From 111f62c00c31ac98d50c0a01e31cb1d44082be29 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 20 Dec 2004 12:52:33 +0000
Subject: r4287: Vampire SAM_DELTA_DOMAIN_INFO.

Based on samba4-idl. The decoding of account-lockout-string is somewhat
experimental though.

Guenther
(This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
---
 source3/utils/net_rpc_samsync.c | 114 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 112 insertions(+), 2 deletions(-)

(limited to 'source3/utils/net_rpc_samsync.c')

diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index d7af528ff1..3c98ec9e71 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -36,6 +36,45 @@ static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g)
 	d_printf("\n");
 }
 
+
+static const char *display_time(NTTIME *nttime)
+{
+	static fstring string;
+
+	float high;
+	float low;
+	int sec;
+	int days, hours, mins, secs;
+	int offset = 1;
+
+	if (nttime->high==0 && nttime->low==0)
+		return "Now";
+
+	if (nttime->high==0x80000000 && nttime->low==0)
+		return "Never";
+
+	high = 65536;	
+	high = high/10000;
+	high = high*65536;
+	high = high/1000;
+	high = high * (~nttime->high);
+
+	low = ~nttime->low;	
+	low = low/(1000*1000*10);
+
+	sec=high+low;
+	sec+=offset;
+
+	days=sec/(60*60*24);
+	hours=(sec - (days*60*60*24)) / (60*60);
+	mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
+	secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
+
+	fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
+	return (string);
+}
+
+
 static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a)
 {
 	d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name));
@@ -81,7 +120,25 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
 
 static void display_domain_info(SAM_DOMAIN_INFO *a)
 {
+	time_t u_logout;
+
+	u_logout = nt_time_to_unix_abs((NTTIME *)&a->force_logoff);
+
 	d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name));
+
+	d_printf("Minimal Password Length: %d\n", a->min_pwd_len);
+	d_printf("Password History Length: %d\n", a->pwd_history_len);
+
+	d_printf("Force Logoff: %d\n", (int)u_logout);
+
+	d_printf("Max Password Age: %s\n", display_time((NTTIME *)&a->max_pwd_age));
+	d_printf("Min Password Age: %s\n", display_time((NTTIME *)&a->min_pwd_age));
+
+	d_printf("Lockout Time: %s\n", display_time((NTTIME *)&a->account_lockout.lockout_duration));
+	d_printf("Lockout Reset Time: %s\n", display_time((NTTIME *)&a->account_lockout.reset_count));
+
+	d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout);
+	d_printf("User must logon to change password: %d\n", a->logon_chgpass);
 }
 
 static void display_group_info(uint32 rid, SAM_GROUP_INFO *a)
@@ -897,6 +954,58 @@ fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid)
 	return NT_STATUS_OK;
 }
 
+static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
+{
+	time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime;
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	pstring domname;
+
+	u_max_age = nt_time_to_unix_abs((NTTIME *)&delta->max_pwd_age);
+	u_min_age = nt_time_to_unix_abs((NTTIME *)&delta->min_pwd_age);
+	u_logout = nt_time_to_unix_abs((NTTIME *)&delta->force_logoff);
+	u_lockoutreset = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.reset_count);
+	u_lockouttime = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.lockout_duration);
+
+	unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname) - 1);
+
+	/* we don't handle BUILTIN account policies */	
+	if (!strequal(domname, get_global_sam_name())) {
+		printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname);
+		return NT_STATUS_OK;
+	}
+
+
+	if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len))
+		return nt_status;
+
+	if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len))
+		return nt_status;
+
+	if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
+		return nt_status;
+
+	if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
+		return nt_status;
+
+	if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout))
+		return nt_status;
+
+	if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout))
+		return nt_status;
+
+	if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60))
+		return nt_status;
+
+	if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime/60))
+		return nt_status;
+
+	if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass))
+		return nt_status;
+
+	return NT_STATUS_OK;
+}
+
+
 static void
 fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta,
 		DOM_SID dom_sid)
@@ -922,10 +1031,11 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta,
 		fetch_alias_mem(hdr_delta->target_rid,
 				&delta->als_mem_info, dom_sid);
 		break;
-	/* The following types are recognised but not handled */
 	case SAM_DELTA_DOMAIN_INFO:
-		d_printf("SAM_DELTA_DOMAIN_INFO not handled\n");
+		fetch_domain_info(hdr_delta->target_rid,
+				&delta->domain_info);
 		break;
+	/* The following types are recognised but not handled */
 	case SAM_DELTA_RENAME_GROUP:
 		d_printf("SAM_DELTA_RENAME_GROUP not handled\n");
 		break;
-- 
cgit