s3:utils: add new 'net ads setspn list' subcommand

This patch adds basic functionality not unlike the setspn.exe command that is provided by windows for adminsistering SPN on the AD. (see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731241(v=ws.11) Only the basic list operation (that corresponds to the -l switch for setspn.exe is implemented) Usage: net ads setspn list <computer> Note: <computer> is optional, if not specified the computer account associated with value returned by lp_netbios_name() is used instead. Signed-off-by: Noel Power <[email protected]> Reviewed-by: Jeremy Allison <[email protected]> Reviewed-by: Andreas Schneider <[email protected]>
17500mph · Mar 2, 2018 · 65ef044 · 65ef044
1 parent 1400ab7
commit 65ef044
Show file tree

Hide file tree

Showing 5 changed files with 120 additions and 0 deletions.
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
@@ -54,6 +54,9 @@ int ads_keytab_flush(ADS_STRUCT *ads);
 int ads_keytab_create_default(ADS_STRUCT *ads);
 int ads_keytab_list(const char *keytab_name);
 
+/* The following definitions come from libads/net_ads_setspn.c  */
+bool ads_setspn_list(ADS_STRUCT *ads, const char *machine);
+
 /* The following definitions come from libads/krb5_errs.c  */
 
 /* The following definitions come from libads/kerberos_util.c  */

diff --git a/source3/libads/net_ads_setspn.c b/source3/libads/net_ads_setspn.c
@@ -0,0 +1,54 @@
+/*
+   Unix SMB/CIFS implementation.
+   net ads setspn routines
+   Copyright (C) Noel Power 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+
+#ifdef HAVE_ADS
+bool ads_setspn_list(ADS_STRUCT *ads, const char *machine_name)
+{
+	size_t i = 0;
+	TALLOC_CTX *frame = NULL;
+	char **spn_array = NULL;
+	size_t num_spns = 0;
+	bool ok = false;
+	ADS_STATUS status;
+
+	frame = talloc_stackframe();
+	status = ads_get_service_principal_names(frame,
+						 ads,
+						 machine_name,
+						 &spn_array,
+						 &num_spns);
+	if (!ADS_ERR_OK(status)) {
+		goto done;
+	}
+
+	d_printf("Registered SPNs for %s\n", machine_name);
+	for (i = 0; i < num_spns; i++) {
+		d_printf("\t%s\n", spn_array[i]);
+	}
+
+	ok = true;
+done:
+	TALLOC_FREE(frame);
+	return ok;
+}
+
+#endif /* HAVE_ADS */
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
@@ -3005,6 +3005,54 @@ int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
 	return net_run_function(c, argc, argv, "net ads kerberos", func);
 }
 
+static int net_ads_setspn_list(struct net_context *c, int argc, const char **argv)
+{
+	int ret = 0;
+	bool ok = false;
+	ADS_STRUCT *ads = NULL;
+	if (c->display_usage) {
+		d_printf("%s\n%s",
+			 _("Usage:"),
+			 _("net ads setspn list <machinename>\n"));
+		ret = 0;
+		goto done;
+	}
+	if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
+		ret = -1;
+		goto done;
+	}
+	if (argc) {
+		ok = ads_setspn_list(ads, argv[0]);
+	} else {
+		ok = ads_setspn_list(ads, lp_netbios_name());
+	}
+	if (!ok) {
+            ret = -1;
+	}
+done:
+	if (ads) {
+		ads_destroy(&ads);
+	}
+	return ret;
+}
+
+int net_ads_setspn(struct net_context *c, int argc, const char **argv)
+{
+	struct functable func[] = {
+		{
+			"list",
+			net_ads_setspn_list,
+			NET_TRANSPORT_ADS,
+			N_("List Service Principal Names (SPN)"),
+			N_("net ads setspn list machine\n"
+			   "    List Service Principal Names (SPN)")
+		},
+		{NULL, NULL, 0, NULL, NULL}
+	};
+
+	return net_run_function(c, argc, argv, "net ads setspn", func);
+}
+
 static int net_ads_enctype_lookup_account(struct net_context *c,
 					  ADS_STRUCT *ads,
 					  const char *account,
@@ -3443,6 +3491,14 @@ int net_ads(struct net_context *c, int argc, const char **argv)
 			N_("net ads keytab\n"
 			   "    Manage local keytab file")
 		},
+		{
+			"setspn",
+			net_ads_setspn,
+			NET_TRANSPORT_ADS,
+			N_("Manage Service Principal Names (SPN)s"),
+			N_("net ads spnset\n"
+			   "    Manage Service Principal Names (SPN)s")
+		},
 		{
 			"gpo",
 			net_ads_gpo,
@@ -3491,6 +3547,11 @@ int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
 	return net_ads_noads();
 }
 
+int net_ads_setspn(struct net_context *c, int argc, const char **argv)
+{
+	return net_ads_noads();
+}
+
 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
 {
 	return net_ads_noads();

diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
@@ -43,6 +43,7 @@ int net_ads_printer_usage(struct net_context *c, int argc, const char **argv);
 int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv);
 int net_ads_keytab(struct net_context *c, int argc, const char **argv);
 int net_ads_kerberos(struct net_context *c, int argc, const char **argv);
+int net_ads_setspn(struct net_context *c, int argc, const char **argv);
 int net_ads(struct net_context *c, int argc, const char **argv);
 
 /* The following definitions come from utils/net_ads_gpo.c  */

diff --git a/source3/wscript_build b/source3/wscript_build
@@ -522,6 +522,7 @@ bld.SAMBA3_LIBRARY('ads',
                           libads/ldap_schema.c
                           libads/util.c
                           libads/ndr.c
+                          libads/net_ads_setspn.c
                           ''',
                    deps='''
                         cli-ldap-common