s3:utils: add new 'net ads setspn add' subcommand

This patch adds 'add' to the 'net ads setspn' subcommand

(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731241(v=ws.11)

Usage:

     net ads setspn add <computer> <SPN>

Note: <computer> is optional, if not specified the computer account
associated with value returned by lp_netbios_name() is used instead.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

2 files changed, 80 insertions, 1 deletions

diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index d806ce49c16..f7a9f426639 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -56,7 +56,8 @@ int ads_keytab_list(const char *keytab_name);
 
 /* The following definitions come from libads/net_ads_setspn.c  */
 bool ads_setspn_list(ADS_STRUCT *ads, const char *machine);
-
+bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name,
+		    const char * spn);
 /* The following definitions come from libads/krb5_errs.c  */
 
 /* The following definitions come from libads/kerberos_util.c  */
diff --git a/source3/libads/net_ads_setspn.c b/source3/libads/net_ads_setspn.c
index 7bef330bf51..41d698be7db 100644
--- a/source3/libads/net_ads_setspn.c
+++ b/source3/libads/net_ads_setspn.c
@@ -51,4 +51,82 @@ done:
 	return ok;
 }
 
+/* returns true if spn exists in spn_array (match is NOT case-sensitive) */
+static bool find_spn_in_spnlist(TALLOC_CTX *ctx,
+				const char *spn,
+				char **spn_array,
+				size_t num_spns)
+{
+	char *lc_spn = NULL;
+	size_t i = 0;
+
+	lc_spn = strlower_talloc(ctx, spn);
+	if (lc_spn == NULL) {
+		DBG_ERR("Out of memory, lowercasing %s.\n",
+			spn);
+		return false;
+	}
+
+	for (i = 0; i < num_spns; i++) {
+		char *lc_spn_attr = strlower_talloc(ctx, spn_array[i]);
+		if (lc_spn_attr == NULL) {
+			DBG_ERR("Out of memory, lowercasing %s.\n",
+				spn_array[i]);
+			return false;
+		}
+
+		if (strequal(lc_spn, lc_spn_attr)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name, const char * spn)
+{
+	bool ret = false;
+	TALLOC_CTX *frame = NULL;
+	ADS_STATUS status;
+	struct spn_struct *spn_struct = NULL;
+	const char *spns[2] = {NULL, NULL};
+	char **existing_spns = NULL;
+	size_t num_spns = 0;
+	bool found = false;
+
+	frame = talloc_stackframe();
+	spns[0] = spn;
+	spn_struct = parse_spn(frame, spn);
+	if (spn_struct == NULL) {
+		goto done;
+	}
+
+	status = ads_get_service_principal_names(frame,
+						 ads,
+						 machine_name,
+						 &existing_spns,
+						 &num_spns);
+
+	if (!ADS_ERR_OK(status)) {
+		goto done;
+	}
+
+	found = find_spn_in_spnlist(frame, spn, existing_spns, num_spns);
+	if (found) {
+		d_printf("Duplicate SPN found, aborting operation.\n");
+		goto done;
+	}
+
+	d_printf("Registering SPN %s for object %s\n", spn, machine_name);
+	status = ads_add_service_principal_names(ads, machine_name, spns);
+	if (!ADS_ERR_OK(status)) {
+		goto done;
+	}
+	ret = true;
+	d_printf("Updated object\n");
+done:
+	TALLOC_FREE(frame);
+	return ret;
+}
+
 #endif /* HAVE_ADS */