/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- samdb_acb2uf
- samdb_uf2acb
- samdb_uf2atype
- samdb_gtype2atype
- samdb_atype_map
1 /*
2 Unix SMB/CIFS implementation.
3 helper mapping functions for the SAMDB server
4
5 Copyright (C) Stefan (metze) Metzmacher 2002
6 Copyright (C) Andrew Tridgell 2004
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "librpc/gen_ndr/samr.h"
24 #include "dsdb/common/flags.h"
25 #include "lib/ldb/include/ldb.h"
26 #include "dsdb/common/proto.h"
27
28 /*
29 translated the ACB_CTRL Flags to UserFlags (userAccountControl)
30 */
31 /* mapping between ADS userAccountControl and SAMR acct_flags */
32 static const struct {
33 uint32_t uf;
34 uint32_t acb;
35 } acct_flags_map[] = {
36 { UF_ACCOUNTDISABLE, ACB_DISABLED },
37 { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
38 { UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
39 { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
40 { UF_NORMAL_ACCOUNT, ACB_NORMAL },
41 { UF_MNS_LOGON_ACCOUNT, ACB_MNS },
42 { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
43 { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
44 { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
45 { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
46 { UF_LOCKOUT, ACB_AUTOLOCK },
47 { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
48 { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
49 { UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
50 { UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
51 { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
52 { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
53 { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
54 { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD }
55 };
56
57 uint32_t samdb_acb2uf(uint32_t acb)
/* [<][>][^][v][top][bottom][index][help] */
58 {
59 uint32_t i, ret = 0;
60 for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
61 if (acct_flags_map[i].acb & acb) {
62 ret |= acct_flags_map[i].uf;
63 }
64 }
65 return ret;
66 }
67
68 /*
69 translated the UserFlags (userAccountControl) to ACB_CTRL Flags
70 */
71 uint32_t samdb_uf2acb(uint32_t uf)
/* [<][>][^][v][top][bottom][index][help] */
72 {
73 uint32_t i;
74 uint32_t ret = 0;
75 for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
76 if (acct_flags_map[i].uf & uf) {
77 ret |= acct_flags_map[i].acb;
78 }
79 }
80 return ret;
81 }
82
83 /*
84 get the accountType from the UserFlags
85 */
86 uint32_t samdb_uf2atype(uint32_t uf)
/* [<][>][^][v][top][bottom][index][help] */
87 {
88 uint32_t atype = 0x00000000;
89
90 if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
91 else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT;
92 else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
93 else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
94 else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST;
95
96 return atype;
97 }
98
99 /*
100 get the accountType from the groupType
101 */
102 uint32_t samdb_gtype2atype(uint32_t gtype)
/* [<][>][^][v][top][bottom][index][help] */
103 {
104 uint32_t atype = 0x00000000;
105
106 switch(gtype) {
107 case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
108 atype = ATYPE_SECURITY_LOCAL_GROUP;
109 break;
110 case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
111 atype = ATYPE_SECURITY_LOCAL_GROUP;
112 break;
113 case GTYPE_SECURITY_GLOBAL_GROUP:
114 atype = ATYPE_SECURITY_GLOBAL_GROUP;
115 break;
116
117 case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
118 atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
119 break;
120 case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
121 atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
122 break;
123 case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
124 atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
125 break;
126 }
127
128 return atype;
129 }
130
131 /* turn a sAMAccountType into a SID_NAME_USE */
132 enum lsa_SidType samdb_atype_map(uint32_t atype)
/* [<][>][^][v][top][bottom][index][help] */
133 {
134 switch (atype & 0xF0000000) {
135 case ATYPE_GLOBAL_GROUP:
136 return SID_NAME_DOM_GRP;
137 case ATYPE_SECURITY_LOCAL_GROUP:
138 return SID_NAME_ALIAS;
139 case ATYPE_ACCOUNT:
140 return SID_NAME_USER;
141 default:
142 DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
143 }
144 return SID_NAME_UNKNOWN;
145 }