Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : session_info utility functions
5 :
6 : Copyright (C) Andrew Bartlett 2008-2010
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "libcli/security/security.h"
24 : #include "librpc/gen_ndr/auth.h"
25 :
26 56822502 : enum security_user_level security_session_user_level(struct auth_session_info *session_info,
27 : const struct dom_sid *domain_sid)
28 : {
29 56822502 : bool authenticated = false;
30 56822502 : bool guest = false;
31 :
32 56822502 : if (!session_info) {
33 941143 : return SECURITY_ANONYMOUS;
34 : }
35 :
36 55881176 : if (security_token_is_system(session_info->security_token)) {
37 36569754 : return SECURITY_SYSTEM;
38 : }
39 :
40 17806179 : if (security_token_is_anonymous(session_info->security_token)) {
41 846978 : return SECURITY_ANONYMOUS;
42 : }
43 :
44 16911569 : authenticated = security_token_has_nt_authenticated_users(session_info->security_token);
45 16911569 : guest = security_token_has_builtin_guests(session_info->security_token);
46 16911569 : if (!authenticated) {
47 159 : if (guest) {
48 159 : return SECURITY_GUEST;
49 : }
50 0 : return SECURITY_ANONYMOUS;
51 : }
52 :
53 16911410 : if (security_token_has_builtin_administrators(session_info->security_token)) {
54 15111619 : return SECURITY_ADMINISTRATOR;
55 : }
56 :
57 459245 : if (domain_sid) {
58 : struct dom_sid *rodc_dcs;
59 4471 : rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
60 4471 : if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
61 2256 : talloc_free(rodc_dcs);
62 2256 : return SECURITY_RO_DOMAIN_CONTROLLER;
63 : }
64 2215 : talloc_free(rodc_dcs);
65 : }
66 :
67 456989 : if (security_token_has_enterprise_dcs(session_info->security_token)) {
68 45691 : return SECURITY_DOMAIN_CONTROLLER;
69 : }
70 :
71 406344 : return SECURITY_USER;
72 : }
|
