diff options
| author | Günther Deschner <gd@samba.org> | 2004-12-20 12:52:33 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:41 -0500 |
| commit | 111f62c00c31ac98d50c0a01e31cb1d44082be29 (patch) | |
| tree | 8d21e9d0d53e81c2e50a57e1718a41cfe76d2e31 /source3/utils/net_rpc_samsync.c | |
| parent | 992ad2848522e5219291d6b9b7a6be982c147a12 (diff) | |
| download | samba-111f62c00c31ac98d50c0a01e31cb1d44082be29.tar.gz samba-111f62c00c31ac98d50c0a01e31cb1d44082be29.tar.bz2 samba-111f62c00c31ac98d50c0a01e31cb1d44082be29.zip | |
r4287: Vampire SAM_DELTA_DOMAIN_INFO.
Based on samba4-idl. The decoding of account-lockout-string is somewhat
experimental though.
Guenther
(This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
Diffstat (limited to 'source3/utils/net_rpc_samsync.c')
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 114 |
1 files changed, 112 insertions, 2 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d7af528ff1..3c98ec9e71 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -36,6 +36,45 @@ static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) d_printf("\n"); } + +static const char *display_time(NTTIME *nttime) +{ + static fstring string; + + float high; + float low; + int sec; + int days, hours, mins, secs; + int offset = 1; + + if (nttime->high==0 && nttime->low==0) + return "Now"; + + if (nttime->high==0x80000000 && nttime->low==0) + return "Never"; + + high = 65536; + high = high/10000; + high = high*65536; + high = high/1000; + high = high * (~nttime->high); + + low = ~nttime->low; + low = low/(1000*1000*10); + + sec=high+low; + sec+=offset; + + days=sec/(60*60*24); + hours=(sec - (days*60*60*24)) / (60*60); + mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60; + secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60); + + fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs); + return (string); +} + + static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) { d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); @@ -81,7 +120,25 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) static void display_domain_info(SAM_DOMAIN_INFO *a) { + time_t u_logout; + + u_logout = nt_time_to_unix_abs((NTTIME *)&a->force_logoff); + d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); + + d_printf("Minimal Password Length: %d\n", a->min_pwd_len); + d_printf("Password History Length: %d\n", a->pwd_history_len); + + d_printf("Force Logoff: %d\n", (int)u_logout); + + d_printf("Max Password Age: %s\n", display_time((NTTIME *)&a->max_pwd_age)); + d_printf("Min Password Age: %s\n", display_time((NTTIME *)&a->min_pwd_age)); + + d_printf("Lockout Time: %s\n", display_time((NTTIME *)&a->account_lockout.lockout_duration)); + d_printf("Lockout Reset Time: %s\n", display_time((NTTIME *)&a->account_lockout.reset_count)); + + d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); + d_printf("User must logon to change password: %d\n", a->logon_chgpass); } static void display_group_info(uint32 rid, SAM_GROUP_INFO *a) @@ -897,6 +954,58 @@ fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) return NT_STATUS_OK; } +static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) +{ + time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + pstring domname; + + u_max_age = nt_time_to_unix_abs((NTTIME *)&delta->max_pwd_age); + u_min_age = nt_time_to_unix_abs((NTTIME *)&delta->min_pwd_age); + u_logout = nt_time_to_unix_abs((NTTIME *)&delta->force_logoff); + u_lockoutreset = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.reset_count); + u_lockouttime = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.lockout_duration); + + unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname) - 1); + + /* we don't handle BUILTIN account policies */ + if (!strequal(domname, get_global_sam_name())) { + printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname); + return NT_STATUS_OK; + } + + + if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + return nt_status; + + if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + return nt_status; + + if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + return nt_status; + + if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + return nt_status; + + if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + return nt_status; + + if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) + return nt_status; + + if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) + return nt_status; + + if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime/60)) + return nt_status; + + if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + return nt_status; + + return NT_STATUS_OK; +} + + static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, DOM_SID dom_sid) @@ -922,10 +1031,11 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, fetch_alias_mem(hdr_delta->target_rid, &delta->als_mem_info, dom_sid); break; - /* The following types are recognised but not handled */ case SAM_DELTA_DOMAIN_INFO: - d_printf("SAM_DELTA_DOMAIN_INFO not handled\n"); + fetch_domain_info(hdr_delta->target_rid, + &delta->domain_info); break; + /* The following types are recognised but not handled */ case SAM_DELTA_RENAME_GROUP: d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); break; |