1/* 2 Unix SMB/CIFS implementation. 3 ads (active directory) utility library 4 5 Copyright (C) Stefan (metze) Metzmacher 2002 6 Copyright (C) Andrew Tridgell 2001 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 2 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program; if not, write to the Free Software 20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 21*/ 22 23#include "includes.h" 24 25/* 26translated the ACB_CTRL Flags to UserFlags (userAccountControl) 27*/ 28uint32 ads_acb2uf(uint32 acb) 29{ 30 uint32 uf = 0x00000000; 31 32 if (acb & ACB_DISABLED) uf |= UF_ACCOUNTDISABLE; 33 if (acb & ACB_HOMDIRREQ) uf |= UF_HOMEDIR_REQUIRED; 34 if (acb & ACB_PWNOTREQ) uf |= UF_PASSWD_NOTREQD; 35 if (acb & ACB_TEMPDUP) uf |= UF_TEMP_DUPLICATE_ACCOUNT; 36 if (acb & ACB_NORMAL) uf |= UF_NORMAL_ACCOUNT; 37 if (acb & ACB_MNS) uf |= UF_MNS_LOGON_ACCOUNT; 38 if (acb & ACB_DOMTRUST) uf |= UF_INTERDOMAIN_TRUST_ACCOUNT; 39 if (acb & ACB_WSTRUST) uf |= UF_WORKSTATION_TRUST_ACCOUNT; 40 if (acb & ACB_SVRTRUST) uf |= UF_SERVER_TRUST_ACCOUNT; 41 if (acb & ACB_PWNOEXP) uf |= UF_DONT_EXPIRE_PASSWD; 42 if (acb & ACB_AUTOLOCK) uf |= UF_LOCKOUT; 43 if (acb & ACB_USE_DES_KEY_ONLY) uf |= UF_USE_DES_KEY_ONLY; 44 if (acb & ACB_SMARTCARD_REQUIRED) uf |= UF_SMARTCARD_REQUIRED; 45 if (acb & ACB_TRUSTED_FOR_DELEGATION) uf |= UF_TRUSTED_FOR_DELEGATION; 46 if (acb & ACB_DONT_REQUIRE_PREAUTH) uf |= UF_DONT_REQUIRE_PREAUTH; 47 if (acb & ACB_NO_AUTH_DATA_REQD) uf |= UF_NO_AUTH_DATA_REQUIRED; 48 if (acb & ACB_NOT_DELEGATED) uf |= UF_NOT_DELEGATED; 49 if (acb & ACB_ENC_TXT_PWD_ALLOWED) uf |= UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED; 50 51 return uf; 52} 53 54/* 55translated the UserFlags (userAccountControl) to ACB_CTRL Flags 56*/ 57uint32 ads_uf2acb(uint32 uf) 58{ 59 uint32 acb = 0x00000000; 60 61 if (uf & UF_ACCOUNTDISABLE) acb |= ACB_DISABLED; 62 if (uf & UF_HOMEDIR_REQUIRED) acb |= ACB_HOMDIRREQ; 63 if (uf & UF_PASSWD_NOTREQD) acb |= ACB_PWNOTREQ; 64 if (uf & UF_MNS_LOGON_ACCOUNT) acb |= ACB_MNS; 65 if (uf & UF_DONT_EXPIRE_PASSWD) acb |= ACB_PWNOEXP; 66 if (uf & UF_LOCKOUT) acb |= ACB_AUTOLOCK; 67 if (uf & UF_USE_DES_KEY_ONLY) acb |= ACB_USE_DES_KEY_ONLY; 68 if (uf & UF_SMARTCARD_REQUIRED) acb |= ACB_SMARTCARD_REQUIRED; 69 if (uf & UF_TRUSTED_FOR_DELEGATION) acb |= ACB_TRUSTED_FOR_DELEGATION; 70 if (uf & UF_DONT_REQUIRE_PREAUTH) acb |= ACB_DONT_REQUIRE_PREAUTH; 71 if (uf & UF_NO_AUTH_DATA_REQUIRED) acb |= ACB_NO_AUTH_DATA_REQD; 72 if (uf & UF_NOT_DELEGATED) acb |= ACB_NOT_DELEGATED; 73 if (uf & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) acb |= ACB_ENC_TXT_PWD_ALLOWED; 74 75 switch (uf & UF_ACCOUNT_TYPE_MASK) 76 { 77 case UF_TEMP_DUPLICATE_ACCOUNT: acb |= ACB_TEMPDUP;break; 78 case UF_NORMAL_ACCOUNT: acb |= ACB_NORMAL;break; 79 case UF_INTERDOMAIN_TRUST_ACCOUNT: acb |= ACB_DOMTRUST;break; 80 case UF_WORKSTATION_TRUST_ACCOUNT: acb |= ACB_WSTRUST;break; 81 case UF_SERVER_TRUST_ACCOUNT: acb |= ACB_SVRTRUST;break; 82 /*Fix Me: what should we do here? */ 83 default: acb |= ACB_NORMAL;break; 84 } 85 86 return acb; 87} 88 89/* 90get the accountType from the UserFlags 91*/ 92uint32 ads_uf2atype(uint32 uf) 93{ 94 uint32 atype = 0x00000000; 95 96 if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; 97 else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; 98 else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; 99 else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; 100 else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST; 101 102 return atype; 103} 104 105/* 106get the accountType from the groupType 107*/ 108uint32 ads_gtype2atype(uint32 gtype) 109{ 110 uint32 atype = 0x00000000; 111 112 switch(gtype) { 113 case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: 114 atype = ATYPE_SECURITY_LOCAL_GROUP; 115 break; 116 case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: 117 atype = ATYPE_SECURITY_LOCAL_GROUP; 118 break; 119 case GTYPE_SECURITY_GLOBAL_GROUP: 120 atype = ATYPE_SECURITY_GLOBAL_GROUP; 121 break; 122 123 case GTYPE_DISTRIBUTION_GLOBAL_GROUP: 124 atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP; 125 break; 126 case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: 127 atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP; 128 break; 129 case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: 130 atype = ATYPE_DISTRIBUTION_LOCAL_GROUP; 131 break; 132 } 133 134 return atype; 135} 136 137/* turn a sAMAccountType into a SID_NAME_USE */ 138enum lsa_SidType ads_atype_map(uint32 atype) 139{ 140 switch (atype & 0xF0000000) { 141 case ATYPE_GLOBAL_GROUP: 142 return SID_NAME_DOM_GRP; 143 case ATYPE_SECURITY_LOCAL_GROUP: 144 return SID_NAME_ALIAS; 145 case ATYPE_ACCOUNT: 146 return SID_NAME_USER; 147 default: 148 DEBUG(1,("hmm, need to map account type 0x%x\n", atype)); 149 } 150 return SID_NAME_UNKNOWN; 151} 152