3 # implement samba_tool gpo commands
5 # Copyright Andrew Tridgell 2010
7 # based on C implementation by Guenther Deschner and Wilco Baan Hofman
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 import samba.getopt as options
26 from samba.auth import system_session
27 from samba.netcmd import (
33 from samba.samdb import SamDB
34 from samba import drs_utils, nttime2string, dsdb
35 from samba.dcerpc import misc
38 def samdb_connect(ctx):
39 '''make a ldap connection to the server'''
41 ctx.samdb = SamDB(url=ctx.url,
42 session_info=system_session(),
43 credentials=ctx.creds, lp=ctx.lp)
44 except Exception, estr:
45 raise CommandError("LDAP connection to %s failed - %s" % (ctx.url, estr))
48 def attr_default(msg, attrname, default):
49 '''get an attribute from a ldap msg with a default'''
51 return msg[attrname][0]
55 def flags_string(flags, value):
56 '''return a set of flags as a string'''
60 for (str, val) in flags:
65 ret += '0x%08x' % value
69 class cmd_listall(Command):
72 synopsis = "%prog gpo listall"
74 takes_optiongroups = {
75 "sambaopts": options.SambaOptions,
76 "versionopts": options.VersionOptions,
77 "credopts": options.CredentialsOptions,
81 Option("-H", help="LDB URL for database or target server", type=str)
84 def run(self, H=None, sambaopts=None,
85 credopts=None, versionopts=None, server=None):
88 self.lp = sambaopts.get_loadparm()
90 self.creds = credopts.get_credentials(self.lp)
91 if not self.creds.authentication_requested():
92 self.creds.set_machine_account(self.lp)
96 policies_dn = self.samdb.get_default_basedn()
97 policies_dn.add_child(ldb.Dn(self.samdb, "CN=Policies,CN=System"))
100 ("GPO_FLAG_USER_DISABLE", dsdb.GPO_FLAG_USER_DISABLE ),
101 ( "GPO_FLAG_MACHINE_DISABLE", dsdb.GPO_FLAG_MACHINE_DISABLE ) ]
103 msg = self.samdb.search(base=policies_dn, scope=ldb.SCOPE_ONELEVEL,
104 expression="(objectClass=groupPolicyContainer)",
105 attrs=['nTSecurityDescriptor', 'versionNumber', 'flags', 'name', 'displayName', 'gPCFileSysPath'])
107 print("GPO : %s" % m['name'][0])
108 print("display name : %s" % m['displayName'][0])
109 print("path : %s" % m['gPCFileSysPath'][0])
110 print("dn : %s" % m.dn)
111 print("version : %s" % attr_default(m, 'version', '0'))
112 print("flags : %s" % flags_string(gpo_flags, int(attr_default(m, 'flags', 0))))
116 class cmd_gpo(SuperCommand):
120 subcommands["listall"] = cmd_listall()