2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4 Copyright (C) 2005 Guenther Deschner (gd@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "utils/net.h"
25 static int net_ads_gpo_usage(int argc, const char **argv)
28 "net ads gpo <COMMAND>\n"\
29 "<COMMAND> can be either:\n"\
30 " ADDLINK Link a container to a GPO\n"\
31 /* " APPLY Apply all GPOs\n"\ */
32 /* " DELETELINK Delete a gPLink from a container\n"\ */
33 " REFRESH Lists all GPOs assigned to an account and downloads them\n"\
34 " GETGPO Lists specified GPO\n"\
35 " GETLINK Lists gPLink of a containter\n"\
36 " HELP Prints this help message\n"\
37 " LIST Lists all GPOs\n"\
43 static int net_ads_gpo_refresh(int argc, const char **argv)
48 const char *dn = NULL;
49 struct GROUP_POLICY_OBJECT *gpo_list = NULL;
52 struct GROUP_POLICY_OBJECT *gpo;
56 printf("usage: net ads gpo refresh <username|machinename>\n");
60 mem_ctx = talloc_init("net_ads_gpo_refresh");
61 if (mem_ctx == NULL) {
65 status = ads_startup(False, &ads);
66 if (!ADS_ERR_OK(status)) {
70 status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
71 if (!ADS_ERR_OK(status)) {
72 printf("failed to find samaccount for %s\n", argv[0]);
76 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
77 flags |= GPO_LIST_FLAG_MACHINE;
80 printf("\n%s: '%s' has dn: '%s'\n\n",
81 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
84 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
85 if (!ADS_ERR_OK(status)) {
89 if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, gpo_list))) {
90 printf("failed to refresh GPOs: %s\n", nt_errstr(result));
94 for (gpo = gpo_list; gpo; gpo = gpo->next) {
96 char *server, *share, *nt_path, *unix_path;
98 printf("--------------------------------------\n");
99 printf("Name:\t\t\t%s\n", gpo->display_name);
100 printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
102 GPO_VERSION_USER(gpo->version),
103 GPO_VERSION_MACHINE(gpo->version));
105 result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
106 &server, &share, &nt_path, &unix_path);
107 if (!NT_STATUS_IS_OK(result)) {
108 printf("got: %s\n", nt_errstr(result));
111 printf("GPO stored on server: %s, share: %s\n", server, share);
112 printf("\tremote path:\t%s\n", nt_path);
113 printf("\tlocal path:\t%s\n", unix_path);
118 talloc_destroy(mem_ctx);
122 static int net_ads_gpo_list(int argc, const char **argv)
126 LDAPMessage *res = NULL;
128 LDAPMessage *msg = NULL;
129 struct GROUP_POLICY_OBJECT gpo;
132 const char *attrs[] = {
138 "gPCMachineExtensionNames",
139 "gPCUserExtensionNames",
143 mem_ctx = talloc_init("net_ads_gpo_list");
144 if (mem_ctx == NULL) {
148 status = ads_startup(False, &ads);
149 if (!ADS_ERR_OK(status)) {
153 status = ads_do_search_all(ads, ads->config.bind_path,
155 "(objectclass=groupPolicyContainer)", attrs, &res);
156 if (!ADS_ERR_OK(status)) {
157 d_printf("search failed: %s\n", ads_errstr(status));
161 num_reply = ads_count_replies(ads, res);
163 d_printf("Got %d replies\n\n", num_reply);
165 /* dump the results */
166 for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
168 if ((dn = ads_get_dn(ads, msg)) == NULL) {
172 status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo);
174 if (!ADS_ERR_OK(status)) {
175 d_printf("parse failed: %s\n", ads_errstr(status));
176 ads_memfree(ads, dn);
180 dump_gpo(mem_ctx, &gpo, 1);
181 ads_memfree(ads, dn);
185 ads_msgfree(ads, res);
187 talloc_destroy(mem_ctx);
195 static int net_ads_gpo_apply(int argc, const char **argv)
200 const char *dn = NULL;
201 struct GROUP_POLICY_OBJECT *gpo_list;
206 printf("usage: net ads gpo apply <username|machinename>\n");
210 mem_ctx = talloc_init("net_ads_gpo_apply");
211 if (mem_ctx == NULL) {
215 status = ads_startup(False, &ads);
216 if (!ADS_ERR_OK(status)) {
220 status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
221 if (!ADS_ERR_OK(status)) {
225 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
226 flags |= GPO_LIST_FLAG_MACHINE;
229 printf("%s: '%s' has dn: '%s'\n",
230 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
233 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
234 if (!ADS_ERR_OK(status)) {
238 /* FIXME: allow to process just a single extension */
239 status = gpo_process_gpo_list(ads, mem_ctx, gpo_list, NULL, flags);
240 if (!ADS_ERR_OK(status)) {
246 talloc_destroy(mem_ctx);
252 static int net_ads_gpo_get_link(int argc, const char **argv)
257 struct GP_LINK gp_link;
260 printf("usage: net ads gpo getlink <linkname>\n");
264 mem_ctx = talloc_init("add_gpo_link");
265 if (mem_ctx == NULL) {
269 status = ads_startup(False, &ads);
270 if (!ADS_ERR_OK(status)) {
274 status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
275 if (!ADS_ERR_OK(status)) {
276 d_printf("get link for %s failed: %s\n", argv[0], ads_errstr(status));
280 dump_gplink(ads, mem_ctx, &gp_link);
283 talloc_destroy(mem_ctx);
289 static int net_ads_gpo_add_link(int argc, const char **argv)
297 printf("usage: net ads gpo addlink <linkdn> <gpodn> [options]\n");
298 printf("note: DNs must be provided properly escaped.\n See RFC 4514 for details\n");
302 mem_ctx = talloc_init("add_gpo_link");
303 if (mem_ctx == NULL) {
308 gpo_opt = atoi(argv[2]);
311 status = ads_startup(False, &ads);
312 if (!ADS_ERR_OK(status)) {
316 status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
317 if (!ADS_ERR_OK(status)) {
318 d_printf("add link failed: %s\n", ads_errstr(status));
323 talloc_destroy(mem_ctx);
331 static int net_ads_gpo_delete_link(int argc, const char **argv)
341 mem_ctx = talloc_init("delete_gpo_link");
342 if (mem_ctx == NULL) {
346 status = ads_startup(False, &ads);
347 if (!ADS_ERR_OK(status)) {
351 status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
352 if (!ADS_ERR_OK(status)) {
353 d_printf("delete link failed: %s\n", ads_errstr(status));
358 talloc_destroy(mem_ctx);
366 static int net_ads_gpo_get_gpo(int argc, const char **argv)
371 struct GROUP_POLICY_OBJECT gpo;
374 printf("usage: net ads gpo getgpo <gpo>\n");
378 mem_ctx = talloc_init("add_gpo_get_gpo");
379 if (mem_ctx == NULL) {
383 status = ads_startup(False, &ads);
384 if (!ADS_ERR_OK(status)) {
388 if (strnequal(argv[0], "CN={", strlen("CN={"))) {
389 status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
391 status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
394 if (!ADS_ERR_OK(status)) {
395 d_printf("get gpo for [%s] failed: %s\n", argv[0], ads_errstr(status));
399 dump_gpo(mem_ctx, &gpo, 1);
402 talloc_destroy(mem_ctx);
408 int net_ads_gpo(int argc, const char **argv)
410 struct functable func[] = {
411 {"LIST", net_ads_gpo_list},
412 {"REFRESH", net_ads_gpo_refresh},
413 {"ADDLINK", net_ads_gpo_add_link},
414 /* {"DELETELINK", net_ads_gpo_delete_link}, */
415 {"GETLINK", net_ads_gpo_get_link},
416 {"GETGPO", net_ads_gpo_get_gpo},
417 {"HELP", net_ads_gpo_usage},
418 /* {"APPLY", net_ads_gpo_apply}, */
422 return net_run_function(argc, argv, func, net_ads_gpo_usage);
425 #endif /* HAVE_ADS */
git.samba.org / ira / wip.git / blob