diff options
author | Noel Power <noel.power@suse.com> | 2018-01-24 14:41:06 +0000 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-03-02 14:07:14 +0100 |
commit | 8a6c3c5ae2cab809d994821ed573315ba0c7562d (patch) | |
tree | 1f0208292c1b377dffdb4d023f4403119d84ccc1 /source3/libads | |
parent | 65ef044b8dba40e118446a0c700cffcf9bd81330 (diff) | |
download | samba-8a6c3c5ae2cab809d994821ed573315ba0c7562d.tar.gz |
s3:utils: add new 'net ads setspn add' subcommand
This patch adds 'add' to the 'net ads setspn' subcommand
(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731241(v=ws.11)
Usage:
net ads setspn add <computer> <SPN>
Note: <computer> is optional, if not specified the computer account
associated with value returned by lp_netbios_name() is used instead.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/ads_proto.h | 3 | ||||
-rw-r--r-- | source3/libads/net_ads_setspn.c | 78 |
2 files changed, 80 insertions, 1 deletions
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index d806ce49c16..f7a9f426639 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -56,7 +56,8 @@ int ads_keytab_list(const char *keytab_name); /* The following definitions come from libads/net_ads_setspn.c */ bool ads_setspn_list(ADS_STRUCT *ads, const char *machine); - +bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name, + const char * spn); /* The following definitions come from libads/krb5_errs.c */ /* The following definitions come from libads/kerberos_util.c */ diff --git a/source3/libads/net_ads_setspn.c b/source3/libads/net_ads_setspn.c index 7bef330bf51..41d698be7db 100644 --- a/source3/libads/net_ads_setspn.c +++ b/source3/libads/net_ads_setspn.c @@ -51,4 +51,82 @@ done: return ok; } +/* returns true if spn exists in spn_array (match is NOT case-sensitive) */ +static bool find_spn_in_spnlist(TALLOC_CTX *ctx, + const char *spn, + char **spn_array, + size_t num_spns) +{ + char *lc_spn = NULL; + size_t i = 0; + + lc_spn = strlower_talloc(ctx, spn); + if (lc_spn == NULL) { + DBG_ERR("Out of memory, lowercasing %s.\n", + spn); + return false; + } + + for (i = 0; i < num_spns; i++) { + char *lc_spn_attr = strlower_talloc(ctx, spn_array[i]); + if (lc_spn_attr == NULL) { + DBG_ERR("Out of memory, lowercasing %s.\n", + spn_array[i]); + return false; + } + + if (strequal(lc_spn, lc_spn_attr)) { + return true; + } + } + + return false; +} + +bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name, const char * spn) +{ + bool ret = false; + TALLOC_CTX *frame = NULL; + ADS_STATUS status; + struct spn_struct *spn_struct = NULL; + const char *spns[2] = {NULL, NULL}; + char **existing_spns = NULL; + size_t num_spns = 0; + bool found = false; + + frame = talloc_stackframe(); + spns[0] = spn; + spn_struct = parse_spn(frame, spn); + if (spn_struct == NULL) { + goto done; + } + + status = ads_get_service_principal_names(frame, + ads, + machine_name, + &existing_spns, + &num_spns); + + if (!ADS_ERR_OK(status)) { + goto done; + } + + found = find_spn_in_spnlist(frame, spn, existing_spns, num_spns); + if (found) { + d_printf("Duplicate SPN found, aborting operation.\n"); + goto done; + } + + d_printf("Registering SPN %s for object %s\n", spn, machine_name); + status = ads_add_service_principal_names(ads, machine_name, spns); + if (!ADS_ERR_OK(status)) { + goto done; + } + ret = true; + d_printf("Updated object\n"); +done: + TALLOC_FREE(frame); + return ret; +} + #endif /* HAVE_ADS */ |