2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2010
4 Copyright (C) Matthias Dieter Wallnöfer 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "libcli/security/security.h"
26 #include "librpc/ndr/libndr.h"
27 #include "system/kerberos.h"
28 #include "auth/kerberos/kerberos.h"
29 #include "librpc/rpc/pyrpc_util.h"
30 #include "lib/policy/policy.h"
32 /* There's no Py_ssize_t in 2.4, apparently */
33 #if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
34 typedef int Py_ssize_t;
35 typedef inquiry lenfunc;
36 typedef intargfunc ssizeargfunc;
39 /* FIXME: These should be in a header file somewhere, once we finish moving
40 * away from SWIG .. */
41 #define PyErr_LDB_OR_RAISE(py_ldb, ldb) \
42 /* if (!PyLdb_Check(py_ldb)) { \
43 PyErr_SetString(py_ldb_get_exception(), "Ldb connection object required"); \
46 ldb = PyLdb_AsLdbContext(py_ldb);
48 static PyObject *py_ldb_get_exception(void)
50 PyObject *mod = PyImport_ImportModule("ldb");
54 return PyObject_GetAttrString(mod, "LdbError");
57 static void PyErr_SetLdbError(PyObject *error, int ret, struct ldb_context *ldb_ctx)
59 if (ret == LDB_ERR_PYTHON_EXCEPTION)
60 return; /* Python exception should already be set, just keep that */
62 PyErr_SetObject(error,
63 Py_BuildValue(discard_const_p(char, "(i,s)"), ret,
64 ldb_ctx == NULL?ldb_strerror(ret):ldb_errstring(ldb_ctx)));
67 static PyObject *py_samdb_server_site_name(PyObject *self, PyObject *args)
69 PyObject *py_ldb, *result;
70 struct ldb_context *ldb;
74 if (!PyArg_ParseTuple(args, "O", &py_ldb))
77 PyErr_LDB_OR_RAISE(py_ldb, ldb);
79 mem_ctx = talloc_new(NULL);
80 if (mem_ctx == NULL) {
85 site = samdb_server_site_name(ldb, mem_ctx);
87 PyErr_SetString(PyExc_RuntimeError, "Failed to find server site");
92 result = PyString_FromString(site);
97 static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self,
100 char *target_str, *mapping;
102 struct ldb_context *ldb;
106 if (!PyArg_ParseTuple(args, "Oss", &py_ldb, &target_str, &mapping))
109 PyErr_LDB_OR_RAISE(py_ldb, ldb);
111 retstr = dsdb_convert_schema_to_openldap(ldb, target_str, mapping);
112 if (retstr == NULL) {
113 PyErr_SetString(PyExc_RuntimeError,
114 "dsdb_convert_schema_to_openldap failed");
118 ret = PyString_FromString(retstr);
123 static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args)
125 PyObject *py_ldb, *py_sid;
126 struct ldb_context *ldb;
130 if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid))
133 PyErr_LDB_OR_RAISE(py_ldb, ldb);
135 sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
141 ret = samdb_set_domain_sid(ldb, sid);
144 PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed");
150 static PyObject *py_samdb_set_ntds_settings_dn(PyLdbObject *self, PyObject *args)
152 PyObject *py_ldb, *py_ntds_settings_dn;
153 struct ldb_context *ldb;
154 struct ldb_dn *ntds_settings_dn;
158 if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_ntds_settings_dn))
161 PyErr_LDB_OR_RAISE(py_ldb, ldb);
163 tmp_ctx = talloc_new(NULL);
164 if (tmp_ctx == NULL) {
169 if (!PyObject_AsDn(tmp_ctx, py_ntds_settings_dn, ldb, &ntds_settings_dn)) {
170 /* exception thrown by "PyObject_AsDn" */
171 talloc_free(tmp_ctx);
175 ret = samdb_set_ntds_settings_dn(ldb, ntds_settings_dn);
176 talloc_free(tmp_ctx);
178 PyErr_SetString(PyExc_RuntimeError, "set_ntds_settings_dn failed");
184 static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
187 struct ldb_context *ldb;
188 const struct dom_sid *sid;
192 if (!PyArg_ParseTuple(args, "O", &py_ldb))
195 PyErr_LDB_OR_RAISE(py_ldb, ldb);
197 sid = samdb_domain_sid(ldb);
199 PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
203 retstr = dom_sid_string(NULL, sid);
204 if (retstr == NULL) {
208 ret = PyString_FromString(retstr);
213 static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args)
215 PyObject *py_ldb, *result;
216 struct ldb_context *ldb;
217 const struct GUID *guid;
220 if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
224 PyErr_LDB_OR_RAISE(py_ldb, ldb);
226 guid = samdb_ntds_invocation_id(ldb);
228 PyErr_SetString(PyExc_RuntimeError,
229 "Failed to find NTDS invocation ID");
233 retstr = GUID_string(NULL, guid);
234 if (retstr == NULL) {
238 result = PyString_FromString(retstr);
243 static PyObject *py_dsdb_get_oid_from_attid(PyObject *self, PyObject *args)
246 struct ldb_context *ldb;
248 struct dsdb_schema *schema;
254 if (!PyArg_ParseTuple(args, "Oi", &py_ldb, &attid))
257 PyErr_LDB_OR_RAISE(py_ldb, ldb);
259 mem_ctx = talloc_new(NULL);
265 schema = dsdb_get_schema(ldb, mem_ctx);
267 PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb \n");
268 talloc_free(mem_ctx);
272 status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, attid,
274 if (!W_ERROR_IS_OK(status)) {
275 PyErr_SetWERROR(status);
276 talloc_free(mem_ctx);
280 ret = PyString_FromString(oid);
282 talloc_free(mem_ctx);
288 static PyObject *py_dsdb_get_attid_from_lDAPDisplayName(PyObject *self, PyObject *args)
290 PyObject *py_ldb, *is_schema_nc;
291 struct ldb_context *ldb;
292 struct dsdb_schema *schema;
293 const char *ldap_display_name;
294 bool schema_nc = false;
295 const struct dsdb_attribute *a;
298 if (!PyArg_ParseTuple(args, "OsO", &py_ldb, &ldap_display_name, &is_schema_nc))
301 PyErr_LDB_OR_RAISE(py_ldb, ldb);
304 if (!PyBool_Check(is_schema_nc)) {
305 PyErr_SetString(PyExc_TypeError, "Expected boolean is_schema_nc");
308 if (is_schema_nc == Py_True) {
313 schema = dsdb_get_schema(ldb, NULL);
316 PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
320 a = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
322 PyErr_Format(PyExc_RuntimeError, "Failed to find attribute '%s'", ldap_display_name);
326 attid = dsdb_attribute_get_attid(a, schema_nc);
328 return PyLong_FromUnsignedLong(attid);
332 convert a python string to a DRSUAPI drsuapi_DsReplicaAttribute attribute
334 static PyObject *py_dsdb_DsReplicaAttribute(PyObject *self, PyObject *args)
336 PyObject *py_ldb, *el_list, *ret;
337 struct ldb_context *ldb;
338 char *ldap_display_name;
339 const struct dsdb_attribute *a;
340 struct dsdb_schema *schema;
341 struct dsdb_syntax_ctx syntax_ctx;
342 struct ldb_message_element *el;
343 struct drsuapi_DsReplicaAttribute *attr;
348 if (!PyArg_ParseTuple(args, "OsO", &py_ldb, &ldap_display_name, &el_list)) {
352 PyErr_LDB_OR_RAISE(py_ldb, ldb);
354 if (!PyList_Check(el_list)) {
355 PyErr_Format(PyExc_TypeError, "ldif_elements must be a list");
359 schema = dsdb_get_schema(ldb, NULL);
361 PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
365 a = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
367 PyErr_Format(PyExc_RuntimeError, "Failed to find attribute '%s'", ldap_display_name);
371 dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
372 syntax_ctx.is_schema_nc = false;
374 tmp_ctx = talloc_new(ldb);
375 if (tmp_ctx == NULL) {
380 el = talloc_zero(tmp_ctx, struct ldb_message_element);
383 talloc_free(tmp_ctx);
387 el->name = ldap_display_name;
388 el->num_values = PyList_Size(el_list);
390 el->values = talloc_array(el, struct ldb_val, el->num_values);
391 if (el->values == NULL) {
393 talloc_free(tmp_ctx);
397 for (i = 0; i < el->num_values; i++) {
398 PyObject *item = PyList_GetItem(el_list, i);
399 if (!PyString_Check(item)) {
400 PyErr_Format(PyExc_TypeError, "ldif_elements should be strings");
403 el->values[i].data = (uint8_t *)PyString_AsString(item);
404 el->values[i].length = PyString_Size(item);
407 attr = talloc_zero(tmp_ctx, struct drsuapi_DsReplicaAttribute);
410 talloc_free(tmp_ctx);
414 werr = a->syntax->ldb_to_drsuapi(&syntax_ctx, a, el, attr, attr);
415 PyErr_WERROR_IS_ERR_RAISE(werr);
417 ret = py_return_ndr_struct("samba.dcerpc.drsuapi", "DsReplicaAttribute", attr, attr);
419 talloc_free(tmp_ctx);
424 static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
426 PyObject *py_ldb, *py_guid;
429 struct ldb_context *ldb;
430 if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid))
433 PyErr_LDB_OR_RAISE(py_ldb, ldb);
434 GUID_from_string(PyString_AsString(py_guid), &guid);
436 ret = samdb_set_ntds_invocation_id(ldb, &guid);
438 PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
444 static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args)
446 PyObject *py_ldb, *result;
447 struct ldb_context *ldb;
448 const struct GUID *guid;
451 if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
455 PyErr_LDB_OR_RAISE(py_ldb, ldb);
457 guid = samdb_ntds_objectGUID(ldb);
459 PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID");
463 retstr = GUID_string(NULL, guid);
464 if (retstr == NULL) {
468 result = PyString_FromString(retstr);
473 static PyObject *py_dsdb_set_global_schema(PyObject *self, PyObject *args)
476 struct ldb_context *ldb;
478 if (!PyArg_ParseTuple(args, "O", &py_ldb))
481 PyErr_LDB_OR_RAISE(py_ldb, ldb);
483 ret = dsdb_set_global_schema(ldb);
484 PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
489 static PyObject *py_dsdb_load_partition_usn(PyObject *self, PyObject *args)
491 PyObject *py_dn, *py_ldb, *result;
493 uint64_t highest_uSN, urgent_uSN;
494 struct ldb_context *ldb;
498 if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_dn)) {
502 PyErr_LDB_OR_RAISE(py_ldb, ldb);
504 mem_ctx = talloc_new(NULL);
505 if (mem_ctx == NULL) {
510 if (!PyObject_AsDn(mem_ctx, py_dn, ldb, &dn)) {
511 talloc_free(mem_ctx);
515 ret = dsdb_load_partition_usn(ldb, dn, &highest_uSN, &urgent_uSN);
516 if (ret != LDB_SUCCESS) {
517 PyErr_Format(PyExc_RuntimeError,
518 "Failed to load partition [%s] uSN - %s",
519 ldb_dn_get_linearized(dn),
521 talloc_free(mem_ctx);
525 talloc_free(mem_ctx);
527 result = PyDict_New();
529 PyDict_SetItemString(result, "uSNHighest", PyInt_FromLong((uint64_t)highest_uSN));
530 PyDict_SetItemString(result, "uSNUrgent", PyInt_FromLong((uint64_t)urgent_uSN));
536 static PyObject *py_dsdb_set_am_rodc(PyObject *self, PyObject *args)
540 struct ldb_context *ldb;
543 if (!PyArg_ParseTuple(args, "Oi", &py_ldb, &py_val))
546 PyErr_LDB_OR_RAISE(py_ldb, ldb);
547 ret = samdb_set_am_rodc(ldb, (bool)py_val);
549 PyErr_SetString(PyExc_RuntimeError, "set_am_rodc failed");
555 static PyObject *py_dsdb_set_schema_from_ldif(PyObject *self, PyObject *args)
560 struct ldb_context *ldb;
562 if (!PyArg_ParseTuple(args, "Oss", &py_ldb, &pf, &df))
565 PyErr_LDB_OR_RAISE(py_ldb, ldb);
567 result = dsdb_set_schema_from_ldif(ldb, pf, df);
568 PyErr_WERROR_IS_ERR_RAISE(result);
573 static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args)
576 struct ldb_context *ldb;
577 PyObject *py_from_ldb;
578 struct ldb_context *from_ldb;
579 struct dsdb_schema *schema;
581 if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_from_ldb))
584 PyErr_LDB_OR_RAISE(py_ldb, ldb);
586 PyErr_LDB_OR_RAISE(py_from_ldb, from_ldb);
588 schema = dsdb_get_schema(from_ldb, NULL);
590 PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on 'from' ldb!\n");
594 ret = dsdb_reference_schema(ldb, schema, true);
595 PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
600 static PyObject *py_dsdb_write_prefixes_from_schema_to_ldb(PyObject *self, PyObject *args)
603 struct ldb_context *ldb;
605 struct dsdb_schema *schema;
607 if (!PyArg_ParseTuple(args, "O", &py_ldb))
610 PyErr_LDB_OR_RAISE(py_ldb, ldb);
612 schema = dsdb_get_schema(ldb, NULL);
614 PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on ldb!\n");
618 result = dsdb_write_prefixes_from_schema_to_ldb(NULL, ldb, schema);
619 PyErr_WERROR_IS_ERR_RAISE(result);
625 static PyObject *py_dsdb_get_partitions_dn(PyObject *self, PyObject *args)
627 struct ldb_context *ldb;
629 PyObject *py_ldb, *ret;
632 mod = PyImport_ImportModule("ldb");
634 if (!PyArg_ParseTuple(args, "O", &py_ldb))
637 PyErr_LDB_OR_RAISE(py_ldb, ldb);
639 dn = samdb_partitions_dn(ldb, NULL);
644 ret = PyLdbDn_FromDn(dn);
651 call into samdb_rodc()
653 static PyObject *py_dsdb_am_rodc(PyObject *self, PyObject *args)
656 struct ldb_context *ldb;
660 if (!PyArg_ParseTuple(args, "O", &py_ldb))
663 PyErr_LDB_OR_RAISE(py_ldb, ldb);
665 ret = samdb_rodc(ldb, &am_rodc);
666 if (ret != LDB_SUCCESS) {
667 PyErr_SetString(PyExc_RuntimeError, ldb_errstring(ldb));
671 return PyBool_FromLong(am_rodc);
675 static PyMethodDef py_dsdb_methods[] = {
676 { "_samdb_server_site_name", (PyCFunction)py_samdb_server_site_name,
677 METH_VARARGS, "Get the server site name as a string"},
678 { "_dsdb_convert_schema_to_openldap",
679 (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS,
680 "dsdb_convert_schema_to_openldap(ldb, target_str, mapping) -> str\n"
681 "Create an OpenLDAP schema from a schema." },
682 { "_samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid,
684 "samdb_set_domain_sid(samdb, sid)\n"
685 "Set SID of domain to use." },
686 { "_samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid,
688 "samdb_get_domain_sid(samdb)\n"
689 "Get SID of domain in use." },
690 { "_samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id,
691 METH_VARARGS, "get the NTDS invocation ID GUID as a string"},
692 { "_samdb_set_ntds_settings_dn", (PyCFunction)py_samdb_set_ntds_settings_dn,
694 "samdb_set_ntds_settings_dn(samdb, ntds_settings_dn)\n"
695 "Set NTDS Settings DN for this LDB (allows it to be set before the DB fully exists)." },
696 { "_dsdb_get_oid_from_attid", (PyCFunction)py_dsdb_get_oid_from_attid,
697 METH_VARARGS, NULL },
698 { "_dsdb_get_attid_from_lDAPDisplayName", (PyCFunction)py_dsdb_get_attid_from_lDAPDisplayName,
699 METH_VARARGS, NULL },
700 { "_dsdb_set_ntds_invocation_id",
701 (PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS,
703 { "_samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID,
704 METH_VARARGS, "get the NTDS objectGUID as a string"},
705 { "_dsdb_set_global_schema", (PyCFunction)py_dsdb_set_global_schema,
706 METH_VARARGS, NULL },
707 { "_dsdb_load_partition_usn", (PyCFunction)py_dsdb_load_partition_usn,
709 "get uSNHighest and uSNUrgent from the partition @REPLCHANGED"},
710 { "_dsdb_set_am_rodc",
711 (PyCFunction)py_dsdb_set_am_rodc, METH_VARARGS,
714 (PyCFunction)py_dsdb_am_rodc, METH_VARARGS,
716 { "_dsdb_set_schema_from_ldif", (PyCFunction)py_dsdb_set_schema_from_ldif, METH_VARARGS,
718 { "_dsdb_set_schema_from_ldb", (PyCFunction)py_dsdb_set_schema_from_ldb, METH_VARARGS,
720 { "_dsdb_write_prefixes_from_schema_to_ldb", (PyCFunction)py_dsdb_write_prefixes_from_schema_to_ldb, METH_VARARGS,
722 { "_dsdb_get_partitions_dn", (PyCFunction)py_dsdb_get_partitions_dn, METH_VARARGS, NULL },
723 { "_dsdb_DsReplicaAttribute", (PyCFunction)py_dsdb_DsReplicaAttribute, METH_VARARGS, NULL },
731 m = Py_InitModule3("dsdb", py_dsdb_methods,
732 "Python bindings for the directory service databases.");
736 #define ADD_DSDB_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
738 /* "userAccountControl" flags */
739 ADD_DSDB_FLAG(UF_NORMAL_ACCOUNT);
740 ADD_DSDB_FLAG(UF_TEMP_DUPLICATE_ACCOUNT);
741 ADD_DSDB_FLAG(UF_SERVER_TRUST_ACCOUNT);
742 ADD_DSDB_FLAG(UF_WORKSTATION_TRUST_ACCOUNT);
743 ADD_DSDB_FLAG(UF_INTERDOMAIN_TRUST_ACCOUNT);
744 ADD_DSDB_FLAG(UF_PASSWD_NOTREQD);
745 ADD_DSDB_FLAG(UF_ACCOUNTDISABLE);
747 ADD_DSDB_FLAG(UF_SCRIPT);
748 ADD_DSDB_FLAG(UF_ACCOUNTDISABLE);
749 ADD_DSDB_FLAG(UF_00000004);
750 ADD_DSDB_FLAG(UF_HOMEDIR_REQUIRED);
751 ADD_DSDB_FLAG(UF_LOCKOUT);
752 ADD_DSDB_FLAG(UF_PASSWD_NOTREQD);
753 ADD_DSDB_FLAG(UF_PASSWD_CANT_CHANGE);
754 ADD_DSDB_FLAG(UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED);
755 ADD_DSDB_FLAG(UF_TEMP_DUPLICATE_ACCOUNT);
756 ADD_DSDB_FLAG(UF_NORMAL_ACCOUNT);
757 ADD_DSDB_FLAG(UF_00000400);
758 ADD_DSDB_FLAG(UF_INTERDOMAIN_TRUST_ACCOUNT);
759 ADD_DSDB_FLAG(UF_WORKSTATION_TRUST_ACCOUNT);
760 ADD_DSDB_FLAG(UF_SERVER_TRUST_ACCOUNT);
761 ADD_DSDB_FLAG(UF_00004000);
762 ADD_DSDB_FLAG(UF_00008000);
763 ADD_DSDB_FLAG(UF_DONT_EXPIRE_PASSWD);
764 ADD_DSDB_FLAG(UF_MNS_LOGON_ACCOUNT);
765 ADD_DSDB_FLAG(UF_SMARTCARD_REQUIRED);
766 ADD_DSDB_FLAG(UF_TRUSTED_FOR_DELEGATION);
767 ADD_DSDB_FLAG(UF_NOT_DELEGATED);
768 ADD_DSDB_FLAG(UF_USE_DES_KEY_ONLY);
769 ADD_DSDB_FLAG(UF_DONT_REQUIRE_PREAUTH);
770 ADD_DSDB_FLAG(UF_PASSWORD_EXPIRED);
771 ADD_DSDB_FLAG(UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION);
772 ADD_DSDB_FLAG(UF_NO_AUTH_DATA_REQUIRED);
773 ADD_DSDB_FLAG(UF_PARTIAL_SECRETS_ACCOUNT);
775 /* groupType flags */
776 ADD_DSDB_FLAG(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
777 ADD_DSDB_FLAG(GTYPE_SECURITY_GLOBAL_GROUP);
778 ADD_DSDB_FLAG(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
779 ADD_DSDB_FLAG(GTYPE_SECURITY_UNIVERSAL_GROUP);
780 ADD_DSDB_FLAG(GTYPE_DISTRIBUTION_GLOBAL_GROUP);
781 ADD_DSDB_FLAG(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP);
782 ADD_DSDB_FLAG(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP);
784 /* "sAMAccountType" flags */
785 ADD_DSDB_FLAG(ATYPE_NORMAL_ACCOUNT);
786 ADD_DSDB_FLAG(ATYPE_WORKSTATION_TRUST);
787 ADD_DSDB_FLAG(ATYPE_INTERDOMAIN_TRUST);
788 ADD_DSDB_FLAG(ATYPE_SECURITY_GLOBAL_GROUP);
789 ADD_DSDB_FLAG(ATYPE_SECURITY_LOCAL_GROUP);
790 ADD_DSDB_FLAG(ATYPE_SECURITY_UNIVERSAL_GROUP);
791 ADD_DSDB_FLAG(ATYPE_DISTRIBUTION_GLOBAL_GROUP);
792 ADD_DSDB_FLAG(ATYPE_DISTRIBUTION_LOCAL_GROUP);
793 ADD_DSDB_FLAG(ATYPE_DISTRIBUTION_UNIVERSAL_GROUP);
795 /* "domainFunctionality", "forestFunctionality" flags in the rootDSE */
796 ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2000);
797 ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2003_MIXED);
798 ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2003);
799 ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2008);
800 ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2008_R2);
803 ADD_DSDB_FLAG(SYSTEM_FLAG_CR_NTDS_NC);
804 ADD_DSDB_FLAG(SYSTEM_FLAG_CR_NTDS_DOMAIN);
805 ADD_DSDB_FLAG(SYSTEM_FLAG_CR_NTDS_NOT_GC_REPLICATED);
806 ADD_DSDB_FLAG(SYSTEM_FLAG_SCHEMA_BASE_OBJECT);
807 ADD_DSDB_FLAG(SYSTEM_FLAG_ATTR_IS_RDN);
808 ADD_DSDB_FLAG(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
809 ADD_DSDB_FLAG(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE);
810 ADD_DSDB_FLAG(SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME);
811 ADD_DSDB_FLAG(SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
812 ADD_DSDB_FLAG(SYSTEM_FLAG_CONFIG_ALLOW_MOVE);
813 ADD_DSDB_FLAG(SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
814 ADD_DSDB_FLAG(SYSTEM_FLAG_DISALLOW_DELETE);
816 /* Kerberos encryption type constants */
817 ADD_DSDB_FLAG(ENC_ALL_TYPES);
818 ADD_DSDB_FLAG(ENC_CRC32);
819 ADD_DSDB_FLAG(ENC_RSA_MD5);
820 ADD_DSDB_FLAG(ENC_RC4_HMAC_MD5);
821 ADD_DSDB_FLAG(ENC_HMAC_SHA1_96_AES128);
822 ADD_DSDB_FLAG(ENC_HMAC_SHA1_96_AES256);
824 ADD_DSDB_FLAG(SEARCH_FLAG_ATTINDEX);
825 ADD_DSDB_FLAG(SEARCH_FLAG_PDNTATTINDEX);
826 ADD_DSDB_FLAG(SEARCH_FLAG_ANR);
827 ADD_DSDB_FLAG(SEARCH_FLAG_PRESERVEONDELETE);
828 ADD_DSDB_FLAG(SEARCH_FLAG_COPY);
829 ADD_DSDB_FLAG(SEARCH_FLAG_TUPLEINDEX);
830 ADD_DSDB_FLAG(SEARCH_FLAG_SUBTREEATTRINDEX);
831 ADD_DSDB_FLAG(SEARCH_FLAG_CONFIDENTIAL);
832 ADD_DSDB_FLAG(SEARCH_FLAG_NEVERVALUEAUDIT);
833 ADD_DSDB_FLAG(SEARCH_FLAG_RODC_ATTRIBUTE);
835 ADD_DSDB_FLAG(DS_FLAG_ATTR_NOT_REPLICATED);
836 ADD_DSDB_FLAG(DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER);
837 ADD_DSDB_FLAG(DS_FLAG_ATTR_IS_CONSTRUCTED);
839 ADD_DSDB_FLAG(DS_NTDSDSA_OPT_IS_GC);
840 ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL);
841 ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL);
842 ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE);
843 ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_SPN_REGISTRATION);
845 ADD_DSDB_FLAG(NTDSCONN_KCC_GC_TOPOLOGY);
846 ADD_DSDB_FLAG(NTDSCONN_KCC_RING_TOPOLOGY);
847 ADD_DSDB_FLAG(NTDSCONN_KCC_MINIMIZE_HOPS_TOPOLOGY);
848 ADD_DSDB_FLAG(NTDSCONN_KCC_STALE_SERVERS_TOPOLOGY);
849 ADD_DSDB_FLAG(NTDSCONN_KCC_OSCILLATING_CONNECTION_TOPOLOGY);
850 ADD_DSDB_FLAG(NTDSCONN_KCC_INTERSITE_GC_TOPOLOGY);
851 ADD_DSDB_FLAG(NTDSCONN_KCC_INTERSITE_TOPOLOGY);
852 ADD_DSDB_FLAG(NTDSCONN_KCC_SERVER_FAILOVER_TOPOLOGY);
853 ADD_DSDB_FLAG(NTDSCONN_KCC_SITE_FAILOVER_TOPOLOGY);
854 ADD_DSDB_FLAG(NTDSCONN_KCC_REDUNDANT_SERVER_TOPOLOGY);
856 /* GPO policy flags */
857 ADD_DSDB_FLAG(GPLINK_OPT_DISABLE);
858 ADD_DSDB_FLAG(GPLINK_OPT_ENFORCE);
859 ADD_DSDB_FLAG(GPO_FLAG_USER_DISABLE);
860 ADD_DSDB_FLAG(GPO_FLAG_MACHINE_DISABLE);
861 ADD_DSDB_FLAG(GPO_INHERIT);
862 ADD_DSDB_FLAG(GPO_BLOCK_INHERITANCE);