LCOV - code coverage report
Current view: top level - libds/common - flag_mapping.c (source / functions) Hit Total Coverage
Test: coverage report for master 98b443d9 Lines: 123 126 97.6 %
Date: 2024-05-31 13:13:24 Functions: 7 7 100.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    helper mapping functions for the UF and ACB flags
       4             : 
       5             :    Copyright (C) Stefan (metze) Metzmacher 2002
       6             :    Copyright (C) Andrew Tridgell 2004
       7             :    Copyright (C) Matthias Dieter Wallnöfer 2010
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "replace.h"
      24             : #include "lib/util/data_blob.h"
      25             : #include "lib/util/time.h"
      26             : #include "lib/util/debug.h"
      27             : #include "librpc/gen_ndr/samr.h"
      28             : #include "../libds/common/flags.h"
      29             : #include "flag_mapping.h"
      30             : 
      31             : /*
      32             : translated the ACB_CTRL Flags to UserFlags (userAccountControl)
      33             : */
      34             : /* mapping between ADS userAccountControl and SAMR acct_flags */
      35             : static const struct {
      36             :         uint32_t uf;
      37             :         uint32_t acb;
      38             : } acct_flags_map[] = {
      39             :         { UF_ACCOUNTDISABLE, ACB_DISABLED },
      40             :         { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ },
      41             :         { UF_PASSWD_NOTREQD, ACB_PWNOTREQ },
      42             :         { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP },
      43             :         { UF_NORMAL_ACCOUNT, ACB_NORMAL },
      44             :         { UF_MNS_LOGON_ACCOUNT, ACB_MNS },
      45             :         { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST },
      46             :         { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST },
      47             :         { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST },
      48             :         { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP },
      49             :         { UF_LOCKOUT, ACB_AUTOLOCK },
      50             :         { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED },
      51             :         { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED },
      52             :         { UF_TRUSTED_FOR_DELEGATION, ACB_TRUSTED_FOR_DELEGATION },
      53             :         { UF_NOT_DELEGATED, ACB_NOT_DELEGATED },
      54             :         { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
      55             :         { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
      56             :         { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
      57             :         { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
      58             :         { UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
      59             :         { UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
      60             :         { UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
      61             : };
      62             : 
      63        1903 : uint32_t ds_acb2uf(uint32_t acb)
      64             : {
      65          81 :         unsigned int i;
      66        1903 :         uint32_t ret = 0;
      67       43769 :         for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
      68       41866 :                 if (acct_flags_map[i].acb & acb) {
      69        1721 :                         ret |= acct_flags_map[i].uf;
      70             :                 }
      71             :         }
      72        1903 :         return ret;
      73             : }
      74             : 
      75             : /*
      76             : translated the UserFlags (userAccountControl) to ACB_CTRL Flags
      77             : */
      78      504823 : uint32_t ds_uf2acb(uint32_t uf)
      79             : {
      80       20225 :         unsigned int i;
      81      504823 :         uint32_t ret = 0;
      82    11610929 :         for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
      83    11106106 :                 if (acct_flags_map[i].uf & uf) {
      84      307820 :                         ret |= acct_flags_map[i].acb;
      85             :                 }
      86             :         }
      87      504823 :         return ret;
      88             : }
      89             : 
      90             : /*
      91             : get the accountType from the UserFlags
      92             : */
      93       62275 : uint32_t ds_uf2atype(uint32_t uf)
      94             : {
      95       62275 :         uint32_t atype = 0x00000000;
      96             : 
      97       62275 :         if (uf & UF_NORMAL_ACCOUNT)                 atype = ATYPE_NORMAL_ACCOUNT;
      98        6933 :         else if (uf & UF_TEMP_DUPLICATE_ACCOUNT)    atype = ATYPE_NORMAL_ACCOUNT;
      99        6933 :         else if (uf & UF_SERVER_TRUST_ACCOUNT)              atype = ATYPE_WORKSTATION_TRUST;
     100        4626 :         else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST;
     101         100 :         else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST;
     102             : 
     103       62275 :         return atype;
     104             : }
     105             : 
     106             : /*
     107             : get the accountType from the groupType
     108             : */
     109        8819 : uint32_t ds_gtype2atype(uint32_t gtype)
     110             : {
     111        8819 :         uint32_t atype = 0x00000000;
     112             : 
     113        8819 :         switch(gtype) {
     114        2667 :                 case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
     115        2667 :                         atype = ATYPE_SECURITY_LOCAL_GROUP;
     116        2667 :                         break;
     117        2872 :                 case GTYPE_SECURITY_GLOBAL_GROUP:
     118        2872 :                         atype = ATYPE_SECURITY_GLOBAL_GROUP;
     119        2872 :                         break;
     120        1415 :                 case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
     121        1415 :                         atype = ATYPE_SECURITY_LOCAL_GROUP;
     122        1415 :                         break;
     123         590 :                 case GTYPE_SECURITY_UNIVERSAL_GROUP:
     124         590 :                         atype = ATYPE_SECURITY_UNIVERSAL_GROUP;
     125         590 :                         break;
     126             : 
     127          13 :                 case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
     128          13 :                         atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP;
     129          13 :                         break;
     130        1243 :                 case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
     131        1243 :                         atype = ATYPE_DISTRIBUTION_LOCAL_GROUP;
     132        1243 :                         break;
     133          16 :                 case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
     134          16 :                         atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP;
     135          16 :                         break;
     136             :         }
     137             : 
     138        8819 :         return atype;
     139             : }
     140             : 
     141             : /* turn a sAMAccountType into a SID_NAME_USE */
     142       63720 : enum lsa_SidType ds_atype_map(uint32_t atype)
     143             : {
     144       63720 :         switch (atype & 0xF0000000) {
     145         497 :         case ATYPE_GLOBAL_GROUP:
     146         497 :                 return SID_NAME_DOM_GRP;
     147       53684 :         case ATYPE_SECURITY_LOCAL_GROUP:
     148       53684 :                 return SID_NAME_ALIAS;
     149        9539 :         case ATYPE_ACCOUNT:
     150        9539 :                 return SID_NAME_USER;
     151           0 :         default:
     152           0 :                 DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
     153             :         }
     154           0 :         return SID_NAME_UNKNOWN;
     155             : }
     156             : 
     157             : /* get the default primary group RID for a given userAccountControl
     158             :  * (information according to MS-SAMR 3.1.1.8.1) */
     159       62147 : uint32_t ds_uf2prim_group_rid(uint32_t uf)
     160             : {
     161       62147 :         uint32_t prim_group_rid = DOMAIN_RID_USERS;
     162             : 
     163       62147 :         if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
     164         981 :          && (uf & UF_WORKSTATION_TRUST_ACCOUNT))    prim_group_rid = DOMAIN_RID_READONLY_DCS;
     165       61583 :         else if (uf & UF_SERVER_TRUST_ACCOUNT)      prim_group_rid = DOMAIN_RID_DCS;
     166       59276 :         else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
     167             : 
     168       62147 :         return prim_group_rid;
     169             : }
     170             : 
     171         646 : const char *dsdb_user_account_control_flag_bit_to_string(uint32_t uf)
     172             : {
     173         646 :         switch (uf) {
     174           1 :         case UF_SCRIPT:
     175           1 :                 return "UF_SCRIPT";
     176           2 :         case UF_ACCOUNTDISABLE:
     177           2 :                 return "UF_ACCOUNTDISABLE";
     178           2 :         case UF_00000004:
     179           2 :                 return "UF_00000004";
     180           2 :         case UF_HOMEDIR_REQUIRED:
     181           2 :                 return "UF_HOMEDIR_REQUIRED";
     182           2 :         case UF_LOCKOUT:
     183           2 :                 return "UF_LOCKOUT";
     184           2 :         case UF_PASSWD_NOTREQD:
     185           2 :                 return "UF_PASSWD_NOTREQD";
     186           2 :         case UF_PASSWD_CANT_CHANGE:
     187           2 :                 return "UF_PASSWD_CANT_CHANGE";
     188           2 :         case UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED:
     189           2 :                 return "UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED";
     190             : 
     191           2 :         case UF_TEMP_DUPLICATE_ACCOUNT:
     192           2 :                 return "UF_TEMP_DUPLICATE_ACCOUNT";
     193         212 :         case UF_NORMAL_ACCOUNT:
     194         212 :                 return "UF_NORMAL_ACCOUNT";
     195           2 :         case UF_00000400:
     196           2 :                 return "UF_00000400";
     197           2 :         case UF_INTERDOMAIN_TRUST_ACCOUNT:
     198           2 :                 return "UF_INTERDOMAIN_TRUST_ACCOUNT";
     199             : 
     200         162 :         case UF_WORKSTATION_TRUST_ACCOUNT:
     201         162 :                 return "UF_WORKSTATION_TRUST_ACCOUNT";
     202         161 :         case UF_SERVER_TRUST_ACCOUNT:
     203         161 :                 return "UF_SERVER_TRUST_ACCOUNT";
     204           2 :         case UF_00004000:
     205           2 :                 return "UF_00004000";
     206           2 :         case UF_00008000:
     207           2 :                 return "UF_00008000";
     208             : 
     209           2 :         case UF_DONT_EXPIRE_PASSWD:
     210           2 :                 return "UF_DONT_EXPIRE_PASSWD";
     211           2 :         case UF_MNS_LOGON_ACCOUNT:
     212           2 :                 return "UF_MNS_LOGON_ACCOUNT";
     213           2 :         case UF_SMARTCARD_REQUIRED:
     214           2 :                 return "UF_SMARTCARD_REQUIRED";
     215           2 :         case UF_TRUSTED_FOR_DELEGATION:
     216           2 :                 return "UF_TRUSTED_FOR_DELEGATION";
     217             : 
     218           2 :         case UF_NOT_DELEGATED:
     219           2 :                 return "UF_NOT_DELEGATED";
     220           2 :         case UF_USE_DES_KEY_ONLY:
     221           2 :                 return "UF_USE_DES_KEY_ONLY";
     222           2 :         case UF_DONT_REQUIRE_PREAUTH:
     223           2 :                 return "UF_DONT_REQUIRE_PREAUTH";
     224           2 :         case UF_PASSWORD_EXPIRED:
     225           2 :                 return "UF_PASSWORD_EXPIRED";
     226           2 :         case UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION:
     227           2 :                 return "UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION";
     228           2 :         case UF_NO_AUTH_DATA_REQUIRED:
     229           2 :                 return "UF_NO_AUTH_DATA_REQUIRED";
     230          58 :         case UF_PARTIAL_SECRETS_ACCOUNT:
     231          58 :                 return "UF_PARTIAL_SECRETS_ACCOUNT";
     232           2 :         case UF_USE_AES_KEYS:
     233           2 :                 return "UF_USE_AES_KEYS";
     234           4 :         default:
     235           5 :                 break;
     236             :         }
     237           5 :         return NULL;
     238             : }

Generated by: LCOV version 1.14