search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add support for building PDF's thru FO rather then docbook2latex. Output
[Samba.git] / source / utils / net_ads_gpo.c
blob83cc2fe8fcf2d797f4d034a3701a9adb33b60340
1 /*
2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4 Copyright (C) 2005 Guenther Deschner (gd@samba.org)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22 #include "utils/net.h"
23
24 #ifdef HAVE_ADS
25
26 static int net_ads_gpo_usage(int argc, const char **argv)
27 {
28 d_printf(
29 "net ads gpo <COMMAND>\n"\
30 "<COMMAND> can be either:\n"\
31 " ADDLINK Link a container to a GPO\n"\
32 /* " APPLY Apply all GPOs\n"\ */
33 /* " DELETELINK Delete a gPLink from a container\n"\ */
34 " REFRESH Lists all GPOs assigned to an account and downloads them\n"\
35 " GETGPO Lists specified GPO\n"\
36 " GETLINK Lists gPLink of a containter\n"\
37 " HELP Prints this help message\n"\
38 " LIST Lists all GPOs\n"\
39 "\n"
40 );
41 return -1;
42 }
43
44 static int net_ads_gpo_refresh(int argc, const char **argv)
45 {
46 TALLOC_CTX *mem_ctx;
47 ADS_STRUCT *ads;
48 ADS_STATUS status;
49 const char *attrs[] = { "userAccountControl", NULL };
50 LDAPMessage *res = NULL;
51 const char *filter;
52 char *dn = NULL;
53 struct GROUP_POLICY_OBJECT *gpo_list;
54 uint32 uac = 0;
55 uint32 flags = 0;
56 struct GROUP_POLICY_OBJECT *gpo;
57 NTSTATUS result;
58
59 if (argc < 1) {
60 printf("usage: net ads gpo refresh <username|machinename>\n");
61 return -1;
62 }
63
64 mem_ctx = talloc_init("net_ads_gpo_refresh");
65 if (mem_ctx == NULL) {
66 return -1;
67 }
68
69 filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", argv[0]);
70 if (filter == NULL) {
71 goto out;
72 }
73
74 status = ads_startup(False, &ads);
75 if (!ADS_ERR_OK(status)) {
76 goto out;
77 }
78
79 status = ads_do_search_all(ads, ads->config.bind_path,
80 LDAP_SCOPE_SUBTREE,
81 filter, attrs, &res);
82
83 if (!ADS_ERR_OK(status)) {
84 goto out;
85 }
86
87 if (ads_count_replies(ads, res) != 1) {
88 printf("no result\n");
89 goto out;
90 }
91
92 dn = ads_get_dn(ads, res);
93 if (dn == NULL) {
94 goto out;
95 }
96
97 if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
98 goto out;
99 }
100
101 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
102 flags |= GPO_LIST_FLAG_MACHINE;
103 }
104
105 printf("\n%s: '%s' has dn: '%s'\n\n",
106 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
107 argv[0], dn);
108
109 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
110 if (!ADS_ERR_OK(status)) {
111 goto out;
112 }
113
114 if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, gpo_list))) {
115 printf("failed to refresh GPOs: %s\n", nt_errstr(result));
116 goto out;
117 }
118
119 for (gpo = gpo_list; gpo; gpo = gpo->next) {
120
121 char *server, *share, *nt_path, *unix_path;
122
123 printf("--------------------------------------\n");
124 printf("Name:\t\t\t%s\n", gpo->display_name);
125 printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
126 gpo->version,
127 GPO_VERSION_USER(gpo->version),
128 GPO_VERSION_MACHINE(gpo->version));
129
130 result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo->file_sys_path,
131 &server, &share, &nt_path, &unix_path);
132 if (!NT_STATUS_IS_OK(result)) {
133 printf("got: %s\n", nt_errstr(result));
134 }
135
136 printf("GPO stored on server: %s, share: %s\n", server, share);
137 printf("\tremote path:\t%s\n", nt_path);
138 printf("\tlocal path:\t%s\n", unix_path);
139 }
140
141 out:
142 ads_memfree(ads, dn);
143 ads_msgfree(ads, res);
144
145 ads_destroy(&ads);
146 talloc_destroy(mem_ctx);
147 return 0;
148 }
149
150 static int net_ads_gpo_list(int argc, const char **argv)
151 {
152 ADS_STRUCT *ads;
153 ADS_STATUS status;
154 LDAPMessage *res = NULL;
155 int num_reply = 0;
156 LDAPMessage *msg = NULL;
157 struct GROUP_POLICY_OBJECT gpo;
158 TALLOC_CTX *mem_ctx;
159 char *dn;
160 const char *attrs[] = {
161 "versionNumber",
162 "flags",
163 "gPCFileSysPath",
164 "displayName",
165 "name",
166 "gPCMachineExtensionNames",
167 "gPCUserExtensionNames",
168 NULL
169 };
170
171 mem_ctx = talloc_init("net_ads_gpo_list");
172 if (mem_ctx == NULL) {
173 return -1;
174 }
175
176 status = ads_startup(False, &ads);
177 if (!ADS_ERR_OK(status)) {
178 goto out;
179 }
180
181 status = ads_do_search_all(ads, ads->config.bind_path,
182 LDAP_SCOPE_SUBTREE,
183 "(objectclass=groupPolicyContainer)", attrs, &res);
184 if (!ADS_ERR_OK(status)) {
185 d_printf("search failed: %s\n", ads_errstr(status));
186 goto out;
187 }
188
189 num_reply = ads_count_replies(ads, res);
190
191 d_printf("Got %d replies\n\n", num_reply);
192
193 /* dump the results */
194 for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
195
196 if ((dn = ads_get_dn(ads, msg)) == NULL) {
197 goto out;
198 }
199
200 status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo);
201
202 if (!ADS_ERR_OK(status)) {
203 d_printf("parse failed: %s\n", ads_errstr(status));
204 ads_memfree(ads, dn);
205 goto out;
206 }
207
208 dump_gpo(mem_ctx, &gpo, 1);
209 ads_memfree(ads, dn);
210 }
211
212 out:
213 ads_msgfree(ads, res);
214
215 talloc_destroy(mem_ctx);
216 ads_destroy(&ads);
217
218 return 0;
219 }
220
221 #if 0 /* not yet */
222
223 static int net_ads_gpo_apply(int argc, const char **argv)
224 {
225 TALLOC_CTX *mem_ctx;
226 ADS_STRUCT *ads;
227 ADS_STATUS status;
228 const char *attrs[] = {"distinguishedName", "userAccountControl", NULL};
229 LDAPMessage *res = NULL;
230 const char *filter;
231 char *dn = NULL;
232 struct GROUP_POLICY_OBJECT *gpo_list;
233 uint32 uac = 0;
234 uint32 flags = 0;
235
236 if (argc < 1) {
237 printf("usage: net ads gpo apply <username|machinename>\n");
238 return -1;
239 }
240
241 mem_ctx = talloc_init("net_ads_gpo_apply");
242 if (mem_ctx == NULL) {
243 goto out;
244 }
245
246 filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", argv[0]);
247 if (filter == NULL) {
248 goto out;
249 }
250
251 status = ads_startup(False, &ads);
252 if (!ADS_ERR_OK(status)) {
253 goto out;
254 }
255
256 status = ads_do_search_all(ads, ads->config.bind_path,
257 LDAP_SCOPE_SUBTREE,
258 filter, attrs, &res);
259
260 if (!ADS_ERR_OK(status)) {
261 goto out;
262 }
263
264 if (ads_count_replies(ads, res) != 1) {
265 printf("no result\n");
266 goto out;
267 }
268
269 dn = ads_get_dn(ads, res);
270 if (dn == NULL) {
271 goto out;
272 }
273
274 if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
275 goto out;
276 }
277
278 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
279 flags |= GPO_LIST_FLAG_MACHINE;
280 }
281
282 printf("%s: '%s' has dn: '%s'\n",
283 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
284 argv[0], dn);
285
286 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
287 if (!ADS_ERR_OK(status)) {
288 goto out;
289 }
290
291 /* FIXME: allow to process just a single extension */
292 status = gpo_process_gpo_list(ads, mem_ctx, &gpo_list, NULL, flags);
293 if (!ADS_ERR_OK(status)) {
294 goto out;
295 }
296
297 out:
298 ads_memfree(ads, dn);
299 ads_msgfree(ads, res);
300
301 ads_destroy(&ads);
302 talloc_destroy(mem_ctx);
303 return 0;
304 }
305
306 #endif
307
308 static int net_ads_gpo_get_link(int argc, const char **argv)
309 {
310 ADS_STRUCT *ads;
311 ADS_STATUS status;
312 TALLOC_CTX *mem_ctx;
313 struct GP_LINK gp_link;
314
315 if (argc < 1) {
316 printf("usage: net ads gpo getlink <linkname>\n");
317 return -1;
318 }
319
320 mem_ctx = talloc_init("add_gpo_link");
321 if (mem_ctx == NULL) {
322 return -1;
323 }
324
325 status = ads_startup(False, &ads);
326 if (!ADS_ERR_OK(status)) {
327 goto out;
328 }
329
330 status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
331 if (!ADS_ERR_OK(status)) {
332 d_printf("get link for %s failed: %s\n", argv[0], ads_errstr(status));
333 goto out;
334 }
335
336 dump_gplink(ads, mem_ctx, &gp_link);
337
338 out:
339 talloc_destroy(mem_ctx);
340 ads_destroy(&ads);
341
342 return 0;
343 }
344
345 static int net_ads_gpo_add_link(int argc, const char **argv)
346 {
347 ADS_STRUCT *ads;
348 ADS_STATUS status;
349 uint32 gpo_opt = 0;
350 TALLOC_CTX *mem_ctx;
351
352 if (argc < 2) {
353 printf("usage: net ads gpo addlink <linkdn> <gpodn> [options]\n");
354 printf("note: DNs must be provided properly escaped.\n See RFC 4514 for details\n");
355 return -1;
356 }
357
358 mem_ctx = talloc_init("add_gpo_link");
359 if (mem_ctx == NULL) {
360 return -1;
361 }
362
363 if (argc == 3) {
364 gpo_opt = atoi(argv[2]);
365 }
366
367 status = ads_startup(False, &ads);
368 if (!ADS_ERR_OK(status)) {
369 goto out;
370 }
371
372 status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
373 if (!ADS_ERR_OK(status)) {
374 d_printf("add link failed: %s\n", ads_errstr(status));
375 goto out;
376 }
377
378 out:
379 talloc_destroy(mem_ctx);
380 ads_destroy(&ads);
381
382 return 0;
383 }
384
385 #if 0 /* broken */
386
387 static int net_ads_gpo_delete_link(int argc, const char **argv)
388 {
389 ADS_STRUCT *ads;
390 ADS_STATUS status;
391 TALLOC_CTX *mem_ctx;
392
393 if (argc < 2) {
394 return -1;
395 }
396
397 mem_ctx = talloc_init("delete_gpo_link");
398 if (mem_ctx == NULL) {
399 return -1;
400 }
401
402 status = ads_startup(False, &ads);
403 if (!ADS_ERR_OK(status)) {
404 goto out;
405 }
406
407 status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
408 if (!ADS_ERR_OK(status)) {
409 d_printf("delete link failed: %s\n", ads_errstr(status));
410 goto out;
411 }
412
413 out:
414 talloc_destroy(mem_ctx);
415 ads_destroy(&ads);
416
417 return 0;
418 }
419
420 #endif
421
422 static int net_ads_gpo_get_gpo(int argc, const char **argv)
423 {
424 ADS_STRUCT *ads;
425 ADS_STATUS status;
426 TALLOC_CTX *mem_ctx;
427 struct GROUP_POLICY_OBJECT gpo;
428
429 if (argc < 1) {
430 printf("usage: net ads gpo getgpo <gpo>\n");
431 return -1;
432 }
433
434 mem_ctx = talloc_init("add_gpo_get_gpo");
435 if (mem_ctx == NULL) {
436 return -1;
437 }
438
439 status = ads_startup(False, &ads);
440 if (!ADS_ERR_OK(status)) {
441 goto out;
442 }
443
444 if (strnequal(argv[0], "CN={", strlen("CN={"))) {
445 status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
446 } else {
447 status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
448 }
449
450 if (!ADS_ERR_OK(status)) {
451 d_printf("get gpo for [%s] failed: %s\n", argv[0], ads_errstr(status));
452 goto out;
453 }
454
455 dump_gpo(mem_ctx, &gpo, 1);
456
457 out:
458 talloc_destroy(mem_ctx);
459 ads_destroy(&ads);
460
461 return 0;
462 }
463
464 int net_ads_gpo(int argc, const char **argv)
465 {
466 struct functable func[] = {
467 {"LIST", net_ads_gpo_list},
468 {"REFRESH", net_ads_gpo_refresh},
469 {"ADDLINK", net_ads_gpo_add_link},
470 /* {"DELETELINK", net_ads_gpo_delete_link}, */
471 {"GETLINK", net_ads_gpo_get_link},
472 {"GETGPO", net_ads_gpo_get_gpo},
473 {"HELP", net_ads_gpo_usage},
474 /* {"APPLY", net_ads_gpo_apply}, */
475 {NULL, NULL}
476 };
477
478 return net_run_function(argc, argv, func, net_ads_gpo_usage);
479 }
480
481 #endif /* HAVE_ADS */
Samba GIT mirror