summaryrefslogtreecommitdiffstats
path: root/source3/libads/net_ads_setspn.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libads/net_ads_setspn.c')
-rw-r--r--source3/libads/net_ads_setspn.c229
1 files changed, 229 insertions, 0 deletions
diff --git a/source3/libads/net_ads_setspn.c b/source3/libads/net_ads_setspn.c
new file mode 100644
index 0000000..b163184
--- /dev/null
+++ b/source3/libads/net_ads_setspn.c
@@ -0,0 +1,229 @@
+/*
+ Unix SMB/CIFS implementation.
+ net ads setspn routines
+ Copyright (C) Noel Power 2018
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+
+#ifdef HAVE_ADS
+bool ads_setspn_list(ADS_STRUCT *ads, const char *machine_name)
+{
+ size_t i = 0;
+ TALLOC_CTX *frame = NULL;
+ char **spn_array = NULL;
+ size_t num_spns = 0;
+ bool ok = false;
+ ADS_STATUS status;
+
+ frame = talloc_stackframe();
+ status = ads_get_service_principal_names(frame,
+ ads,
+ machine_name,
+ &spn_array,
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ d_printf("Registered SPNs for %s\n", machine_name);
+ for (i = 0; i < num_spns; i++) {
+ d_printf("\t%s\n", spn_array[i]);
+ }
+
+ ok = true;
+done:
+ TALLOC_FREE(frame);
+ return ok;
+}
+
+/* returns true if spn exists in spn_array (match is NOT case-sensitive) */
+static bool find_spn_in_spnlist(TALLOC_CTX *ctx,
+ const char *spn,
+ char **spn_array,
+ size_t num_spns)
+{
+ char *lc_spn = NULL;
+ size_t i = 0;
+
+ lc_spn = strlower_talloc(ctx, spn);
+ if (lc_spn == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n",
+ spn);
+ return false;
+ }
+
+ for (i = 0; i < num_spns; i++) {
+ char *lc_spn_attr = strlower_talloc(ctx, spn_array[i]);
+ if (lc_spn_attr == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n",
+ spn_array[i]);
+ return false;
+ }
+
+ if (strequal(lc_spn, lc_spn_attr)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name, const char * spn)
+{
+ bool ret = false;
+ TALLOC_CTX *frame = NULL;
+ ADS_STATUS status;
+ struct spn_struct *spn_struct = NULL;
+ const char *spns[2] = {NULL, NULL};
+ char **existing_spns = NULL;
+ size_t num_spns = 0;
+ bool found = false;
+
+ frame = talloc_stackframe();
+ spns[0] = spn;
+ spn_struct = parse_spn(frame, spn);
+ if (spn_struct == NULL) {
+ goto done;
+ }
+
+ status = ads_get_service_principal_names(frame,
+ ads,
+ machine_name,
+ &existing_spns,
+ &num_spns);
+
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ found = find_spn_in_spnlist(frame, spn, existing_spns, num_spns);
+ if (found) {
+ d_printf("Duplicate SPN found, aborting operation.\n");
+ goto done;
+ }
+
+ d_printf("Registering SPN %s for object %s\n", spn, machine_name);
+ status = ads_add_service_principal_names(ads, machine_name, spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ ret = true;
+ d_printf("Updated object\n");
+done:
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+bool ads_setspn_delete(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char * spn)
+{
+ size_t i = 0, j = 0;
+ TALLOC_CTX *frame = NULL;
+ char **spn_array = NULL;
+ const char **new_spn_array = NULL;
+ char *lc_spn = NULL;
+ size_t num_spns = 0;
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+ bool ok = false;
+ LDAPMessage *res = NULL;
+
+ frame = talloc_stackframe();
+
+ lc_spn = strlower_talloc(frame, spn);
+ if (lc_spn == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n", spn);
+ goto done;
+ }
+
+ status = ads_find_machine_acct(ads,
+ &res,
+ machine_name);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ status = ads_get_service_principal_names(frame,
+ ads,
+ machine_name,
+ &spn_array,
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ new_spn_array = talloc_zero_array(frame, const char*, num_spns + 1);
+ if (!new_spn_array) {
+ DBG_ERR("Out of memory, failed to allocate array.\n");
+ goto done;
+ }
+
+ /*
+ * create new spn list to write to object (excluding the spn to
+ * be deleted).
+ */
+ for (i = 0, j = 0; i < num_spns; i++) {
+ /*
+ * windows setspn.exe deletes matching spn in a case
+ * insensitive way.
+ */
+ char *lc_spn_attr = strlower_talloc(frame, spn_array[i]);
+ if (lc_spn_attr == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n",
+ spn_array[i]);
+ goto done;
+ }
+
+ if (!strequal(lc_spn, lc_spn_attr)) {
+ new_spn_array[j++] = spn_array[i];
+ }
+ }
+
+ /* found and removed spn */
+ if (j < num_spns) {
+ char *dn = NULL;
+ mods = ads_init_mods(frame);
+ if (mods == NULL) {
+ goto done;
+ }
+ d_printf("Unregistering SPN %s for %s\n", spn, machine_name);
+ status = ads_mod_strlist(frame, &mods, "servicePrincipalName", new_spn_array);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ dn = ads_get_dn(ads, frame, res);
+ if (dn == NULL ) {
+ goto done;
+ }
+
+ status = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+ d_printf("Updated object\n");
+
+ ok = true;
+done:
+ TALLOC_FREE(frame);
+ return ok;
+}
+
+#endif /* HAVE_ADS */