Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : helper mapping functions for the UF and ACB flags
4 :
5 : Copyright (C) Stefan (metze) Metzmacher 2002
6 : Copyright (C) Andrew Tridgell 2004
7 : Copyright (C) Matthias Dieter Wallnöfer 2010
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "librpc/gen_ndr/samr.h"
25 : #include "../libds/common/flags.h"
26 : #include "flag_mapping.h"
27 :
28 : /*
29 : translated the ACB_CTRL Flags to UserFlags (userAccountControl)
30 : */
31 : /* mapping between ADS userAccountControl and SAMR acct_flags */
32 : static const struct {
33 : uint32_t uf;
34 : uint32_t acb;
35 : } acct_flags_map[] = {
36 : { UF_ACCOUNTDISABLE, ACB_DISABLED },
37 : { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
38 : { UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
39 : { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
40 : { UF_NORMAL_ACCOUNT, ACB_NORMAL },
41 : { UF_MNS_LOGON_ACCOUNT, ACB_MNS },
42 : { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
43 : { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
44 : { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
45 : { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
46 : { UF_LOCKOUT, ACB_AUTOLOCK },
47 : { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
48 : { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
49 : { UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
50 : { UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
51 : { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
52 : { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
53 : { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
54 : { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
55 : { UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
56 : { UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
57 : { UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
58 : };
59 :
60 1370 : uint32_t ds_acb2uf(uint32_t acb)
61 : {
62 : unsigned int i;
63 1370 : uint32_t ret = 0;
64 31510 : for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
65 30140 : if (acct_flags_map[i].acb & acb) {
66 1332 : ret |= acct_flags_map[i].uf;
67 : }
68 : }
69 1370 : return ret;
70 : }
71 :
72 : /*
73 : translated the UserFlags (userAccountControl) to ACB_CTRL Flags
74 : */
75 315029 : uint32_t ds_uf2acb(uint32_t uf)
76 : {
77 : unsigned int i;
78 315029 : uint32_t ret = 0;
79 7245667 : for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
80 6930638 : if (acct_flags_map[i].uf & uf) {
81 199085 : ret |= acct_flags_map[i].acb;
82 : }
83 : }
84 315029 : return ret;
85 : }
86 :
87 : /*
88 : get the accountType from the UserFlags
89 : */
90 43288 : uint32_t ds_uf2atype(uint32_t uf)
91 : {
92 43288 : uint32_t atype = 0x00000000;
93 :
94 43288 : if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
95 4130 : else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
96 4130 : else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
97 2633 : else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
98 70 : else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST;
99 :
100 43288 : return atype;
101 : }
102 :
103 : /*
104 : get the accountType from the groupType
105 : */
106 5888 : uint32_t ds_gtype2atype(uint32_t gtype)
107 : {
108 5888 : uint32_t atype = 0x00000000;
109 :
110 5888 : switch(gtype) {
111 1596 : case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
112 1596 : atype = ATYPE_SECURITY_LOCAL_GROUP;
113 1596 : break;
114 2284 : case GTYPE_SECURITY_GLOBAL_GROUP:
115 2284 : atype = ATYPE_SECURITY_GLOBAL_GROUP;
116 2284 : break;
117 885 : case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
118 885 : atype = ATYPE_SECURITY_LOCAL_GROUP;
119 885 : break;
120 289 : case GTYPE_SECURITY_UNIVERSAL_GROUP:
121 289 : atype = ATYPE_SECURITY_UNIVERSAL_GROUP;
122 289 : break;
123 :
124 13 : case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
125 13 : atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
126 13 : break;
127 802 : case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
128 802 : atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
129 802 : break;
130 16 : case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
131 16 : atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
132 16 : break;
133 : }
134 :
135 5888 : return atype;
136 : }
137 :
138 : /* turn a sAMAccountType into a SID_NAME_USE */
139 27715 : enum lsa_SidType ds_atype_map(uint32_t atype)
140 : {
141 27715 : switch (atype & 0xF0000000) {
142 442 : case ATYPE_GLOBAL_GROUP:
143 442 : return SID_NAME_DOM_GRP;
144 23269 : case ATYPE_SECURITY_LOCAL_GROUP:
145 23269 : return SID_NAME_ALIAS;
146 4004 : case ATYPE_ACCOUNT:
147 4004 : return SID_NAME_USER;
148 0 : default:
149 0 : DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
150 : }
151 0 : return SID_NAME_UNKNOWN;
152 : }
153 :
154 : /* get the default primary group RID for a given userAccountControl
155 : * (information according to MS-SAMR 3.1.1.8.1) */
156 43211 : uint32_t ds_uf2prim_group_rid(uint32_t uf)
157 : {
158 43211 : uint32_t prim_group_rid = DOMAIN_RID_USERS;
159 :
160 43211 : if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
161 425 : && (uf & UF_WORKSTATION_TRUST_ACCOUNT)) prim_group_rid = DOMAIN_RID_READONLY_DCS;
162 42786 : else if (uf & UF_SERVER_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DCS;
163 41289 : else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
164 :
165 43211 : return prim_group_rid;
166 : }
167 :
168 : #define FLAG(x) { .name = #x, .uf = x }
169 : struct {
170 : const char *name;
171 : uint32_t uf;
172 : } user_account_control_name_map[] = {
173 : FLAG(UF_SCRIPT),
174 : FLAG(UF_ACCOUNTDISABLE),
175 : FLAG(UF_00000004),
176 : FLAG(UF_HOMEDIR_REQUIRED),
177 : FLAG(UF_LOCKOUT),
178 : FLAG(UF_PASSWD_NOTREQD),
179 : FLAG(UF_PASSWD_CANT_CHANGE),
180 : FLAG(UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED),
181 :
182 : FLAG(UF_TEMP_DUPLICATE_ACCOUNT),
183 : FLAG(UF_NORMAL_ACCOUNT),
184 : FLAG(UF_00000400),
185 : FLAG(UF_INTERDOMAIN_TRUST_ACCOUNT),
186 :
187 : FLAG(UF_WORKSTATION_TRUST_ACCOUNT),
188 : FLAG(UF_SERVER_TRUST_ACCOUNT),
189 : FLAG(UF_00004000),
190 : FLAG(UF_00008000),
191 :
192 : FLAG(UF_DONT_EXPIRE_PASSWD),
193 : FLAG(UF_MNS_LOGON_ACCOUNT),
194 : FLAG(UF_SMARTCARD_REQUIRED),
195 : FLAG(UF_TRUSTED_FOR_DELEGATION),
196 :
197 : FLAG(UF_NOT_DELEGATED),
198 : FLAG(UF_USE_DES_KEY_ONLY),
199 : FLAG(UF_DONT_REQUIRE_PREAUTH),
200 : FLAG(UF_PASSWORD_EXPIRED),
201 : FLAG(UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION),
202 : FLAG(UF_NO_AUTH_DATA_REQUIRED),
203 : FLAG(UF_PARTIAL_SECRETS_ACCOUNT),
204 : FLAG(UF_USE_AES_KEYS)
205 : };
206 :
207 617 : const char *dsdb_user_account_control_flag_bit_to_string(uint32_t uf)
208 : {
209 : int i;
210 8440 : for (i=0; i < ARRAY_SIZE(user_account_control_name_map); i++) {
211 8436 : if (uf == user_account_control_name_map[i].uf) {
212 613 : return user_account_control_name_map[i].name;
213 : }
214 : }
215 4 : return NULL;
216 : }
|
