From b06d2abe746fb7873846e9f14bb8d3895c4290ed Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 25 Sep 2002 09:40:45 +0000 Subject: Another patch from metze, towards his work on sam_ads. See mx-ldap.sf.net for his current progress. (This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0) --- source3/include/ads.h | 13 +++--- source3/include/sam.h | 6 +-- source3/libads/ads_utils.c | 98 +++++++++++++++++++++++++++++++++++++++++++++- source3/libads/ldap.c | 2 +- 4 files changed, 108 insertions(+), 11 deletions(-) diff --git a/source3/include/ads.h b/source3/include/ads.h index 875b895e49..0181ae535e 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -134,6 +134,7 @@ typedef void **ADS_MODLIST; #define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319" #define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339" #define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473" +#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413" /* UserFlags for userAccountControl */ #define UF_SCRIPT 0x00000001 @@ -163,7 +164,7 @@ typedef void **ADS_MODLIST; #define UF_NOT_DELEGATED 0x00100000 #define UF_USE_DES_KEY_ONLY 0x00200000 -#define UF_DONT_REQUIRE_PREAUTH 0x00400000 +#define UF_DONT_REQUIRE_PREAUTH 0x00400000 #define UF_UNUSED_5 0x00800000 #define UF_UNUSED_6 0x01000000 @@ -210,11 +211,11 @@ typedef void **ADS_MODLIST; /* sAMAccountType */ #define ATYPE_NORMAL_ACCOUNT 0x30000000 /* 805306368 */ -#define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */ -#define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */ +#define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */ +#define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */ #define ATYPE_SECURITY_GLOBAL_GROUP 0x10000000 /* 268435456 */ -#define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */ -#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP AT_DISTRIBUTION_GLOBAL_GROUP +#define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */ +#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ATYPE_DISTRIBUTION_GLOBAL_GROUP #define ATYPE_SECURITY_LOCAL_GROUP 0x20000000 /* 536870912 */ #define ATYPE_DISTRIBUTION_LOCAL_GROUP 0x20000001 /* 536870913 */ @@ -226,7 +227,7 @@ typedef void **ADS_MODLIST; #define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP 0x80000005 /* -2147483643 */ #define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP 0x80000004 /* -2147483644 */ #define GTYPE_SECURITY_GLOBAL_GROUP 0x80000002 /* -2147483646 */ -#define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */ +#define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */ #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */ #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */ diff --git a/source3/include/sam.h b/source3/include/sam.h index 4d18ec61b9..2157a37065 100644 --- a/source3/include/sam.h +++ b/source3/include/sam.h @@ -152,10 +152,10 @@ typedef struct sam_group_enum { /* bits for group_ctrl: to spezify if the group is global group or alias */ -#define GCB_LOCAL_GROUP 0x0001 -#define GCB_ALIAS_GROUP GCB_LOCAL_GROUP +#define GCB_LOCAL_GROUP 0x0001 +#define GCB_ALIAS_GROUP (GCB_LOCAL_GROUP |GCB_BUILTIN) #define GCB_GLOBAL_GROUP 0x0002 - +#define GCB_BUILTIN 0x1000 typedef struct sam_context { diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c index 1789193d7e..fc8a270021 100644 --- a/source3/libads/ads_utils.c +++ b/source3/libads/ads_utils.c @@ -46,7 +46,9 @@ uint32 ads_acb2uf(uint16 acb) return uf; } -/* translated the UserFlags (userAccountControl) to ACB_CTRL Flags */ +/* +translated the UserFlags (userAccountControl) to ACB_CTRL Flags +*/ uint16 ads_uf2acb(uint32 uf) { uint16 acb = 0x0000; @@ -72,4 +74,98 @@ uint16 ads_uf2acb(uint32 uf) return acb; } +/* +get the accountType from the UserFlags +*/ +uint32 ads_uf2atype(uint32 uf) +{ + uint32 atype = 0x00000000; + + if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; + else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; + else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; + else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; + else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST; + + return atype; +} + +/* +translated the GROUP_CTRL Flags to GroupType (groupType) +*/ +uint32 ads_gcb2gtype(uint16 gcb) +{ + uint32 gtype = 0x00000000; + + if (gcb & GCB_ALIAS_GROUP) gtype |= GTYPE_SECURITY_BUILTIN_LOCAL_GROUP; + else if(gcb & GCB_LOCAL_GROUP) gtype |= GTYPE_SECURITY_DOMAIN_LOCAL_GROUP; + if (gcb & GCB_GLOBAL_GROUP) gtype |= GTYPE_SECURITY_GLOBAL_GROUP; + + return gtype; +} + +/* +translated the GroupType (groupType) to GROUP_CTRL Flags +*/ +uint16 ads_gtype2gcb(uint32 gtype) +{ + uint16 gcb = 0x0000; + + switch(gtype) { + case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: + gcb = GCB_ALIAS_GROUP; + break; + case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: + gcb = GCB_LOCAL_GROUP; + break; + case GTYPE_SECURITY_GLOBAL_GROUP: + gcb = GCB_GLOBAL_GROUP; + break; + + case GTYPE_DISTRIBUTION_GLOBAL_GROUP: + gcb = GCB_GLOBAL_GROUP; + break; + case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: + gcb = GCB_LOCAL_GROUP; + break; + case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: + gcb = GCB_GLOBAL_GROUP; + break; + } + + return gcb; +} + +/* +get the accountType from the groupType +*/ +uint32 ads_gtype2atype(uint32 gtype) +{ + uint32 atype = 0x00000000; + + switch(gtype) { + case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: + atype = ATYPE_SECURITY_LOCAL_GROUP; + break; + case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: + atype = ATYPE_SECURITY_LOCAL_GROUP; + break; + case GTYPE_SECURITY_GLOBAL_GROUP: + atype = ATYPE_SECURITY_GLOBAL_GROUP; + break; + + case GTYPE_DISTRIBUTION_GLOBAL_GROUP: + atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP; + break; + case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: + atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP; + break; + case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: + atype = ATYPE_DISTRIBUTION_LOCAL_GROUP; + break; + } + + return atype; +} + #endif diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 385a9bd93f..7a0afb1a81 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -890,7 +890,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) non-existent attribute (but allowable for the object) to run */ LDAPControl PermitModify = { - "1.2.840.113556.1.4.1413", + ADS_PERMIT_MODIFY_OID, {0, NULL}, (char) 1}; LDAPControl *controls[2]; -- cgit