diff --git a/source/libgpo/gpo_util.c b/source/libgpo/gpo_util.c index 368d1206e9c..385d6bd53a1 100644 --- a/source/libgpo/gpo_util.c +++ b/source/libgpo/gpo_util.c @@ -103,6 +103,9 @@ static struct snapin_table gpo_cse_snapin_extensions[] = { { NULL, NULL, NULL } }; +/**************************************************************** +****************************************************************/ + static const char *name_to_guid_string(const char *name, struct gpo_table *table) { int i; @@ -116,6 +119,9 @@ static const char *name_to_guid_string(const char *name, struct gpo_table *table return NULL; } +/**************************************************************** +****************************************************************/ + static const char *guid_string_to_name(const char *guid_string, struct gpo_table *table) { int i; @@ -129,6 +135,9 @@ static const char *guid_string_to_name(const char *guid_string, struct gpo_table return NULL; } +/**************************************************************** +****************************************************************/ + static const char *snapin_guid_string_to_name(const char *guid_string, struct snapin_table *table) { @@ -153,21 +162,33 @@ static const char *default_gpo_guid_string_to_name(const char *guid) } #endif +/**************************************************************** +****************************************************************/ + const char *cse_gpo_guid_string_to_name(const char *guid) { return guid_string_to_name(guid, gpo_cse_extensions); } -static const char *cse_gpo_name_to_guid_string(const char *name) +/**************************************************************** +****************************************************************/ + +const char *cse_gpo_name_to_guid_string(const char *name) { return name_to_guid_string(name, gpo_cse_extensions); } +/**************************************************************** +****************************************************************/ + const char *cse_snapin_gpo_guid_string_to_name(const char *guid) { return snapin_guid_string_to_name(guid, gpo_cse_snapin_extensions); } +/**************************************************************** +****************************************************************/ + void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel) { int lvl = debuglevel; @@ -190,7 +211,10 @@ void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel) } } -void dump_gpo(TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglevel) +/**************************************************************** +****************************************************************/ + +void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglevel) { int lvl = debuglevel; @@ -278,19 +302,24 @@ void dump_gpo(TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglev } dump_gp_ext(gp_ext, lvl); } + + DEBUGADD(lvl,("security descriptor:\n")); + + ads_disp_sd(ads, mem_ctx, gpo->security_descriptor); } /**************************************************************** ****************************************************************/ -void dump_gpo_list(TALLOC_CTX *mem_ctx, +void dump_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo_list, int debuglevel) { struct GROUP_POLICY_OBJECT *gpo = NULL; for (gpo = gpo_list; gpo; gpo = gpo->next) { - dump_gpo(mem_ctx, gpo, debuglevel); + dump_gpo(ads, mem_ctx, gpo, debuglevel); } } @@ -349,7 +378,7 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) DEBUG(lvl,("get gpo for %s failed: %s\n", gp_link->link_names[i], ads_errstr(status))); return; } - dump_gpo(mem_ctx, &gpo, lvl); + dump_gpo(ads, mem_ctx, &gpo, lvl); } } } diff --git a/source/utils/net_ads_gpo.c b/source/utils/net_ads_gpo.c index 864dace9b22..180e2d509e8 100644 --- a/source/utils/net_ads_gpo.c +++ b/source/utils/net_ads_gpo.c @@ -27,14 +27,15 @@ static int net_ads_gpo_usage(int argc, const char **argv) d_printf( "net ads gpo \n"\ " can be either:\n"\ -" ADDLINK Link a container to a GPO\n"\ -/* " APPLY Apply all GPOs\n"\ */ -/* " DELETELINK Delete a gPLink from a container\n"\ */ -" REFRESH Lists all GPOs assigned to an account and downloads them\n"\ +" APPLY Apply GPOs for machine/user\n"\ " GETGPO Lists specified GPO\n"\ -" GETLINK Lists gPLink of a containter\n"\ " HELP Prints this help message\n"\ -" LIST Lists all GPOs\n"\ +" LINKADD Link a container to a GPO\n"\ +/* " LINKDELETE Delete a gPLink from a container\n"\ */ +" LINKGET Lists gPLink of a containter\n"\ +" LIST Lists all GPOs for machine/user\n"\ +" LISTALL Lists all GPOs on a DC\n"\ +" REFRESH Lists all GPOs assigned to an account and downloads them\n"\ "\n" ); return -1; @@ -119,7 +120,7 @@ static int net_ads_gpo_refresh(int argc, const char **argv) return 0; } -static int net_ads_gpo_list(int argc, const char **argv) +static int net_ads_gpo_list_all(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; @@ -137,10 +138,11 @@ static int net_ads_gpo_list(int argc, const char **argv) "name", "gPCMachineExtensionNames", "gPCUserExtensionNames", + "ntSecurityDescriptor", NULL }; - mem_ctx = talloc_init("net_ads_gpo_list"); + mem_ctx = talloc_init("net_ads_gpo_list_all"); if (mem_ctx == NULL) { return -1; } @@ -150,9 +152,13 @@ static int net_ads_gpo_list(int argc, const char **argv) goto out; } - status = ads_do_search_all(ads, ads->config.bind_path, - LDAP_SCOPE_SUBTREE, - "(objectclass=groupPolicyContainer)", attrs, &res); + status = ads_do_search_all_sd_flags(ads, ads->config.bind_path, + LDAP_SCOPE_SUBTREE, + "(objectclass=groupPolicyContainer)", + attrs, + DACL_SECURITY_INFORMATION, + &res); + if (!ADS_ERR_OK(status)) { d_printf("search failed: %s\n", ads_errstr(status)); goto out; @@ -172,12 +178,12 @@ static int net_ads_gpo_list(int argc, const char **argv) status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo); if (!ADS_ERR_OK(status)) { - d_printf("parse failed: %s\n", ads_errstr(status)); + d_printf("ads_parse_gpo failed: %s\n", ads_errstr(status)); ads_memfree(ads, dn); goto out; } - dump_gpo(mem_ctx, &gpo, 1); + dump_gpo(ads, mem_ctx, &gpo, 0); ads_memfree(ads, dn); } @@ -190,8 +196,62 @@ out: return 0; } -#if 0 /* not yet */ +static int net_ads_gpo_list(int argc, const char **argv) +{ + ADS_STRUCT *ads; + ADS_STATUS status; + LDAPMessage *res = NULL; + TALLOC_CTX *mem_ctx; + const char *dn = NULL; + uint32 uac = 0; + uint32 flags = 0; + struct GROUP_POLICY_OBJECT *gpo_list; + if (argc < 1) { + printf("usage: net ads gpo list \n"); + return -1; + } + + mem_ctx = talloc_init("net_ads_gpo_list"); + if (mem_ctx == NULL) { + goto out; + } + + status = ads_startup(False, &ads); + if (!ADS_ERR_OK(status)) { + goto out; + } + + status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn); + if (!ADS_ERR_OK(status)) { + goto out; + } + + if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { + flags |= GPO_LIST_FLAG_MACHINE; + } + + printf("%s: '%s' has dn: '%s'\n", + (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user", + argv[0], dn); + + status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list); + if (!ADS_ERR_OK(status)) { + goto out; + } + + dump_gpo_list(ads, mem_ctx, gpo_list, 0); + +out: + ads_msgfree(ads, res); + + talloc_destroy(mem_ctx); + ads_destroy(&ads); + + return 0; +} + +#if 0 /* not yet */ static int net_ads_gpo_apply(int argc, const char **argv) { TALLOC_CTX *mem_ctx; @@ -249,7 +309,7 @@ out: #endif -static int net_ads_gpo_get_link(int argc, const char **argv) +static int net_ads_gpo_link_get(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; @@ -257,7 +317,7 @@ static int net_ads_gpo_get_link(int argc, const char **argv) struct GP_LINK gp_link; if (argc < 1) { - printf("usage: net ads gpo getlink \n"); + printf("usage: net ads gpo linkget \n"); return -1; } @@ -286,7 +346,7 @@ out: return 0; } -static int net_ads_gpo_add_link(int argc, const char **argv) +static int net_ads_gpo_link_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; @@ -294,7 +354,7 @@ static int net_ads_gpo_add_link(int argc, const char **argv) TALLOC_CTX *mem_ctx; if (argc < 2) { - printf("usage: net ads gpo addlink [options]\n"); + printf("usage: net ads gpo linkadd [options]\n"); printf("note: DNs must be provided properly escaped.\n See RFC 4514 for details\n"); return -1; } @@ -315,7 +375,7 @@ static int net_ads_gpo_add_link(int argc, const char **argv) status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt); if (!ADS_ERR_OK(status)) { - d_printf("add link failed: %s\n", ads_errstr(status)); + d_printf("link add failed: %s\n", ads_errstr(status)); goto out; } @@ -328,7 +388,7 @@ out: #if 0 /* broken */ -static int net_ads_gpo_delete_link(int argc, const char **argv) +static int net_ads_gpo_link_delete(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; @@ -396,7 +456,7 @@ static int net_ads_gpo_get_gpo(int argc, const char **argv) goto out; } - dump_gpo(mem_ctx, &gpo, 1); + dump_gpo(ads, mem_ctx, &gpo, 1); out: talloc_destroy(mem_ctx); @@ -408,14 +468,15 @@ out: int net_ads_gpo(int argc, const char **argv) { struct functable func[] = { - {"LIST", net_ads_gpo_list}, - {"REFRESH", net_ads_gpo_refresh}, - {"ADDLINK", net_ads_gpo_add_link}, - /* {"DELETELINK", net_ads_gpo_delete_link}, */ - {"GETLINK", net_ads_gpo_get_link}, + /* {"APPLY", net_ads_gpo_apply}, */ {"GETGPO", net_ads_gpo_get_gpo}, {"HELP", net_ads_gpo_usage}, - /* {"APPLY", net_ads_gpo_apply}, */ + {"LINKADD", net_ads_gpo_link_add}, + /* {"LINKDELETE", net_ads_gpo_link_delete}, */ + {"LINKGET", net_ads_gpo_link_get}, + {"LIST", net_ads_gpo_list}, + {"LISTALL", net_ads_gpo_list_all}, + {"REFRESH", net_ads_gpo_refresh}, {NULL, NULL} };