s3-libads: Add a function to retrieve the SPNs of a computer account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 17a84d15833fe7a6c90480dc82ce155ee22088b8..6a2280734dffbc2410aeda3446deacbde221766c 100644 (file)
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
                                const char *name, const char **vals);
 uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
 uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+                                          ADS_STRUCT *ads,
+                                          const char *machine_name,
+                                          char ***spn_array,
+                                          size_t *num_spns);
 ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
 ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
                                           const char *my_fqdn, const char *spn);

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 8fed8fd86d33acbf94cafabd12ad4b0291d48fc1..c683e2c530a98c739ccc6dbb5f1394086003b72f 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1914,6 +1914,66 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
        return ret;
 }
 
+/**
+ * @brief This gets the service principal names of an existing computer account.
+ *
+ * @param[in]  mem_ctx      The memory context to use to allocate the spn array.
+ *
+ * @param[in]  ads          The ADS context to use.
+ *
+ * @param[in]  machine_name The NetBIOS name of the computer, which is used to
+ *                          identify the computer account.
+ *
+ * @param[in]  spn_array    A pointer to store the array for SPNs.
+ *
+ * @param[in]  num_spns     The number of principals stored in the array.
+ *
+ * @return                  0 on success, or a ADS error if a failure occured.
+ */
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+                                          ADS_STRUCT *ads,
+                                          const char *machine_name,
+                                          char ***spn_array,
+                                          size_t *num_spns)
+{
+       ADS_STATUS status;
+       LDAPMessage *res = NULL;
+       char *dn;
+       int count;
+
+       status = ads_find_machine_acct(ads,
+                                      &res,
+                                      machine_name);
+       if (!ADS_ERR_OK(status)) {
+               DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+                        machine_name));
+               return status;
+       }
+
+       count = ads_count_replies(ads, res);
+       if (count != 1) {
+               status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+               goto done;
+       }
+
+       dn = ads_get_dn(ads, mem_ctx, res);
+       if (dn == NULL) {
+               status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+               goto done;
+       }
+
+       *spn_array = ads_pull_strings(ads,
+                                     mem_ctx,
+                                     res,
+                                     "servicePrincipalName",
+                                     num_spns);
+
+done:
+       ads_msgfree(ads, res);
+
+       return status;
+}
+
 /**
  * This adds a service principal name to an existing computer account
  * (found by hostname) in AD.