Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : helper mapping functions for the UF and ACB flags
4 :
5 : Copyright (C) Stefan (metze) Metzmacher 2002
6 : Copyright (C) Andrew Tridgell 2004
7 : Copyright (C) Matthias Dieter Wallnöfer 2010
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "replace.h"
24 : #include "lib/util/data_blob.h"
25 : #include "lib/util/time.h"
26 : #include "lib/util/debug.h"
27 : #include "librpc/gen_ndr/samr.h"
28 : #include "../libds/common/flags.h"
29 : #include "flag_mapping.h"
30 :
31 : /*
32 : translated the ACB_CTRL Flags to UserFlags (userAccountControl)
33 : */
34 : /* mapping between ADS userAccountControl and SAMR acct_flags */
35 : static const struct {
36 : uint32_t uf;
37 : uint32_t acb;
38 : } acct_flags_map[] = {
39 : { UF_ACCOUNTDISABLE, ACB_DISABLED },
40 : { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
41 : { UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
42 : { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
43 : { UF_NORMAL_ACCOUNT, ACB_NORMAL },
44 : { UF_MNS_LOGON_ACCOUNT, ACB_MNS },
45 : { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
46 : { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
47 : { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
48 : { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
49 : { UF_LOCKOUT, ACB_AUTOLOCK },
50 : { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
51 : { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
52 : { UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
53 : { UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
54 : { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
55 : { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
56 : { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
57 : { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
58 : { UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
59 : { UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
60 : { UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
61 : };
62 :
63 1674 : uint32_t ds_acb2uf(uint32_t acb)
64 : {
65 81 : unsigned int i;
66 1674 : uint32_t ret = 0;
67 38502 : for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
68 36828 : if (acct_flags_map[i].acb & acb) {
69 1650 : ret |= acct_flags_map[i].uf;
70 : }
71 : }
72 1674 : return ret;
73 : }
74 :
75 : /*
76 : translated the UserFlags (userAccountControl) to ACB_CTRL Flags
77 : */
78 503315 : uint32_t ds_uf2acb(uint32_t uf)
79 : {
80 20064 : unsigned int i;
81 503315 : uint32_t ret = 0;
82 11576245 : for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
83 11072930 : if (acct_flags_map[i].uf & uf) {
84 307717 : ret |= acct_flags_map[i].acb;
85 : }
86 : }
87 503315 : return ret;
88 : }
89 :
90 : /*
91 : get the accountType from the UserFlags
92 : */
93 61826 : uint32_t ds_uf2atype(uint32_t uf)
94 : {
95 61826 : uint32_t atype = 0x00000000;
96 :
97 61826 : if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
98 6770 : else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
99 6770 : else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
100 4461 : else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
101 71 : else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST;
102 :
103 61826 : return atype;
104 : }
105 :
106 : /*
107 : get the accountType from the groupType
108 : */
109 8819 : uint32_t ds_gtype2atype(uint32_t gtype)
110 : {
111 8819 : uint32_t atype = 0x00000000;
112 :
113 8819 : switch(gtype) {
114 2667 : case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
115 2667 : atype = ATYPE_SECURITY_LOCAL_GROUP;
116 2667 : break;
117 2872 : case GTYPE_SECURITY_GLOBAL_GROUP:
118 2872 : atype = ATYPE_SECURITY_GLOBAL_GROUP;
119 2872 : break;
120 1415 : case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
121 1415 : atype = ATYPE_SECURITY_LOCAL_GROUP;
122 1415 : break;
123 590 : case GTYPE_SECURITY_UNIVERSAL_GROUP:
124 590 : atype = ATYPE_SECURITY_UNIVERSAL_GROUP;
125 590 : break;
126 :
127 13 : case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
128 13 : atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
129 13 : break;
130 1243 : case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
131 1243 : atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
132 1243 : break;
133 16 : case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
134 16 : atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
135 16 : break;
136 : }
137 :
138 8819 : return atype;
139 : }
140 :
141 : /* turn a sAMAccountType into a SID_NAME_USE */
142 63681 : enum lsa_SidType ds_atype_map(uint32_t atype)
143 : {
144 63681 : switch (atype & 0xF0000000) {
145 480 : case ATYPE_GLOBAL_GROUP:
146 480 : return SID_NAME_DOM_GRP;
147 53658 : case ATYPE_SECURITY_LOCAL_GROUP:
148 53658 : return SID_NAME_ALIAS;
149 9543 : case ATYPE_ACCOUNT:
150 9543 : return SID_NAME_USER;
151 0 : default:
152 0 : DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
153 : }
154 0 : return SID_NAME_UNKNOWN;
155 : }
156 :
157 : /* get the default primary group RID for a given userAccountControl
158 : * (information according to MS-SAMR 3.1.1.8.1) */
159 61698 : uint32_t ds_uf2prim_group_rid(uint32_t uf)
160 : {
161 61698 : uint32_t prim_group_rid = DOMAIN_RID_USERS;
162 :
163 61698 : if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
164 981 : && (uf & UF_WORKSTATION_TRUST_ACCOUNT)) prim_group_rid = DOMAIN_RID_READONLY_DCS;
165 61134 : else if (uf & UF_SERVER_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DCS;
166 58825 : else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
167 :
168 61698 : return prim_group_rid;
169 : }
170 :
171 646 : const char *dsdb_user_account_control_flag_bit_to_string(uint32_t uf)
172 : {
173 646 : switch (uf) {
174 1 : case UF_SCRIPT:
175 1 : return "UF_SCRIPT";
176 1 : break;
177 2 : case UF_ACCOUNTDISABLE:
178 2 : return "UF_ACCOUNTDISABLE";
179 1 : break;
180 2 : case UF_00000004:
181 2 : return "UF_00000004";
182 1 : break;
183 2 : case UF_HOMEDIR_REQUIRED:
184 2 : return "UF_HOMEDIR_REQUIRED";
185 1 : break;
186 2 : case UF_LOCKOUT:
187 2 : return "UF_LOCKOUT";
188 1 : break;
189 2 : case UF_PASSWD_NOTREQD:
190 2 : return "UF_PASSWD_NOTREQD";
191 1 : break;
192 2 : case UF_PASSWD_CANT_CHANGE:
193 2 : return "UF_PASSWD_CANT_CHANGE";
194 1 : break;
195 2 : case UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED:
196 2 : return "UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED";
197 1 : break;
198 :
199 2 : case UF_TEMP_DUPLICATE_ACCOUNT:
200 2 : return "UF_TEMP_DUPLICATE_ACCOUNT";
201 1 : break;
202 212 : case UF_NORMAL_ACCOUNT:
203 212 : return "UF_NORMAL_ACCOUNT";
204 1 : break;
205 2 : case UF_00000400:
206 2 : return "UF_00000400";
207 1 : break;
208 2 : case UF_INTERDOMAIN_TRUST_ACCOUNT:
209 2 : return "UF_INTERDOMAIN_TRUST_ACCOUNT";
210 1 : break;
211 :
212 162 : case UF_WORKSTATION_TRUST_ACCOUNT:
213 162 : return "UF_WORKSTATION_TRUST_ACCOUNT";
214 1 : break;
215 161 : case UF_SERVER_TRUST_ACCOUNT:
216 161 : return "UF_SERVER_TRUST_ACCOUNT";
217 1 : break;
218 2 : case UF_00004000:
219 2 : return "UF_00004000";
220 1 : break;
221 2 : case UF_00008000:
222 2 : return "UF_00008000";
223 1 : break;
224 :
225 2 : case UF_DONT_EXPIRE_PASSWD:
226 2 : return "UF_DONT_EXPIRE_PASSWD";
227 1 : break;
228 2 : case UF_MNS_LOGON_ACCOUNT:
229 2 : return "UF_MNS_LOGON_ACCOUNT";
230 1 : break;
231 2 : case UF_SMARTCARD_REQUIRED:
232 2 : return "UF_SMARTCARD_REQUIRED";
233 1 : break;
234 2 : case UF_TRUSTED_FOR_DELEGATION:
235 2 : return "UF_TRUSTED_FOR_DELEGATION";
236 1 : break;
237 :
238 2 : case UF_NOT_DELEGATED:
239 2 : return "UF_NOT_DELEGATED";
240 1 : break;
241 2 : case UF_USE_DES_KEY_ONLY:
242 2 : return "UF_USE_DES_KEY_ONLY";
243 1 : break;
244 2 : case UF_DONT_REQUIRE_PREAUTH:
245 2 : return "UF_DONT_REQUIRE_PREAUTH";
246 1 : break;
247 2 : case UF_PASSWORD_EXPIRED:
248 2 : return "UF_PASSWORD_EXPIRED";
249 1 : break;
250 2 : case UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION:
251 2 : return "UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION";
252 1 : break;
253 2 : case UF_NO_AUTH_DATA_REQUIRED:
254 2 : return "UF_NO_AUTH_DATA_REQUIRED";
255 1 : break;
256 58 : case UF_PARTIAL_SECRETS_ACCOUNT:
257 58 : return "UF_PARTIAL_SECRETS_ACCOUNT";
258 1 : break;
259 2 : case UF_USE_AES_KEYS:
260 2 : return "UF_USE_AES_KEYS";
261 1 : break;
262 4 : default:
263 5 : break;
264 : }
265 5 : return NULL;
266 : }
|
