00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "includes.h"
00022 #include "utils/net.h"
00023
00024 #ifdef HAVE_ADS
00025
00026 static int net_ads_gpo_usage(int argc, const char **argv)
00027 {
00028 d_printf(
00029 "net ads gpo <COMMAND>\n"\
00030 "<COMMAND> can be either:\n"\
00031 " ADDLINK Link a container to a GPO\n"\
00032
00033
00034 " REFRESH Lists all GPOs assigned to an account and downloads them\n"\
00035 " GETGPO Lists specified GPO\n"\
00036 " GETLINK Lists gPLink of a containter\n"\
00037 " HELP Prints this help message\n"\
00038 " LIST Lists all GPOs\n"\
00039 "\n"
00040 );
00041 return -1;
00042 }
00043
00044 static int net_ads_gpo_refresh(int argc, const char **argv)
00045 {
00046 TALLOC_CTX *mem_ctx;
00047 ADS_STRUCT *ads;
00048 ADS_STATUS status;
00049 const char *attrs[] = { "userAccountControl", NULL };
00050 LDAPMessage *res = NULL;
00051 const char *filter;
00052 char *dn = NULL;
00053 struct GROUP_POLICY_OBJECT *gpo_list;
00054 uint32 uac = 0;
00055 uint32 flags = 0;
00056 struct GROUP_POLICY_OBJECT *gpo;
00057 NTSTATUS result;
00058
00059 if (argc < 1) {
00060 printf("usage: net ads gpo refresh <username|machinename>\n");
00061 return -1;
00062 }
00063
00064 mem_ctx = talloc_init("net_ads_gpo_refresh");
00065 if (mem_ctx == NULL) {
00066 return -1;
00067 }
00068
00069 filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", argv[0]);
00070 if (filter == NULL) {
00071 goto out;
00072 }
00073
00074 status = ads_startup(False, &ads);
00075 if (!ADS_ERR_OK(status)) {
00076 goto out;
00077 }
00078
00079 status = ads_do_search_all(ads, ads->config.bind_path,
00080 LDAP_SCOPE_SUBTREE,
00081 filter, attrs, &res);
00082
00083 if (!ADS_ERR_OK(status)) {
00084 goto out;
00085 }
00086
00087 if (ads_count_replies(ads, res) != 1) {
00088 printf("no result\n");
00089 goto out;
00090 }
00091
00092 dn = ads_get_dn(ads, res);
00093 if (dn == NULL) {
00094 goto out;
00095 }
00096
00097 if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
00098 goto out;
00099 }
00100
00101 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
00102 flags |= GPO_LIST_FLAG_MACHINE;
00103 }
00104
00105 printf("\n%s: '%s' has dn: '%s'\n\n",
00106 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
00107 argv[0], dn);
00108
00109 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
00110 if (!ADS_ERR_OK(status)) {
00111 goto out;
00112 }
00113
00114 if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, gpo_list))) {
00115 printf("failed to refresh GPOs: %s\n", nt_errstr(result));
00116 goto out;
00117 }
00118
00119 for (gpo = gpo_list; gpo; gpo = gpo->next) {
00120
00121 char *server, *share, *nt_path, *unix_path;
00122
00123 printf("--------------------------------------\n");
00124 printf("Name:\t\t\t%s\n", gpo->display_name);
00125 printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
00126 gpo->version,
00127 GPO_VERSION_USER(gpo->version),
00128 GPO_VERSION_MACHINE(gpo->version));
00129
00130 result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo->file_sys_path,
00131 &server, &share, &nt_path, &unix_path);
00132 if (!NT_STATUS_IS_OK(result)) {
00133 printf("got: %s\n", nt_errstr(result));
00134 }
00135
00136 printf("GPO stored on server: %s, share: %s\n", server, share);
00137 printf("\tremote path:\t%s\n", nt_path);
00138 printf("\tlocal path:\t%s\n", unix_path);
00139 }
00140
00141 out:
00142 ads_memfree(ads, dn);
00143 ads_msgfree(ads, res);
00144
00145 ads_destroy(&ads);
00146 talloc_destroy(mem_ctx);
00147 return 0;
00148 }
00149
00150 static int net_ads_gpo_list(int argc, const char **argv)
00151 {
00152 ADS_STRUCT *ads;
00153 ADS_STATUS status;
00154 LDAPMessage *res = NULL;
00155 int num_reply = 0;
00156 LDAPMessage *msg = NULL;
00157 struct GROUP_POLICY_OBJECT gpo;
00158 TALLOC_CTX *mem_ctx;
00159 char *dn;
00160 const char *attrs[] = {
00161 "versionNumber",
00162 "flags",
00163 "gPCFileSysPath",
00164 "displayName",
00165 "name",
00166 "gPCMachineExtensionNames",
00167 "gPCUserExtensionNames",
00168 NULL
00169 };
00170
00171 mem_ctx = talloc_init("net_ads_gpo_list");
00172 if (mem_ctx == NULL) {
00173 return -1;
00174 }
00175
00176 status = ads_startup(False, &ads);
00177 if (!ADS_ERR_OK(status)) {
00178 goto out;
00179 }
00180
00181 status = ads_do_search_all(ads, ads->config.bind_path,
00182 LDAP_SCOPE_SUBTREE,
00183 "(objectclass=groupPolicyContainer)", attrs, &res);
00184 if (!ADS_ERR_OK(status)) {
00185 d_printf("search failed: %s\n", ads_errstr(status));
00186 goto out;
00187 }
00188
00189 num_reply = ads_count_replies(ads, res);
00190
00191 d_printf("Got %d replies\n\n", num_reply);
00192
00193
00194 for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
00195
00196 if ((dn = ads_get_dn(ads, msg)) == NULL) {
00197 goto out;
00198 }
00199
00200 status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo);
00201
00202 if (!ADS_ERR_OK(status)) {
00203 d_printf("parse failed: %s\n", ads_errstr(status));
00204 ads_memfree(ads, dn);
00205 goto out;
00206 }
00207
00208 dump_gpo(mem_ctx, &gpo, 1);
00209 ads_memfree(ads, dn);
00210 }
00211
00212 out:
00213 ads_msgfree(ads, res);
00214
00215 talloc_destroy(mem_ctx);
00216 ads_destroy(&ads);
00217
00218 return 0;
00219 }
00220
00221 #if 0
00222
00223 static int net_ads_gpo_apply(int argc, const char **argv)
00224 {
00225 TALLOC_CTX *mem_ctx;
00226 ADS_STRUCT *ads;
00227 ADS_STATUS status;
00228 const char *attrs[] = {"distinguishedName", "userAccountControl", NULL};
00229 LDAPMessage *res = NULL;
00230 const char *filter;
00231 char *dn = NULL;
00232 struct GROUP_POLICY_OBJECT *gpo_list;
00233 uint32 uac = 0;
00234 uint32 flags = 0;
00235
00236 if (argc < 1) {
00237 printf("usage: net ads gpo apply <username|machinename>\n");
00238 return -1;
00239 }
00240
00241 mem_ctx = talloc_init("net_ads_gpo_apply");
00242 if (mem_ctx == NULL) {
00243 goto out;
00244 }
00245
00246 filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", argv[0]);
00247 if (filter == NULL) {
00248 goto out;
00249 }
00250
00251 status = ads_startup(False, &ads);
00252 if (!ADS_ERR_OK(status)) {
00253 goto out;
00254 }
00255
00256 status = ads_do_search_all(ads, ads->config.bind_path,
00257 LDAP_SCOPE_SUBTREE,
00258 filter, attrs, &res);
00259
00260 if (!ADS_ERR_OK(status)) {
00261 goto out;
00262 }
00263
00264 if (ads_count_replies(ads, res) != 1) {
00265 printf("no result\n");
00266 goto out;
00267 }
00268
00269 dn = ads_get_dn(ads, res);
00270 if (dn == NULL) {
00271 goto out;
00272 }
00273
00274 if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
00275 goto out;
00276 }
00277
00278 if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
00279 flags |= GPO_LIST_FLAG_MACHINE;
00280 }
00281
00282 printf("%s: '%s' has dn: '%s'\n",
00283 (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
00284 argv[0], dn);
00285
00286 status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
00287 if (!ADS_ERR_OK(status)) {
00288 goto out;
00289 }
00290
00291
00292 status = gpo_process_gpo_list(ads, mem_ctx, &gpo_list, NULL, flags);
00293 if (!ADS_ERR_OK(status)) {
00294 goto out;
00295 }
00296
00297 out:
00298 ads_memfree(ads, dn);
00299 ads_msgfree(ads, res);
00300
00301 ads_destroy(&ads);
00302 talloc_destroy(mem_ctx);
00303 return 0;
00304 }
00305
00306 #endif
00307
00308 static int net_ads_gpo_get_link(int argc, const char **argv)
00309 {
00310 ADS_STRUCT *ads;
00311 ADS_STATUS status;
00312 TALLOC_CTX *mem_ctx;
00313 struct GP_LINK gp_link;
00314
00315 if (argc < 1) {
00316 printf("usage: net ads gpo getlink <linkname>\n");
00317 return -1;
00318 }
00319
00320 mem_ctx = talloc_init("add_gpo_link");
00321 if (mem_ctx == NULL) {
00322 return -1;
00323 }
00324
00325 status = ads_startup(False, &ads);
00326 if (!ADS_ERR_OK(status)) {
00327 goto out;
00328 }
00329
00330 status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link);
00331 if (!ADS_ERR_OK(status)) {
00332 d_printf("get link for %s failed: %s\n", argv[0], ads_errstr(status));
00333 goto out;
00334 }
00335
00336 dump_gplink(ads, mem_ctx, &gp_link);
00337
00338 out:
00339 talloc_destroy(mem_ctx);
00340 ads_destroy(&ads);
00341
00342 return 0;
00343 }
00344
00345 static int net_ads_gpo_add_link(int argc, const char **argv)
00346 {
00347 ADS_STRUCT *ads;
00348 ADS_STATUS status;
00349 uint32 gpo_opt = 0;
00350 TALLOC_CTX *mem_ctx;
00351
00352 if (argc < 2) {
00353 printf("usage: net ads gpo addlink <linkdn> <gpodn> [options]\n");
00354 printf("note: DNs must be provided properly escaped.\n See RFC 4514 for details\n");
00355 return -1;
00356 }
00357
00358 mem_ctx = talloc_init("add_gpo_link");
00359 if (mem_ctx == NULL) {
00360 return -1;
00361 }
00362
00363 if (argc == 3) {
00364 gpo_opt = atoi(argv[2]);
00365 }
00366
00367 status = ads_startup(False, &ads);
00368 if (!ADS_ERR_OK(status)) {
00369 goto out;
00370 }
00371
00372 status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt);
00373 if (!ADS_ERR_OK(status)) {
00374 d_printf("add link failed: %s\n", ads_errstr(status));
00375 goto out;
00376 }
00377
00378 out:
00379 talloc_destroy(mem_ctx);
00380 ads_destroy(&ads);
00381
00382 return 0;
00383 }
00384
00385 #if 0
00386
00387 static int net_ads_gpo_delete_link(int argc, const char **argv)
00388 {
00389 ADS_STRUCT *ads;
00390 ADS_STATUS status;
00391 TALLOC_CTX *mem_ctx;
00392
00393 if (argc < 2) {
00394 return -1;
00395 }
00396
00397 mem_ctx = talloc_init("delete_gpo_link");
00398 if (mem_ctx == NULL) {
00399 return -1;
00400 }
00401
00402 status = ads_startup(False, &ads);
00403 if (!ADS_ERR_OK(status)) {
00404 goto out;
00405 }
00406
00407 status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]);
00408 if (!ADS_ERR_OK(status)) {
00409 d_printf("delete link failed: %s\n", ads_errstr(status));
00410 goto out;
00411 }
00412
00413 out:
00414 talloc_destroy(mem_ctx);
00415 ads_destroy(&ads);
00416
00417 return 0;
00418 }
00419
00420 #endif
00421
00422 static int net_ads_gpo_get_gpo(int argc, const char **argv)
00423 {
00424 ADS_STRUCT *ads;
00425 ADS_STATUS status;
00426 TALLOC_CTX *mem_ctx;
00427 struct GROUP_POLICY_OBJECT gpo;
00428
00429 if (argc < 1) {
00430 printf("usage: net ads gpo getgpo <gpo>\n");
00431 return -1;
00432 }
00433
00434 mem_ctx = talloc_init("add_gpo_get_gpo");
00435 if (mem_ctx == NULL) {
00436 return -1;
00437 }
00438
00439 status = ads_startup(False, &ads);
00440 if (!ADS_ERR_OK(status)) {
00441 goto out;
00442 }
00443
00444 if (strnequal(argv[0], "CN={", strlen("CN={"))) {
00445 status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo);
00446 } else {
00447 status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo);
00448 }
00449
00450 if (!ADS_ERR_OK(status)) {
00451 d_printf("get gpo for [%s] failed: %s\n", argv[0], ads_errstr(status));
00452 goto out;
00453 }
00454
00455 dump_gpo(mem_ctx, &gpo, 1);
00456
00457 out:
00458 talloc_destroy(mem_ctx);
00459 ads_destroy(&ads);
00460
00461 return 0;
00462 }
00463
00464 int net_ads_gpo(int argc, const char **argv)
00465 {
00466 struct functable func[] = {
00467 {"LIST", net_ads_gpo_list},
00468 {"REFRESH", net_ads_gpo_refresh},
00469 {"ADDLINK", net_ads_gpo_add_link},
00470
00471 {"GETLINK", net_ads_gpo_get_link},
00472 {"GETGPO", net_ads_gpo_get_gpo},
00473 {"HELP", net_ads_gpo_usage},
00474
00475 {NULL, NULL}
00476 };
00477
00478 return net_run_function(argc, argv, func, net_ads_gpo_usage);
00479 }
00480
00481 #endif