| 1 | /*
|
|---|
| 2 | Samba Unix/Linux SMB client library
|
|---|
| 3 | net ads commands for Group Policy
|
|---|
| 4 | Copyright (C) 2005-2008 Guenther Deschner ([email protected])
|
|---|
| 5 |
|
|---|
| 6 | This program is free software; you can redistribute it and/or modify
|
|---|
| 7 | it under the terms of the GNU General Public License as published by
|
|---|
| 8 | the Free Software Foundation; either version 3 of the License, or
|
|---|
| 9 | (at your option) any later version.
|
|---|
| 10 |
|
|---|
| 11 | This program is distributed in the hope that it will be useful,
|
|---|
| 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 14 | GNU General Public License for more details.
|
|---|
| 15 |
|
|---|
| 16 | You should have received a copy of the GNU General Public License
|
|---|
| 17 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|---|
| 18 | */
|
|---|
| 19 |
|
|---|
| 20 | #include "includes.h"
|
|---|
| 21 | #include "utils/net.h"
|
|---|
| 22 |
|
|---|
| 23 | #ifdef HAVE_ADS
|
|---|
| 24 |
|
|---|
| 25 | static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **argv)
|
|---|
| 26 | {
|
|---|
| 27 | TALLOC_CTX *mem_ctx;
|
|---|
| 28 | ADS_STRUCT *ads;
|
|---|
| 29 | ADS_STATUS status;
|
|---|
| 30 | const char *dn = NULL;
|
|---|
| 31 | struct GROUP_POLICY_OBJECT *gpo_list = NULL;
|
|---|
| 32 | struct GROUP_POLICY_OBJECT *read_list = NULL;
|
|---|
| 33 | uint32 uac = 0;
|
|---|
| 34 | uint32 flags = 0;
|
|---|
| 35 | struct GROUP_POLICY_OBJECT *gpo;
|
|---|
| 36 | NTSTATUS result;
|
|---|
| 37 | struct nt_user_token *token = NULL;
|
|---|
| 38 |
|
|---|
| 39 | if (argc < 1 || c->display_usage) {
|
|---|
| 40 | d_printf("Usage:\n"
|
|---|
| 41 | "net ads gpo refresh <username|machinename>\n"
|
|---|
| 42 | " Lists all GPOs assigned to an account and "
|
|---|
| 43 | "downloads them\n"
|
|---|
| 44 | " username\tUser to refresh GPOs for\n"
|
|---|
| 45 | " machinename\tMachine to refresh GPOs for\n");
|
|---|
| 46 | return -1;
|
|---|
| 47 | }
|
|---|
| 48 |
|
|---|
| 49 | mem_ctx = talloc_init("net_ads_gpo_refresh");
|
|---|
| 50 | if (mem_ctx == NULL) {
|
|---|
| 51 | return -1;
|
|---|
| 52 | }
|
|---|
| 53 |
|
|---|
| 54 | status = ads_startup(c, false, &ads);
|
|---|
| 55 | if (!ADS_ERR_OK(status)) {
|
|---|
| 56 | d_printf("failed to connect AD server: %s\n", ads_errstr(status));
|
|---|
| 57 | goto out;
|
|---|
| 58 | }
|
|---|
| 59 |
|
|---|
| 60 | status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
|
|---|
| 61 | if (!ADS_ERR_OK(status)) {
|
|---|
| 62 | d_printf("failed to find samaccount for %s\n", argv[0]);
|
|---|
| 63 | goto out;
|
|---|
| 64 | }
|
|---|
| 65 |
|
|---|
| 66 | if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
|
|---|
| 67 | flags |= GPO_LIST_FLAG_MACHINE;
|
|---|
| 68 | }
|
|---|
| 69 |
|
|---|
| 70 | d_printf("\n%s: '%s' has dn: '%s'\n\n",
|
|---|
| 71 | (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
|
|---|
| 72 | argv[0], dn);
|
|---|
| 73 |
|
|---|
| 74 | d_printf("* fetching token ");
|
|---|
| 75 | if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
|
|---|
| 76 | status = gp_get_machine_token(ads, mem_ctx, dn, &token);
|
|---|
| 77 | } else {
|
|---|
| 78 | status = ads_get_sid_token(ads, mem_ctx, dn, &token);
|
|---|
| 79 | }
|
|---|
| 80 |
|
|---|
| 81 | if (!ADS_ERR_OK(status)) {
|
|---|
| 82 | d_printf("failed: %s\n", ads_errstr(status));
|
|---|
| 83 | goto out;
|
|---|
| 84 | }
|
|---|
| 85 | d_printf("finished\n");
|
|---|
| 86 |
|
|---|
| 87 | d_printf("* fetching GPO List ");
|
|---|
| 88 | status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list);
|
|---|
| 89 | if (!ADS_ERR_OK(status)) {
|
|---|
| 90 | d_printf("failed: %s\n", ads_errstr(status));
|
|---|
| 91 | goto out;
|
|---|
| 92 | }
|
|---|
| 93 | d_printf("finished\n");
|
|---|
| 94 |
|
|---|
| 95 | d_printf("* refreshing Group Policy Data ");
|
|---|
| 96 | if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx,
|
|---|
| 97 | flags,
|
|---|
| 98 | gpo_list))) {
|
|---|
| 99 | d_printf("failed: %s\n", nt_errstr(result));
|
|---|
| 100 | goto out;
|
|---|
| 101 | }
|
|---|
| 102 | d_printf("finished\n");
|
|---|
| 103 |
|
|---|
| 104 | d_printf("* storing GPO list to registry ");
|
|---|
| 105 |
|
|---|
| 106 | {
|
|---|
| 107 | WERROR werr = gp_reg_state_store(mem_ctx, flags, dn,
|
|---|
| 108 | token, gpo_list);
|
|---|
| 109 | if (!W_ERROR_IS_OK(werr)) {
|
|---|
| 110 | d_printf("failed: %s\n", dos_errstr(werr));
|
|---|
| 111 | goto out;
|
|---|
| 112 | }
|
|---|
| 113 | }
|
|---|
| 114 |
|
|---|
| 115 | d_printf("finished\n");
|
|---|
| 116 |
|
|---|
| 117 | if (c->opt_verbose) {
|
|---|
| 118 |
|
|---|
| 119 | d_printf("* dumping GPO list\n");
|
|---|
| 120 |
|
|---|
| 121 | for (gpo = gpo_list; gpo; gpo = gpo->next) {
|
|---|
| 122 |
|
|---|
| 123 | dump_gpo(ads, mem_ctx, gpo, 0);
|
|---|
| 124 | #if 0
|
|---|
| 125 | char *server, *share, *nt_path, *unix_path;
|
|---|
| 126 |
|
|---|
| 127 | d_printf("--------------------------------------\n");
|
|---|
| 128 | d_printf("Name:\t\t\t%s\n", gpo->display_name);
|
|---|
| 129 | d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
|
|---|
| 130 | gpo->version,
|
|---|
| 131 | GPO_VERSION_USER(gpo->version),
|
|---|
| 132 | GPO_VERSION_MACHINE(gpo->version));
|
|---|
| 133 |
|
|---|
| 134 | result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
|
|---|
| 135 | &server, &share, &nt_path,
|
|---|
| 136 | &unix_path);
|
|---|
| 137 | if (!NT_STATUS_IS_OK(result)) {
|
|---|
| 138 | d_printf("got: %s\n", nt_errstr(result));
|
|---|
| 139 | }
|
|---|
|
|---|
