s3:utils: The 'net ads keytab' commands should use machine credentials

If the user doesn't specify a username/password on the command line, we
should use the machine credentials to connect to AD. This is how it is
used by default and we should be able to retrieve SPNs.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 30 06:48:18 UTC 2021 on sn-devel-184

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index bc42ddda9cbd05f72ea944834bc5eea37a4b2352..5300dfbef80ff851d3cf46149cdf284a3b3ca026 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -3030,6 +3030,10 @@ static int net_ads_keytab_flush(struct net_context *c, int argc, const char **ar
                return 0;
        }
 
+       if (!c->opt_user_specified && c->opt_password == NULL) {
+               net_use_krb_machine_account(c);
+       }
+
        if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
                return -1;
        }
@@ -3058,6 +3062,11 @@ static int net_ads_keytab_add(struct net_context *c,
        }
 
        d_printf(_("Processing principals to add...\n"));
+
+       if (!c->opt_user_specified && c->opt_password == NULL) {
+               net_use_krb_machine_account(c);
+       }
+
        if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
                return -1;
        }
@@ -3096,6 +3105,10 @@ static int net_ads_keytab_create(struct net_context *c, int argc, const char **a
                return 0;
        }
 
+       if (!c->opt_user_specified && c->opt_password == NULL) {
+               net_use_krb_machine_account(c);
+       }
+
        if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
                return -1;
        }