1/* 2 Unix SMB/CIFS implementation. 3 User/Group specific flags 4 5 Copyright (C) Andrew Tridgell 2001-2003 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 3 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program. If not, see <http://www.gnu.org/licenses/>. 19*/ 20 21/* User flags for "userAccountControl" */ 22#define UF_SCRIPT 0x00000001 /* NT or Lan Manager Login script must be executed */ 23#define UF_ACCOUNTDISABLE 0x00000002 24#define UF_00000004 0x00000004 25#define UF_HOMEDIR_REQUIRED 0x00000008 26 27#define UF_LOCKOUT 0x00000010 28#define UF_PASSWD_NOTREQD 0x00000020 29#define UF_PASSWD_CANT_CHANGE 0x00000040 30#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000080 31 32#define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100 /* Local user account in usrmgr */ 33#define UF_NORMAL_ACCOUNT 0x00000200 34#define UF_00000400 0x00000400 35#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800 36 37#define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000 38#define UF_SERVER_TRUST_ACCOUNT 0x00002000 39#define UF_00004000 0x00004000 40#define UF_00008000 0x00008000 41 42#define UF_DONT_EXPIRE_PASSWD 0x00010000 43#define UF_MNS_LOGON_ACCOUNT 0x00020000 44#define UF_SMARTCARD_REQUIRED 0x00040000 45#define UF_TRUSTED_FOR_DELEGATION 0x00080000 46 47#define UF_NOT_DELEGATED 0x00100000 48#define UF_USE_DES_KEY_ONLY 0x00200000 49#define UF_DONT_REQUIRE_PREAUTH 0x00400000 50#define UF_PASSWORD_EXPIRED 0x00800000 51 52#define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000 53#define UF_NO_AUTH_DATA_REQUIRED 0x02000000 54 55#define UF_MACHINE_ACCOUNT_MASK (\ 56 UF_INTERDOMAIN_TRUST_ACCOUNT |\ 57 UF_WORKSTATION_TRUST_ACCOUNT |\ 58 UF_SERVER_TRUST_ACCOUNT \ 59 ) 60 61#define UF_ACCOUNT_TYPE_MASK (\ 62 UF_TEMP_DUPLICATE_ACCOUNT |\ 63 UF_NORMAL_ACCOUNT |\ 64 UF_INTERDOMAIN_TRUST_ACCOUNT |\ 65 UF_WORKSTATION_TRUST_ACCOUNT |\ 66 UF_SERVER_TRUST_ACCOUNT \ 67 ) 68 69#define UF_SETTABLE_BITS (\ 70 UF_SCRIPT |\ 71 UF_ACCOUNTDISABLE |\ 72 UF_HOMEDIR_REQUIRED |\ 73 UF_LOCKOUT |\ 74 UF_PASSWD_NOTREQD |\ 75 UF_PASSWD_CANT_CHANGE |\ 76 UF_ACCOUNT_TYPE_MASK | \ 77 UF_DONT_EXPIRE_PASSWD | \ 78 UF_MNS_LOGON_ACCOUNT |\ 79 UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\ 80 UF_SMARTCARD_REQUIRED |\ 81 UF_TRUSTED_FOR_DELEGATION |\ 82 UF_NOT_DELEGATED |\ 83 UF_USE_DES_KEY_ONLY |\ 84 UF_DONT_REQUIRE_PREAUTH \ 85 ) 86 87/* Group flags for "groupType" */ 88#define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001 89#define GROUP_TYPE_ACCOUNT_GROUP 0x00000002 90#define GROUP_TYPE_RESOURCE_GROUP 0x00000004 91#define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008 92#define GROUP_TYPE_APP_BASIC_GROUP 0x00000010 93#define GROUP_TYPE_APP_QUERY_GROUP 0x00000020 94#define GROUP_TYPE_SECURITY_ENABLED 0x80000000 95 96#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP ( \ 97 /* 0x80000005 -2147483643 */ \ 98 GROUP_TYPE_BUILTIN_LOCAL_GROUP| \ 99 GROUP_TYPE_RESOURCE_GROUP| \ 100 GROUP_TYPE_SECURITY_ENABLED \ 101 ) 102#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP ( \ 103 /* 0x80000004 -2147483644 */ \ 104 GROUP_TYPE_RESOURCE_GROUP| \ 105 GROUP_TYPE_SECURITY_ENABLED \ 106 ) 107#define GTYPE_SECURITY_GLOBAL_GROUP ( \ 108 /* 0x80000002 -2147483646 */ \ 109 GROUP_TYPE_ACCOUNT_GROUP| \ 110 GROUP_TYPE_SECURITY_ENABLED \ 111 ) 112#define GTYPE_SECURITY_UNIVERSAL_GROUP ( \ 113 /* 0x80000008 -2147483656 */ \ 114 GROUP_TYPE_UNIVERSAL_GROUP| \ 115 GROUP_TYPE_SECURITY_ENABLED \ 116 ) 117#define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */ 118#define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */ 119#define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */ 120 121/* Account flags for "sAMAccountType" */ 122#define ATYPE_NORMAL_ACCOUNT 0x30000000 /* 805306368 */ 123#define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */ 124#define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */ 125#define ATYPE_SECURITY_GLOBAL_GROUP 0x10000000 /* 268435456 */ 126#define ATYPE_SECURITY_LOCAL_GROUP 0x20000000 /* 536870912 */ 127#define ATYPE_SECURITY_UNIVERSAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP 128#define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */ 129#define ATYPE_DISTRIBUTION_LOCAL_GROUP 0x20000001 /* 536870913 */ 130#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ATYPE_DISTRIBUTION_GLOBAL_GROUP 131 132#define ATYPE_ACCOUNT ATYPE_NORMAL_ACCOUNT /* 0x30000000 805306368 */ 133#define ATYPE_GLOBAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP /* 0x10000000 268435456 */ 134#define ATYPE_LOCAL_GROUP ATYPE_SECURITY_LOCAL_GROUP /* 0x20000000 536870912 */ 135 136/* "instanceType" */ 137#define INSTANCE_TYPE_IS_NC_HEAD 0x00000001 138#define INSTANCE_TYPE_UNINSTANT 0x00000002 139#define INSTANCE_TYPE_WRITE 0x00000004 140#define INSTANCE_TYPE_NC_ABOVE 0x00000008 141#define INSTANCE_TYPE_NC_COMING 0x00000010 142#define INSTANCE_TYPE_NC_GOING 0x00000020 143 144/* "systemFlags" */ 145#define SYSTEM_FLAG_CR_NTDS_NC 0x00000001 146#define SYSTEM_FLAG_CR_NTDS_DOMAIN 0x00000002 147#define SYSTEM_FLAG_CR_NTDS_NOT_GC_REPLICATED 0x00000004 148#define SYSTEM_FLAG_SCHEMA_BASE_OBJECT 0x00000010 149#define SYSTEM_FLAG_ATTR_IS_RDN 0x00000020 150#define SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE 0x02000000 151#define SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE 0x04000000 152#define SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME 0x08000000 153#define SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE 0x10000000 154#define SYSTEM_FLAG_CONFIG_ALLOW_MOVE 0x20000000 155#define SYSTEM_FLAG_CONFIG_ALLOW_RENAME 0x40000000 156#define SYSTEM_FLAG_DISALLOW_DELETE 0x80000000 157 158/* "searchFlags" */ 159#define SEARCH_FLAG_ATTINDEX 0x0000001 160#define SEARCH_FLAG_PDNTATTINDEX 0x0000002 161#define SEARCH_FLAG_ANR 0x0000004 162#define SEARCH_FLAG_PRESERVEONDELETE 0x0000008 163#define SEARCH_FLAG_COPY 0x0000010 164#define SEARCH_FLAG_TUPLEINDEX 0x0000020 165#define SEARCH_FLAG_SUBTREEATTRINDEX 0x0000040 166#define SEARCH_FLAG_CONFIDENTIAL 0x0000080 167#define SEARCH_FLAG_NEVERVALUEAUDIT 0x0000100 168#define SEARCH_FLAG_RODC_ATTRIBUTE 0x0000200 169 170/* "domainFunctionality", "forestFunctionality" in the rootDSE */ 171#define DS_DOMAIN_FUNCTION_2000 0 172#define DS_DOMAIN_FUNCTION_2003_MIXED 1 173#define DS_DOMAIN_FUNCTION_2003 2 174#define DS_DOMAIN_FUNCTION_2008 3 175#define DS_DOMAIN_FUNCTION_2008_R2 4 176 177/* "domainControllerFunctionality" in the rootDSE */ 178#define DS_DC_FUNCTION_2000 0 179#define DS_DC_FUNCTION_2003 2 180#define DS_DC_FUNCTION_2008 3 181#define DS_DC_FUNCTION_2008_R2 4 182 183/* sa->systemFlags on attributes */ 184#define DS_FLAG_ATTR_NOT_REPLICATED 0x00000001 185#define DS_FLAG_ATTR_IS_CONSTRUCTED 0x00000004 186