2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "utils/net.h"
23 * Do something with the account policies. Read them all, run a function on
24 * them and possibly write them back. "fn" has to return the container index
25 * it has modified, it can return 0 for no change.
28 static NTSTATUS
rpc_sh_acct_do(struct net_context
*c
,
30 struct rpc_sh_ctx
*ctx
,
31 struct rpc_pipe_client
*pipe_hnd
,
32 int argc
, const char **argv
,
33 int (*fn
)(struct net_context
*c
,
35 struct rpc_sh_ctx
*ctx
,
36 struct samr_DomInfo1
*i1
,
37 struct samr_DomInfo3
*i3
,
38 struct samr_DomInfo12
*i12
,
39 int argc
, const char **argv
))
41 POLICY_HND connect_pol
, domain_pol
;
42 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
43 union samr_DomainInfo
*info1
= NULL
;
44 union samr_DomainInfo
*info3
= NULL
;
45 union samr_DomainInfo
*info12
= NULL
;
48 ZERO_STRUCT(connect_pol
);
49 ZERO_STRUCT(domain_pol
);
51 /* Get sam policy handle */
53 result
= rpccli_samr_Connect2(pipe_hnd
, mem_ctx
,
55 MAXIMUM_ALLOWED_ACCESS
,
57 if (!NT_STATUS_IS_OK(result
)) {
61 /* Get domain policy handle */
63 result
= rpccli_samr_OpenDomain(pipe_hnd
, mem_ctx
,
65 MAXIMUM_ALLOWED_ACCESS
,
68 if (!NT_STATUS_IS_OK(result
)) {
72 result
= rpccli_samr_QueryDomainInfo(pipe_hnd
, mem_ctx
,
77 if (!NT_STATUS_IS_OK(result
)) {
78 d_fprintf(stderr
, "query_domain_info level 1 failed: %s\n",
83 result
= rpccli_samr_QueryDomainInfo(pipe_hnd
, mem_ctx
,
88 if (!NT_STATUS_IS_OK(result
)) {
89 d_fprintf(stderr
, "query_domain_info level 3 failed: %s\n",
94 result
= rpccli_samr_QueryDomainInfo(pipe_hnd
, mem_ctx
,
99 if (!NT_STATUS_IS_OK(result
)) {
100 d_fprintf(stderr
, "query_domain_info level 12 failed: %s\n",
105 store
= fn(c
, mem_ctx
, ctx
, &info1
->info1
, &info3
->info3
,
106 &info12
->info12
, argc
, argv
);
109 /* Don't save anything */
115 result
= rpccli_samr_SetDomainInfo(pipe_hnd
, mem_ctx
,
121 result
= rpccli_samr_SetDomainInfo(pipe_hnd
, mem_ctx
,
127 result
= rpccli_samr_SetDomainInfo(pipe_hnd
, mem_ctx
,
133 d_fprintf(stderr
, "Got unexpected info level %d\n", store
);
134 result
= NT_STATUS_INTERNAL_ERROR
;
139 if (is_valid_policy_hnd(&domain_pol
)) {
140 rpccli_samr_Close(pipe_hnd
, mem_ctx
, &domain_pol
);
142 if (is_valid_policy_hnd(&connect_pol
)) {
143 rpccli_samr_Close(pipe_hnd
, mem_ctx
, &connect_pol
);
149 static int account_show(struct net_context
*c
,
150 TALLOC_CTX
*mem_ctx
, struct rpc_sh_ctx
*ctx
,
151 struct samr_DomInfo1
*i1
,
152 struct samr_DomInfo3
*i3
,
153 struct samr_DomInfo12
*i12
,
154 int argc
, const char **argv
)
157 d_fprintf(stderr
, "usage: %s\n", ctx
->whoami
);
161 d_printf("Minimum password length: %d\n", i1
->min_password_length
);
162 d_printf("Password history length: %d\n", i1
->password_history_length
);
164 d_printf("Minimum password age: ");
165 if (!nt_time_is_zero((NTTIME
*)&i1
->min_password_age
)) {
166 time_t t
= nt_time_to_unix_abs((NTTIME
*)&i1
->min_password_age
);
167 d_printf("%d seconds\n", (int)t
);
169 d_printf("not set\n");
172 d_printf("Maximum password age: ");
173 if (nt_time_is_set((NTTIME
*)&i1
->max_password_age
)) {
174 time_t t
= nt_time_to_unix_abs((NTTIME
*)&i1
->max_password_age
);
175 d_printf("%d seconds\n", (int)t
);
177 d_printf("not set\n");
180 d_printf("Bad logon attempts: %d\n", i12
->lockout_threshold
);
182 if (i12
->lockout_threshold
!= 0) {
184 d_printf("Account lockout duration: ");
185 if (nt_time_is_set(&i12
->lockout_duration
)) {
186 time_t t
= nt_time_to_unix_abs(&i12
->lockout_duration
);
187 d_printf("%d seconds\n", (int)t
);
189 d_printf("not set\n");
192 d_printf("Bad password count reset after: ");
193 if (nt_time_is_set(&i12
->lockout_window
)) {
194 time_t t
= nt_time_to_unix_abs(&i12
->lockout_window
);
195 d_printf("%d seconds\n", (int)t
);
197 d_printf("not set\n");
201 d_printf("Disconnect users when logon hours expire: %s\n",
202 nt_time_is_zero(&i3
->force_logoff_time
) ? "yes" : "no");
204 d_printf("User must logon to change password: %s\n",
205 (i1
->password_properties
& 0x2) ? "yes" : "no");
207 return 0; /* Don't save */
210 static NTSTATUS
rpc_sh_acct_pol_show(struct net_context
*c
,
212 struct rpc_sh_ctx
*ctx
,
213 struct rpc_pipe_client
*pipe_hnd
,
214 int argc
, const char **argv
) {
215 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
219 static int account_set_badpw(struct net_context
*c
,
220 TALLOC_CTX
*mem_ctx
, struct rpc_sh_ctx
*ctx
,
221 struct samr_DomInfo1
*i1
,
222 struct samr_DomInfo3
*i3
,
223 struct samr_DomInfo12
*i12
,
224 int argc
, const char **argv
)
227 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
231 i12
->lockout_threshold
= atoi(argv
[0]);
232 d_printf("Setting bad password count to %d\n",
233 i12
->lockout_threshold
);
238 static NTSTATUS
rpc_sh_acct_set_badpw(struct net_context
*c
,
240 struct rpc_sh_ctx
*ctx
,
241 struct rpc_pipe_client
*pipe_hnd
,
242 int argc
, const char **argv
)
244 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
248 static int account_set_lockduration(struct net_context
*c
,
250 struct rpc_sh_ctx
*ctx
,
251 struct samr_DomInfo1
*i1
,
252 struct samr_DomInfo3
*i3
,
253 struct samr_DomInfo12
*i12
,
254 int argc
, const char **argv
)
257 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
261 unix_to_nt_time_abs(&i12
->lockout_duration
, atoi(argv
[0]));
262 d_printf("Setting lockout duration to %d seconds\n",
263 (int)nt_time_to_unix_abs(&i12
->lockout_duration
));
268 static NTSTATUS
rpc_sh_acct_set_lockduration(struct net_context
*c
,
270 struct rpc_sh_ctx
*ctx
,
271 struct rpc_pipe_client
*pipe_hnd
,
272 int argc
, const char **argv
)
274 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
275 account_set_lockduration
);
278 static int account_set_resetduration(struct net_context
*c
,
280 struct rpc_sh_ctx
*ctx
,
281 struct samr_DomInfo1
*i1
,
282 struct samr_DomInfo3
*i3
,
283 struct samr_DomInfo12
*i12
,
284 int argc
, const char **argv
)
287 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
291 unix_to_nt_time_abs(&i12
->lockout_window
, atoi(argv
[0]));
292 d_printf("Setting bad password reset duration to %d seconds\n",
293 (int)nt_time_to_unix_abs(&i12
->lockout_window
));
298 static NTSTATUS
rpc_sh_acct_set_resetduration(struct net_context
*c
,
300 struct rpc_sh_ctx
*ctx
,
301 struct rpc_pipe_client
*pipe_hnd
,
302 int argc
, const char **argv
)
304 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
305 account_set_resetduration
);
308 static int account_set_minpwage(struct net_context
*c
,
310 struct rpc_sh_ctx
*ctx
,
311 struct samr_DomInfo1
*i1
,
312 struct samr_DomInfo3
*i3
,
313 struct samr_DomInfo12
*i12
,
314 int argc
, const char **argv
)
317 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
321 unix_to_nt_time_abs((NTTIME
*)&i1
->min_password_age
, atoi(argv
[0]));
322 d_printf("Setting minimum password age to %d seconds\n",
323 (int)nt_time_to_unix_abs((NTTIME
*)&i1
->min_password_age
));
328 static NTSTATUS
rpc_sh_acct_set_minpwage(struct net_context
*c
,
330 struct rpc_sh_ctx
*ctx
,
331 struct rpc_pipe_client
*pipe_hnd
,
332 int argc
, const char **argv
)
334 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
335 account_set_minpwage
);
338 static int account_set_maxpwage(struct net_context
*c
,
340 struct rpc_sh_ctx
*ctx
,
341 struct samr_DomInfo1
*i1
,
342 struct samr_DomInfo3
*i3
,
343 struct samr_DomInfo12
*i12
,
344 int argc
, const char **argv
)
347 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
351 unix_to_nt_time_abs((NTTIME
*)&i1
->max_password_age
, atoi(argv
[0]));
352 d_printf("Setting maximum password age to %d seconds\n",
353 (int)nt_time_to_unix_abs((NTTIME
*)&i1
->max_password_age
));
358 static NTSTATUS
rpc_sh_acct_set_maxpwage(struct net_context
*c
,
360 struct rpc_sh_ctx
*ctx
,
361 struct rpc_pipe_client
*pipe_hnd
,
362 int argc
, const char **argv
)
364 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
365 account_set_maxpwage
);
368 static int account_set_minpwlen(struct net_context
*c
,
370 struct rpc_sh_ctx
*ctx
,
371 struct samr_DomInfo1
*i1
,
372 struct samr_DomInfo3
*i3
,
373 struct samr_DomInfo12
*i12
,
374 int argc
, const char **argv
)
377 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
381 i1
->min_password_length
= atoi(argv
[0]);
382 d_printf("Setting minimum password length to %d\n",
383 i1
->min_password_length
);
388 static NTSTATUS
rpc_sh_acct_set_minpwlen(struct net_context
*c
,
390 struct rpc_sh_ctx
*ctx
,
391 struct rpc_pipe_client
*pipe_hnd
,
392 int argc
, const char **argv
)
394 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
395 account_set_minpwlen
);
398 static int account_set_pwhistlen(struct net_context
*c
,
400 struct rpc_sh_ctx
*ctx
,
401 struct samr_DomInfo1
*i1
,
402 struct samr_DomInfo3
*i3
,
403 struct samr_DomInfo12
*i12
,
404 int argc
, const char **argv
)
407 d_fprintf(stderr
, "usage: %s <count>\n", ctx
->whoami
);
411 i1
->password_history_length
= atoi(argv
[0]);
412 d_printf("Setting password history length to %d\n",
413 i1
->password_history_length
);
418 static NTSTATUS
rpc_sh_acct_set_pwhistlen(struct net_context
*c
,
420 struct rpc_sh_ctx
*ctx
,
421 struct rpc_pipe_client
*pipe_hnd
,
422 int argc
, const char **argv
)
424 return rpc_sh_acct_do(c
, mem_ctx
, ctx
, pipe_hnd
, argc
, argv
,
425 account_set_pwhistlen
);
428 struct rpc_sh_cmd
*net_rpc_acct_cmds(struct net_context
*c
, TALLOC_CTX
*mem_ctx
,
429 struct rpc_sh_ctx
*ctx
)
431 static struct rpc_sh_cmd cmds
[9] = {
432 { "show", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_pol_show
,
433 "Show current account policy settings" },
434 { "badpw", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_badpw
,
435 "Set bad password count before lockout" },
436 { "lockduration", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_lockduration
,
437 "Set account lockout duration" },
438 { "resetduration", NULL
, &ndr_table_samr
.syntax_id
,
439 rpc_sh_acct_set_resetduration
,
440 "Set bad password count reset duration" },
441 { "minpwage", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_minpwage
,
442 "Set minimum password age" },
443 { "maxpwage", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_maxpwage
,
444 "Set maximum password age" },
445 { "minpwlen", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_minpwlen
,
446 "Set minimum password length" },
447 { "pwhistlen", NULL
, &ndr_table_samr
.syntax_id
, rpc_sh_acct_set_pwhistlen
,
448 "Set the password history length" },
449 { NULL
, NULL
, 0, NULL
, NULL
}