1/*
2   Unix SMB/CIFS implementation.
3   User/Group specific flags
4
5   Copyright (C) Andrew Tridgell 2001-2003
6
7   This program is free software; you can redistribute it and/or modify
8   it under the terms of the GNU General Public License as published by
9   the Free Software Foundation; either version 3 of the License, or
10   (at your option) any later version.
11
12   This program is distributed in the hope that it will be useful,
13   but WITHOUT ANY WARRANTY; without even the implied warranty of
14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15   GNU General Public License for more details.
16
17   You should have received a copy of the GNU General Public License
18   along with this program.  If not, see <http://www.gnu.org/licenses/>.
19*/
20
21/* User flags for "userAccountControl" */
22#define UF_SCRIPT	 			0x00000001  /* NT or Lan Manager Login script must be executed */
23#define UF_ACCOUNTDISABLE			0x00000002
24#define UF_00000004				0x00000004
25#define UF_HOMEDIR_REQUIRED			0x00000008
26
27#define UF_LOCKOUT				0x00000010
28#define UF_PASSWD_NOTREQD			0x00000020
29#define UF_PASSWD_CANT_CHANGE			0x00000040
30#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED	0x00000080
31
32#define UF_TEMP_DUPLICATE_ACCOUNT		0x00000100 /* Local user account in usrmgr */
33#define UF_NORMAL_ACCOUNT			0x00000200
34#define UF_00000400				0x00000400
35#define UF_INTERDOMAIN_TRUST_ACCOUNT		0x00000800
36
37#define UF_WORKSTATION_TRUST_ACCOUNT		0x00001000
38#define UF_SERVER_TRUST_ACCOUNT			0x00002000
39#define UF_00004000				0x00004000
40#define UF_00008000				0x00008000
41
42#define UF_DONT_EXPIRE_PASSWD			0x00010000
43#define UF_MNS_LOGON_ACCOUNT			0x00020000
44#define UF_SMARTCARD_REQUIRED			0x00040000
45#define UF_TRUSTED_FOR_DELEGATION		0x00080000
46
47#define UF_NOT_DELEGATED			0x00100000
48#define UF_USE_DES_KEY_ONLY			0x00200000
49#define UF_DONT_REQUIRE_PREAUTH			0x00400000
50#define UF_PASSWORD_EXPIRED			0x00800000
51
52#define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000
53#define UF_NO_AUTH_DATA_REQUIRED		0x02000000
54
55#define UF_MACHINE_ACCOUNT_MASK (\
56		UF_INTERDOMAIN_TRUST_ACCOUNT |\
57		UF_WORKSTATION_TRUST_ACCOUNT |\
58		UF_SERVER_TRUST_ACCOUNT \
59		)
60
61#define UF_ACCOUNT_TYPE_MASK (\
62		UF_TEMP_DUPLICATE_ACCOUNT |\
63		UF_NORMAL_ACCOUNT |\
64		UF_INTERDOMAIN_TRUST_ACCOUNT |\
65		UF_WORKSTATION_TRUST_ACCOUNT |\
66		UF_SERVER_TRUST_ACCOUNT \
67                )
68
69#define UF_SETTABLE_BITS (\
70		UF_SCRIPT |\
71		UF_ACCOUNTDISABLE |\
72		UF_HOMEDIR_REQUIRED  |\
73		UF_LOCKOUT |\
74		UF_PASSWD_NOTREQD |\
75		UF_PASSWD_CANT_CHANGE |\
76		UF_ACCOUNT_TYPE_MASK | \
77		UF_DONT_EXPIRE_PASSWD | \
78		UF_MNS_LOGON_ACCOUNT |\
79		UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
80		UF_SMARTCARD_REQUIRED |\
81		UF_TRUSTED_FOR_DELEGATION |\
82		UF_NOT_DELEGATED |\
83		UF_USE_DES_KEY_ONLY  |\
84		UF_DONT_REQUIRE_PREAUTH \
85		)
86
87/* Group flags for "groupType" */
88#define GROUP_TYPE_BUILTIN_LOCAL_GROUP		0x00000001
89#define GROUP_TYPE_ACCOUNT_GROUP		0x00000002
90#define GROUP_TYPE_RESOURCE_GROUP		0x00000004
91#define GROUP_TYPE_UNIVERSAL_GROUP		0x00000008
92#define GROUP_TYPE_APP_BASIC_GROUP		0x00000010
93#define GROUP_TYPE_APP_QUERY_GROUP		0x00000020
94#define GROUP_TYPE_SECURITY_ENABLED		0x80000000
95
96#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP ( \
97		/* 0x80000005 -2147483643 */ \
98		GROUP_TYPE_BUILTIN_LOCAL_GROUP| \
99		GROUP_TYPE_RESOURCE_GROUP| \
100		GROUP_TYPE_SECURITY_ENABLED \
101		)
102#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP ( \
103		/* 0x80000004 -2147483644 */ \
104		GROUP_TYPE_RESOURCE_GROUP| \
105		GROUP_TYPE_SECURITY_ENABLED \
106		)
107#define GTYPE_SECURITY_GLOBAL_GROUP ( \
108		/* 0x80000002 -2147483646 */ \
109		GROUP_TYPE_ACCOUNT_GROUP| \
110		GROUP_TYPE_SECURITY_ENABLED \
111		)
112#define GTYPE_SECURITY_UNIVERSAL_GROUP ( \
113		/* 0x80000008 -2147483656 */ \
114		GROUP_TYPE_UNIVERSAL_GROUP| \
115		GROUP_TYPE_SECURITY_ENABLED \
116		)
117#define GTYPE_DISTRIBUTION_GLOBAL_GROUP		0x00000002	/* 2 */
118#define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP	0x00000004	/* 4 */
119#define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP	0x00000008	/* 8 */
120
121/* Account flags for "sAMAccountType" */
122#define ATYPE_NORMAL_ACCOUNT			0x30000000 /* 805306368 */
123#define ATYPE_WORKSTATION_TRUST			0x30000001 /* 805306369 */
124#define ATYPE_INTERDOMAIN_TRUST			0x30000002 /* 805306370 */
125#define ATYPE_SECURITY_GLOBAL_GROUP		0x10000000 /* 268435456 */
126#define ATYPE_SECURITY_LOCAL_GROUP		0x20000000 /* 536870912 */
127#define ATYPE_SECURITY_UNIVERSAL_GROUP		ATYPE_SECURITY_GLOBAL_GROUP
128#define ATYPE_DISTRIBUTION_GLOBAL_GROUP		0x10000001 /* 268435457 */
129#define ATYPE_DISTRIBUTION_LOCAL_GROUP		0x20000001 /* 536870913 */
130#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP	ATYPE_DISTRIBUTION_GLOBAL_GROUP
131
132#define ATYPE_ACCOUNT		ATYPE_NORMAL_ACCOUNT		/* 0x30000000 805306368 */
133#define ATYPE_GLOBAL_GROUP	ATYPE_SECURITY_GLOBAL_GROUP	/* 0x10000000 268435456 */
134#define ATYPE_LOCAL_GROUP	ATYPE_SECURITY_LOCAL_GROUP	/* 0x20000000 536870912 */
135
136/* "instanceType" */
137#define INSTANCE_TYPE_IS_NC_HEAD	0x00000001
138#define INSTANCE_TYPE_UNINSTANT		0x00000002
139#define INSTANCE_TYPE_WRITE		0x00000004
140#define INSTANCE_TYPE_NC_ABOVE		0x00000008
141#define INSTANCE_TYPE_NC_COMING		0x00000010
142#define INSTANCE_TYPE_NC_GOING		0x00000020
143
144/* "systemFlags" */
145#define SYSTEM_FLAG_CR_NTDS_NC			0x00000001
146#define SYSTEM_FLAG_CR_NTDS_DOMAIN		0x00000002
147#define SYSTEM_FLAG_CR_NTDS_NOT_GC_REPLICATED	0x00000004
148#define SYSTEM_FLAG_SCHEMA_BASE_OBJECT		0x00000010
149#define SYSTEM_FLAG_ATTR_IS_RDN			0x00000020
150#define SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE	0x02000000
151#define SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE	0x04000000
152#define SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME	0x08000000
153#define SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE	0x10000000
154#define SYSTEM_FLAG_CONFIG_ALLOW_MOVE		0x20000000
155#define SYSTEM_FLAG_CONFIG_ALLOW_RENAME		0x40000000
156#define SYSTEM_FLAG_DISALLOW_DELETE		0x80000000
157
158/* "searchFlags" */
159#define SEARCH_FLAG_ATTINDEX		0x0000001
160#define SEARCH_FLAG_PDNTATTINDEX	0x0000002
161#define SEARCH_FLAG_ANR			0x0000004
162#define SEARCH_FLAG_PRESERVEONDELETE	0x0000008
163#define SEARCH_FLAG_COPY		0x0000010
164#define SEARCH_FLAG_TUPLEINDEX		0x0000020
165#define SEARCH_FLAG_SUBTREEATTRINDEX	0x0000040
166#define SEARCH_FLAG_CONFIDENTIAL	0x0000080
167#define SEARCH_FLAG_NEVERVALUEAUDIT	0x0000100
168#define SEARCH_FLAG_RODC_ATTRIBUTE	0x0000200
169
170/* "domainFunctionality", "forestFunctionality" in the rootDSE */
171#define DS_DOMAIN_FUNCTION_2000		0
172#define DS_DOMAIN_FUNCTION_2003_MIXED	1
173#define DS_DOMAIN_FUNCTION_2003		2
174#define DS_DOMAIN_FUNCTION_2008		3
175#define DS_DOMAIN_FUNCTION_2008_R2	4
176
177/* "domainControllerFunctionality" in the rootDSE */
178#define DS_DC_FUNCTION_2000		0
179#define DS_DC_FUNCTION_2003		2
180#define DS_DC_FUNCTION_2008		3
181#define DS_DC_FUNCTION_2008_R2		4
182
183/* sa->systemFlags on attributes */
184#define DS_FLAG_ATTR_NOT_REPLICATED    0x00000001
185#define DS_FLAG_ATTR_IS_CONSTRUCTED    0x00000004
186