1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/libds/common/flag_mapping.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

239 lines
6.7 KiB
C
Raw Normal View History

/*
Unix SMB/CIFS implementation.
helper mapping functions for the UF and ACB flags
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Andrew Tridgell 2004
Copyright (C) Matthias Dieter Wallnöfer 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "replace.h"
#include "lib/util/data_blob.h"
#include "lib/util/time.h"
#include "lib/util/debug.h"
#include "librpc/gen_ndr/samr.h"
#include "../libds/common/flags.h"
#include "flag_mapping.h"
/*
translated the ACB_CTRL Flags to UserFlags (userAccountControl)
*/
/* mapping between ADS userAccountControl and SAMR acct_flags */
static const struct {
uint32_t uf;
uint32_t acb;
} acct_flags_map[] = {
{ UF_ACCOUNTDISABLE, ACB_DISABLED },
{ UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
{ UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
{ UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
{ UF_NORMAL_ACCOUNT, ACB_NORMAL },
{ UF_MNS_LOGON_ACCOUNT, ACB_MNS },
{ UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
{ UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
{ UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
{ UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
{ UF_LOCKOUT, ACB_AUTOLOCK },
{ UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
{ UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
{ UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
{ UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
{ UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
{ UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
{ UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
{ UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
{ UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
{ UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
{ UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
};
uint32_t ds_acb2uf(uint32_t acb)
{
unsigned int i;
uint32_t ret = 0;
for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
if (acct_flags_map[i].acb & acb) {
ret |= acct_flags_map[i].uf;
}
}
return ret;
}
/*
translated the UserFlags (userAccountControl) to ACB_CTRL Flags
*/
uint32_t ds_uf2acb(uint32_t uf)
{
unsigned int i;
uint32_t ret = 0;
for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
if (acct_flags_map[i].uf & uf) {
ret |= acct_flags_map[i].acb;
}
}
return ret;
}
/*
get the accountType from the UserFlags
*/
uint32_t ds_uf2atype(uint32_t uf)
{
uint32_t atype = 0x00000000;
if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST;
return atype;
}
/*
get the accountType from the groupType
*/
uint32_t ds_gtype2atype(uint32_t gtype)
{
uint32_t atype = 0x00000000;
switch(gtype) {
case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
atype = ATYPE_SECURITY_LOCAL_GROUP;
break;
case GTYPE_SECURITY_GLOBAL_GROUP:
atype = ATYPE_SECURITY_GLOBAL_GROUP;
break;
case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
atype = ATYPE_SECURITY_LOCAL_GROUP;
break;
case GTYPE_SECURITY_UNIVERSAL_GROUP:
atype = ATYPE_SECURITY_UNIVERSAL_GROUP;
break;
case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
break;
case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
break;
case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
break;
}
return atype;
}
/* turn a sAMAccountType into a SID_NAME_USE */
enum lsa_SidType ds_atype_map(uint32_t atype)
{
switch (atype & 0xF0000000) {
case ATYPE_GLOBAL_GROUP:
return SID_NAME_DOM_GRP;
case ATYPE_SECURITY_LOCAL_GROUP:
return SID_NAME_ALIAS;
case ATYPE_ACCOUNT:
return SID_NAME_USER;
default:
DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
}
return SID_NAME_UNKNOWN;
}
/* get the default primary group RID for a given userAccountControl
* (information according to MS-SAMR 3.1.1.8.1) */
uint32_t ds_uf2prim_group_rid(uint32_t uf)
{
uint32_t prim_group_rid = DOMAIN_RID_USERS;
if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
&& (uf & UF_WORKSTATION_TRUST_ACCOUNT)) prim_group_rid = DOMAIN_RID_READONLY_DCS;
else if (uf & UF_SERVER_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DCS;
else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
return prim_group_rid;
}
const char *dsdb_user_account_control_flag_bit_to_string(uint32_t uf)
{
switch (uf) {
case UF_SCRIPT:
return "UF_SCRIPT";
case UF_ACCOUNTDISABLE:
return "UF_ACCOUNTDISABLE";
case UF_00000004:
return "UF_00000004";
case UF_HOMEDIR_REQUIRED:
return "UF_HOMEDIR_REQUIRED";
case UF_LOCKOUT:
return "UF_LOCKOUT";
case UF_PASSWD_NOTREQD:
return "UF_PASSWD_NOTREQD";
case UF_PASSWD_CANT_CHANGE:
return "UF_PASSWD_CANT_CHANGE";
case UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED:
return "UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED";
case UF_TEMP_DUPLICATE_ACCOUNT:
return "UF_TEMP_DUPLICATE_ACCOUNT";
case UF_NORMAL_ACCOUNT:
return "UF_NORMAL_ACCOUNT";
case UF_00000400:
return "UF_00000400";
case UF_INTERDOMAIN_TRUST_ACCOUNT:
return "UF_INTERDOMAIN_TRUST_ACCOUNT";
case UF_WORKSTATION_TRUST_ACCOUNT:
return "UF_WORKSTATION_TRUST_ACCOUNT";
case UF_SERVER_TRUST_ACCOUNT:
return "UF_SERVER_TRUST_ACCOUNT";
case UF_00004000:
return "UF_00004000";
case UF_00008000:
return "UF_00008000";
case UF_DONT_EXPIRE_PASSWD:
return "UF_DONT_EXPIRE_PASSWD";
case UF_MNS_LOGON_ACCOUNT:
return "UF_MNS_LOGON_ACCOUNT";
case UF_SMARTCARD_REQUIRED:
return "UF_SMARTCARD_REQUIRED";
case UF_TRUSTED_FOR_DELEGATION:
return "UF_TRUSTED_FOR_DELEGATION";
case UF_NOT_DELEGATED:
return "UF_NOT_DELEGATED";
case UF_USE_DES_KEY_ONLY:
return "UF_USE_DES_KEY_ONLY";
case UF_DONT_REQUIRE_PREAUTH:
return "UF_DONT_REQUIRE_PREAUTH";
case UF_PASSWORD_EXPIRED:
return "UF_PASSWORD_EXPIRED";
case UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION:
return "UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION";
case UF_NO_AUTH_DATA_REQUIRED:
return "UF_NO_AUTH_DATA_REQUIRED";
case UF_PARTIAL_SECRETS_ACCOUNT:
return "UF_PARTIAL_SECRETS_ACCOUNT";
case UF_USE_AES_KEYS:
return "UF_USE_AES_KEYS";
default:
break;
}
return NULL;
}