2
Samba Unix/Linux SMB client library
3
Distributed SMB/CIFS Server Management Utility
4
Copyright (C) 2006 Volker Lendecke (vl@samba.org)
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
21
#include "utils/net.h"
24
* Do something with the account policies. Read them all, run a function on
25
* them and possibly write them back. "fn" has to return the container index
26
* it has modified, it can return 0 for no change.
29
static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
30
struct rpc_sh_ctx *ctx,
31
struct rpc_pipe_client *pipe_hnd,
32
int argc, const char **argv,
33
BOOL (*fn)(TALLOC_CTX *mem_ctx,
34
struct rpc_sh_ctx *ctx,
38
int argc, const char **argv))
40
POLICY_HND connect_pol, domain_pol;
41
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
42
SAM_UNK_CTR ctr1, ctr3, ctr12;
45
ZERO_STRUCT(connect_pol);
46
ZERO_STRUCT(domain_pol);
48
/* Get sam policy handle */
50
result = rpccli_samr_connect(pipe_hnd, mem_ctx,
51
MAXIMUM_ALLOWED_ACCESS,
53
if (!NT_STATUS_IS_OK(result)) {
57
/* Get domain policy handle */
59
result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
60
MAXIMUM_ALLOWED_ACCESS,
61
ctx->domain_sid, &domain_pol);
62
if (!NT_STATUS_IS_OK(result)) {
66
result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
69
if (!NT_STATUS_IS_OK(result)) {
70
d_fprintf(stderr, "query_domain_info level 1 failed: %s\n",
75
result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
78
if (!NT_STATUS_IS_OK(result)) {
79
d_fprintf(stderr, "query_domain_info level 3 failed: %s\n",
84
result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
87
if (!NT_STATUS_IS_OK(result)) {
88
d_fprintf(stderr, "query_domain_info level 12 failed: %s\n",
93
store = fn(mem_ctx, ctx, &ctr1.info.inf1, &ctr3.info.inf3,
94
&ctr12.info.inf12, argc, argv);
97
/* Don't save anything */
103
result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
104
&domain_pol, 1, &ctr1);
107
result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
108
&domain_pol, 3, &ctr3);
111
result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
112
&domain_pol, 12, &ctr12);
115
d_fprintf(stderr, "Got unexpected info level %d\n", store);
116
result = NT_STATUS_INTERNAL_ERROR;
121
if (is_valid_policy_hnd(&domain_pol)) {
122
rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
124
if (is_valid_policy_hnd(&connect_pol)) {
125
rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
131
static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
132
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
133
SAM_UNK_INFO_12 *i12,
134
int argc, const char **argv)
137
d_fprintf(stderr, "usage: %s\n", ctx->whoami);
141
d_printf("Minimum password length: %d\n", i1->min_length_password);
142
d_printf("Password history length: %d\n", i1->password_history);
144
d_printf("Minimum password age: ");
145
if (!nt_time_is_zero(&i1->min_passwordage)) {
146
time_t t = nt_time_to_unix_abs(&i1->min_passwordage);
147
d_printf("%d seconds\n", (int)t);
149
d_printf("not set\n");
152
d_printf("Maximum password age: ");
153
if (nt_time_is_set(&i1->expire)) {
154
time_t t = nt_time_to_unix_abs(&i1->expire);
155
d_printf("%d seconds\n", (int)t);
157
d_printf("not set\n");
160
d_printf("Bad logon attempts: %d\n", i12->bad_attempt_lockout);
162
if (i12->bad_attempt_lockout != 0) {
164
d_printf("Account lockout duration: ");
165
if (nt_time_is_set(&i12->duration)) {
166
time_t t = nt_time_to_unix_abs(&i12->duration);
167
d_printf("%d seconds\n", (int)t);
169
d_printf("not set\n");
172
d_printf("Bad password count reset after: ");
173
if (nt_time_is_set(&i12->reset_count)) {
174
time_t t = nt_time_to_unix_abs(&i12->reset_count);
175
d_printf("%d seconds\n", (int)t);
177
d_printf("not set\n");
181
d_printf("Disconnect users when logon hours expire: %s\n",
182
nt_time_is_zero(&i3->logout) ? "yes" : "no");
184
d_printf("User must logon to change password: %s\n",
185
(i1->password_properties & 0x2) ? "yes" : "no");
187
return 0; /* Don't save */
190
static NTSTATUS rpc_sh_acct_pol_show(TALLOC_CTX *mem_ctx,
191
struct rpc_sh_ctx *ctx,
192
struct rpc_pipe_client *pipe_hnd,
193
int argc, const char **argv) {
194
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
198
static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
199
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
200
SAM_UNK_INFO_12 *i12,
201
int argc, const char **argv)
204
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
208
i12->bad_attempt_lockout = atoi(argv[0]);
209
d_printf("Setting bad password count to %d\n",
210
i12->bad_attempt_lockout);
215
static NTSTATUS rpc_sh_acct_set_badpw(TALLOC_CTX *mem_ctx,
216
struct rpc_sh_ctx *ctx,
217
struct rpc_pipe_client *pipe_hnd,
218
int argc, const char **argv)
220
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
224
static int account_set_lockduration(TALLOC_CTX *mem_ctx,
225
struct rpc_sh_ctx *ctx,
226
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
227
SAM_UNK_INFO_12 *i12,
228
int argc, const char **argv)
231
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
235
unix_to_nt_time_abs(&i12->duration, atoi(argv[0]));
236
d_printf("Setting lockout duration to %d seconds\n",
237
(int)nt_time_to_unix_abs(&i12->duration));
242
static NTSTATUS rpc_sh_acct_set_lockduration(TALLOC_CTX *mem_ctx,
243
struct rpc_sh_ctx *ctx,
244
struct rpc_pipe_client *pipe_hnd,
245
int argc, const char **argv)
247
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
248
account_set_lockduration);
251
static int account_set_resetduration(TALLOC_CTX *mem_ctx,
252
struct rpc_sh_ctx *ctx,
253
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
254
SAM_UNK_INFO_12 *i12,
255
int argc, const char **argv)
258
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
262
unix_to_nt_time_abs(&i12->reset_count, atoi(argv[0]));
263
d_printf("Setting bad password reset duration to %d seconds\n",
264
(int)nt_time_to_unix_abs(&i12->reset_count));
269
static NTSTATUS rpc_sh_acct_set_resetduration(TALLOC_CTX *mem_ctx,
270
struct rpc_sh_ctx *ctx,
271
struct rpc_pipe_client *pipe_hnd,
272
int argc, const char **argv)
274
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
275
account_set_resetduration);
278
static int account_set_minpwage(TALLOC_CTX *mem_ctx,
279
struct rpc_sh_ctx *ctx,
280
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
281
SAM_UNK_INFO_12 *i12,
282
int argc, const char **argv)
285
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
289
unix_to_nt_time_abs(&i1->min_passwordage, atoi(argv[0]));
290
d_printf("Setting minimum password age to %d seconds\n",
291
(int)nt_time_to_unix_abs(&i1->min_passwordage));
296
static NTSTATUS rpc_sh_acct_set_minpwage(TALLOC_CTX *mem_ctx,
297
struct rpc_sh_ctx *ctx,
298
struct rpc_pipe_client *pipe_hnd,
299
int argc, const char **argv)
301
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
302
account_set_minpwage);
305
static int account_set_maxpwage(TALLOC_CTX *mem_ctx,
306
struct rpc_sh_ctx *ctx,
307
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
308
SAM_UNK_INFO_12 *i12,
309
int argc, const char **argv)
312
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
316
unix_to_nt_time_abs(&i1->expire, atoi(argv[0]));
317
d_printf("Setting maximum password age to %d seconds\n",
318
(int)nt_time_to_unix_abs(&i1->expire));
323
static NTSTATUS rpc_sh_acct_set_maxpwage(TALLOC_CTX *mem_ctx,
324
struct rpc_sh_ctx *ctx,
325
struct rpc_pipe_client *pipe_hnd,
326
int argc, const char **argv)
328
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
329
account_set_maxpwage);
332
static int account_set_minpwlen(TALLOC_CTX *mem_ctx,
333
struct rpc_sh_ctx *ctx,
334
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
335
SAM_UNK_INFO_12 *i12,
336
int argc, const char **argv)
339
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
343
i1->min_length_password = atoi(argv[0]);
344
d_printf("Setting minimum password length to %d\n",
345
i1->min_length_password);
350
static NTSTATUS rpc_sh_acct_set_minpwlen(TALLOC_CTX *mem_ctx,
351
struct rpc_sh_ctx *ctx,
352
struct rpc_pipe_client *pipe_hnd,
353
int argc, const char **argv)
355
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
356
account_set_minpwlen);
359
static int account_set_pwhistlen(TALLOC_CTX *mem_ctx,
360
struct rpc_sh_ctx *ctx,
361
SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
362
SAM_UNK_INFO_12 *i12,
363
int argc, const char **argv)
366
d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
370
i1->password_history = atoi(argv[0]);
371
d_printf("Setting password history length to %d\n",
372
i1->password_history);
377
static NTSTATUS rpc_sh_acct_set_pwhistlen(TALLOC_CTX *mem_ctx,
378
struct rpc_sh_ctx *ctx,
379
struct rpc_pipe_client *pipe_hnd,
380
int argc, const char **argv)
382
return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
383
account_set_pwhistlen);
386
struct rpc_sh_cmd *net_rpc_acct_cmds(TALLOC_CTX *mem_ctx,
387
struct rpc_sh_ctx *ctx)
389
static struct rpc_sh_cmd cmds[9] = {
390
{ "show", NULL, PI_SAMR, rpc_sh_acct_pol_show,
391
"Show current account policy settings" },
392
{ "badpw", NULL, PI_SAMR, rpc_sh_acct_set_badpw,
393
"Set bad password count before lockout" },
394
{ "lockduration", NULL, PI_SAMR, rpc_sh_acct_set_lockduration,
395
"Set account lockout duration" },
396
{ "resetduration", NULL, PI_SAMR,
397
rpc_sh_acct_set_resetduration,
398
"Set bad password count reset duration" },
399
{ "minpwage", NULL, PI_SAMR, rpc_sh_acct_set_minpwage,
400
"Set minimum password age" },
401
{ "maxpwage", NULL, PI_SAMR, rpc_sh_acct_set_maxpwage,
402
"Set maximum password age" },
403
{ "minpwlen", NULL, PI_SAMR, rpc_sh_acct_set_minpwlen,
404
"Set minimum password length" },
405
{ "pwhistlen", NULL, PI_SAMR, rpc_sh_acct_set_pwhistlen,
406
"Set the password history length" },
407
{ NULL, NULL, 0, NULL, NULL }