2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
5 Copyright (C) 2005-2008 Guenther Deschner
6 Copyright (C) 2009 Wilco Baan Hofman
8 Based on Guenther's work in net_ads_gpo.h (samba 3)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "utils/net/net.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "auth/auth.h"
28 #include "param/param.h"
29 #include "lib/policy/policy.h"
31 static int net_gpo_list_all_usage(struct net_context
*ctx
, int argc
, const char **argv
)
33 d_printf("Syntax: net gpo listall [options]\n");
34 d_printf("For a list of available options, please type net gpo listall --help\n");
38 static int net_gpo_list_all(struct net_context
*ctx
, int argc
, const char **argv
)
40 struct gp_context
*gp_ctx
;
41 struct gp_object
**gpo
;
42 const char **gpo_flags
;
46 rv
= gp_init(ctx
, ctx
->lp_ctx
, ctx
->credentials
, ctx
->event_ctx
, &gp_ctx
);
47 if (!NT_STATUS_IS_OK(rv
)) {
48 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(rv
)));
52 rv
= gp_list_all_gpos(gp_ctx
, &gpo
);
53 if (!NT_STATUS_IS_OK(rv
)) {
54 DEBUG(0, ("Failed to list all GPO's: %s\n", get_friendly_nt_error_msg(rv
)));
58 for (i
= 0; gpo
[i
] != NULL
; i
++) {
59 gp_get_gpo_flags(gp_ctx
, gpo
[i
]->flags
, &gpo_flags
);
61 d_printf("GPO : %s\n", gpo
[i
]->name
);
62 d_printf("display name : %s\n", gpo
[i
]->display_name
);
63 d_printf("path : %s\n", gpo
[i
]->file_sys_path
);
64 d_printf("dn : %s\n", gpo
[i
]->dn
);
65 d_printf("version : %d\n", gpo
[i
]->version
);
66 if (gpo_flags
[0] == NULL
) {
67 d_printf("flags : NONE\n");
69 d_printf("flags : %s\n", gpo_flags
[0]);
70 for (j
= 1; gpo_flags
[j
] != NULL
; j
++) {
71 d_printf(" %s\n", gpo_flags
[i
]);
75 talloc_free(gpo_flags
);
82 static int net_gpo_get_gpo_usage(struct net_context
*ctx
, int argc
, const char **argv
)
84 d_printf("Syntax: net gpo getgpo <dn> [options]\n");
85 d_printf("For a list of available options, please type net gpo getgpo --help\n");
89 static int net_gpo_get_gpo(struct net_context
*ctx
, int argc
, const char **argv
)
91 struct gp_context
*gp_ctx
;
92 struct gp_object
*gpo
;
93 const char **gpo_flags
;
98 return net_gpo_get_gpo_usage(ctx
, argc
, argv
);
102 rv
= gp_init(ctx
, ctx
->lp_ctx
, ctx
->credentials
, ctx
->event_ctx
, &gp_ctx
);
103 if (!NT_STATUS_IS_OK(rv
)) {
104 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(rv
)));
108 rv
= gp_get_gpo_info(gp_ctx
, argv
[0], &gpo
);
109 if (!NT_STATUS_IS_OK(rv
)) {
110 DEBUG(0, ("Failed to get GPO: %s\n", get_friendly_nt_error_msg(rv
)));
114 gp_get_gpo_flags(gp_ctx
, gpo
->flags
, &gpo_flags
);
116 d_printf("GPO : %s\n", gpo
->name
);
117 d_printf("display name : %s\n", gpo
->display_name
);
118 d_printf("path : %s\n", gpo
->file_sys_path
);
119 d_printf("dn : %s\n", gpo
->dn
);
120 d_printf("version : %d\n", gpo
->version
);
121 if (gpo_flags
[0] == NULL
) {
122 d_printf("flags : NONE\n");
124 d_printf("flags : %s\n", gpo_flags
[0]);
125 for (i
= 1; gpo_flags
[i
] != NULL
; i
++) {
126 d_printf(" %s\n", gpo_flags
[i
]);
135 static int net_gpo_link_get_usage(struct net_context
*ctx
, int argc
, const char **argv
)
137 d_printf("Syntax: net gpo linkget <dn> [options]\n");
138 d_printf("For a list of available options, please type net gpo linkget --help\n");
142 static int net_gpo_link_get(struct net_context
*ctx
, int argc
, const char **argv
)
144 struct gp_context
*gp_ctx
;
145 struct gp_link
**links
;
148 const char **options
;
151 return net_gpo_link_get_usage(ctx
, argc
, argv
);
154 rv
= gp_init(ctx
, ctx
->lp_ctx
, ctx
->credentials
, ctx
->event_ctx
, &gp_ctx
);
155 if (!NT_STATUS_IS_OK(rv
)) {
156 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(rv
)));
160 rv
= gp_get_gplinks(gp_ctx
, argv
[0], &links
);
161 if (!NT_STATUS_IS_OK(rv
)) {
162 DEBUG(0, ("Failed to get gplinks: %s\n", get_friendly_nt_error_msg(rv
)));
166 for (i
= 0; links
[i
] != NULL
; i
++) {
167 gp_get_gplink_options(gp_ctx
, links
[i
]->options
, &options
);
169 d_printf("GPO DN : %s\n", links
[i
]->dn
);
170 if (options
[0] == NULL
) {
171 d_printf("Options : NONE\n");
173 d_printf("Options : %s\n", options
[0]);
174 for (j
= 1; options
[j
] != NULL
; j
++) {
175 d_printf(" : %s\n", options
[j
]);
180 talloc_free(options
);
188 static int net_gpo_list_usage(struct net_context
*ctx
, int argc
, const char **argv
)
190 d_printf("Syntax: net gpo list <username> [options]\n");
191 d_printf("For a list of available options, please type net gpo list --help\n");
195 static int net_gpo_list(struct net_context
*ctx
, int argc
, const char **argv
)
197 struct gp_context
*gp_ctx
;
198 struct ldb_result
*result
;
199 struct auth_serversupplied_info
*server_info
;
200 struct auth_session_info
*session_info
;
201 DATA_BLOB dummy
= { NULL
, 0 };
208 return net_gpo_list_usage(ctx
, argc
, argv
);
210 status
= gp_init(ctx
, ctx
->lp_ctx
, ctx
->credentials
, ctx
->event_ctx
, &gp_ctx
);
211 if (!NT_STATUS_IS_OK(status
)) {
212 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status
)));
216 rv
= ldb_search(gp_ctx
->ldb_ctx
,
219 ldb_get_default_basedn(gp_ctx
->ldb_ctx
),
222 "(&(objectClass=user)(sAMAccountName=%s))", argv
[0]);
223 if (rv
!= LDB_SUCCESS
) {
224 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv
),ldb_errstring(gp_ctx
->ldb_ctx
)));
229 /* We expect exactly one record */
230 if (result
->count
!= 1) {
231 DEBUG(0, ("Could not find SAM account with name %s\n", argv
[0]));
236 status
= authsam_make_server_info(gp_ctx
,
238 lp_netbios_name(gp_ctx
->lp_ctx
),
239 lp_sam_name(gp_ctx
->lp_ctx
),
240 ldb_get_default_basedn(gp_ctx
->ldb_ctx
),
245 if (!NT_STATUS_IS_OK(status
)) {
246 DEBUG(0, ("Failed to make server information: %s\n", get_friendly_nt_error_msg(status
)));
251 status
= auth_generate_session_info2(gp_ctx
, gp_ctx
->ev_ctx
, gp_ctx
->lp_ctx
, server_info
, &session_info
);
252 if (!NT_STATUS_IS_OK(status
)) {
253 DEBUG(0, ("Failed to generate session information: %s\n", get_friendly_nt_error_msg(status
)));
258 status
= gp_list_gpos(gp_ctx
, session_info
->security_token
, &gpos
);
259 if (!NT_STATUS_IS_OK(status
)) {
260 DEBUG(0, ("Failed to list gpos for user %s: %s\n", argv
[0],
261 get_friendly_nt_error_msg(status
)));
266 d_printf("GPO's for user %s:\n", argv
[0]);
267 for (i
= 0; gpos
[i
] != NULL
; i
++) {
268 d_printf("\t%s\n", gpos
[i
]);
275 static int net_gpo_link_set_usage(struct net_context
*ctx
, int argc
, const char **argv
)
277 d_printf("Syntax: net gpo linkset <container> <gpo> ['disable'] ['enforce'] [options]\n");
278 d_printf("For a list of available options, please type net gpo linkset --help\n");
282 static int net_gpo_link_set(struct net_context
*ctx
, int argc
, const char **argv
)
284 struct gp_link
*gplink
= talloc_zero(ctx
, struct gp_link
);
285 struct gp_context
*gp_ctx
;
290 return net_gpo_link_set_usage(ctx
, argc
, argv
);
294 for (i
= 2; i
< argc
; i
++) {
295 if (strcmp(argv
[i
], "disable") == 0) {
296 gplink
->options
|= GPLINK_OPT_DISABLE
;
298 if (strcmp(argv
[i
], "enforce") == 0) {
299 gplink
->options
|= GPLINK_OPT_ENFORCE
;
303 gplink
->dn
= argv
[1];
305 status
= gp_init(ctx
, ctx
->lp_ctx
, ctx
->credentials
, ctx
->event_ctx
, &gp_ctx
);
306 if (!NT_STATUS_IS_OK(status
)) {
307 DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status
)));
311 status
= gp_set_gplink(gp_ctx
, argv
[0], gplink
);
312 if (!NT_STATUS_IS_OK(status
)) {
313 DEBUG(0, ("Failed to set GPO link on container: %s\n", get_friendly_nt_error_msg(status
)));
316 d_printf("Added link to container.\n");
318 /* Display current links */
319 net_gpo_link_get(ctx
, 1, argv
);
325 static const struct net_functable net_gpo_functable
[] = {
326 { "listall", "List all GPO's on a DC\n", net_gpo_list_all
, net_gpo_list_all_usage
},
327 { "getgpo", "List specificied GPO\n", net_gpo_get_gpo
, net_gpo_get_gpo_usage
},
328 { "linkget", "List gPLink of container\n", net_gpo_link_get
, net_gpo_link_get_usage
},
329 { "linkset", "Link a GPO to a container\n", net_gpo_link_set
, net_gpo_link_set_usage
},
330 /* { "linkdelete", "Delete GPO link from a container\n", net_gpo_link_delete, net_gpo_usage }, */
331 { "list", "List all GPO's for a machine/user\n", net_gpo_list
, net_gpo_list_usage
},
332 /* { "apply", "Apply GPO to container\n", net_gpo_apply, net_gpo_usage }, */
333 // { "refresh", "List all GPO's for machine/user and download them\n", net_gpo_refresh, net_gpo_refresh_usage },
339 int net_gpo_usage(struct net_context
*ctx
, int argc
, const char **argv
)
341 d_printf("Syntax: net gpo <command> [options]\n");
342 d_printf("For available commands, please type net gpo help\n");
346 int net_gpo(struct net_context
*ctx
, int argc
, const char **argv
)
348 return net_run_function(ctx
, argc
, argv
, net_gpo_functable
, net_gpo_usage
);