source3/utils/net_rpc_sh_acct.c

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2006 Volker Lendecke (vl@samba.org)
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 #include "includes.h"
  20 #include "utils/net.h"
  21
  22 /*
  23  * Do something with the account policies. Read them all, run a function on
  24  * them and possibly write them back. "fn" has to return the container index
  25  * it has modified, it can return 0 for no change.
  26  */
  27
  28 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
  29                                TALLOC_CTX *mem_ctx,
  30                                struct rpc_sh_ctx *ctx,
  31                                struct rpc_pipe_client *pipe_hnd,
  32                                int argc, const char **argv,
  33                                int (*fn)(struct net_context *c,
  34                                           TALLOC_CTX *mem_ctx,
  35                                           struct rpc_sh_ctx *ctx,
  36                                           struct samr_DomInfo1 *i1,
  37                                           struct samr_DomInfo3 *i3,
  38                                           struct samr_DomInfo12 *i12,
  39                                           int argc, const char **argv))
  40 {
  41         struct policy_handle connect_pol, domain_pol;
  42         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  43         union samr_DomainInfo *info1 = NULL;
  44         union samr_DomainInfo *info3 = NULL;
  45         union samr_DomainInfo *info12 = NULL;
  46         int store;
  47
  48         ZERO_STRUCT(connect_pol);
  49         ZERO_STRUCT(domain_pol);
  50
  51         /* Get sam policy handle */
  52
  53         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
  54                                       pipe_hnd->desthost,
  55                                       MAXIMUM_ALLOWED_ACCESS,
  56                                       &connect_pol);
  57         if (!NT_STATUS_IS_OK(result)) {
  58                 goto done;
  59         }
  60
  61         /* Get domain policy handle */
  62
  63         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
  64                                         &connect_pol,
  65                                         MAXIMUM_ALLOWED_ACCESS,
  66                                         ctx->domain_sid,
  67                                         &domain_pol);
  68         if (!NT_STATUS_IS_OK(result)) {
  69                 goto done;
  70         }
  71
  72         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
  73                                              &domain_pol,
  74                                              1,
  75                                              &info1);
  76
  77         if (!NT_STATUS_IS_OK(result)) {
  78                 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
  79                           nt_errstr(result));
  80                 goto done;
  81         }
  82
  83         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
  84                                              &domain_pol,
  85                                              3,
  86                                              &info3);
  87
  88         if (!NT_STATUS_IS_OK(result)) {
  89                 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
  90                           nt_errstr(result));
  91                 goto done;
  92         }
  93
  94         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
  95                                              &domain_pol,
  96                                              12,
  97                                              &info12);
  98
  99         if (!NT_STATUS_IS_OK(result)) {
 100                 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
 101                           nt_errstr(result));
 102                 goto done;
 103         }
 104
 105         store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
 106                    &info12->info12, argc, argv);
 107
 108         if (store <= 0) {
 109                 /* Don't save anything */
 110                 goto done;
 111         }
 112
 113         switch (store) {
 114         case 1:
 115                 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
 116                                                    &domain_pol,
 117                                                    1,
 118                                                    info1);
 119                 break;
 120         case 3:
 121                 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
 122                                                    &domain_pol,
 123                                                    3,
 124                                                    info3);
 125                 break;
 126         case 12:
 127                 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
 128                                                    &domain_pol,
 129                                                    12,
 130                                                    info12);
 131                 break;
 132         default:
 133                 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
 134                 result = NT_STATUS_INTERNAL_ERROR;
 135                 goto done;
 136         }
 137
 138  done:
 139         if (is_valid_policy_hnd(&domain_pol)) {
 140                 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
 141         }
 142         if (is_valid_policy_hnd(&connect_pol)) {
 143                 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 144         }
 145
 146         return result;
 147 }
 148
 149 static int account_show(struct net_context *c,
 150                         TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 151                         struct samr_DomInfo1 *i1,
 152                         struct samr_DomInfo3 *i3,
 153                         struct samr_DomInfo12 *i12,
 154                         int argc, const char **argv)
 155 {
 156         if (argc != 0) {
 157                 d_fprintf(stderr, _("usage: %s\n"), ctx->whoami);
 158                 return -1;
 159         }
 160
 161         d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
 162         d_printf(_("Password history length: %d\n"),
 163                  i1->password_history_length);
 164
 165         d_printf(_("Minimum password age: "));
 166         if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
 167                 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
 168                 d_printf(_("%d seconds\n"), (int)t);
 169         } else {
 170                 d_printf(_("not set\n"));
 171         }
 172
 173         d_printf(_("Maximum password age: "));
 174         if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
 175                 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
 176                 d_printf(_("%d seconds\n"), (int)t);
 177         } else {
 178                 d_printf(_("not set\n"));
 179         }
 180
 181         d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
 182
 183         if (i12->lockout_threshold != 0) {
 184
 185                 d_printf(_("Account lockout duration: "));
 186                 if (nt_time_is_set(&i12->lockout_duration)) {
 187                         time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
 188                         d_printf(_("%d seconds\n"), (int)t);
 189                 } else {
 190                         d_printf(_("not set\n"));
 191                 }
 192
 193                 d_printf(_("Bad password count reset after: "));
 194                 if (nt_time_is_set(&i12->lockout_window)) {
 195                         time_t t = nt_time_to_unix_abs(&i12->lockout_window);
 196                         d_printf(_("%d seconds\n"), (int)t);
 197                 } else {
 198                         d_printf(_("not set\n"));
 199                 }
 200         }
 201
 202         d_printf(_("Disconnect users when logon hours expire: %s\n"),
 203                  nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
 204
 205         d_printf(_("User must logon to change password: %s\n"),
 206                  (i1->password_properties & 0x2) ? _("yes") : _("no"));
 207
 208         return 0;               /* Don't save */
 209 }
 210
 211 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
 212                                      TALLOC_CTX *mem_ctx,
 213                                      struct rpc_sh_ctx *ctx,
 214                                      struct rpc_pipe_client *pipe_hnd,
 215                                      int argc, const char **argv) {
 216         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 217                               account_show);
 218 }
 219
 220 static int account_set_badpw(struct net_context *c,
 221                              TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 222                              struct samr_DomInfo1 *i1,
 223                              struct samr_DomInfo3 *i3,
 224                              struct samr_DomInfo12 *i12,
 225                              int argc, const char **argv)
 226 {
 227         if (argc != 1) {
 228                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 229                 return -1;
 230         }
 231
 232         i12->lockout_threshold = atoi(argv[0]);
 233         d_printf(_("Setting bad password count to %d\n"),
 234                  i12->lockout_threshold);
 235
 236         return 12;
 237 }
 238
 239 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
 240                                       TALLOC_CTX *mem_ctx,
 241                                       struct rpc_sh_ctx *ctx,
 242                                       struct rpc_pipe_client *pipe_hnd,
 243                                       int argc, const char **argv)
 244 {
 245         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 246                               account_set_badpw);
 247 }
 248
 249 static int account_set_lockduration(struct net_context *c,
 250                                     TALLOC_CTX *mem_ctx,
 251                                     struct rpc_sh_ctx *ctx,
 252                                     struct samr_DomInfo1 *i1,
 253                                     struct samr_DomInfo3 *i3,
 254                                     struct samr_DomInfo12 *i12,
 255                                     int argc, const char **argv)
 256 {
 257         if (argc != 1) {
 258                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 259                 return -1;
 260         }
 261
 262         unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
 263         d_printf(_("Setting lockout duration to %d seconds\n"),
 264                  (int)nt_time_to_unix_abs(&i12->lockout_duration));
 265
 266         return 12;
 267 }
 268
 269 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
 270                                              TALLOC_CTX *mem_ctx,
 271                                              struct rpc_sh_ctx *ctx,
 272                                              struct rpc_pipe_client *pipe_hnd,
 273                                              int argc, const char **argv)
 274 {
 275         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 276                               account_set_lockduration);
 277 }
 278
 279 static int account_set_resetduration(struct net_context *c,
 280                                      TALLOC_CTX *mem_ctx,
 281                                      struct rpc_sh_ctx *ctx,
 282                                      struct samr_DomInfo1 *i1,
 283                                      struct samr_DomInfo3 *i3,
 284                                      struct samr_DomInfo12 *i12,
 285                                      int argc, const char **argv)
 286 {
 287         if (argc != 1) {
 288                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 289                 return -1;
 290         }
 291
 292         unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
 293         d_printf(_("Setting bad password reset duration to %d seconds\n"),
 294                  (int)nt_time_to_unix_abs(&i12->lockout_window));
 295
 296         return 12;
 297 }
 298
 299 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
 300                                               TALLOC_CTX *mem_ctx,
 301                                               struct rpc_sh_ctx *ctx,
 302                                               struct rpc_pipe_client *pipe_hnd,
 303                                               int argc, const char **argv)
 304 {
 305         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 306                               account_set_resetduration);
 307 }
 308
 309 static int account_set_minpwage(struct net_context *c,
 310                                 TALLOC_CTX *mem_ctx,
 311                                 struct rpc_sh_ctx *ctx,
 312                                 struct samr_DomInfo1 *i1,
 313                                 struct samr_DomInfo3 *i3,
 314                                 struct samr_DomInfo12 *i12,
 315                                 int argc, const char **argv)
 316 {
 317         if (argc != 1) {
 318                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 319                 return -1;
 320         }
 321
 322         unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
 323         d_printf(_("Setting minimum password age to %d seconds\n"),
 324                  (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
 325
 326         return 1;
 327 }
 328
 329 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
 330                                          TALLOC_CTX *mem_ctx,
 331                                          struct rpc_sh_ctx *ctx,
 332                                          struct rpc_pipe_client *pipe_hnd,
 333                                          int argc, const char **argv)
 334 {
 335         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 336                               account_set_minpwage);
 337 }
 338
 339 static int account_set_maxpwage(struct net_context *c,
 340                                 TALLOC_CTX *mem_ctx,
 341                                 struct rpc_sh_ctx *ctx,
 342                                 struct samr_DomInfo1 *i1,
 343                                 struct samr_DomInfo3 *i3,
 344                                 struct samr_DomInfo12 *i12,
 345                                 int argc, const char **argv)
 346 {
 347         if (argc != 1) {
 348                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 349                 return -1;
 350         }
 351
 352         unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
 353         d_printf(_("Setting maximum password age to %d seconds\n"),
 354                  (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
 355
 356         return 1;
 357 }
 358
 359 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
 360                                          TALLOC_CTX *mem_ctx,
 361                                          struct rpc_sh_ctx *ctx,
 362                                          struct rpc_pipe_client *pipe_hnd,
 363                                          int argc, const char **argv)
 364 {
 365         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 366                               account_set_maxpwage);
 367 }
 368
 369 static int account_set_minpwlen(struct net_context *c,
 370                                 TALLOC_CTX *mem_ctx,
 371                                 struct rpc_sh_ctx *ctx,
 372                                 struct samr_DomInfo1 *i1,
 373                                 struct samr_DomInfo3 *i3,
 374                                 struct samr_DomInfo12 *i12,
 375                                 int argc, const char **argv)
 376 {
 377         if (argc != 1) {
 378                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 379                 return -1;
 380         }
 381
 382         i1->min_password_length = atoi(argv[0]);
 383         d_printf(_("Setting minimum password length to %d\n"),
 384                  i1->min_password_length);
 385
 386         return 1;
 387 }
 388
 389 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
 390                                          TALLOC_CTX *mem_ctx,
 391                                          struct rpc_sh_ctx *ctx,
 392                                          struct rpc_pipe_client *pipe_hnd,
 393                                          int argc, const char **argv)
 394 {
 395         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 396                               account_set_minpwlen);
 397 }
 398
 399 static int account_set_pwhistlen(struct net_context *c,
 400                                  TALLOC_CTX *mem_ctx,
 401                                  struct rpc_sh_ctx *ctx,
 402                                  struct samr_DomInfo1 *i1,
 403                                  struct samr_DomInfo3 *i3,
 404                                  struct samr_DomInfo12 *i12,
 405                                  int argc, const char **argv)
 406 {
 407         if (argc != 1) {
 408                 d_fprintf(stderr, _("usage: %s <count>\n"), ctx->whoami);
 409                 return -1;
 410         }
 411
 412         i1->password_history_length = atoi(argv[0]);
 413         d_printf(_("Setting password history length to %d\n"),
 414                  i1->password_history_length);
 415
 416         return 1;
 417 }
 418
 419 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
 420                                           TALLOC_CTX *mem_ctx,
 421                                           struct rpc_sh_ctx *ctx,
 422                                           struct rpc_pipe_client *pipe_hnd,
 423                                           int argc, const char **argv)
 424 {
 425         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
 426                               account_set_pwhistlen);
 427 }
 428
 429 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
 430                                      struct rpc_sh_ctx *ctx)
 431 {
 432         static struct rpc_sh_cmd cmds[9] = {
 433                 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
 434                   N_("Show current account policy settings") },
 435                 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
 436                   N_("Set bad password count before lockout") },
 437                 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
 438                   N_("Set account lockout duration") },
 439                 { "resetduration", NULL, &ndr_table_samr.syntax_id,
 440                   rpc_sh_acct_set_resetduration,
 441                   N_("Set bad password count reset duration") },
 442                 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
 443                   N_("Set minimum password age") },
 444                 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
 445                   N_("Set maximum password age") },
 446                 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
 447                   N_("Set minimum password length") },
 448                 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
 449                   N_("Set the password history length") },
 450                 { NULL, NULL, 0, NULL, NULL }
 451         };
 452
 453         return cmds;
 454 }