diff options
-rw-r--r-- | source/Makefile.in | 2 | ||||
-rw-r--r-- | source/lib/time.c | 28 | ||||
-rw-r--r-- | source/rpc_client/cli_samr.c | 40 | ||||
-rw-r--r-- | source/rpc_parse/parse_samr.c | 6 | ||||
-rw-r--r-- | source/utils/net_rpc_sh_acct.c | 411 | ||||
-rw-r--r-- | source/utils/net_rpc_shell.c | 8 |
6 files changed, 484 insertions, 11 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index f02afc4eb9f..b36b793b977 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -565,7 +565,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \ utils/net_status.o utils/net_rpc_printer.o utils/net_rpc_rights.o \ utils/net_rpc_service.o utils/net_rpc_registry.o utils/net_usershare.o \ utils/netlookup.o utils/net_sam.o utils/net_rpc_shell.o \ - utils/net_util.o + utils/net_util.o utils/net_rpc_sh_acct.o NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ diff --git a/source/lib/time.c b/source/lib/time.c index 989589121b9..f87e53fef52 100644 --- a/source/lib/time.c +++ b/source/lib/time.c @@ -231,7 +231,7 @@ time_t nt_time_to_unix(NTTIME *nt) if the NTTIME was 5 seconds, the time_t is 5 seconds. JFM ****************************************************************************/ -time_t nt_time_to_unix_abs(NTTIME *nt) +time_t nt_time_to_unix_abs(const NTTIME *nt) { double d; time_t ret; @@ -239,6 +239,7 @@ time_t nt_time_to_unix_abs(NTTIME *nt) broken SCO compiler. JRA. */ time_t l_time_min = TIME_T_MIN; time_t l_time_max = TIME_T_MAX; + NTTIME neg_nt; if (nt->high == 0) { return(0); @@ -250,11 +251,11 @@ time_t nt_time_to_unix_abs(NTTIME *nt) /* reverse the time */ /* it's a negative value, turn it to positive */ - nt->high=~nt->high; - nt->low=~nt->low; + neg_nt.high=~nt->high; + neg_nt.low=~nt->low; - d = ((double)nt->high)*4.0*(double)(1<<30); - d += (nt->low&0xFFF00000); + d = ((double)neg_nt.high)*4.0*(double)(1<<30); + d += (neg_nt.low&0xFFF00000); d *= 1.0e-7; if (!(l_time_min <= d && d <= l_time_max)) { @@ -728,11 +729,24 @@ void init_nt_time(NTTIME *nt) nt->low = 0xFFFFFFFF; } +BOOL nt_time_is_set(const NTTIME *nt) +{ + if ((nt->high == 0x7FFFFFFF) && (nt->low == 0xFFFFFFFF)) { + return False; + } + + if ((nt->high == 0x80000000) && (nt->low == 0)) { + return False; + } + + return True; +} + /**************************************************************************** Check if NTTIME is 0. ****************************************************************************/ -BOOL nt_time_is_zero(NTTIME *nt) +BOOL nt_time_is_zero(const NTTIME *nt) { if(nt->high==0) { return True; @@ -744,7 +758,7 @@ BOOL nt_time_is_zero(NTTIME *nt) Check if two NTTIMEs are the same. ****************************************************************************/ -BOOL nt_time_equals(NTTIME *nt1, NTTIME *nt2) +BOOL nt_time_equals(const NTTIME *nt1, const NTTIME *nt2) { return (nt1->high == nt2->high && nt1->low == nt2->low); } diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index 744d8174a0a..79f27fe2bb9 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -1124,6 +1124,46 @@ NTSTATUS rpccli_samr_query_dom_info(struct rpc_pipe_client *cli, return result; } +/* Set domain info */ + +NTSTATUS rpccli_samr_set_domain_info(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *domain_pol, + uint16 switch_value, + SAM_UNK_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SAMR_Q_SET_DOMAIN_INFO q; + SAMR_R_SET_DOMAIN_INFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("cli_samr_set_domain_info\n")); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Marshall data and send request */ + + init_samr_q_set_domain_info(&q, domain_pol, switch_value, ctr); + + CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_DOMAIN_INFO, + q, r, + qbuf, rbuf, + samr_io_q_set_domain_info, + samr_io_r_set_domain_info, + NT_STATUS_UNSUCCESSFUL); + + /* Return output parameters */ + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + done: + + return result; +} + /* User change password */ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 7cbaa4e3c99..87bfcebe264 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -7629,8 +7629,10 @@ BOOL samr_io_q_set_domain_info(const char *desc, SAMR_Q_SET_DOMAIN_INFO *q_u, if(!prs_align(ps)) return False; - if ((q_u->ctr = PRS_ALLOC_MEM(ps, SAM_UNK_CTR, 1)) == NULL) - return False; + if (UNMARSHALLING(ps)) { + if ((q_u->ctr = PRS_ALLOC_MEM(ps, SAM_UNK_CTR, 1)) == NULL) + return False; + } switch (q_u->switch_value) { diff --git a/source/utils/net_rpc_sh_acct.c b/source/utils/net_rpc_sh_acct.c new file mode 100644 index 00000000000..91ec6f1335c --- /dev/null +++ b/source/utils/net_rpc_sh_acct.c @@ -0,0 +1,411 @@ +/* + Samba Unix/Linux SMB client library + Distributed SMB/CIFS Server Management Utility + Copyright (C) 2005 Volker Lendecke (vl@samba.org) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "includes.h" +#include "utils/net.h" + +/* + * Do something with the account policies. Read them all, run a function on + * them and possibly write them back. "fn" has to return the container index + * it has modified, it can return 0 for no change. + */ + +static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv, + BOOL (*fn)(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, + SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv)) +{ + POLICY_HND connect_pol, domain_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + SAM_UNK_CTR ctr1, ctr3, ctr12; + int store; + + ZERO_STRUCT(connect_pol); + ZERO_STRUCT(domain_pol); + + /* Get sam policy handle */ + + result = rpccli_samr_connect(pipe_hnd, mem_ctx, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Get domain policy handle */ + + result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + ctx->domain_sid, &domain_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol, + 1, &ctr1); + + if (!NT_STATUS_IS_OK(result)) { + d_fprintf(stderr, "query_domain_info level 1 failed: %s\n", + nt_errstr(result)); + goto done; + } + + result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol, + 3, &ctr3); + + if (!NT_STATUS_IS_OK(result)) { + d_fprintf(stderr, "query_domain_info level 3 failed: %s\n", + nt_errstr(result)); + goto done; + } + + result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol, + 12, &ctr12); + + if (!NT_STATUS_IS_OK(result)) { + d_fprintf(stderr, "query_domain_info level 12 failed: %s\n", + nt_errstr(result)); + goto done; + } + + store = fn(mem_ctx, ctx, &ctr1.info.inf1, &ctr3.info.inf3, + &ctr12.info.inf12, argc, argv); + + if (store <= 0) { + /* Don't save anything */ + goto done; + } + + switch (store) { + case 1: + result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx, + &domain_pol, 1, &ctr1); + break; + case 3: + result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx, + &domain_pol, 3, &ctr3); + break; + case 12: + result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx, + &domain_pol, 12, &ctr12); + break; + default: + d_fprintf(stderr, "Got unexpected info level %d\n", store); + result = NT_STATUS_INTERNAL_ERROR; + goto done; + } + + done: + if (is_valid_policy_hnd(&domain_pol)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + } + if (is_valid_policy_hnd(&connect_pol)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol); + } + + return result; +} + +static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 0) { + d_fprintf(stderr, "usage: %s\n", ctx->whoami); + return -1; + } + + d_printf("Minimum password length: %d\n", i1->min_length_password); + d_printf("Password history length: %d\n", i1->password_history); + + d_printf("Minimum password age: "); + if (!nt_time_is_zero(&i1->min_passwordage)) { + time_t t = nt_time_to_unix_abs(&i1->min_passwordage); + d_printf("%d seconds\n", (int)t); + } else { + d_printf("not set\n"); + } + + d_printf("Maximum password age: "); + if (nt_time_is_set(&i1->expire)) { + time_t t = nt_time_to_unix_abs(&i1->expire); + d_printf("%d seconds\n", (int)t); + } else { + d_printf("not set\n"); + } + + d_printf("Bad logon attempts: %d\n", i12->bad_attempt_lockout); + + if (i12->bad_attempt_lockout != 0) { + + d_printf("Account lockout duration: "); + if (nt_time_is_set(&i12->duration)) { + time_t t = nt_time_to_unix_abs(&i12->duration); + d_printf("%d seconds\n", (int)t); + } else { + d_printf("not set\n"); + } + + d_printf("Bad password count reset after: "); + if (nt_time_is_set(&i12->reset_count)) { + time_t t = nt_time_to_unix_abs(&i12->reset_count); + d_printf("%d seconds\n", (int)t); + } else { + d_printf("not set\n"); + } + } + + d_printf("Disconnect users when logon hours expire: %s\n", + nt_time_is_zero(&i3->logout) ? "yes" : "no"); + + d_printf("User must logon to change password: %s\n", + (i1->password_properties & 0x2) ? "yes" : "no"); + + return 0; /* Don't save */ +} + +static NTSTATUS rpc_sh_acct_pol_show(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) { + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_show); +} + +static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + i12->bad_attempt_lockout = atoi(argv[0]); + d_printf("Setting bad password count to %d\n", + i12->bad_attempt_lockout); + + return 12; +} + +static NTSTATUS rpc_sh_acct_set_badpw(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_badpw); +} + +static int account_set_lockduration(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + unix_to_nt_time_abs(&i12->duration, atoi(argv[0])); + d_printf("Setting lockout duration to %d seconds\n", + (int)nt_time_to_unix_abs(&i12->duration)); + + return 12; +} + +static NTSTATUS rpc_sh_acct_set_lockduration(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_lockduration); +} + +static int account_set_resetduration(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + unix_to_nt_time_abs(&i12->reset_count, atoi(argv[0])); + d_printf("Setting bad password reset duration to %d seconds\n", + (int)nt_time_to_unix_abs(&i12->reset_count)); + + return 12; +} + +static NTSTATUS rpc_sh_acct_set_resetduration(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_resetduration); +} + +static int account_set_minpwage(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + unix_to_nt_time_abs(&i1->min_passwordage, atoi(argv[0])); + d_printf("Setting minimum password age to %d seconds\n", + (int)nt_time_to_unix_abs(&i1->min_passwordage)); + + return 1; +} + +static NTSTATUS rpc_sh_acct_set_minpwage(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_minpwage); +} + +static int account_set_maxpwage(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + unix_to_nt_time_abs(&i1->expire, atoi(argv[0])); + d_printf("Setting maximum password age to %d seconds\n", + (int)nt_time_to_unix_abs(&i1->expire)); + + return 1; +} + +static NTSTATUS rpc_sh_acct_set_maxpwage(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_maxpwage); +} + +static int account_set_minpwlen(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + i1->min_length_password = atoi(argv[0]); + d_printf("Setting minimum password length to %d\n", + i1->min_length_password); + + return 1; +} + +static NTSTATUS rpc_sh_acct_set_minpwlen(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_minpwlen); +} + +static int account_set_pwhistlen(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3, + SAM_UNK_INFO_12 *i12, + int argc, const char **argv) +{ + if (argc != 1) { + d_fprintf(stderr, "usage: %s <count>\n", ctx->whoami); + return -1; + } + + i1->password_history = atoi(argv[0]); + d_printf("Setting password history length to %d\n", + i1->password_history); + + return 1; +} + +static NTSTATUS rpc_sh_acct_set_pwhistlen(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx, + struct rpc_pipe_client *pipe_hnd, + int argc, const char **argv) +{ + return rpc_sh_acct_do(mem_ctx, ctx, pipe_hnd, argc, argv, + account_set_pwhistlen); +} + +struct rpc_sh_cmd *net_rpc_acct_cmds(TALLOC_CTX *mem_ctx, + struct rpc_sh_ctx *ctx) +{ + static struct rpc_sh_cmd cmds[9] = { + { "show", NULL, PI_SAMR, rpc_sh_acct_pol_show, + "Show current account policy settings" }, + { "badpw", NULL, PI_SAMR, rpc_sh_acct_set_badpw, + "Set bad password count before lockout" }, + { "lockduration", NULL, PI_SAMR, rpc_sh_acct_set_lockduration, + "Set account lockout duration" }, + { "resetduration", NULL, PI_SAMR, + rpc_sh_acct_set_resetduration, + "Set bad password count reset duration" }, + { "minpwage", NULL, PI_SAMR, rpc_sh_acct_set_minpwage, + "Set minimum password age" }, + { "maxpwage", NULL, PI_SAMR, rpc_sh_acct_set_maxpwage, + "Set maximum password age" }, + { "minpwlen", NULL, PI_SAMR, rpc_sh_acct_set_minpwlen, + "Set minimum password length" }, + { "pwhistlen", NULL, PI_SAMR, rpc_sh_acct_set_pwhistlen, + "Set the password history length" }, + { NULL, NULL, 0, NULL, NULL } + }; + + return cmds; +} diff --git a/source/utils/net_rpc_shell.c b/source/utils/net_rpc_shell.c index 2e1f65fe6c4..0e17cd6843d 100644 --- a/source/utils/net_rpc_shell.c +++ b/source/utils/net_rpc_shell.c @@ -233,6 +233,9 @@ int net_rpc_shell(int argc, const char **argv) } ret = poptParseArgvString(line, &argc, &argv); + if (ret == POPT_ERROR_NOARG) { + continue; + } if (ret != 0) { d_fprintf(stderr, "cmdline invalid: %s\n", poptStrerror(ret)); @@ -252,7 +255,7 @@ int net_rpc_shell(int argc, const char **argv) return 0; } -static struct rpc_sh_cmd sh_cmds[5] = { +static struct rpc_sh_cmd sh_cmds[6] = { { "info", NULL, PI_SAMR, rpc_sh_info, "Print information about the domain connected to" }, @@ -266,5 +269,8 @@ static struct rpc_sh_cmd sh_cmds[5] = { { "user", net_rpc_user_cmds, 0, NULL, "List/Add/Remove user info" }, + { "account", net_rpc_acct_cmds, 0, NULL, + "Show/Change account policy settings" }, + { NULL, NULL, 0, NULL, NULL } }; |