From: Andreas Schneider Date: Wed, 24 Sep 2014 07:22:03 +0000 (+0200) Subject: s3-libads: Add a function to retrieve the SPNs of a computer account. X-Git-Tag: samba-4.0.23~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d16c077e04eadfd4c2a3ac9732852451dfd9e86;p=thirdparty%2Fsamba.git s3-libads: Add a function to retrieve the SPNs of a computer account. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 4eaa4ccbdf279f1ff6d8218b36d92aeea0114cd8) --- diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index 17a84d15833..6a2280734df 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char **vals); uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name); + +ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + const char *machine_name, + char ***spn_array, + size_t *num_spns); ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, const char *my_fqdn, const char *spn); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 20c2e319f59..b2287266ce0 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1908,6 +1908,66 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin return ret; } +/** + * @brief This gets the service principal names of an existing computer account. + * + * @param[in] mem_ctx The memory context to use to allocate the spn array. + * + * @param[in] ads The ADS context to use. + * + * @param[in] machine_name The NetBIOS name of the computer, which is used to + * identify the computer account. + * + * @param[in] spn_array A pointer to store the array for SPNs. + * + * @param[in] num_spns The number of principals stored in the array. + * + * @return 0 on success, or a ADS error if a failure occured. + */ +ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + const char *machine_name, + char ***spn_array, + size_t *num_spns) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + char *dn; + int count; + + status = ads_find_machine_acct(ads, + &res, + machine_name); + if (!ADS_ERR_OK(status)) { + DEBUG(1,("Host Account for %s not found... skipping operation.\n", + machine_name)); + return status; + } + + count = ads_count_replies(ads, res); + if (count != 1) { + status = ADS_ERROR(LDAP_NO_SUCH_OBJECT); + goto done; + } + + dn = ads_get_dn(ads, mem_ctx, res); + if (dn == NULL) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + *spn_array = ads_pull_strings(ads, + mem_ctx, + res, + "servicePrincipalName", + num_spns); + +done: + ads_msgfree(ads, res); + + return status; +} + /** * This adds a service principal name to an existing computer account * (found by hostname) in AD.