2009-06-12 17:20:48 +04:00
/*
2003-08-13 05:53:07 +04:00
Unix SMB / CIFS implementation .
2009-06-12 17:20:48 +04:00
helper mapping functions for the UF and ACB flags
2003-08-13 05:53:07 +04:00
Copyright ( C ) Stefan ( metze ) Metzmacher 2002
2004-05-15 11:51:38 +04:00
Copyright ( C ) Andrew Tridgell 2004
2010-09-12 20:00:21 +04:00
Copyright ( C ) Matthias Dieter Wallnöfer 2010
2009-06-12 17:20:48 +04:00
2003-08-13 05:53:07 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-08-13 05:53:07 +04:00
( at your option ) any later version .
2009-06-12 17:20:48 +04:00
2003-08-13 05:53:07 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-06-12 17:20:48 +04:00
2003-08-13 05:53:07 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-08-13 05:53:07 +04:00
*/
2022-12-12 23:02:29 +03:00
# include "replace.h"
# include "lib/util/data_blob.h"
# include "lib/util/time.h"
# include "lib/util/debug.h"
2006-03-16 03:23:11 +03:00
# include "librpc/gen_ndr/samr.h"
2009-06-12 16:27:19 +04:00
# include "../libds/common/flags.h"
2011-02-24 03:23:53 +03:00
# include "flag_mapping.h"
2003-08-13 05:53:07 +04:00
2009-06-12 17:20:48 +04:00
/*
translated the ACB_CTRL Flags to UserFlags ( userAccountControl )
*/
2004-05-15 11:51:38 +04:00
/* mapping between ADS userAccountControl and SAMR acct_flags */
static const struct {
2004-05-25 20:24:13 +04:00
uint32_t uf ;
2006-03-15 14:56:58 +03:00
uint32_t acb ;
2004-05-15 11:51:38 +04:00
} acct_flags_map [ ] = {
{ UF_ACCOUNTDISABLE , ACB_DISABLED } ,
{ UF_HOMEDIR_REQUIRED , ACB_HOMDIRREQ } ,
{ UF_PASSWD_NOTREQD , ACB_PWNOTREQ } ,
{ UF_TEMP_DUPLICATE_ACCOUNT , ACB_TEMPDUP } ,
{ UF_NORMAL_ACCOUNT , ACB_NORMAL } ,
{ UF_MNS_LOGON_ACCOUNT , ACB_MNS } ,
{ UF_INTERDOMAIN_TRUST_ACCOUNT , ACB_DOMTRUST } ,
{ UF_WORKSTATION_TRUST_ACCOUNT , ACB_WSTRUST } ,
{ UF_SERVER_TRUST_ACCOUNT , ACB_SVRTRUST } ,
{ UF_DONT_EXPIRE_PASSWD , ACB_PWNOEXP } ,
2006-03-22 13:22:46 +03:00
{ UF_LOCKOUT , ACB_AUTOLOCK } ,
{ UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED , ACB_ENC_TXT_PWD_ALLOWED } ,
{ UF_SMARTCARD_REQUIRED , ACB_SMARTCARD_REQUIRED } ,
{ UF_TRUSTED_FOR_DELEGATION , ACB_TRUSTED_FOR_DELEGATION } ,
{ UF_NOT_DELEGATED , ACB_NOT_DELEGATED } ,
{ UF_USE_DES_KEY_ONLY , ACB_USE_DES_KEY_ONLY } ,
{ UF_DONT_REQUIRE_PREAUTH , ACB_DONT_REQUIRE_PREAUTH } ,
{ UF_PASSWORD_EXPIRED , ACB_PW_EXPIRED } ,
2010-09-29 10:18:47 +04:00
{ UF_NO_AUTH_DATA_REQUIRED , ACB_NO_AUTH_DATA_REQD } ,
{ UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION , ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION } ,
{ UF_PARTIAL_SECRETS_ACCOUNT , ACB_PARTIAL_SECRETS_ACCOUNT } ,
{ UF_USE_AES_KEYS , ACB_USE_AES_KEYS }
2004-05-15 11:51:38 +04:00
} ;
2003-08-13 05:53:07 +04:00
2009-06-12 17:20:48 +04:00
uint32_t ds_acb2uf ( uint32_t acb )
2004-05-15 11:51:38 +04:00
{
2010-09-12 19:49:47 +04:00
unsigned int i ;
uint32_t ret = 0 ;
2004-05-15 11:51:38 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( acct_flags_map ) ; i + + ) {
if ( acct_flags_map [ i ] . acb & acb ) {
ret | = acct_flags_map [ i ] . uf ;
}
}
return ret ;
2003-08-13 05:53:07 +04:00
}
/*
translated the UserFlags ( userAccountControl ) to ACB_CTRL Flags
*/
2009-06-12 17:20:48 +04:00
uint32_t ds_uf2acb ( uint32_t uf )
2003-08-13 05:53:07 +04:00
{
2010-09-12 19:49:47 +04:00
unsigned int i ;
2006-03-15 14:56:58 +03:00
uint32_t ret = 0 ;
2004-05-15 11:51:38 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( acct_flags_map ) ; i + + ) {
if ( acct_flags_map [ i ] . uf & uf ) {
ret | = acct_flags_map [ i ] . acb ;
}
2003-08-13 05:53:07 +04:00
}
2004-05-15 11:51:38 +04:00
return ret ;
2003-08-13 05:53:07 +04:00
}
2009-06-12 17:20:48 +04:00
/*
2003-08-13 05:53:07 +04:00
get the accountType from the UserFlags
*/
2009-06-12 17:20:48 +04:00
uint32_t ds_uf2atype ( uint32_t uf )
2003-08-13 05:53:07 +04:00
{
2004-05-25 20:24:13 +04:00
uint32_t atype = 0x00000000 ;
2009-06-12 17:20:48 +04:00
2003-08-13 05:53:07 +04:00
if ( uf & UF_NORMAL_ACCOUNT ) atype = ATYPE_NORMAL_ACCOUNT ;
else if ( uf & UF_TEMP_DUPLICATE_ACCOUNT ) atype = ATYPE_NORMAL_ACCOUNT ;
else if ( uf & UF_SERVER_TRUST_ACCOUNT ) atype = ATYPE_WORKSTATION_TRUST ;
else if ( uf & UF_WORKSTATION_TRUST_ACCOUNT ) atype = ATYPE_WORKSTATION_TRUST ;
else if ( uf & UF_INTERDOMAIN_TRUST_ACCOUNT ) atype = ATYPE_INTERDOMAIN_TRUST ;
return atype ;
2009-06-12 17:20:48 +04:00
}
2003-08-13 05:53:07 +04:00
2009-06-12 17:20:48 +04:00
/*
2003-08-13 05:53:07 +04:00
get the accountType from the groupType
*/
2009-06-12 17:20:48 +04:00
uint32_t ds_gtype2atype ( uint32_t gtype )
2003-08-13 05:53:07 +04:00
{
2004-05-25 20:24:13 +04:00
uint32_t atype = 0x00000000 ;
2009-06-12 17:20:48 +04:00
2003-08-13 05:53:07 +04:00
switch ( gtype ) {
case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP :
atype = ATYPE_SECURITY_LOCAL_GROUP ;
break ;
2009-09-13 13:01:44 +04:00
case GTYPE_SECURITY_GLOBAL_GROUP :
atype = ATYPE_SECURITY_GLOBAL_GROUP ;
break ;
2003-08-13 05:53:07 +04:00
case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP :
atype = ATYPE_SECURITY_LOCAL_GROUP ;
break ;
2009-09-13 13:01:44 +04:00
case GTYPE_SECURITY_UNIVERSAL_GROUP :
atype = ATYPE_SECURITY_UNIVERSAL_GROUP ;
2003-08-13 05:53:07 +04:00
break ;
2009-06-12 17:20:48 +04:00
2003-08-13 05:53:07 +04:00
case GTYPE_DISTRIBUTION_GLOBAL_GROUP :
atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP ;
break ;
case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP :
2009-09-13 13:01:44 +04:00
atype = ATYPE_DISTRIBUTION_LOCAL_GROUP ;
2003-08-13 05:53:07 +04:00
break ;
case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP :
2009-09-13 13:01:44 +04:00
atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ;
2003-08-13 05:53:07 +04:00
break ;
}
return atype ;
}
/* turn a sAMAccountType into a SID_NAME_USE */
2009-06-12 17:20:48 +04:00
enum lsa_SidType ds_atype_map ( uint32_t atype )
2003-08-13 05:53:07 +04:00
{
switch ( atype & 0xF0000000 ) {
case ATYPE_GLOBAL_GROUP :
return SID_NAME_DOM_GRP ;
2004-02-01 14:26:25 +03:00
case ATYPE_SECURITY_LOCAL_GROUP :
return SID_NAME_ALIAS ;
2003-08-13 05:53:07 +04:00
case ATYPE_ACCOUNT :
return SID_NAME_USER ;
default :
DEBUG ( 1 , ( " hmm, need to map account type 0x%x \n " , atype ) ) ;
}
return SID_NAME_UNKNOWN ;
}
2010-09-12 20:00:21 +04:00
/* get the default primary group RID for a given userAccountControl
2011-03-01 00:04:29 +03:00
* ( information according to MS - SAMR 3.1 .1 .8 .1 ) */
2010-09-12 20:00:21 +04:00
uint32_t ds_uf2prim_group_rid ( uint32_t uf )
{
uint32_t prim_group_rid = DOMAIN_RID_USERS ;
2010-09-15 15:36:04 +04:00
if ( ( uf & UF_PARTIAL_SECRETS_ACCOUNT )
& & ( uf & UF_WORKSTATION_TRUST_ACCOUNT ) ) prim_group_rid = DOMAIN_RID_READONLY_DCS ;
else if ( uf & UF_SERVER_TRUST_ACCOUNT ) prim_group_rid = DOMAIN_RID_DCS ;
2010-09-12 20:00:21 +04:00
else if ( uf & UF_WORKSTATION_TRUST_ACCOUNT ) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS ;
return prim_group_rid ;
}
2021-08-30 04:03:15 +03:00
const char * dsdb_user_account_control_flag_bit_to_string ( uint32_t uf )
{
2022-12-12 23:20:07 +03:00
switch ( uf ) {
case UF_SCRIPT :
return " UF_SCRIPT " ;
break ;
case UF_ACCOUNTDISABLE :
return " UF_ACCOUNTDISABLE " ;
break ;
case UF_00000004 :
return " UF_00000004 " ;
break ;
case UF_HOMEDIR_REQUIRED :
return " UF_HOMEDIR_REQUIRED " ;
break ;
case UF_LOCKOUT :
return " UF_LOCKOUT " ;
break ;
case UF_PASSWD_NOTREQD :
return " UF_PASSWD_NOTREQD " ;
break ;
case UF_PASSWD_CANT_CHANGE :
return " UF_PASSWD_CANT_CHANGE " ;
break ;
case UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED :
return " UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED " ;
break ;
case UF_TEMP_DUPLICATE_ACCOUNT :
return " UF_TEMP_DUPLICATE_ACCOUNT " ;
break ;
case UF_NORMAL_ACCOUNT :
return " UF_NORMAL_ACCOUNT " ;
break ;
case UF_00000400 :
return " UF_00000400 " ;
break ;
case UF_INTERDOMAIN_TRUST_ACCOUNT :
return " UF_INTERDOMAIN_TRUST_ACCOUNT " ;
break ;
case UF_WORKSTATION_TRUST_ACCOUNT :
return " UF_WORKSTATION_TRUST_ACCOUNT " ;
break ;
case UF_SERVER_TRUST_ACCOUNT :
return " UF_SERVER_TRUST_ACCOUNT " ;
break ;
case UF_00004000 :
return " UF_00004000 " ;
break ;
case UF_00008000 :
return " UF_00008000 " ;
break ;
case UF_DONT_EXPIRE_PASSWD :
return " UF_DONT_EXPIRE_PASSWD " ;
break ;
case UF_MNS_LOGON_ACCOUNT :
return " UF_MNS_LOGON_ACCOUNT " ;
break ;
case UF_SMARTCARD_REQUIRED :
return " UF_SMARTCARD_REQUIRED " ;
break ;
case UF_TRUSTED_FOR_DELEGATION :
return " UF_TRUSTED_FOR_DELEGATION " ;
break ;
case UF_NOT_DELEGATED :
return " UF_NOT_DELEGATED " ;
break ;
case UF_USE_DES_KEY_ONLY :
return " UF_USE_DES_KEY_ONLY " ;
break ;
case UF_DONT_REQUIRE_PREAUTH :
return " UF_DONT_REQUIRE_PREAUTH " ;
break ;
case UF_PASSWORD_EXPIRED :
return " UF_PASSWORD_EXPIRED " ;
break ;
case UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION :
return " UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION " ;
break ;
case UF_NO_AUTH_DATA_REQUIRED :
return " UF_NO_AUTH_DATA_REQUIRED " ;
break ;
case UF_PARTIAL_SECRETS_ACCOUNT :
return " UF_PARTIAL_SECRETS_ACCOUNT " ;
break ;
case UF_USE_AES_KEYS :
return " UF_USE_AES_KEYS " ;
break ;
default :
break ;
2021-08-30 04:03:15 +03:00
}
return NULL ;
}
