Load samba-3.6.2 into branches/samba/upstream.upstream/3.6.2

git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@3992 fc4039ab-9d04-0410-8cac-899223bdd6b0

4 files changed, 129 insertions, 13 deletions

diff --git a/libds/common/flag_mapping.c b/libds/common/flag_mapping.c
index 429ccacb49..ddc8ec5c19 100644
--- a/libds/common/flag_mapping.c
+++ b/libds/common/flag_mapping.c
@@ -4,6 +4,7 @@
 
    Copyright (C) Stefan (metze) Metzmacher 2002
    Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Matthias Dieter Wallnöfer 2010
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,6 +23,7 @@
 #include "includes.h"
 #include "librpc/gen_ndr/samr.h"
 #include "../libds/common/flags.h"
+#include "flag_mapping.h"
 
 /*
 translated the ACB_CTRL Flags to UserFlags (userAccountControl)
@@ -49,12 +51,16 @@ static const struct {
 	{ UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
 	{ UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
 	{ UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
-	{ UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD }
+	{ UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
+	{ UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
+	{ UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
+	{ UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
 };
 
 uint32_t ds_acb2uf(uint32_t acb)
 {
-	uint32_t i, ret = 0;
+	unsigned int i;
+	uint32_t ret = 0;
 	for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
 		if (acct_flags_map[i].acb & acb) {
 			ret |= acct_flags_map[i].uf;
@@ -68,7 +74,7 @@ translated the UserFlags (userAccountControl) to ACB_CTRL Flags
 */
 uint32_t ds_uf2acb(uint32_t uf)
 {
-	uint32_t i;
+	unsigned int i;
 	uint32_t ret = 0;
 	for (i=0;i<ARRAY_SIZE(acct_flags_map);i++) {
 		if (acct_flags_map[i].uf & uf) {
@@ -144,3 +150,17 @@ enum lsa_SidType ds_atype_map(uint32_t atype)
 	}
 	return SID_NAME_UNKNOWN;
 }
+
+/* get the default primary group RID for a given userAccountControl
+ * (information according to MS-SAMR 3.1.1.8.1) */
+uint32_t ds_uf2prim_group_rid(uint32_t uf)
+{
+	uint32_t prim_group_rid = DOMAIN_RID_USERS;
+
+	if ((uf & UF_PARTIAL_SECRETS_ACCOUNT)
+	 && (uf & UF_WORKSTATION_TRUST_ACCOUNT))    prim_group_rid = DOMAIN_RID_READONLY_DCS;
+	else if (uf & UF_SERVER_TRUST_ACCOUNT)      prim_group_rid = DOMAIN_RID_DCS;
+	else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) prim_group_rid = DOMAIN_RID_DOMAIN_MEMBERS;
+
+	return prim_group_rid;
+}
diff --git a/libds/common/flag_mapping.h b/libds/common/flag_mapping.h
new file mode 100644
index 0000000000..ae721da894
--- /dev/null
+++ b/libds/common/flag_mapping.h
@@ -0,0 +1,35 @@
+/*
+   Unix SMB/CIFS implementation.
+   helper mapping functions for the UF and ACB flags
+
+   Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Matthias Dieter Wallnöfer 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBDS_COMMON_FLAG_MAPPING_H__
+#define __LIBDS_COMMON_FLAG_MAPPING_H__
+
+/* The following definitions come from flag_mapping.c  */
+
+uint32_t ds_acb2uf(uint32_t acb);
+uint32_t ds_uf2acb(uint32_t uf);
+uint32_t ds_uf2atype(uint32_t uf);
+uint32_t ds_gtype2atype(uint32_t gtype);
+enum lsa_SidType ds_atype_map(uint32_t atype);
+uint32_t ds_uf2prim_group_rid(uint32_t uf);
+
+#endif /* __LIBDS_COMMON_FLAG_MAPPING_H__ */
diff --git a/libds/common/flags.h b/libds/common/flags.h
index 37103bcec2..a3ed771c4e 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -48,9 +48,10 @@
 #define UF_USE_DES_KEY_ONLY			0x00200000
 #define UF_DONT_REQUIRE_PREAUTH			0x00400000
 #define UF_PASSWORD_EXPIRED			0x00800000
-
 #define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000
 #define UF_NO_AUTH_DATA_REQUIRED		0x02000000
+#define UF_PARTIAL_SECRETS_ACCOUNT		0x04000000
+#define UF_USE_AES_KEYS                         0x08000000
 
 #define UF_MACHINE_ACCOUNT_MASK (\
 		UF_INTERDOMAIN_TRUST_ACCOUNT |\
@@ -110,7 +111,7 @@
 		GROUP_TYPE_SECURITY_ENABLED \
 		)
 #define GTYPE_SECURITY_UNIVERSAL_GROUP ( \
-		/* 0x80000008 -2147483656 */ \
+		/* 0x80000008 -2147483640 */ \
 		GROUP_TYPE_UNIVERSAL_GROUP| \
 		GROUP_TYPE_SECURITY_ENABLED \
 		)
@@ -155,6 +156,9 @@
 #define SYSTEM_FLAG_CONFIG_ALLOW_RENAME		0x40000000
 #define SYSTEM_FLAG_DISALLOW_DELETE		0x80000000
 
+/* schemaFlags_Ex */
+#define SCHEMA_FLAG_ATTR_IS_CRITICAL	0x0000001
+
 /* "searchFlags" */
 #define SEARCH_FLAG_ATTINDEX		0x0000001
 #define SEARCH_FLAG_PDNTATTINDEX	0x0000002
@@ -167,19 +171,72 @@
 #define SEARCH_FLAG_NEVERVALUEAUDIT	0x0000100
 #define SEARCH_FLAG_RODC_ATTRIBUTE	0x0000200
 
-/* "domainFunctionality", "forestFunctionality" in the rootDSE */
+/* "domainFunctionality", "forestFunctionality" and "domainControllerFunctionality" in the rootDSE */
 #define DS_DOMAIN_FUNCTION_2000		0
-#define DS_DOMAIN_FUNCTION_2003_MIXED	1
+#define DS_DOMAIN_FUNCTION_2003_MIXED	1 /* Not a valid/meaningful
+					   * domainControllerFunctionality
+					   * Level */
 #define DS_DOMAIN_FUNCTION_2003		2
 #define DS_DOMAIN_FUNCTION_2008		3
 #define DS_DOMAIN_FUNCTION_2008_R2	4 
 
-/* "domainControllerFunctionality" in the rootDSE */
-#define DS_DC_FUNCTION_2000		0
-#define DS_DC_FUNCTION_2003		2
-#define DS_DC_FUNCTION_2008		3
-#define DS_DC_FUNCTION_2008_R2		4
-
 /* sa->systemFlags on attributes */
 #define DS_FLAG_ATTR_NOT_REPLICATED    0x00000001
+#define DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER 0x00000002
 #define DS_FLAG_ATTR_IS_CONSTRUCTED    0x00000004
+
+/* 7.1.1.2.2.1.2.1.1           nTDSDSA Object options flags */
+#define DS_NTDSDSA_OPT_IS_GC                    0x00000001
+#define DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL     0x00000002
+#define DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL    0x00000004
+#define DS_NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE   0x00000008
+#define DS_NTDSDSA_OPT_DISABLE_SPN_REGISTRATION 0x00000010
+
+/* wellknown GUID strings for AD objects. See MS-ADTS 7.1.1.4 */
+#define DS_GUID_COMPUTERS_CONTAINER                   "AA312825768811D1ADED00C04FD8D5CD"
+#define DS_GUID_DELETED_OBJECTS_CONTAINER             "18E2EA80684F11D2B9AA00C04F79F805"
+#define DS_GUID_DOMAIN_CONTROLLERS_CONTAINER          "A361B2FFFFD211D1AA4B00C04FD7D83A"
+#define DS_GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER   "22B70C67D56E4EFB91E9300FCA3DC1AA"
+#define DS_GUID_INFRASTRUCTURE_CONTAINER              "2FBAC1870ADE11D297C400C04FD8D5CD"
+#define DS_GUID_LOSTANDFOUND_CONTAINER                "AB8153B7768811D1ADED00C04FD8D5CD"
+#define DS_GUID_MICROSOFT_PROGRAM_DATA_CONTAINER      "F4BE92A4C777485E878E9421D53087DB"
+#define DS_GUID_NTDS_QUOTAS_CONTAINER                 "6227F0AF1FC2410D8E3BB10615BB5B0F"
+#define DS_GUID_PROGRAM_DATA_CONTAINER                "09460C08AE1E4A4EA0F64AEE7DAA1E5A"
+#define DS_GUID_SYSTEMS_CONTAINER                     "AB1D30F3768811D1ADED00C04FD8D5CD"
+#define DS_GUID_USERS_CONTAINER                       "A9D1CA15768811D1ADED00C04FD8D5CD"
+
+/* wellknown GUIDs for optional directory features */
+#define DS_GUID_FEATURE_RECYCLE_BIN		      "766ddcd8-acd0-445e-f3b9-a7f9b6744f2a"
+
+/* dsHeuristics character indexes see MS-ADTS 7.1.1.2.4.1.2 */
+
+#define DS_HR_SUPFIRSTLASTANR                     0x00000001
+#define DS_HR_SUPLASTFIRSTANR                     0x00000002
+#define DS_HR_DOLISTOBJECT                        0x00000003
+#define DS_HR_DONICKRES                           0x00000004
+#define DS_HR_LDAP_USEPERMMOD                     0x00000005
+#define DS_HR_HIDEDSID                            0x00000006
+#define DS_HR_BLOCK_ANONYMOUS_OPS                 0x00000007
+#define DS_HR_ALLOW_ANON_NSPI                     0x00000008
+#define DS_HR_USER_PASSWORD_SUPPORT               0x00000009
+#define DS_HR_TENTH_CHAR                          0x0000000A
+#define DS_HR_SPECIFY_GUID_ON_ADD                 0x0000000B
+#define DS_HR_NO_STANDARD_SD                      0x0000000C
+#define DS_HR_ALLOW_NONSECURE_PWD_OPS             0x0000000D
+#define DS_HR_NO_PROPAGATE_ON_NOCHANGE            0x0000000E
+#define DS_HR_COMPUTE_ANR_STATS                   0x0000000F
+#define DS_HR_ADMINSDEXMASK                       0x00000010
+#define DS_HR_KVNOEMUW2K                          0x00000011
+#define DS_HR_LDAP_BYPASS_UPPER_LIMIT_BOUNDS      0x00000012
+
+/* mS-DS-ReplicatesNCReason */
+#define NTDSCONN_KCC_GC_TOPOLOGY		     0x00000001
+#define NTDSCONN_KCC_RING_TOPOLOGY		     0x00000002
+#define NTDSCONN_KCC_MINIMIZE_HOPS_TOPOLOGY          0x00000004
+#define NTDSCONN_KCC_STALE_SERVERS_TOPOLOGY          0x00000008
+#define NTDSCONN_KCC_OSCILLATING_CONNECTION_TOPOLOGY 0x00000010
+#define NTDSCONN_KCC_INTERSITE_GC_TOPOLOGY	     0x00000020
+#define NTDSCONN_KCC_INTERSITE_TOPOLOGY              0x00000040
+#define NTDSCONN_KCC_SERVER_FAILOVER_TOPOLOGY        0x00000080
+#define NTDSCONN_KCC_SITE_FAILOVER_TOPOLOGY          0x00000100
+#define NTDSCONN_KCC_REDUNDANT_SERVER_TOPOLOGY       0x00000200
diff --git a/libds/common/wscript_build b/libds/common/wscript_build
new file mode 100644
index 0000000000..f6ed2091a5
--- /dev/null
+++ b/libds/common/wscript_build
@@ -0,0 +1,4 @@
+
+bld.SAMBA_SUBSYSTEM('flag_mapping',
+                    public_deps='talloc replace',
+                    source='flag_mapping.c')