static int ads_group_delete(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; void *res; char *groupdn; if (argc < 1) { return net_ads_group_usage(argc, argv); } if (!(ads = ads_startup())) { return -1; } rc = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(rc)) { DEBUG(0, ("Group %s does not exist\n", argv[0])); ads_destroy(&ads); return -1; } groupdn = ads_get_dn(ads, res); ads_msgfree(ads, res); rc = ads_del_dn(ads, groupdn); ads_memfree(ads, groupdn); if (!ADS_ERR_OK(rc)) { d_printf("Group %s deleted\n", argv[0]); ads_destroy(&ads); return 0; } d_printf("Error deleting group %s: %s\n", argv[0], ads_errstr(rc)); ads_destroy(&ads); return -1; }
/* determine the netbios workgroup name for a domain */ static int net_ads_workgroup(int argc, const char **argv) { ADS_STRUCT *ads; TALLOC_CTX *ctx; const char *workgroup; if (!(ads = ads_startup())) return -1; if (!(ctx = talloc_init("net_ads_workgroup"))) { ads_destroy(&ads); return -1; } if (!ADS_ERR_OK(ads_workgroup_name(ads, ctx, &workgroup))) { d_printf("Failed to find workgroup for realm '%s'\n", ads->config.realm); talloc_destroy(ctx); ads_destroy(&ads); return -1; } d_printf("Workgroup: %s\n", workgroup); talloc_destroy(ctx); ads_destroy(&ads); return 0; }
int net_ads_group(int argc, const char **argv) { struct functable func[] = { {"ADD", ads_group_add}, {"DELETE", ads_group_delete}, {NULL, NULL} }; ADS_STRUCT *ads; ADS_STATUS rc; const char *shortattrs[] = {"sAMAccountName", NULL}; const char *longattrs[] = {"sAMAccountName", "description", NULL}; char *disp_fields[2] = {NULL, NULL}; if (argc == 0) { if (!(ads = ads_startup())) { return -1; } if (opt_long_list_entries) d_printf("\nGroup name Comment"\ "\n-----------------------------\n"); rc = ads_do_search_all_fn(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, "(objectclass=group)", opt_long_list_entries ? longattrs : shortattrs, usergrp_display, disp_fields); ads_destroy(&ads); return 0; } return net_run_function(argc, argv, func, net_ads_group_usage); }
static int net_ads_status(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; void *res; if (!(ads = ads_startup())) { return -1; } rc = ads_find_machine_acct(ads, &res, global_myname()); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("No machine account for '%s' found\n", global_myname()); ads_destroy(&ads); return -1; } ads_dump(ads, res); ads_destroy(&ads); return 0; }
static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS rc; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } if (!opt_password) { net_use_machine_password(); } if (!(ads = ads_startup())) { return -1; } rc = ads_leave_realm(ads, global_myname()); if (!ADS_ERR_OK(rc)) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", global_myname(), ads->config.realm); ads_destroy(&ads); return -1; } d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm); ads_destroy(&ads); return 0; }
static int net_ads_printer_search(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; void *res = NULL; if (!(ads = ads_startup())) { return -1; } rc = ads_find_printers(ads, &res); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_printer: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("No results found\n"); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } ads_dump(ads, res); ads_msgfree(ads, res); ads_destroy(&ads); return 0; }
/* Check to see if connection can be made via ads. ads_startup() stores the password in opt_password if it needs to so that rpc or rap can use it without re-prompting. */ int net_ads_check(void) { ADS_STRUCT *ads; ads = ads_startup(); if (!ads) return -1; ads_destroy(&ads); return 0; }
static int net_ads_keytab_create(int argc, const char **argv) { ADS_STRUCT *ads; int ret; if (!(ads = ads_startup())) { return -1; } ret = ads_keytab_create_default(ads); ads_destroy(&ads); return ret; }
static int net_ads_keytab_flush(int argc, const char **argv) { int ret; ADS_STRUCT *ads; if (!(ads = ads_startup())) { return -1; } ret = ads_keytab_flush(ads); ads_destroy(&ads); return ret; }
static int net_ads_printer_remove(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; const char *servername; char *prt_dn; void *res = NULL; if (!(ads = ads_startup())) { return -1; } if (argc < 1) { return net_ads_printer_usage(argc, argv); } if (argc > 1) { servername = argv[1]; } else { servername = global_myname(); } rc = ads_find_printer_on_server(ads, &res, argv[0], servername); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("Printer '%s' not found\n", argv[1]); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } prt_dn = ads_get_dn(ads, res); ads_msgfree(ads, res); rc = ads_del_dn(ads, prt_dn); ads_memfree(ads, prt_dn); if (!ADS_ERR_OK(rc)) { d_printf("ads_del_dn: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } ads_destroy(&ads); return 0; }
static int ads_user_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; void *res; const char *attrs[] = {"memberOf", NULL}; char *searchstring=NULL; char **grouplist; char *escaped_user = escape_ldap_string_alloc(argv[0]); if (argc < 1) { return net_ads_user_usage(argc, argv); } if (!(ads = ads_startup())) { return -1; } if (!escaped_user) { d_printf("ads_user_info: failed to escape user %s\n", argv[0]); ads_destroy(&ads); return -1; } asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user); rc = ads_search(ads, &res, searchstring, attrs); safe_free(searchstring); if (!ADS_ERR_OK(rc)) { d_printf("ads_search: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } grouplist = ldap_get_values(ads->ld, res, "memberOf"); if (grouplist) { int i; char **groupname; for (i=0;grouplist[i];i++) { groupname = ldap_explode_dn(grouplist[i], 1); d_printf("%s\n", groupname[0]); ldap_value_free(groupname); } ldap_value_free(grouplist); } ads_msgfree(ads, res); ads_destroy(&ads); return 0; }
int net_ads_changetrustpw(int argc, const char **argv) { ADS_STRUCT *ads; char *host_principal; fstring my_name; ADS_STATUS ret; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } net_use_machine_password(); use_in_memory_ccache(); if (!(ads = ads_startup())) { return -1; } fstrcpy(my_name, global_myname()); strlower_m(my_name); asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); d_printf("Changing password for principal: HOST/%s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; } d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { d_printf("Attempting to update system keytab with new password.\n"); if (ads_keytab_create_default(ads)) { d_printf("Failed to update system keytab.\n"); } } ads_destroy(&ads); SAFE_FREE(host_principal); return 0; }
static int net_ads_keytab_add(int argc, const char **argv) { int i; int ret = 0; ADS_STRUCT *ads; d_printf("Processing principals to add...\n"); if (!(ads = ads_startup())) { return -1; } for (i = 0; i < argc; i++) { ret |= ads_keytab_add_entry(ads, argv[i]); } ads_destroy(&ads); return ret; }
static int net_ads_gpo_get_gpo(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; TALLOC_CTX *mem_ctx; struct GROUP_POLICY_OBJECT gpo; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" "net ads gpo getgpo <gpo>\n" " List speciefied GPO\n" " gpo\t\tGPO to list\n"); return -1; } mem_ctx = talloc_init("ads_gpo_get_gpo"); if (mem_ctx == NULL) { return -1; } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { goto out; } if (strnequal(argv[0], "CN={", strlen("CN={"))) { status = ads_get_gpo(ads, mem_ctx, argv[0], NULL, NULL, &gpo); } else { status = ads_get_gpo(ads, mem_ctx, NULL, argv[0], NULL, &gpo); } if (!ADS_ERR_OK(status)) { d_printf("get gpo for [%s] failed: %s\n", argv[0], ads_errstr(status)); goto out; } dump_gpo(ads, mem_ctx, &gpo, 1); out: talloc_destroy(mem_ctx); ads_destroy(&ads); return 0; }
static int net_ads_printer_info(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; const char *servername, *printername; void *res = NULL; if (!(ads = ads_startup())) { return -1; } if (argc > 0) { printername = argv[0]; } else { printername = "*"; } if (argc > 1) { servername = argv[1]; } else { servername = global_myname(); } rc = ads_find_printer_on_server(ads, &res, printername, servername); if (!ADS_ERR_OK(rc)) { d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc)); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } if (ads_count_replies(ads, res) == 0) { d_printf("Printer '%s' not found\n", printername); ads_msgfree(ads, res); ads_destroy(&ads); return -1; } ads_dump(ads, res); ads_msgfree(ads, res); ads_destroy(&ads); return 0; }
static int net_ads_join_ok(void) { ADS_STRUCT *ads = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } net_use_machine_password(); if (!(ads = ads_startup())) { return -1; } ads_destroy(&ads); return 0; }
static int net_ads_gpo_link_add(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; uint32 gpo_opt = 0; TALLOC_CTX *mem_ctx; if (argc < 2 || c->display_usage) { d_printf("Usage:\n" "net ads gpo linkadd <linkdn> <gpodn> [options]\n" " Link a container to a GPO\n" " linkdn\tContainer to link to a GPO\n" " gpodn\tGPO to link container to\n"); d_printf("note: DNs must be provided properly escaped.\n"); d_printf("See RFC 4514 for details\n"); return -1; } mem_ctx = talloc_init("add_gpo_link"); if (mem_ctx == NULL) { return -1; } if (argc == 3) { gpo_opt = atoi(argv[2]); } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { goto out; } status = ads_add_gpo_link(ads, mem_ctx, argv[0], argv[1], gpo_opt); if (!ADS_ERR_OK(status)) { d_printf("link add failed: %s\n", ads_errstr(status)); goto out; } out: talloc_destroy(mem_ctx); ads_destroy(&ads); return 0; }
static int ads_group_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; void *res=NULL; int rc = -1; if (argc < 1) { return net_ads_group_usage(argc, argv); } if (!(ads = ads_startup())) { return -1; } status = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(status)) { d_printf("ads_group_add: %s\n", ads_errstr(status)); goto done; } if (ads_count_replies(ads, res)) { d_printf("ads_group_add: Group %s already exists\n", argv[0]); ads_msgfree(ads, res); goto done; } status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment); if (ADS_ERR_OK(status)) { d_printf("Group %s added\n", argv[0]); rc = 0; } else { d_printf("Could not add group %s: %s\n", argv[0], ads_errstr(status)); } done: if (res) ads_msgfree(ads, res); ads_destroy(&ads); return rc; }
static int net_ads_gpo_link_get(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; TALLOC_CTX *mem_ctx; struct GP_LINK gp_link; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" "net ads gpo linkget <container>\n" " Lists gPLink of a containter\n" " container\tContainer to get link for\n"); return -1; } mem_ctx = talloc_init("add_gpo_link"); if (mem_ctx == NULL) { return -1; } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { goto out; } status = ads_get_gpo_link(ads, mem_ctx, argv[0], &gp_link); if (!ADS_ERR_OK(status)) { d_printf("get link for %s failed: %s\n", argv[0], ads_errstr(status)); goto out; } dump_gplink(ads, mem_ctx, &gp_link); out: talloc_destroy(mem_ctx); ads_destroy(&ads); return 0; }
/* general ADS search function. Useful in diagnosing problems in ADS */ static int net_ads_search(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; const char *ldap_exp; const char **attrs; void *res = NULL; if (argc < 1) { return net_ads_search_usage(argc, argv); } if (!(ads = ads_startup())) { return -1; } ldap_exp = argv[0]; attrs = (argv + 1); rc = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, ldap_exp, attrs, &res); if (!ADS_ERR_OK(rc)) { d_printf("search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); /* dump the results */ ads_dump(ads, res); ads_msgfree(ads, res); ads_destroy(&ads); return 0; }
/* general ADS search function. Useful in diagnosing problems in ADS */ static int net_ads_dn(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; const char *dn; const char **attrs; void *res = NULL; if (argc < 1) { return net_ads_dn_usage(argc, argv); } if (!(ads = ads_startup())) { return -1; } dn = argv[0]; attrs = (argv + 1); rc = ads_do_search_all(ads, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(rc)) { d_printf("search failed: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } d_printf("Got %d replies\n\n", ads_count_replies(ads, res)); /* dump the results */ ads_dump(ads, res); ads_msgfree(ads, res); ads_destroy(&ads); return 0; }
static int net_ads_gpo_link_delete(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; TALLOC_CTX *mem_ctx; if (argc < 2 || c->display_usage) { d_printf("Usage:\n" "net ads gpo linkdelete <linkdn> <gpodn>\n" " Delete a GPO link\n" " <linkdn>\tContainer to delete GPO from\n" " <gpodn>\tGPO to delete from container\n"); return -1; } mem_ctx = talloc_init("delete_gpo_link"); if (mem_ctx == NULL) { return -1; } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { goto out; } status = ads_delete_gpo_link(ads, mem_ctx, argv[0], argv[1]); if (!ADS_ERR_OK(status)) { d_printf("delete link failed: %s\n", ads_errstr(status)); goto out; } out: talloc_destroy(mem_ctx); ads_destroy(&ads); return 0; }
static int ads_user_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; char *upn, *userdn; void *res=NULL; int rc = -1; if (argc < 1) return net_ads_user_usage(argc, argv); if (!(ads = ads_startup())) { return -1; } status = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(status)) { d_printf("ads_user_add: %s\n", ads_errstr(status)); goto done; } if (ads_count_replies(ads, res)) { d_printf("ads_user_add: User %s already exists\n", argv[0]); goto done; } status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment); if (!ADS_ERR_OK(status)) { d_printf("Could not add user %s: %s\n", argv[0], ads_errstr(status)); goto done; } /* if no password is to be set, we're done */ if (argc == 1) { d_printf("User %s added\n", argv[0]); rc = 0; goto done; } /* try setting the password */ asprintf(&upn, "%s@%s", argv[0], ads->config.realm); status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1], ads->auth.time_offset); safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); rc = 0; goto done; } /* password didn't set, delete account */ d_printf("Could not add user %s. Error setting password %s\n", argv[0], ads_errstr(status)); ads_msgfree(ads, res); status=ads_find_user_acct(ads, &res, argv[0]); if (ADS_ERR_OK(status)) { userdn = ads_get_dn(ads, res); ads_del_dn(ads, userdn); ads_memfree(ads, userdn); } done: if (res) ads_msgfree(ads, res); ads_destroy(&ads); return rc; }
/* join a domain using ADS */ int net_ads_join(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; char *password; char *machine_account = NULL; char *tmp_password; const char *org_unit = "Computers"; char *dn; void *res; DOM_SID dom_sid; char *ou_str; uint32 sec_channel_type = SEC_CHAN_WKSTA; uint32 account_type = UF_WORKSTATION_TRUST_ACCOUNT; const char *short_domain_name = NULL; TALLOC_CTX *ctx = NULL; if (argc > 0) { org_unit = argv[0]; } if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); if (!(ads = ads_startup())) { return -1; } if (!*lp_realm()) { d_printf("realm must be set in in smb.conf for ADS join to succeed.\n"); ads_destroy(&ads); return -1; } if (strcmp(ads->config.realm, lp_realm()) != 0) { d_printf("realm of remote server (%s) and realm in smb.conf (%s) DO NOT match. Aborting join\n", ads->config.realm, lp_realm()); ads_destroy(&ads); return -1; } ou_str = ads_ou_string(org_unit); asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); free(ou_str); rc = ads_search_dn(ads, &res, dn, NULL); ads_msgfree(ads, res); if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) { d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", org_unit, dn); ads_destroy(&ads); return -1; } free(dn); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } rc = ads_join_realm(ads, global_myname(), account_type, org_unit); if (!ADS_ERR_OK(rc)) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } rc = ads_domain_sid(ads, &dom_sid); if (!ADS_ERR_OK(rc)) { d_printf("ads_domain_sid: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } if (asprintf(&machine_account, "%s$", global_myname()) == -1) { d_printf("asprintf failed\n"); ads_destroy(&ads); return -1; } rc = ads_set_machine_password(ads, machine_account, password); if (!ADS_ERR_OK(rc)) { d_printf("ads_set_machine_password: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } /* make sure we get the right workgroup */ if ( !(ctx = talloc_init("net ads join")) ) { d_printf("talloc_init() failed!\n"); ads_destroy(&ads); return -1; } rc = ads_workgroup_name(ads, ctx, &short_domain_name); if ( ADS_ERR_OK(rc) ) { if ( !strequal(lp_workgroup(), short_domain_name) ) { d_printf("The workgroup in smb.conf does not match the short\n"); d_printf("domain name obtained from the server.\n"); d_printf("Using the name [%s] from the server.\n", short_domain_name); d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); } } else { short_domain_name = lp_workgroup(); } d_printf("Using short domain name -- %s\n", short_domain_name); /* HACK ALRET! Store the sid and password under bother the lp_workgroup() value from smb.conf and the string returned from the server. The former is neede to bootstrap winbindd's first connection to the DC to get the real short domain name --jerry */ if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) { DEBUG(1,("Failed to save domain sid\n")); ads_destroy(&ads); return -1; } if (!secrets_store_machine_password(password, lp_workgroup(), sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); ads_destroy(&ads); return -1; } if (!secrets_store_domain_sid(short_domain_name, &dom_sid)) { DEBUG(1,("Failed to save domain sid\n")); ads_destroy(&ads); return -1; } if (!secrets_store_machine_password(password, short_domain_name, sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); ads_destroy(&ads); return -1; } /* Now build the keytab, using the same ADS connection */ if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) { DEBUG(1,("Error creating host keytab!\n")); } d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); SAFE_FREE(password); SAFE_FREE(machine_account); if ( ctx ) { talloc_destroy(ctx); } ads_destroy(&ads); return 0; }
static int net_ads_gpo_list(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; LDAPMessage *res = NULL; TALLOC_CTX *mem_ctx; const char *dn = NULL; uint32 uac = 0; uint32 flags = 0; struct GROUP_POLICY_OBJECT *gpo_list; struct nt_user_token *token = NULL; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" "net ads gpo list <username|machinename>\n" " Lists all GPOs for machine/user\n" " username\tUser to list GPOs for\n" " machinename\tMachine to list GPOs for\n"); return -1; } mem_ctx = talloc_init("net_ads_gpo_list"); if (mem_ctx == NULL) { goto out; } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { goto out; } status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn); if (!ADS_ERR_OK(status)) { goto out; } if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { flags |= GPO_LIST_FLAG_MACHINE; } d_printf("%s: '%s' has dn: '%s'\n", (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user", argv[0], dn); if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { status = gp_get_machine_token(ads, mem_ctx, dn, &token); } else { status = ads_get_sid_token(ads, mem_ctx, dn, &token); } if (!ADS_ERR_OK(status)) { goto out; } status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list); if (!ADS_ERR_OK(status)) { goto out; } dump_gpo_list(ads, mem_ctx, gpo_list, 0); out: ads_msgfree(ads, res); talloc_destroy(mem_ctx); ads_destroy(&ads); return 0; }
static int net_ads_gpo_apply(struct net_context *c, int argc, const char **argv) { TALLOC_CTX *mem_ctx; ADS_STRUCT *ads; ADS_STATUS status; const char *dn = NULL; struct GROUP_POLICY_OBJECT *gpo_list; uint32 uac = 0; uint32 flags = 0; struct nt_user_token *token = NULL; const char *filter = NULL; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" "net ads gpo apply <username|machinename>\n" " Apply GPOs for machine/user\n" " username\tUsername to apply GPOs for\n" " machinename\tMachine to apply GPOs for\n"); return -1; } mem_ctx = talloc_init("net_ads_gpo_apply"); if (mem_ctx == NULL) { goto out; } if (argc >= 2) { filter = cse_gpo_name_to_guid_string(argv[1]); } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { d_printf("got: %s\n", ads_errstr(status)); goto out; } status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn); if (!ADS_ERR_OK(status)) { d_printf("failed to find samaccount for %s: %s\n", argv[0], ads_errstr(status)); goto out; } if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { flags |= GPO_LIST_FLAG_MACHINE; } if (opt_verbose) { flags |= GPO_INFO_FLAG_VERBOSE; } d_printf("%s: '%s' has dn: '%s'\n", (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user", argv[0], dn); if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { status = gp_get_machine_token(ads, mem_ctx, dn, &token); } else { status = ads_get_sid_token(ads, mem_ctx, dn, &token); } if (!ADS_ERR_OK(status)) { goto out; } status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list); if (!ADS_ERR_OK(status)) { goto out; } status = gpo_process_gpo_list(ads, mem_ctx, token, gpo_list, filter, flags); if (!ADS_ERR_OK(status)) { d_printf("failed to process gpo list: %s\n", ads_errstr(status)); goto out; } out: ads_destroy(&ads); talloc_destroy(mem_ctx); return 0; }
static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **argv) { TALLOC_CTX *mem_ctx; ADS_STRUCT *ads; ADS_STATUS status; const char *dn = NULL; struct GROUP_POLICY_OBJECT *gpo_list = NULL; struct GROUP_POLICY_OBJECT *read_list = NULL; uint32 uac = 0; uint32 flags = 0; struct GROUP_POLICY_OBJECT *gpo; NTSTATUS result; struct nt_user_token *token = NULL; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" "net ads gpo refresh <username|machinename>\n" " Lists all GPOs assigned to an account and " "downloads them\n" " username\tUser to refresh GPOs for\n" " machinename\tMachine to refresh GPOs for\n"); return -1; } mem_ctx = talloc_init("net_ads_gpo_refresh"); if (mem_ctx == NULL) { return -1; } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { d_printf("failed to connect AD server: %s\n", ads_errstr(status)); goto out; } status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn); if (!ADS_ERR_OK(status)) { d_printf("failed to find samaccount for %s\n", argv[0]); goto out; } if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { flags |= GPO_LIST_FLAG_MACHINE; } d_printf("\n%s: '%s' has dn: '%s'\n\n", (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user", argv[0], dn); d_printf("* fetching token "); if (uac & UF_WORKSTATION_TRUST_ACCOUNT) { status = gp_get_machine_token(ads, mem_ctx, dn, &token); } else { status = ads_get_sid_token(ads, mem_ctx, dn, &token); } if (!ADS_ERR_OK(status)) { d_printf("failed: %s\n", ads_errstr(status)); goto out; } d_printf("finished\n"); d_printf("* fetching GPO List "); status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list); if (!ADS_ERR_OK(status)) { d_printf("failed: %s\n", ads_errstr(status)); goto out; } d_printf("finished\n"); d_printf("* refreshing Group Policy Data "); if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, flags, gpo_list))) { d_printf("failed: %s\n", nt_errstr(result)); goto out; } d_printf("finished\n"); d_printf("* storing GPO list to registry "); { WERROR werr = gp_reg_state_store(mem_ctx, flags, dn, token, gpo_list); if (!W_ERROR_IS_OK(werr)) { d_printf("failed: %s\n", win_errstr(werr)); goto out; } } d_printf("finished\n"); if (c->opt_verbose) { d_printf("* dumping GPO list\n"); for (gpo = gpo_list; gpo; gpo = gpo->next) { dump_gpo(ads, mem_ctx, gpo, 0); #if 0 char *server, *share, *nt_path, *unix_path; d_printf("--------------------------------------\n"); d_printf("Name:\t\t\t%s\n", gpo->display_name); d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n", gpo->version, GPO_VERSION_USER(gpo->version), GPO_VERSION_MACHINE(gpo->version)); result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, &server, &share, &nt_path, &unix_path); if (!NT_STATUS_IS_OK(result)) { d_printf("got: %s\n", nt_errstr(result)); } d_printf("GPO stored on server: %s, share: %s\n", server, share); d_printf("\tremote path:\t%s\n", nt_path); d_printf("\tlocal path:\t%s\n", unix_path); #endif } } d_printf("* re-reading GPO list from registry "); { WERROR werr = gp_reg_state_read(mem_ctx, flags, &token->user_sids[0], &read_list); if (!W_ERROR_IS_OK(werr)) { d_printf("failed: %s\n", win_errstr(werr)); goto out; } } d_printf("finished\n"); if (c->opt_verbose) { d_printf("* dumping GPO list from registry\n"); for (gpo = read_list; gpo; gpo = gpo->next) { dump_gpo(ads, mem_ctx, gpo, 0); #if 0 char *server, *share, *nt_path, *unix_path; d_printf("--------------------------------------\n"); d_printf("Name:\t\t\t%s\n", gpo->display_name); d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n", gpo->version, GPO_VERSION_USER(gpo->version), GPO_VERSION_MACHINE(gpo->version)); result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, &server, &share, &nt_path, &unix_path); if (!NT_STATUS_IS_OK(result)) { d_printf("got: %s\n", nt_errstr(result)); } d_printf("GPO stored on server: %s, share: %s\n", server, share); d_printf("\tremote path:\t%s\n", nt_path); d_printf("\tlocal path:\t%s\n", unix_path); #endif } } out: ads_destroy(&ads); talloc_destroy(mem_ctx); return 0; }
static int net_ads_printer_publish(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS rc; const char *servername, *printername; struct cli_state *cli; struct in_addr server_ip; NTSTATUS nt_status; TALLOC_CTX *mem_ctx = talloc_init("net_ads_printer_publish"); ADS_MODLIST mods = ads_init_mods(mem_ctx); char *prt_dn, *srv_dn, **srv_cn; void *res = NULL; if (!(ads = ads_startup())) { return -1; } if (argc < 1) { return net_ads_printer_usage(argc, argv); } printername = argv[0]; if (argc == 2) { servername = argv[1]; } else { servername = global_myname(); } /* Get printer data from SPOOLSS */ resolve_name(servername, &server_ip, 0x20); nt_status = cli_full_connection(&cli, global_myname(), servername, &server_ip, 0, "IPC$", "IPC", opt_user_name, opt_workgroup, opt_password ? opt_password : "", CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); if (NT_STATUS_IS_ERR(nt_status)) { d_printf("Unable to open a connnection to %s to obtain data " "for %s\n", servername, printername); ads_destroy(&ads); return -1; } /* Publish on AD server */ ads_find_machine_acct(ads, &res, servername); if (ads_count_replies(ads, res) == 0) { d_printf("Could not find machine account for server %s\n", servername); ads_destroy(&ads); return -1; } srv_dn = ldap_get_dn(ads->ld, res); srv_cn = ldap_explode_dn(srv_dn, 1); asprintf(&prt_dn, "cn=%s-%s,%s", srv_cn[0], printername, srv_dn); cli_nt_session_open(cli, PI_SPOOLSS); get_remote_printer_publishing_data(cli, mem_ctx, &mods, printername); rc = ads_add_printer_entry(ads, prt_dn, mem_ctx, &mods); if (!ADS_ERR_OK(rc)) { d_printf("ads_publish_printer: %s\n", ads_errstr(rc)); ads_destroy(&ads); return -1; } d_printf("published printer\n"); ads_destroy(&ads); return 0; }
static int net_ads_gpo_list_all(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; LDAPMessage *res = NULL; int num_reply = 0; LDAPMessage *msg = NULL; struct GROUP_POLICY_OBJECT gpo; TALLOC_CTX *mem_ctx; char *dn; const char *attrs[] = { "versionNumber", "flags", "gPCFileSysPath", "displayName", "name", "gPCMachineExtensionNames", "gPCUserExtensionNames", "ntSecurityDescriptor", NULL }; if (c->display_usage) { d_printf("Usage:\n" "net ads gpo listall\n" " List all GPOs on the DC\n"); return 0; } mem_ctx = talloc_init("net_ads_gpo_list_all"); if (mem_ctx == NULL) { return -1; } status = ads_startup(c, false, &ads); if (!ADS_ERR_OK(status)) { goto out; } status = ads_do_search_all_sd_flags(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, "(objectclass=groupPolicyContainer)", attrs, DACL_SECURITY_INFORMATION, &res); if (!ADS_ERR_OK(status)) { d_printf("search failed: %s\n", ads_errstr(status)); goto out; } num_reply = ads_count_replies(ads, res); d_printf("Got %d replies\n\n", num_reply); /* dump the results */ for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { if ((dn = ads_get_dn(ads, mem_ctx, msg)) == NULL) { goto out; } status = ads_parse_gpo(ads, mem_ctx, msg, dn, &gpo); if (!ADS_ERR_OK(status)) { d_printf("ads_parse_gpo failed: %s\n", ads_errstr(status)); goto out; } dump_gpo(ads, mem_ctx, &gpo, 0); } out: ads_msgfree(ads, res); TALLOC_FREE(mem_ctx); ads_destroy(&ads); return 0; }