if (!sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid, base->rid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid = *base->domain_sid;
if (!sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid, base->primary_gid)) {
* group in the first place, and besides, these attributes will never
* make their way into a PAC.
*/
- user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
for (i = 0; i < base->groups.count; i++) {
/* Skip primary group, already added above */
&groups->rids[j].rid);
if (!ok) continue;
- groups->rids[j].attributes = SE_GROUP_MANDATORY |
- SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ groups->rids[j].attributes = SE_GROUP_DEFAULT_FLAGS;
j++;
}
talloc_free(info3_sids);
return NT_STATUS_NO_MEMORY;
}
- info3_sids[j].attributes = SE_GROUP_MANDATORY |
- SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ info3_sids[j].attributes = SE_GROUP_DEFAULT_FLAGS;
j++;
}
SE_GROUP_LOGON_ID = 0xC0000000
} security_GroupAttrs;
+ const uint32 SE_GROUP_DEFAULT_FLAGS =
+ SE_GROUP_MANDATORY |
+ SE_GROUP_ENABLED_BY_DEFAULT |
+ SE_GROUP_ENABLED;
+
/* This is not yet sent over the network, but is simply defined in IDL */
typedef [public] struct {
uint32 num_sids;
trust_user = object()
# Constants for group SID attributes.
- default_attrs = (security.SE_GROUP_MANDATORY |
- security.SE_GROUP_ENABLED_BY_DEFAULT |
- security.SE_GROUP_ENABLED)
+ default_attrs = security.SE_GROUP_DEFAULT_FLAGS
resource_attrs = default_attrs | security.SE_GROUP_RESOURCE
asserted_identity = security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY
class S4UKerberosTests(KDCBaseTest):
- default_attrs = (security.SE_GROUP_MANDATORY |
- security.SE_GROUP_ENABLED_BY_DEFAULT |
- security.SE_GROUP_ENABLED)
+ default_attrs = security.SE_GROUP_DEFAULT_FLAGS
def setUp(self):
super(S4UKerberosTests, self).setUp()
(uint32_t)uid);
status = add_sid_to_array_attrs_unique(user_info_dc->sids,
&tmp_sid,
- SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED,
+ SE_GROUP_DEFAULT_FLAGS,
&user_info_dc->sids,
&user_info_dc->num_sids);
if (!NT_STATUS_IS_OK(status)) {
(uint32_t)gid);
status = add_sid_to_array_attrs_unique(user_info_dc->sids,
&tmp_sid,
- SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED,
+ SE_GROUP_DEFAULT_FLAGS,
&user_info_dc->sids,
&user_info_dc->num_sids);
if (!NT_STATUS_IS_OK(status)) {
flags);
status = add_sid_to_array_attrs_unique(user_info_dc->sids,
&tmp_sid,
- SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED,
+ SE_GROUP_DEFAULT_FLAGS,
&user_info_dc->sids,
&user_info_dc->num_sids);
if (!NT_STATUS_IS_OK(status)) {
const struct dom_sid *sids,
size_t num_sids)
{
- uint32_t attributes = SE_GROUP_MANDATORY |
- SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ uint32_t attributes = SE_GROUP_DEFAULT_FLAGS;
struct samr_RidWithAttributeArray *groups;
struct dom_sid *domain_sid;
unsigned int i;
gids = NULL;
num_gids = 0;
- dom_gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
- SE_GROUP_ENABLED);
+ dom_gid.attributes = SE_GROUP_DEFAULT_FLAGS;
dom_gid.rid = primary_group_rid;
ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
}
for (i=0; i<num_members; i++) {
- attr[i] = SE_GROUP_MANDATORY |
- SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ attr[i] = SE_GROUP_DEFAULT_FLAGS;
}
rids->count = num_members;
GROUP_MAP *map;
union samr_GroupInfo *info = NULL;
bool ret;
- uint32_t attributes = SE_GROUP_MANDATORY |
- SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ uint32_t attributes = SE_GROUP_DEFAULT_FLAGS;
const char *group_name = NULL;
const char *group_description = NULL;
NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
user_info_dc->sids->sid = global_sid_Anonymous;
- user_info_dc->sids->attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS;
/* annoying, but the Anonymous really does have a session key,
and it is all zeros! */
}
sids[PRIMARY_USER_SID_INDEX].sid = *account_sid;
- sids[PRIMARY_USER_SID_INDEX].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
sids[PRIMARY_GROUP_SID_INDEX].sid = *domain_sid;
sid_append_rid(&sids[PRIMARY_GROUP_SID_INDEX].sid, ldb_msg_find_attr_as_uint(msg, "primaryGroupID", ~0));
- sids[PRIMARY_GROUP_SID_INDEX].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
/*
* Filter out builtin groups from this token. We will search
return NT_STATUS_NO_MEMORY;
}
user_info_dc->sids[user_info_dc->num_sids].sid = global_sid_Enterprise_DCs;
- user_info_dc->sids[user_info_dc->num_sids].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[user_info_dc->num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->num_sids++;
}
user_info_dc->sids[user_info_dc->num_sids].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids].sid,
DOMAIN_RID_ENTERPRISE_READONLY_DCS);
- user_info_dc->sids[user_info_dc->num_sids].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[user_info_dc->num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->num_sids++;
}
}
sid_copy(&sids[num_sids].sid, &global_sid_World);
- sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
num_sids++;
sid_copy(&sids[num_sids].sid, &global_sid_Network);
- sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
num_sids++;
}
}
sid_copy(&sids[num_sids].sid, &global_sid_Authenticated_Users);
- sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
num_sids++;
}
TALLOC_FREE(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
- sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
num_sids++;
}
NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
user_info_dc->sids->sid = global_sid_System;
- user_info_dc->sids->attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS;
/* annoying, but the Anonymous really does have a session key,
and it is all zeros! */
user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid, DOMAIN_RID_ADMINISTRATOR);
- user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid, DOMAIN_RID_USERS);
- user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[2].sid = global_sid_Builtin_Administrators;
- user_info_dc->sids[2].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[2].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[3].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[3].sid, DOMAIN_RID_ADMINS);
- user_info_dc->sids[3].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[3].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[4].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[4].sid, DOMAIN_RID_ENTERPRISE_ADMINS);
- user_info_dc->sids[4].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[4].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[5].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[5].sid, DOMAIN_RID_POLICY_ADMINS);
- user_info_dc->sids[5].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[5].attrs = SE_GROUP_DEFAULT_FLAGS;
user_info_dc->sids[6].sid = *domain_sid;
sid_append_rid(&user_info_dc->sids[6].sid, DOMAIN_RID_SCHEMA_ADMINS);
- user_info_dc->sids[6].attrs
- = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids[6].attrs = SE_GROUP_DEFAULT_FLAGS;
/* What should the session key be?*/
user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
user_info_dc->sids->sid = global_sid_Anonymous;
- user_info_dc->sids->attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS;
/* annoying, but the Anonymous really does have a session key... */
user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
uint32_t sid_attrs;
bool already_there;
- sid_attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sid_attrs = SE_GROUP_DEFAULT_FLAGS;
group_type = ldb_msg_find_attr_as_uint(res->msgs[0], "groupType", 0);
if (group_type & GROUP_TYPE_RESOURCE_GROUP) {
sid_attrs |= SE_GROUP_RESOURCE;
/* lookup the best PSO object, based on the user's SID */
user_sid = samdb_result_dom_sid_attrs(
tmp_ctx, user_msg, "objectSid",
- SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED);
+ SE_GROUP_DEFAULT_FLAGS);
ret = pso_find_best(module, tmp_ctx, parent, user_sid, 1,
&best_pso);
rids = samr_conn.GetGroupsForUser(user_handle)
samr_dns = set()
for rid in rids.rids:
- self.assertEqual(rid.attributes, security.SE_GROUP_MANDATORY | security.SE_GROUP_ENABLED_BY_DEFAULT | security.SE_GROUP_ENABLED)
+ self.assertEqual(rid.attributes, security.SE_GROUP_DEFAULT_FLAGS)
sid = "%s-%d" % (domain_sid, rid.rid)
res = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
attrs=[])
return add_sid_to_array_attrs_unique(
user_info_dc,
&ai_sid,
- SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED,
+ SE_GROUP_DEFAULT_FLAGS,
&user_info_dc->sids,
&user_info_dc->num_sids);
}
switch (r->in.level) {
case GROUPINFOALL:
QUERY_STRING(msg, all.name, "sAMAccountName");
- info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */
+ info->all.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */
QUERY_UINT (msg, all.num_members, "numMembers")
QUERY_STRING(msg, all.description, "description");
break;
QUERY_STRING(msg, name, "sAMAccountName");
break;
case GROUPINFOATTRIBUTES:
- info->attributes.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */
+ info->attributes.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */
break;
case GROUPINFODESCRIPTION:
QUERY_STRING(msg, description, "description");
break;
case GROUPINFOALL2:
QUERY_STRING(msg, all2.name, "sAMAccountName");
- info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */
+ info->all.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */
QUERY_UINT (msg, all2.num_members, "numMembers")
QUERY_STRING(msg, all2.description, "description");
break;
return status;
}
- array->attributes[array->count] = SE_GROUP_MANDATORY |
- SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ array->attributes[array->count] = SE_GROUP_DEFAULT_FLAGS;
array->count++;
}
/* Adds the primary group */
array->rids[0].rid = primary_group_id;
- array->rids[0].attributes = SE_GROUP_MANDATORY
- | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ array->rids[0].attributes = SE_GROUP_DEFAULT_FLAGS;
array->count += 1;
/* Adds the additional groups */
array->rids[i + 1].rid =
group_sid->sub_auths[group_sid->num_auths-1];
- array->rids[i + 1].attributes = SE_GROUP_MANDATORY
- | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ array->rids[i + 1].attributes = SE_GROUP_DEFAULT_FLAGS;
array->count += 1;
}
/*
* We get a "7" here for groups
*/
- entriesFullGroup[count].acct_flags =
- SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT |
- SE_GROUP_ENABLED;
+ entriesFullGroup[count].acct_flags = SE_GROUP_DEFAULT_FLAGS;
entriesFullGroup[count].account_name.string =
ldb_msg_find_attr_as_string(
rec->msgs[0], "sAMAccountName", "");
projects / thirdparty / samba.git / commitdiff
