search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-dcerpc: Pull packet in the caller, before validation
[Samba.git] / source3 / utils / net_rpc_sh_acct.c
blob435af091e300bb67e2109178fa421194fce1edc9
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "includes.h"
20 #include "popt_common.h"
21 #include "utils/net.h"
22 #include "../librpc/gen_ndr/cli_samr.h"
23
24 /*
25 * Do something with the account policies. Read them all, run a function on
26 * them and possibly write them back. "fn" has to return the container index
27 * it has modified, it can return 0 for no change.
28 */
29
30 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
31 TALLOC_CTX *mem_ctx,
32 struct rpc_sh_ctx *ctx,
33 struct rpc_pipe_client *pipe_hnd,
34 int argc, const char **argv,
35 int (*fn)(struct net_context *c,
36 TALLOC_CTX *mem_ctx,
37 struct rpc_sh_ctx *ctx,
38 struct samr_DomInfo1 *i1,
39 struct samr_DomInfo3 *i3,
40 struct samr_DomInfo12 *i12,
41 int argc, const char **argv))
42 {
43 struct policy_handle connect_pol, domain_pol;
44 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
45 union samr_DomainInfo *info1 = NULL;
46 union samr_DomainInfo *info3 = NULL;
47 union samr_DomainInfo *info12 = NULL;
48 int store;
49
50 ZERO_STRUCT(connect_pol);
51 ZERO_STRUCT(domain_pol);
52
53 /* Get sam policy handle */
54
55 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
56 pipe_hnd->desthost,
57 MAXIMUM_ALLOWED_ACCESS,
58 &connect_pol);
59 if (!NT_STATUS_IS_OK(result)) {
60 goto done;
61 }
62
63 /* Get domain policy handle */
64
65 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
66 &connect_pol,
67 MAXIMUM_ALLOWED_ACCESS,
68 ctx->domain_sid,
69 &domain_pol);
70 if (!NT_STATUS_IS_OK(result)) {
71 goto done;
72 }
73
74 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
75 &domain_pol,
76 1,
77 &info1);
78
79 if (!NT_STATUS_IS_OK(result)) {
80 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
81 nt_errstr(result));
82 goto done;
83 }
84
85 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
86 &domain_pol,
87 3,
88 &info3);
89
90 if (!NT_STATUS_IS_OK(result)) {
91 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
92 nt_errstr(result));
93 goto done;
94 }
95
96 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
97 &domain_pol,
98 12,
99 &info12);
100
101 if (!NT_STATUS_IS_OK(result)) {
102 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
103 nt_errstr(result));
104 goto done;
105 }
106
107 store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
108 &info12->info12, argc, argv);
109
110 if (store <= 0) {
111 /* Don't save anything */
112 goto done;
113 }
114
115 switch (store) {
116 case 1:
117 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
118 &domain_pol,
119 1,
120 info1);
121 break;
122 case 3:
123 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
124 &domain_pol,
125 3,
126 info3);
127 break;
128 case 12:
129 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
130 &domain_pol,
131 12,
132 info12);
133 break;
134 default:
135 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
136 result = NT_STATUS_INTERNAL_ERROR;
137 goto done;
138 }
139
140 done:
141 if (is_valid_policy_hnd(&domain_pol)) {
142 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
143 }
144 if (is_valid_policy_hnd(&connect_pol)) {
145 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
146 }
147
148 return result;
149 }
150
151 static int account_show(struct net_context *c,
152 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
153 struct samr_DomInfo1 *i1,
154 struct samr_DomInfo3 *i3,
155 struct samr_DomInfo12 *i12,
156 int argc, const char **argv)
157 {
158 if (argc != 0) {
159 d_fprintf(stderr, "%s %s\n", _("Usage:"), ctx->whoami);
160 return -1;
161 }
162
163 d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
164 d_printf(_("Password history length: %d\n"),
165 i1->password_history_length);
166
167 d_printf(_("Minimum password age: "));
168 if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
169 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
170 d_printf(_("%d seconds\n"), (int)t);
171 } else {
172 d_printf(_("not set\n"));
173 }
174
175 d_printf(_("Maximum password age: "));
176 if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
177 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
178 d_printf(_("%d seconds\n"), (int)t);
179 } else {
180 d_printf(_("not set\n"));
181 }
182
183 d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
184
185 if (i12->lockout_threshold != 0) {
186
187 d_printf(_("Account lockout duration: "));
188 if (nt_time_is_set(&i12->lockout_duration)) {
189 time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
190 d_printf(_("%d seconds\n"), (int)t);
191 } else {
192 d_printf(_("not set\n"));
193 }
194
195 d_printf(_("Bad password count reset after: "));
196 if (nt_time_is_set(&i12->lockout_window)) {
197 time_t t = nt_time_to_unix_abs(&i12->lockout_window);
198 d_printf(_("%d seconds\n"), (int)t);
199 } else {
200 d_printf(_("not set\n"));
201 }
202 }
203
204 d_printf(_("Disconnect users when logon hours expire: %s\n"),
205 nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
206
207 d_printf(_("User must logon to change password: %s\n"),
208 (i1->password_properties & 0x2) ? _("yes") : _("no"));
209
210 return 0; /* Don't save */
211 }
212
213 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
214 TALLOC_CTX *mem_ctx,
215 struct rpc_sh_ctx *ctx,
216 struct rpc_pipe_client *pipe_hnd,
217 int argc, const char **argv) {
218 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
219 account_show);
220 }
221
222 static int account_set_badpw(struct net_context *c,
223 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
224 struct samr_DomInfo1 *i1,
225 struct samr_DomInfo3 *i3,
226 struct samr_DomInfo12 *i12,
227 int argc, const char **argv)
228 {
229 if (argc != 1) {
230 d_fprintf(stderr, "%s %s <count>\n", _("Usage:"), ctx->whoami);
231 return -1;
232 }
233
234 i12->lockout_threshold = atoi(argv[0]);
235 d_printf(_("Setting bad password count to %d\n"),
236 i12->lockout_threshold);
237
238 return 12;
239 }
240
241 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
242 TALLOC_CTX *mem_ctx,
243 struct rpc_sh_ctx *ctx,
244 struct rpc_pipe_client *pipe_hnd,
245 int argc, const char **argv)
246 {
247 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
248 account_set_badpw);
249 }
250
251 static int account_set_lockduration(struct net_context *c,
252 TALLOC_CTX *mem_ctx,
253 struct rpc_sh_ctx *ctx,
254 struct samr_DomInfo1 *i1,
255 struct samr_DomInfo3 *i3,
256 struct samr_DomInfo12 *i12,
257 int argc, const char **argv)
258 {
259 if (argc != 1) {
260 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
261 return -1;
262 }
263
264 unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
265 d_printf(_("Setting lockout duration to %d seconds\n"),
266 (int)nt_time_to_unix_abs(&i12->lockout_duration));
267
268 return 12;
269 }
270
271 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
272 TALLOC_CTX *mem_ctx,
273 struct rpc_sh_ctx *ctx,
274 struct rpc_pipe_client *pipe_hnd,
275 int argc, const char **argv)
276 {
277 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
278 account_set_lockduration);
279 }
280
281 static int account_set_resetduration(struct net_context *c,
282 TALLOC_CTX *mem_ctx,
283 struct rpc_sh_ctx *ctx,
284 struct samr_DomInfo1 *i1,
285 struct samr_DomInfo3 *i3,
286 struct samr_DomInfo12 *i12,
287 int argc, const char **argv)
288 {
289 if (argc != 1) {
290 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
291 return -1;
292 }
293
294 unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
295 d_printf(_("Setting bad password reset duration to %d seconds\n"),
296 (int)nt_time_to_unix_abs(&i12->lockout_window));
297
298 return 12;
299 }
300
301 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
302 TALLOC_CTX *mem_ctx,
303 struct rpc_sh_ctx *ctx,
304 struct rpc_pipe_client *pipe_hnd,
305 int argc, const char **argv)
306 {
307 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
308 account_set_resetduration);
309 }
310
311 static int account_set_minpwage(struct net_context *c,
312 TALLOC_CTX *mem_ctx,
313 struct rpc_sh_ctx *ctx,
314 struct samr_DomInfo1 *i1,
315 struct samr_DomInfo3 *i3,
316 struct samr_DomInfo12 *i12,
317 int argc, const char **argv)
318 {
319 if (argc != 1) {
320 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
321 return -1;
322 }
323
324 unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
325 d_printf(_("Setting minimum password age to %d seconds\n"),
326 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
327
328 return 1;
329 }
330
331 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
332 TALLOC_CTX *mem_ctx,
333 struct rpc_sh_ctx *ctx,
334 struct rpc_pipe_client *pipe_hnd,
335 int argc, const char **argv)
336 {
337 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
338 account_set_minpwage);
339 }
340
341 static int account_set_maxpwage(struct net_context *c,
342 TALLOC_CTX *mem_ctx,
343 struct rpc_sh_ctx *ctx,
344 struct samr_DomInfo1 *i1,
345 struct samr_DomInfo3 *i3,
346 struct samr_DomInfo12 *i12,
347 int argc, const char **argv)
348 {
349 if (argc != 1) {
350 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
351 return -1;
352 }
353
354 unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
355 d_printf(_("Setting maximum password age to %d seconds\n"),
356 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
357
358 return 1;
359 }
360
361 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
362 TALLOC_CTX *mem_ctx,
363 struct rpc_sh_ctx *ctx,
364 struct rpc_pipe_client *pipe_hnd,
365 int argc, const char **argv)
366 {
367 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
368 account_set_maxpwage);
369 }
370
371 static int account_set_minpwlen(struct net_context *c,
372 TALLOC_CTX *mem_ctx,
373 struct rpc_sh_ctx *ctx,
374 struct samr_DomInfo1 *i1,
375 struct samr_DomInfo3 *i3,
376 struct samr_DomInfo12 *i12,
377 int argc, const char **argv)
378 {
379 if (argc != 1) {
380 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
381 return -1;
382 }
383
384 i1->min_password_length = atoi(argv[0]);
385 d_printf(_("Setting minimum password length to %d\n"),
386 i1->min_password_length);
387
388 return 1;
389 }
390
391 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
392 TALLOC_CTX *mem_ctx,
393 struct rpc_sh_ctx *ctx,
394 struct rpc_pipe_client *pipe_hnd,
395 int argc, const char **argv)
396 {
397 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
398 account_set_minpwlen);
399 }
400
401 static int account_set_pwhistlen(struct net_context *c,
402 TALLOC_CTX *mem_ctx,
403 struct rpc_sh_ctx *ctx,
404 struct samr_DomInfo1 *i1,
405 struct samr_DomInfo3 *i3,
406 struct samr_DomInfo12 *i12,
407 int argc, const char **argv)
408 {
409 if (argc != 1) {
410 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
411 return -1;
412 }
413
414 i1->password_history_length = atoi(argv[0]);
415 d_printf(_("Setting password history length to %d\n"),
416 i1->password_history_length);
417
418 return 1;
419 }
420
421 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
422 TALLOC_CTX *mem_ctx,
423 struct rpc_sh_ctx *ctx,
424 struct rpc_pipe_client *pipe_hnd,
425 int argc, const char **argv)
426 {
427 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
428 account_set_pwhistlen);
429 }
430
431 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
432 struct rpc_sh_ctx *ctx)
433 {
434 static struct rpc_sh_cmd cmds[9] = {
435 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
436 N_("Show current account policy settings") },
437 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
438 N_("Set bad password count before lockout") },
439 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
440 N_("Set account lockout duration") },
441 { "resetduration", NULL, &ndr_table_samr.syntax_id,
442 rpc_sh_acct_set_resetduration,
443 N_("Set bad password count reset duration") },
444 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
445 N_("Set minimum password age") },
446 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
447 N_("Set maximum password age") },
448 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
449 N_("Set minimum password length") },
450 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
451 N_("Set the password history length") },
452 { NULL, NULL, 0, NULL, NULL }
453 };
454
455 return cmds;
456 }
Samba GIT mirror