const string SID_BUILTIN_EVENT_LOG_READERS = "S-1-5-32-573";
const string SID_BUILTIN_CERT_SERV_DCOM_ACCESS = "S-1-5-32-574";
+ /* UID/GID mapping Samba style */
+ const string SID_SAMBA_UNIX_USER_OWNER = "S-1-22-1";
+ const string SID_SAMBA_UNIX_GROUP_OWNER = "S-1-22-2";
+
/* SECURITY_NT_SERVICE */
const string NAME_NT_SERVICE = "NT SERVICE";
const string SID_NT_TRUSTED_INSTALLER =
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
+ const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1";
+ const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
+
+ /*
+ * http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
+ */
+ const string SID_NT_NFS_SUBSYSTEM = "S-1-5-88";
+ const string SID_NT_NFS_USER = "S-1-5-88-1";
+ const string SID_NT_NFS_GROUP = "S-1-5-88-2";
+ const string SID_NT_NFS_MASK = "S-1-5-88-3";
+ const string SID_NT_NFS_OTHERS = "S-1-5-88-4";
+
/* well-known domain RIDs */
const int DOMAIN_RID_LOGON = 9;
const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
SECINFO_PROTECTED_DACL = 0x80000000
} security_secinfo;
+ /*
+ * a SMB server should only support the following flags
+ * and ignore all others.
+ *
+ * See AdditionalInformation in [MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request
+ * and 2.2.39 SMB2 SET_INFO Request.
+ */
+ const int SMB_SUPPORTED_SECINFO_FLAGS = (
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL |
+ SECINFO_SACL |
+ SECINFO_LABEL |
+ SECINFO_ATTRIBUTE |
+ SECINFO_SCOPE |
+ SECINFO_BACKUP |
+ 0);
+
+ /*
+ * See [MS-KILE] 2.2.5 LSAP_TOKEN_INFO_INTEGRITY
+ */
+ typedef [public,gensize,flag(NDR_PAHEX)] struct {
+ uint32 Flags;
+ uint32 TokenIL;
+ uint8 MachineId[32];
+ } LSAP_TOKEN_INFO_INTEGRITY;
+
+ /*
+ * See [MS-KILE] 2.2.6 Supported Encryption Types Bit Flags
+ */
typedef [public,bitmap32bit] bitmap {
KERB_ENCTYPE_DES_CBC_CRC = 0x00000001,
KERB_ENCTYPE_DES_CBC_MD5 = 0x00000002,
KERB_ENCTYPE_RC4_HMAC_MD5 = 0x00000004,
KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
- KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
+ KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010,
+ KERB_ENCTYPE_FAST_SUPPORTED = 0x00010000,
+ KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED = 0x00020000,
+ KERB_ENCTYPE_CLAIMS_SUPPORTED = 0x00040000,
+ KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED = 0x00080000
} kerb_EncTypes;
typedef [public,bitmap32bit] bitmap {
const string GUID_DRS_CHANGE_RID_MASTER = "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd";
const string GUID_DRS_CHANGE_SCHEMA_MASTER = "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd";
const string GUID_DRS_GET_CHANGES = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2";
+ const string GUID_DRS_REPL_SYNCRONIZE = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
+ const string GUID_DRS_MANAGE_TOPOLOGY = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
const string GUID_DRS_GET_ALL_CHANGES = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2";
+ const string GUID_DRS_RO_REPL_SECRET_SYNC = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
const string GUID_DRS_GET_FILTERED_ATTRIBUTES = "89e95b76-444d-4c62-991a-0facbeda640c";
- const string GUID_DRS_MANAGE_TOPOLOGY = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
const string GUID_DRS_MONITOR_TOPOLOGY = "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96";
- const string GUID_DRS_REPL_SYNCRONIZE = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
- const string GUID_DRS_RO_REPL_SECRET_SYNC = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
const string GUID_DRS_USER_CHANGE_PASSWORD = "ab721a53-1e2f-11d0-9819-00aa0040529b";
const string GUID_DRS_FORCE_CHANGE_PASSWORD = "00299570-246d-11d0-a768-00aa006e0529";
+ const string GUID_DRS_UPDATE_PASSWORD_NOT_REQUIRED_BIT
+ = "280f369c-67c7-438e-ae98-1d46f3c6f541";
+ const string GUID_DRS_UNEXPIRE_PASSWORD = "ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501";
+ const string GUID_DRS_ENABLE_PER_USER_REVERSIBLY_ENCRYPTED_PASSWORD
+ = "05c74c5e-4deb-43b4-bd9f-86664c2a7fd5";
+ const string GUID_DRS_DS_INSTALL_REPLICA = "9923a32a-3607-11d2-b9be-0000f87a36b2";
+ const string GUID_DRS_REANIMATE_TOMBSTONE = "45ec5156-db7e-47bb-b53f-dbeb2d03c40f";
+
/***************************************************************/
/* validated writes guids */