From d2435809fd1f2e5c964c914d694737e8d69e557d Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@redhat.com>
Date: Thu, 11 Apr 2013 16:37:04 +0200
Subject: [PATCH] Add the user-principal option and setting

https://bugs.freedesktop.org/show_bug.cgi?id=62755
---
 dbus/realm-dbus-constants.h             |  1 +
 doc/manual/realmd-guide-configuring.xml | 17 +++++++++++++++++
 service/realm-adcli-enroll.c            | 22 ++++++++++++++++++----
 service/realm-options.c                 | 21 +++++++++++++++++++++
 service/realm-options.h                 |  3 +++
 service/realm-samba-enroll.c            | 10 ++++++++++
 service/realmd-defaults.conf            |  1 +
 tools/realm-join.c                      |  5 +++++
 8 files changed, 76 insertions(+), 4 deletions(-)

diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
index c2797f6..ff1fa64 100644
--- a/dbus/realm-dbus-constants.h
+++ b/dbus/realm-dbus-constants.h
@@ -63,6 +63,7 @@ G_BEGIN_DECLS
 #define   REALM_DBUS_OPTION_CLIENT_SOFTWARE        "client-software"
 #define   REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE    "membership-software"
 #define   REALM_DBUS_OPTION_ASSUME_PACKAGES        "assume-packages"
+#define   REALM_DBUS_OPTION_USER_PRINCIPAL         "user-principal"
 
 #define   REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY   "active-directory"
 #define   REALM_DBUS_IDENTIFIER_WINBIND            "winbind"
diff --git a/doc/manual/realmd-guide-configuring.xml b/doc/manual/realmd-guide-configuring.xml
index 86ffd13..873c2a1 100644
--- a/doc/manual/realmd-guide-configuring.xml
+++ b/doc/manual/realmd-guide-configuring.xml
@@ -221,5 +221,22 @@ computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com
 
 	</section>
 
+	<section>
+		<title>user-prinicpal</title>
+
+		<para>Set the <option>user-prinicpal</option> to <code>yes</code>
+		to create <option>userPrincipalName</option> attributes for the
+		computer account in the realm, in the form
+		<code>host/computer@REALM</code></para>
+
+		<informalexample>
+<programlisting language="js">
+[domain.example.com]
+user-principal = yes
+</programlisting>
+	</informalexample>
+
+	</section>
+
 </section>
 </chapter>
diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
index d6d3c6e..6336cc3 100644
--- a/service/realm-adcli-enroll.c
+++ b/service/realm-adcli-enroll.c
@@ -81,9 +81,11 @@ realm_adcli_enroll_join_async (const gchar *realm,
 	const gchar *computer_ou;
 	GSimpleAsyncResult *async;
 	GBytes *input = NULL;
+	const gchar *upn;
 	GPtrArray *args;
 	const gchar *os;
-	gchar *arg;
+	gchar *ccache_arg = NULL;
+	gchar *upn_arg = NULL;
 
 	g_return_if_fail (cred != NULL);
 	g_return_if_fail (realm != NULL);
@@ -129,8 +131,8 @@ realm_adcli_enroll_join_async (const gchar *realm,
 	case REALM_CREDENTIAL_CCACHE:
 		g_ptr_array_add (args, "--login-type");
 		g_ptr_array_add (args, "user");
-		arg = g_strdup_printf ("--login-ccache=%s", cred->x.ccache.file);
-		g_ptr_array_add (args, arg);
+		ccache_arg = g_strdup_printf ("--login-ccache=%s", cred->x.ccache.file);
+		g_ptr_array_add (args, ccache_arg);
 		break;
 	case REALM_CREDENTIAL_PASSWORD:
 		input = realm_command_build_password_line (cred->x.password.value);
@@ -147,6 +149,16 @@ realm_adcli_enroll_join_async (const gchar *realm,
 		break;
 	}
 
+	upn = realm_options_user_principal (options, realm);
+	if (upn) {
+		if (g_str_equal (upn, "")) {
+			g_ptr_array_add (args, "--user-principal");
+		} else {
+			upn_arg = g_strdup_printf ("--user-principal=%s", upn);
+			g_ptr_array_add (args, upn_arg);
+		}
+	}
+
 	g_ptr_array_add (args, NULL);
 
 	realm_command_runv_async ((gchar **)args->pdata, environ, input,
@@ -158,7 +170,9 @@ realm_adcli_enroll_join_async (const gchar *realm,
 
 	if (input)
 		g_bytes_unref (input);
-	free (arg);
+
+	free (ccache_arg);
+	free (upn_arg);
 }
 
 gboolean
diff --git a/service/realm-options.c b/service/realm-options.c
index 29a4888..0463029 100644
--- a/service/realm-options.c
+++ b/service/realm-options.c
@@ -30,6 +30,27 @@ realm_options_assume_packages (GVariant *options)
 }
 
 const gchar *
+realm_options_user_principal (GVariant *options,
+                              const gchar *realm_name)
+{
+	const gchar *principal;
+	gchar *section;
+
+	if (!g_variant_lookup (options, REALM_DBUS_OPTION_USER_PRINCIPAL, "&s", &principal))
+		principal = NULL;
+
+	if (!principal) {
+		section = g_utf8_casefold (realm_name, -1);
+		if (realm_settings_value (section, REALM_DBUS_OPTION_USER_PRINCIPAL) &&
+		    realm_settings_boolean (section, REALM_DBUS_OPTION_USER_PRINCIPAL))
+			principal = ""; /* auto-generate */
+		g_free (section);
+	}
+
+	return principal;
+}
+
+const gchar *
 realm_options_computer_ou (GVariant *options,
                            const gchar *realm_name)
 {
diff --git a/service/realm-options.h b/service/realm-options.h
index bec1004..6d1689d 100644
--- a/service/realm-options.h
+++ b/service/realm-options.h
@@ -26,6 +26,9 @@ gboolean       realm_options_assume_packages          (GVariant *options);
 const gchar *  realm_options_computer_ou              (GVariant *options,
                                                        const gchar *realm_name);
 
+const gchar *  realm_options_user_principal           (GVariant *options,
+                                                       const gchar *realm_name);
+
 G_END_DECLS
 
 #endif /* __REALM_OPTIONS_H__ */
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
index 636ad47..517afcb 100644
--- a/service/realm-samba-enroll.c
+++ b/service/realm-samba-enroll.c
@@ -418,6 +418,7 @@ begin_join (GSimpleAsyncResult *async,
 	const gchar *computer_ou;
 	gchar *strange_ou;
 	GError *error = NULL;
+	const gchar *upn;
 	const gchar *os;
 	int at = 0;
 
@@ -442,6 +443,15 @@ begin_join (GSimpleAsyncResult *async,
 	if (os != NULL && !g_str_equal (os, ""))
 		join->join_args[at++] = g_strdup_printf ("osVer=%s", os);
 
+	upn = realm_options_user_principal (options, realm);
+	if (upn) {
+		if (g_str_equal (upn, ""))
+			upn = NULL;
+		join->join_args[at++] = g_strdup_printf ("createupn%s%s",
+		                                         upn ? "=" : "",
+		                                         upn ? upn : "");
+	}
+
 	g_assert (at < G_N_ELEMENTS (join->join_args));
 
 	if (error != NULL) {
diff --git a/service/realmd-defaults.conf b/service/realmd-defaults.conf
index f020bf0..cdc6edc 100644
--- a/service/realmd-defaults.conf
+++ b/service/realmd-defaults.conf
@@ -10,6 +10,7 @@ ipa-client-install = /usr/sbin/ipa-client-install
 
 [active-directory]
 default-client = sssd
+user-principal = no
 os-name =
 os-version =
 
diff --git a/tools/realm-join.c b/tools/realm-join.c
index b23dd0e..d935a27 100644
--- a/tools/realm-join.c
+++ b/tools/realm-join.c
@@ -172,6 +172,7 @@ typedef struct {
 	gchar *membership_software;
 	gboolean no_password;
 	gchar *one_time_password;
+	gchar *user_principal;
 } RealmJoinArgs;
 
 static int
@@ -208,6 +209,7 @@ perform_join (RealmClient *client,
 
 	options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou,
 	                               REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software,
+	                               REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal,
 	                               NULL);
 	g_variant_ref_sink (options);
 
@@ -272,6 +274,8 @@ realm_join (RealmClient *client,
 		  N_("Join automatically without a password"), NULL },
 		{ "one-time-password", 0, 0, G_OPTION_ARG_STRING, &args.one_time_password,
 		  N_("Join using a preset one time password"), NULL },
+		{ "user-principal", 0, 0, G_OPTION_ARG_STRING, &args.user_principal,
+		  N_("Set the user principal for the computer account"), NULL },
 		{ NULL, }
 	};
 
@@ -312,6 +316,7 @@ realm_join (RealmClient *client,
 	g_free (args.computer_ou);
 	g_free (args.client_software);
 	g_free (args.server_software);
+	g_free (args.user_principal);
 	g_option_context_free (context);
 	return ret;
 }
-- 
1.8.1.4