1 files changed, 266 insertions, 0 deletions
diff --git a/libds/common/flag_mapping.c b/libds/common/flag_mapping.c
new file mode 100644
index 0000000..fb64014
--- /dev/null
+++ b/libds/common/flag_mapping.c
@@ -0,0 +1,266 @@
+/*
+   Unix SMB/CIFS implementation.
+   helper mapping functions for the UF and ACB flags
+
+   Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Matthias Dieter Wallnöfer 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "lib/util/data_blob.h"
+#include "lib/util/time.h"
+#include "lib/util/debug.h"
+#include "librpc/gen_ndr/samr.h"
+#include "../libds/common/flags.h"
+#include "flag_mapping.h"
+
+/*
+translated the ACB_CTRL Flags to UserFlags (userAccountControl)
+*/
+/* mapping between ADS userAccountControl and SAMR acct_flags */
+static const struct {
+	uint32_t uf;
+	uint32_t acb;
+} acct_flags_map[] = {
+	{ UF_ACCOUNTDISABLE, ACB_DISABLED },
+	{ UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
+	{ UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
+	{ UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
+	{ UF_NORMAL_ACCOUNT, ACB_NORMAL },
+	{ UF_MNS_LOGON_ACCOUNT, ACB_MNS },
+	{ UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
+	{ UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
+	{ UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
+	{ UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
+	{ UF_LOCKOUT, ACB_AUTOLOCK },
+	{ UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
+	{ UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
+	{ UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
+	{ UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
+	{ UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
+	{ UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
+	{ UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
+	{ UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
+	{ UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
+	{ UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
+	{ UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
+};
+
+uint32_t ds_acb2uf(uint32_t acb)
+{
+	unsigned int i;
+	uint32_t ret = 0;
+	for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
+		if (acct_flags_map[i].acb & acb) {
+			ret |= acct_flags_map[i].uf;
+		}
+	}
+	return ret;
+}
+
+/*
+translated the UserFlags (userAccountControl) to ACB_CTRL Flags
+*/
+uint32_t ds_uf2acb(uint32_t uf)
+{
+	unsigned int i;
+	uint32_t ret = 0;
+	for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
+		if (acct_flags_map[i].uf & uf) {
+			ret |= acct_flags_map[i].acb;
+		}
+	}
+	return ret;
+}
+
+/*
+get the accountType from the UserFlags
+*/
+uint32_t ds_uf2atype(uint32_t uf)
+{
+	uint32_t atype = 0x00000000;
+
+	if (uf & UF_NORMAL_ACCOUNT)			atype = ATYPE_NORMAL_ACCOUNT;
+	else if (uf & UF_TEMP_DUPLICATE_ACCOUNT)	atype = ATYPE_NORMAL_ACCOUNT;
+	else if (uf & UF_SERVER_TRUST_ACCOUNT)		atype = ATYPE_WORKSTATION_TRUST;
+	else if (uf & UF_WORKSTATION_TRUST_ACCOUNT)	atype = ATYPE_WORKSTATION_TRUST;
+	else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT)	atype = ATYPE_INTERDOMAIN_TRUST;
+
+	return atype;
+}
+
+/*
+get the accountType from the groupType
+*/
+uint32_t ds_gtype2atype(uint32_t gtype)
+{
+	uint32_t atype = 0x00000000;
+
+	switch(gtype) {
+		case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
+			atype = ATYPE_SECURITY_LOCAL_GROUP;
+			break;
+		case GTYPE_SECURITY_GLOBAL_GROUP:
+			atype = ATYPE_SECURITY_GLOBAL_GROUP;
+			break;
+		case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
+			atype = ATYPE_SECURITY_LOCAL_GROUP;
+			break;
+		case GTYPE_SECURITY_UNIVERSAL_GROUP:
+			atype = ATYPE_SECURITY_UNIVERSAL_GROUP;
+			break;
+
+		case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
+			atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
+			break;
+		case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
+			atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
+			break;
+		case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
+			atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
+			break;
+	}
+
+	return atype;
+}
+
+/* turn a sAMAccountType into a SID_NAME_USE */
+enum lsa_SidType ds_atype_map(uint32_t atype)
+{
+	switch (atype & 0xF0000000) {
+	case ATYPE_GLOBAL_GROUP:
+		return SID_NAME_DOM_GRP;
+	case ATYPE_SECURITY_LOCAL_GROUP:
+		return SID_NAME_ALIAS;
+	case ATYPE_ACCOUNT:
+		return SID_NAME_USER;
+	default:
+		DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
+	}
+	return SID_NAME_UNKNOWN;
+}
+
+/* get the default primary group RID for a given userAccountControl
+ * (information according to MS-SAMR 3.1.1.8.1) */
+uint32_t ds_uf2prim_group_rid(uint32_t uf)
+{
+	uint32_t prim_group_rid = DOMAIN_RID_USERS;
+
+	if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
+	 && (uf & UF_WORKSTATION_TRUST_ACCOUNT))    prim_group_rid = DOMAIN_RID_READONLY_DCS;
+	else if (uf & UF_SERVER_TRUST_ACCOUNT)      prim_group_rid = DOMAIN_RID_DCS;
+	else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
+
+	return prim_group_rid;
+}
+
+const char *dsdb_user_account_control_flag_bit_to_string(uint32_t uf)
+{
+	switch (uf) {
+	case UF_SCRIPT:
+		return "UF_SCRIPT";
+		break;
+	case UF_ACCOUNTDISABLE:
+		return "UF_ACCOUNTDISABLE";
+		break;
+	case UF_00000004:
+		return "UF_00000004";
+		break;
+	case UF_HOMEDIR_REQUIRED:
+		return "UF_HOMEDIR_REQUIRED";
+		break;
+	case UF_LOCKOUT:
+		return "UF_LOCKOUT";
+		break;
+	case UF_PASSWD_NOTREQD:
+		return "UF_PASSWD_NOTREQD";
+		break;
+	case UF_PASSWD_CANT_CHANGE:
+		return "UF_PASSWD_CANT_CHANGE";
+		break;
+	case UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED:
+		return "UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED";
+		break;
+
+	case UF_TEMP_DUPLICATE_ACCOUNT:
+		return "UF_TEMP_DUPLICATE_ACCOUNT";
+		break;
+	case UF_NORMAL_ACCOUNT:
+		return "UF_NORMAL_ACCOUNT";
+		break;
+	case UF_00000400:
+		return "UF_00000400";
+		break;
+	case UF_INTERDOMAIN_TRUST_ACCOUNT:
+		return "UF_INTERDOMAIN_TRUST_ACCOUNT";
+		break;
+
+	case UF_WORKSTATION_TRUST_ACCOUNT:
+		return "UF_WORKSTATION_TRUST_ACCOUNT";
+		break;
+	case UF_SERVER_TRUST_ACCOUNT:
+		return "UF_SERVER_TRUST_ACCOUNT";
+		break;
+	case UF_00004000:
+		return "UF_00004000";
+		break;
+	case UF_00008000:
+		return "UF_00008000";
+		break;
+
+	case UF_DONT_EXPIRE_PASSWD:
+		return "UF_DONT_EXPIRE_PASSWD";
+		break;
+	case UF_MNS_LOGON_ACCOUNT:
+		return "UF_MNS_LOGON_ACCOUNT";
+		break;
+	case UF_SMARTCARD_REQUIRED:
+		return "UF_SMARTCARD_REQUIRED";
+		break;
+	case UF_TRUSTED_FOR_DELEGATION:
+		return "UF_TRUSTED_FOR_DELEGATION";
+		break;
+
+	case UF_NOT_DELEGATED:
+		return "UF_NOT_DELEGATED";
+		break;
+	case UF_USE_DES_KEY_ONLY:
+		return "UF_USE_DES_KEY_ONLY";
+		break;
+	case UF_DONT_REQUIRE_PREAUTH:
+		return "UF_DONT_REQUIRE_PREAUTH";
+		break;
+	case UF_PASSWORD_EXPIRED:
+		return "UF_PASSWORD_EXPIRED";
+		break;
+	case UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION:
+		return "UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION";
+		break;
+	case UF_NO_AUTH_DATA_REQUIRED:
+		return "UF_NO_AUTH_DATA_REQUIRED";
+		break;
+	case UF_PARTIAL_SECRETS_ACCOUNT:
+		return "UF_PARTIAL_SECRETS_ACCOUNT";
+		break;
+	case UF_USE_AES_KEYS:
+		return "UF_USE_AES_KEYS";
+		break;
+	default:
+		break;
+	}
+	return NULL;
+}