s3-popt: Only include popt-common.h when needed.
[nivanova/samba-autobuild/.git] / source3 / utils / net_rpc_sh_acct.c
1 /*
2    Samba Unix/Linux SMB client library
3    Distributed SMB/CIFS Server Management Utility
4    Copyright (C) 2006 Volker Lendecke (vl@samba.org)
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "includes.h"
20 #include "popt_common.h"
21 #include "utils/net.h"
22 #include "../librpc/gen_ndr/cli_samr.h"
23
24 /*
25  * Do something with the account policies. Read them all, run a function on
26  * them and possibly write them back. "fn" has to return the container index
27  * it has modified, it can return 0 for no change.
28  */
29
30 static NTSTATUS rpc_sh_acct_do(struct net_context *c,
31                                TALLOC_CTX *mem_ctx,
32                                struct rpc_sh_ctx *ctx,
33                                struct rpc_pipe_client *pipe_hnd,
34                                int argc, const char **argv,
35                                int (*fn)(struct net_context *c,
36                                           TALLOC_CTX *mem_ctx,
37                                           struct rpc_sh_ctx *ctx,
38                                           struct samr_DomInfo1 *i1,
39                                           struct samr_DomInfo3 *i3,
40                                           struct samr_DomInfo12 *i12,
41                                           int argc, const char **argv))
42 {
43         struct policy_handle connect_pol, domain_pol;
44         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
45         union samr_DomainInfo *info1 = NULL;
46         union samr_DomainInfo *info3 = NULL;
47         union samr_DomainInfo *info12 = NULL;
48         int store;
49
50         ZERO_STRUCT(connect_pol);
51         ZERO_STRUCT(domain_pol);
52
53         /* Get sam policy handle */
54
55         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
56                                       pipe_hnd->desthost,
57                                       MAXIMUM_ALLOWED_ACCESS,
58                                       &connect_pol);
59         if (!NT_STATUS_IS_OK(result)) {
60                 goto done;
61         }
62
63         /* Get domain policy handle */
64
65         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
66                                         &connect_pol,
67                                         MAXIMUM_ALLOWED_ACCESS,
68                                         ctx->domain_sid,
69                                         &domain_pol);
70         if (!NT_STATUS_IS_OK(result)) {
71                 goto done;
72         }
73
74         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
75                                              &domain_pol,
76                                              1,
77                                              &info1);
78
79         if (!NT_STATUS_IS_OK(result)) {
80                 d_fprintf(stderr, _("query_domain_info level 1 failed: %s\n"),
81                           nt_errstr(result));
82                 goto done;
83         }
84
85         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
86                                              &domain_pol,
87                                              3,
88                                              &info3);
89
90         if (!NT_STATUS_IS_OK(result)) {
91                 d_fprintf(stderr, _("query_domain_info level 3 failed: %s\n"),
92                           nt_errstr(result));
93                 goto done;
94         }
95
96         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
97                                              &domain_pol,
98                                              12,
99                                              &info12);
100
101         if (!NT_STATUS_IS_OK(result)) {
102                 d_fprintf(stderr, _("query_domain_info level 12 failed: %s\n"),
103                           nt_errstr(result));
104                 goto done;
105         }
106
107         store = fn(c, mem_ctx, ctx, &info1->info1, &info3->info3,
108                    &info12->info12, argc, argv);
109
110         if (store <= 0) {
111                 /* Don't save anything */
112                 goto done;
113         }
114
115         switch (store) {
116         case 1:
117                 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
118                                                    &domain_pol,
119                                                    1,
120                                                    info1);
121                 break;
122         case 3:
123                 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
124                                                    &domain_pol,
125                                                    3,
126                                                    info3);
127                 break;
128         case 12:
129                 result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
130                                                    &domain_pol,
131                                                    12,
132                                                    info12);
133                 break;
134         default:
135                 d_fprintf(stderr, _("Got unexpected info level %d\n"), store);
136                 result = NT_STATUS_INTERNAL_ERROR;
137                 goto done;
138         }
139
140  done:
141         if (is_valid_policy_hnd(&domain_pol)) {
142                 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
143         }
144         if (is_valid_policy_hnd(&connect_pol)) {
145                 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
146         }
147
148         return result;
149 }
150
151 static int account_show(struct net_context *c,
152                         TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
153                         struct samr_DomInfo1 *i1,
154                         struct samr_DomInfo3 *i3,
155                         struct samr_DomInfo12 *i12,
156                         int argc, const char **argv)
157 {
158         if (argc != 0) {
159                 d_fprintf(stderr, "%s %s\n", _("Usage:"), ctx->whoami);
160                 return -1;
161         }
162
163         d_printf(_("Minimum password length: %d\n"), i1->min_password_length);
164         d_printf(_("Password history length: %d\n"),
165                  i1->password_history_length);
166
167         d_printf(_("Minimum password age: "));
168         if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
169                 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
170                 d_printf(_("%d seconds\n"), (int)t);
171         } else {
172                 d_printf(_("not set\n"));
173         }
174
175         d_printf(_("Maximum password age: "));
176         if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
177                 time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
178                 d_printf(_("%d seconds\n"), (int)t);
179         } else {
180                 d_printf(_("not set\n"));
181         }
182
183         d_printf(_("Bad logon attempts: %d\n"), i12->lockout_threshold);
184
185         if (i12->lockout_threshold != 0) {
186
187                 d_printf(_("Account lockout duration: "));
188                 if (nt_time_is_set(&i12->lockout_duration)) {
189                         time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
190                         d_printf(_("%d seconds\n"), (int)t);
191                 } else {
192                         d_printf(_("not set\n"));
193                 }
194
195                 d_printf(_("Bad password count reset after: "));
196                 if (nt_time_is_set(&i12->lockout_window)) {
197                         time_t t = nt_time_to_unix_abs(&i12->lockout_window);
198                         d_printf(_("%d seconds\n"), (int)t);
199                 } else {
200                         d_printf(_("not set\n"));
201                 }
202         }
203
204         d_printf(_("Disconnect users when logon hours expire: %s\n"),
205                  nt_time_is_zero(&i3->force_logoff_time) ? _("yes") : _("no"));
206
207         d_printf(_("User must logon to change password: %s\n"),
208                  (i1->password_properties & 0x2) ? _("yes") : _("no"));
209
210         return 0;               /* Don't save */
211 }
212
213 static NTSTATUS rpc_sh_acct_pol_show(struct net_context *c,
214                                      TALLOC_CTX *mem_ctx,
215                                      struct rpc_sh_ctx *ctx,
216                                      struct rpc_pipe_client *pipe_hnd,
217                                      int argc, const char **argv) {
218         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
219                               account_show);
220 }
221
222 static int account_set_badpw(struct net_context *c,
223                              TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
224                              struct samr_DomInfo1 *i1,
225                              struct samr_DomInfo3 *i3,
226                              struct samr_DomInfo12 *i12,
227                              int argc, const char **argv)
228 {
229         if (argc != 1) {
230                 d_fprintf(stderr, "%s %s <count>\n", _("Usage:"), ctx->whoami);
231                 return -1;
232         }
233
234         i12->lockout_threshold = atoi(argv[0]);
235         d_printf(_("Setting bad password count to %d\n"),
236                  i12->lockout_threshold);
237
238         return 12;
239 }
240
241 static NTSTATUS rpc_sh_acct_set_badpw(struct net_context *c,
242                                       TALLOC_CTX *mem_ctx,
243                                       struct rpc_sh_ctx *ctx,
244                                       struct rpc_pipe_client *pipe_hnd,
245                                       int argc, const char **argv)
246 {
247         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
248                               account_set_badpw);
249 }
250
251 static int account_set_lockduration(struct net_context *c,
252                                     TALLOC_CTX *mem_ctx,
253                                     struct rpc_sh_ctx *ctx,
254                                     struct samr_DomInfo1 *i1,
255                                     struct samr_DomInfo3 *i3,
256                                     struct samr_DomInfo12 *i12,
257                                     int argc, const char **argv)
258 {
259         if (argc != 1) {
260                 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
261                 return -1;
262         }
263
264         unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
265         d_printf(_("Setting lockout duration to %d seconds\n"),
266                  (int)nt_time_to_unix_abs(&i12->lockout_duration));
267
268         return 12;
269 }
270
271 static NTSTATUS rpc_sh_acct_set_lockduration(struct net_context *c,
272                                              TALLOC_CTX *mem_ctx,
273                                              struct rpc_sh_ctx *ctx,
274                                              struct rpc_pipe_client *pipe_hnd,
275                                              int argc, const char **argv)
276 {
277         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
278                               account_set_lockduration);
279 }
280
281 static int account_set_resetduration(struct net_context *c,
282                                      TALLOC_CTX *mem_ctx,
283                                      struct rpc_sh_ctx *ctx,
284                                      struct samr_DomInfo1 *i1,
285                                      struct samr_DomInfo3 *i3,
286                                      struct samr_DomInfo12 *i12,
287                                      int argc, const char **argv)
288 {
289         if (argc != 1) {
290                 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
291                 return -1;
292         }
293
294         unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
295         d_printf(_("Setting bad password reset duration to %d seconds\n"),
296                  (int)nt_time_to_unix_abs(&i12->lockout_window));
297
298         return 12;
299 }
300
301 static NTSTATUS rpc_sh_acct_set_resetduration(struct net_context *c,
302                                               TALLOC_CTX *mem_ctx,
303                                               struct rpc_sh_ctx *ctx,
304                                               struct rpc_pipe_client *pipe_hnd,
305                                               int argc, const char **argv)
306 {
307         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
308                               account_set_resetduration);
309 }
310
311 static int account_set_minpwage(struct net_context *c,
312                                 TALLOC_CTX *mem_ctx,
313                                 struct rpc_sh_ctx *ctx,
314                                 struct samr_DomInfo1 *i1,
315                                 struct samr_DomInfo3 *i3,
316                                 struct samr_DomInfo12 *i12,
317                                 int argc, const char **argv)
318 {
319         if (argc != 1) {
320                 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
321                 return -1;
322         }
323
324         unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
325         d_printf(_("Setting minimum password age to %d seconds\n"),
326                  (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
327
328         return 1;
329 }
330
331 static NTSTATUS rpc_sh_acct_set_minpwage(struct net_context *c,
332                                          TALLOC_CTX *mem_ctx,
333                                          struct rpc_sh_ctx *ctx,
334                                          struct rpc_pipe_client *pipe_hnd,
335                                          int argc, const char **argv)
336 {
337         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
338                               account_set_minpwage);
339 }
340
341 static int account_set_maxpwage(struct net_context *c,
342                                 TALLOC_CTX *mem_ctx,
343                                 struct rpc_sh_ctx *ctx,
344                                 struct samr_DomInfo1 *i1,
345                                 struct samr_DomInfo3 *i3,
346                                 struct samr_DomInfo12 *i12,
347                                 int argc, const char **argv)
348 {
349         if (argc != 1) {
350                 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
351                 return -1;
352         }
353
354         unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
355         d_printf(_("Setting maximum password age to %d seconds\n"),
356                  (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
357
358         return 1;
359 }
360
361 static NTSTATUS rpc_sh_acct_set_maxpwage(struct net_context *c,
362                                          TALLOC_CTX *mem_ctx,
363                                          struct rpc_sh_ctx *ctx,
364                                          struct rpc_pipe_client *pipe_hnd,
365                                          int argc, const char **argv)
366 {
367         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
368                               account_set_maxpwage);
369 }
370
371 static int account_set_minpwlen(struct net_context *c,
372                                 TALLOC_CTX *mem_ctx,
373                                 struct rpc_sh_ctx *ctx,
374                                 struct samr_DomInfo1 *i1,
375                                 struct samr_DomInfo3 *i3,
376                                 struct samr_DomInfo12 *i12,
377                                 int argc, const char **argv)
378 {
379         if (argc != 1) {
380                 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
381                 return -1;
382         }
383
384         i1->min_password_length = atoi(argv[0]);
385         d_printf(_("Setting minimum password length to %d\n"),
386                  i1->min_password_length);
387
388         return 1;
389 }
390
391 static NTSTATUS rpc_sh_acct_set_minpwlen(struct net_context *c,
392                                          TALLOC_CTX *mem_ctx,
393                                          struct rpc_sh_ctx *ctx,
394                                          struct rpc_pipe_client *pipe_hnd,
395                                          int argc, const char **argv)
396 {
397         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
398                               account_set_minpwlen);
399 }
400
401 static int account_set_pwhistlen(struct net_context *c,
402                                  TALLOC_CTX *mem_ctx,
403                                  struct rpc_sh_ctx *ctx,
404                                  struct samr_DomInfo1 *i1,
405                                  struct samr_DomInfo3 *i3,
406                                  struct samr_DomInfo12 *i12,
407                                  int argc, const char **argv)
408 {
409         if (argc != 1) {
410                 d_fprintf(stderr, _("Usage: %s <count>\n"), ctx->whoami);
411                 return -1;
412         }
413
414         i1->password_history_length = atoi(argv[0]);
415         d_printf(_("Setting password history length to %d\n"),
416                  i1->password_history_length);
417
418         return 1;
419 }
420
421 static NTSTATUS rpc_sh_acct_set_pwhistlen(struct net_context *c,
422                                           TALLOC_CTX *mem_ctx,
423                                           struct rpc_sh_ctx *ctx,
424                                           struct rpc_pipe_client *pipe_hnd,
425                                           int argc, const char **argv)
426 {
427         return rpc_sh_acct_do(c, mem_ctx, ctx, pipe_hnd, argc, argv,
428                               account_set_pwhistlen);
429 }
430
431 struct rpc_sh_cmd *net_rpc_acct_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
432                                      struct rpc_sh_ctx *ctx)
433 {
434         static struct rpc_sh_cmd cmds[9] = {
435                 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_pol_show,
436                   N_("Show current account policy settings") },
437                 { "badpw", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_badpw,
438                   N_("Set bad password count before lockout") },
439                 { "lockduration", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_lockduration,
440                   N_("Set account lockout duration") },
441                 { "resetduration", NULL, &ndr_table_samr.syntax_id,
442                   rpc_sh_acct_set_resetduration,
443                   N_("Set bad password count reset duration") },
444                 { "minpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwage,
445                   N_("Set minimum password age") },
446                 { "maxpwage", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_maxpwage,
447                   N_("Set maximum password age") },
448                 { "minpwlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_minpwlen,
449                   N_("Set minimum password length") },
450                 { "pwhistlen", NULL, &ndr_table_samr.syntax_id, rpc_sh_acct_set_pwhistlen,
451                   N_("Set the password history length") },
452                 { NULL, NULL, 0, NULL, NULL }
453         };
454
455         return cmds;
456 }