From ec3c397cf50ace03f920502f34bca612f62333bf Mon Sep 17 00:00:00 2001 From: Andrew Austin Date: Sun, 17 Apr 2016 12:17:04 -0500 Subject: [PATCH 1/3] Support manually setting computer name This change adds a computer-name option to the realm configuration. When set, the computer-name string will be used in place of either the system's hostname or an automatically truncated netbios name when joining an active directory domain. https://bugs.freedesktop.org/show_bug.cgi?id=93739 Signed-off-by: Stef Walter * Squashed fixup patch --- dbus/realm-dbus-constants.h | 1 + service/realm-adcli-enroll.c | 11 +++++++++-- service/realm-options.c | 21 +++++++++++++++++++++ service/realm-options.h | 3 +++ service/realm-samba-enroll.c | 26 ++++++++++++++++++++------ service/realm-samba.c | 10 +++++++++- service/realm-sssd-ad.c | 9 ++++++--- 7 files changed, 69 insertions(+), 12 deletions(-) diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h index c68e958..3a67a00 100644 --- a/dbus/realm-dbus-constants.h +++ b/dbus/realm-dbus-constants.h @@ -66,6 +66,7 @@ G_BEGIN_DECLS #define REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE "membership-software" #define REALM_DBUS_OPTION_USER_PRINCIPAL "user-principal" #define REALM_DBUS_OPTION_MANAGE_SYSTEM "manage-system" +#define REALM_DBUS_OPTION_COMPUTER_NAME "computer-name" #define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory" #define REALM_DBUS_IDENTIFIER_WINBIND "winbind" diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c index ef1b563..0c506f9 100644 --- a/service/realm-adcli-enroll.c +++ b/service/realm-adcli-enroll.c @@ -84,6 +84,7 @@ realm_adcli_enroll_join_async (RealmDisco *disco, gchar *upn_arg = NULL; gchar *server_arg = NULL; gchar *ou_arg = NULL; + const gchar *computer_name = NULL; g_return_if_fail (cred != NULL); g_return_if_fail (disco != NULL); @@ -114,7 +115,14 @@ realm_adcli_enroll_join_async (RealmDisco *disco, g_ptr_array_add (args, (gpointer)disco->explicit_server); } - if (disco->explicit_netbios) { + /* Pass manually configured or truncated computer name to adcli */ + computer_name = realm_options_computer_name (options, disco->domain_name); + if (computer_name != NULL) { + realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s", + computer_name); + g_ptr_array_add (args, "--computer-name"); + g_ptr_array_add (args, (gpointer)computer_name); + } else if (disco->explicit_netbios) { realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s", disco->explicit_netbios); g_ptr_array_add (args, "--computer-name"); @@ -192,7 +200,6 @@ realm_adcli_enroll_join_async (RealmDisco *disco, if (input) g_bytes_unref (input); - free (ccache_arg); free (upn_arg); free (server_arg); diff --git a/service/realm-options.c b/service/realm-options.c index bba3ee4..b9f59c6 100644 --- a/service/realm-options.c +++ b/service/realm-options.c @@ -159,3 +159,24 @@ realm_options_check_domain_name (const gchar *name) return TRUE; } + +const gchar * +realm_options_computer_name (GVariant *options, + const gchar *realm_name) +{ + const gchar *computer_name = NULL; + gchar *section; + + if (options) { + if (!g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_NAME, "&s", &computer_name)) + computer_name = NULL; + } + + if (realm_name && !computer_name) { + section = g_utf8_casefold (realm_name, -1); + computer_name = realm_settings_value (section, REALM_DBUS_OPTION_COMPUTER_NAME); + g_free (section); + } + + return g_strdup (computer_name); +} diff --git a/service/realm-options.h b/service/realm-options.h index 4890cba..e31cddc 100644 --- a/service/realm-options.h +++ b/service/realm-options.h @@ -41,6 +41,9 @@ gboolean realm_options_qualify_names (const gchar *realm_name); gboolean realm_options_check_domain_name (const gchar *domain_name); +const gchar * realm_options_computer_name (GVariant *options, + const gchar *realm_name); + G_END_DECLS #endif /* __REALM_OPTIONS_H__ */ diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c index e749764..f2392a9 100644 --- a/service/realm-samba-enroll.c +++ b/service/realm-samba-enroll.c @@ -84,27 +84,37 @@ fallback_workgroup (const gchar *realm) static JoinClosure * join_closure_init (GTask *task, RealmDisco *disco, + GVariant *options, GDBusMethodInvocation *invocation) { JoinClosure *join; gchar *workgroup; GError *error = NULL; int temp_fd; + const gchar *explicit_computer_name = NULL; + const gchar *authid = NULL; join = g_new0 (JoinClosure, 1); join->disco = realm_disco_ref (disco); join->invocation = invocation ? g_object_ref (invocation) : NULL; g_task_set_task_data (task, join, join_closure_free); + explicit_computer_name = realm_options_computer_name (options, disco->domain_name); + /* Set netbios name to explicit or truncated name if available */ + if (explicit_computer_name != NULL) + authid = explicit_computer_name; + else if (disco->explicit_netbios) + authid = disco->explicit_netbios; + join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE); realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL, "security", "ads", "kerberos method", "system keytab", "realm", disco->kerberos_realm, - "netbios name", disco->explicit_netbios, + "netbios name", authid, NULL); - /* + /* * Samba complains if we don't set a 'workgroup' setting for the realm we're * going to join. If we didn't yet manage to lookup the workgroup, then go ahead * and assume that the first domain component is the workgroup name. @@ -377,14 +387,18 @@ realm_samba_enroll_join_async (RealmDisco *disco, { GTask *task; JoinClosure *join; + const gchar *explicit_computer_name; g_return_if_fail (disco != NULL); g_return_if_fail (cred != NULL); task = g_task_new (NULL, NULL, callback, user_data); - join = join_closure_init (task, disco, invocation); - - if (disco->explicit_netbios) { + join = join_closure_init (task, disco, options, invocation); + explicit_computer_name = realm_options_computer_name (options, disco->domain_name); + if (explicit_computer_name != NULL) { + realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s", + explicit_computer_name); + } else if (disco->explicit_netbios) { realm_diagnostics_info (invocation, "Joining using a truncated netbios name: %s", disco->explicit_netbios); } @@ -448,7 +462,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco, JoinClosure *join; task = g_task_new (NULL, NULL, callback, user_data); - join = join_closure_init (task, disco, invocation); + join = join_closure_init (task, disco, options, invocation); switch (cred->type) { case REALM_CREDENTIAL_PASSWORD: diff --git a/service/realm-samba.c b/service/realm-samba.c index eca65aa..5cf2aa8 100644 --- a/service/realm-samba.c +++ b/service/realm-samba.c @@ -183,6 +183,13 @@ on_join_do_winbind (GObject *source, GHashTable *settings = NULL; GError *error = NULL; const gchar *name; + const gchar *computer_name; + + computer_name = realm_options_computer_name (enroll->options, enroll->disco->domain_name); + /* Use truncated name if set and explicit name is not available */ + if (enroll->disco->explicit_netbios && computer_name == NULL) + computer_name = enroll->disco->explicit_netbios; + realm_samba_enroll_join_finish (result, &error); if (error == NULL) { @@ -192,12 +199,13 @@ on_join_do_winbind (GObject *source, "workgroup", enroll->disco->workgroup, "template homedir", realm_settings_string ("users", "default-home"), "template shell", realm_settings_string ("users", "default-shell"), - "netbios name", enroll->disco->explicit_netbios, + "netbios name", computer_name, "password server", enroll->disco->explicit_server, "kerberos method", "system keytab", NULL); } + if (error == NULL) { name = realm_kerberos_get_name (REALM_KERBEROS (self)); realm_samba_winbind_configure_async (self->config, name, enroll->options, diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c index c7ffe8a..5ed384d 100644 --- a/service/realm-sssd-ad.c +++ b/service/realm-sssd-ad.c @@ -163,6 +163,7 @@ configure_sssd_for_domain (RealmIniConfig *config, GString *realmd_tags; const gchar *access_provider; const gchar *shell; + const gchar *explicit_computer_name; gchar *authid = NULL; gboolean qualify; gboolean ret; @@ -172,17 +173,19 @@ configure_sssd_for_domain (RealmIniConfig *config, home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home")); qualify = realm_options_qualify_names (disco->domain_name); shell = realm_settings_string ("users", "default-shell"); - + explicit_computer_name = realm_options_computer_name (options, disco->domain_name); realmd_tags = g_string_new (""); if (realm_options_manage_system (options, disco->domain_name)) g_string_append (realmd_tags, "manages-system "); g_string_append (realmd_tags, use_adcli ? "joined-with-adcli " : "joined-with-samba "); /* - * Explicitly set the netbios authid for sssd to use in this case, since + * Explicitly set the netbios authid for sssd to use in these cases, since * otherwise sssd won't know which kerberos principal to use */ - if (disco->explicit_netbios) + if (explicit_computer_name != NULL) + authid = g_strdup_printf ("%s$", explicit_computer_name); + else if (disco->explicit_netbios) authid = g_strdup_printf ("%s$", disco->explicit_netbios); ret = realm_sssd_config_add_domain (config, disco->domain_name, error, -- 2.7.4