ad",
++ "idmap schema", "rfc2307",
++ NULL);
++ }
+ } else {
+- realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
+- "idmap uid", "500-4294967296",
+- "idmap gid", "500-4294967296",
+- "idmap backend", "ad",
+- "idmap schema", "rfc2307",
+- NULL);
++ workgroup = realm_ini_config_get (config, REALM_SAMBA_CONFIG_GLOBAL, "workgroup");
++ if (workgroup == NULL) {
++ workgroup = fallback_workgroup (domain_name);
++ }
++ idmap_config_backend = g_strdup_printf ("idmap config %s : backend", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
++ idmap_config_range = g_strdup_printf ("idmap config %s : range", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
++ idmap_config_schema_mode = g_strdup_printf ("idmap config %s : schema_mode", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
++ g_free (workgroup);
++
++ if (realm_options_automatic_mapping (options, domain_name)) {
++ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
++ "idmap config * : backend", "tdb",
++ "idmap config * : range", "10000-999999",
++ idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "rid",
++ idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "2000000-2999999",
++ idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", NULL,
++ NULL);
++ } else {
++ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
++ "idmap config * : backend", "tdb",
++ "idmap config * : range", "10000000-10999999",
++ idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "ad",
++ idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "500-999999",
++ idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", "rfc2307",
++ NULL);
++ }
+ }
+
+ realm_ini_config_finish_change (config, &error);
++ g_free (idmap_config_backend);
++ g_free (idmap_config_range);
+ }
+
+ /* Setup pam_winbind.conf with decent defaults matching our expectations */
+--
+2.14.4
+
diff --git a/SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch b/SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch
new file mode 100644
index 0000000..c12ee98
--- /dev/null
+++ b/SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch
@@ -0,0 +1,36 @@
+From e427f89fa4f41356525797170729c2dc5d9fa045 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 25 Jul 2016 15:25:20 +0200
+Subject: [PATCH] doc: add computer-name to realm man page
+
+---
+ doc/manual/realm.xml | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml
+index 6724d80..ebaebd3 100644
+--- a/doc/manual/realm.xml
++++ b/doc/manual/realm.xml
+@@ -202,6 +202,19 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com
+ Directory specific option.</para></listitem>
+ </varlistentry>
+ <varlistentry>
++ <term><option>--computer-name=xxx</option></term>
++ <listitem>
++ <para>This option only applies to Active
++ Directory realms. Specify this option to
++ override the default name used when creating
++ the computer account. The system's FQDN will
++ still be saved in the dNSHostName attribute.</para>
++ <para>Specify the name as a string of 15 or
++ fewer characters that is a valid NetBIOS
++ computer name.</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><option>--no-password</option></term>
+ <listitem><para>Perform the join automatically without
+ a password.</para></listitem>
+--
+2.7.4
+
diff --git a/SOURCES/0002-Add-computer-name-support-to-realm-join-CLI.patch b/SOURCES/0002-Add-computer-name-support-to-realm-join-CLI.patch
new file mode 100644
index 0000000..c4ceb81
--- /dev/null
+++ b/SOURCES/0002-Add-computer-name-support-to-realm-join-CLI.patch
@@ -0,0 +1,56 @@
+From 92087e73c87b4afc01c32f572d202919cac09d41 Mon Sep 17 00:00:00 2001
+From: Andrew Austin <aaustin@one.verizon.com>
+Date: Sun, 17 Apr 2016 12:52:15 -0500
+Subject: [PATCH 2/3] Add computer-name support to realm join CLI
+
+This exposes the computer-name option on the CLI for use
+when joining an active directory domain.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=93739
+
+Signed-off-by: Stef Walter <stefw@redhat.com>
+ * Squashed fixup patch
+---
+ tools/realm-join.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/tools/realm-join.c b/tools/realm-join.c
+index feb6edc..3685bb9 100644
+--- a/tools/realm-join.c
++++ b/tools/realm-join.c
+@@ -168,6 +168,7 @@ perform_user_join (RealmClient *client,
+ typedef struct {
+ gchar *user;
+ gchar *computer_ou;
++ gchar *computer_name;
+ gchar *client_software;
+ gchar *server_software;
+ gchar *membership_software;
+@@ -184,6 +185,7 @@ realm_join_args_clear (gpointer data)
+ RealmJoinArgs *args = data;
+ g_free (args->user);
+ g_free (args->computer_ou);
++ g_free (args->computer_name);
+ g_free (args->client_software);
+ g_free (args->server_software);
+ g_free (args->user_principal);
+@@ -238,6 +240,7 @@ perform_join (RealmClient *client,
+ }
+
+ options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou,
++ REALM_DBUS_OPTION_COMPUTER_NAME, args->computer_name,
+ REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software,
+ REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal,
+ args->automatic_id_mapping_set ?
+@@ -283,6 +286,8 @@ realm_join (RealmClient *client,
+ N_("User name to use for enrollment"), NULL },
+ { "computer-ou", 0, 0, G_OPTION_ARG_STRING, &args.computer_ou,
+ N_("Computer OU DN to join"), NULL },
++ { "computer-name", 0, 0, G_OPTION_ARG_STRING, &args.computer_name,
++ N_("Use specific computer name instead of hostname"), NULL },
+ { "client-software", 0, 0, G_OPTION_ARG_STRING, &args.client_software,
+ N_("Use specific client software"), NULL },
+ { "server-software", 0, 0, G_OPTION_ARG_STRING, &args.server_software,
+--
+2.7.4
+
diff --git a/SOURCES/0003-Add-documentation-for-computer-name-setting.patch b/SOURCES/0003-Add-documentation-for-computer-name-setting.patch
new file mode 100644
index 0000000..259581d
--- /dev/null
+++ b/SOURCES/0003-Add-documentation-for-computer-name-setting.patch
@@ -0,0 +1,65 @@
+From 5482e0e3b4e59de0c30b37e7e3ed8b54eff1c493 Mon Sep 17 00:00:00 2001
+From: Andrew Austin <aaustin@one.verizon.com>
+Date: Fri, 22 Apr 2016 00:08:43 +0000
+Subject: [PATCH 3/3] Add documentation for computer-name setting.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=93739
+
+Signed-off-by: Stef Walter <stefw@redhat.com>
+ * Fixed up indentation
+---
+ doc/manual/realmd-guide-active-directory.xml | 5 ++++-
+ doc/manual/realmd.conf.xml | 20 ++++++++++++++++++++
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/doc/manual/realmd-guide-active-directory.xml b/doc/manual/realmd-guide-active-directory.xml
+index 9b4535d..362cf94 100644
+--- a/doc/manual/realmd-guide-active-directory.xml
++++ b/doc/manual/realmd-guide-active-directory.xml
+@@ -166,7 +166,10 @@ $ <command>getent passwd DOMAIN\Administrator</command>
+ <para>The join operation will create or update a computer account
+ in the domain. If you wish to specify a specific organizational unit
+ where this account is created, you can use the
+- <link linkend="realmd-conf-active-directory"><option>computer-ou</option> setting</link>.</para>
++ <link linkend="realmd-conf-active-directory"><option>computer-ou</option> setting</link>.
++ Additonally, you can override the default name for the computer account with the
++ <link linkend="realmd-conf-active-directory"><option>computer-name</option>
++ setting</link>.</para>
+
+ <para>Specify the <option>--user</option> to choose a different
+ user name than the default <literal>Administrator</literal> user.</para>
+diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
+index d9703f6..f8c87b9 100644
+--- a/doc/manual/realmd.conf.xml
++++ b/doc/manual/realmd.conf.xml
+@@ -321,7 +321,27 @@ computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com
+ create a computer account at a specific OU.</para>
+ </listitem>
+ </varlistentry>
++ <varlistentry>
++ <term><option>computer-name</option></term>
++ <listitem>
++ <para>This option only applied to Active Directory realms. Specify this
++ option to override the default name used when creating the computer
++ account. The system's FQDN will still be saved in the dNSHostName attribute.</para>
++ <informalexample>
++<programlisting language="js">
++[domain.example.com]
++computer-name = SERVER01
++</programlisting>
++ </informalexample>
++
++ <para>Specify the name as a string of 15 or fewer characters that is
++ a valid NetBIOS computer name.</para>
+
++ <para>It is also possible to use the <option>--computer-name</option>
++ argument of the <command>realm</command> command to override the default
++ computer account name.</para>
++ </listitem>
++ </varlistentry>
+ <varlistentry>
+ <term><option>user-prinicpal</option></term>
+ <listitem>
+--
+2.7.4
+
diff --git a/SOURCES/Fix-invalid-unrefs-on-realm_invocation_get_cancellab.patch b/SOURCES/Fix-invalid-unrefs-on-realm_invocation_get_cancellab.patch
new file mode 100644
index 0000000..b52d6aa
--- /dev/null
+++ b/SOURCES/Fix-invalid-unrefs-on-realm_invocation_get_cancellab.patch
@@ -0,0 +1,37 @@
+From 8b8b7bf8eb651c56d6e85101d9ff277155981cb3 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 18 May 2016 14:42:46 +0200
+Subject: [PATCH] Fix invalid unrefs on realm_invocation_get_cancellable()
+ retval
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1330766
+
+Signed-off-by: Stef Walter <stefw@redhat.com>
+---
+ service/realm-packages.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/service/realm-packages.c b/service/realm-packages.c
+index 321921a..9a6984c 100644
+--- a/service/realm-packages.c
++++ b/service/realm-packages.c
+@@ -479,8 +479,6 @@ on_install_resolved (GObject *source,
+ packages_install_async (install->connection,
+ (const gchar **)package_ids, cancellable,
+ on_install_installed, g_object_ref (task));
+- if (cancellable)
+- g_object_unref (cancellable);
+ }
+
+ g_free (missing);
+@@ -649,7 +647,6 @@ realm_packages_install_async (const gchar **package_sets,
+ cancellable = realm_invocation_get_cancellable (install->invocation);
+ packages_resolve_async (connection, (const gchar **)install->packages, cancellable,
+ on_install_resolved, g_object_ref (task));
+- g_object_unref (cancellable);
+ }
+
+ g_object_unref (task);
+--
+2.7.4
+
diff --git a/SOURCES/computer-ou.patch b/SOURCES/computer-ou.patch
new file mode 100644
index 0000000..add7d8c
--- /dev/null
+++ b/SOURCES/computer-ou.patch
@@ -0,0 +1,894 @@
+From 3db35ad73ec57c8af499a0dcef96ffd4da914236 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Mon, 7 Sep 2015 13:49:10 +0200
+Subject: [PATCH 2/2] service: Fully qualify --computer-ou DN before passing to
+ adcli
+
+This allows us to have a similar behavior for both the Samba and
+adcli membership software.
+---
+ service/Makefile.am | 4 +-
+ service/realm-adcli-enroll.c | 11 +-
+ service/realm-dn-util.c | 239 +++++++++++++++++++++++++++++++++++++++++++
+ service/realm-dn-util.h | 32 ++++++
+ service/realm-samba-enroll.c | 4 +-
+ service/realm-samba-util.c | 172 -------------------------------
+ service/realm-samba-util.h | 29 ------
+ tests/Makefile.am | 16 +--
+ tests/test-dn-util.c | 129 +++++++++++++++++++++++
+ tests/test-samba-ou-format.c | 89 ----------------
+ 11 files changed, 422 insertions(+), 305 deletions(-)
+ create mode 100644 service/realm-dn-util.c
+ create mode 100644 service/realm-dn-util.h
+ delete mode 100644 service/realm-samba-util.c
+ delete mode 100644 service/realm-samba-util.h
+ create mode 100644 tests/test-dn-util.c
+ delete mode 100644 tests/test-samba-ou-format.c
+
+diff --git a/service/Makefile.am b/service/Makefile.am
+index 06a95ef..88ee780 100644
+--- a/service/Makefile.am
++++ b/service/Makefile.am
+@@ -43,6 +43,8 @@ realmd_SOURCES = \
+ service/realm-disco-mscldap.h \
+ service/realm-disco-rootdse.c \
+ service/realm-disco-rootdse.h \
++ service/realm-dn-util.c \
++ service/realm-dn-util.h \
+ service/realm-errors.c \
+ service/realm-errors.h \
+ service/realm-example.c \
+@@ -79,8 +81,6 @@ realmd_SOURCES = \
+ service/realm-samba-enroll.h \
+ service/realm-samba-provider.c \
+ service/realm-samba-provider.h \
+- service/realm-samba-util.c \
+- service/realm-samba-util.h \
+ service/realm-samba-winbind.c \
+ service/realm-samba-winbind.h \
+ service/realm-service.c \
+diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
+index 7448647..ef1b563 100644
+--- a/service/realm-adcli-enroll.c
++++ b/service/realm-adcli-enroll.c
+@@ -18,6 +18,7 @@
+ #include "realm-command.h"
+ #include "realm-daemon.h"
+ #include "realm-diagnostics.h"
++#include "realm-dn-util.h"
+ #include "realm-errors.h"
+ #include "realm-ini-config.h"
+ #include "realm-options.h"
+@@ -82,6 +83,7 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+ gchar *ccache_arg = NULL;
+ gchar *upn_arg = NULL;
+ gchar *server_arg = NULL;
++ gchar *ou_arg = NULL;
+
+ g_return_if_fail (cred != NULL);
+ g_return_if_fail (disco != NULL);
+@@ -120,9 +122,13 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+ }
+
+ computer_ou = realm_options_computer_ou (options, disco->domain_name);
+- if (computer_ou) {
++ if (computer_ou != NULL) {
++ ou_arg = realm_dn_util_build_qualified (computer_ou, disco->domain_name);
+ g_ptr_array_add (args, "--computer-ou");
+- g_ptr_array_add (args, (gpointer)computer_ou);
++ if (ou_arg)
++ g_ptr_array_add (args, ou_arg);
++ else
++ g_ptr_array_add (args, (gpointer)computer_ou);
+ }
+
+ os = realm_settings_value ("active-directory", "os-name");
+@@ -190,6 +196,7 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
+ free (ccache_arg);
+ free (upn_arg);
+ free (server_arg);
++ free (ou_arg);
+ }
+
+ gboolean
+diff --git a/service/realm-dn-util.c b/service/realm-dn-util.c
+new file mode 100644
+index 0000000..85bcdb9
+--- /dev/null
++++ b/service/realm-dn-util.c
+@@ -0,0 +1,239 @@
++/* realmd -- Realm configuration service
++ *
++ * Copyright 2012 Red Hat Inc
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Lesser General Public License as published
++ * by the Free Software Foundation; either version 2 of the licence or (at
++ * your option) any later version.
++ *
++ * See the included COPYING file for more information.
++ *
++ * Author: Stef Walter <stefw@gnome.org>
++ */
++
++#include "config.h"
++
++#include "realm-dn-util.h"
++
++#include <glib.h>
++
++#include <ldap.h>
++
++static gboolean
++berval_is_string (const struct berval *bv,
++ const gchar *string,
++ gsize length)
++{
++ return (bv->bv_len == length &&
++ g_ascii_strncasecmp (bv->bv_val, string, length) == 0);
++
++}
++
++static gboolean
++berval_case_equals (const struct berval *v1,
++ const struct berval *v2)
++{
++ return (v1->bv_len == v2->bv_len &&
++ g_ascii_strncasecmp (v1->bv_val, v2->bv_val, v1->bv_len) == 0);
++}
++
++static gboolean
++dn_equals_domain (LDAPDN dn,
++ const gchar *domain_dn_str,
++ const gchar *domain)
++{
++ LDAPDN domain_dn;
++ gboolean ret;
++ int rc;
++ gint i, j;
++
++ rc = ldap_str2dn (domain_dn_str, &domain_dn, LDAP_DN_FORMAT_LDAPV3);
++ g_return_val_if_fail (rc == LDAP_SUCCESS, FALSE);
++
++ for (i = 0; dn[i] != NULL && domain_dn[i] != NULL; i++) {
++ for (j = 0; dn[i][j] != NULL && domain_dn[i][j] != NULL; j++) {
++ if (!berval_case_equals (&(dn[i][j]->la_attr), &(domain_dn[i][j]->la_attr)) ||
++ !berval_case_equals (&(dn[i][j]->la_value), &(domain_dn[i][j]->la_value)))
++ break;
++ }
++
++ if (dn[i][j] != NULL && domain_dn[i][j] != NULL)
++ break;
++ }
++
++ /* Did we reach end of both DNs? */
++ ret = (dn[i] == NULL && domain_dn[i] == NULL);
++
++ ldap_dnfree (domain_dn);
++
++ return ret;
++}
++
++gchar *
++realm_dn_util_build_samba_ou (const gchar *ldap_dn,
++ const gchar *domain)
++{
++ gchar *domain_dn_str = NULL;
++ GArray *parts;
++ GString *part;
++ gchar **strv;
++ gchar *str;
++ LDAPAVA* ava;
++ gboolean ret;
++ LDAPDN dn;
++ int rc;
++ gint i, j;
++
++ /*
++ * Here we convert a standard LDAP DN to the strange samba net format,
++ * as "documented" here:
++ *
++ * createcomputer=OU Precreate the computer account in a specific OU.
++ * The OU string read from top to bottom without RDNs and delimited by a '/'.
++ * E.g. "createcomputer=Computers/Servers/Unix"
++ * NB: A backslash '\' is used as escape at multiple levels and may
++ * need to be doubled or even quadrupled. It is not used as a separator.
++ */
++
++ /* ldap_str2dn doesn't like empty strings */
++ while (g_ascii_isspace (ldap_dn[0]))
++ ldap_dn++;
++ if (g_str_equal (ldap_dn, ""))
++ return NULL;
++
++ rc = ldap_str2dn (ldap_dn, &dn, LDAP_DN_FORMAT_LDAPV3);
++ if (rc != LDAP_SUCCESS)
++ return NULL;
++
++ ret = TRUE;
++ parts = g_array_new (TRUE, TRUE, sizeof (gchar *));
++
++ for (i = 0; dn[i] != NULL; i++) {
++ ava = dn[i][0];
++
++ /*
++ * Make sure this is a valid DN, we only support one value per
++ * RDN, string values, and must be an OU. DC values are allowed
++ * but only at the end of the DN.
++ */
++
++ if (ava == NULL || dn[i][1] != NULL || !(ava->la_flags & LDAP_AVA_STRING)) {
++ ret = FALSE;
++ break;
++
++ /* A DC, remainder must match the domain */
++ } else if (berval_is_string (&ava->la_attr, "DC", 2)) {
++ rc = ldap_domain2dn (domain, &domain_dn_str);
++ if (rc != LDAP_SUCCESS)
++ ret = FALSE;
++ else
++ ret = dn_equals_domain (dn + i, domain_dn_str, domain);
++ break;
++
++ /* An OU, include */
++ } else if (berval_is_string (&ava->la_attr, "OU", 2)) {
++ part = g_string_sized_new (ava->la_value.bv_len);
++ for (j = 0; j < ava->la_value.bv_len; j++) {
++ switch (ava->la_value.bv_val[j]) {
++ case '\\':
++ g_string_append (part, "\\\\");
++ break;
++ case '/':
++ g_string_append (part, "\\/");
++ break;
++ default:
++ g_string_append_c (part, ava->la_value.bv_val[j]);
++ break;
++ }
++ }
++ str = g_string_free (part, FALSE);
++ g_array_insert_val (parts, 0, str);
++
++ /* Invalid, stop */
++ } else {
++ ret = FALSE;
++ break;
++ }
++ }
++
++ ldap_dnfree (dn);
++ if (domain_dn_str)
++ ldap_memfree (domain_dn_str);
++
++ strv = (gchar **)g_array_free (parts, FALSE);
++ str = NULL;
++
++ /* Loop completed successfully */
++ if (ret)
++ str = g_strjoinv ("/", strv);
++
++ g_strfreev (strv);
++
++ return str;
++}
++
++gchar *
++realm_dn_util_build_qualified (const gchar *ldap_dn,
++ const gchar *domain)
++{
++ gchar *domain_dn_str = NULL;
++ gboolean had_dc = FALSE;
++ gchar *str;
++ LDAPAVA* ava;
++ gboolean ret;
++ LDAPDN dn;
++ int rc;
++ gint i;
++
++ /* ldap_str2dn doesn't like empty strings */
++ while (g_ascii_isspace (ldap_dn[0]))
++ ldap_dn++;
++ if (g_str_equal (ldap_dn, ""))
++ return NULL;
++
++ rc = ldap_str2dn (ldap_dn, &dn, LDAP_DN_FORMAT_LDAPV3);
++ if (rc != LDAP_SUCCESS)
++ return NULL;
++
++ rc = ldap_domain2dn (domain, &domain_dn_str);
++ if (rc != LDAP_SUCCESS) {
++ ldap_dnfree (dn);
++ return NULL;
++ }
++
++ ret = TRUE;
++
++ for (i = 0; dn[i] != NULL; i++) {
++ ava = dn[i][0];
++
++ /*
++ * Make sure this is a valid DN, we only support one value per
++ * RDN, string values. DC values are allowed but only at the end of the DN.
++ */
++
++ if (ava == NULL || dn[i][1] != NULL || !(ava->la_flags & LDAP_AVA_STRING)) {
++ ret = FALSE;
++ break;
++
++ /* A DC, remainder must match the domain */
++ } else if (berval_is_string (&ava->la_attr, "DC", 2)) {
++ had_dc = TRUE;
++ ret = dn_equals_domain (dn + i, domain_dn_str, domain);
++ break;
++ }
++ }
++
++ ldap_dnfree (dn);
++
++ if (!ret)
++ return NULL;
++
++ if (had_dc)
++ str = g_strdup (ldap_dn);
++ else
++ str = g_strdup_printf ("%s,%s", ldap_dn, domain_dn_str);
++
++ ldap_memfree (domain_dn_str);
++ return str;
++}
+diff --git a/service/realm-dn-util.h b/service/realm-dn-util.h
+new file mode 100644
+index 0000000..f5e5e69
+--- /dev/null
++++ b/service/realm-dn-util.h
+@@ -0,0 +1,32 @@
++/* realmd -- Realm configuration service
++ *
++ * Copyright 2012 Red Hat Inc
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Lesser General Public License as published
++ * by the Free Software Foundation; either version 2 of the licence or (at
++ * your option) any later version.
++ *
++ * See the included COPYING file for more information.
++ *
++ * Author: Stef Walter <stefw@gnome.org>
++ */
++
++#include "config.h"
++
++#ifndef __REALM_DN_UTIL_H__
++#define __REALM_DN_UTIL_H__
++
++#include <gio/gio.h>
++
++G_BEGIN_DECLS
++
++gchar * realm_dn_util_build_samba_ou (const gchar *ldap_dn,
++ const gchar *domain);
++
++gchar * realm_dn_util_build_qualified (const gchar *ldap_dn,
++ const gchar *domain);
++
++G_END_DECLS
++
++#endif /* __REALM_DN_UTIL_H__ */
+diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
+index e8739d7..e749764 100644
+--- a/service/realm-samba-enroll.c
++++ b/service/realm-samba-enroll.c
+@@ -18,12 +18,12 @@
+ #include "realm-daemon.h"
+ #include "realm-dbus-constants.h"
+ #include "realm-diagnostics.h"
++#include "realm-dn-util.h"
+ #include "realm-errors.h"
+ #include "realm-options.h"
+ #include "realm-samba-config.h"
+ #include "realm-samba-enroll.h"
+ #include "realm-samba-provider.h"
+-#include "realm-samba-util.h"
+ #include "realm-settings.h"
+
+ #include <glib/gstdio.h>
+@@ -314,7 +314,7 @@ begin_join (GTask *task,
+
+ computer_ou = realm_options_computer_ou (options, join->disco->domain_name);
+ if (computer_ou != NULL) {
+- strange_ou = realm_samba_util_build_strange_ou (computer_ou, join->disco->domain_name);
++ strange_ou = realm_dn_util_build_samba_ou (computer_ou, join->disco->domain_name);
+ if (strange_ou) {
+ if (!g_str_equal (strange_ou, ""))
+ join->join_args[at++] = g_strdup_printf ("createcomputer=%s", strange_ou);
+diff --git a/service/realm-samba-util.c b/service/realm-samba-util.c
+deleted file mode 100644
+index 3f6a53e..0000000
+--- a/service/realm-samba-util.c
++++ /dev/null
+@@ -1,172 +0,0 @@
+-/* realmd -- Realm configuration service
+- *
+- * Copyright 2012 Red Hat Inc
+- *
+- * This program is free software: you can redistribute it and/or modify
+- * it under the terms of the GNU Lesser General Public License as published
+- * by the Free Software Foundation; either version 2 of the licence or (at
+- * your option) any later version.
+- *
+- * See the included COPYING file for more information.
+- *
+- * Author: Stef Walter <stefw@gnome.org>
+- */
+-
+-#include "config.h"
+-
+-#include "realm-samba-util.h"
+-
+-#include <glib.h>
+-
+-#include <ldap.h>
+-
+-static gboolean
+-berval_is_string (const struct berval *bv,
+- const gchar *string,
+- gsize length)
+-{
+- return (bv->bv_len == length &&
+- g_ascii_strncasecmp (bv->bv_val, string, length) == 0);
+-
+-}
+-
+-static gboolean
+-berval_case_equals (const struct berval *v1,
+- const struct berval *v2)
+-{
+- return (v1->bv_len == v2->bv_len &&
+- g_ascii_strncasecmp (v1->bv_val, v2->bv_val, v1->bv_len) == 0);
+-}
+-
+-static gboolean
+-dn_equals_domain (LDAPDN dn,
+- const gchar *domain)
+-{
+- LDAPDN domain_dn;
+- gchar *domain_dn_str;
+- gboolean ret;
+- int rc;
+- gint i, j;
+-
+- rc = ldap_domain2dn (domain, &domain_dn_str);
+- g_return_val_if_fail (rc == LDAP_SUCCESS, FALSE);
+-
+- rc = ldap_str2dn (domain_dn_str, &domain_dn, LDAP_DN_FORMAT_LDAPV3);
+- g_return_val_if_fail (rc == LDAP_SUCCESS, FALSE);
+-
+- ldap_memfree (domain_dn_str);
+-
+- for (i = 0; dn[i] != NULL && domain_dn[i] != NULL; i++) {
+- for (j = 0; dn[i][j] != NULL && domain_dn[i][j] != NULL; j++) {
+- if (!berval_case_equals (&(dn[i][j]->la_attr), &(domain_dn[i][j]->la_attr)) ||
+- !berval_case_equals (&(dn[i][j]->la_value), &(domain_dn[i][j]->la_value)))
+- break;
+- }
+-
+- if (dn[i][j] != NULL && domain_dn[i][j] != NULL)
+- break;
+- }
+-
+- /* Did we reach end of both DNs? */
+- ret = (dn[i] == NULL && domain_dn[i] == NULL);
+-
+- ldap_dnfree (domain_dn);
+-
+- return ret;
+-}
+-
+-gchar *
+-realm_samba_util_build_strange_ou (const gchar *ldap_dn,
+- const gchar *domain)
+-{
+- GArray *parts;
+- GString *part;
+- gchar **strv;
+- gchar *str;
+- LDAPAVA* ava;
+- gboolean ret;
+- LDAPDN dn;
+- int rc;
+- gint i, j;
+-
+- /*
+- * Here we convert a standard LDAP DN to the strange samba net format,
+- * as "documented" here:
+- *
+- * createcomputer=OU Precreate the computer account in a specific OU.
+- * The OU string read from top to bottom without RDNs and delimited by a '/'.
+- * E.g. "createcomputer=Computers/Servers/Unix"
+- * NB: A backslash '\' is used as escape at multiple levels and may
+- * need to be doubled or even quadrupled. It is not used as a separator.
+- */
+-
+- /* ldap_str2dn doesn't like empty strings */
+- while (g_ascii_isspace (ldap_dn[0]))
+- ldap_dn++;
+- if (g_str_equal (ldap_dn, ""))
+- return NULL;
+-
+- rc = ldap_str2dn (ldap_dn, &dn, LDAP_DN_FORMAT_LDAPV3);
+- if (rc != LDAP_SUCCESS)
+- return NULL;
+-
+- ret = TRUE;
+- parts = g_array_new (TRUE, TRUE, sizeof (gchar *));
+-
+- for (i = 0; dn[i] != NULL; i++) {
+- ava = dn[i][0];
+-
+- /*
+- * Make sure this is a valid DN, we only support one value per
+- * RDN, string values, and must be an OU. DC values are allowed
+- * but only at the end of the DN.
+- */
+-
+- if (ava == NULL || dn[i][1] != NULL || !(ava->la_flags & LDAP_AVA_STRING)) {
+- ret = FALSE;
+- break;
+-
+- /* A DC, remainder must match the domain */
+- } else if (berval_is_string (&ava->la_attr, "DC", 2)) {
+- ret = dn_equals_domain (dn + i, domain);
+- break;
+-
+- /* An OU, include */
+- } else if (berval_is_string (&ava->la_attr, "OU", 2)) {
+- part = g_string_sized_new (ava->la_value.bv_len);
+- for (j = 0; j < ava->la_value.bv_len; j++) {
+- switch (ava->la_value.bv_val[j]) {
+- case '\\':
+- g_string_append (part, "\\\\");
+- break;
+- case '/':
+- g_string_append (part, "\\/");
+- break;
+- default:
+- g_string_append_c (part, ava->la_value.bv_val[j]);
+- break;
+- }
+- }
+- str = g_string_free (part, FALSE);
+- g_array_insert_val (parts, 0, str);
+-
+- /* Invalid, stop */
+- } else {
+- ret = FALSE;
+- break;
+- }
+- }
+-
+- ldap_dnfree (dn);
+-
+- strv = (gchar **)g_array_free (parts, FALSE);
+- str = NULL;
+-
+- /* Loop completed successfully */
+- if (ret)
+- str = g_strjoinv ("/", strv);
+-
+- g_strfreev (strv);
+-
+- return str;
+-}
+diff --git a/service/realm-samba-util.h b/service/realm-samba-util.h
+deleted file mode 100644
+index 2a680e7..0000000
+--- a/service/realm-samba-util.h
++++ /dev/null
+@@ -1,29 +0,0 @@
+-/* realmd -- Realm configuration service
+- *
+- * Copyright 2012 Red Hat Inc
+- *
+- * This program is free software: you can redistribute it and/or modify
+- * it under the terms of the GNU Lesser General Public License as published
+- * by the Free Software Foundation; either version 2 of the licence or (at
+- * your option) any later version.
+- *
+- * See the included COPYING file for more information.
+- *
+- * Author: Stef Walter <stefw@gnome.org>
+- */
+-
+-#include "config.h"
+-
+-#ifndef __REALM_SAMBA_UTIL_H__
+-#define __REALM_SAMBA_UTIL_H__
+-
+-#include <gio/gio.h>
+-
+-G_BEGIN_DECLS
+-
+-gchar * realm_samba_util_build_strange_ou (const gchar *ldap_dn,
+- const gchar *suffix_dn);
+-
+-G_END_DECLS
+-
+-#endif /* __REALM_SAMBA_UTIL_H__ */
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index ddeba4d..3b05066 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -12,11 +12,11 @@ TEST_LIBS = \
+ $(GLIB_LIBS)
+
+ TEST_PROGS = \
++ test-dn-util \
+ test-ini-config \
+ test-sssd-config \
+ test-safe-format \
+ test-login-name \
+- test-samba-ou-format \
+ test-settings \
+ $(NULL)
+
+@@ -27,6 +27,13 @@ noinst_PROGRAMS += \
+ frob-install-packages \
+ $(NULL)
+
++test_dn_util_SOURCES = \
++ tests/test-dn-util.c \
++ service/realm-dn-util.c \
++ $(NULL)
++test_dn_util_LDADD = $(TEST_LIBS)
++test_dn_util_CFLAGS = $(TEST_CFLAGS)
++
+ test_ini_config_SOURCES = \
+ tests/test-ini-config.c \
+ service/realm-ini-config.c \
+@@ -59,13 +66,6 @@ test_login_name_SOURCES = \
+ test_login_name_LDADD = $(TEST_LIBS)
+ test_login_name_CFLAGS = $(TEST_CFLAGS)
+
+-test_samba_ou_format_SOURCES = \
+- tests/test-samba-ou-format.c \
+- service/realm-samba-util.c \
+- $(NULL)
+-test_samba_ou_format_LDADD = $(TEST_LIBS)
+-test_samba_ou_format_CFLAGS = $(TEST_CFLAGS)
+-
+ test_settings_SOURCES = \
+ tests/test-settings.c \
+ service/realm-settings.c \
+diff --git a/tests/test-dn-util.c b/tests/test-dn-util.c
+new file mode 100644
+index 0000000..c62a40f
+--- /dev/null
++++ b/tests/test-dn-util.c
+@@ -0,0 +1,129 @@
++/* realmd -- Realm configuration service
++ *
++ * Copyright 2012 Red Hat Inc
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Lesser General Public License as published
++ * by the Free Software Foundation; either version 2 of the licence or (at
++ * your option) any later version.
++ *
++ * See the included COPYING file for more information.
++ *
++ * Author: Stef Walter <stefw@gnome.org>
++ */
++
++#include "config.h"
++
++#include "service/realm-dn-util.h"
++
++#include <glib/gstdio.h>
++
++#include <string.h>
++
++typedef struct {
++ const gchar *ldap_dn;
++ const gchar *domain;
++ const gchar *result;
++} Fixture;
++
++static void
++test_samba_ou_format (gconstpointer user_data)
++{
++ const Fixture *fixture = user_data;
++ gchar *result;
++
++ result = realm_dn_util_build_samba_ou (fixture->ldap_dn, fixture->domain);
++ g_assert_cmpstr (result, ==, fixture->result);
++ g_free (result);
++}
++
++static const Fixture samba_ou_fixtures[] = {
++ { "OU=One", "domain.example.com", "One" },
++ { "OU=One,ou=two", "domain.example.com", "two/One" },
++ { "Ou=One Long,OU=two", "domain.example.com", "two/One Long" },
++ { "Ou=One,OU=two, ou=Three", "domain.example.com", "Three/two/One" },
++ { "Ou=Test/Escape,Ou=Two", "domain.example.com", "Two/Test\\/Escape" },
++ { "Ou=Test\\\\Escape,Ou=Two", "domain.example.com", "Two/Test\\\\Escape" },
++ { "OU=One,DC=domain,dc=example,Dc=COM", "domain.example.com", "One" },
++ { "OU=One,OU=Two Here,DC=domain,dc=example,Dc=COM", "domain.example.com", "Two Here/One" },
++ { "OU=One,OU=Two Here,DC=invalid,Dc=COM", "domain.example.com", NULL },
++ { " ", "domain.example.com", NULL },
++ { "", "domain.example.com", NULL },
++ { "OU", "domain.example.com", NULL },
++ { "OU=One,", "domain.example.com", NULL },
++ { "CN=Unsupported", "domain.example.com", NULL },
++ { "OU=One+CN=Unsupported", "domain.example.com", NULL },
++ { "DC=radi07, DC=segad, DC=lab, DC=sjc, DC=redhat, DC=com", "radi08.segad.lab.sjc.redhat.com", NULL },
++
++};
++
++static void
++test_qualify_dn (gconstpointer user_data)
++{
++ const Fixture *fixture = user_data;
++ gchar *result;
++
++ result = realm_dn_util_build_qualified (fixture->ldap_dn, fixture->domain);
++ g_assert_cmpstr (result, ==, fixture->result);
++ g_free (result);
++}
++
++static const Fixture qualify_fixtures[] = {
++ { "OU=One", "domain.example.com", "OU=One,dc=domain,dc=example,dc=com" },
++ { "OU=One,ou=two", "domain.example.com", "OU=One,ou=two,dc=domain,dc=example,dc=com" },
++ { "Ou=One Long,OU=two", "domain.example.com", "Ou=One Long,OU=two,dc=domain,dc=example,dc=com" },
++ { "OU=One,DC=domain,dc=example,Dc=COM", "domain.example.com", "OU=One,DC=domain,dc=example,Dc=COM" },
++ { "OU=One,OU=Two Here,DC=domain,dc=example,Dc=COM", "domain.example.com", "OU=One,OU=Two Here,DC=domain,dc=example,Dc=COM" },
++ { "OU=One,OU=Two Here,DC=invalid,Dc=COM", "domain.example.com", NULL },
++ { " ", "domain.example.com", NULL },
++ { "", "domain.example.com", NULL },
++ { "OU", "domain.example.com", NULL },
++ { "OU=One,", "domain.example.com", NULL },
++ { "CN=Test", "domain.example.com", "CN=Test,dc=domain,dc=example,dc=com" },
++ { "OU=One+CN=Unsupported", "domain.example.com", NULL },
++ { "DC=radi07, DC=segad, DC=lab, DC=sjc, DC=redhat, DC=com", "radi08.segad.lab.sjc.redhat.com", NULL },
++};
++
++int
++main (int argc,
++ char **argv)
++{
++ gchar *escaped;
++ gchar *name;
++ gint i;
++
++#if !GLIB_CHECK_VERSION(2, 36, 0)
++ g_type_init ();
++#endif
++
++ g_test_init (&argc, &argv, NULL);
++ g_set_prgname ("test-dn-util");
++
++ for (i = 0; i < G_N_ELEMENTS (samba_ou_fixtures); i++) {
++ if (g_str_equal (samba_ou_fixtures[i].ldap_dn, ""))
++ escaped = g_strdup ("_empty_");
++ else
++ escaped = g_strdup (samba_ou_fixtures[i].ldap_dn);
++ g_strdelimit (escaped, ", =\\/", '_');
++ name = g_strdup_printf ("/realmd/samba-ou-format/%s", escaped);
++ g_free (escaped);
++
++ g_test_add_data_func (name, samba_ou_fixtures + i, test_samba_ou_format);
++ g_free (name);
++ }
++
++ for (i = 0; i < G_N_ELEMENTS (qualify_fixtures); i++) {
++ if (g_str_equal (qualify_fixtures[i].ldap_dn, ""))
++ escaped = g_strdup ("_empty_");
++ else
++ escaped = g_strdup (qualify_fixtures[i].ldap_dn);
++ g_strdelimit (escaped, ", =\\/", '_');
++ name = g_strdup_printf ("/realmd/qualify-dn/%s", escaped);
++ g_free (escaped);
++
++ g_test_add_data_func (name, qualify_fixtures + i, test_qualify_dn);
++ g_free (name);
++ }
++
++ return g_test_run ();
++}
+diff --git a/tests/test-samba-ou-format.c b/tests/test-samba-ou-format.c
+deleted file mode 100644
+index 0a482ee..0000000
+--- a/tests/test-samba-ou-format.c
++++ /dev/null
+@@ -1,89 +0,0 @@
+-/* realmd -- Realm configuration service
+- *
+- * Copyright 2012 Red Hat Inc
+- *
+- * This program is free software: you can redistribute it and/or modify
+- * it under the terms of the GNU Lesser General Public License as published
+- * by the Free Software Foundation; either version 2 of the licence or (at
+- * your option) any later version.
+- *
+- * See the included COPYING file for more information.
+- *
+- * Author: Stef Walter <stefw@gnome.org>
+- */
+-
+-#include "config.h"
+-
+-#include "service/realm-samba-util.h"
+-
+-#include <glib/gstdio.h>
+-
+-#include <string.h>
+-
+-typedef struct {
+- const gchar *ldap_dn;
+- const gchar *domain;
+- const gchar *ou_format;
+-} Fixture;
+-
+-static void
+-test_samba_ou_format (gconstpointer user_data)
+-{
+- const Fixture *fixture = user_data;
+- gchar *result;
+-
+- result = realm_samba_util_build_strange_ou (fixture->ldap_dn, fixture->domain);
+- g_assert_cmpstr (result, ==, fixture->ou_format);
+- g_free (result);
+-}
+-
+-static const Fixture samba_ou_fixtures[] = {
+- { "OU=One", "domain.example.com", "One" },
+- { "OU=One,ou=two", "domain.example.com", "two/One" },
+- { "Ou=One Long,OU=two", "domain.example.com", "two/One Long" },
+- { "Ou=One,OU=two, ou=Three", "domain.example.com", "Three/two/One" },
+- { "Ou=Test/Escape,Ou=Two", "domain.example.com", "Two/Test\\/Escape" },
+- { "Ou=Test\\\\Escape,Ou=Two", "domain.example.com", "Two/Test\\\\Escape" },
+- { "OU=One,DC=domain,dc=example,Dc=COM", "domain.example.com", "One" },
+- { "OU=One,OU=Two Here,DC=domain,dc=example,Dc=COM", "domain.example.com", "Two Here/One" },
+- { "OU=One,OU=Two Here,DC=invalid,Dc=COM", "domain.example.com", NULL },
+- { " ", "domain.example.com", NULL },
+- { "", "domain.example.com", NULL },
+- { "OU", "domain.example.com", NULL },
+- { "OU=One,", "domain.example.com", NULL },
+- { "CN=Unsupported", "domain.example.com", NULL },
+- { "OU=One+CN=Unsupported", "domain.example.com", NULL },
+- { "DC=radi07, DC=segad, DC=lab, DC=sjc, DC=redhat, DC=com", "radi08.segad.lab.sjc.redhat.com", NULL },
+-
+-};
+-
+-int
+-main (int argc,
+- char **argv)
+-{
+- gchar *escaped;
+- gchar *name;
+- gint i;
+-
+-#if !GLIB_CHECK_VERSION(2, 36, 0)
+- g_type_init ();
+-#endif
+-
+- g_test_init (&argc, &argv, NULL);
+- g_set_prgname ("test-samba-ou-format");
+-
+- for (i = 0; i < G_N_ELEMENTS (samba_ou_fixtures); i++) {
+- if (g_str_equal (samba_ou_fixtures[i].ldap_dn, ""))
+- escaped = g_strdup ("_empty_");
+- else
+- escaped = g_strdup (samba_ou_fixtures[i].ldap_dn);
+- g_strdelimit (escaped, ", =\\/", '_');
+- name = g_strdup_printf ("/realmd/samba-ou-format/%s", escaped);
+- g_free (escaped);
+-
+- g_test_add_data_func (name, samba_ou_fixtures + i, test_samba_ou_format);
+- g_free (name);
+- }
+-
+- return g_test_run ();
+-}
+--
+2.7.4
+
diff --git a/SOURCES/dns-domain-name-liberal.patch b/SOURCES/dns-domain-name-liberal.patch
new file mode 100644
index 0000000..b7a2a3e
--- /dev/null
+++ b/SOURCES/dns-domain-name-liberal.patch
@@ -0,0 +1,196 @@
+From e368c5a42656a687e6b726978752eb4abf6503d0 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 31 Jul 2015 12:53:04 +0200
+Subject: [PATCH 1/3] Be more liberal on what we accept as a domain name
+
+Make the checks on what we accept as a domain name more liberal
+for values coming in from the network.
+
+DNS Domain names are pretty liberal (internet domain names
+are more restrictive) See RFC 2181 section 11
+
+http://www.ietf.org/rfc/rfc2181.txt
+
+However we cannot consume names with whitespace and problematic
+punctuation, due to the various programs that parse the
+configuration files we set up.
+---
+ service/realm-disco-mscldap.c | 9 +++------
+ service/realm-disco-rootdse.c | 15 +++++++--------
+ service/realm-options.c | 31 +++++++++++++++++++++++++++++++
+ service/realm-options.h | 2 ++
+ 4 files changed, 43 insertions(+), 14 deletions(-)
+
+diff --git a/service/realm-disco-mscldap.c b/service/realm-disco-mscldap.c
+index 1ed4063..d3d3c10 100644
+--- a/service/realm-disco-mscldap.c
++++ b/service/realm-disco-mscldap.c
+@@ -17,6 +17,7 @@
+ #include "realm-dbus-constants.h"
+ #include "realm-disco-mscldap.h"
+ #include "realm-ldap.h"
++#include "realm-options.h"
+
+ #include <glib/gi18n.h>
+
+@@ -40,8 +41,6 @@ typedef struct {
+ #define HOST_NAME_MAX 255
+ #endif
+
+-#define DOMAIN_NAME_VALID "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-."
+-
+ static void
+ closure_free (gpointer data)
+ {
+@@ -100,21 +99,19 @@ get_string (guchar *beg,
+ guchar **at)
+ {
+ gchar buffer[HOST_NAME_MAX];
+- gsize len;
+ int n;
+
+ n = dn_expand (beg, end, *at, buffer, sizeof (buffer));
+ if (n < 0)
+ return NULL;
+
+- len = strlen (buffer);
+- if (strspn (buffer, DOMAIN_NAME_VALID) != len) {
++ if (!realm_options_check_domain_name (buffer)) {
+ g_message ("received invalid NetLogon string characters");
+ return NULL;
+ }
+
+ (*at) += n;
+- return g_strndup (buffer, len);
++ return g_strdup (buffer);
+ }
+
+ static gboolean
+diff --git a/service/realm-disco-rootdse.c b/service/realm-disco-rootdse.c
+index 1a80d98..3100650 100644
+--- a/service/realm-disco-rootdse.c
++++ b/service/realm-disco-rootdse.c
+@@ -19,13 +19,12 @@
+ #include "realm-disco-mscldap.h"
+ #include "realm-disco-rootdse.h"
+ #include "realm-ldap.h"
++#include "realm-options.h"
+
+ #include <glib/gi18n.h>
+
+ #include <resolv.h>
+
+-#define DOMAIN_NAME_VALID "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-."
+-
+ typedef struct _Closure Closure;
+
+ struct _Closure {
+@@ -92,7 +91,7 @@ static gchar *
+ entry_get_attribute (LDAP *ldap,
+ LDAPMessage *entry,
+ const gchar *field,
+- const gchar *valid)
++ gboolean domain_name)
+ {
+ struct berval **bvs = NULL;
+ gchar *value = NULL;
+@@ -102,8 +101,8 @@ entry_get_attribute (LDAP *ldap,
+
+ if (bvs && bvs[0]) {
+ value = g_strndup (bvs[0]->bv_val, bvs[0]->bv_len);
+- if (valid) {
+- if (strspn (value, valid) != bvs[0]->bv_len) {
++ if (domain_name) {
++ if (!realm_options_check_domain_name (value)) {
+ g_free (value);
+ g_message ("Invalid value in LDAP %s field", field);
+ value = NULL;
+@@ -155,7 +154,7 @@ result_krb_realm (GTask *task,
+ entry = ldap_first_entry (ldap, message);
+
+ g_free (clo->disco->kerberos_realm);
+- clo->disco->kerberos_realm = entry_get_attribute (ldap, entry, "cn", DOMAIN_NAME_VALID);
++ clo->disco->kerberos_realm = entry_get_attribute (ldap, entry, "cn", TRUE);
+
+ g_debug ("Found realm: %s", clo->disco->kerberos_realm);
+
+@@ -211,7 +210,7 @@ result_domain_info (GTask *task,
+
+ /* What is the domain name? */
+ g_free (clo->disco->domain_name);
+- clo->disco->domain_name = entry_get_attribute (ldap, entry, "associatedDomain", DOMAIN_NAME_VALID);
++ clo->disco->domain_name = entry_get_attribute (ldap, entry, "associatedDomain", TRUE);
+
+ g_debug ("Got associatedDomain: %s", clo->disco->domain_name);
+
+@@ -310,7 +309,7 @@ result_root_dse (GTask *task,
+ entry = ldap_first_entry (ldap, message);
+
+ /* Parse out the default naming context */
+- clo->default_naming_context = entry_get_attribute (ldap, entry, "defaultNamingContext", NULL);
++ clo->default_naming_context = entry_get_attribute (ldap, entry, "defaultNamingContext", FALSE);
+
+ g_debug ("Got defaultNamingContext: %s", clo->default_naming_context);
+
+diff --git a/service/realm-options.c b/service/realm-options.c
+index 53266f6..bba3ee4 100644
+--- a/service/realm-options.c
++++ b/service/realm-options.c
+@@ -18,6 +18,8 @@
+ #include "realm-options.h"
+ #include "realm-settings.h"
+
++#include <string.h>
++
+ gboolean
+ realm_options_automatic_install (void)
+ {
+@@ -128,3 +130,32 @@ realm_options_qualify_names (const gchar *realm_name)
+
+ return qualify;
+ }
++
++gboolean
++realm_options_check_domain_name (const gchar *name)
++{
++ /*
++ * DNS Domain names are pretty liberal (internet domain names
++ * are more restrictive) See RFC 2181 section 11
++ *
++ * http://www.ietf.org/rfc/rfc2181.txt
++ *
++ * However we cannot consume names with whitespace and problematic
++ * punctuation, due to the various programs that parse the
++ * configuration files we set up.
++ */
++
++ gsize i, len;
++ static const gchar *invalid = "=[]:";
++
++ g_return_val_if_fail (name != NULL, FALSE);
++
++ for (i = 0, len = strlen (name); i < len; i++) {
++ if (name[i] <= ' ')
++ return FALSE;
++ if (strchr (invalid, name[i]))
++ return FALSE;
++ }
++
++ return TRUE;
++}
+diff --git a/service/realm-options.h b/service/realm-options.h
+index 52dc6ff..4890cba 100644
+--- a/service/realm-options.h
++++ b/service/realm-options.h
+@@ -39,6 +39,8 @@ gboolean realm_options_automatic_mapping (GVariant *options,
+
+ gboolean realm_options_qualify_names (const gchar *realm_name);
+
++gboolean realm_options_check_domain_name (const gchar *domain_name);
++
+ G_END_DECLS
+
+ #endif /* __REALM_OPTIONS_H__ */
+--
+2.4.3
+
diff --git a/SOURCES/duplicate-test-path.patch b/SOURCES/duplicate-test-path.patch
new file mode 100644
index 0000000..5d62837
--- /dev/null
+++ b/SOURCES/duplicate-test-path.patch
@@ -0,0 +1,26 @@
+From ab41e2830d2f7540d58370b5f35f85c2808c1871 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 11 Sep 2015 12:32:36 +0200
+Subject: [PATCH] tests: Fix duplicate test case path
+
+GLib is now stricter about this
+---
+ tests/test-safe-format.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/test-safe-format.c b/tests/test-safe-format.c
+index 02aa5f1..204e10d 100644
+--- a/tests/test-safe-format.c
++++ b/tests/test-safe-format.c
+@@ -194,7 +194,7 @@ main (int argc,
+ else
+ escaped = g_strdup (fixtures[i].format);
+ g_strdelimit (escaped, " =\\/", '_');
+- name = g_strdup_printf ("/realmd/safe-format/%s", escaped);
++ name = g_strdup_printf ("/realmd/safe-format/%d-%s", i, escaped);
+ g_free (escaped);
+
+ g_test_add_data_func (name, fixtures + i, test_safe_format_string_cb);
+--
+2.4.3
+
diff --git a/SOURCES/increase-packagekit-timeout.patch b/SOURCES/increase-packagekit-timeout.patch
new file mode 100644
index 0000000..6bd1f86
--- /dev/null
+++ b/SOURCES/increase-packagekit-timeout.patch
@@ -0,0 +1,54 @@
+From f2ed12faa4ecb5468f6396f1695a3ca5e2e13b84 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 24 Jul 2015 17:25:32 +0200
+Subject: [PATCH] service: Increase timeout when calling PackageKit
+
+Use a timeout of a day ... PackageKit should return from a call
+sooner than that. If it crashes we'll get a response right away.
+---
+ service/realm-packages.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/service/realm-packages.c b/service/realm-packages.c
+index c32da44..9da852c 100644
+--- a/service/realm-packages.c
++++ b/service/realm-packages.c
+@@ -24,6 +24,8 @@
+
+ #include <glib/gi18n.h>
+
++#define CALL_TIMEOUT (24 * 60 * 60 * 1000)
++
+ static gboolean
+ packages_check_paths (const gchar **paths,
+ GDBusMethodInvocation *invocation)
+@@ -226,7 +228,7 @@ on_set_hints (GObject *source,
+ transaction->parameters,
+ G_VARIANT_TYPE ("()"),
+ G_DBUS_CALL_FLAGS_NO_AUTO_START,
+- -1, g_task_get_cancellable (task),
++ CALL_TIMEOUT, g_task_get_cancellable (task),
+ on_method_done, g_object_ref (task));
+ }
+
+@@ -276,7 +278,7 @@ on_create_transaction (GObject *source,
+ g_variant_new ("(^as)", hints),
+ G_VARIANT_TYPE ("()"),
+ G_DBUS_CALL_FLAGS_NO_AUTO_START,
+- -1, g_task_get_cancellable (task),
++ CALL_TIMEOUT, g_task_get_cancellable (task),
+ on_set_hints, g_object_ref (task));
+ }
+
+@@ -310,7 +312,7 @@ package_transaction_create (const gchar *method,
+ g_variant_new ("()"),
+ G_VARIANT_TYPE ("(o)"),
+ G_DBUS_CALL_FLAGS_NONE,
+- -1, cancellable,
++ CALL_TIMEOUT, cancellable,
+ on_create_transaction, g_object_ref (task));
+ }
+
+--
+2.4.3
+
diff --git a/SOURCES/install-diagnostic.patch b/SOURCES/install-diagnostic.patch
new file mode 100644
index 0000000..d75bdff
--- /dev/null
+++ b/SOURCES/install-diagnostic.patch
@@ -0,0 +1,29 @@
+From ef0797e5ed116a98cc074a6d4e1d1d6b6e6384db Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Mon, 7 Sep 2015 12:53:02 +0200
+Subject: [PATCH 1/2] service: Fix issue where diagnostics about package
+ install hidden
+
+Due to the recent refactoring the diagnostics about package
+installation were hidden (even when --verbose).
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1258745
+---
+ service/realm-packages.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/service/realm-packages.c b/service/realm-packages.c
+index 9da852c..321921a 100644
+--- a/service/realm-packages.c
++++ b/service/realm-packages.c
+@@ -615,6 +615,7 @@ realm_packages_install_async (const gchar **package_sets,
+ task = g_task_new (NULL, NULL, callback, user_data);
+ install = g_new0 (InstallClosure, 1);
+ install->automatic = realm_options_automatic_install ();
++ install->invocation = invocation ? g_object_ref (invocation) : NULL;
+ install->connection = g_object_ref (connection);
+ g_task_set_task_data (task, install, install_closure_free);
+
+--
+2.7.4
+
diff --git a/SOURCES/ipa-packages.patch b/SOURCES/ipa-packages.patch
new file mode 100644
index 0000000..633bd95
--- /dev/null
+++ b/SOURCES/ipa-packages.patch
@@ -0,0 +1,13 @@
+diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
+index da2de55..856b36d 100644
+--- a/service/realmd-redhat.conf
++++ b/service/realmd-redhat.conf
+@@ -20,7 +20,7 @@ oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir
+ adcli = /usr/sbin/adcli
+
+ [ipa-packages]
+-freeipa-client = /usr/sbin/ipa-client-install
++ipa-client = /usr/sbin/ipa-client-install
+
+ [commands]
+ winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
diff --git a/SOURCES/remove-spurious-print.patch b/SOURCES/remove-spurious-print.patch
new file mode 100644
index 0000000..ade8a8b
--- /dev/null
+++ b/SOURCES/remove-spurious-print.patch
@@ -0,0 +1,24 @@
+From f46ba61d7df33d63c1e904c5559017a57a7e8228 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 24 Jul 2015 17:03:25 +0200
+Subject: [PATCH] tools: Remove spurious print output
+
+---
+ tools/realm-join.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tools/realm-join.c b/tools/realm-join.c
+index e5760b2..feb6edc 100644
+--- a/tools/realm-join.c
++++ b/tools/realm-join.c
+@@ -237,7 +237,6 @@ perform_join (RealmClient *client,
+ return 1;
+ }
+
+-g_printerr ("id mapping %d %d\n", args->automatic_id_mapping_set, args->automatic_id_mapping);
+ options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou,
+ REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software,
+ REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal,
+--
+2.4.3
+
diff --git a/SOURCES/samba-by-default.patch b/SOURCES/samba-by-default.patch
new file mode 100644
index 0000000..0a10de0
--- /dev/null
+++ b/SOURCES/samba-by-default.patch
@@ -0,0 +1,48 @@
+From 36e35c860cebc5e3f3d2199742c7f46d5ef7b778 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@redhat.com>
+Date: Fri, 16 Oct 2015 11:41:14 +0200
+Subject: [PATCH] Revert "service: Prefer adcli over samba for most credential
+ types"
+
+This reverts commit 70878dec6e23226ab25f731654ab53cc0e7b11c3.
+---
+ service/realm-sssd-ad.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index c7ffe8a..39fcf81 100644
+--- a/service/realm-sssd-ad.c
++++ b/service/realm-sssd-ad.c
+@@ -343,13 +343,26 @@ parse_join_options (JoinClosure *join,
+ }
+
+ /*
+- * For other valid types of credentials we prefer adcli.
++ * If we are enrolling with a ccache, then prefer to use adcli over samba.
++ * There have been some strange corner case problems when using samba with
++ * a ccache.
+ */
+- } else if (cred->type == REALM_CREDENTIAL_CCACHE ||
+- (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN)) {
++ } else if (cred->type == REALM_CREDENTIAL_CCACHE) {
+ if (!software)
+ software = REALM_DBUS_IDENTIFIER_ADCLI;
+
++ /*
++ * For other supported enrolling credentials, we support either adcli or
++ * samba. But since adcli is pretty immature at this point, we use samba
++ * by default. Samba falls over with hostnames that are not perfectly
++ * specified, so use adcli there.
++ */
++ } else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) {
++ if (!software && join->disco->explicit_server)
++ software = REALM_DBUS_IDENTIFIER_ADCLI;
++ else if (!software)
++ software = REALM_DBUS_IDENTIFIER_SAMBA;
++
+ /* It would be odd to get here */
+ } else {
+ g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+--
+2.5.0
+
diff --git a/SPECS/realmd.spec b/SPECS/realmd.spec
new file mode 100644
index 0000000..67f9d4e
--- /dev/null
+++ b/SPECS/realmd.spec
@@ -0,0 +1,345 @@
+Name: realmd
+Version: 0.16.1
+Release: 11%{?dist}
+Summary: Kerberos realm enrollment service
+License: LGPLv2+
+URL: http://cgit.freedesktop.org/realmd/realmd/
+Source0: http://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz
+
+Patch0: ipa-packages.patch
+Patch2: remove-spurious-print.patch
+Patch3: increase-packagekit-timeout.patch
+Patch4: dns-domain-name-liberal.patch
+
+Patch11: install-diagnostic.patch
+Patch12: computer-ou.patch
+Patch13: duplicate-test-path.patch
+
+Patch20: samba-by-default.patch
+Patch21: Fix-invalid-unrefs-on-realm_invocation_get_cancellab.patch
+Patch22: 0001-Support-manually-setting-computer-name.patch
+Patch23: 0002-Add-computer-name-support-to-realm-join-CLI.patch
+Patch24: 0003-Add-documentation-for-computer-name-setting.patch
+Patch25: 0001-Make-DBus-aware-of-systemd.patch
+Patch26: 0001-Add-os-name-and-os-version-command-line-options.patch
+Patch27: 0001-doc-add-computer-name-to-realm-man-page.patch
+Patch28: 0001-Fix-man-page-reference-in-systemd-service-file.patch
+Patch29: 0001-Use-current-idmap-options-for-smb.conf.patch
+Patch30: 0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
+Patch31: 0001-Fix-issues-found-by-Coverity.patch
+
+BuildRequires: automake
+BuildRequires: autoconf
+BuildRequires: intltool pkgconfig
+BuildRequires: gettext-devel
+BuildRequires: glib2-devel >= 2.32.0
+BuildRequires: openldap-devel
+BuildRequires: polkit-devel
+BuildRequires: krb5-devel
+BuildRequires: systemd-devel
+BuildRequires: libxslt
+BuildRequires: xmlto
+BuildRequires: automake
+
+Requires: authconfig
+Requires: oddjob-mkhomedir
+
+%description
+realmd is a DBus system service which manages discovery and enrollment in realms
+and domains like Active Directory or IPA. The control center uses realmd as the
+back end to 'join' a domain simply and automatically configure things correctly.
+
+%package devel-docs
+Summary: Developer documentation files for %{name}
+
+%description devel-docs
+The %{name}-devel package contains developer documentation for developing
+applications that use %{name}.
+
+%define _hardened_build 1
+
+%prep
+%setup -q
+%patch0 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
+%patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
+%patch31 -p1
+
+%build
+aclocal
+automake --add-missing
+autoconf
+%configure --disable-silent-rules
+make %{?_smp_mflags}
+
+%check
+make check
+
+%install
+make install DESTDIR=%{buildroot}
+
+%find_lang realmd
+
+%post
+%systemd_post realmd.service
+
+%preun
+%systemd_preun realmd.service
+
+%postun
+%systemd_postun_with_restart realmd.service
+
+%files -f realmd.lang
+%doc AUTHORS COPYING NEWS README
+%{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
+%{_sbindir}/realm
+%dir %{_libdir}/realmd
+%{_libdir}/realmd/realmd
+%{_libdir}/realmd/realmd-defaults.conf
+%{_libdir}/realmd/realmd-distro.conf
+%{_unitdir}/realmd.service
+%{_datadir}/dbus-1/system-services/org.freedesktop.realmd.service
+%{_datadir}/polkit-1/actions/org.freedesktop.realmd.policy
+%{_mandir}/man8/realm.8.gz
+%{_mandir}/man5/realmd.conf.5.gz
+%{_localstatedir}/cache/realmd/
+
+%files devel-docs
+%doc %{_datadir}/doc/realmd/
+%doc ChangeLog
+
+%changelog
+* Tue Aug 21 2018 Sumit Bose <sbose@redhat.com> - 0.16.1-11
+Improve fix for rhbz#1370457 and fix Coverity issues
+- Resolves: rhbz#1370457
+
+* Thu Jun 14 2018 Sumit Bose <sbose@redhat.com> - 0.16.1-10
+Use current Samba options and read NetBIOS name from keytab
+- Resolves: rhbz#1484072
+- Resolves: rhbz#1370457
+
+* Wed Sep 07 2016 Sumit Bose <sbose@redhat.com> - 0.16.1-9
+Rebuild to fix wrong doc path
+- Resolves: rhbz#1360702
+
+* Wed Jul 27 2016 Sumit Bose <sbose@redhat.com> - 0.16.1-8
+Fix man page reference in systemd service file
+- Resolves: rhbz#1360702
+
+* Mon Jul 25 2016 Sumit Bose <sbose@redhat.com> - 0.16.1-7
+doc: add computer-name to realm man page
+- Related: rhbz#1293390
+
+* Tue Jun 28 2016 Sumit Bose <sbose@redhat.com> - 0.16.1-6
+- Resolves: rhbz#1258745
+- Resolves: rhbz#1258488
+- Resolves: rhbz#1267563
+- Resolves: rhbz#1293390
+- Resolves: rhbz#1273924
+- Resolves: rhbz#1274368
+- Resolves: rhbz#1291924
+
+* Fri Oct 16 2015 Stef Walter <stefw@redhat.com> - 0.16.1-5
+- Revert 0.16.1-4
+- Use samba by default
+- Resolves: rhbz#1271618
+
+* Fri Sep 11 2015 Stef Walter <stefw@redhat.com> - 0.16.1-4
+- Fix regressions in 0.16.x releases
+- Resolves: rhbz#1258745
+- Resolves: rhbz#1258488
+
+* Fri Jul 31 2015 Stef Walter <stefw@redhat.com> - 0.16.1-3
+- Fix regression accepting DNS domain names
+- Resolves: rhbz#1243771
+
+* Fri Jul 24 2015 Stef Walter <stefw@redhat.com> - 0.16.1-2
+- Fix discarded patch: ipa-packages.patch
+
+* Tue Jul 14 2015 Stef Walter <stefw@redhat.com> - 0.16.1-1
+- Updated to upstream 0.16.1
+- Resolves: rhbz#1241832
+- Resolves: rhbz#1230941
+
+* Tue Apr 14 2015 Stef Walter <stefw@redhat.com> - 0.16.0-1
+- Updated to upstream 0.16.0
+- Resolves: rhbz#1174911
+- Resolves: rhbz#1142191
+- Resolves: rhbz#1142148
+
+* Fri Jan 10 2014 Stef Walter <stefw@redhat.com> - 0.14.6-5
+- Don't crash when full_name_format is not in sssd.conf [#1051033]
+ This is a regression from a prior update.
+
+* Tue Jan 07 2014 Stef Walter <stefw@redhat.com> - 0.14.6-4
+- Fix full_name_format printf(3) related failure [#1048087]
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.14.6-3
+- Mass rebuild 2013-12-27
+
+* Fri Sep 20 2013 Stef Walter <stefw@redhat.com> - 0.14.6-2
+- Start oddjob after joining a domain [#967023]
+
+* Mon Sep 09 2013 Stef Walter <stefw@redhat.com> - 0.14.6-1
+- Update to upstream 0.14.6 point release
+- Set 'kerberos method = system keytab' in smb.conf properly [#997580]
+- Limit Netbios name to 15 chars when joining AD domain [#1001667]
+
+* Thu Aug 15 2013 Stef Walter <stefw@redhat.com> - 0.14.5-1
+- Update to upstream 0.14.5 point release
+- Fix regression conflicting --unattended and -U as in --user args [#996223]
+- Pass discovered server address to adcli tool [#996995]
+
+* Wed Aug 07 2013 Stef Walter <stefw@redhot.com> - 0.14.4-1
+- Update to upstream 0.14.4 point release
+- Fix up the [sssd] section in sssd.conf if it's screwed up [#987491]
+- Add an --unattended argument to realm command line client [#976593]
+- Clearer 'realm permit' manual page example [#985800]
+
+* Mon Jul 22 2013 Stef Walter <stefw@redhat.com> - 0.14.3-1
+- Update to upstream 0.14.3 point release
+- Populate LoginFormats correctly [#967011]
+- Documentation clarifications [#985773] [#967565]
+- Set sssd.conf default_shell per domain [#967569]
+- Notify in terminal output when installing packages [#984960]
+- If joined via adcli, delete computer with adcli too [#967008]
+- If input is not a tty, then read from stdin without getpass()
+- Configure pam_winbind.conf appropriately [#985819]
+- Refer to FreeIPA as IPA [#967019]
+- Support use of kerberos ccache to join when winbind [#985817]
+
+* Tue Jun 11 2013 Stef Walter <stefw@redhat.com> - 0.14.2-3
+- Run test suite when building the package
+- Fix rpmlint errors
+
+* Thu Jun 06 2013 Stef Walter <stefw@redhat.com> - 0.14.2-2
+- Install oddjobd and oddjob-mkhomedir when joining domains [#969441]
+
+* Mon May 27 2013 Stef Walter <stefw@redhat.com> - 0.14.2-1
+- Update to upstream 0.14.2 version
+- Discover FreeIPA 3.0 with AD trust correctly [#966148]
+- Only allow joining one realm by default [#966650]
+- Enable the oddjobd service after joining a domain [#964971]
+- Remove sssd.conf allow lists when permitting all [#965760]
+- Add dependency on authconfig [#964675]
+- Remove glib-networking dependency now that we no longer use SSL.
+
+* Mon May 13 2013 Stef Walter <stefw@redhat.com> - 0.14.1-1
+- Update to upstream 0.14.1 version
+- Fix crasher/regression using passwords with joins [#961435]
+- Make second Ctrl-C just quit realm tool [#961325]
+- Fix critical warning when leaving IPA realm [#961320]
+- Don't print out journalctl command in obvious situations [#961230]
+- Document the --all option to 'realm discover' [#961279]
+- No need to require sssd-tools package [#961254]
+- Enable services even in install mode [#960887]
+- Use the AD domain name in sssd.conf directly [#960270]
+- Fix critical warning when service Release() method [#961385]
+
+* Mon May 06 2013 Stef Walter <stefw@redhat.com> - 0.14.0-1
+- Work around broken krb5 with empty passwords [#960001]
+- Add manual page for realmd.conf [#959357]
+- Update to upstream 0.14.0 version
+
+* Thu May 02 2013 Stef Walter <stefw@redhat.com> - 0.13.91-1
+- Fix regression when using one time password [#958667]
+- Support for permitting logins by group [#887675]
+
+* Mon Apr 29 2013 Stef Walter <stefw@redhat.com> - 0.13.90-1
+- Add option to disable package-kit installs [#953852]
+- Add option to use unqualified names [#953825]
+- Better discovery of domains [#953153]
+- Concept of managing parts of the system [#914892]
+- Fix problems with cache directory [#913457]
+- Clearly explain when realm cannot be joined [#878018]
+- Many other upstream enhancements and fixes
+
+* Wed Apr 17 2013 Stef Walter <stefw@redhat.com> - 0.13.3-2
+- Add missing glib-networking dependency, currently used
+ for FreeIPA discovery [#953151]
+
+* Wed Apr 17 2013 Stef Walter <stefw@redhat.com> - 0.13.3-1
+- Update for upstream 0.13.3 version
+- Add dependency on systemd for installing service file
+
+* Tue Apr 16 2013 Stef Walter <stefw@redhat.com> - 0.13.2-2
+- Fix problem with sssd not starting after joining
+
+* Mon Feb 18 2013 Stef Walter <stefw@redhat.com> - 0.13.2-1
+- Update to upstream 0.13.2 version
+
+* Mon Feb 18 2013 Stef Walter <stefw@redhat.com> - 0.13.1-1
+- Update to upstream 0.13.1 version for bug fixes
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Mon Nov 12 2012 Stef Walter <stefw@redhat.com> - 0.12-1
+- Update to upstream 0.12 version for bug fixes
+
+* Tue Oct 30 2012 Stef Walter <stefw@redhat.com> - 0.11-1
+- Update to upstream 0.11 version
+
+* Sat Oct 20 2012 Stef Walter <stefw@redhat.com> - 0.10-1
+- Update to upstream 0.10 version
+
+* Wed Oct 17 2012 Stef Walter <stefw@redhat.com> - 0.9-1
+- Update to upstream 0.9 version
+
+* Wed Sep 19 2012 Stef Walter <stefw@redhat.com> - 0.8-2
+- Add openldap-devel build requirement
+
+* Wed Sep 19 2012 Stef Walter <stefw@redhat.com> - 0.8-1
+- Update to upstream 0.8 version
+- Add support for translations
+
+* Mon Aug 20 2012 Stef Walter <stefw@redhat.com> - 0.7-2
+- Build requires gtk-doc
+
+* Mon Aug 20 2012 Stef Walter <stefw@redhat.com> - 0.7-1
+- Update to upstream 0.7 version
+- Remove files no longer present in upstream version
+- Put documentation in its own realmd-devel-docs subpackage
+- Update upstream URLs
+
+* Mon Aug 6 2012 Stef Walter <stefw@redhat.com> - 0.6-1
+- Update to upstream 0.6 version
+
+* Tue Jul 17 2012 Stef Walter <stefw@redhat.com> - 0.5-2
+- Remove missing SssdIpa.service file from the files list.
+ This file will return upstream in 0.6
+
+* Tue Jul 17 2012 Stef Walter <stefw@redhat.com> - 0.5-1
+- Update to upstream 0.5 version
+
+* Tue Jun 19 2012 Stef Walter <stefw@redhat.com> - 0.4-1
+- Update to upstream 0.4 version
+- Cleanup various rpmlint warnings
+
+* Tue Jun 19 2012 Stef Walter <stefw@redhat.com> - 0.3-2
+- Add doc files
+- Own directories
+- Remove obsolete parts of spec file
+- Remove explicit dependencies
+- Updated License line to LGPLv2+
+
+* Tue Jun 19 2012 Stef Walter <stefw@redhat.com> - 0.3
+- Build fixes
+
+* Mon Jun 18 2012 Stef Walter <stefw@redhat.com> - 0.2
+- Initial RPM