2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4 Copyright (C) 2005 Guenther Deschner (gd@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #include "utils/net.h"
26 static int net_ads_gpo_usage(int argc, const char **argv)
29 "net ads gpo <COMMAND>\n"\
30 "<COMMAND> can be either:\n"\
31 " ADDLINK Link a container to a GPO\n"\
32 /* " APPLY Apply all GPOs\n"\ */
33 /* " DELETELINK Delete a gPLink from a container\n"\ */
34 " REFRESH Lists all GPOs assigned to an account and downloads them\n"\
35 " GETGPO Lists specified GPO\n"\
36 " GETLINK Lists gPLink of a containter\n"\
37 " HELP Prints this help message\n"\
38 " LIST Lists all GPOs\n"\
44 static int net_ads_gpo_refresh(int argc, const char **argv)
49 const char *dn = NULL;
50 struct GROUP_POLICY_OBJECT *gpo_list = NULL;
53 struct GROUP_POLICY_OBJECT *gpo;
57 printf("usage: net ads gpo refresh <username|machinename>\n");
61 mem_ctx = talloc_init("net_ads_gpo_refresh");
62 if (mem_ctx == NULL) {
66 status = ads_startup(False, &ads);
67 if (!ADS_ERR_OK(status)) {
71 status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
72 if (!ADS_ERR_OK(status)) {
73 printf("failed to find samaccount for %s\n", argv[0]);
77 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
78 flags |= GPO_LIST_FLAG_MACHINE;
81 printf("\n%s: '%s' has dn: '%s'\n\n",
82 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
85 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
86 if (!ADS_ERR_OK(status)) {
90 if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, gpo_list))) {
91 printf("failed to refresh GPOs: %s\n", nt_errstr(result));
95 for (gpo = gpo_list; gpo; gpo = gpo->next) {
97 char *server, *share, *nt_path, *unix_path;
99 printf("--------------------------------------\n");
100 printf("Name:\t\t\t%s\n", gpo->display_name);
101 printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
103 GPO_VERSION_USER(gpo->version),
104 GPO_VERSION_MACHINE(gpo->version));
106 result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
107 &server, &share, &nt_path, &unix_path);
108 if (!NT_STATUS_IS_OK(result)) {
109 printf("got: %s\n", nt_errstr(result));
112 printf("GPO stored on server: %s, share: %s\n", server, share);
113 printf("\tremote path:\t%s\n", nt_path);
114 printf("\tlocal path:\t%s\n", unix_path);
119 talloc_destroy(mem_ctx);
123 static int net_ads_gpo_list(int argc, const char **argv)
127 LDAPMessage *res = NULL;
129 LDAPMessage *msg = NULL;
130 struct GROUP_POLICY_OBJECT gpo;
133 const char *attrs[] = {
139 "gPCMachineExtensionNames",
140 "gPCUserExtensionNames",
144 mem_ctx = talloc_init("net_ads_gpo_list");
145 if (mem_ctx == NULL) {
149 status = ads_startup(False, &ads);
150 if (!ADS_ERR_OK(status)) {
154 status = ads_do_search_all(ads, ads->config.bind_path,
156 "(objectclass=groupPolicyContainer)", attrs, &res);
157 if (!ADS_ERR_OK(status)) {
158 d_printf("search failed: %s\n", ads_errstr(status));
162 num_reply = ads_count_replies(ads, res);
164 d_printf("Got %d replies\n\n", num_reply);
166 /* dump the results */
167 for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
169 if ((dn = ads_get_dn(ads, msg)) == NULL) {
173 status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo);
175 if (!ADS_ERR_OK(status)) {
176 d_printf("parse failed: %s\n", ads_errstr(status));
177 ads_memfree(ads, dn);
181 dump_gpo(mem_ctx, &gpo, 1);
182 ads_memfree(ads, dn);
186 ads_msgfree(ads, res);
188 talloc_destroy(mem_ctx);
196 static int net_ads_gpo_apply(int argc, const char **argv)
201 const char *dn = NULL;
202 struct GROUP_POLICY_OBJECT *gpo_list;
207 printf("usage: net ads gpo apply <username|machinename>\n");
211 mem_ctx = talloc_init("net_ads_gpo_apply");
212 if (mem_ctx == NULL) {
216 status = ads_startup(False, &ads);
217 if (!ADS_ERR_OK(status)) {
221 status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
222 if (!ADS_ERR_OK(status)) {
226 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
227 flags |= GPO_LIST_FLAG_MACHINE;
230 printf("%s: '%s' has dn: '%s'\n",
231 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
234 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
235 if (!ADS_ERR_OK(status)) {
239 /* FIXME: allow to process just a single extension */
240 status = gpo_process_gpo_list(ads, mem_ctx, gpo_list, NULL, flags);
241 if (!ADS_ERR_OK(status)) {
247 talloc_destroy(mem_ctx);
253 static int net_ads_gpo_get_link(int argc, const char **argv)
258 struct GP_LINK gp_link;
261 printf("usage: net ads gpo getlink <linkname>\n");
265 mem_ctx = talloc_init("add_gpo_link");
266 if (mem_ctx == NULL) {
270 status = ads_startup(False, &ads);
271 if (!ADS_ERR_OK(status)) {
275 status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
276 if (!ADS_ERR_OK(status)) {
277 d_printf("get link for %s failed: %s\n", argv[0], ads_errstr(status));
281 dump_gplink(ads, mem_ctx, &gp_link);
284 talloc_destroy(mem_ctx);
290 static int net_ads_gpo_add_link(int argc, const char **argv)
298 printf("usage: net ads gpo addlink <linkdn> <gpodn> [options]\n");
299 printf("note: DNs must be provided properly escaped.\n See RFC 4514 for details\n");
303 mem_ctx = talloc_init("add_gpo_link");
304 if (mem_ctx == NULL) {
309 gpo_opt = atoi(argv[2]);
312 status = ads_startup(False, &ads);
313 if (!ADS_ERR_OK(status)) {
317 status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
318 if (!ADS_ERR_OK(status)) {
319 d_printf("add link failed: %s\n", ads_errstr(status));
324 talloc_destroy(mem_ctx);
332 static int net_ads_gpo_delete_link(int argc, const char **argv)
342 mem_ctx = talloc_init("delete_gpo_link");
343 if (mem_ctx == NULL) {
347 status = ads_startup(False, &ads);
348 if (!ADS_ERR_OK(status)) {
352 status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
353 if (!ADS_ERR_OK(status)) {
354 d_printf("delete link failed: %s\n", ads_errstr(status));
359 talloc_destroy(mem_ctx);
367 static int net_ads_gpo_get_gpo(int argc, const char **argv)
372 struct GROUP_POLICY_OBJECT gpo;
375 printf("usage: net ads gpo getgpo <gpo>\n");
379 mem_ctx = talloc_init("add_gpo_get_gpo");
380 if (mem_ctx == NULL) {
384 status = ads_startup(False, &ads);
385 if (!ADS_ERR_OK(status)) {
389 if (strnequal(argv[0], "CN={", strlen("CN={"))) {
390 status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
392 status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
395 if (!ADS_ERR_OK(status)) {
396 d_printf("get gpo for [%s] failed: %s\n", argv[0], ads_errstr(status));
400 dump_gpo(mem_ctx, &gpo, 1);
403 talloc_destroy(mem_ctx);
409 int net_ads_gpo(int argc, const char **argv)
411 struct functable func[] = {
412 {"LIST", net_ads_gpo_list},
413 {"REFRESH", net_ads_gpo_refresh},
414 {"ADDLINK", net_ads_gpo_add_link},
415 /* {"DELETELINK", net_ads_gpo_delete_link}, */
416 {"GETLINK", net_ads_gpo_get_link},
417 {"GETGPO", net_ads_gpo_get_gpo},
418 {"HELP", net_ads_gpo_usage},
419 /* {"APPLY", net_ads_gpo_apply}, */
423 return net_run_function(argc, argv, func, net_ads_gpo_usage);
426 #endif /* HAVE_ADS */