为服务注册 SPN
下面的代码示例为服务实例注册或取消注册一个或多个服务委托人名称 (SPN)。
该示例调用了 DsWriteAccountSpn 函数,该函数将 SPN 存储在 Active Directory 域服务的 servicePrincipalName 属性下,该属性由 pszServiceAcctDN 参数指定。 该帐户对象与该服务实例的 CreateService 调用中指定的登录帐户相对应。 如果登录帐户是域用户帐户,则 pszServiceAcctDN 必须是该用户帐户在 Active Directory 域服务器中的帐户对象的可分辨名称。 如果服务的登录帐户是 LocalSystem 帐户,在 pszServiceAcctDN 必须是安装服务的主机计算机的计算机帐户对象的可分辨名称。
/***************************************************************************
SpnRegister()
Register or unregister the SPNs under the service's account.
If the service runs in LocalSystem account, pszServiceAcctDN is the
distinguished name of the local computer account.
Parameters:
pszServiceAcctDN - Contains the distinguished name of the logon
account for this instance of the service.
pspn - Contains an array of SPNs to register.
ulSpn - Contains the number of SPNs in the array.
Operation - Contains one of the DS_SPN_WRITE_OP values that determines
the type of operation to perform on the SPNs.
***************************************************************************/
DWORD SpnRegister(TCHAR *pszServiceAcctDN,
TCHAR **pspn,
unsigned long ulSpn,
DS_SPN_WRITE_OP Operation)
{
DWORD dwStatus;
HANDLE hDs;
TCHAR szSamName[512];
DWORD dwSize = sizeof(szSamName) / sizeof(szSamName[0]);
PDOMAIN_CONTROLLER_INFO pDcInfo;
// Bind to a domain controller.
// Get the domain for the current user.
if(GetUserNameEx(NameSamCompatible, szSamName, &dwSize))
{
TCHAR *pWhack = _tcschr(szSamName, '\\');
if(pWhack)
{
*pWhack = '\0';
}
}
else
{
return GetLastError();
}
// Get the name of a domain controller in that domain.
dwStatus = DsGetDcName(NULL,
szSamName,
NULL,
NULL,
DS_IS_FLAT_NAME |
DS_RETURN_DNS_NAME |
DS_DIRECTORY_SERVICE_REQUIRED,
&pDcInfo);
if(dwStatus != 0)
{
return dwStatus;
}
// Bind to the domain controller.
dwStatus = DsBind(pDcInfo->DomainControllerName, NULL, &hDs);
// Free the DOMAIN_CONTROLLER_INFO buffer.
NetApiBufferFree(pDcInfo);
if(dwStatus != 0)
{
return dwStatus;
}
// Write the SPNs to the service account or computer account.
dwStatus = DsWriteAccountSpn(
hDs, // Handle to the directory.
Operation, // Add or remove SPN from account's existing SPNs.
pszServiceAcctDN, // DN of service account or computer account.
ulSpn, // Number of SPNs to add.
(const TCHAR **)pspn); // Array of SPNs.
// Unbind the DS in any case.
DsUnBind(&hDs);
return dwStatus;
}