s3:libads: Clean up code a little rename 'ads_get_samaccountname()'

Function 'ads_get_samaccountname()' basically returns the machine_name passed
as an input param (appended with '$') if it exists on the ad. The function
really is testing for the existence of the samaccountname and is not really
'getting' it. This is also the way it is used. Renaming this function to
'ads_has_samaccountname()' better reflects what it is actually doing and how
clients calling the code use it. It also makes the client code using calling
this function less confusing.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index b6d9d9b31fc1e78c7be66954f48f576017ac03d2..8e9a7690a0f24f3c9d2cebe97ecd5cd0fe2e4fee 100644 (file)
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -121,7 +121,7 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
                                        struct dom_sid *sid);
 char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
 char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+bool ads_has_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
 ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
                        uint32_t account_type, const char *org_unit);
 ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 37ac7ba985e430b4191e21b21ac4f4a607e550b4..df9ed03a1ad55576d43be01459c20827d84b03ce 100644 (file)
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -114,7 +114,6 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
        char *password_s = NULL;
        char *my_fqdn;
        TALLOC_CTX *tmpctx = NULL;
-       char *machine_name;
        ADS_STATUS aderr;
        int i;
 
@@ -163,15 +162,13 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
                goto out;
        }
 
-       machine_name = ads_get_samaccountname(ads, tmpctx, lp_netbios_name());
-       if (!machine_name) {
+       /* make sure we have a single instance of a the computer account */
+       if (!ads_has_samaccountname(ads, tmpctx, lp_netbios_name())) {
                DEBUG(0, (__location__ ": unable to determine machine "
                          "account's short name in AD!\n"));
                ret = -1;
                goto out;
        }
-       /*strip the trailing '$' */
-       machine_name[strlen(machine_name)-1] = '\0';
 
        /* Construct our principal */
        if (strchr_m(srvPrinc, '@')) {
@@ -201,7 +198,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
                        goto out;
                }
                short_princ_s = talloc_asprintf(tmpctx, "%s/%s@%s",
-                                               srvPrinc, machine_name,
+                                               srvPrinc, lp_netbios_name(),
                                                lp_realm());
                if (short_princ_s == NULL) {
                        ret = -1;
@@ -375,6 +372,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
        char **spn_array;
        size_t num_spns;
        size_t i;
+       bool ok = false;
        ADS_STATUS status;
 
        ZERO_STRUCT(kt_entry);
@@ -451,14 +449,23 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
        }
 
        /* now add the userPrincipalName and sAMAccountName entries */
-       sam_account_name = ads_get_samaccountname(ads, frame, machine_name);
-       if (!sam_account_name) {
+       ok = ads_has_samaccountname(ads, frame, machine_name);
+       if (!ok) {
                DEBUG(0, (__location__ ": unable to determine machine "
                          "account's name in AD!\n"));
                ret = -1;
                goto done;
        }
 
+       /*
+        * append '$' to netbios name so 'ads_keytab_add_entry' recognises
+        * it as a machine account rather than a service or Windows SPN.
+        */
+       sam_account_name = talloc_asprintf(frame, "%s$",machine_name);
+       if (sam_account_name == NULL) {
+               ret = -1;
+               goto done;
+       }
        /* upper case the sAMAccountName to make it easier for apps to
           know what case to use in the keytab file */
        if (!strupper_m(sam_account_name)) {

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 4f238ef83c299066c67ccd04e027858d8901589c..2acbb3aca113cd8d702923762229d5123cc81ad5 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -3463,12 +3463,13 @@ out:
 /********************************************************************
 ********************************************************************/
 
-char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+bool ads_has_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
 {
        LDAPMessage *res = NULL;
        ADS_STATUS status;
        int count = 0;
        char *name = NULL;
+       bool ok = false;
 
        status = ads_find_machine_acct(ads, &res, machine_name);
        if (!ADS_ERR_OK(status)) {
@@ -3488,8 +3489,10 @@ char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *mach
 
 out:
        ads_msgfree(ads, res);
-
-       return name;
+       if (name != NULL) {
+               ok = (strlen(name) > 0);
+       }
+       return ok;
 }
 
 #if 0