1 /* 2 Unix SMB/CIFS implementation. 3 User/Group specific flags 4 5 Copyright (C) Andrew Tridgell 2001-2003 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 3 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program. If not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* User flags for "userAccountControl" */ 22 #define UF_SCRIPT 0x00000001 /* NT or Lan Manager Login script must be executed */ 23 #define UF_ACCOUNTDISABLE 0x00000002 24 #define UF_00000004 0x00000004 25 #define UF_HOMEDIR_REQUIRED 0x00000008 26 27 #define UF_LOCKOUT 0x00000010 28 #define UF_PASSWD_NOTREQD 0x00000020 29 #define UF_PASSWD_CANT_CHANGE 0x00000040 30 #define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000080 31 32 #define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100 /* Local user account in usrmgr */ 33 #define UF_NORMAL_ACCOUNT 0x00000200 34 #define UF_00000400 0x00000400 35 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800 36 37 #define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000 38 #define UF_SERVER_TRUST_ACCOUNT 0x00002000 39 #define UF_00004000 0x00004000 40 #define UF_00008000 0x00008000 41 42 #define UF_DONT_EXPIRE_PASSWD 0x00010000 43 #define UF_MNS_LOGON_ACCOUNT 0x00020000 44 #define UF_SMARTCARD_REQUIRED 0x00040000 45 #define UF_TRUSTED_FOR_DELEGATION 0x00080000 46 47 #define UF_NOT_DELEGATED 0x00100000 48 #define UF_USE_DES_KEY_ONLY 0x00200000 49 #define UF_DONT_REQUIRE_PREAUTH 0x00400000 50 #define UF_PASSWORD_EXPIRED 0x00800000 51 #define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000 52 #define UF_NO_AUTH_DATA_REQUIRED 0x02000000 53 #define UF_PARTIAL_SECRETS_ACCOUNT 0x04000000 54 #define UF_USE_AES_KEYS 0x08000000 55 56 #define UF_TRUST_ACCOUNT_MASK (\ 57 UF_INTERDOMAIN_TRUST_ACCOUNT |\ 58 UF_WORKSTATION_TRUST_ACCOUNT |\ 59 UF_SERVER_TRUST_ACCOUNT \ 60 ) 61 62 #define UF_ACCOUNT_TYPE_MASK (\ 63 UF_TEMP_DUPLICATE_ACCOUNT |\ 64 UF_NORMAL_ACCOUNT |\ 65 UF_INTERDOMAIN_TRUST_ACCOUNT |\ 66 UF_WORKSTATION_TRUST_ACCOUNT |\ 67 UF_SERVER_TRUST_ACCOUNT \ 68 ) 69 70 /* 71 * MS-SAMR 2.2.1.13 UF_FLAG Codes states that some bits are ignored by 72 * clients and servers. Other flags (like UF_LOCKOUT have special 73 * behaviours, but are not set in the traditional sense). 74 * 75 * See the samldb module for the use of this define. 76 */ 77 78 #define UF_SETTABLE_BITS (\ 79 UF_ACCOUNTDISABLE |\ 80 UF_HOMEDIR_REQUIRED |\ 81 UF_PASSWD_NOTREQD |\ 82 UF_ACCOUNT_TYPE_MASK | \ 83 UF_DONT_EXPIRE_PASSWD | \ 84 UF_MNS_LOGON_ACCOUNT |\ 85 UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\ 86 UF_SMARTCARD_REQUIRED |\ 87 UF_TRUSTED_FOR_DELEGATION |\ 88 UF_NOT_DELEGATED |\ 89 UF_USE_DES_KEY_ONLY |\ 90 UF_DONT_REQUIRE_PREAUTH |\ 91 UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |\ 92 UF_NO_AUTH_DATA_REQUIRED |\ 93 UF_PARTIAL_SECRETS_ACCOUNT |\ 94 UF_USE_AES_KEYS \ 95 ) 96 97 /* Group flags for "groupType" */ 98 #define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001 99 #define GROUP_TYPE_ACCOUNT_GROUP 0x00000002 100 #define GROUP_TYPE_RESOURCE_GROUP 0x00000004 101 #define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008 102 #define GROUP_TYPE_APP_BASIC_GROUP 0x00000010 103 #define GROUP_TYPE_APP_QUERY_GROUP 0x00000020 104 #define GROUP_TYPE_SECURITY_ENABLED 0x80000000 105 106 #define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP ( \ 107 /* 0x80000005 -2147483643 */ \ 108 GROUP_TYPE_BUILTIN_LOCAL_GROUP| \ 109 GROUP_TYPE_RESOURCE_GROUP| \ 110 GROUP_TYPE_SECURITY_ENABLED \ 111 ) 112 #define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP ( \ 113 /* 0x80000004 -2147483644 */ \ 114 GROUP_TYPE_RESOURCE_GROUP| \ 115 GROUP_TYPE_SECURITY_ENABLED \ 116 ) 117 #define GTYPE_SECURITY_GLOBAL_GROUP ( \ 118 /* 0x80000002 -2147483646 */ \ 119 GROUP_TYPE_ACCOUNT_GROUP| \ 120 GROUP_TYPE_SECURITY_ENABLED \ 121 ) 122 #define GTYPE_SECURITY_UNIVERSAL_GROUP ( \ 123 /* 0x80000008 -2147483640 */ \ 124 GROUP_TYPE_UNIVERSAL_GROUP| \ 125 GROUP_TYPE_SECURITY_ENABLED \ 126 ) 127 #define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */ 128 #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */ 129 #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */ 130 131 /* Account flags for "sAMAccountType" */ 132 #define ATYPE_NORMAL_ACCOUNT 0x30000000 /* 805306368 */ 133 #define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */ 134 #define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */ 135 #define ATYPE_SECURITY_GLOBAL_GROUP 0x10000000 /* 268435456 */ 136 #define ATYPE_SECURITY_LOCAL_GROUP 0x20000000 /* 536870912 */ 137 #define ATYPE_SECURITY_UNIVERSAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP 138 #define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */ 139 #define ATYPE_DISTRIBUTION_LOCAL_GROUP 0x20000001 /* 536870913 */ 140 #define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ATYPE_DISTRIBUTION_GLOBAL_GROUP 141 142 #define ATYPE_ACCOUNT ATYPE_NORMAL_ACCOUNT /* 0x30000000 805306368 */ 143 #define ATYPE_GLOBAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP /* 0x10000000 268435456 */ 144 #define ATYPE_LOCAL_GROUP ATYPE_SECURITY_LOCAL_GROUP /* 0x20000000 536870912 */ 145 146 /* "instanceType" */ 147 #define INSTANCE_TYPE_IS_NC_HEAD 0x00000001 148 #define INSTANCE_TYPE_UNINSTANT 0x00000002 149 #define INSTANCE_TYPE_WRITE 0x00000004 150 #define INSTANCE_TYPE_NC_ABOVE 0x00000008 151 #define INSTANCE_TYPE_NC_COMING 0x00000010 152 #define INSTANCE_TYPE_NC_GOING 0x00000020 153 154 /* "systemFlags" */ 155 #define SYSTEM_FLAG_CR_NTDS_NC 0x00000001 156 #define SYSTEM_FLAG_CR_NTDS_DOMAIN 0x00000002 157 #define SYSTEM_FLAG_CR_NTDS_NOT_GC_REPLICATED 0x00000004 158 #define SYSTEM_FLAG_SCHEMA_BASE_OBJECT 0x00000010 159 #define SYSTEM_FLAG_ATTR_IS_RDN 0x00000020 160 #define SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE 0x02000000 161 #define SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE 0x04000000 162 #define SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME 0x08000000 163 #define SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE 0x10000000 164 #define SYSTEM_FLAG_CONFIG_ALLOW_MOVE 0x20000000 165 #define SYSTEM_FLAG_CONFIG_ALLOW_RENAME 0x40000000 166 #define SYSTEM_FLAG_DISALLOW_DELETE 0x80000000 167 168 /* schemaFlags_Ex */ 169 #define SCHEMA_FLAG_ATTR_IS_CRITICAL 0x0000001 170 171 /* "searchFlags" */ 172 #define SEARCH_FLAG_ATTINDEX 0x0000001 173 #define SEARCH_FLAG_PDNTATTINDEX 0x0000002 174 #define SEARCH_FLAG_ANR 0x0000004 175 #define SEARCH_FLAG_PRESERVEONDELETE 0x0000008 176 #define SEARCH_FLAG_COPY 0x0000010 177 #define SEARCH_FLAG_TUPLEINDEX 0x0000020 178 #define SEARCH_FLAG_SUBTREEATTRINDEX 0x0000040 179 #define SEARCH_FLAG_CONFIDENTIAL 0x0000080 180 #define SEARCH_FLAG_NEVERVALUEAUDIT 0x0000100 181 #define SEARCH_FLAG_RODC_ATTRIBUTE 0x0000200 182 183 /* "domainFunctionality", "forestFunctionality" and "domainControllerFunctionality" in the rootDSE */ 184 #define DS_DOMAIN_FUNCTION_2000 0 185 #define DS_DOMAIN_FUNCTION_2003_MIXED 1 /* Not a valid/meaningful 186 * domainControllerFunctionality 187 * Level */ 188 #define DS_DOMAIN_FUNCTION_2003 2 189 #define DS_DOMAIN_FUNCTION_2008 3 190 #define DS_DOMAIN_FUNCTION_2008_R2 4 191 #define DS_DOMAIN_FUNCTION_2012 5 192 #define DS_DOMAIN_FUNCTION_2012_R2 6 193 #define DS_DOMAIN_FUNCTION_2016 7 194 195 /* sa->systemFlags on attributes */ 196 #define DS_FLAG_ATTR_NOT_REPLICATED 0x00000001 197 #define DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER 0x00000002 198 #define DS_FLAG_ATTR_IS_CONSTRUCTED 0x00000004 199 200 /* 7.1.1.2.2.1.1 nTDSSiteSettings Object options */ 201 #define DS_NTDSSETTINGS_OPT_IS_AUTO_TOPOLOGY_DISABLED 0x00000001 202 #define DS_NTDSSETTINGS_OPT_IS_TOPL_CLEANUP_DISABLED 0x00000002 203 #define DS_NTDSSETTINGS_OPT_IS_TOPL_MIN_HOPS_DISABLED 0x00000004 204 #define DS_NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED 0x00000008 205 #define DS_NTDSSETTINGS_OPT_IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED 0x00000010 206 #define DS_NTDSSETTINGS_OPT_IS_GROUP_CACHING_ENABLED 0x00000020 207 #define DS_NTDSSETTINGS_OPT_FORCE_KCC_WHISTLER_BEHAVIOR 0x00000040 208 #define DS_NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED 0x00000100 209 #define DS_NTDSSETTINGS_OPT_IS_SCHEDULE_HASHING_ENABLED 0x00000200 210 #define DS_NTDSSETTINGS_OPT_IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED 0x00000400 211 212 /* 7.1.1.2.2.1.2.1.1 nTDSDSA Object options flags */ 213 #define DS_NTDSDSA_OPT_IS_GC 0x00000001 214 #define DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL 0x00000002 215 #define DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL 0x00000004 216 #define DS_NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE 0x00000008 217 #define DS_NTDSDSA_OPT_DISABLE_SPN_REGISTRATION 0x00000010 218 219 /* wellknown GUID strings for AD objects. See MS-ADTS 7.1.1.4 */ 220 #define DS_GUID_COMPUTERS_CONTAINER "AA312825768811D1ADED00C04FD8D5CD" 221 #define DS_GUID_DELETED_OBJECTS_CONTAINER "18E2EA80684F11D2B9AA00C04F79F805" 222 #define DS_GUID_DOMAIN_CONTROLLERS_CONTAINER "A361B2FFFFD211D1AA4B00C04FD7D83A" 223 #define DS_GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER "22B70C67D56E4EFB91E9300FCA3DC1AA" 224 #define DS_GUID_INFRASTRUCTURE_CONTAINER "2FBAC1870ADE11D297C400C04FD8D5CD" 225 #define DS_GUID_LOSTANDFOUND_CONTAINER "AB8153B7768811D1ADED00C04FD8D5CD" 226 #define DS_GUID_MICROSOFT_PROGRAM_DATA_CONTAINER "F4BE92A4C777485E878E9421D53087DB" 227 #define DS_GUID_NTDS_QUOTAS_CONTAINER "6227F0AF1FC2410D8E3BB10615BB5B0F" 228 #define DS_GUID_PROGRAM_DATA_CONTAINER "09460C08AE1E4A4EA0F64AEE7DAA1E5A" 229 #define DS_GUID_SYSTEMS_CONTAINER "AB1D30F3768811D1ADED00C04FD8D5CD" 230 #define DS_GUID_USERS_CONTAINER "A9D1CA15768811D1ADED00C04FD8D5CD" 231 232 /* wellknown GUIDs for optional directory features */ 233 #define DS_GUID_FEATURE_RECYCLE_BIN "766ddcd8-acd0-445e-f3b9-a7f9b6744f2a" 234 235 /* dsHeuristics character indexes see MS-ADTS 7.1.1.2.4.1.2 */ 236 237 #define DS_HR_SUPFIRSTLASTANR 0x00000001 238 #define DS_HR_SUPLASTFIRSTANR 0x00000002 239 #define DS_HR_DOLISTOBJECT 0x00000003 240 #define DS_HR_DONICKRES 0x00000004 241 #define DS_HR_LDAP_USEPERMMOD 0x00000005 242 #define DS_HR_HIDEDSID 0x00000006 243 #define DS_HR_BLOCK_ANONYMOUS_OPS 0x00000007 244 #define DS_HR_ALLOW_ANON_NSPI 0x00000008 245 #define DS_HR_USER_PASSWORD_SUPPORT 0x00000009 246 #define DS_HR_TENTH_CHAR 0x0000000A 247 #define DS_HR_SPECIFY_GUID_ON_ADD 0x0000000B 248 #define DS_HR_NO_STANDARD_SD 0x0000000C 249 #define DS_HR_ALLOW_NONSECURE_PWD_OPS 0x0000000D 250 #define DS_HR_NO_PROPAGATE_ON_NOCHANGE 0x0000000E 251 #define DS_HR_COMPUTE_ANR_STATS 0x0000000F 252 #define DS_HR_ADMINSDEXMASK 0x00000010 253 #define DS_HR_KVNOEMUW2K 0x00000011 254 255 #define DS_HR_TWENTIETH_CHAR 0x00000014 256 #define DS_HR_THIRTIETH_CHAR 0x0000001E 257 #define DS_HR_FOURTIETH_CHAR 0x00000028 258 #define DS_HR_FIFTIETH_CHAR 0x00000032 259 #define DS_HR_SIXTIETH_CHAR 0x0000003C 260 #define DS_HR_SEVENTIETH_CHAR 0x00000046 261 #define DS_HR_EIGHTIETH_CHAR 0x00000050 262 #define DS_HR_NINETIETH_CHAR 0x0000005A 263 264 /* mS-DS-ReplicatesNCReason */ 265 #define NTDSCONN_KCC_GC_TOPOLOGY 0x00000001 266 #define NTDSCONN_KCC_RING_TOPOLOGY 0x00000002 267 #define NTDSCONN_KCC_MINIMIZE_HOPS_TOPOLOGY 0x00000004 268 #define NTDSCONN_KCC_STALE_SERVERS_TOPOLOGY 0x00000008 269 #define NTDSCONN_KCC_OSCILLATING_CONNECTION_TOPOLOGY 0x00000010 270 #define NTDSCONN_KCC_INTERSITE_GC_TOPOLOGY 0x00000020 271 #define NTDSCONN_KCC_INTERSITE_TOPOLOGY 0x00000040 272 #define NTDSCONN_KCC_SERVER_FAILOVER_TOPOLOGY 0x00000080 273 #define NTDSCONN_KCC_SITE_FAILOVER_TOPOLOGY 0x00000100 274 #define NTDSCONN_KCC_REDUNDANT_SERVER_TOPOLOGY 0x00000200 275 276 #define NTDSCONN_OPT_IS_GENERATED 0x00000001 277 #define NTDSCONN_OPT_TWOWAY_SYNC 0x00000002 278 #define NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT 0x00000004 279 #define NTDSCONN_OPT_USE_NOTIFY 0x00000008 280 #define NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION 0x00000010 281 #define NTDSCONN_OPT_USER_OWNED_SCHEDULE 0x00000020 282 #define NTDSCONN_OPT_RODC_TOPOLOGY 0x00000040 283 284 /* 7.1.1.2.2.3.3 Site Link Object options flags */ 285 #define NTDSSITELINK_OPT_USE_NOTIFY 0x00000001 286 #define NTDSSITELINK_OPT_TWOWAY_SYNC 0x00000002 287 #define NTDSSITELINK_OPT_DISABLE_COMPRESSION 0x00000004 288