Samba: utils/net_rpc_sh_acct.c ソースファイル

00001 /* 
00002    Samba Unix/Linux SMB client library 
00003    Distributed SMB/CIFS Server Management Utility 
00004    Copyright (C) 2006 Volker Lendecke (vl@samba.org)
00005 
00006    This program is free software; you can redistribute it and/or modify
00007    it under the terms of the GNU General Public License as published by
00008    the Free Software Foundation; either version 2 of the License, or
00009    (at your option) any later version.
00010    
00011    This program is distributed in the hope that it will be useful,
00012    but WITHOUT ANY WARRANTY; without even the implied warranty of
00013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014    GNU General Public License for more details.
00015    
00016    You should have received a copy of the GNU General Public License
00017    along with this program; if not, write to the Free Software
00018    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
00019  
00020 #include "includes.h"
00021 #include "utils/net.h"
00022 
00023 /*
00024  * Do something with the account policies. Read them all, run a function on
00025  * them and possibly write them back. "fn" has to return the container index
00026  * it has modified, it can return 0 for no change.
00027  */
00028 
00029 static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
00030                                struct rpc_sh_ctx *ctx,
00031                                struct rpc_pipe_client *pipe_hnd,
00032                                int argc, const char **argv,
00033                                BOOL (*fn)(TALLOC_CTX *mem_ctx,
00034                                           struct rpc_sh_ctx *ctx,
00035                                           SAM_UNK_INFO_1 *i1,
00036                                           SAM_UNK_INFO_3 *i3,
00037                                           SAM_UNK_INFO_12 *i12,
00038                                           int argc, const char **argv))
00039 {
00040         POLICY_HND connect_pol, domain_pol;
00041         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00042         SAM_UNK_CTR ctr1, ctr3, ctr12;
00043         int store;
00044 
00045         ZERO_STRUCT(connect_pol);
00046         ZERO_STRUCT(domain_pol);
00047 
00048         /* Get sam policy handle */
00049         
00050         result = rpccli_samr_connect(pipe_hnd, mem_ctx,
00051                                      MAXIMUM_ALLOWED_ACCESS, 
00052                                      &connect_pol);
00053         if (!NT_STATUS_IS_OK(result)) {
00054                 goto done;
00055         }
00056         
00057         /* Get domain policy handle */
00058         
00059         result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
00060                                          MAXIMUM_ALLOWED_ACCESS,
00061                                          ctx->domain_sid, &domain_pol);
00062         if (!NT_STATUS_IS_OK(result)) {
00063                 goto done;
00064         }
00065 
00066         result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
00067                                             1, &ctr1);
00068 
00069         if (!NT_STATUS_IS_OK(result)) {
00070                 d_fprintf(stderr, "query_domain_info level 1 failed: %s\n",
00071                           nt_errstr(result));
00072                 goto done;
00073         }
00074 
00075         result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
00076                                             3, &ctr3);
00077 
00078         if (!NT_STATUS_IS_OK(result)) {
00079                 d_fprintf(stderr, "query_domain_info level 3 failed: %s\n",
00080                           nt_errstr(result));
00081                 goto done;
00082         }
00083 
00084         result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
00085                                             12, &ctr12);
00086 
00087         if (!NT_STATUS_IS_OK(result)) {
00088                 d_fprintf(stderr, "query_domain_info level 12 failed: %s\n",
00089                           nt_errstr(result));
00090                 goto done;
00091         }
00092 
00093         store = fn(mem_ctx, ctx, &ctr1.info.inf1, &ctr3.info.inf3,
00094                    &ctr12.info.inf12, argc, argv);
00095 
00096         if (store <= 0) {
00097                 /* Don't save anything */
00098                 goto done;
00099         }
00100 
00101         switch (store) {
00102         case 1:
00103                 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
00104                                                      &domain_pol, 1, &ctr1);
00105                 break;
00106         case 3:
00107                 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
00108                                                      &domain_pol, 3, &ctr3);
00109                 break;
00110         case 12:
00111                 result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
00112                                                      &domain_pol, 12, &ctr12);
00113                 break;
00114         default:
00115                 d_fprintf(stderr, "Got unexpected info level %d\n", store);
00116                 result = NT_STATUS_INTERNAL_ERROR;
00117                 goto done;
00118         }
00119 
00120  done:
00121         if (is_valid_policy_hnd(&domain_pol)) {
00122                 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
00123         }
00124         if (is_valid_policy_hnd(&connect_pol)) {
00125                 rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
00126         }
00127 
00128         return result;
00129 }
00130 
00131 static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
00132                         SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00133                         SAM_UNK_INFO_12 *i12,
00134                         int argc, const char **argv)
00135 {
00136         if (argc != 0) {
00137                 d_fprintf(stderr, "usage: %s\n", ctx->whoami);
00138                 return -1;
00139         }
00140 
00141         d_printf("Minimum password length: %d\n", i1->min_length_password);
00142         d_printf("Password history length: %d\n", i1->password_history);
00143 
00144         d_printf("Minimum password age: ");
00145         if (!nt_time_is_zero(&i1->min_passwordage)) {
00146                 time_t t = nt_time_to_unix_abs(&i1->min_passwordage);
00147                 d_printf("%d seconds\n", (int)t);
00148         } else {
00149                 d_printf("not set\n");
00150         }
00151 
00152         d_printf("Maximum password age: ");
00153         if (nt_time_is_set(&i1->expire)) {
00154                 time_t t = nt_time_to_unix_abs(&i1->expire);
00155                 d_printf("%d seconds\n", (int)t);
00156         } else {
00157                 d_printf("not set\n");
00158         }
00159 
00160         d_printf("Bad logon attempts: %d\n", i12->bad_attempt_lockout);
00161 
00162         if (i12->bad_attempt_lockout != 0) {
00163 
00164                 d_printf("Account lockout duration: ");
00165                 if (nt_time_is_set(&i12->duration)) {
00166                         time_t t = nt_time_to_unix_abs(&i12->duration);
00167                         d_printf("%d seconds\n", (int)t);
00168                 } else {
00169                         d_printf("not set\n");
00170                 }
00171 
00172                 d_printf("Bad password count reset after: ");
00173                 if (nt_time_is_set(&i12->reset_count)) {
00174                         time_t t = nt_time_to_unix_abs(&i12->reset_count);
00175                         d_printf("%d seconds\n", (int)t);
00176                 } else {
00177                         d_printf("not set\n");
00178                 }
00179         }
00180 
00181         d_printf("Disconnect users when logon hours expire: %s\n",
00182                  nt_time_is_zero(&i3->logout) ? "yes" : "no");
00183 
00184         d_printf("User must logon to change password: %s\n",
00185                  (i1->password_properties & 0x2) ? "yes" : "no");
00186         
00187         return 0;               /* Don't save */
00188 }
00189 
00190 static NTSTATUS rpc_sh_acct_pol_show(TALLOC_CTX *mem_ctx,
00191                                      struct rpc_sh_ctx *ctx,
00192                                      struct rpc_pipe_client *pipe_hnd,
00193                                      int argc, const char **argv) {
00194         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00195                               account_show);
00196 }
00197 
00198 static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
00199                              SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00200                              SAM_UNK_INFO_12 *i12,
00201                              int argc, const char **argv)
00202 {
00203         if (argc != 1) {
00204                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00205                 return -1;
00206         }
00207 
00208         i12->bad_attempt_lockout = atoi(argv[0]);
00209         d_printf("Setting bad password count to %d\n",
00210                  i12->bad_attempt_lockout);
00211 
00212         return 12;
00213 }
00214 
00215 static NTSTATUS rpc_sh_acct_set_badpw(TALLOC_CTX *mem_ctx,
00216                                       struct rpc_sh_ctx *ctx,
00217                                       struct rpc_pipe_client *pipe_hnd,
00218                                       int argc, const char **argv)
00219 {
00220         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00221                               account_set_badpw);
00222 }
00223 
00224 static int account_set_lockduration(TALLOC_CTX *mem_ctx,
00225                                     struct rpc_sh_ctx *ctx,
00226                                     SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00227                                     SAM_UNK_INFO_12 *i12,
00228                                     int argc, const char **argv)
00229 {
00230         if (argc != 1) {
00231                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00232                 return -1;
00233         }
00234 
00235         unix_to_nt_time_abs(&i12->duration, atoi(argv[0]));
00236         d_printf("Setting lockout duration to %d seconds\n",
00237                  (int)nt_time_to_unix_abs(&i12->duration));
00238 
00239         return 12;
00240 }
00241 
00242 static NTSTATUS rpc_sh_acct_set_lockduration(TALLOC_CTX *mem_ctx,
00243                                              struct rpc_sh_ctx *ctx,
00244                                              struct rpc_pipe_client *pipe_hnd,
00245                                              int argc, const char **argv)
00246 {
00247         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00248                               account_set_lockduration);
00249 }
00250 
00251 static int account_set_resetduration(TALLOC_CTX *mem_ctx,
00252                                      struct rpc_sh_ctx *ctx,
00253                                      SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00254                                      SAM_UNK_INFO_12 *i12,
00255                                      int argc, const char **argv)
00256 {
00257         if (argc != 1) {
00258                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00259                 return -1;
00260         }
00261 
00262         unix_to_nt_time_abs(&i12->reset_count, atoi(argv[0]));
00263         d_printf("Setting bad password reset duration to %d seconds\n",
00264                  (int)nt_time_to_unix_abs(&i12->reset_count));
00265 
00266         return 12;
00267 }
00268 
00269 static NTSTATUS rpc_sh_acct_set_resetduration(TALLOC_CTX *mem_ctx,
00270                                               struct rpc_sh_ctx *ctx,
00271                                               struct rpc_pipe_client *pipe_hnd,
00272                                               int argc, const char **argv)
00273 {
00274         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00275                               account_set_resetduration);
00276 }
00277 
00278 static int account_set_minpwage(TALLOC_CTX *mem_ctx,
00279                                 struct rpc_sh_ctx *ctx,
00280                                 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00281                                 SAM_UNK_INFO_12 *i12,
00282                                 int argc, const char **argv)
00283 {
00284         if (argc != 1) {
00285                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00286                 return -1;
00287         }
00288 
00289         unix_to_nt_time_abs(&i1->min_passwordage, atoi(argv[0]));
00290         d_printf("Setting minimum password age to %d seconds\n",
00291                  (int)nt_time_to_unix_abs(&i1->min_passwordage));
00292 
00293         return 1;
00294 }
00295 
00296 static NTSTATUS rpc_sh_acct_set_minpwage(TALLOC_CTX *mem_ctx,
00297                                          struct rpc_sh_ctx *ctx,
00298                                          struct rpc_pipe_client *pipe_hnd,
00299                                          int argc, const char **argv)
00300 {
00301         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00302                               account_set_minpwage);
00303 }
00304 
00305 static int account_set_maxpwage(TALLOC_CTX *mem_ctx,
00306                                 struct rpc_sh_ctx *ctx,
00307                                 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00308                                 SAM_UNK_INFO_12 *i12,
00309                                 int argc, const char **argv)
00310 {
00311         if (argc != 1) {
00312                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00313                 return -1;
00314         }
00315 
00316         unix_to_nt_time_abs(&i1->expire, atoi(argv[0]));
00317         d_printf("Setting maximum password age to %d seconds\n",
00318                  (int)nt_time_to_unix_abs(&i1->expire));
00319 
00320         return 1;
00321 }
00322 
00323 static NTSTATUS rpc_sh_acct_set_maxpwage(TALLOC_CTX *mem_ctx,
00324                                          struct rpc_sh_ctx *ctx,
00325                                          struct rpc_pipe_client *pipe_hnd,
00326                                          int argc, const char **argv)
00327 {
00328         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00329                               account_set_maxpwage);
00330 }
00331 
00332 static int account_set_minpwlen(TALLOC_CTX *mem_ctx,
00333                                 struct rpc_sh_ctx *ctx,
00334                                 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00335                                 SAM_UNK_INFO_12 *i12,
00336                                 int argc, const char **argv)
00337 {
00338         if (argc != 1) {
00339                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00340                 return -1;
00341         }
00342 
00343         i1->min_length_password = atoi(argv[0]);
00344         d_printf("Setting minimum password length to %d\n",
00345                  i1->min_length_password);
00346 
00347         return 1;
00348 }
00349 
00350 static NTSTATUS rpc_sh_acct_set_minpwlen(TALLOC_CTX *mem_ctx,
00351                                          struct rpc_sh_ctx *ctx,
00352                                          struct rpc_pipe_client *pipe_hnd,
00353                                          int argc, const char **argv)
00354 {
00355         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00356                               account_set_minpwlen);
00357 }
00358 
00359 static int account_set_pwhistlen(TALLOC_CTX *mem_ctx,
00360                                  struct rpc_sh_ctx *ctx,
00361                                  SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
00362                                  SAM_UNK_INFO_12 *i12,
00363                                  int argc, const char **argv)
00364 {
00365         if (argc != 1) {
00366                 d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami);
00367                 return -1;
00368         }
00369 
00370         i1->password_history = atoi(argv[0]);
00371         d_printf("Setting password history length to %d\n",
00372                  i1->password_history);
00373 
00374         return 1;
00375 }
00376 
00377 static NTSTATUS rpc_sh_acct_set_pwhistlen(TALLOC_CTX *mem_ctx,
00378                                           struct rpc_sh_ctx *ctx,
00379                                           struct rpc_pipe_client *pipe_hnd,
00380                                           int argc, const char **argv)
00381 {
00382         return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv,
00383                               account_set_pwhistlen);
00384 }
00385 
00386 struct rpc_sh_cmd *net_rpc_acct_cmds(TALLOC_CTX *mem_ctx,
00387                                      struct rpc_sh_ctx *ctx)
00388 {
00389         static struct rpc_sh_cmd cmds[9] = {
00390                 { "show", NULL, PI_SAMR, rpc_sh_acct_pol_show,
00391                   "Show current account policy settings" },
00392                 { "badpw", NULL, PI_SAMR, rpc_sh_acct_set_badpw,
00393                   "Set bad password count before lockout" },
00394                 { "lockduration", NULL, PI_SAMR, rpc_sh_acct_set_lockduration,
00395                   "Set account lockout duration" },
00396                 { "resetduration", NULL, PI_SAMR,
00397                   rpc_sh_acct_set_resetduration,
00398                   "Set bad password count reset duration" },
00399                 { "minpwage", NULL, PI_SAMR, rpc_sh_acct_set_minpwage,
00400                   "Set minimum password age" },
00401                 { "maxpwage", NULL, PI_SAMR, rpc_sh_acct_set_maxpwage,
00402                   "Set maximum password age" },
00403                 { "minpwlen", NULL, PI_SAMR, rpc_sh_acct_set_minpwlen,
00404                   "Set minimum password length" },
00405                 { "pwhistlen", NULL, PI_SAMR, rpc_sh_acct_set_pwhistlen,
00406                   "Set the password history length" },
00407                 { NULL, NULL, 0, NULL, NULL }
00408         };
00409 
00410         return cmds;
00411 }