2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "utils/net.h"
23 * Do something with the account policies. Read them all, run a function on
24 * them and possibly write them back. "fn" has to return the container index
25 * it has modified, it can return 0 for no change.
28 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
30 struct rpc_sh_ctx *ctx,
31 struct rpc_pipe_client *pipe_hnd,
32 int argc, const char **argv,
33 int (*fn)(struct net_context *c,
35 struct rpc_sh_ctx *ctx,
36 struct samr_DomInfo1 *i1,
37 struct samr_DomInfo3 *i3,
38 struct samr_DomInfo12 *i12,
39 int argc, const char **argv))
41 POLICY_HND connect_pol, domain_pol;
42 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
43 union samr_DomainInfo *info1 = NULL;
44 union samr_DomainInfo *info3 = NULL;
45 union samr_DomainInfo *info12 = NULL;
48 ZERO_STRUCT(connect_pol);
49 ZERO_STRUCT(domain_pol);
51 /* Get sam policy handle */
53 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
55 MAXIMUM_ALLOWED_ACCESS,
57 if (!NT_STATUS_IS_OK(result)) {
61 /* Get domain policy handle */
63 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
65 MAXIMUM_ALLOWED_ACCESS,
68 if (!NT_STATUS_IS_OK(result)) {
72 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
77 if (!NT_STATUS_IS_OK(result)) {
78 d_fprintf(stderr, "query_domain_info level 1 failed: %s\n",
83 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
88 if (!NT_STATUS_IS_OK(result)) {
89 d_fprintf(stderr, "query_domain_info level 3 failed: %s\n",
94 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
99 if (!NT_STATUS_IS_OK(result)) {
100 d_fprintf(stderr, "query_domain_info level 12 failed: %s\n",
105 store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
106 &info12->info12, argc, argv);
109 /* Don't save anything */
115 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
121 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
127 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
133 d_fprintf(stderr, "Got unexpected info level %d\n", store);
134 result = NT_STATUS_INTERNAL_ERROR;
139 if (is_valid_policy_hnd(&domain_pol)) {
140 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
142 if (is_valid_policy_hnd(&connect_pol)) {
143 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
149 static int account_show(struct net_context *c,
150 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
151 struct samr_DomInfo1 *i1,
152 struct samr_DomInfo3 *i3,
153 struct samr_DomInfo12 *i12,
154 int argc, const char **argv)
157 d_fprintf(stderr, "usage: %s\n", ctx->whoami);
161 d_printf("Minimum password length: %d\n", i1->min_password_length);
162 d_printf("Password history length: %d\n", i1->password_history_length);
164 d_printf("Minimum password age: ");
165 if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
166 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
167 d_printf("%d seconds\n", (int)t);
169 d_printf("not set\n");
172 d_printf("Maximum password age: ");
173 if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
174 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
175 d_printf("%d seconds\n", (int)t);
177 d_printf("not set\n");
180 d_printf("Bad logon attempts: %d\n", i12->lockout_threshold);
182 if (i12->lockout_threshold != 0) {
184 d_printf("Account lockout duration: ");
185 if (nt_time_is_set(&i12->lockout_duration)) {
186 time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
187 d_printf("%d seconds\n", (int)t);
189 d_printf("not set\n");
192 d_printf("Bad password count reset after: ");
193 if (nt_time_is_set(&i12->lockout_window)) {
194 time_t t = nt_time_to_unix_abs(&i12->lockout_window);
195 d_printf("%d seconds\n", (int)t);
197 d_printf("not set\n");
201 d_printf("Disconnect users when logon hours expire: %s\n",
202 nt_time_is_zero(&i3->force_logoff_time) ? "yes" : "no");
204 d_printf("User must logon to change password: %s\n",
205 (i1->password_properties & 0x2) ? "yes" : "no");
207 return 0; /* Don't save */
210 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
212 struct rpc_sh_ctx *ctx,
213 struct rpc_pipe_client *pipe_hnd,
214 int argc, const char **argv) {
215 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
219 static int account_set_badpw(struct net_context *c,
220 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
221 struct samr_DomInfo1 *i1,
222 struct samr_DomInfo3 *i3,
223 struct samr_DomInfo12 *i12,
224 int argc, const char **argv)
227 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
231 i12->lockout_threshold = atoi(argv[0]);
232 d_printf("Setting bad password count to %d\n",
233 i12->lockout_threshold);
238 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
240 struct rpc_sh_ctx *ctx,
241 struct rpc_pipe_client *pipe_hnd,
242 int argc, const char **argv)
244 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
248 static int account_set_lockduration(struct net_context *c,
250 struct rpc_sh_ctx *ctx,
251 struct samr_DomInfo1 *i1,
252 struct samr_DomInfo3 *i3,
253 struct samr_DomInfo12 *i12,
254 int argc, const char **argv)
257 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
261 unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
262 d_printf("Setting lockout duration to %d seconds\n",
263 (int)nt_time_to_unix_abs(&i12->lockout_duration));
268 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
270 struct rpc_sh_ctx *ctx,
271 struct rpc_pipe_client *pipe_hnd,
272 int argc, const char **argv)
274 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
275 account_set_lockduration);
278 static int account_set_resetduration(struct net_context *c,
280 struct rpc_sh_ctx *ctx,
281 struct samr_DomInfo1 *i1,
282 struct samr_DomInfo3 *i3,
283 struct samr_DomInfo12 *i12,
284 int argc, const char **argv)
287 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
291 unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
292 d_printf("Setting bad password reset duration to %d seconds\n",
293 (int)nt_time_to_unix_abs(&i12->lockout_window));
298 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
300 struct rpc_sh_ctx *ctx,
301 struct rpc_pipe_client *pipe_hnd,
302 int argc, const char **argv)
304 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
305 account_set_resetduration);
308 static int account_set_minpwage(struct net_context *c,
310 struct rpc_sh_ctx *ctx,
311 struct samr_DomInfo1 *i1,
312 struct samr_DomInfo3 *i3,
313 struct samr_DomInfo12 *i12,
314 int argc, const char **argv)
317 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
321 unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
322 d_printf("Setting minimum password age to %d seconds\n",
323 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
328 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
330 struct rpc_sh_ctx *ctx,
331 struct rpc_pipe_client *pipe_hnd,
332 int argc, const char **argv)
334 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
335 account_set_minpwage);
338 static int account_set_maxpwage(struct net_context *c,
340 struct rpc_sh_ctx *ctx,
341 struct samr_DomInfo1 *i1,
342 struct samr_DomInfo3 *i3,
343 struct samr_DomInfo12 *i12,
344 int argc, const char **argv)
347 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
351 unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
352 d_printf("Setting maximum password age to %d seconds\n",
353 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
358 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
360 struct rpc_sh_ctx *ctx,
361 struct rpc_pipe_client *pipe_hnd,
362 int argc, const char **argv)
364 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
365 account_set_maxpwage);
368 static int account_set_minpwlen(struct net_context *c,
370 struct rpc_sh_ctx *ctx,
371 struct samr_DomInfo1 *i1,
372 struct samr_DomInfo3 *i3,
373 struct samr_DomInfo12 *i12,
374 int argc, const char **argv)
377 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
381 i1->min_password_length = atoi(argv[0]);
382 d_printf("Setting minimum password length to %d\n",
383 i1->min_password_length);
388 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
390 struct rpc_sh_ctx *ctx,
391 struct rpc_pipe_client *pipe_hnd,
392 int argc, const char **argv)
394 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
395 account_set_minpwlen);
398 static int account_set_pwhistlen(struct net_context *c,
400 struct rpc_sh_ctx *ctx,
401 struct samr_DomInfo1 *i1,
402 struct samr_DomInfo3 *i3,
403 struct samr_DomInfo12 *i12,
404 int argc, const char **argv)
407 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
411 i1->password_history_length = atoi(argv[0]);
412 d_printf("Setting password history length to %d\n",
413 i1->password_history_length);
418 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
420 struct rpc_sh_ctx *ctx,
421 struct rpc_pipe_client *pipe_hnd,
422 int argc, const char **argv)
424 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
425 account_set_pwhistlen);
428 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
429 struct rpc_sh_ctx *ctx)
431 static struct rpc_sh_cmd cmds[9] = {
432 { "show", NULL, PI_SAMR, rpc_sh_acct_pol_show,
433 "Show current account policy settings" },
434 { "badpw", NULL, PI_SAMR, rpc_sh_acct_set_badpw,
435 "Set bad password count before lockout" },
436 { "lockduration", NULL, PI_SAMR, rpc_sh_acct_set_lockduration,
437 "Set account lockout duration" },
438 { "resetduration", NULL, PI_SAMR,
439 rpc_sh_acct_set_resetduration,
440 "Set bad password count reset duration" },
441 { "minpwage", NULL, PI_SAMR, rpc_sh_acct_set_minpwage,
442 "Set minimum password age" },
443 { "maxpwage", NULL, PI_SAMR, rpc_sh_acct_set_maxpwage,
444 "Set maximum password age" },
445 { "minpwlen", NULL, PI_SAMR, rpc_sh_acct_set_minpwlen,
446 "Set minimum password length" },
447 { "pwhistlen", NULL, PI_SAMR, rpc_sh_acct_set_pwhistlen,
448 "Set the password history length" },
449 { NULL, NULL, 0, NULL, NULL }