2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "utils/net.h"
23 * Do something with the account policies. Read them all, run a function on
24 * them and possibly write them back. "fn" has to return the container index
25 * it has modified, it can return 0 for no change.
28 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
30 struct rpc_sh_ctx *ctx,
31 struct rpc_pipe_client *pipe_hnd,
32 int argc, const char **argv,
33 int (*fn)(struct net_context *c,
35 struct rpc_sh_ctx *ctx,
36 struct samr_DomInfo1 *i1,
37 struct samr_DomInfo3 *i3,
38 struct samr_DomInfo12 *i12,
39 int argc, const char **argv))
41 struct policy_handle connect_pol, domain_pol;
42 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
43 union samr_DomainInfo *info1 = NULL;
44 union samr_DomainInfo *info3 = NULL;
45 union samr_DomainInfo *info12 = NULL;
48 ZERO_STRUCT(connect_pol);
49 ZERO_STRUCT(domain_pol);
51 /* Get sam policy handle */
53 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
55 MAXIMUM_ALLOWED_ACCESS,
57 if (!NT_STATUS_IS_OK(result)) {
61 /* Get domain policy handle */
63 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
65 MAXIMUM_ALLOWED_ACCESS,
68 if (!NT_STATUS_IS_OK(result)) {
72 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
77 if (!NT_STATUS_IS_OK(result)) {
78 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
83 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
88 if (!NT_STATUS_IS_OK(result)) {
89 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
94 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
99 if (!NT_STATUS_IS_OK(result)) {
100 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
105 store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
106 &info12->info12, argc, argv);
109 /* Don't save anything */
115 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
121 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
127 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
133 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
134 result = NT_STATUS_INTERNAL_ERROR;
139 if (is_valid_policy_hnd(&domain_pol)) {
140 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
142 if (is_valid_policy_hnd(&connect_pol)) {
143 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
149 static int account_show(struct net_context *c,
150 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
151 struct samr_DomInfo1 *i1,
152 struct samr_DomInfo3 *i3,
153 struct samr_DomInfo12 *i12,
154 int argc, const char **argv)
157 d_fprintf(stderr, _("usage: %s\n"), ctx->whoami);
161 d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
162 d_printf(_("Password history length: %d\n"),
163 i1->password_history_length);
165 d_printf(_("Minimum password age: "));
166 if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
167 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
168 d_printf(_("%d seconds\n"), (int)t);
170 d_printf(_("not set\n"));
173 d_printf(_("Maximum password age: "));
174 if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
175 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
176 d_printf(_("%d seconds\n"), (int)t);
178 d_printf(_("not set\n"));
181 d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
183 if (i12->lockout_threshold != 0) {
185 d_printf(_("Account lockout duration: "));
186 if (nt_time_is_set(&i12->lockout_duration)) {
187 time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
188 d_printf(_("%d seconds\n"), (int)t);
190 d_printf(_("not set\n"));
193 d_printf(_("Bad password count reset after: "));
194 if (nt_time_is_set(&i12->lockout_window)) {
195 time_t t = nt_time_to_unix_abs(&i12->lockout_window);
196 d_printf(_("%d seconds\n"), (int)t);
198 d_printf(_("not set\n"));
202 d_printf(_("Disconnect users when logon hours expire: %s\n"),
203 nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
205 d_printf(_("User must logon to change password: %s\n"),
206 (i1->password_properties & 0x2) ? _("yes") : _("no"));
208 return 0; /* Don't save */
211 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
213 struct rpc_sh_ctx *ctx,
214 struct rpc_pipe_client *pipe_hnd,
215 int argc, const char **argv) {
216 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
220 static int account_set_badpw(struct net_context *c,
221 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
222 struct samr_DomInfo1 *i1,
223 struct samr_DomInfo3 *i3,
224 struct samr_DomInfo12 *i12,
225 int argc, const char **argv)
228 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
232 i12->lockout_threshold = atoi(argv[0]);
233 d_printf(_("Setting bad password count to %d\n"),
234 i12->lockout_threshold);
239 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
241 struct rpc_sh_ctx *ctx,
242 struct rpc_pipe_client *pipe_hnd,
243 int argc, const char **argv)
245 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
249 static int account_set_lockduration(struct net_context *c,
251 struct rpc_sh_ctx *ctx,
252 struct samr_DomInfo1 *i1,
253 struct samr_DomInfo3 *i3,
254 struct samr_DomInfo12 *i12,
255 int argc, const char **argv)
258 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
262 unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
263 d_printf(_("Setting lockout duration to %d seconds\n"),
264 (int)nt_time_to_unix_abs(&i12->lockout_duration));
269 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
271 struct rpc_sh_ctx *ctx,
272 struct rpc_pipe_client *pipe_hnd,
273 int argc, const char **argv)
275 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
276 account_set_lockduration);
279 static int account_set_resetduration(struct net_context *c,
281 struct rpc_sh_ctx *ctx,
282 struct samr_DomInfo1 *i1,
283 struct samr_DomInfo3 *i3,
284 struct samr_DomInfo12 *i12,
285 int argc, const char **argv)
288 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
292 unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
293 d_printf(_("Setting bad password reset duration to %d seconds\n"),
294 (int)nt_time_to_unix_abs(&i12->lockout_window));
299 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
301 struct rpc_sh_ctx *ctx,
302 struct rpc_pipe_client *pipe_hnd,
303 int argc, const char **argv)
305 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
306 account_set_resetduration);
309 static int account_set_minpwage(struct net_context *c,
311 struct rpc_sh_ctx *ctx,
312 struct samr_DomInfo1 *i1,
313 struct samr_DomInfo3 *i3,
314 struct samr_DomInfo12 *i12,
315 int argc, const char **argv)
318 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
322 unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
323 d_printf(_("Setting minimum password age to %d seconds\n"),
324 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
329 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
331 struct rpc_sh_ctx *ctx,
332 struct rpc_pipe_client *pipe_hnd,
333 int argc, const char **argv)
335 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
336 account_set_minpwage);
339 static int account_set_maxpwage(struct net_context *c,
341 struct rpc_sh_ctx *ctx,
342 struct samr_DomInfo1 *i1,
343 struct samr_DomInfo3 *i3,
344 struct samr_DomInfo12 *i12,
345 int argc, const char **argv)
348 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
352 unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
353 d_printf(_("Setting maximum password age to %d seconds\n"),
354 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
359 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
361 struct rpc_sh_ctx *ctx,
362 struct rpc_pipe_client *pipe_hnd,
363 int argc, const char **argv)
365 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
366 account_set_maxpwage);
369 static int account_set_minpwlen(struct net_context *c,
371 struct rpc_sh_ctx *ctx,
372 struct samr_DomInfo1 *i1,
373 struct samr_DomInfo3 *i3,
374 struct samr_DomInfo12 *i12,
375 int argc, const char **argv)
378 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
382 i1->min_password_length = atoi(argv[0]);
383 d_printf(_("Setting minimum password length to %d\n"),
384 i1->min_password_length);
389 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
391 struct rpc_sh_ctx *ctx,
392 struct rpc_pipe_client *pipe_hnd,
393 int argc, const char **argv)
395 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
396 account_set_minpwlen);
399 static int account_set_pwhistlen(struct net_context *c,
401 struct rpc_sh_ctx *ctx,
402 struct samr_DomInfo1 *i1,
403 struct samr_DomInfo3 *i3,
404 struct samr_DomInfo12 *i12,
405 int argc, const char **argv)
408 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
412 i1->password_history_length = atoi(argv[0]);
413 d_printf(_("Setting password history length to %d\n"),
414 i1->password_history_length);
419 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
421 struct rpc_sh_ctx *ctx,
422 struct rpc_pipe_client *pipe_hnd,
423 int argc, const char **argv)
425 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
426 account_set_pwhistlen);
429 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
430 struct rpc_sh_ctx *ctx)
432 static struct rpc_sh_cmd cmds[9] = {
433 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
434 N_("Show current account policy settings") },
435 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
436 N_("Set bad password count before lockout") },
437 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
438 N_("Set account lockout duration") },
439 { "resetduration", NULL, &ndr_table_samr.syntax_id,
440 rpc_sh_acct_set_resetduration,
441 N_("Set bad password count reset duration") },
442 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
443 N_("Set minimum password age") },
444 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
445 N_("Set maximum password age") },
446 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
447 N_("Set minimum password length") },
448 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
449 N_("Set the password history length") },
450 { NULL, NULL, 0, NULL, NULL }