diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c index 4a2d19a4ba5..1c6508bc653 100644 --- a/source3/utils/net_ads_gpo.c +++ b/source3/utils/net_ads_gpo.c @@ -26,147 +26,6 @@ #ifdef HAVE_ADS -static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **argv) -{ - TALLOC_CTX *mem_ctx; - ADS_STRUCT *ads; - ADS_STATUS status; - const char *dn = NULL; - struct GROUP_POLICY_OBJECT *gpo_list = NULL; - struct GROUP_POLICY_OBJECT *read_list = NULL; - uint32_t uac = 0; - uint32_t flags = 0; - struct GROUP_POLICY_OBJECT *gpo; - NTSTATUS result; - struct security_token *token = NULL; - char *gpo_cache_path; - - if (argc < 1 || c->display_usage) { - d_printf("%s\n%s\n%s", - _("Usage:"), - _("net ads gpo refresh "), - _(" Lists all GPOs assigned to an account and " - "downloads them\n" - " username\tUser to refresh GPOs for\n" - " machinename\tMachine to refresh GPOs for\n")); - return -1; - } - - mem_ctx = talloc_init("net_ads_gpo_refresh"); - if (mem_ctx == NULL) { - return -1; - } - - status = ads_startup(c, false, &ads); - if (!ADS_ERR_OK(status)) { - d_printf(_("failed to connect AD server: %s\n"), ads_errstr(status)); - goto out; - } - - status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn); - if (!ADS_ERR_OK(status)) { - d_printf(_("failed to find samaccount for %s\n"), argv[0]); - goto out; - } - - if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { - flags |= GPO_LIST_FLAG_MACHINE; - } - - d_printf(_("\n%s: '%s' has dn: '%s'\n\n"), - (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? _("machine") : _("user"), - argv[0], dn); - - d_printf(_("* fetching token ")); - if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { - status = gp_get_machine_token(ads, mem_ctx, dn, &token); - } else { - status = ads_get_sid_token(ads, mem_ctx, dn, &token); - } - - if (!ADS_ERR_OK(status)) { - d_printf(_("failed: %s\n"), ads_errstr(status)); - goto out; - } - d_printf(_("finished\n")); - - d_printf(_("* fetching GPO List ")); - status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list); - if (!ADS_ERR_OK(status)) { - d_printf(_("failed: %s\n"), - ads_errstr(status)); - goto out; - } - d_printf(_("finished\n")); - - d_printf(_("* Refreshing Group Policy Data ")); - gpo_cache_path = cache_path(talloc_tos(), GPO_CACHE_DIR); - if (gpo_cache_path == NULL) { - d_printf(_("failed: %s\n"), nt_errstr(NT_STATUS_NO_MEMORY)); - goto out; - } - result = check_refresh_gpo_list(ads, mem_ctx, - gpo_cache_path, - flags, - gpo_list); - TALLOC_FREE(gpo_cache_path); - if (!NT_STATUS_IS_OK(result)) { - d_printf(_("failed: %s\n"), nt_errstr(result)); - goto out; - } - d_printf(_("finished\n")); - - d_printf(_("* storing GPO list to registry ")); - - { - WERROR werr = gp_reg_state_store(mem_ctx, flags, dn, - token, gpo_list); - if (!W_ERROR_IS_OK(werr)) { - d_printf(_("failed: %s\n"), win_errstr(werr)); - goto out; - } - } - - d_printf(_("finished\n")); - - if (c->opt_verbose) { - - d_printf(_("* dumping GPO list\n")); - - for (gpo = gpo_list; gpo; gpo = gpo->next) { - dump_gpo(gpo, 0); - } - } - - d_printf(_("* re-reading GPO list from registry ")); - - { - WERROR werr = gp_reg_state_read(mem_ctx, flags, - &token->sids[0], - &read_list); - if (!W_ERROR_IS_OK(werr)) { - d_printf(_("failed: %s\n"), win_errstr(werr)); - goto out; - } - } - - d_printf(_("finished\n")); - - if (c->opt_verbose) { - - d_printf(_("* dumping GPO list from registry\n")); - - for (gpo = read_list; gpo; gpo = gpo->next) { - dump_gpo(gpo, 0); - } - } - - out: - ads_destroy(&ads); - talloc_destroy(mem_ctx); - return 0; -} - static int net_ads_gpo_list_all(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; @@ -324,92 +183,6 @@ out: return 0; } -static int net_ads_gpo_apply(struct net_context *c, int argc, const char **argv) -{ - TALLOC_CTX *mem_ctx; - ADS_STRUCT *ads; - ADS_STATUS status; - const char *dn = NULL; - struct GROUP_POLICY_OBJECT *gpo_list; - uint32_t uac = 0; - uint32_t flags = 0; - struct security_token *token = NULL; - const char *filter = NULL; - - if (argc < 1 || c->display_usage) { - d_printf("Usage:\n" - "net ads gpo apply \n" - " Apply GPOs for machine/user\n" - " username\tUsername to apply GPOs for\n" - " machinename\tMachine to apply GPOs for\n"); - return -1; - } - - mem_ctx = talloc_init("net_ads_gpo_apply"); - if (mem_ctx == NULL) { - goto out; - } - - if (argc >= 2) { - filter = cse_gpo_name_to_guid_string(argv[1]); - } - - status = ads_startup(c, false, &ads); - /* filter = cse_gpo_name_to_guid_string("Security"); */ - - if (!ADS_ERR_OK(status)) { - d_printf("got: %s\n", ads_errstr(status)); - goto out; - } - - status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn); - if (!ADS_ERR_OK(status)) { - d_printf("failed to find samaccount for %s: %s\n", - argv[0], ads_errstr(status)); - goto out; - } - - if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { - flags |= GPO_LIST_FLAG_MACHINE; - } - - if (c->opt_verbose) { - flags |= GPO_INFO_FLAG_VERBOSE; - } - - d_printf("%s: '%s' has dn: '%s'\n", - (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user", - argv[0], dn); - - if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { - status = gp_get_machine_token(ads, mem_ctx, dn, &token); - } else { - status = ads_get_sid_token(ads, mem_ctx, dn, &token); - } - - if (!ADS_ERR_OK(status)) { - goto out; - } - - status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list); - if (!ADS_ERR_OK(status)) { - goto out; - } - - status = ADS_ERROR_NT(gpo_process_gpo_list(mem_ctx, token, NULL, gpo_list, - filter, flags)); - if (!ADS_ERR_OK(status)) { - d_printf("failed to process gpo list: %s\n", - ads_errstr(status)); - goto out; - } - -out: - ads_destroy(&ads); - talloc_destroy(mem_ctx); - return 0; -} - static int net_ads_gpo_link_get(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; @@ -602,14 +375,6 @@ out: int net_ads_gpo(struct net_context *c, int argc, const char **argv) { struct functable func[] = { - { - "apply", - net_ads_gpo_apply, - NET_TRANSPORT_ADS, - "Apply GPO to container", - "net ads gpo apply\n" - " Apply GPO to container" - }, { "getgpo", net_ads_gpo_get_gpo, @@ -660,16 +425,6 @@ int net_ads_gpo(struct net_context *c, int argc, const char **argv) N_("net ads gpo listall\n" " Lists all GPOs on a DC") }, - { - "refresh", - net_ads_gpo_refresh, - NET_TRANSPORT_ADS, - N_("Lists all GPOs assigned to an account and " - "downloads them"), - N_("net ads gpo refresh\n" - " Lists all GPOs assigned to an account and " - "downloads them") - }, {NULL, NULL, 0, NULL, NULL} };