Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : helper mapping functions for the UF and ACB flags
4 :
5 : Copyright (C) Stefan (metze) Metzmacher 2002
6 : Copyright (C) Andrew Tridgell 2004
7 : Copyright (C) Matthias Dieter Wallnöfer 2010
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "replace.h"
24 : #include "lib/util/data_blob.h"
25 : #include "lib/util/time.h"
26 : #include "lib/util/debug.h"
27 : #include "librpc/gen_ndr/samr.h"
28 : #include "../libds/common/flags.h"
29 : #include "flag_mapping.h"
30 :
31 : /*
32 : translated the ACB_CTRL Flags to UserFlags (userAccountControl)
33 : */
34 : /* mapping between ADS userAccountControl and SAMR acct_flags */
35 : static const struct {
36 : uint32_t uf;
37 : uint32_t acb;
38 : } acct_flags_map[] = {
39 : { UF_ACCOUNTDISABLE, ACB_DISABLED },
40 : { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
41 : { UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
42 : { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
43 : { UF_NORMAL_ACCOUNT, ACB_NORMAL },
44 : { UF_MNS_LOGON_ACCOUNT, ACB_MNS },
45 : { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
46 : { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
47 : { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
48 : { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
49 : { UF_LOCKOUT, ACB_AUTOLOCK },
50 : { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
51 : { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
52 : { UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
53 : { UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
54 : { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
55 : { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
56 : { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
57 : { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
58 : { UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
59 : { UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
60 : { UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
61 : };
62 :
63 1371 : uint32_t ds_acb2uf(uint32_t acb)
64 : {
65 : unsigned int i;
66 1371 : uint32_t ret = 0;
67 31533 : for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
68 30162 : if (acct_flags_map[i].acb & acb) {
69 1332 : ret |= acct_flags_map[i].uf;
70 : }
71 : }
72 1371 : return ret;
73 : }
74 :
75 : /*
76 : translated the UserFlags (userAccountControl) to ACB_CTRL Flags
77 : */
78 333188 : uint32_t ds_uf2acb(uint32_t uf)
79 : {
80 : unsigned int i;
81 333188 : uint32_t ret = 0;
82 7663324 : for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
83 7330136 : if (acct_flags_map[i].uf & uf) {
84 209201 : ret |= acct_flags_map[i].acb;
85 : }
86 : }
87 333188 : return ret;
88 : }
89 :
90 : /*
91 : get the accountType from the UserFlags
92 : */
93 50063 : uint32_t ds_uf2atype(uint32_t uf)
94 : {
95 50063 : uint32_t atype = 0x00000000;
96 :
97 50063 : if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
98 4414 : else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
99 4414 : else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
100 2907 : else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
101 70 : else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST;
102 :
103 50063 : return atype;
104 : }
105 :
106 : /*
107 : get the accountType from the groupType
108 : */
109 6158 : uint32_t ds_gtype2atype(uint32_t gtype)
110 : {
111 6158 : uint32_t atype = 0x00000000;
112 :
113 6158 : switch(gtype) {
114 1596 : case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
115 1596 : atype = ATYPE_SECURITY_LOCAL_GROUP;
116 1596 : break;
117 2284 : case GTYPE_SECURITY_GLOBAL_GROUP:
118 2284 : atype = ATYPE_SECURITY_GLOBAL_GROUP;
119 2284 : break;
120 885 : case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
121 885 : atype = ATYPE_SECURITY_LOCAL_GROUP;
122 885 : break;
123 289 : case GTYPE_SECURITY_UNIVERSAL_GROUP:
124 289 : atype = ATYPE_SECURITY_UNIVERSAL_GROUP;
125 289 : break;
126 :
127 13 : case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
128 13 : atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
129 13 : break;
130 1072 : case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
131 1072 : atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
132 1072 : break;
133 16 : case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
134 16 : atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
135 16 : break;
136 : }
137 :
138 6158 : return atype;
139 : }
140 :
141 : /* turn a sAMAccountType into a SID_NAME_USE */
142 27722 : enum lsa_SidType ds_atype_map(uint32_t atype)
143 : {
144 27722 : switch (atype & 0xF0000000) {
145 439 : case ATYPE_GLOBAL_GROUP:
146 439 : return SID_NAME_DOM_GRP;
147 23269 : case ATYPE_SECURITY_LOCAL_GROUP:
148 23269 : return SID_NAME_ALIAS;
149 4014 : case ATYPE_ACCOUNT:
150 4014 : return SID_NAME_USER;
151 0 : default:
152 0 : DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
153 : }
154 0 : return SID_NAME_UNKNOWN;
155 : }
156 :
157 : /* get the default primary group RID for a given userAccountControl
158 : * (information according to MS-SAMR 3.1.1.8.1) */
159 49986 : uint32_t ds_uf2prim_group_rid(uint32_t uf)
160 : {
161 49986 : uint32_t prim_group_rid = DOMAIN_RID_USERS;
162 :
163 49986 : if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
164 425 : && (uf & UF_WORKSTATION_TRUST_ACCOUNT)) prim_group_rid = DOMAIN_RID_READONLY_DCS;
165 49561 : else if (uf & UF_SERVER_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DCS;
166 48054 : else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
167 :
168 49986 : return prim_group_rid;
169 : }
170 :
171 617 : const char *dsdb_user_account_control_flag_bit_to_string(uint32_t uf)
172 : {
173 617 : switch (uf) {
174 1 : case UF_SCRIPT:
175 1 : return "UF_SCRIPT";
176 : break;
177 1 : case UF_ACCOUNTDISABLE:
178 1 : return "UF_ACCOUNTDISABLE";
179 : break;
180 1 : case UF_00000004:
181 1 : return "UF_00000004";
182 : break;
183 1 : case UF_HOMEDIR_REQUIRED:
184 1 : return "UF_HOMEDIR_REQUIRED";
185 : break;
186 1 : case UF_LOCKOUT:
187 1 : return "UF_LOCKOUT";
188 : break;
189 1 : case UF_PASSWD_NOTREQD:
190 1 : return "UF_PASSWD_NOTREQD";
191 : break;
192 1 : case UF_PASSWD_CANT_CHANGE:
193 1 : return "UF_PASSWD_CANT_CHANGE";
194 : break;
195 1 : case UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED:
196 1 : return "UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED";
197 : break;
198 :
199 1 : case UF_TEMP_DUPLICATE_ACCOUNT:
200 1 : return "UF_TEMP_DUPLICATE_ACCOUNT";
201 : break;
202 211 : case UF_NORMAL_ACCOUNT:
203 211 : return "UF_NORMAL_ACCOUNT";
204 : break;
205 1 : case UF_00000400:
206 1 : return "UF_00000400";
207 : break;
208 1 : case UF_INTERDOMAIN_TRUST_ACCOUNT:
209 1 : return "UF_INTERDOMAIN_TRUST_ACCOUNT";
210 : break;
211 :
212 161 : case UF_WORKSTATION_TRUST_ACCOUNT:
213 161 : return "UF_WORKSTATION_TRUST_ACCOUNT";
214 : break;
215 160 : case UF_SERVER_TRUST_ACCOUNT:
216 160 : return "UF_SERVER_TRUST_ACCOUNT";
217 : break;
218 1 : case UF_00004000:
219 1 : return "UF_00004000";
220 : break;
221 1 : case UF_00008000:
222 1 : return "UF_00008000";
223 : break;
224 :
225 1 : case UF_DONT_EXPIRE_PASSWD:
226 1 : return "UF_DONT_EXPIRE_PASSWD";
227 : break;
228 1 : case UF_MNS_LOGON_ACCOUNT:
229 1 : return "UF_MNS_LOGON_ACCOUNT";
230 : break;
231 1 : case UF_SMARTCARD_REQUIRED:
232 1 : return "UF_SMARTCARD_REQUIRED";
233 : break;
234 1 : case UF_TRUSTED_FOR_DELEGATION:
235 1 : return "UF_TRUSTED_FOR_DELEGATION";
236 : break;
237 :
238 1 : case UF_NOT_DELEGATED:
239 1 : return "UF_NOT_DELEGATED";
240 : break;
241 1 : case UF_USE_DES_KEY_ONLY:
242 1 : return "UF_USE_DES_KEY_ONLY";
243 : break;
244 1 : case UF_DONT_REQUIRE_PREAUTH:
245 1 : return "UF_DONT_REQUIRE_PREAUTH";
246 : break;
247 1 : case UF_PASSWORD_EXPIRED:
248 1 : return "UF_PASSWORD_EXPIRED";
249 : break;
250 1 : case UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION:
251 1 : return "UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION";
252 : break;
253 1 : case UF_NO_AUTH_DATA_REQUIRED:
254 1 : return "UF_NO_AUTH_DATA_REQUIRED";
255 : break;
256 57 : case UF_PARTIAL_SECRETS_ACCOUNT:
257 57 : return "UF_PARTIAL_SECRETS_ACCOUNT";
258 : break;
259 1 : case UF_USE_AES_KEYS:
260 1 : return "UF_USE_AES_KEYS";
261 : break;
262 4 : default:
263 4 : break;
264 : }
265 4 : return NULL;
266 : }
|
