search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
release-scripts: add build-htmlman-nogit
[Samba/bb.git] / source3 / utils / net_rpc_sh_acct.c
blobf98be9c7d332869e88863d7bae3a19bb66a7f188
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "includes.h"
20 #include "popt_common.h"
21 #include "utils/net.h"
22 #include "../librpc/gen_ndr/cli_samr.h"
23 #include "../libcli/security/security.h"
24
25 /*
26 * Do something with the account policies. Read them all, run a function on
27 * them and possibly write them back. "fn" has to return the container index
28 * it has modified, it can return 0 for no change.
29 */
30
31 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
32 TALLOC_CTX *mem_ctx,
33 struct rpc_sh_ctx *ctx,
34 struct rpc_pipe_client *pipe_hnd,
35 int argc, const char **argv,
36 int (*fn)(struct net_context *c,
37 TALLOC_CTX *mem_ctx,
38 struct rpc_sh_ctx *ctx,
39 struct samr_DomInfo1 *i1,
40 struct samr_DomInfo3 *i3,
41 struct samr_DomInfo12 *i12,
42 int argc, const char **argv))
43 {
44 struct policy_handle connect_pol, domain_pol;
45 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
46 union samr_DomainInfo *info1 = NULL;
47 union samr_DomainInfo *info3 = NULL;
48 union samr_DomainInfo *info12 = NULL;
49 int store;
50
51 ZERO_STRUCT(connect_pol);
52 ZERO_STRUCT(domain_pol);
53
54 /* Get sam policy handle */
55
56 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
57 pipe_hnd->desthost,
58 MAXIMUM_ALLOWED_ACCESS,
59 &connect_pol);
60 if (!NT_STATUS_IS_OK(result)) {
61 goto done;
62 }
63
64 /* Get domain policy handle */
65
66 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
67 &connect_pol,
68 MAXIMUM_ALLOWED_ACCESS,
69 ctx->domain_sid,
70 &domain_pol);
71 if (!NT_STATUS_IS_OK(result)) {
72 goto done;
73 }
74
75 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
76 &domain_pol,
77 1,
78 &info1);
79
80 if (!NT_STATUS_IS_OK(result)) {
81 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
82 nt_errstr(result));
83 goto done;
84 }
85
86 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
87 &domain_pol,
88 3,
89 &info3);
90
91 if (!NT_STATUS_IS_OK(result)) {
92 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
93 nt_errstr(result));
94 goto done;
95 }
96
97 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
98 &domain_pol,
99 12,
100 &info12);
101
102 if (!NT_STATUS_IS_OK(result)) {
103 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
104 nt_errstr(result));
105 goto done;
106 }
107
108 store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
109 &info12->info12, argc, argv);
110
111 if (store <= 0) {
112 /* Don't save anything */
113 goto done;
114 }
115
116 switch (store) {
117 case 1:
118 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
119 &domain_pol,
120 1,
121 info1);
122 break;
123 case 3:
124 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
125 &domain_pol,
126 3,
127 info3);
128 break;
129 case 12:
130 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
131 &domain_pol,
132 12,
133 info12);
134 break;
135 default:
136 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
137 result = NT_STATUS_INTERNAL_ERROR;
138 goto done;
139 }
140
141 done:
142 if (is_valid_policy_hnd(&domain_pol)) {
143 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
144 }
145 if (is_valid_policy_hnd(&connect_pol)) {
146 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
147 }
148
149 return result;
150 }
151
152 static int account_show(struct net_context *c,
153 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
154 struct samr_DomInfo1 *i1,
155 struct samr_DomInfo3 *i3,
156 struct samr_DomInfo12 *i12,
157 int argc, const char **argv)
158 {
159 if (argc != 0) {
160 d_fprintf(stderr, "%s %s\n", _("Usage:"), ctx->whoami);
161 return -1;
162 }
163
164 d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
165 d_printf(_("Password history length: %d\n"),
166 i1->password_history_length);
167
168 d_printf(_("Minimum password age: "));
169 if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
170 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
171 d_printf(_("%d seconds\n"), (int)t);
172 } else {
173 d_printf(_("not set\n"));
174 }
175
176 d_printf(_("Maximum password age: "));
177 if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
178 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
179 d_printf(_("%d seconds\n"), (int)t);
180 } else {
181 d_printf(_("not set\n"));
182 }
183
184 d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
185
186 if (i12->lockout_threshold != 0) {
187
188 d_printf(_("Account lockout duration: "));
189 if (nt_time_is_set(&i12->lockout_duration)) {
190 time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
191 d_printf(_("%d seconds\n"), (int)t);
192 } else {
193 d_printf(_("not set\n"));
194 }
195
196 d_printf(_("Bad password count reset after: "));
197 if (nt_time_is_set(&i12->lockout_window)) {
198 time_t t = nt_time_to_unix_abs(&i12->lockout_window);
199 d_printf(_("%d seconds\n"), (int)t);
200 } else {
201 d_printf(_("not set\n"));
202 }
203 }
204
205 d_printf(_("Disconnect users when logon hours expire: %s\n"),
206 nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
207
208 d_printf(_("User must logon to change password: %s\n"),
209 (i1->password_properties & 0x2) ? _("yes") : _("no"));
210
211 return 0; /* Don't save */
212 }
213
214 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
215 TALLOC_CTX *mem_ctx,
216 struct rpc_sh_ctx *ctx,
217 struct rpc_pipe_client *pipe_hnd,
218 int argc, const char **argv) {
219 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
220 account_show);
221 }
222
223 static int account_set_badpw(struct net_context *c,
224 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
225 struct samr_DomInfo1 *i1,
226 struct samr_DomInfo3 *i3,
227 struct samr_DomInfo12 *i12,
228 int argc, const char **argv)
229 {
230 if (argc != 1) {
231 d_fprintf(stderr, "%s %s <count>\n", _("Usage:"), ctx->whoami);
232 return -1;
233 }
234
235 i12->lockout_threshold = atoi(argv[0]);
236 d_printf(_("Setting bad password count to %d\n"),
237 i12->lockout_threshold);
238
239 return 12;
240 }
241
242 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
243 TALLOC_CTX *mem_ctx,
244 struct rpc_sh_ctx *ctx,
245 struct rpc_pipe_client *pipe_hnd,
246 int argc, const char **argv)
247 {
248 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
249 account_set_badpw);
250 }
251
252 static int account_set_lockduration(struct net_context *c,
253 TALLOC_CTX *mem_ctx,
254 struct rpc_sh_ctx *ctx,
255 struct samr_DomInfo1 *i1,
256 struct samr_DomInfo3 *i3,
257 struct samr_DomInfo12 *i12,
258 int argc, const char **argv)
259 {
260 if (argc != 1) {
261 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
262 return -1;
263 }
264
265 unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
266 d_printf(_("Setting lockout duration to %d seconds\n"),
267 (int)nt_time_to_unix_abs(&i12->lockout_duration));
268
269 return 12;
270 }
271
272 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
273 TALLOC_CTX *mem_ctx,
274 struct rpc_sh_ctx *ctx,
275 struct rpc_pipe_client *pipe_hnd,
276 int argc, const char **argv)
277 {
278 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
279 account_set_lockduration);
280 }
281
282 static int account_set_resetduration(struct net_context *c,
283 TALLOC_CTX *mem_ctx,
284 struct rpc_sh_ctx *ctx,
285 struct samr_DomInfo1 *i1,
286 struct samr_DomInfo3 *i3,
287 struct samr_DomInfo12 *i12,
288 int argc, const char **argv)
289 {
290 if (argc != 1) {
291 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
292 return -1;
293 }
294
295 unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
296 d_printf(_("Setting bad password reset duration to %d seconds\n"),
297 (int)nt_time_to_unix_abs(&i12->lockout_window));
298
299 return 12;
300 }
301
302 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
303 TALLOC_CTX *mem_ctx,
304 struct rpc_sh_ctx *ctx,
305 struct rpc_pipe_client *pipe_hnd,
306 int argc, const char **argv)
307 {
308 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
309 account_set_resetduration);
310 }
311
312 static int account_set_minpwage(struct net_context *c,
313 TALLOC_CTX *mem_ctx,
314 struct rpc_sh_ctx *ctx,
315 struct samr_DomInfo1 *i1,
316 struct samr_DomInfo3 *i3,
317 struct samr_DomInfo12 *i12,
318 int argc, const char **argv)
319 {
320 if (argc != 1) {
321 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
322 return -1;
323 }
324
325 unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
326 d_printf(_("Setting minimum password age to %d seconds\n"),
327 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
328
329 return 1;
330 }
331
332 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
333 TALLOC_CTX *mem_ctx,
334 struct rpc_sh_ctx *ctx,
335 struct rpc_pipe_client *pipe_hnd,
336 int argc, const char **argv)
337 {
338 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
339 account_set_minpwage);
340 }
341
342 static int account_set_maxpwage(struct net_context *c,
343 TALLOC_CTX *mem_ctx,
344 struct rpc_sh_ctx *ctx,
345 struct samr_DomInfo1 *i1,
346 struct samr_DomInfo3 *i3,
347 struct samr_DomInfo12 *i12,
348 int argc, const char **argv)
349 {
350 if (argc != 1) {
351 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
352 return -1;
353 }
354
355 unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
356 d_printf(_("Setting maximum password age to %d seconds\n"),
357 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
358
359 return 1;
360 }
361
362 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
363 TALLOC_CTX *mem_ctx,
364 struct rpc_sh_ctx *ctx,
365 struct rpc_pipe_client *pipe_hnd,
366 int argc, const char **argv)
367 {
368 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
369 account_set_maxpwage);
370 }
371
372 static int account_set_minpwlen(struct net_context *c,
373 TALLOC_CTX *mem_ctx,
374 struct rpc_sh_ctx *ctx,
375 struct samr_DomInfo1 *i1,
376 struct samr_DomInfo3 *i3,
377 struct samr_DomInfo12 *i12,
378 int argc, const char **argv)
379 {
380 if (argc != 1) {
381 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
382 return -1;
383 }
384
385 i1->min_password_length = atoi(argv[0]);
386 d_printf(_("Setting minimum password length to %d\n"),
387 i1->min_password_length);
388
389 return 1;
390 }
391
392 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
393 TALLOC_CTX *mem_ctx,
394 struct rpc_sh_ctx *ctx,
395 struct rpc_pipe_client *pipe_hnd,
396 int argc, const char **argv)
397 {
398 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
399 account_set_minpwlen);
400 }
401
402 static int account_set_pwhistlen(struct net_context *c,
403 TALLOC_CTX *mem_ctx,
404 struct rpc_sh_ctx *ctx,
405 struct samr_DomInfo1 *i1,
406 struct samr_DomInfo3 *i3,
407 struct samr_DomInfo12 *i12,
408 int argc, const char **argv)
409 {
410 if (argc != 1) {
411 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
412 return -1;
413 }
414
415 i1->password_history_length = atoi(argv[0]);
416 d_printf(_("Setting password history length to %d\n"),
417 i1->password_history_length);
418
419 return 1;
420 }
421
422 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
423 TALLOC_CTX *mem_ctx,
424 struct rpc_sh_ctx *ctx,
425 struct rpc_pipe_client *pipe_hnd,
426 int argc, const char **argv)
427 {
428 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
429 account_set_pwhistlen);
430 }
431
432 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
433 struct rpc_sh_ctx *ctx)
434 {
435 static struct rpc_sh_cmd cmds[9] = {
436 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
437 N_("Show current account policy settings") },
438 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
439 N_("Set bad password count before lockout") },
440 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
441 N_("Set account lockout duration") },
442 { "resetduration", NULL, &ndr_table_samr.syntax_id,
443 rpc_sh_acct_set_resetduration,
444 N_("Set bad password count reset duration") },
445 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
446 N_("Set minimum password age") },
447 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
448 N_("Set maximum password age") },
449 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
450 N_("Set minimum password length") },
451 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
452 N_("Set the password history length") },
453 { NULL, NULL, 0, NULL, NULL }
454 };
455
456 return cmds;
457 }