search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Changed add_gplink to set_gplink, so we can change gPLink options as well.
[Samba.git] / source4 / utils / net / net_gpo.c
blobca85bb4f5880ae5f3f2858d27e21e3ebcf65d37d
1 /*
2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4
5 Copyright (C) 2005-2008 Guenther Deschner
6 Copyright (C) 2009 Wilco Baan Hofman
7
8 Based on Guenther's work in net_ads_gpo.h (samba 3)
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "utils/net/net.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "auth/auth.h"
28 #include "param/param.h"
29 #include "lib/policy/policy.h"
30
31 static int net_gpo_list_all_usage(struct net_context *ctx, int argc, const char **argv)
32 {
33 d_printf("Syntax: net gpo listall [options]\n");
34 d_printf("For a list of available options, please type net gpo listall --help\n");
35 return 0;
36 }
37
38 static int net_gpo_list_all(struct net_context *ctx, int argc, const char **argv)
39 {
40 struct gp_context *gp_ctx;
41 struct gp_object **gpo;
42 const char **gpo_flags;
43 unsigned int i, j;
44 NTSTATUS rv;
45
46 rv = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx);
47 if (!NT_STATUS_IS_OK(rv)) {
48 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(rv)));
49 return 1;
50 }
51
52 rv = gp_list_all_gpos(gp_ctx, &gpo);
53 if (!NT_STATUS_IS_OK(rv)) {
54 DEBUG(0, ("Failed to list all GPO's: %s\n", get_friendly_nt_error_msg(rv)));
55 return 1;
56 }
57
58 for (i = 0; gpo[i] != NULL; i++) {
59 gp_get_gpo_flags(gp_ctx, gpo[i]->flags, &gpo_flags);
60
61 d_printf("GPO : %s\n", gpo[i]->name);
62 d_printf("display name : %s\n", gpo[i]->display_name);
63 d_printf("path : %s\n", gpo[i]->file_sys_path);
64 d_printf("dn : %s\n", gpo[i]->dn);
65 d_printf("version : %d\n", gpo[i]->version);
66 if (gpo_flags[0] == NULL) {
67 d_printf("flags : NONE\n");
68 } else {
69 d_printf("flags : %s\n", gpo_flags[0]);
70 for (j = 1; gpo_flags[j] != NULL; j++) {
71 d_printf(" %s\n", gpo_flags[i]);
72 }
73 }
74 d_printf("\n");
75 talloc_free(gpo_flags);
76 }
77 talloc_free(gp_ctx);
78
79 return 0;
80 }
81
82 static int net_gpo_get_gpo_usage(struct net_context *ctx, int argc, const char **argv)
83 {
84 d_printf("Syntax: net gpo getgpo <dn> [options]\n");
85 d_printf("For a list of available options, please type net gpo getgpo --help\n");
86 return 0;
87 }
88
89 static int net_gpo_get_gpo(struct net_context *ctx, int argc, const char **argv)
90 {
91 struct gp_context *gp_ctx;
92 struct gp_object *gpo;
93 const char **gpo_flags;
94 int i;
95 NTSTATUS rv;
96
97 if (argc != 1) {
98 return net_gpo_get_gpo_usage(ctx, argc, argv);
99 }
100
101
102 rv = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx);
103 if (!NT_STATUS_IS_OK(rv)) {
104 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(rv)));
105 return 1;
106 }
107
108 rv = gp_get_gpo_info(gp_ctx, argv[0], &gpo);
109 if (!NT_STATUS_IS_OK(rv)) {
110 DEBUG(0, ("Failed to get GPO: %s\n", get_friendly_nt_error_msg(rv)));
111 return 1;
112 }
113
114 gp_get_gpo_flags(gp_ctx, gpo->flags, &gpo_flags);
115
116 d_printf("GPO : %s\n", gpo->name);
117 d_printf("display name : %s\n", gpo->display_name);
118 d_printf("path : %s\n", gpo->file_sys_path);
119 d_printf("dn : %s\n", gpo->dn);
120 d_printf("version : %d\n", gpo->version);
121 if (gpo_flags[0] == NULL) {
122 d_printf("flags : NONE\n");
123 } else {
124 d_printf("flags : %s\n", gpo_flags[0]);
125 for (i = 1; gpo_flags[i] != NULL; i++) {
126 d_printf(" %s\n", gpo_flags[i]);
127 }
128 }
129 d_printf("\n");
130
131 talloc_free(gp_ctx);
132 return 0;
133 }
134
135 static int net_gpo_link_get_usage(struct net_context *ctx, int argc, const char **argv)
136 {
137 d_printf("Syntax: net gpo linkget <dn> [options]\n");
138 d_printf("For a list of available options, please type net gpo linkget --help\n");
139 return 0;
140 }
141
142 static int net_gpo_link_get(struct net_context *ctx, int argc, const char **argv)
143 {
144 struct gp_context *gp_ctx;
145 struct gp_link **links;
146 NTSTATUS rv;
147 unsigned int i,j;
148 const char **options;
149
150 if (argc != 1) {
151 return net_gpo_link_get_usage(ctx, argc, argv);
152 }
153
154 rv = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx);
155 if (!NT_STATUS_IS_OK(rv)) {
156 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(rv)));
157 return 1;
158 }
159
160 rv = gp_get_gplinks(gp_ctx, argv[0], &links);
161 if (!NT_STATUS_IS_OK(rv)) {
162 DEBUG(0, ("Failed to get gplinks: %s\n", get_friendly_nt_error_msg(rv)));
163 return 1;
164 }
165
166 for (i = 0; links[i] != NULL; i++) {
167 gp_get_gplink_options(gp_ctx, links[i]->options, &options);
168
169 d_printf("GPO DN : %s\n", links[i]->dn);
170 if (options[0] == NULL) {
171 d_printf("Options : NONE\n");
172 } else {
173 d_printf("Options : %s\n", options[0]);
174 for (j = 1; options[j] != NULL; j++) {
175 d_printf(" : %s\n", options[j]);
176 }
177 }
178 d_printf("\n");
179
180 talloc_free(options);
181 }
182
183 talloc_free(gp_ctx);
184
185 return 0;
186 }
187
188 static int net_gpo_list_usage(struct net_context *ctx, int argc, const char **argv)
189 {
190 d_printf("Syntax: net gpo list <username> [options]\n");
191 d_printf("For a list of available options, please type net gpo list --help\n");
192 return 0;
193 }
194
195 static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
196 {
197 struct gp_context *gp_ctx;
198 struct ldb_result *result;
199 struct auth_serversupplied_info *server_info;
200 struct auth_session_info *session_info;
201 DATA_BLOB dummy = { NULL, 0 };
202 const char **gpos;
203 NTSTATUS status;
204 int rv;
205 unsigned int i;
206
207 if (argc != 1) {
208 return net_gpo_list_usage(ctx, argc, argv);
209 }
210 status = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx);
211 if (!NT_STATUS_IS_OK(status)) {
212 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status)));
213 return 1;
214 }
215
216 rv = ldb_search(gp_ctx->ldb_ctx,
217 gp_ctx,
218 &result,
219 ldb_get_default_basedn(gp_ctx->ldb_ctx),
220 LDB_SCOPE_SUBTREE,
221 NULL,
222 "(&(objectClass=user)(sAMAccountName=%s))", argv[0]);
223 if (rv != LDB_SUCCESS) {
224 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),ldb_errstring(gp_ctx->ldb_ctx)));
225 talloc_free(gp_ctx);
226 return 1;
227 }
228
229 /* We expect exactly one record */
230 if (result->count != 1) {
231 DEBUG(0, ("Could not find SAM account with name %s\n", argv[0]));
232 talloc_free(gp_ctx);
233 return 1;
234 }
235
236 status = authsam_make_server_info(gp_ctx,
237 gp_ctx->ldb_ctx,
238 lp_netbios_name(gp_ctx->lp_ctx),
239 lp_sam_name(gp_ctx->lp_ctx),
240 ldb_get_default_basedn(gp_ctx->ldb_ctx),
241 result->msgs[0],
242 dummy,
243 dummy,
244 &server_info);
245 if (!NT_STATUS_IS_OK(status)) {
246 DEBUG(0, ("Failed to make server information: %s\n", get_friendly_nt_error_msg(status)));
247 talloc_free(gp_ctx);
248 return 1;
249 }
250
251 status = auth_generate_session_info2(gp_ctx, gp_ctx->ev_ctx, gp_ctx->lp_ctx, server_info, &session_info);
252 if (!NT_STATUS_IS_OK(status)) {
253 DEBUG(0, ("Failed to generate session information: %s\n", get_friendly_nt_error_msg(status)));
254 talloc_free(gp_ctx);
255 return 1;
256 }
257
258 status = gp_list_gpos(gp_ctx, session_info->security_token, &gpos);
259 if (!NT_STATUS_IS_OK(status)) {
260 DEBUG(0, ("Failed to list gpos for user %s: %s\n", argv[0],
261 get_friendly_nt_error_msg(status)));
262 talloc_free(gp_ctx);
263 return 1;
264 }
265
266 d_printf("GPO's for user %s:\n", argv[0]);
267 for (i = 0; gpos[i] != NULL; i++) {
268 d_printf("\t%s\n", gpos[i]);
269 }
270
271 talloc_free(gp_ctx);
272 return 0;
273 }
274
275 static int net_gpo_link_set_usage(struct net_context *ctx, int argc, const char **argv)
276 {
277 d_printf("Syntax: net gpo linkset <container> <gpo> ['disable'] ['enforce'] [options]\n");
278 d_printf("For a list of available options, please type net gpo linkset --help\n");
279 return 0;
280 }
281
282 static int net_gpo_link_set(struct net_context *ctx, int argc, const char **argv)
283 {
284 struct gp_link *gplink = talloc_zero(ctx, struct gp_link);
285 struct gp_context *gp_ctx;
286 unsigned int i;
287 NTSTATUS status;
288
289 if (argc < 2) {
290 return net_gpo_link_set_usage(ctx, argc, argv);
291 }
292
293 if (argc >= 3) {
294 for (i = 2; i < argc; i++) {
295 if (strcmp(argv[i], "disable") == 0) {
296 gplink->options |= GPLINK_OPT_DISABLE;
297 }
298 if (strcmp(argv[i], "enforce") == 0) {
299 gplink->options |= GPLINK_OPT_ENFORCE;
300 }
301 }
302 }
303 gplink->dn = argv[1];
304
305 status = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx);
306 if (!NT_STATUS_IS_OK(status)) {
307 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status)));
308 return 1;
309 }
310
311 status = gp_set_gplink(gp_ctx, argv[0], gplink);
312 if (!NT_STATUS_IS_OK(status)) {
313 DEBUG(0, ("Failed to set GPO link on container: %s\n", get_friendly_nt_error_msg(status)));
314 return 1;
315 }
316 d_printf("Added link to container.\n");
317
318 /* Display current links */
319 net_gpo_link_get(ctx, 1, argv);
320
321 talloc_free(gp_ctx);
322 return 0;
323 }
324
325 static const struct net_functable net_gpo_functable[] = {
326 { "listall", "List all GPO's on a DC\n", net_gpo_list_all, net_gpo_list_all_usage },
327 { "getgpo", "List specificied GPO\n", net_gpo_get_gpo, net_gpo_get_gpo_usage },
328 { "linkget", "List gPLink of container\n", net_gpo_link_get, net_gpo_link_get_usage },
329 { "linkset", "Link a GPO to a container\n", net_gpo_link_set, net_gpo_link_set_usage },
330 /* { "linkdelete", "Delete GPO link from a container\n", net_gpo_link_delete, net_gpo_usage }, */
331 { "list", "List all GPO's for a machine/user\n", net_gpo_list, net_gpo_list_usage },
332 /* { "apply", "Apply GPO to container\n", net_gpo_apply, net_gpo_usage }, */
333 // { "refresh", "List all GPO's for machine/user and download them\n", net_gpo_refresh, net_gpo_refresh_usage },
334 { NULL, NULL }
335 };
336
337
338
339 int net_gpo_usage(struct net_context *ctx, int argc, const char **argv)
340 {
341 d_printf("Syntax: net gpo <command> [options]\n");
342 d_printf("For available commands, please type net gpo help\n");
343 return 0;
344 }
345
346 int net_gpo(struct net_context *ctx, int argc, const char **argv)
347 {
348 return net_run_function(ctx, argc, argv, net_gpo_functable, net_gpo_usage);
349 }
Samba GIT mirror