diff options
-rw-r--r-- | source3/include/rpc_samr.h | 4 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 44 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 9 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 120 |
4 files changed, 132 insertions, 45 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 62eb397925..a9e3e0a08d 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -468,9 +468,9 @@ SAMR_R_GET_USRDOM_PWINFO - a "set user info" occurs just after this /* SAMR_R_GET_USRDOM_PWINFO */ typedef struct r_samr_usrdom_pwinfo_info { - uint16 unknown_0; /* 0000 */ + uint16 min_pwd_length; uint16 unknown_1; /* 0x0016 or 0x0015 */ - uint32 unknown_2; /* 0x0000 0000 */ + uint32 password_properties; NTSTATUS status; } SAMR_R_GET_USRDOM_PWINFO; diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 8c59d2d3af..dd9a4ce67e 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -1880,6 +1880,50 @@ NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem return result; } +/* Get domain password info */ + +NTSTATUS rpccli_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 *min_pwd_length, + uint32 *password_properties, uint32 *unknown1) +{ + prs_struct qbuf, rbuf; + SAMR_Q_GET_USRDOM_PWINFO q; + SAMR_R_GET_USRDOM_PWINFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("cli_samr_get_usrdom_pwinfo\n")); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Marshall data and send request */ + + init_samr_q_get_usrdom_pwinfo(&q, pol); + + CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_GET_USRDOM_PWINFO, + q, r, + qbuf, rbuf, + samr_io_q_get_usrdom_pwinfo, + samr_io_r_get_usrdom_pwinfo, + NT_STATUS_UNSUCCESSFUL); + + /* Return output parameters */ + + result = r.status; + + if (NT_STATUS_IS_OK(result)) { + if (min_pwd_length) + *min_pwd_length = r.min_pwd_length; + if (password_properties) + *password_properties = r.password_properties; + if (unknown1) + *unknown1 = r.unknown_1; + } + + return result; +} + + /* Lookup Domain Name */ NTSTATUS rpccli_samr_lookup_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 711876639a..53c92acb43 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -344,7 +344,7 @@ void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS statu { DEBUG(5, ("init_samr_r_get_usrdom_pwinfo\n")); - r_u->unknown_0 = 0x0000; + r_u->min_pwd_length = 0x0000; /* * used to be @@ -354,7 +354,7 @@ void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS statu r_u->unknown_1 = 0x01D1; r_u->unknown_1 = 0x0015; - r_u->unknown_2 = 0x00000000; + r_u->password_properties = 0x00000000; r_u->status = status; } @@ -375,12 +375,13 @@ BOOL samr_io_r_get_usrdom_pwinfo(const char *desc, SAMR_R_GET_USRDOM_PWINFO * r_ if(!prs_align(ps)) return False; - if(!prs_uint16("unknown_0", ps, depth, &r_u->unknown_0)) + if(!prs_uint16("min_pwd_length", ps, depth, &r_u->min_pwd_length)) return False; if(!prs_uint16("unknown_1", ps, depth, &r_u->unknown_1)) return False; - if(!prs_uint32("unknown_2", ps, depth, &r_u->unknown_2)) + if(!prs_uint32("password_properties", ps, depth, &r_u->password_properties)) return False; + if(!prs_ntstatus("status ", ps, depth, &r_u->status)) return False; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 8dd711caa4..7f35db5b8d 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -149,33 +149,35 @@ static const char *display_time(NTTIME nttime) return (string); } -static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1) +static void display_password_properties(uint32 password_properties) { - - printf("Minimum password length:\t\t\t%d\n", info1->min_length_password); - printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history); - printf("Password Properties:\t\t\t\t0x%08x\n", info1->password_properties); - - if (info1->password_properties & DOMAIN_PASSWORD_COMPLEX) - printf("\tDOMAIN_PASSWORD_COMPLEX\n"); + printf("password_properties: 0x%08x\n", password_properties); + + if (password_properties & DOMAIN_PASSWORD_COMPLEX) + printf("\tDOMAIN_PASSWORD_COMPLEX\n"); - if (info1->password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE) { - printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n"); - printf("users must open a session to change password "); - } + if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE) + printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n"); - if (info1->password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE) - printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n"); + if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE) + printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n"); - if (info1->password_properties & DOMAIN_LOCKOUT_ADMINS) - printf("\tDOMAIN_LOCKOUT_ADMINS\n"); + if (password_properties & DOMAIN_LOCKOUT_ADMINS) + printf("\tDOMAIN_LOCKOUT_ADMINS\n"); - if (info1->password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT) - printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n"); + if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT) + printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n"); - if (info1->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE) - printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n"); + if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE) + printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n"); +} +static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1) +{ + + printf("Minimum password length:\t\t\t%d\n", info1->min_length_password); + printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history); + display_password_properties(info1->password_properties); printf("password expire in:\t\t\t\t%s\n", display_time(info1->expire)); printf("Min password age (allow changing in x days):\t%s\n", display_time(info1->min_passwordage)); } @@ -1829,6 +1831,63 @@ done: return result; } +static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + POLICY_HND connect_pol, domain_pol, user_pol; + uint16 min_pwd_length; + uint32 password_properties, unknown1, rid; + + if (argc != 2) { + printf("Usage: %s rid\n", argv[0]); + return NT_STATUS_OK; + } + + sscanf(argv[1], "%i", &rid); + + result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + rid, &user_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_get_usrdom_pwinfo(cli, mem_ctx, &user_pol, + &min_pwd_length, &password_properties, + &unknown1) ; + + if (NT_STATUS_IS_OK(result)) { + printf("min_pwd_length: %d\n", min_pwd_length); + printf("unknown1: %d\n", unknown1); + display_password_properties(password_properties); + } + + done: + rpccli_samr_close(cli, mem_ctx, &user_pol); + rpccli_samr_close(cli, mem_ctx, &domain_pol); + rpccli_samr_close(cli, mem_ctx, &connect_pol); + + return result; +} + + static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -1846,25 +1905,7 @@ static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, if (NT_STATUS_IS_OK(result)) { printf("min_pwd_length: %d\n", min_pwd_length); - printf("password_properties: 0x%08x\n", password_properties); - - if (password_properties & DOMAIN_PASSWORD_COMPLEX) - printf("\tDOMAIN_PASSWORD_COMPLEX\n"); - - if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE) - printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n"); - - if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE) - printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n"); - - if (password_properties & DOMAIN_LOCKOUT_ADMINS) - printf("\tDOMAIN_LOCKOUT_ADMINS\n"); - - if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT) - printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n"); - - if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE) - printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n"); + display_password_properties(password_properties); } return result; @@ -2019,6 +2060,7 @@ struct cmd_set samr_commands[] = { { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, PI_SAMR, NULL, "Delete domain user", "" }, { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, PI_SAMR, NULL, "Query SAMR security object", "" }, { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve domain password info", "" }, + { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" }, { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" }, { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" }, |