From a4cb72790cfc8f267f8574de3eea8634aed62e57 Mon Sep 17 00:00:00 2001 From: Wilco Baan Hofman Date: Fri, 23 Apr 2010 19:12:01 +0200 Subject: Implemented delete group policy link function and corresponding feature in net gpo. Signed-off-by: Jelmer Vernooij --- source4/lib/policy/gp_ldap.c | 70 +++++++++++++++++++++++++++++++++++++++++++- source4/utils/net/net_gpo.c | 40 +++++++++++++++++++++++-- 2 files changed, 107 insertions(+), 3 deletions(-) diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c index e1faed1362..2d8d4f921c 100644 --- a/source4/lib/policy/gp_ldap.c +++ b/source4/lib/policy/gp_ldap.c @@ -579,7 +579,7 @@ NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_ while (*start != ']' && *start != '\0') { start++; } - gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s\n", gplink_str, gplink->options, start); + gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s", gplink_str, gplink->options, start); } else { /* Prepend the new GPO link to the string. This list is backwards in priority. */ @@ -588,6 +588,74 @@ NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_ + msg = ldb_msg_new(mem_ctx); + msg->dn = dn; + + rv = ldb_msg_add_string(msg, "gPLink", gplink_str); + if (rv != 0) { + DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; + + rv = ldb_modify(gp_ctx->ldb_ctx, msg); + if (rv != 0) { + DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + talloc_free(mem_ctx); + return NT_STATUS_OK; +} + +NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char *gplink_dn) +{ + TALLOC_CTX *mem_ctx; + struct ldb_result *result; + struct ldb_dn *dn; + struct ldb_message *msg; + const char *attrs[] = { "gPLink", NULL }; + const char *gplink_str; + int rv; + char *p; + + /* Create a forked memory context, as a base for everything here */ + mem_ctx = talloc_new(gp_ctx); + + dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str); + + rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)"); + if (rv != LDB_SUCCESS) { + DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + if (result->count != 1) { + talloc_free(mem_ctx); + return NT_STATUS_NOT_FOUND; + } + + gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", ""); + + /* If this GPO link already exists, alter the options, else add it */ + p = strcasestr(gplink_str, talloc_asprintf(mem_ctx, "[LDAP://%s", gplink_dn)); + if (p == NULL) { + talloc_free(mem_ctx); + return NT_STATUS_NOT_FOUND; + } + + *p = '\0'; + p++; + while (*p != ']' && *p != '\0') { + p++; + } + p++; + gplink_str = talloc_asprintf(mem_ctx, "%s%s", gplink_str, p); + + msg = ldb_msg_new(mem_ctx); msg->dn = dn; diff --git a/source4/utils/net/net_gpo.c b/source4/utils/net/net_gpo.c index ca85bb4f58..61e10bc395 100644 --- a/source4/utils/net/net_gpo.c +++ b/source4/utils/net/net_gpo.c @@ -313,7 +313,43 @@ static int net_gpo_link_set(struct net_context *ctx, int argc, const char **argv DEBUG(0, ("Failed to set GPO link on container: %s\n", get_friendly_nt_error_msg(status))); return 1; } - d_printf("Added link to container.\n"); + d_printf("Set link on container.\nCurrent Group Policy links:\n"); + + /* Display current links */ + net_gpo_link_get(ctx, 1, argv); + + talloc_free(gp_ctx); + return 0; +} + +static int net_gpo_link_del_usage(struct net_context *ctx, int argc, const char **argv) +{ + d_printf("Syntax: net gpo linkdel [options]\n"); + d_printf("For a list of available options, please type net gpo linkdel --help\n"); + return 0; +} + +static int net_gpo_link_del(struct net_context *ctx, int argc, const char **argv) +{ + struct gp_context *gp_ctx; + NTSTATUS status; + + if (argc != 2) { + return net_gpo_link_del_usage(ctx, argc, argv); + } + + status = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status))); + return 1; + } + + status = gp_del_gplink(gp_ctx, argv[0], argv[1]); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to delete gplink: %s\n", get_friendly_nt_error_msg(status))); + return 1; + } + d_printf("Deleted gplink.\nCurrent Group Policy links:\n\n"); /* Display current links */ net_gpo_link_get(ctx, 1, argv); @@ -327,7 +363,7 @@ static const struct net_functable net_gpo_functable[] = { { "getgpo", "List specificied GPO\n", net_gpo_get_gpo, net_gpo_get_gpo_usage }, { "linkget", "List gPLink of container\n", net_gpo_link_get, net_gpo_link_get_usage }, { "linkset", "Link a GPO to a container\n", net_gpo_link_set, net_gpo_link_set_usage }, -/* { "linkdelete", "Delete GPO link from a container\n", net_gpo_link_delete, net_gpo_usage }, */ + { "linkdel", "Delete GPO link from a container\n", net_gpo_link_del, net_gpo_link_del_usage }, { "list", "List all GPO's for a machine/user\n", net_gpo_list, net_gpo_list_usage }, /* { "apply", "Apply GPO to container\n", net_gpo_apply, net_gpo_usage }, */ // { "refresh", "List all GPO's for machine/user and download them\n", net_gpo_refresh, net_gpo_refresh_usage }, -- cgit