1/* 2 Unix SMB/CIFS implementation. 3 helper mapping functions for the UF and ACB flags 4 5 Copyright (C) Stefan (metze) Metzmacher 2002 6 Copyright (C) Andrew Tridgell 2004 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 3 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program. If not, see <http://www.gnu.org/licenses/>. 20*/ 21 22#include "includes.h" 23#include "librpc/gen_ndr/samr.h" 24#include "../libds/common/flags.h" 25 26/* 27translated the ACB_CTRL Flags to UserFlags (userAccountControl) 28*/ 29/* mapping between ADS userAccountControl and SAMR acct_flags */ 30static const struct { 31 uint32_t uf; 32 uint32_t acb; 33} acct_flags_map[] = { 34 { UF_ACCOUNTDISABLE, ACB_DISABLED }, 35 { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ }, 36 { UF_PASSWD_NOTREQD, ACB_PWNOTREQ }, 37 { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP }, 38 { UF_NORMAL_ACCOUNT, ACB_NORMAL }, 39 { UF_MNS_LOGON_ACCOUNT, ACB_MNS }, 40 { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST }, 41 { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST }, 42 { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST }, 43 { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP }, 44 { UF_LOCKOUT, ACB_AUTOLOCK }, 45 { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED }, 46 { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED }, 47 { UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION }, 48 { UF_NOT_DELEGATED, ACB_NOT_DELEGATED }, 49 { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY}, 50 { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH }, 51 { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED }, 52 { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD } 53}; 54 55uint32_t ds_acb2uf(uint32_t acb) 56{ 57 uint32_t i, ret = 0; 58 for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) { 59 if (acct_flags_map[i].acb & acb) { 60 ret |= acct_flags_map[i].uf; 61 } 62 } 63 return ret; 64} 65 66/* 67translated the UserFlags (userAccountControl) to ACB_CTRL Flags 68*/ 69uint32_t ds_uf2acb(uint32_t uf) 70{ 71 uint32_t i; 72 uint32_t ret = 0; 73 for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) { 74 if (acct_flags_map[i].uf & uf) { 75 ret |= acct_flags_map[i].acb; 76 } 77 } 78 return ret; 79} 80 81/* 82get the accountType from the UserFlags 83*/ 84uint32_t ds_uf2atype(uint32_t uf) 85{ 86 uint32_t atype = 0x00000000; 87 88 if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; 89 else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; 90 else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; 91 else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; 92 else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST; 93 94 return atype; 95} 96 97/* 98get the accountType from the groupType 99*/ 100uint32_t ds_gtype2atype(uint32_t gtype) 101{ 102 uint32_t atype = 0x00000000; 103 104 switch(gtype) { 105 case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: 106 atype = ATYPE_SECURITY_LOCAL_GROUP; 107 break; 108 case GTYPE_SECURITY_GLOBAL_GROUP: 109 atype = ATYPE_SECURITY_GLOBAL_GROUP; 110 break; 111 case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: 112 atype = ATYPE_SECURITY_LOCAL_GROUP; 113 break; 114 case GTYPE_SECURITY_UNIVERSAL_GROUP: 115 atype = ATYPE_SECURITY_UNIVERSAL_GROUP; 116 break; 117 118 case GTYPE_DISTRIBUTION_GLOBAL_GROUP: 119 atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP; 120 break; 121 case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: 122 atype = ATYPE_DISTRIBUTION_LOCAL_GROUP; 123 break; 124 case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: 125 atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP; 126 break; 127 } 128 129 return atype; 130} 131 132/* turn a sAMAccountType into a SID_NAME_USE */ 133enum lsa_SidType ds_atype_map(uint32_t atype) 134{ 135 switch (atype & 0xF0000000) { 136 case ATYPE_GLOBAL_GROUP: 137 return SID_NAME_DOM_GRP; 138 case ATYPE_SECURITY_LOCAL_GROUP: 139 return SID_NAME_ALIAS; 140 case ATYPE_ACCOUNT: 141 return SID_NAME_USER; 142 default: 143 DEBUG(1,("hmm, need to map account type 0x%x\n", atype)); 144 } 145 return SID_NAME_UNKNOWN; 146} 147