source3/utils/net_rpc_sh_acct.c

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2006 Volker Lendecke (vl@samba.org)
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 2 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program; if not, write to the Free Software
  18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
  19
  20 #include "includes.h"
  21 #include "utils/net.h"
  22
  23 /*
  24  * Do something with the account policies. Read them all, run a function on
  25  * them and possibly write them back. "fn" has to return the container index
  26  * it has modified, it can return 0 for no change.
  27  */
  28
  29 static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
  30                                struct rpc_sh_ctx *ctx,
  31                                struct rpc_pipe_client *pipe_hnd,
  32                                int argc, const char **argv,
  33                                BOOL (*fn)(TALLOC_CTX *mem_ctx,
  34                                           struct rpc_sh_ctx *ctx,
  35                                           SAM_UNK_INFO_1 *i1,
  36                                           SAM_UNK_INFO_3 *i3,
  37                                           SAM_UNK_INFO_12 *i12,
  38                                           int argc, const char **argv))
  39 {
  40         POLICY_HND connect_pol, domain_pol;
  41         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  42         SAM_UNK_CTR ctr1, ctr3, ctr12;
  43         int store;
  44
  45         ZERO_STRUCT(connect_pol);
  46         ZERO_STRUCT(domain_pol);
  47
  48         /* Get sam policy handle */
  49
  50         result = rpccli_samr_connect(pipe_hnd, mem_ctx,
  51                                      MAXIMUM_ALLOWED_ACCESS,
  52                                      &connect_pol);
  53         if (!NT_STATUS_IS_OK(result)) {
  54                 goto done;
  55         }
  56
  57         /* Get domain policy handle */
  58
  59         result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
  60                                          MAXIMUM_ALLOWED_ACCESS,
  61                                          ctx->domain_sid, &domain_pol);
  62         if (!NT_STATUS_IS_OK(result)) {
  63                 goto done;
  64         }
  65
  66         result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
  67                                             1, &ctr1);
  68
  69         if (!NT_STATUS_IS_OK(result)) {
  70                 d_fprintf(stderr, "query_domain_info level 1 failed: %s\n",
  71                           nt_errstr(result));
  72                 goto done;
  73         }
  74
  75         result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
  76                                             3, &ctr3);
  77
  78         if (!NT_STATUS_IS_OK(result)) {
  79                 d_fprintf(stderr, "query_domain_info level 3 failed: %s\n",
  80                           nt_errstr(result));
  81                 goto done;
  82         }
  83
  84         result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
  85                                             12, &ctr12);
  86
  87         if (!NT_STATUS_IS_OK(result)) {
  88                 d_fprintf(stderr, "query_domain_info level 12 failed: %s\n",
  89                           nt_errstr(result));
  90                 goto done;
  91         }
  92
  93         store = fn(mem_ctx, ctx, &ctr1.info.inf1, &ctr3.info.inf3,
  94                    &ctr12.info.inf12, argc, argv);
  95
  96         if (store <= 0) {
  97                 /* Don't save anything */
  98                 goto done;
  99         }
 100
 101         switch (store) {
 102         case 1:
 103                 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
 104                                                      &domain_pol, 1, &ctr1);
 105                 break;
 106         case 3:
 107                 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
 108                                                      &domain_pol, 3, &ctr3);
 109                 break;
 110         case 12:
 111                 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
 112                                                      &domain_pol, 12, &ctr12);
 113                 break;
 114         default:
 115                 d_fprintf(stderr, "Got unexpected info level %d\n", store);
 116                 result = NT_STATUS_INTERNAL_ERROR;
 117                 goto done;
 118         }
 119
 120  done:
 121         if (is_valid_policy_hnd(&domain_pol)) {
 122                 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
 123         }
 124         if (is_valid_policy_hnd(&connect_pol)) {
 125                 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
 126         }
 127
 128         return result;
 129 }
 130
 131 static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 132                         SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 133                         SAM_UNK_INFO_12 *i12,
 134                         int argc, const char **argv)
 135 {
 136         if (argc != 0) {
 137                 d_fprintf(stderr, "usage: %s\n", ctx->whoami);
 138                 return -1;
 139         }
 140
 141         d_printf("Minimum password length: %d\n", i1->min_length_password);
 142         d_printf("Password history length: %d\n", i1->password_history);
 143
 144         d_printf("Minimum password age: ");
 145         if (!nt_time_is_zero(&i1->min_passwordage)) {
 146                 time_t t = nt_time_to_unix_abs(&i1->min_passwordage);
 147                 d_printf("%d seconds\n", (int)t);
 148         } else {
 149                 d_printf("not set\n");
 150         }
 151
 152         d_printf("Maximum password age: ");
 153         if (nt_time_is_set(&i1->expire)) {
 154                 time_t t = nt_time_to_unix_abs(&i1->expire);
 155                 d_printf("%d seconds\n", (int)t);
 156         } else {
 157                 d_printf("not set\n");
 158         }
 159
 160         d_printf("Bad logon attempts: %d\n", i12->bad_attempt_lockout);
 161
 162         if (i12->bad_attempt_lockout != 0) {
 163
 164                 d_printf("Account lockout duration: ");
 165                 if (nt_time_is_set(&i12->duration)) {
 166                         time_t t = nt_time_to_unix_abs(&i12->duration);
 167                         d_printf("%d seconds\n", (int)t);
 168                 } else {
 169                         d_printf("not set\n");
 170                 }
 171
 172                 d_printf("Bad password count reset after: ");
 173                 if (nt_time_is_set(&i12->reset_count)) {
 174                         time_t t = nt_time_to_unix_abs(&i12->reset_count);
 175                         d_printf("%d seconds\n", (int)t);
 176                 } else {
 177                         d_printf("not set\n");
 178                 }
 179         }
 180
 181         d_printf("Disconnect users when logon hours expire: %s\n",
 182                  nt_time_is_zero(&i3->logout) ? "yes" : "no");
 183
 184         d_printf("User must logon to change password: %s\n",
 185                  (i1->password_properties & 0x2) ? "yes" : "no");
 186
 187         return 0;               /* Don't save */
 188 }
 189
 190 static NTSTATUS rpc_sh_acct_pol_show(TALLOC_CTX *mem_ctx,
 191                                      struct rpc_sh_ctx *ctx,
 192                                      struct rpc_pipe_client *pipe_hnd,
 193                                      int argc, const char **argv) {
 194         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 195                               account_show);
 196 }
 197
 198 static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 199                              SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 200                              SAM_UNK_INFO_12 *i12,
 201                              int argc, const char **argv)
 202 {
 203         if (argc != 1) {
 204                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 205                 return -1;
 206         }
 207
 208         i12->bad_attempt_lockout = atoi(argv[0]);
 209         d_printf("Setting bad password count to %d\n",
 210                  i12->bad_attempt_lockout);
 211
 212         return 12;
 213 }
 214
 215 static NTSTATUS rpc_sh_acct_set_badpw(TALLOC_CTX *mem_ctx,
 216                                       struct rpc_sh_ctx *ctx,
 217                                       struct rpc_pipe_client *pipe_hnd,
 218                                       int argc, const char **argv)
 219 {
 220         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 221                               account_set_badpw);
 222 }
 223
 224 static int account_set_lockduration(TALLOC_CTX *mem_ctx,
 225                                     struct rpc_sh_ctx *ctx,
 226                                     SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 227                                     SAM_UNK_INFO_12 *i12,
 228                                     int argc, const char **argv)
 229 {
 230         if (argc != 1) {
 231                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 232                 return -1;
 233         }
 234
 235         unix_to_nt_time_abs(&i12->duration, atoi(argv[0]));
 236         d_printf("Setting lockout duration to %d seconds\n",
 237                  (int)nt_time_to_unix_abs(&i12->duration));
 238
 239         return 12;
 240 }
 241
 242 static NTSTATUS rpc_sh_acct_set_lockduration(TALLOC_CTX *mem_ctx,
 243                                              struct rpc_sh_ctx *ctx,
 244                                              struct rpc_pipe_client *pipe_hnd,
 245                                              int argc, const char **argv)
 246 {
 247         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 248                               account_set_lockduration);
 249 }
 250
 251 static int account_set_resetduration(TALLOC_CTX *mem_ctx,
 252                                      struct rpc_sh_ctx *ctx,
 253                                      SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 254                                      SAM_UNK_INFO_12 *i12,
 255                                      int argc, const char **argv)
 256 {
 257         if (argc != 1) {
 258                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 259                 return -1;
 260         }
 261
 262         unix_to_nt_time_abs(&i12->reset_count, atoi(argv[0]));
 263         d_printf("Setting bad password reset duration to %d seconds\n",
 264                  (int)nt_time_to_unix_abs(&i12->reset_count));
 265
 266         return 12;
 267 }
 268
 269 static NTSTATUS rpc_sh_acct_set_resetduration(TALLOC_CTX *mem_ctx,
 270                                               struct rpc_sh_ctx *ctx,
 271                                               struct rpc_pipe_client *pipe_hnd,
 272                                               int argc, const char **argv)
 273 {
 274         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 275                               account_set_resetduration);
 276 }
 277
 278 static int account_set_minpwage(TALLOC_CTX *mem_ctx,
 279                                 struct rpc_sh_ctx *ctx,
 280                                 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 281                                 SAM_UNK_INFO_12 *i12,
 282                                 int argc, const char **argv)
 283 {
 284         if (argc != 1) {
 285                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 286                 return -1;
 287         }
 288
 289         unix_to_nt_time_abs(&i1->min_passwordage, atoi(argv[0]));
 290         d_printf("Setting minimum password age to %d seconds\n",
 291                  (int)nt_time_to_unix_abs(&i1->min_passwordage));
 292
 293         return 1;
 294 }
 295
 296 static NTSTATUS rpc_sh_acct_set_minpwage(TALLOC_CTX *mem_ctx,
 297                                          struct rpc_sh_ctx *ctx,
 298                                          struct rpc_pipe_client *pipe_hnd,
 299                                          int argc, const char **argv)
 300 {
 301         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 302                               account_set_minpwage);
 303 }
 304
 305 static int account_set_maxpwage(TALLOC_CTX *mem_ctx,
 306                                 struct rpc_sh_ctx *ctx,
 307                                 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 308                                 SAM_UNK_INFO_12 *i12,
 309                                 int argc, const char **argv)
 310 {
 311         if (argc != 1) {
 312                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 313                 return -1;
 314         }
 315
 316         unix_to_nt_time_abs(&i1->expire, atoi(argv[0]));
 317         d_printf("Setting maximum password age to %d seconds\n",
 318                  (int)nt_time_to_unix_abs(&i1->expire));
 319
 320         return 1;
 321 }
 322
 323 static NTSTATUS rpc_sh_acct_set_maxpwage(TALLOC_CTX *mem_ctx,
 324                                          struct rpc_sh_ctx *ctx,
 325                                          struct rpc_pipe_client *pipe_hnd,
 326                                          int argc, const char **argv)
 327 {
 328         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 329                               account_set_maxpwage);
 330 }
 331
 332 static int account_set_minpwlen(TALLOC_CTX *mem_ctx,
 333                                 struct rpc_sh_ctx *ctx,
 334                                 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 335                                 SAM_UNK_INFO_12 *i12,
 336                                 int argc, const char **argv)
 337 {
 338         if (argc != 1) {
 339                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 340                 return -1;
 341         }
 342
 343         i1->min_length_password = atoi(argv[0]);
 344         d_printf("Setting minimum password length to %d\n",
 345                  i1->min_length_password);
 346
 347         return 1;
 348 }
 349
 350 static NTSTATUS rpc_sh_acct_set_minpwlen(TALLOC_CTX *mem_ctx,
 351                                          struct rpc_sh_ctx *ctx,
 352                                          struct rpc_pipe_client *pipe_hnd,
 353                                          int argc, const char **argv)
 354 {
 355         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 356                               account_set_minpwlen);
 357 }
 358
 359 static int account_set_pwhistlen(TALLOC_CTX *mem_ctx,
 360                                  struct rpc_sh_ctx *ctx,
 361                                  SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
 362                                  SAM_UNK_INFO_12 *i12,
 363                                  int argc, const char **argv)
 364 {
 365         if (argc != 1) {
 366                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
 367                 return -1;
 368         }
 369
 370         i1->password_history = atoi(argv[0]);
 371         d_printf("Setting password history length to %d\n",
 372                  i1->password_history);
 373
 374         return 1;
 375 }
 376
 377 static NTSTATUS rpc_sh_acct_set_pwhistlen(TALLOC_CTX *mem_ctx,
 378                                           struct rpc_sh_ctx *ctx,
 379                                           struct rpc_pipe_client *pipe_hnd,
 380                                           int argc, const char **argv)
 381 {
 382         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
 383                               account_set_pwhistlen);
 384 }
 385
 386 struct rpc_sh_cmd *net_rpc_acct_cmds(TALLOC_CTX *mem_ctx,
 387                                      struct rpc_sh_ctx *ctx)
 388 {
 389         static struct rpc_sh_cmd cmds[9] = {
 390                 { "show", NULL, PI_SAMR, rpc_sh_acct_pol_show,
 391                   "Show current account policy settings" },
 392                 { "badpw", NULL, PI_SAMR, rpc_sh_acct_set_badpw,
 393                   "Set bad password count before lockout" },
 394                 { "lockduration", NULL, PI_SAMR, rpc_sh_acct_set_lockduration,
 395                   "Set account lockout duration" },
 396                 { "resetduration", NULL, PI_SAMR,
 397                   rpc_sh_acct_set_resetduration,
 398                   "Set bad password count reset duration" },
 399                 { "minpwage", NULL, PI_SAMR, rpc_sh_acct_set_minpwage,
 400                   "Set minimum password age" },
 401                 { "maxpwage", NULL, PI_SAMR, rpc_sh_acct_set_maxpwage,
 402                   "Set maximum password age" },
 403                 { "minpwlen", NULL, PI_SAMR, rpc_sh_acct_set_minpwlen,
 404                   "Set minimum password length" },
 405                 { "pwhistlen", NULL, PI_SAMR, rpc_sh_acct_set_pwhistlen,
 406                   "Set the password history length" },
 407                 { NULL, NULL, 0, NULL, NULL }
 408         };
 409
 410         return cmds;
 411 }