search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
packaging(RHEL-CTDB): move the idmap and nss_info modules to the common package
[Samba/gbeck.git] / source3 / utils / net_rpc_sh_acct.c
blob83ce3551d1c3ef4d2dc4ff8c0c1e174f5a5fec26
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "includes.h"
20 #include "utils/net.h"
21
22 /*
23 * Do something with the account policies. Read them all, run a function on
24 * them and possibly write them back. "fn" has to return the container index
25 * it has modified, it can return 0 for no change.
26 */
27
28 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
29 TALLOC_CTX *mem_ctx,
30 struct rpc_sh_ctx *ctx,
31 struct rpc_pipe_client *pipe_hnd,
32 int argc, const char **argv,
33 int (*fn)(struct net_context *c,
34 TALLOC_CTX *mem_ctx,
35 struct rpc_sh_ctx *ctx,
36 struct samr_DomInfo1 *i1,
37 struct samr_DomInfo3 *i3,
38 struct samr_DomInfo12 *i12,
39 int argc, const char **argv))
40 {
41 struct policy_handle connect_pol, domain_pol;
42 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
43 union samr_DomainInfo *info1 = NULL;
44 union samr_DomainInfo *info3 = NULL;
45 union samr_DomainInfo *info12 = NULL;
46 int store;
47
48 ZERO_STRUCT(connect_pol);
49 ZERO_STRUCT(domain_pol);
50
51 /* Get sam policy handle */
52
53 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
54 pipe_hnd->desthost,
55 MAXIMUM_ALLOWED_ACCESS,
56 &connect_pol);
57 if (!NT_STATUS_IS_OK(result)) {
58 goto done;
59 }
60
61 /* Get domain policy handle */
62
63 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
64 &connect_pol,
65 MAXIMUM_ALLOWED_ACCESS,
66 ctx->domain_sid,
67 &domain_pol);
68 if (!NT_STATUS_IS_OK(result)) {
69 goto done;
70 }
71
72 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
73 &domain_pol,
74 1,
75 &info1);
76
77 if (!NT_STATUS_IS_OK(result)) {
78 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
79 nt_errstr(result));
80 goto done;
81 }
82
83 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
84 &domain_pol,
85 3,
86 &info3);
87
88 if (!NT_STATUS_IS_OK(result)) {
89 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
90 nt_errstr(result));
91 goto done;
92 }
93
94 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
95 &domain_pol,
96 12,
97 &info12);
98
99 if (!NT_STATUS_IS_OK(result)) {
100 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
101 nt_errstr(result));
102 goto done;
103 }
104
105 store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
106 &info12->info12, argc, argv);
107
108 if (store <= 0) {
109 /* Don't save anything */
110 goto done;
111 }
112
113 switch (store) {
114 case 1:
115 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
116 &domain_pol,
117 1,
118 info1);
119 break;
120 case 3:
121 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
122 &domain_pol,
123 3,
124 info3);
125 break;
126 case 12:
127 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
128 &domain_pol,
129 12,
130 info12);
131 break;
132 default:
133 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
134 result = NT_STATUS_INTERNAL_ERROR;
135 goto done;
136 }
137
138 done:
139 if (is_valid_policy_hnd(&domain_pol)) {
140 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
141 }
142 if (is_valid_policy_hnd(&connect_pol)) {
143 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
144 }
145
146 return result;
147 }
148
149 static int account_show(struct net_context *c,
150 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
151 struct samr_DomInfo1 *i1,
152 struct samr_DomInfo3 *i3,
153 struct samr_DomInfo12 *i12,
154 int argc, const char **argv)
155 {
156 if (argc != 0) {
157 d_fprintf(stderr, _("usage: %s\n"), ctx->whoami);
158 return -1;
159 }
160
161 d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
162 d_printf(_("Password history length: %d\n"),
163 i1->password_history_length);
164
165 d_printf(_("Minimum password age: "));
166 if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
167 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
168 d_printf(_("%d seconds\n"), (int)t);
169 } else {
170 d_printf(_("not set\n"));
171 }
172
173 d_printf(_("Maximum password age: "));
174 if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
175 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
176 d_printf(_("%d seconds\n"), (int)t);
177 } else {
178 d_printf(_("not set\n"));
179 }
180
181 d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
182
183 if (i12->lockout_threshold != 0) {
184
185 d_printf(_("Account lockout duration: "));
186 if (nt_time_is_set(&i12->lockout_duration)) {
187 time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
188 d_printf(_("%d seconds\n"), (int)t);
189 } else {
190 d_printf(_("not set\n"));
191 }
192
193 d_printf(_("Bad password count reset after: "));
194 if (nt_time_is_set(&i12->lockout_window)) {
195 time_t t = nt_time_to_unix_abs(&i12->lockout_window);
196 d_printf(_("%d seconds\n"), (int)t);
197 } else {
198 d_printf(_("not set\n"));
199 }
200 }
201
202 d_printf(_("Disconnect users when logon hours expire: %s\n"),
203 nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
204
205 d_printf(_("User must logon to change password: %s\n"),
206 (i1->password_properties & 0x2) ? _("yes") : _("no"));
207
208 return 0; /* Don't save */
209 }
210
211 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
212 TALLOC_CTX *mem_ctx,
213 struct rpc_sh_ctx *ctx,
214 struct rpc_pipe_client *pipe_hnd,
215 int argc, const char **argv) {
216 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
217 account_show);
218 }
219
220 static int account_set_badpw(struct net_context *c,
221 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
222 struct samr_DomInfo1 *i1,
223 struct samr_DomInfo3 *i3,
224 struct samr_DomInfo12 *i12,
225 int argc, const char **argv)
226 {
227 if (argc != 1) {
228 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
229 return -1;
230 }
231
232 i12->lockout_threshold = atoi(argv[0]);
233 d_printf(_("Setting bad password count to %d\n"),
234 i12->lockout_threshold);
235
236 return 12;
237 }
238
239 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
240 TALLOC_CTX *mem_ctx,
241 struct rpc_sh_ctx *ctx,
242 struct rpc_pipe_client *pipe_hnd,
243 int argc, const char **argv)
244 {
245 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
246 account_set_badpw);
247 }
248
249 static int account_set_lockduration(struct net_context *c,
250 TALLOC_CTX *mem_ctx,
251 struct rpc_sh_ctx *ctx,
252 struct samr_DomInfo1 *i1,
253 struct samr_DomInfo3 *i3,
254 struct samr_DomInfo12 *i12,
255 int argc, const char **argv)
256 {
257 if (argc != 1) {
258 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
259 return -1;
260 }
261
262 unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
263 d_printf(_("Setting lockout duration to %d seconds\n"),
264 (int)nt_time_to_unix_abs(&i12->lockout_duration));
265
266 return 12;
267 }
268
269 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
270 TALLOC_CTX *mem_ctx,
271 struct rpc_sh_ctx *ctx,
272 struct rpc_pipe_client *pipe_hnd,
273 int argc, const char **argv)
274 {
275 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
276 account_set_lockduration);
277 }
278
279 static int account_set_resetduration(struct net_context *c,
280 TALLOC_CTX *mem_ctx,
281 struct rpc_sh_ctx *ctx,
282 struct samr_DomInfo1 *i1,
283 struct samr_DomInfo3 *i3,
284 struct samr_DomInfo12 *i12,
285 int argc, const char **argv)
286 {
287 if (argc != 1) {
288 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
289 return -1;
290 }
291
292 unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
293 d_printf(_("Setting bad password reset duration to %d seconds\n"),
294 (int)nt_time_to_unix_abs(&i12->lockout_window));
295
296 return 12;
297 }
298
299 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
300 TALLOC_CTX *mem_ctx,
301 struct rpc_sh_ctx *ctx,
302 struct rpc_pipe_client *pipe_hnd,
303 int argc, const char **argv)
304 {
305 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
306 account_set_resetduration);
307 }
308
309 static int account_set_minpwage(struct net_context *c,
310 TALLOC_CTX *mem_ctx,
311 struct rpc_sh_ctx *ctx,
312 struct samr_DomInfo1 *i1,
313 struct samr_DomInfo3 *i3,
314 struct samr_DomInfo12 *i12,
315 int argc, const char **argv)
316 {
317 if (argc != 1) {
318 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
319 return -1;
320 }
321
322 unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
323 d_printf(_("Setting minimum password age to %d seconds\n"),
324 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
325
326 return 1;
327 }
328
329 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
330 TALLOC_CTX *mem_ctx,
331 struct rpc_sh_ctx *ctx,
332 struct rpc_pipe_client *pipe_hnd,
333 int argc, const char **argv)
334 {
335 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
336 account_set_minpwage);
337 }
338
339 static int account_set_maxpwage(struct net_context *c,
340 TALLOC_CTX *mem_ctx,
341 struct rpc_sh_ctx *ctx,
342 struct samr_DomInfo1 *i1,
343 struct samr_DomInfo3 *i3,
344 struct samr_DomInfo12 *i12,
345 int argc, const char **argv)
346 {
347 if (argc != 1) {
348 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
349 return -1;
350 }
351
352 unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
353 d_printf(_("Setting maximum password age to %d seconds\n"),
354 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
355
356 return 1;
357 }
358
359 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
360 TALLOC_CTX *mem_ctx,
361 struct rpc_sh_ctx *ctx,
362 struct rpc_pipe_client *pipe_hnd,
363 int argc, const char **argv)
364 {
365 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
366 account_set_maxpwage);
367 }
368
369 static int account_set_minpwlen(struct net_context *c,
370 TALLOC_CTX *mem_ctx,
371 struct rpc_sh_ctx *ctx,
372 struct samr_DomInfo1 *i1,
373 struct samr_DomInfo3 *i3,
374 struct samr_DomInfo12 *i12,
375 int argc, const char **argv)
376 {
377 if (argc != 1) {
378 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
379 return -1;
380 }
381
382 i1->min_password_length = atoi(argv[0]);
383 d_printf(_("Setting minimum password length to %d\n"),
384 i1->min_password_length);
385
386 return 1;
387 }
388
389 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
390 TALLOC_CTX *mem_ctx,
391 struct rpc_sh_ctx *ctx,
392 struct rpc_pipe_client *pipe_hnd,
393 int argc, const char **argv)
394 {
395 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
396 account_set_minpwlen);
397 }
398
399 static int account_set_pwhistlen(struct net_context *c,
400 TALLOC_CTX *mem_ctx,
401 struct rpc_sh_ctx *ctx,
402 struct samr_DomInfo1 *i1,
403 struct samr_DomInfo3 *i3,
404 struct samr_DomInfo12 *i12,
405 int argc, const char **argv)
406 {
407 if (argc != 1) {
408 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
409 return -1;
410 }
411
412 i1->password_history_length = atoi(argv[0]);
413 d_printf(_("Setting password history length to %d\n"),
414 i1->password_history_length);
415
416 return 1;
417 }
418
419 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
420 TALLOC_CTX *mem_ctx,
421 struct rpc_sh_ctx *ctx,
422 struct rpc_pipe_client *pipe_hnd,
423 int argc, const char **argv)
424 {
425 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
426 account_set_pwhistlen);
427 }
428
429 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
430 struct rpc_sh_ctx *ctx)
431 {
432 static struct rpc_sh_cmd cmds[9] = {
433 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
434 N_("Show current account policy settings") },
435 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
436 N_("Set bad password count before lockout") },
437 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
438 N_("Set account lockout duration") },
439 { "resetduration", NULL, &ndr_table_samr.syntax_id,
440 rpc_sh_acct_set_resetduration,
441 N_("Set bad password count reset duration") },
442 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
443 N_("Set minimum password age") },
444 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
445 N_("Set maximum password age") },
446 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
447 N_("Set minimum password length") },
448 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
449 N_("Set the password history length") },
450 { NULL, NULL, 0, NULL, NULL }
451 };
452
453 return cmds;
454 }
WIP