2008-03-18 23:30:34 +03:00
/*
Samba Unix / Linux SMB client library
2006-02-04 01:19:41 +03:00
net ads commands for Group Policy
2008-03-18 23:30:34 +03:00
Copyright ( C ) 2005 - 2008 Guenther Deschner ( gd @ samba . org )
2006-02-04 01:19:41 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-02-04 01:19:41 +03:00
( at your option ) any later version .
2008-03-18 23:30:34 +03:00
2006-02-04 01:19:41 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-03-18 23:30:34 +03:00
2006-02-04 01:19:41 +03:00
You should have received a copy of the GNU General Public License
2008-03-18 23:30:34 +03:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-02-04 01:19:41 +03:00
*/
# include "includes.h"
# include "utils/net.h"
2010-07-02 02:32:52 +04:00
# include "ads.h"
2010-05-10 02:07:10 +04:00
# include "../libgpo/gpo.h"
# include "libgpo/gpo_proto.h"
2010-07-01 01:38:57 +04:00
# include "../libds/common/flags.h"
2006-02-04 01:19:41 +03:00
# ifdef HAVE_ADS
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_refresh ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
TALLOC_CTX * mem_ctx ;
ADS_STRUCT * ads ;
ADS_STATUS status ;
2007-07-09 20:03:00 +04:00
const char * dn = NULL ;
2007-07-09 19:48:17 +04:00
struct GROUP_POLICY_OBJECT * gpo_list = NULL ;
2008-03-18 23:30:34 +03:00
struct GROUP_POLICY_OBJECT * read_list = NULL ;
2006-02-04 01:19:41 +03:00
uint32 uac = 0 ;
uint32 flags = 0 ;
2006-09-29 05:42:28 +04:00
struct GROUP_POLICY_OBJECT * gpo ;
NTSTATUS result ;
2010-08-26 14:04:11 +04:00
struct security_token * token = NULL ;
2014-10-06 20:21:14 +04:00
char * gpo_cache_path ;
2007-08-14 18:47:08 +04:00
2008-05-21 10:28:15 +04:00
if ( argc < 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net ads gpo refresh <username|machinename> " ) ,
_ ( " Lists all GPOs assigned to an account and "
2009-07-30 01:45:41 +04:00
" downloads them \n "
" username \t User to refresh GPOs for \n "
" machinename \t Machine to refresh GPOs for \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2006-09-29 21:15:45 +04:00
mem_ctx = talloc_init ( " net_ads_gpo_refresh " ) ;
2006-02-04 01:19:41 +03:00
if ( mem_ctx = = NULL ) {
return - 1 ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed to connect AD server: %s \n " ) , ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
2007-07-09 20:03:00 +04:00
status = ads_find_samaccount ( ads , mem_ctx , argv [ 0 ] , & uac , & dn ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed to find samaccount for %s \n " ) , argv [ 0 ] ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT ) {
flags | = GPO_LIST_FLAG_MACHINE ;
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " \n %s: '%s' has dn: '%s' \n \n " ) ,
( uac & UF_WORKSTATION_TRUST_ACCOUNT ) ? _ ( " machine " ) : _ ( " user " ) ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , dn ) ;
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * fetching token " ) ) ;
2008-03-18 23:30:34 +03:00
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT ) {
2013-12-10 21:26:51 +04:00
status = gp_get_machine_token ( ads , mem_ctx , dn , & token ) ;
2008-03-18 23:30:34 +03:00
} else {
status = ads_get_sid_token ( ads , mem_ctx , dn , & token ) ;
}
2007-08-14 18:47:08 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed: %s \n " ) , ads_errstr ( status ) ) ;
2007-08-14 18:47:08 +04:00
goto out ;
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " finished \n " ) ) ;
2007-08-14 18:47:08 +04:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * fetching GPO List " ) ) ;
2007-08-14 18:47:08 +04:00
status = ads_get_gpo_list ( ads , mem_ctx , dn , flags , token , & gpo_list ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed: %s \n " ) ,
ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " finished \n " ) ) ;
2006-02-04 01:19:41 +03:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * Refreshing Group Policy Data " ) ) ;
2014-10-06 20:21:14 +04:00
gpo_cache_path = cache_path ( GPO_CACHE_DIR ) ;
if ( gpo_cache_path = = NULL ) {
d_printf ( _ ( " failed: %s \n " ) , nt_errstr ( NT_STATUS_NO_MEMORY ) ) ;
goto out ;
}
result = check_refresh_gpo_list ( ads , mem_ctx ,
gpo_cache_path ,
flags ,
gpo_list ) ;
TALLOC_FREE ( gpo_cache_path ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed: %s \n " ) , nt_errstr ( result ) ) ;
2006-09-29 05:49:26 +04:00
goto out ;
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " finished \n " ) ) ;
2008-03-18 23:30:34 +03:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * storing GPO list to registry " ) ) ;
2006-09-29 05:49:26 +04:00
2008-03-18 23:30:34 +03:00
{
WERROR werr = gp_reg_state_store ( mem_ctx , flags , dn ,
token , gpo_list ) ;
if ( ! W_ERROR_IS_OK ( werr ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed: %s \n " ) , win_errstr ( werr ) ) ;
2008-03-18 23:30:34 +03:00
goto out ;
}
}
2006-02-04 01:19:41 +03:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " finished \n " ) ) ;
2008-03-18 23:30:34 +03:00
2008-05-10 01:22:12 +04:00
if ( c - > opt_verbose ) {
2008-03-18 23:30:34 +03:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * dumping GPO list \n " ) ) ;
2008-03-18 23:30:34 +03:00
for ( gpo = gpo_list ; gpo ; gpo = gpo - > next ) {
2013-12-18 18:45:58 +04:00
dump_gpo ( gpo , 0 ) ;
2008-03-18 23:30:34 +03:00
#if 0
2006-09-29 05:42:28 +04:00
char * server , * share , * nt_path , * unix_path ;
2006-02-04 01:19:41 +03:00
2008-06-06 13:07:04 +04:00
d_printf ( " -------------------------------------- \n " ) ;
d_printf ( " Name: \t \t \t %s \n " , gpo - > display_name ) ;
d_printf ( " LDAP GPO version: \t %d (user: %d, machine: %d) \n " ,
2006-09-29 05:42:28 +04:00
gpo - > version ,
GPO_VERSION_USER ( gpo - > version ) ,
GPO_VERSION_MACHINE ( gpo - > version ) ) ;
2007-07-09 19:48:17 +04:00
result = gpo_explode_filesyspath ( mem_ctx , gpo - > file_sys_path ,
2008-03-18 23:30:34 +03:00
& server , & share , & nt_path ,
& unix_path ) ;
2006-09-29 05:42:28 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-06-06 13:07:04 +04:00
d_printf ( " got: %s \n " , nt_errstr ( result ) ) ;
2006-02-04 01:19:41 +03:00
}
2006-09-29 05:42:28 +04:00
2008-06-06 13:07:04 +04:00
d_printf ( " GPO stored on server: %s, share: %s \n " , server , share ) ;
d_printf ( " \t remote path: \t %s \n " , nt_path ) ;
d_printf ( " \t local path: \t %s \n " , unix_path ) ;
2008-03-18 23:30:34 +03:00
# endif
}
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * re-reading GPO list from registry " ) ) ;
2008-03-18 23:30:34 +03:00
{
WERROR werr = gp_reg_state_read ( mem_ctx , flags ,
2010-08-31 03:32:52 +04:00
& token - > sids [ 0 ] ,
2008-03-18 23:30:34 +03:00
& read_list ) ;
if ( ! W_ERROR_IS_OK ( werr ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " failed: %s \n " ) , win_errstr ( werr ) ) ;
2008-03-18 23:30:34 +03:00
goto out ;
}
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " finished \n " ) ) ;
2008-03-18 23:30:34 +03:00
2008-05-10 01:22:12 +04:00
if ( c - > opt_verbose ) {
2008-03-18 23:30:34 +03:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " * dumping GPO list from registry \n " ) ) ;
2008-03-18 23:30:34 +03:00
for ( gpo = read_list ; gpo ; gpo = gpo - > next ) {
2013-12-18 18:45:58 +04:00
dump_gpo ( gpo , 0 ) ;
2008-03-18 23:30:34 +03:00
#if 0
char * server , * share , * nt_path , * unix_path ;
2008-06-06 13:07:04 +04:00
d_printf ( " -------------------------------------- \n " ) ;
d_printf ( " Name: \t \t \t %s \n " , gpo - > display_name ) ;
d_printf ( " LDAP GPO version: \t %d (user: %d, machine: %d) \n " ,
2008-03-18 23:30:34 +03:00
gpo - > version ,
GPO_VERSION_USER ( gpo - > version ) ,
GPO_VERSION_MACHINE ( gpo - > version ) ) ;
result = gpo_explode_filesyspath ( mem_ctx , gpo - > file_sys_path ,
& server , & share , & nt_path ,
& unix_path ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-06-06 13:07:04 +04:00
d_printf ( " got: %s \n " , nt_errstr ( result ) ) ;
2008-03-18 23:30:34 +03:00
}
2008-06-06 13:07:04 +04:00
d_printf ( " GPO stored on server: %s, share: %s \n " , server , share ) ;
d_printf ( " \t remote path: \t %s \n " , nt_path ) ;
d_printf ( " \t local path: \t %s \n " , unix_path ) ;
2008-03-18 23:30:34 +03:00
# endif
}
2006-02-04 01:19:41 +03:00
}
2006-09-29 05:42:28 +04:00
out :
2006-02-04 01:19:41 +03:00
ads_destroy ( & ads ) ;
talloc_destroy ( mem_ctx ) ;
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_list_all ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
ADS_STRUCT * ads ;
ADS_STATUS status ;
2006-09-06 17:20:06 +04:00
LDAPMessage * res = NULL ;
2006-02-04 01:19:41 +03:00
int num_reply = 0 ;
2006-09-24 01:06:33 +04:00
LDAPMessage * msg = NULL ;
2006-02-04 01:19:41 +03:00
struct GROUP_POLICY_OBJECT gpo ;
TALLOC_CTX * mem_ctx ;
2006-09-06 17:20:06 +04:00
char * dn ;
2006-09-25 03:44:00 +04:00
const char * attrs [ ] = {
" versionNumber " ,
" flags " ,
" gPCFileSysPath " ,
" displayName " ,
" name " ,
" gPCMachineExtensionNames " ,
" gPCUserExtensionNames " ,
2007-07-14 03:38:19 +04:00
" ntSecurityDescriptor " ,
2006-09-25 03:44:00 +04:00
NULL
} ;
2006-02-04 01:19:41 +03:00
2008-05-21 10:28:15 +04:00
if ( c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n "
2009-07-30 01:45:41 +04:00
" net ads gpo listall \n "
2010-01-19 13:43:54 +03:00
" %s \n " ,
_ ( " Usage: " ) ,
_ ( " List all GPOs on the DC " ) ) ;
2008-05-21 10:28:15 +04:00
return 0 ;
}
2007-07-14 03:38:19 +04:00
mem_ctx = talloc_init ( " net_ads_gpo_list_all " ) ;
2006-02-04 01:19:41 +03:00
if ( mem_ctx = = NULL ) {
return - 1 ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto out ;
}
2007-07-14 03:38:19 +04:00
status = ads_do_search_all_sd_flags ( ads , ads - > config . bind_path ,
LDAP_SCOPE_SUBTREE ,
" (objectclass=groupPolicyContainer) " ,
attrs ,
2010-06-03 01:35:44 +04:00
SECINFO_DACL ,
2007-07-14 03:38:19 +04:00
& res ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " search failed: %s \n " ) , ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
2008-03-18 23:30:34 +03:00
}
2006-02-04 01:19:41 +03:00
num_reply = ads_count_replies ( ads , res ) ;
2008-03-18 23:30:34 +03:00
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " Got %d replies \n \n " ) , num_reply ) ;
2006-02-04 01:19:41 +03:00
/* dump the results */
2008-03-18 23:30:34 +03:00
for ( msg = ads_first_entry ( ads , res ) ;
msg ;
msg = ads_next_entry ( ads , msg ) ) {
2006-09-06 17:20:06 +04:00
2009-03-18 09:35:03 +03:00
if ( ( dn = ads_get_dn ( ads , mem_ctx , msg ) ) = = NULL ) {
2006-09-06 17:20:06 +04:00
goto out ;
}
status = ads_parse_gpo ( ads , mem_ctx , msg , dn , & gpo ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " ads_parse_gpo failed: %s \n " ) ,
2008-03-18 23:30:34 +03:00
ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
2008-03-18 23:30:34 +03:00
}
2006-02-04 01:19:41 +03:00
2013-12-18 18:45:58 +04:00
dump_gpo ( & gpo , 0 ) ;
2006-02-04 01:19:41 +03:00
}
out :
ads_msgfree ( ads , res ) ;
2009-03-18 09:35:03 +03:00
TALLOC_FREE ( mem_ctx ) ;
2006-02-04 01:19:41 +03:00
ads_destroy ( & ads ) ;
2008-03-18 23:30:34 +03:00
2006-02-04 01:19:41 +03:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_list ( struct net_context * c , int argc , const char * * argv )
2007-07-14 03:38:19 +04:00
{
2010-06-29 12:07:22 +04:00
ADS_STRUCT * ads = NULL ;
2007-07-14 03:38:19 +04:00
ADS_STATUS status ;
LDAPMessage * res = NULL ;
TALLOC_CTX * mem_ctx ;
const char * dn = NULL ;
uint32 uac = 0 ;
uint32 flags = 0 ;
struct GROUP_POLICY_OBJECT * gpo_list ;
2010-08-26 14:04:11 +04:00
struct security_token * token = NULL ;
2006-09-29 21:15:45 +04:00
2008-05-21 10:28:15 +04:00
if ( argc < 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net ads gpo list <username|machinename> " ) ,
_ ( " Lists all GPOs for machine/user \n "
2009-07-30 01:45:41 +04:00
" username \t User to list GPOs for \n "
" machinename \t Machine to list GPOs for \n " ) ) ;
2007-07-14 03:38:19 +04:00
return - 1 ;
}
mem_ctx = talloc_init ( " net_ads_gpo_list " ) ;
if ( mem_ctx = = NULL ) {
goto out ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2007-07-14 03:38:19 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
status = ads_find_samaccount ( ads , mem_ctx , argv [ 0 ] , & uac , & dn ) ;
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT ) {
flags | = GPO_LIST_FLAG_MACHINE ;
}
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " %s: '%s' has dn: '%s' \n " ) ,
( uac & UF_WORKSTATION_TRUST_ACCOUNT ) ? _ ( " machine " ) : _ ( " user " ) ,
2007-07-14 03:38:19 +04:00
argv [ 0 ] , dn ) ;
2008-03-18 23:30:34 +03:00
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT ) {
2013-12-10 21:26:51 +04:00
status = gp_get_machine_token ( ads , mem_ctx , dn , & token ) ;
2008-03-18 23:30:34 +03:00
} else {
status = ads_get_sid_token ( ads , mem_ctx , dn , & token ) ;
}
2007-08-14 18:47:08 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
status = ads_get_gpo_list ( ads , mem_ctx , dn , flags , token , & gpo_list ) ;
2007-07-14 03:38:19 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
2013-12-18 18:45:58 +04:00
dump_gpo_list ( gpo_list , 0 ) ;
2007-07-14 03:38:19 +04:00
out :
ads_msgfree ( ads , res ) ;
talloc_destroy ( mem_ctx ) ;
ads_destroy ( & ads ) ;
2008-03-18 23:30:34 +03:00
2007-07-14 03:38:19 +04:00
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_apply ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
TALLOC_CTX * mem_ctx ;
ADS_STRUCT * ads ;
ADS_STATUS status ;
2007-07-09 20:03:00 +04:00
const char * dn = NULL ;
2006-02-04 01:19:41 +03:00
struct GROUP_POLICY_OBJECT * gpo_list ;
uint32 uac = 0 ;
uint32 flags = 0 ;
2010-08-26 14:04:11 +04:00
struct security_token * token = NULL ;
2008-03-18 23:30:34 +03:00
const char * filter = NULL ;
2008-05-21 10:28:15 +04:00
if ( argc < 1 | | c - > display_usage ) {
d_printf ( " Usage: \n "
" net ads gpo apply <username|machinename> \n "
" Apply GPOs for machine/user \n "
" username \t Username to apply GPOs for \n "
" machinename \t Machine to apply GPOs for \n " ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
mem_ctx = talloc_init ( " net_ads_gpo_apply " ) ;
if ( mem_ctx = = NULL ) {
goto out ;
}
2008-03-18 23:30:34 +03:00
if ( argc > = 2 ) {
filter = cse_gpo_name_to_guid_string ( argv [ 1 ] ) ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2009-09-03 00:07:01 +04:00
/* filter = cse_gpo_name_to_guid_string("Security"); */
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2008-06-06 13:07:04 +04:00
d_printf ( " got: %s \n " , ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
2007-07-09 20:03:00 +04:00
status = ads_find_samaccount ( ads , mem_ctx , argv [ 0 ] , & uac , & dn ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2008-06-06 13:07:04 +04:00
d_printf ( " failed to find samaccount for %s: %s \n " ,
2008-03-18 23:30:34 +03:00
argv [ 0 ] , ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT ) {
flags | = GPO_LIST_FLAG_MACHINE ;
}
2009-04-21 01:38:11 +04:00
if ( c - > opt_verbose ) {
2008-03-18 23:30:34 +03:00
flags | = GPO_INFO_FLAG_VERBOSE ;
}
2008-06-06 13:07:04 +04:00
d_printf ( " %s: '%s' has dn: '%s' \n " ,
2008-03-18 23:30:34 +03:00
( uac & UF_WORKSTATION_TRUST_ACCOUNT ) ? " machine " : " user " ,
2006-02-04 01:19:41 +03:00
argv [ 0 ] , dn ) ;
2008-03-18 23:30:34 +03:00
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT ) {
2013-12-10 21:26:51 +04:00
status = gp_get_machine_token ( ads , mem_ctx , dn , & token ) ;
2008-03-18 23:30:34 +03:00
} else {
status = ads_get_sid_token ( ads , mem_ctx , dn , & token ) ;
}
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
2008-03-18 23:30:34 +03:00
status = ads_get_gpo_list ( ads , mem_ctx , dn , flags , token , & gpo_list ) ;
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
2013-12-19 20:29:10 +04:00
status = ADS_ERROR_NT ( gpo_process_gpo_list ( mem_ctx , token , NULL , gpo_list ,
2013-12-13 18:02:13 +04:00
filter , flags ) ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2008-03-18 23:30:34 +03:00
d_printf ( " failed to process gpo list: %s \n " ,
ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
out :
ads_destroy ( & ads ) ;
talloc_destroy ( mem_ctx ) ;
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_link_get ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
ADS_STRUCT * ads ;
ADS_STATUS status ;
TALLOC_CTX * mem_ctx ;
struct GP_LINK gp_link ;
2008-05-21 10:28:15 +04:00
if ( argc < 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net ads gpo linkget <container> " ) ,
_ ( " Lists gPLink of a containter \n "
2009-07-30 01:45:41 +04:00
" container \t Container to get link for \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
mem_ctx = talloc_init ( " add_gpo_link " ) ;
if ( mem_ctx = = NULL ) {
return - 1 ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto out ;
}
status = ads_get_gpo_link ( ads , mem_ctx , argv [ 0 ] , & gp_link ) ;
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " get link for %s failed: %s \n " ) , argv [ 0 ] ,
2008-03-18 23:30:34 +03:00
ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
2008-03-18 23:30:34 +03:00
}
2006-02-04 01:19:41 +03:00
2013-12-18 18:45:58 +04:00
dump_gplink ( & gp_link ) ;
2006-02-04 01:19:41 +03:00
out :
talloc_destroy ( mem_ctx ) ;
ads_destroy ( & ads ) ;
return 0 ;
}
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_link_add ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
ADS_STRUCT * ads ;
ADS_STATUS status ;
uint32 gpo_opt = 0 ;
TALLOC_CTX * mem_ctx ;
2008-05-21 10:28:15 +04:00
if ( argc < 2 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net ads gpo linkadd <linkdn> <gpodn> [options] " ) ,
_ ( " Link a container to a GPO \n "
2009-07-30 01:45:41 +04:00
" linkdn \t Container to link to a GPO \n "
" gpodn \t GPO to link container to \n " ) ) ;
d_printf ( _ ( " note: DNs must be provided properly escaped. \n "
" See RFC 4514 for details \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
mem_ctx = talloc_init ( " add_gpo_link " ) ;
if ( mem_ctx = = NULL ) {
return - 1 ;
}
if ( argc = = 3 ) {
gpo_opt = atoi ( argv [ 2 ] ) ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto out ;
}
status = ads_add_gpo_link ( ads , mem_ctx , argv [ 0 ] , argv [ 1 ] , gpo_opt ) ;
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " link add failed: %s \n " ) , ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
}
out :
talloc_destroy ( mem_ctx ) ;
ads_destroy ( & ads ) ;
return 0 ;
}
2006-09-29 21:15:45 +04:00
#if 0 /* broken */
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_link_delete ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
ADS_STRUCT * ads ;
ADS_STATUS status ;
TALLOC_CTX * mem_ctx ;
2008-05-21 10:28:15 +04:00
if ( argc < 2 | | c - > display_usage ) {
d_printf ( " Usage: \n "
" net ads gpo linkdelete <linkdn> <gpodn> \n "
" Delete a GPO link \n "
" <linkdn> \t Container to delete GPO from \n "
" <gpodn> \t GPO to delete from container \n " ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
mem_ctx = talloc_init ( " delete_gpo_link " ) ;
if ( mem_ctx = = NULL ) {
return - 1 ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto out ;
}
status = ads_delete_gpo_link ( ads , mem_ctx , argv [ 0 ] , argv [ 1 ] ) ;
if ( ! ADS_ERR_OK ( status ) ) {
d_printf ( " delete link failed: %s \n " , ads_errstr ( status ) ) ;
goto out ;
2008-03-18 23:30:34 +03:00
}
2006-02-04 01:19:41 +03:00
out :
talloc_destroy ( mem_ctx ) ;
ads_destroy ( & ads ) ;
return 0 ;
}
2006-09-29 21:15:45 +04:00
# endif
2008-05-10 01:22:12 +04:00
static int net_ads_gpo_get_gpo ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
ADS_STRUCT * ads ;
ADS_STATUS status ;
TALLOC_CTX * mem_ctx ;
struct GROUP_POLICY_OBJECT gpo ;
2008-05-21 10:28:15 +04:00
if ( argc < 1 | | c - > display_usage ) {
2010-01-19 13:43:54 +03:00
d_printf ( " %s \n %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net ads gpo getgpo <gpo> " ) ,
2014-03-30 06:03:15 +04:00
_ ( " List specified GPO \n "
2009-07-30 01:45:41 +04:00
" gpo \t \t GPO to list \n " ) ) ;
2006-02-04 01:19:41 +03:00
return - 1 ;
}
2008-05-21 10:28:15 +04:00
mem_ctx = talloc_init ( " ads_gpo_get_gpo " ) ;
2006-02-04 01:19:41 +03:00
if ( mem_ctx = = NULL ) {
return - 1 ;
}
2008-05-10 01:22:12 +04:00
status = ads_startup ( c , false , & ads ) ;
2006-09-06 17:20:06 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto out ;
}
if ( strnequal ( argv [ 0 ] , " CN={ " , strlen ( " CN={ " ) ) ) {
status = ads_get_gpo ( ads , mem_ctx , argv [ 0 ] , NULL , NULL , & gpo ) ;
} else {
status = ads_get_gpo ( ads , mem_ctx , NULL , argv [ 0 ] , NULL , & gpo ) ;
}
if ( ! ADS_ERR_OK ( status ) ) {
2009-07-30 01:45:41 +04:00
d_printf ( _ ( " get gpo for [%s] failed: %s \n " ) , argv [ 0 ] ,
2008-03-18 23:30:34 +03:00
ads_errstr ( status ) ) ;
2006-02-04 01:19:41 +03:00
goto out ;
2008-03-18 23:30:34 +03:00
}
2006-02-04 01:19:41 +03:00
2013-12-18 18:45:58 +04:00
dump_gpo ( & gpo , 1 ) ;
2006-09-29 05:42:28 +04:00
2006-02-04 01:19:41 +03:00
out :
talloc_destroy ( mem_ctx ) ;
ads_destroy ( & ads ) ;
return 0 ;
}
2008-05-10 01:22:12 +04:00
int net_ads_gpo ( struct net_context * c , int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2008-06-07 04:25:08 +04:00
struct functable func [ ] = {
2008-05-21 10:28:15 +04:00
{
" apply " ,
net_ads_gpo_apply ,
NET_TRANSPORT_ADS ,
" Apply GPO to container " ,
" net ads gpo apply \n "
" Apply GPO to container "
} ,
{
" getgpo " ,
net_ads_gpo_get_gpo ,
NET_TRANSPORT_ADS ,
2009-07-30 01:45:41 +04:00
N_ ( " List specified GPO " ) ,
N_ ( " net ads gpo getgpo \n "
" List specified GPO " )
2008-05-21 10:28:15 +04:00
} ,
{
" linkadd " ,
net_ads_gpo_link_add ,
NET_TRANSPORT_ADS ,
2009-07-30 01:45:41 +04:00
N_ ( " Link a container to a GPO " ) ,
N_ ( " net ads gpo linkadd \n "
" Link a container to a GPO " )
2008-05-21 10:28:15 +04:00
} ,
#if 0
{
" linkdelete " ,
net_ads_gpo_link_delete ,
NET_TRANSPORT_ADS ,
" Delete GPO link from a container " ,
" net ads gpo linkdelete \n "
" Delete GPO link from a container "
} ,
# endif
{
" linkget " ,
net_ads_gpo_link_get ,
NET_TRANSPORT_ADS ,
2009-07-30 01:45:41 +04:00
N_ ( " Lists gPLink of containter " ) ,
N_ ( " net ads gpo linkget \n "
" Lists gPLink of containter " )
2008-05-21 10:28:15 +04:00
} ,
{
" list " ,
net_ads_gpo_list ,
NET_TRANSPORT_ADS ,
2009-07-30 01:45:41 +04:00
N_ ( " Lists all GPOs for machine/user " ) ,
N_ ( " net ads gpo list \n "
" Lists all GPOs for machine/user " )
2008-05-21 10:28:15 +04:00
} ,
{
" listall " ,
net_ads_gpo_list_all ,
NET_TRANSPORT_ADS ,
2009-07-30 01:45:41 +04:00
N_ ( " Lists all GPOs on a DC " ) ,
N_ ( " net ads gpo listall \n "
" Lists all GPOs on a DC " )
2008-05-21 10:28:15 +04:00
} ,
{
" refresh " ,
net_ads_gpo_refresh ,
NET_TRANSPORT_ADS ,
2009-07-30 01:45:41 +04:00
N_ ( " Lists all GPOs assigned to an account and "
" downloads them " ) ,
N_ ( " net ads gpo refresh \n "
" Lists all GPOs assigned to an account and "
" downloads them " )
2008-05-21 10:28:15 +04:00
} ,
{ NULL , NULL , 0 , NULL , NULL }
2006-02-04 01:19:41 +03:00
} ;
2008-06-07 04:25:08 +04:00
return net_run_function ( c , argc , argv , " net ads gpo " , func ) ;
2006-02-04 01:19:41 +03:00
}
2006-09-22 13:34:25 +04:00
# endif /* HAVE_ADS */