search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r14156: Fix coverity #114: free storage alloc'ed by sstring_sub()
[Samba/nascimento.git] / source3 / utils / net_ads_gpo.c
blobfec6fb88fa26eaa1ef1ba824973939f629215e9c
1 /*
2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4 Copyright (C) 2005 Guenther Deschner (gd@samba.org)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22 #include "utils/net.h"
23
24 #ifdef HAVE_ADS
25
26 static int net_ads_gpo_usage(int argc, const char **argv)
27 {
28 d_printf(
29 "net ads gpo <COMMAND>\n"\
30 "<COMMAND> can be either:\n"\
31 " ADDLINK Link a container to a GPO\n"\
32 " APPLY Apply all GPOs\n"\
33 " DELETELINK Delete a gPLink from a container\n"\
34 " EFFECTIVE Lists all GPOs assigned to a machine\n"\
35 " GETGPO Lists specified GPO\n"\
36 " GETLINK Lists gPLink of a containter\n"\
37 " HELP Prints this help message\n"\
38 " LIST Lists all GPOs\n"\
39 "\n"
40 );
41 return -1;
42 }
43
44 static int net_ads_gpo_effective(int argc, const char **argv)
45 {
46 TALLOC_CTX *mem_ctx;
47 ADS_STRUCT *ads;
48 ADS_STATUS status;
49 const char *attrs[] = {"distinguishedName", "userAccountControl", NULL};
50 void *res = NULL;
51 const char *filter;
52 char *dn = NULL;
53 struct GROUP_POLICY_OBJECT *gpo_list;
54 uint32 uac = 0;
55 uint32 flags = 0;
56
57 if (argc < 1) {
58 return -1;
59 }
60
61 mem_ctx = talloc_init("net_ads_gpo_effective");
62 if (mem_ctx == NULL) {
63 return -1;
64 }
65
66 filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", argv[0]);
67 if (filter == NULL) {
68 goto out;
69 }
70
71 if (!(ads = ads_startup())) {
72 goto out;
73 }
74
75 status = ads_do_search_all(ads, ads->config.bind_path,
76 LDAP_SCOPE_SUBTREE,
77 filter, attrs, &res);
78
79 if (!ADS_ERR_OK(status)) {
80 goto out;
81 }
82
83 if (ads_count_replies(ads, res) != 1) {
84 printf("no result\n");
85 goto out;
86 }
87
88 dn = ads_get_dn(ads, res);
89 if (dn == NULL) {
90 goto out;
91 }
92
93 if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
94 goto out;
95 }
96
97 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
98 flags |= GPO_LIST_FLAG_MACHINE;
99 }
100
101 printf("%s: '%s' has dn: '%s'\n",
102 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
103 argv[0], dn);
104
105 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
106 if (!ADS_ERR_OK(status)) {
107 goto out;
108 }
109
110 printf("unsorted full dump of all GPOs for this machine:\n");
111
112 {
113 struct GROUP_POLICY_OBJECT *gpo = gpo_list;
114
115 for (gpo = gpo_list; gpo; gpo = gpo->next) {
116 dump_gpo(mem_ctx, gpo);
117 }
118 }
119
120 printf("sorted full dump of all GPOs valid for this machine:\n");
121
122 out:
123 ads_memfree(ads, dn);
124 ads_msgfree(ads, res);
125
126 ads_destroy(&ads);
127 talloc_destroy(mem_ctx);
128 return 0;
129 }
130
131 static int net_ads_gpo_list(int argc, const char **argv)
132 {
133 ADS_STRUCT *ads;
134 ADS_STATUS status;
135 void *res = NULL;
136 int num_reply = 0;
137 void *msg = NULL;
138 struct GROUP_POLICY_OBJECT gpo;
139 TALLOC_CTX *mem_ctx;
140
141 mem_ctx = talloc_init("net_ads_gpo_list");
142 if (mem_ctx == NULL) {
143 return -1;
144 }
145
146 if (!(ads = ads_startup())) {
147 goto out;
148 }
149
150 status = ads_do_search_all(ads, ads->config.bind_path,
151 LDAP_SCOPE_SUBTREE,
152 "(objectclass=groupPolicyContainer)", NULL, &res);
153 if (!ADS_ERR_OK(status)) {
154 d_printf("search failed: %s\n", ads_errstr(status));
155 goto out;
156 }
157
158 num_reply = ads_count_replies(ads, res);
159
160 d_printf("Got %d replies\n\n", num_reply);
161
162 /* dump the results */
163 for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
164
165 status = ads_parse_gpo(ads, mem_ctx, msg, ads_get_dn(ads, msg), &gpo);
166
167 if (!ADS_ERR_OK(status)) {
168 d_printf("parse failed: %s\n", ads_errstr(status));
169 goto out;
170 }
171
172 dump_gpo(mem_ctx, &gpo);
173
174 }
175
176 out:
177 ads_msgfree(ads, res);
178
179 talloc_destroy(mem_ctx);
180 ads_destroy(&ads);
181
182 return 0;
183 }
184
185 static int net_ads_gpo_apply(int argc, const char **argv)
186 {
187 TALLOC_CTX *mem_ctx;
188 ADS_STRUCT *ads;
189 ADS_STATUS status;
190 const char *attrs[] = {"distinguishedName", "userAccountControl", NULL};
191 void *res = NULL;
192 const char *filter;
193 char *dn = NULL;
194 struct GROUP_POLICY_OBJECT *gpo_list;
195 uint32 uac = 0;
196 uint32 flags = 0;
197
198 if (argc < 1) {
199 return -1;
200 }
201
202 mem_ctx = talloc_init("net_ads_gpo_apply");
203 if (mem_ctx == NULL) {
204 goto out;
205 }
206
207 filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", argv[0]);
208 if (filter == NULL) {
209 goto out;
210 }
211
212 if (!(ads = ads_startup())) {
213 goto out;
214 }
215
216 status = ads_do_search_all(ads, ads->config.bind_path,
217 LDAP_SCOPE_SUBTREE,
218 filter, attrs, &res);
219
220 if (!ADS_ERR_OK(status)) {
221 goto out;
222 }
223
224 if (ads_count_replies(ads, res) != 1) {
225 printf("no result\n");
226 goto out;
227 }
228
229 dn = ads_get_dn(ads, res);
230 if (dn == NULL) {
231 goto out;
232 }
233
234 if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
235 goto out;
236 }
237
238 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
239 flags |= GPO_LIST_FLAG_MACHINE;
240 }
241
242 printf("%s: '%s' has dn: '%s'\n",
243 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
244 argv[0], dn);
245
246 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
247 if (!ADS_ERR_OK(status)) {
248 goto out;
249 }
250
251 /* FIXME: allow to process just a single extension */
252 status = gpo_process_gpo_list(ads, mem_ctx, &gpo_list, NULL, flags);
253 if (!ADS_ERR_OK(status)) {
254 goto out;
255 }
256
257 out:
258 ads_memfree(ads, dn);
259 ads_msgfree(ads, res);
260
261 ads_destroy(&ads);
262 talloc_destroy(mem_ctx);
263 return 0;
264 }
265
266
267 static int net_ads_gpo_get_link(int argc, const char **argv)
268 {
269 ADS_STRUCT *ads;
270 ADS_STATUS status;
271 TALLOC_CTX *mem_ctx;
272 struct GP_LINK gp_link;
273
274 if (argc < 1) {
275 return -1;
276 }
277
278 mem_ctx = talloc_init("add_gpo_link");
279 if (mem_ctx == NULL) {
280 return -1;
281 }
282
283 if (!(ads = ads_startup())) {
284 goto out;
285 }
286
287 status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
288 if (!ADS_ERR_OK(status)) {
289 d_printf("get link for %s failed: %s\n", argv[0], ads_errstr(status));
290 goto out;
291 }
292
293 dump_gplink(ads, mem_ctx, &gp_link);
294
295 out:
296 talloc_destroy(mem_ctx);
297 ads_destroy(&ads);
298
299 return 0;
300 }
301
302 static int net_ads_gpo_add_link(int argc, const char **argv)
303 {
304 ADS_STRUCT *ads;
305 ADS_STATUS status;
306 uint32 gpo_opt = 0;
307 TALLOC_CTX *mem_ctx;
308
309 if (argc < 2) {
310 return -1;
311 }
312
313 mem_ctx = talloc_init("add_gpo_link");
314 if (mem_ctx == NULL) {
315 return -1;
316 }
317
318 if (argc == 3) {
319 gpo_opt = atoi(argv[2]);
320 }
321
322 if (!(ads = ads_startup())) {
323 goto out;
324 }
325
326 status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
327 if (!ADS_ERR_OK(status)) {
328 d_printf("add link failed: %s\n", ads_errstr(status));
329 goto out;
330 }
331
332 out:
333 talloc_destroy(mem_ctx);
334 ads_destroy(&ads);
335
336 return 0;
337 }
338
339 static int net_ads_gpo_delete_link(int argc, const char **argv)
340 {
341 ADS_STRUCT *ads;
342 ADS_STATUS status;
343 TALLOC_CTX *mem_ctx;
344
345 if (argc < 2) {
346 return -1;
347 }
348
349 mem_ctx = talloc_init("delete_gpo_link");
350 if (mem_ctx == NULL) {
351 return -1;
352 }
353
354 if (!(ads = ads_startup())) {
355 goto out;
356 }
357
358 status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
359 if (!ADS_ERR_OK(status)) {
360 d_printf("delete link failed: %s\n", ads_errstr(status));
361 goto out;
362 }
363
364 out:
365 talloc_destroy(mem_ctx);
366 ads_destroy(&ads);
367
368 return 0;
369 }
370
371 static int net_ads_gpo_get_gpo(int argc, const char **argv)
372 {
373 ADS_STRUCT *ads;
374 ADS_STATUS status;
375 TALLOC_CTX *mem_ctx;
376 struct GROUP_POLICY_OBJECT gpo;
377 uint32 sysvol_gpt_version;
378
379 if (argc < 1) {
380 return -1;
381 }
382
383 mem_ctx = talloc_init("add_gpo_get_gpo");
384 if (mem_ctx == NULL) {
385 return -1;
386 }
387
388 if (!(ads = ads_startup())) {
389 goto out;
390 }
391
392 if (strnequal(argv[0], "CN={", strlen("CN={"))) {
393 status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
394 } else {
395 status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
396 }
397
398 if (!ADS_ERR_OK(status)) {
399 d_printf("get gpo for [%s] failed: %s\n", argv[0], ads_errstr(status));
400 goto out;
401 }
402
403 dump_gpo(mem_ctx, &gpo);
404
405 status = ADS_ERROR_NT(ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, gpo.file_sys_path, &sysvol_gpt_version));
406 if (!ADS_ERR_OK(status)) {
407 goto out;
408 }
409
410 printf("sysvol GPT version: %d\n", sysvol_gpt_version);
411
412 out:
413 talloc_destroy(mem_ctx);
414 ads_destroy(&ads);
415
416 return 0;
417 }
418
419 int net_ads_gpo(int argc, const char **argv)
420 {
421 struct functable func[] = {
422 {"LIST", net_ads_gpo_list},
423 {"EFFECTIVE", net_ads_gpo_effective},
424 {"ADDLINK", net_ads_gpo_add_link},
425 {"DELETELINK", net_ads_gpo_delete_link},
426 {"GETLINK", net_ads_gpo_get_link},
427 {"GETGPO", net_ads_gpo_get_gpo},
428 {"HELP", net_ads_gpo_usage},
429 {"APPLY", net_ads_gpo_apply},
430 {NULL, NULL}
431 };
432
433 return net_run_function(argc, argv, func, net_ads_gpo_usage);
434 }
435
436 #endif