2 Samba Unix/Linux SMB client library
3 net ads commands for Group Policy
4 Copyright (C) 2005-2008 Guenther Deschner (gd@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "utils/net.h"
23 #include "../libgpo/gpo.h"
24 #include "libgpo/gpo_proto.h"
25 #include "../libds/common/flags.h"
29 static int net_ads_gpo_list_all(struct net_context
*c
, int argc
, const char **argv
)
33 LDAPMessage
*res
= NULL
;
35 LDAPMessage
*msg
= NULL
;
36 struct GROUP_POLICY_OBJECT gpo
;
39 const char *attrs
[] = {
45 "gPCMachineExtensionNames",
46 "gPCUserExtensionNames",
47 "ntSecurityDescriptor",
51 if (c
->display_usage
) {
53 "net ads gpo listall\n"
56 _("List all GPOs on the DC"));
60 mem_ctx
= talloc_init("net_ads_gpo_list_all");
61 if (mem_ctx
== NULL
) {
65 status
= ads_startup(c
, false, mem_ctx
, &ads
);
66 if (!ADS_ERR_OK(status
)) {
70 status
= ads_do_search_all_sd_flags(ads
, ads
->config
.bind_path
,
72 "(objectclass=groupPolicyContainer)",
77 if (!ADS_ERR_OK(status
)) {
78 d_printf(_("search failed: %s\n"), ads_errstr(status
));
82 num_reply
= ads_count_replies(ads
, res
);
84 d_printf(_("Got %d replies\n\n"), num_reply
);
86 /* dump the results */
87 for (msg
= ads_first_entry(ads
, res
);
89 msg
= ads_next_entry(ads
, msg
)) {
91 if ((dn
= ads_get_dn(ads
, mem_ctx
, msg
)) == NULL
) {
95 status
= ads_parse_gpo(ads
, mem_ctx
, msg
, dn
, &gpo
);
97 if (!ADS_ERR_OK(status
)) {
98 d_printf(_("ads_parse_gpo failed: %s\n"),
107 ads_msgfree(ads
, res
);
109 TALLOC_FREE(mem_ctx
);
114 static int net_ads_gpo_list(struct net_context
*c
, int argc
, const char **argv
)
116 ADS_STRUCT
*ads
= NULL
;
118 LDAPMessage
*res
= NULL
;
120 const char *dn
= NULL
;
123 struct GROUP_POLICY_OBJECT
*gpo_list
;
124 struct security_token
*token
= NULL
;
126 if (argc
< 1 || c
->display_usage
) {
127 d_printf("%s\n%s\n%s",
129 _("net ads gpo list <username|machinename>"),
130 _(" Lists all GPOs for machine/user\n"
131 " username\tUser to list GPOs for\n"
132 " machinename\tMachine to list GPOs for\n"));
136 mem_ctx
= talloc_init("net_ads_gpo_list");
137 if (mem_ctx
== NULL
) {
141 status
= ads_startup(c
, false, mem_ctx
, &ads
);
142 if (!ADS_ERR_OK(status
)) {
146 status
= ads_find_samaccount(ads
, mem_ctx
, argv
[0], &uac
, &dn
);
147 if (!ADS_ERR_OK(status
)) {
151 if (uac
& UF_WORKSTATION_TRUST_ACCOUNT
) {
152 flags
|= GPO_LIST_FLAG_MACHINE
;
155 d_printf(_("%s: '%s' has dn: '%s'\n"),
156 (uac
& UF_WORKSTATION_TRUST_ACCOUNT
) ? _("machine") : _("user"),
159 if (uac
& UF_WORKSTATION_TRUST_ACCOUNT
) {
160 status
= gp_get_machine_token(ads
, mem_ctx
, dn
, &token
);
162 status
= ads_get_sid_token(ads
, mem_ctx
, dn
, &token
);
165 if (!ADS_ERR_OK(status
)) {
169 status
= ads_get_gpo_list(ads
, mem_ctx
, dn
, flags
, token
, &gpo_list
);
170 if (!ADS_ERR_OK(status
)) {
174 dump_gpo_list(gpo_list
, 0);
177 ads_msgfree(ads
, res
);
179 talloc_destroy(mem_ctx
);
184 static int net_ads_gpo_link_get(struct net_context
*c
, int argc
, const char **argv
)
189 struct GP_LINK gp_link
;
191 if (argc
< 1 || c
->display_usage
) {
192 d_printf("%s\n%s\n%s",
194 _("net ads gpo linkget <container>"),
195 _(" Lists gPLink of a container\n"
196 " container\tContainer to get link for\n"));
200 mem_ctx
= talloc_init("add_gpo_link");
201 if (mem_ctx
== NULL
) {
205 status
= ads_startup(c
, false, mem_ctx
, &ads
);
206 if (!ADS_ERR_OK(status
)) {
210 status
= ads_get_gpo_link(ads
, mem_ctx
, argv
[0], &gp_link
);
211 if (!ADS_ERR_OK(status
)) {
212 d_printf(_("get link for %s failed: %s\n"), argv
[0],
217 dump_gplink(&gp_link
);
220 talloc_destroy(mem_ctx
);
225 static int net_ads_gpo_link_add(struct net_context
*c
, int argc
, const char **argv
)
229 uint32_t gpo_opt
= 0;
232 if (argc
< 2 || c
->display_usage
) {
233 d_printf("%s\n%s\n%s",
235 _("net ads gpo linkadd <linkdn> <gpodn> [options]"),
236 _(" Link a container to a GPO\n"
237 " linkdn\tContainer to link to a GPO\n"
238 " gpodn\tGPO to link container to\n"));
239 d_printf(_("note: DNs must be provided properly escaped.\n"
240 "See RFC 4514 for details\n"));
244 mem_ctx
= talloc_init("add_gpo_link");
245 if (mem_ctx
== NULL
) {
250 gpo_opt
= atoi(argv
[2]);
253 status
= ads_startup(c
, false, mem_ctx
, &ads
);
254 if (!ADS_ERR_OK(status
)) {
258 status
= ads_add_gpo_link(ads
, mem_ctx
, argv
[0], argv
[1], gpo_opt
);
259 if (!ADS_ERR_OK(status
)) {
260 d_printf(_("link add failed: %s\n"), ads_errstr(status
));
265 talloc_destroy(mem_ctx
);
272 static int net_ads_gpo_link_delete(struct net_context
*c
, int argc
, const char **argv
)
278 if (argc
< 2 || c
->display_usage
) {
280 "net ads gpo linkdelete <linkdn> <gpodn>\n"
281 " Delete a GPO link\n"
282 " <linkdn>\tContainer to delete GPO from\n"
283 " <gpodn>\tGPO to delete from container\n");
287 mem_ctx
= talloc_init("delete_gpo_link");
288 if (mem_ctx
== NULL
) {
292 status
= ads_startup(c
, false, mem_ctx
, &ads
);
293 if (!ADS_ERR_OK(status
)) {
297 status
= ads_delete_gpo_link(ads
, mem_ctx
, argv
[0], argv
[1]);
298 if (!ADS_ERR_OK(status
)) {
299 d_printf("delete link failed: %s\n", ads_errstr(status
));
304 talloc_destroy(mem_ctx
);
313 - struct net_context *: Pointer to net_context*
314 - argc: Number of command line arguments passed to 'net ads gpo getgpo' command
315 - **argv: Command line argument string passed to 'net ads gpo getgpo' command
317 This function performs following operations:
318 1. Create talloc context using talloc_init
319 2. Perform ads_startup()
320 3. Call ads_get_gpo() to retrieve gpo details inside 'struct GROUP_POLICY_OBJECT'
321 4. Call dumps_gpo() to dump GPO on stdout
323 static int net_ads_gpo_get_gpo(struct net_context
*c
, int argc
, const char **argv
)
328 struct GROUP_POLICY_OBJECT gpo
;
330 if (argc
< 1 || c
->display_usage
) {
331 d_printf("%s\n%s\n%s",
333 _("net ads gpo getgpo <gpo>"),
334 _(" List specified GPO\n"
335 " gpo\t\tGPO to list\n"));
339 mem_ctx
= talloc_init("ads_gpo_get_gpo");
340 if (mem_ctx
== NULL
) {
344 status
= ads_startup(c
, false, mem_ctx
, &ads
);
345 if (!ADS_ERR_OK(status
)) {
349 if (strnequal(argv
[0], "CN={", strlen("CN={"))) {
350 status
= ads_get_gpo(ads
, mem_ctx
, argv
[0], NULL
, NULL
, &gpo
);
352 status
= ads_get_gpo(ads
, mem_ctx
, NULL
, argv
[0], NULL
, &gpo
);
355 if (!ADS_ERR_OK(status
)) {
356 d_printf(_("get gpo for [%s] failed: %s\n"), argv
[0],
364 talloc_destroy(mem_ctx
);
369 int net_ads_gpo(struct net_context
*c
, int argc
, const char **argv
)
371 struct functable func
[] = {
376 N_("List specified GPO"),
377 N_("net ads gpo getgpo\n"
378 " List specified GPO")
382 net_ads_gpo_link_add
,
384 N_("Link a container to a GPO"),
385 N_("net ads gpo linkadd\n"
386 " Link a container to a GPO")
391 net_ads_gpo_link_delete
,
393 "Delete GPO link from a container",
394 "net ads gpo linkdelete\n"
395 " Delete GPO link from a container"
400 net_ads_gpo_link_get
,
402 N_("Lists gPLink of container"),
403 N_("net ads gpo linkget\n"
404 " Lists gPLink of container")
410 N_("Lists all GPOs for machine/user"),
411 N_("net ads gpo list\n"
412 " Lists all GPOs for machine/user")
416 net_ads_gpo_list_all
,
418 N_("Lists all GPOs on a DC"),
419 N_("net ads gpo listall\n"
420 " Lists all GPOs on a DC")
422 {NULL
, NULL
, 0, NULL
, NULL
}
425 return net_run_function(c
, argc
, argv
, "net ads gpo", func
);
428 #endif /* HAVE_ADS */