2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4 Copyright (C) 2005-2008 Guenther Deschner (gd@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "utils/net.h"
23 #include "../libgpo/gpo.h"
24 #include "libgpo/gpo_proto.h"
25 #include "../libds/common/flags.h"
29 static int net_ads_gpo_list_all(struct net_context *c, int argc, const char **argv)
33 LDAPMessage *res = NULL;
35 LDAPMessage *msg = NULL;
36 struct GROUP_POLICY_OBJECT gpo;
39 const char *attrs[] = {
45 "gPCMachineExtensionNames",
46 "gPCUserExtensionNames",
47 "ntSecurityDescriptor",
51 if (c->display_usage) {
53 "net ads gpo listall\n"
56 _("List all GPOs on the DC"));
60 mem_ctx = talloc_init("net_ads_gpo_list_all");
61 if (mem_ctx == NULL) {
65 status = ads_startup(c, false, mem_ctx, &ads);
66 if (!ADS_ERR_OK(status)) {
70 status = ads_do_search_all_sd_flags(ads, ads->config.bind_path,
72 "(objectclass=groupPolicyContainer)",
77 if (!ADS_ERR_OK(status)) {
78 d_printf(_("search failed: %s\n"), ads_errstr(status));
82 num_reply = ads_count_replies(ads, res);
84 d_printf(_("Got %d replies\n\n"), num_reply);
86 /* dump the results */
87 for (msg = ads_first_entry(ads, res);
89 msg = ads_next_entry(ads, msg)) {
91 if ((dn = ads_get_dn(ads, mem_ctx, msg)) == NULL) {
95 status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo);
97 if (!ADS_ERR_OK(status)) {
98 d_printf(_("ads_parse_gpo failed: %s\n"),
107 ads_msgfree(ads, res);
109 TALLOC_FREE(mem_ctx);
115 static int net_ads_gpo_list(struct net_context *c, int argc, const char **argv)
117 ADS_STRUCT *ads = NULL;
119 LDAPMessage *res = NULL;
121 const char *dn = NULL;
124 struct GROUP_POLICY_OBJECT *gpo_list;
125 struct security_token *token = NULL;
127 if (argc < 1 || c->display_usage) {
128 d_printf("%s\n%s\n%s",
130 _("net ads gpo list <username|machinename>"),
131 _(" Lists all GPOs for machine/user\n"
132 " username\tUser to list GPOs for\n"
133 " machinename\tMachine to list GPOs for\n"));
137 mem_ctx = talloc_init("net_ads_gpo_list");
138 if (mem_ctx == NULL) {
142 status = ads_startup(c, false, mem_ctx, &ads);
143 if (!ADS_ERR_OK(status)) {
147 status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
148 if (!ADS_ERR_OK(status)) {
152 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
153 flags |= GPO_LIST_FLAG_MACHINE;
156 d_printf(_("%s: '%s' has dn: '%s'\n"),
157 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? _("machine") : _("user"),
160 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
161 status = gp_get_machine_token(ads, mem_ctx, dn, &token);
163 status = ads_get_sid_token(ads, mem_ctx, dn, &token);
166 if (!ADS_ERR_OK(status)) {
170 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list);
171 if (!ADS_ERR_OK(status)) {
175 dump_gpo_list(gpo_list, 0);
178 ads_msgfree(ads, res);
180 talloc_destroy(mem_ctx);
186 static int net_ads_gpo_link_get(struct net_context *c, int argc, const char **argv)
191 struct GP_LINK gp_link;
193 if (argc < 1 || c->display_usage) {
194 d_printf("%s\n%s\n%s",
196 _("net ads gpo linkget <container>"),
197 _(" Lists gPLink of a container\n"
198 " container\tContainer to get link for\n"));
202 mem_ctx = talloc_init("add_gpo_link");
203 if (mem_ctx == NULL) {
207 status = ads_startup(c, false, mem_ctx, &ads);
208 if (!ADS_ERR_OK(status)) {
212 status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
213 if (!ADS_ERR_OK(status)) {
214 d_printf(_("get link for %s failed: %s\n"), argv[0],
219 dump_gplink(&gp_link);
222 talloc_destroy(mem_ctx);
228 static int net_ads_gpo_link_add(struct net_context *c, int argc, const char **argv)
232 uint32_t gpo_opt = 0;
235 if (argc < 2 || c->display_usage) {
236 d_printf("%s\n%s\n%s",
238 _("net ads gpo linkadd <linkdn> <gpodn> [options]"),
239 _(" Link a container to a GPO\n"
240 " linkdn\tContainer to link to a GPO\n"
241 " gpodn\tGPO to link container to\n"));
242 d_printf(_("note: DNs must be provided properly escaped.\n"
243 "See RFC 4514 for details\n"));
247 mem_ctx = talloc_init("add_gpo_link");
248 if (mem_ctx == NULL) {
253 gpo_opt = atoi(argv[2]);
256 status = ads_startup(c, false, mem_ctx, &ads);
257 if (!ADS_ERR_OK(status)) {
261 status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
262 if (!ADS_ERR_OK(status)) {
263 d_printf(_("link add failed: %s\n"), ads_errstr(status));
268 talloc_destroy(mem_ctx);
276 static int net_ads_gpo_link_delete(struct net_context *c, int argc, const char **argv)
282 if (argc < 2 || c->display_usage) {
284 "net ads gpo linkdelete <linkdn> <gpodn>\n"
285 " Delete a GPO link\n"
286 " <linkdn>\tContainer to delete GPO from\n"
287 " <gpodn>\tGPO to delete from container\n");
291 mem_ctx = talloc_init("delete_gpo_link");
292 if (mem_ctx == NULL) {
296 status = ads_startup(c, false, mem_ctx, &ads);
297 if (!ADS_ERR_OK(status)) {
301 status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
302 if (!ADS_ERR_OK(status)) {
303 d_printf("delete link failed: %s\n", ads_errstr(status));
308 talloc_destroy(mem_ctx);
318 - struct net_context *: Pointer to net_context*
319 - argc: Number of command line arguments passed to 'net ads gpo getgpo' command
320 - **argv: Command line argument string passed to 'net ads gpo getgpo' command
322 This function performs following operations:
323 1. Create talloc context using talloc_init
324 2. Preform ads_startup()
325 3. Call ads_get_gpo() to retrieve gpo details inside 'struct GROUP_POLICY_OBJECT'
326 4. Call dumps_gpo() to dump GPO on stdout
328 static int net_ads_gpo_get_gpo(struct net_context *c, int argc, const char **argv)
333 struct GROUP_POLICY_OBJECT gpo;
335 if (argc < 1 || c->display_usage) {
336 d_printf("%s\n%s\n%s",
338 _("net ads gpo getgpo <gpo>"),
339 _(" List specified GPO\n"
340 " gpo\t\tGPO to list\n"));
344 mem_ctx = talloc_init("ads_gpo_get_gpo");
345 if (mem_ctx == NULL) {
349 status = ads_startup(c, false, mem_ctx, &ads);
350 if (!ADS_ERR_OK(status)) {
354 if (strnequal(argv[0], "CN={", strlen("CN={"))) {
355 status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
357 status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
360 if (!ADS_ERR_OK(status)) {
361 d_printf(_("get gpo for [%s] failed: %s\n"), argv[0],
369 talloc_destroy(mem_ctx);
375 int net_ads_gpo(struct net_context *c, int argc, const char **argv)
377 struct functable func[] = {
382 N_("List specified GPO"),
383 N_("net ads gpo getgpo\n"
384 " List specified GPO")
388 net_ads_gpo_link_add,
390 N_("Link a container to a GPO"),
391 N_("net ads gpo linkadd\n"
392 " Link a container to a GPO")
397 net_ads_gpo_link_delete,
399 "Delete GPO link from a container",
400 "net ads gpo linkdelete\n"
401 " Delete GPO link from a container"
406 net_ads_gpo_link_get,
408 N_("Lists gPLink of container"),
409 N_("net ads gpo linkget\n"
410 " Lists gPLink of container")
416 N_("Lists all GPOs for machine/user"),
417 N_("net ads gpo list\n"
418 " Lists all GPOs for machine/user")
422 net_ads_gpo_list_all,
424 N_("Lists all GPOs on a DC"),
425 N_("net ads gpo listall\n"
426 " Lists all GPOs on a DC")
428 {NULL, NULL, 0, NULL, NULL}
431 return net_run_function(c, argc, argv, "net ads gpo", func);
434 #endif /* HAVE_ADS */