• Home
• org.graylog2
• graylog2-server
• 6.0.5
• source code
• ADUserAccountControl.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.graylog.security.authservice.ldap.ADUserAccountControl Maven / Gradle / Ivy

/*
 * Copyright (C) 2020 Graylog, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the Server Side Public License, version 1,
 * as published by MongoDB, Inc.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * Server Side Public License for more details.
 *
 * You should have received a copy of the Server Side Public License
 * along with this program. If not, see
 * .
 */
package org.graylog.security.authservice.ldap;

import com.google.auto.value.AutoValue;

import java.util.EnumSet;
import java.util.stream.Collectors;

/**
 * Active Directory UserAccountControl flags.
 *
 * See: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
 */

@AutoValue
public abstract class ADUserAccountControl {

    public abstract EnumSet flags();

    public static ADUserAccountControl create(int userAccountControlField) {
        EnumSet set = EnumSet.noneOf(Flags.class);
        for (Flags flag : Flags.values()) {
            if (flag.isSetIn(userAccountControlField)) {
                set.add(flag);
            }
        }
        return new AutoValue_ADUserAccountControl(set);
    }

    public boolean accountIsDisabled() {
        return flags().contains(Flags.ACCOUNTDISABLE);
    }

    public boolean isUserAccount() {
        return flags().contains(Flags.NORMAL_ACCOUNT);
    }

    public boolean passwordExpired() {
        return flags().contains(Flags.PASSWORD_EXPIRED);
    }

    public String printFlags() {
        return flags().stream().sorted().map(Enum::toString).collect(Collectors.joining("|"));
    }

    public enum Flags {
        /**
         * The user account is disabled.
         */
        ACCOUNTDISABLE(0x2),

        /**
         * This is a default account type that represents a typical user. (not a computer, for example)
         */
        NORMAL_ACCOUNT(0x200),

        /**
         * The user password has expired. (This doesn't work with newer AD implementations)
         */
        PASSWORD_EXPIRED(0x800000);

        public int getFlagValue() {
            return flagValue;
        }

        private final int flagValue;

        Flags(int flagValue) {
            this.flagValue = flagValue;
        }

        public boolean isSetIn(int userAccountControlValue) {
            return (userAccountControlValue & flagValue) > 0;
        }
    }
}