00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020 #include "includes.h"
00021 #include "utils/net.h"
00022
00023
00024
00025
00026
00027
00028
00029 static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
00030 struct rpc_sh_ctx *ctx,
00031 struct rpc_pipe_client *pipe_hnd,
00032 int argc, const char **argv,
00033 BOOL (*fn)(TALLOC_CTX *mem_ctx,
00034 struct rpc_sh_ctx *ctx,
00035 SAM_UNK_INFO_1 *i1,
00036 SAM_UNK_INFO_3 *i3,
00037 SAM_UNK_INFO_12 *i12,
00038 int argc, const char **argv))
00039 {
00040 POLICY_HND connect_pol, domain_pol;
00041 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00042 SAM_UNK_CTR ctr1, ctr3, ctr12;
00043 int store;
00044
00045 ZERO_STRUCT(connect_pol);
00046 ZERO_STRUCT(domain_pol);
00047
00048
00049
00050 result = rpccli_samr_connect(pipe_hnd, mem_ctx,
00051 MAXIMUM_ALLOWED_ACCESS,
00052 &connect_pol);
00053 if (!NT_STATUS_IS_OK(result)) {
00054 goto done;
00055 }
00056
00057
00058
00059 result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
00060 MAXIMUM_ALLOWED_ACCESS,
00061 ctx->domain_sid, &domain_pol);
00062 if (!NT_STATUS_IS_OK(result)) {
00063 goto done;
00064 }
00065
00066 result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
00067 1, &ctr1);
00068
00069 if (!NT_STATUS_IS_OK(result)) {
00070 d_fprintf(stderr, "query_domain_info level 1 failed: %s\n",
00071 nt_errstr(result));
00072 goto done;
00073 }
00074
00075 result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
00076 3, &ctr3);
00077
00078 if (!NT_STATUS_IS_OK(result)) {
00079 d_fprintf(stderr, "query_domain_info level 3 failed: %s\n",
00080 nt_errstr(result));
00081 goto done;
00082 }
00083
00084 result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
00085 12, &ctr12);
00086
00087 if (!NT_STATUS_IS_OK(result)) {
00088 d_fprintf(stderr, "query_domain_info level 12 failed: %s\n",
00089 nt_errstr(result));
00090 goto done;
00091 }
00092
00093 store = fn(mem_ctx, ctx, &ctr1.info.inf1, &ctr3.info.inf3,
00094 &ctr12.info.inf12, argc, argv);
00095
00096 if (store <= 0) {
00097
00098 goto done;
00099 }
00100
00101 switch (store) {
00102 case 1:
00103 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
00104 &domain_pol, 1, &ctr1);
00105 break;
00106 case 3:
00107 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
00108 &domain_pol, 3, &ctr3);
00109 break;
00110 case 12:
00111 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
00112 &domain_pol, 12, &ctr12);
00113 break;
00114 default:
00115 d_fprintf(stderr, "Got unexpected info level %d\n", store);
00116 result = NT_STATUS_INTERNAL_ERROR;
00117 goto done;
00118 }
00119
00120 done:
00121 if (is_valid_policy_hnd(&domain_pol)) {
00122 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
00123 }
00124 if (is_valid_policy_hnd(&connect_pol)) {
00125 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
00126 }
00127
00128 return result;
00129 }
00130
00131 static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
00132 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00133 SAM_UNK_INFO_12 *i12,
00134 int argc, const char **argv)
00135 {
00136 if (argc != 0) {
00137 d_fprintf(stderr, "usage: %s\n", ctx->whoami);
00138 return -1;
00139 }
00140
00141 d_printf("Minimum password length: %d\n", i1->min_length_password);
00142 d_printf("Password history length: %d\n", i1->password_history);
00143
00144 d_printf("Minimum password age: ");
00145 if (!nt_time_is_zero(&i1->min_passwordage)) {
00146 time_t t = nt_time_to_unix_abs(&i1->min_passwordage);
00147 d_printf("%d seconds\n", (int)t);
00148 } else {
00149 d_printf("not set\n");
00150 }
00151
00152 d_printf("Maximum password age: ");
00153 if (nt_time_is_set(&i1->expire)) {
00154 time_t t = nt_time_to_unix_abs(&i1->expire);
00155 d_printf("%d seconds\n", (int)t);
00156 } else {
00157 d_printf("not set\n");
00158 }
00159
00160 d_printf("Bad logon attempts: %d\n", i12->bad_attempt_lockout);
00161
00162 if (i12->bad_attempt_lockout != 0) {
00163
00164 d_printf("Account lockout duration: ");
00165 if (nt_time_is_set(&i12->duration)) {
00166 time_t t = nt_time_to_unix_abs(&i12->duration);
00167 d_printf("%d seconds\n", (int)t);
00168 } else {
00169 d_printf("not set\n");
00170 }
00171
00172 d_printf("Bad password count reset after: ");
00173 if (nt_time_is_set(&i12->reset_count)) {
00174 time_t t = nt_time_to_unix_abs(&i12->reset_count);
00175 d_printf("%d seconds\n", (int)t);
00176 } else {
00177 d_printf("not set\n");
00178 }
00179 }
00180
00181 d_printf("Disconnect users when logon hours expire: %s\n",
00182 nt_time_is_zero(&i3->logout) ? "yes" : "no");
00183
00184 d_printf("User must logon to change password: %s\n",
00185 (i1->password_properties & 0x2) ? "yes" : "no");
00186
00187 return 0;
00188 }
00189
00190 static NTSTATUS rpc_sh_acct_pol_show(TALLOC_CTX *mem_ctx,
00191 struct rpc_sh_ctx *ctx,
00192 struct rpc_pipe_client *pipe_hnd,
00193 int argc, const char **argv) {
00194 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00195 account_show);
00196 }
00197
00198 static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
00199 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00200 SAM_UNK_INFO_12 *i12,
00201 int argc, const char **argv)
00202 {
00203 if (argc != 1) {
00204 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00205 return -1;
00206 }
00207
00208 i12->bad_attempt_lockout = atoi(argv[0]);
00209 d_printf("Setting bad password count to %d\n",
00210 i12->bad_attempt_lockout);
00211
00212 return 12;
00213 }
00214
00215 static NTSTATUS rpc_sh_acct_set_badpw(TALLOC_CTX *mem_ctx,
00216 struct rpc_sh_ctx *ctx,
00217 struct rpc_pipe_client *pipe_hnd,
00218 int argc, const char **argv)
00219 {
00220 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00221 account_set_badpw);
00222 }
00223
00224 static int account_set_lockduration(TALLOC_CTX *mem_ctx,
00225 struct rpc_sh_ctx *ctx,
00226 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00227 SAM_UNK_INFO_12 *i12,
00228 int argc, const char **argv)
00229 {
00230 if (argc != 1) {
00231 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00232 return -1;
00233 }
00234
00235 unix_to_nt_time_abs(&i12->duration, atoi(argv[0]));
00236 d_printf("Setting lockout duration to %d seconds\n",
00237 (int)nt_time_to_unix_abs(&i12->duration));
00238
00239 return 12;
00240 }
00241
00242 static NTSTATUS rpc_sh_acct_set_lockduration(TALLOC_CTX *mem_ctx,
00243 struct rpc_sh_ctx *ctx,
00244 struct rpc_pipe_client *pipe_hnd,
00245 int argc, const char **argv)
00246 {
00247 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00248 account_set_lockduration);
00249 }
00250
00251 static int account_set_resetduration(TALLOC_CTX *mem_ctx,
00252 struct rpc_sh_ctx *ctx,
00253 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00254 SAM_UNK_INFO_12 *i12,
00255 int argc, const char **argv)
00256 {
00257 if (argc != 1) {
00258 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00259 return -1;
00260 }
00261
00262 unix_to_nt_time_abs(&i12->reset_count, atoi(argv[0]));
00263 d_printf("Setting bad password reset duration to %d seconds\n",
00264 (int)nt_time_to_unix_abs(&i12->reset_count));
00265
00266 return 12;
00267 }
00268
00269 static NTSTATUS rpc_sh_acct_set_resetduration(TALLOC_CTX *mem_ctx,
00270 struct rpc_sh_ctx *ctx,
00271 struct rpc_pipe_client *pipe_hnd,
00272 int argc, const char **argv)
00273 {
00274 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00275 account_set_resetduration);
00276 }
00277
00278 static int account_set_minpwage(TALLOC_CTX *mem_ctx,
00279 struct rpc_sh_ctx *ctx,
00280 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00281 SAM_UNK_INFO_12 *i12,
00282 int argc, const char **argv)
00283 {
00284 if (argc != 1) {
00285 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00286 return -1;
00287 }
00288
00289 unix_to_nt_time_abs(&i1->min_passwordage, atoi(argv[0]));
00290 d_printf("Setting minimum password age to %d seconds\n",
00291 (int)nt_time_to_unix_abs(&i1->min_passwordage));
00292
00293 return 1;
00294 }
00295
00296 static NTSTATUS rpc_sh_acct_set_minpwage(TALLOC_CTX *mem_ctx,
00297 struct rpc_sh_ctx *ctx,
00298 struct rpc_pipe_client *pipe_hnd,
00299 int argc, const char **argv)
00300 {
00301 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00302 account_set_minpwage);
00303 }
00304
00305 static int account_set_maxpwage(TALLOC_CTX *mem_ctx,
00306 struct rpc_sh_ctx *ctx,
00307 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00308 SAM_UNK_INFO_12 *i12,
00309 int argc, const char **argv)
00310 {
00311 if (argc != 1) {
00312 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00313 return -1;
00314 }
00315
00316 unix_to_nt_time_abs(&i1->expire, atoi(argv[0]));
00317 d_printf("Setting maximum password age to %d seconds\n",
00318 (int)nt_time_to_unix_abs(&i1->expire));
00319
00320 return 1;
00321 }
00322
00323 static NTSTATUS rpc_sh_acct_set_maxpwage(TALLOC_CTX *mem_ctx,
00324 struct rpc_sh_ctx *ctx,
00325 struct rpc_pipe_client *pipe_hnd,
00326 int argc, const char **argv)
00327 {
00328 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00329 account_set_maxpwage);
00330 }
00331
00332 static int account_set_minpwlen(TALLOC_CTX *mem_ctx,
00333 struct rpc_sh_ctx *ctx,
00334 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00335 SAM_UNK_INFO_12 *i12,
00336 int argc, const char **argv)
00337 {
00338 if (argc != 1) {
00339 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00340 return -1;
00341 }
00342
00343 i1->min_length_password = atoi(argv[0]);
00344 d_printf("Setting minimum password length to %d\n",
00345 i1->min_length_password);
00346
00347 return 1;
00348 }
00349
00350 static NTSTATUS rpc_sh_acct_set_minpwlen(TALLOC_CTX *mem_ctx,
00351 struct rpc_sh_ctx *ctx,
00352 struct rpc_pipe_client *pipe_hnd,
00353 int argc, const char **argv)
00354 {
00355 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00356 account_set_minpwlen);
00357 }
00358
00359 static int account_set_pwhistlen(TALLOC_CTX *mem_ctx,
00360 struct rpc_sh_ctx *ctx,
00361 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00362 SAM_UNK_INFO_12 *i12,
00363 int argc, const char **argv)
00364 {
00365 if (argc != 1) {
00366 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00367 return -1;
00368 }
00369
00370 i1->password_history = atoi(argv[0]);
00371 d_printf("Setting password history length to %d\n",
00372 i1->password_history);
00373
00374 return 1;
00375 }
00376
00377 static NTSTATUS rpc_sh_acct_set_pwhistlen(TALLOC_CTX *mem_ctx,
00378 struct rpc_sh_ctx *ctx,
00379 struct rpc_pipe_client *pipe_hnd,
00380 int argc, const char **argv)
00381 {
00382 return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00383 account_set_pwhistlen);
00384 }
00385
00386 struct rpc_sh_cmd *net_rpc_acct_cmds(TALLOC_CTX *mem_ctx,
00387 struct rpc_sh_ctx *ctx)
00388 {
00389 static struct rpc_sh_cmd cmds[9] = {
00390 { "show", NULL, PI_SAMR, rpc_sh_acct_pol_show,
00391 "Show current account policy settings" },
00392 { "badpw", NULL, PI_SAMR, rpc_sh_acct_set_badpw,
00393 "Set bad password count before lockout" },
00394 { "lockduration", NULL, PI_SAMR, rpc_sh_acct_set_lockduration,
00395 "Set account lockout duration" },
00396 { "resetduration", NULL, PI_SAMR,
00397 rpc_sh_acct_set_resetduration,
00398 "Set bad password count reset duration" },
00399 { "minpwage", NULL, PI_SAMR, rpc_sh_acct_set_minpwage,
00400 "Set minimum password age" },
00401 { "maxpwage", NULL, PI_SAMR, rpc_sh_acct_set_maxpwage,
00402 "Set maximum password age" },
00403 { "minpwlen", NULL, PI_SAMR, rpc_sh_acct_set_minpwlen,
00404 "Set minimum password length" },
00405 { "pwhistlen", NULL, PI_SAMR, rpc_sh_acct_set_pwhistlen,
00406 "Set the password history length" },
00407 { NULL, NULL, 0, NULL, NULL }
00408 };
00409
00410 return cmds;
00411 }