2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "popt_common.h"
21 #include "utils/net.h"
22 #include "../librpc/gen_ndr/cli_samr.h"
25 * Do something with the account policies. Read them all, run a function on
26 * them and possibly write them back. "fn" has to return the container index
27 * it has modified, it can return 0 for no change.
30 static NTSTATUS
rpc_sh_acct_do(struct net_context
*c
,
32 struct rpc_sh_ctx
*ctx
,
33 struct rpc_pipe_client
*pipe_hnd
,
34 int argc
, const char **argv
,
35 int (*fn
)(struct net_context
*c
,
37 struct rpc_sh_ctx
*ctx
,
38 struct samr_DomInfo1
*i1
,
39 struct samr_DomInfo3
*i3
,
40 struct samr_DomInfo12
*i12
,
41 int argc
, const char **argv
))
43 struct policy_handle connect_pol
, domain_pol
;
44 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
45 union samr_DomainInfo
*info1
= NULL
;
46 union samr_DomainInfo
*info3
= NULL
;
47 union samr_DomainInfo
*info12
= NULL
;
50 ZERO_STRUCT(connect_pol
);
51 ZERO_STRUCT(domain_pol
);
53 /* Get sam policy handle */
55 result
= rpccli_samr_Connect2(pipe_hnd
, mem_ctx
,
57 MAXIMUM_ALLOWED_ACCESS
,
59 if (!NT_STATUS_IS_OK(result
)) {
63 /* Get domain policy handle */
65 result
= rpccli_samr_OpenDomain(pipe_hnd
, mem_ctx
,
67 MAXIMUM_ALLOWED_ACCESS
,
70 if (!NT_STATUS_IS_OK(result
)) {
74 result
= rpccli_samr_QueryDomainInfo(pipe_hnd
, mem_ctx
,
79 if (!NT_STATUS_IS_OK(result
)) {
80 d_fprintf(stderr
, _("query_domain_info level 1 failed: %s\n"),
85 result
= rpccli_samr_QueryDomainInfo(pipe_hnd
, mem_ctx
,
90 if (!NT_STATUS_IS_OK(result
)) {
91 d_fprintf(stderr
, _("query_domain_info level 3 failed: %s\n"),
96 result
= rpccli_samr_QueryDomainInfo(pipe_hnd
, mem_ctx
,
101 if (!NT_STATUS_IS_OK(result
)) {
102 d_fprintf(stderr
, _("query_domain_info level 12 failed: %s\n"),
107 store
= fn(c
, mem_ctx
, ctx
, &info1
->info1
, &info3
->info3
,
108 &info12
->info12
, argc
, argv
);
111 /* Don't save anything */
117 result
= rpccli_samr_SetDomainInfo(pipe_hnd
, mem_ctx
,
123 result
= rpccli_samr_SetDomainInfo(pipe_hnd
, mem_ctx
,
129 result
= rpccli_samr_SetDomainInfo(pipe_hnd
, mem_ctx
,
135 d_fprintf(stderr
, _("Got unexpected info level %d\n"), store
);
136 result
= NT_STATUS_INTERNAL_ERROR
;
141 if (is_valid_policy_hnd(&domain_pol
)) {
142 rpccli_samr_Close(pipe_hnd
, mem_ctx
, &domain_pol
);
144 if (is_valid_policy_hnd(&connect_pol
)) {
145 rpccli_samr_Close(pipe_hnd
, mem_ctx
, &connect_pol
);
151 static int account_show(struct net_context
*c
,
152 TALLOC_CTX
*mem_ctx
, struct rpc_sh_ctx
*ctx
,
153 struct samr_DomInfo1
*i1
,
154 struct samr_DomInfo3
*i3
,
155 struct samr_DomInfo12
*i12
,
156 int argc
, const char **argv
)
159 d_fprintf(stderr
, "%s %s\n", _("Usage:"), ctx
->whoami
);
163 d_printf(_("Minimum password length: %d\n"), i1
->min_password_length
);
164 d_printf(_("Password history length: %d\n"),
165 i1
->password_history_length
);
167 d_printf(_("Minimum password age: "));
168 if (!nt_time_is_zero((NTTIME
*)&i1
->min_password_age
)) {
169 time_t t
= nt_time_to_unix_abs((NTTIME
*)&i1
->min_password_age
);
170 d_printf(_("%d seconds\n"), (int)t
);
172 d_printf(_("not set\n"));
175 d_printf(_("Maximum password age: "));
176 if (nt_time_is_set((NTTIME
*)&i1
->max_password_age
)) {
177 time_t t
= nt_time_to_unix_abs((NTTIME
*)&i1
->max_password_age
);
178 d_printf(_("%d seconds\n"), (int)t
);
180 d_printf(_("not set\n"));
183 d_printf(_("Bad logon attempts: %d\n"), i12
->lockout_threshold
);
185 if (i12
->lockout_threshold
!= 0) {
187 d_printf(_("Account lockout duration: "));
188 if (nt_time_is_set(&i12
->lockout_duration
)) {
189 time_t t
= nt_time_to_unix_abs(&i12
->lockout_duration
);
190 d_printf(_("%d seconds\n"), (int)t
);
192 d_printf(_("not set\n"));
195 d_printf(_("Bad password count reset after: "));
196 if (nt_time_is_set(&i12
->lockout_window
)) {
197 time_t t
= nt_time_to_unix_abs(&i12
->lockout_window
);
198 d_printf(_("%d seconds\n"), (int)t
);
200 d_printf(_("not set\n"));
204 d_printf(_("Disconnect users when logon hours expire: %s\n"),
205 nt_time_is_zero(&i3
->force_logoff_time
) ? _("yes") : _("no"));
207 d_printf(_("User must logon to change password: %s\n"),
208 (i1
->password_properties
& 0x2) ? _("yes") : _("no"));
210 return 0; /* Don't save */
213 static NTSTATUS
rpc_sh_acct_pol_show(struct net_context
*c
,
215 struct rpc_sh_ctx
*ctx
,
216 struct rpc_pipe_client
*pipe_hnd
,
217 int argc
, const char **argv
) {
218 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
222 static int account_set_badpw(struct net_context
*c
,
223 TALLOC_CTX
*mem_ctx
, struct rpc_sh_ctx
*ctx
,
224 struct samr_DomInfo1
*i1
,
225 struct samr_DomInfo3
*i3
,
226 struct samr_DomInfo12
*i12
,
227 int argc
, const char **argv
)
230 d_fprintf(stderr
, "%s %s <count>\n", _("Usage:"), ctx
->whoami
);
234 i12
->lockout_threshold
= atoi(argv
[0]);
235 d_printf(_("Setting bad password count to %d\n"),
236 i12
->lockout_threshold
);
241 static NTSTATUS
rpc_sh_acct_set_badpw(struct net_context
*c
,
243 struct rpc_sh_ctx
*ctx
,
244 struct rpc_pipe_client
*pipe_hnd
,
245 int argc
, const char **argv
)
247 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
251 static int account_set_lockduration(struct net_context
*c
,
253 struct rpc_sh_ctx
*ctx
,
254 struct samr_DomInfo1
*i1
,
255 struct samr_DomInfo3
*i3
,
256 struct samr_DomInfo12
*i12
,
257 int argc
, const char **argv
)
260 d_fprintf(stderr
, _("Usage: %s <count>\n"), ctx
->whoami
);
264 unix_to_nt_time_abs(&i12
->lockout_duration
, atoi(argv
[0]));
265 d_printf(_("Setting lockout duration to %d seconds\n"),
266 (int)nt_time_to_unix_abs(&i12
->lockout_duration
));
271 static NTSTATUS
rpc_sh_acct_set_lockduration(struct net_context
*c
,
273 struct rpc_sh_ctx
*ctx
,
274 struct rpc_pipe_client
*pipe_hnd
,
275 int argc
, const char **argv
)
277 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
278 account_set_lockduration
);
281 static int account_set_resetduration(struct net_context
*c
,
283 struct rpc_sh_ctx
*ctx
,
284 struct samr_DomInfo1
*i1
,
285 struct samr_DomInfo3
*i3
,
286 struct samr_DomInfo12
*i12
,
287 int argc
, const char **argv
)
290 d_fprintf(stderr
, _("Usage: %s <count>\n"), ctx
->whoami
);
294 unix_to_nt_time_abs(&i12
->lockout_window
, atoi(argv
[0]));
295 d_printf(_("Setting bad password reset duration to %d seconds\n"),
296 (int)nt_time_to_unix_abs(&i12
->lockout_window
));
301 static NTSTATUS
rpc_sh_acct_set_resetduration(struct net_context
*c
,
303 struct rpc_sh_ctx
*ctx
,
304 struct rpc_pipe_client
*pipe_hnd
,
305 int argc
, const char **argv
)
307 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
308 account_set_resetduration
);
311 static int account_set_minpwage(struct net_context
*c
,
313 struct rpc_sh_ctx
*ctx
,
314 struct samr_DomInfo1
*i1
,
315 struct samr_DomInfo3
*i3
,
316 struct samr_DomInfo12
*i12
,
317 int argc
, const char **argv
)
320 d_fprintf(stderr
, _("Usage: %s <count>\n"), ctx
->whoami
);
324 unix_to_nt_time_abs((NTTIME
*)&i1
->min_password_age
, atoi(argv
[0]));
325 d_printf(_("Setting minimum password age to %d seconds\n"),
326 (int)nt_time_to_unix_abs((NTTIME
*)&i1
->min_password_age
));
331 static NTSTATUS
rpc_sh_acct_set_minpwage(struct net_context
*c
,
333 struct rpc_sh_ctx
*ctx
,
334 struct rpc_pipe_client
*pipe_hnd
,
335 int argc
, const char **argv
)
337 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
338 account_set_minpwage
);
341 static int account_set_maxpwage(struct net_context
*c
,
343 struct rpc_sh_ctx
*ctx
,
344 struct samr_DomInfo1
*i1
,
345 struct samr_DomInfo3
*i3
,
346 struct samr_DomInfo12
*i12
,
347 int argc
, const char **argv
)
350 d_fprintf(stderr
, _("Usage: %s <count>\n"), ctx
->whoami
);
354 unix_to_nt_time_abs((NTTIME
*)&i1
->max_password_age
, atoi(argv
[0]));
355 d_printf(_("Setting maximum password age to %d seconds\n"),
356 (int)nt_time_to_unix_abs((NTTIME
*)&i1
->max_password_age
));
361 static NTSTATUS
rpc_sh_acct_set_maxpwage(struct net_context
*c
,
363 struct rpc_sh_ctx
*ctx
,
364 struct rpc_pipe_client
*pipe_hnd
,
365 int argc
, const char **argv
)
367 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
368 account_set_maxpwage
);
371 static int account_set_minpwlen(struct net_context
*c
,
373 struct rpc_sh_ctx
*ctx
,
374 struct samr_DomInfo1
*i1
,
375 struct samr_DomInfo3
*i3
,
376 struct samr_DomInfo12
*i12
,
377 int argc
, const char **argv
)
380 d_fprintf(stderr
, _("Usage: %s <count>\n"), ctx
->whoami
);
384 i1
->min_password_length
= atoi(argv
[0]);
385 d_printf(_("Setting minimum password length to %d\n"),
386 i1
->min_password_length
);
391 static NTSTATUS
rpc_sh_acct_set_minpwlen(struct net_context
*c
,
393 struct rpc_sh_ctx
*ctx
,
394 struct rpc_pipe_client
*pipe_hnd
,
395 int argc
, const char **argv
)
397 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
398 account_set_minpwlen
);
401 static int account_set_pwhistlen(struct net_context
*c
,
403 struct rpc_sh_ctx
*ctx
,
404 struct samr_DomInfo1
*i1
,
405 struct samr_DomInfo3
*i3
,
406 struct samr_DomInfo12
*i12
,
407 int argc
, const char **argv
)
410 d_fprintf(stderr
, _("Usage: %s <count>\n"), ctx
->whoami
);
414 i1
->password_history_length
= atoi(argv
[0]);
415 d_printf(_("Setting password history length to %d\n"),
416 i1
->password_history_length
);
421 static NTSTATUS
rpc_sh_acct_set_pwhistlen(struct net_context
*c
,
423 struct rpc_sh_ctx
*ctx
,
424 struct rpc_pipe_client
*pipe_hnd
,
425 int argc
, const char **argv
)
427 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
428 account_set_pwhistlen
);
431 struct rpc_sh_cmd
*net_rpc_acct_cmds(struct net_context
*c
, TALLOC_CTX
*mem_ctx
,
432 struct rpc_sh_ctx
*ctx
)
434 static struct rpc_sh_cmd cmds
[9] = {
435 { "show", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_pol_show
,
436 N_("Show current account policy settings") },
437 { "badpw", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_badpw
,
438 N_("Set bad password count before lockout") },
439 { "lockduration", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_lockduration
,
440 N_("Set account lockout duration") },
441 { "resetduration", NULL
, &ndr_table_samr
.syntax_id
,
442 rpc_sh_acct_set_resetduration
,
443 N_("Set bad password count reset duration") },
444 { "minpwage", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_minpwage
,
445 N_("Set minimum password age") },
446 { "maxpwage", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_maxpwage
,
447 N_("Set maximum password age") },
448 { "minpwlen", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_minpwlen
,
449 N_("Set minimum password length") },
450 { "pwhistlen", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_pwhistlen
,
451 N_("Set the password history length") },
452 { NULL
, NULL
, 0, NULL
, NULL
}