Line data Source code
1 : /*
2 : Samba Unix/Linux SMB client library
3 : net ads commands for Group Policy
4 : Copyright (C) 2005-2008 Guenther Deschner (gd@samba.org)
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "utils/net.h"
22 : #include "ads.h"
23 : #include "../libgpo/gpo.h"
24 : #include "libgpo/gpo_proto.h"
25 : #include "../libds/common/flags.h"
26 :
27 : #ifdef HAVE_ADS
28 :
29 0 : static int net_ads_gpo_list_all(struct net_context *c, int argc, const char **argv)
30 : {
31 0 : ADS_STRUCT *ads;
32 0 : ADS_STATUS status;
33 0 : LDAPMessage *res = NULL;
34 0 : int num_reply = 0;
35 0 : LDAPMessage *msg = NULL;
36 0 : struct GROUP_POLICY_OBJECT gpo;
37 0 : TALLOC_CTX *mem_ctx;
38 0 : char *dn;
39 0 : const char *attrs[] = {
40 : "versionNumber",
41 : "flags",
42 : "gPCFileSysPath",
43 : "displayName",
44 : "name",
45 : "gPCMachineExtensionNames",
46 : "gPCUserExtensionNames",
47 : "ntSecurityDescriptor",
48 : NULL
49 : };
50 :
51 0 : if (c->display_usage) {
52 0 : d_printf( "%s\n"
53 : "net ads gpo listall\n"
54 : " %s\n",
55 : _("Usage:"),
56 : _("List all GPOs on the DC"));
57 0 : return 0;
58 : }
59 :
60 0 : mem_ctx = talloc_init("net_ads_gpo_list_all");
61 0 : if (mem_ctx == NULL) {
62 0 : return -1;
63 : }
64 :
65 0 : status = ads_startup(c, false, mem_ctx, &ads);
66 0 : if (!ADS_ERR_OK(status)) {
67 0 : goto out;
68 : }
69 :
70 0 : status = ads_do_search_all_sd_flags(ads, ads->config.bind_path,
71 : LDAP_SCOPE_SUBTREE,
72 : "(objectclass=groupPolicyContainer)",
73 : attrs,
74 : SECINFO_DACL,
75 : &res);
76 :
77 0 : if (!ADS_ERR_OK(status)) {
78 0 : d_printf(_("search failed: %s\n"), ads_errstr(status));
79 0 : goto out;
80 : }
81 :
82 0 : num_reply = ads_count_replies(ads, res);
83 :
84 0 : d_printf(_("Got %d replies\n\n"), num_reply);
85 :
86 : /* dump the results */
87 0 : for (msg = ads_first_entry(ads, res);
88 0 : msg;
89 0 : msg = ads_next_entry(ads, msg)) {
90 :
91 0 : if ((dn = ads_get_dn(ads, mem_ctx, msg)) == NULL) {
92 0 : goto out;
93 : }
94 :
95 0 : status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo);
96 :
97 0 : if (!ADS_ERR_OK(status)) {
98 0 : d_printf(_("ads_parse_gpo failed: %s\n"),
99 : ads_errstr(status));
100 0 : goto out;
101 : }
102 :
103 0 : dump_gpo(&gpo, 0);
104 : }
105 :
106 0 : out:
107 0 : ads_msgfree(ads, res);
108 :
109 0 : TALLOC_FREE(mem_ctx);
110 :
111 0 : return 0;
112 : }
113 :
114 0 : static int net_ads_gpo_list(struct net_context *c, int argc, const char **argv)
115 : {
116 0 : ADS_STRUCT *ads = NULL;
117 0 : ADS_STATUS status;
118 0 : LDAPMessage *res = NULL;
119 0 : TALLOC_CTX *mem_ctx;
120 0 : const char *dn = NULL;
121 0 : uint32_t uac = 0;
122 0 : uint32_t flags = 0;
123 0 : struct GROUP_POLICY_OBJECT *gpo_list;
124 0 : struct security_token *token = NULL;
125 :
126 0 : if (argc < 1 || c->display_usage) {
127 0 : d_printf("%s\n%s\n%s",
128 : _("Usage:"),
129 : _("net ads gpo list <username|machinename>"),
130 : _(" Lists all GPOs for machine/user\n"
131 : " username\tUser to list GPOs for\n"
132 : " machinename\tMachine to list GPOs for\n"));
133 0 : return -1;
134 : }
135 :
136 0 : mem_ctx = talloc_init("net_ads_gpo_list");
137 0 : if (mem_ctx == NULL) {
138 0 : goto out;
139 : }
140 :
141 0 : status = ads_startup(c, false, mem_ctx, &ads);
142 0 : if (!ADS_ERR_OK(status)) {
143 0 : goto out;
144 : }
145 :
146 0 : status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
147 0 : if (!ADS_ERR_OK(status)) {
148 0 : goto out;
149 : }
150 :
151 0 : if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
152 0 : flags |= GPO_LIST_FLAG_MACHINE;
153 : }
154 :
155 0 : d_printf(_("%s: '%s' has dn: '%s'\n"),
156 0 : (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? _("machine") : _("user"),
157 : argv[0], dn);
158 :
159 0 : if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
160 0 : status = gp_get_machine_token(ads, mem_ctx, dn, &token);
161 : } else {
162 0 : status = ads_get_sid_token(ads, mem_ctx, dn, &token);
163 : }
164 :
165 0 : if (!ADS_ERR_OK(status)) {
166 0 : goto out;
167 : }
168 :
169 0 : status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list);
170 0 : if (!ADS_ERR_OK(status)) {
171 0 : goto out;
172 : }
173 :
174 0 : dump_gpo_list(gpo_list, 0);
175 :
176 0 : out:
177 0 : ads_msgfree(ads, res);
178 :
179 0 : talloc_destroy(mem_ctx);
180 :
181 0 : return 0;
182 : }
183 :
184 0 : static int net_ads_gpo_link_get(struct net_context *c, int argc, const char **argv)
185 : {
186 0 : ADS_STRUCT *ads;
187 0 : ADS_STATUS status;
188 0 : TALLOC_CTX *mem_ctx;
189 0 : struct GP_LINK gp_link;
190 :
191 0 : if (argc < 1 || c->display_usage) {
192 0 : d_printf("%s\n%s\n%s",
193 : _("Usage:"),
194 : _("net ads gpo linkget <container>"),
195 : _(" Lists gPLink of a container\n"
196 : " container\tContainer to get link for\n"));
197 0 : return -1;
198 : }
199 :
200 0 : mem_ctx = talloc_init("add_gpo_link");
201 0 : if (mem_ctx == NULL) {
202 0 : return -1;
203 : }
204 :
205 0 : status = ads_startup(c, false, mem_ctx, &ads);
206 0 : if (!ADS_ERR_OK(status)) {
207 0 : goto out;
208 : }
209 :
210 0 : status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
211 0 : if (!ADS_ERR_OK(status)) {
212 0 : d_printf(_("get link for %s failed: %s\n"), argv[0],
213 : ads_errstr(status));
214 0 : goto out;
215 : }
216 :
217 0 : dump_gplink(&gp_link);
218 :
219 0 : out:
220 0 : talloc_destroy(mem_ctx);
221 :
222 0 : return 0;
223 : }
224 :
225 0 : static int net_ads_gpo_link_add(struct net_context *c, int argc, const char **argv)
226 : {
227 0 : ADS_STRUCT *ads;
228 0 : ADS_STATUS status;
229 0 : uint32_t gpo_opt = 0;
230 0 : TALLOC_CTX *mem_ctx;
231 :
232 0 : if (argc < 2 || c->display_usage) {
233 0 : d_printf("%s\n%s\n%s",
234 : _("Usage:"),
235 : _("net ads gpo linkadd <linkdn> <gpodn> [options]"),
236 : _(" Link a container to a GPO\n"
237 : " linkdn\tContainer to link to a GPO\n"
238 : " gpodn\tGPO to link container to\n"));
239 0 : d_printf(_("note: DNs must be provided properly escaped.\n"
240 : "See RFC 4514 for details\n"));
241 0 : return -1;
242 : }
243 :
244 0 : mem_ctx = talloc_init("add_gpo_link");
245 0 : if (mem_ctx == NULL) {
246 0 : return -1;
247 : }
248 :
249 0 : if (argc == 3) {
250 0 : gpo_opt = atoi(argv[2]);
251 : }
252 :
253 0 : status = ads_startup(c, false, mem_ctx, &ads);
254 0 : if (!ADS_ERR_OK(status)) {
255 0 : goto out;
256 : }
257 :
258 0 : status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
259 0 : if (!ADS_ERR_OK(status)) {
260 0 : d_printf(_("link add failed: %s\n"), ads_errstr(status));
261 0 : goto out;
262 : }
263 :
264 0 : out:
265 0 : talloc_destroy(mem_ctx);
266 :
267 0 : return 0;
268 : }
269 :
270 : #if 0 /* broken */
271 :
272 : static int net_ads_gpo_link_delete(struct net_context *c, int argc, const char **argv)
273 : {
274 : ADS_STRUCT *ads;
275 : ADS_STATUS status;
276 : TALLOC_CTX *mem_ctx;
277 :
278 : if (argc < 2 || c->display_usage) {
279 : d_printf("Usage:\n"
280 : "net ads gpo linkdelete <linkdn> <gpodn>\n"
281 : " Delete a GPO link\n"
282 : " <linkdn>\tContainer to delete GPO from\n"
283 : " <gpodn>\tGPO to delete from container\n");
284 : return -1;
285 : }
286 :
287 : mem_ctx = talloc_init("delete_gpo_link");
288 : if (mem_ctx == NULL) {
289 : return -1;
290 : }
291 :
292 : status = ads_startup(c, false, mem_ctx, &ads);
293 : if (!ADS_ERR_OK(status)) {
294 : goto out;
295 : }
296 :
297 : status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
298 : if (!ADS_ERR_OK(status)) {
299 : d_printf("delete link failed: %s\n", ads_errstr(status));
300 : goto out;
301 : }
302 :
303 : out:
304 : talloc_destroy(mem_ctx);
305 :
306 : return 0;
307 : }
308 :
309 : #endif
310 :
311 : /*
312 : Arguments:
313 : - struct net_context *: Pointer to net_context*
314 : - argc: Number of command line arguments passed to 'net ads gpo getgpo' command
315 : - **argv: Command line argument string passed to 'net ads gpo getgpo' command
316 :
317 : This function performs following operations:
318 : 1. Create talloc context using talloc_init
319 : 2. Perform ads_startup()
320 : 3. Call ads_get_gpo() to retrieve gpo details inside 'struct GROUP_POLICY_OBJECT'
321 : 4. Call dumps_gpo() to dump GPO on stdout
322 : */
323 0 : static int net_ads_gpo_get_gpo(struct net_context *c, int argc, const char **argv)
324 : {
325 0 : ADS_STRUCT *ads;
326 0 : ADS_STATUS status;
327 0 : TALLOC_CTX *mem_ctx;
328 0 : struct GROUP_POLICY_OBJECT gpo;
329 :
330 0 : if (argc < 1 || c->display_usage) {
331 0 : d_printf("%s\n%s\n%s",
332 : _("Usage:"),
333 : _("net ads gpo getgpo <gpo>"),
334 : _(" List specified GPO\n"
335 : " gpo\t\tGPO to list\n"));
336 0 : return -1;
337 : }
338 :
339 0 : mem_ctx = talloc_init("ads_gpo_get_gpo");
340 0 : if (mem_ctx == NULL) {
341 0 : return -1;
342 : }
343 :
344 0 : status = ads_startup(c, false, mem_ctx, &ads);
345 0 : if (!ADS_ERR_OK(status)) {
346 0 : goto out;
347 : }
348 :
349 0 : if (strnequal(argv[0], "CN={", strlen("CN={"))) {
350 0 : status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
351 : } else {
352 0 : status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
353 : }
354 :
355 0 : if (!ADS_ERR_OK(status)) {
356 0 : d_printf(_("get gpo for [%s] failed: %s\n"), argv[0],
357 : ads_errstr(status));
358 0 : goto out;
359 : }
360 :
361 0 : dump_gpo(&gpo, 0);
362 :
363 0 : out:
364 0 : talloc_destroy(mem_ctx);
365 :
366 0 : return 0;
367 : }
368 :
369 0 : int net_ads_gpo(struct net_context *c, int argc, const char **argv)
370 : {
371 0 : struct functable func[] = {
372 : {
373 : "getgpo",
374 : net_ads_gpo_get_gpo,
375 : NET_TRANSPORT_ADS,
376 : N_("List specified GPO"),
377 : N_("net ads gpo getgpo\n"
378 : " List specified GPO")
379 : },
380 : {
381 : "linkadd",
382 : net_ads_gpo_link_add,
383 : NET_TRANSPORT_ADS,
384 : N_("Link a container to a GPO"),
385 : N_("net ads gpo linkadd\n"
386 : " Link a container to a GPO")
387 : },
388 : #if 0
389 : {
390 : "linkdelete",
391 : net_ads_gpo_link_delete,
392 : NET_TRANSPORT_ADS,
393 : "Delete GPO link from a container",
394 : "net ads gpo linkdelete\n"
395 : " Delete GPO link from a container"
396 : },
397 : #endif
398 : {
399 : "linkget",
400 : net_ads_gpo_link_get,
401 : NET_TRANSPORT_ADS,
402 : N_("Lists gPLink of container"),
403 : N_("net ads gpo linkget\n"
404 : " Lists gPLink of container")
405 : },
406 : {
407 : "list",
408 : net_ads_gpo_list,
409 : NET_TRANSPORT_ADS,
410 : N_("Lists all GPOs for machine/user"),
411 : N_("net ads gpo list\n"
412 : " Lists all GPOs for machine/user")
413 : },
414 : {
415 : "listall",
416 : net_ads_gpo_list_all,
417 : NET_TRANSPORT_ADS,
418 : N_("Lists all GPOs on a DC"),
419 : N_("net ads gpo listall\n"
420 : " Lists all GPOs on a DC")
421 : },
422 : {NULL, NULL, 0, NULL, NULL}
423 : };
424 :
425 0 : return net_run_function(c, argc, argv, "net ads gpo", func);
426 : }
427 :
428 : #endif /* HAVE_ADS */
|
