git.samba.org / kai / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
dsdb-samldb: Only allow known and settable userAccountControl bits to be set
[kai/samba-autobuild/.git] / libds / common / flags.h
diff --git a/libds/common/flags.h b/libds/common/flags.h
index 96709af118ebc41ffc8036c22aaadd66342e6dbc..f821e1738a169ac392e1360075069a21fda1dd8b 100644 (file)
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -67,13 +67,18 @@
                UF_SERVER_TRUST_ACCOUNT \
                 )
 
+/*
+ * MS-SAMR 2.2.1.13 UF_FLAG Codes states that some bits are ignored by
+ * clients and servers.  Other flags (like UF_LOCKOUT have special
+ * behaviours, but are not set in the traditional sense).
+ *
+ * See the samldb module for the use of this define.
+ */
+
 #define UF_SETTABLE_BITS (\
-               UF_SCRIPT |\
                UF_ACCOUNTDISABLE |\
                UF_HOMEDIR_REQUIRED  |\
-               UF_LOCKOUT |\
                UF_PASSWD_NOTREQD |\
-               UF_PASSWD_CANT_CHANGE |\
                UF_ACCOUNT_TYPE_MASK | \
                UF_DONT_EXPIRE_PASSWD | \
                UF_MNS_LOGON_ACCOUNT |\
@@ -82,7 +87,11 @@
                UF_TRUSTED_FOR_DELEGATION |\
                UF_NOT_DELEGATED |\
                UF_USE_DES_KEY_ONLY  |\
-               UF_DONT_REQUIRE_PREAUTH \
+               UF_DONT_REQUIRE_PREAUTH |\
+               UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |\
+               UF_NO_AUTH_DATA_REQUIRED |\
+               UF_PARTIAL_SECRETS_ACCOUNT |\
+               UF_USE_AES_KEYS \
                )
 
 /* Group flags for "groupType" */
Unnamed repository; edit this file 'description' to name the repository.