2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Volker Lendecke (vl@samba.org)
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "popt_common.h"
21 #include "utils/net.h"
22 #include "../librpc/gen_ndr/cli_samr.h"
23 #include "../libcli/security/security.h"
26 * Do something with the account policies. Read them all, run a function on
27 * them and possibly write them back. "fn" has to return the container index
28 * it has modified, it can return 0 for no change.
31 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
33 struct rpc_sh_ctx *ctx,
34 struct rpc_pipe_client *pipe_hnd,
35 int argc, const char **argv,
36 int (*fn)(struct net_context *c,
38 struct rpc_sh_ctx *ctx,
39 struct samr_DomInfo1 *i1,
40 struct samr_DomInfo3 *i3,
41 struct samr_DomInfo12 *i12,
42 int argc, const char **argv))
44 struct policy_handle connect_pol, domain_pol;
45 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
46 union samr_DomainInfo *info1 = NULL;
47 union samr_DomainInfo *info3 = NULL;
48 union samr_DomainInfo *info12 = NULL;
51 ZERO_STRUCT(connect_pol);
52 ZERO_STRUCT(domain_pol);
54 /* Get sam policy handle */
56 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
58 MAXIMUM_ALLOWED_ACCESS,
60 if (!NT_STATUS_IS_OK(result)) {
64 /* Get domain policy handle */
66 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
68 MAXIMUM_ALLOWED_ACCESS,
71 if (!NT_STATUS_IS_OK(result)) {
75 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
80 if (!NT_STATUS_IS_OK(result)) {
81 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
86 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
91 if (!NT_STATUS_IS_OK(result)) {
92 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
97 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
102 if (!NT_STATUS_IS_OK(result)) {
103 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
108 store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
109 &info12->info12, argc, argv);
112 /* Don't save anything */
118 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
124 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
130 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
136 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
137 result = NT_STATUS_INTERNAL_ERROR;
142 if (is_valid_policy_hnd(&domain_pol)) {
143 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
145 if (is_valid_policy_hnd(&connect_pol)) {
146 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
152 static int account_show(struct net_context *c,
153 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
154 struct samr_DomInfo1 *i1,
155 struct samr_DomInfo3 *i3,
156 struct samr_DomInfo12 *i12,
157 int argc, const char **argv)
160 d_fprintf(stderr, "%s %s\n", _("Usage:"), ctx->whoami);
164 d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
165 d_printf(_("Password history length: %d\n"),
166 i1->password_history_length);
168 d_printf(_("Minimum password age: "));
169 if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
170 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
171 d_printf(_("%d seconds\n"), (int)t);
173 d_printf(_("not set\n"));
176 d_printf(_("Maximum password age: "));
177 if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
178 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
179 d_printf(_("%d seconds\n"), (int)t);
181 d_printf(_("not set\n"));
184 d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
186 if (i12->lockout_threshold != 0) {
188 d_printf(_("Account lockout duration: "));
189 if (nt_time_is_set(&i12->lockout_duration)) {
190 time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
191 d_printf(_("%d seconds\n"), (int)t);
193 d_printf(_("not set\n"));
196 d_printf(_("Bad password count reset after: "));
197 if (nt_time_is_set(&i12->lockout_window)) {
198 time_t t = nt_time_to_unix_abs(&i12->lockout_window);
199 d_printf(_("%d seconds\n"), (int)t);
201 d_printf(_("not set\n"));
205 d_printf(_("Disconnect users when logon hours expire: %s\n"),
206 nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
208 d_printf(_("User must logon to change password: %s\n"),
209 (i1->password_properties & 0x2) ? _("yes") : _("no"));
211 return 0; /* Don't save */
214 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
216 struct rpc_sh_ctx *ctx,
217 struct rpc_pipe_client *pipe_hnd,
218 int argc, const char **argv) {
219 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
223 static int account_set_badpw(struct net_context *c,
224 TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
225 struct samr_DomInfo1 *i1,
226 struct samr_DomInfo3 *i3,
227 struct samr_DomInfo12 *i12,
228 int argc, const char **argv)
231 d_fprintf(stderr, "%s %s <count>\n", _("Usage:"), ctx->whoami);
235 i12->lockout_threshold = atoi(argv[0]);
236 d_printf(_("Setting bad password count to %d\n"),
237 i12->lockout_threshold);
242 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
244 struct rpc_sh_ctx *ctx,
245 struct rpc_pipe_client *pipe_hnd,
246 int argc, const char **argv)
248 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
252 static int account_set_lockduration(struct net_context *c,
254 struct rpc_sh_ctx *ctx,
255 struct samr_DomInfo1 *i1,
256 struct samr_DomInfo3 *i3,
257 struct samr_DomInfo12 *i12,
258 int argc, const char **argv)
261 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
265 unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
266 d_printf(_("Setting lockout duration to %d seconds\n"),
267 (int)nt_time_to_unix_abs(&i12->lockout_duration));
272 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
274 struct rpc_sh_ctx *ctx,
275 struct rpc_pipe_client *pipe_hnd,
276 int argc, const char **argv)
278 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
279 account_set_lockduration);
282 static int account_set_resetduration(struct net_context *c,
284 struct rpc_sh_ctx *ctx,
285 struct samr_DomInfo1 *i1,
286 struct samr_DomInfo3 *i3,
287 struct samr_DomInfo12 *i12,
288 int argc, const char **argv)
291 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
295 unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
296 d_printf(_("Setting bad password reset duration to %d seconds\n"),
297 (int)nt_time_to_unix_abs(&i12->lockout_window));
302 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
304 struct rpc_sh_ctx *ctx,
305 struct rpc_pipe_client *pipe_hnd,
306 int argc, const char **argv)
308 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
309 account_set_resetduration);
312 static int account_set_minpwage(struct net_context *c,
314 struct rpc_sh_ctx *ctx,
315 struct samr_DomInfo1 *i1,
316 struct samr_DomInfo3 *i3,
317 struct samr_DomInfo12 *i12,
318 int argc, const char **argv)
321 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
325 unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
326 d_printf(_("Setting minimum password age to %d seconds\n"),
327 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
332 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
334 struct rpc_sh_ctx *ctx,
335 struct rpc_pipe_client *pipe_hnd,
336 int argc, const char **argv)
338 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
339 account_set_minpwage);
342 static int account_set_maxpwage(struct net_context *c,
344 struct rpc_sh_ctx *ctx,
345 struct samr_DomInfo1 *i1,
346 struct samr_DomInfo3 *i3,
347 struct samr_DomInfo12 *i12,
348 int argc, const char **argv)
351 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
355 unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
356 d_printf(_("Setting maximum password age to %d seconds\n"),
357 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
362 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
364 struct rpc_sh_ctx *ctx,
365 struct rpc_pipe_client *pipe_hnd,
366 int argc, const char **argv)
368 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
369 account_set_maxpwage);
372 static int account_set_minpwlen(struct net_context *c,
374 struct rpc_sh_ctx *ctx,
375 struct samr_DomInfo1 *i1,
376 struct samr_DomInfo3 *i3,
377 struct samr_DomInfo12 *i12,
378 int argc, const char **argv)
381 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
385 i1->min_password_length = atoi(argv[0]);
386 d_printf(_("Setting minimum password length to %d\n"),
387 i1->min_password_length);
392 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
394 struct rpc_sh_ctx *ctx,
395 struct rpc_pipe_client *pipe_hnd,
396 int argc, const char **argv)
398 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
399 account_set_minpwlen);
402 static int account_set_pwhistlen(struct net_context *c,
404 struct rpc_sh_ctx *ctx,
405 struct samr_DomInfo1 *i1,
406 struct samr_DomInfo3 *i3,
407 struct samr_DomInfo12 *i12,
408 int argc, const char **argv)
411 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
415 i1->password_history_length = atoi(argv[0]);
416 d_printf(_("Setting password history length to %d\n"),
417 i1->password_history_length);
422 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
424 struct rpc_sh_ctx *ctx,
425 struct rpc_pipe_client *pipe_hnd,
426 int argc, const char **argv)
428 return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
429 account_set_pwhistlen);
432 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
433 struct rpc_sh_ctx *ctx)
435 static struct rpc_sh_cmd cmds[9] = {
436 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
437 N_("Show current account policy settings") },
438 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
439 N_("Set bad password count before lockout") },
440 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
441 N_("Set account lockout duration") },
442 { "resetduration", NULL, &ndr_table_samr.syntax_id,
443 rpc_sh_acct_set_resetduration,
444 N_("Set bad password count reset duration") },
445 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
446 N_("Set minimum password age") },
447 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
448 N_("Set maximum password age") },
449 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
450 N_("Set minimum password length") },
451 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
452 N_("Set the password history length") },
453 { NULL, NULL, 0, NULL, NULL }