Description: ad_upn_realm patch
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 krb5-sync (3.1-1su1) stable; urgency=medium
 .
   * Backport to jessie.
Author: Adam Henry Lewenberg <adamhl@stanford.edu>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- krb5-sync-3.1.orig/plugin/ad.c
+++ krb5-sync-3.1/plugin/ad.c
@@ -156,7 +156,7 @@ get_ad_principal(kadm5_hook_modinfo *con
         if (strcmp(instance, config->ad_base_instance) == 0) {
             base = krb5_principal_get_comp_string(ctx, principal, 0);
             code = krb5_build_principal(ctx, ad_principal,
-                                        strlen(config->ad_realm),
+                                        strlen(config->ad_upn_realm),
                                         config->ad_realm, base, (char *) 0);
             if (code != 0)
                 return code;
@@ -168,7 +168,7 @@ get_ad_principal(kadm5_hook_modinfo *con
         code = krb5_copy_principal(ctx, principal, ad_principal);
         if (code != 0)
             return code;
-        krb5_principal_set_realm(ctx, *ad_principal, config->ad_realm);
+        krb5_principal_set_realm(ctx, *ad_principal, config->ad_upn_realm);
     }
     return 0;
 }
--- krb5-sync-3.1.orig/plugin/general.c
+++ krb5-sync-3.1/plugin/general.c
@@ -50,6 +50,7 @@ sync_init(krb5_context ctx, kadm5_hook_m
     sync_config_string(ctx, "ad_keytab", &config->ad_keytab);
     sync_config_string(ctx, "ad_principal", &config->ad_principal);
     sync_config_string(ctx, "ad_realm", &config->ad_realm);
+    sync_config_string(ctx, "ad_upn_realm", &config->ad_upn_realm);
     sync_config_string(ctx, "ad_admin_server", &config->ad_admin_server);
     sync_config_string(ctx, "ad_ldap_base", &config->ad_ldap_base);
 
@@ -73,6 +74,14 @@ sync_init(krb5_context ctx, kadm5_hook_m
     config->syslog = true;
     sync_config_boolean(ctx, "syslog", &config->syslog);
 
+    /*
+      If ad_upn_realm was not defined in the configuration file,
+      set it equal to ad_realm (which MUST always be defined).
+    */
+    if (!config->ad_upn_realm) {
+      sync_config_string(ctx, "ad_realm", &config->ad_upn_realm);
+    }
+
     /* Initialized.  Set data and return. */
     *result = config;
     return 0;
--- krb5-sync-3.1.orig/plugin/internal.h
+++ krb5-sync-3.1/plugin/internal.h
@@ -49,6 +49,7 @@ struct kadm5_hook_modinfo_st {
     char *ad_principal;
     bool ad_queue_only;
     char *ad_realm;
+    char *ad_upn_realm;
     char *queue_dir;
     bool syslog;
 };
