Line data Source code
1 : /* 2 : Unix SMB/CIFS implementation. 3 : 4 : session_info utility functions 5 : 6 : Copyright (C) Andrew Bartlett 2008-2010 7 : 8 : This program is free software; you can redistribute it and/or modify 9 : it under the terms of the GNU General Public License as published by 10 : the Free Software Foundation; either version 3 of the License, or 11 : (at your option) any later version. 12 : 13 : This program is distributed in the hope that it will be useful, 14 : but WITHOUT ANY WARRANTY; without even the implied warranty of 15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 : GNU General Public License for more details. 17 : 18 : You should have received a copy of the GNU General Public License 19 : along with this program. If not, see <http://www.gnu.org/licenses/>. 20 : */ 21 : 22 : #include "replace.h" 23 : #include "libcli/security/security.h" 24 : #include "libcli/util/werror.h" 25 : #include "librpc/gen_ndr/auth.h" 26 : 27 85131007 : enum security_user_level security_session_user_level(struct auth_session_info *session_info, 28 : const struct dom_sid *domain_sid) 29 : { 30 85131007 : struct security_token *token = NULL; 31 85131007 : bool authenticated = false; 32 85131007 : bool guest = false; 33 : 34 85131007 : if (!session_info) { 35 956779 : return SECURITY_ANONYMOUS; 36 : } 37 84174079 : token = session_info->security_token; 38 : 39 84174079 : if (security_token_is_system(token)) { 40 52926185 : return SECURITY_SYSTEM; 41 : } 42 : 43 28684453 : if (security_token_is_anonymous(token)) { 44 943322 : return SECURITY_ANONYMOUS; 45 : } 46 : 47 27695319 : authenticated = security_token_has_nt_authenticated_users(token); 48 27695319 : guest = security_token_has_builtin_guests(token); 49 27695319 : if (!authenticated) { 50 10583 : if (guest) { 51 209 : return SECURITY_GUEST; 52 : } 53 10374 : return SECURITY_ANONYMOUS; 54 : } 55 : 56 27684736 : if (security_token_has_builtin_administrators(token)) { 57 24821895 : return SECURITY_ADMINISTRATOR; 58 : } 59 : 60 655004 : if (domain_sid) { 61 3969 : struct dom_sid rodc_dcs = { .num_auths = 0 }; 62 3969 : sid_compose(&rodc_dcs, domain_sid, DOMAIN_RID_READONLY_DCS); 63 : 64 3969 : if (security_token_has_sid(token, &rodc_dcs)) { 65 1981 : return SECURITY_RO_DOMAIN_CONTROLLER; 66 : } 67 : } 68 : 69 653023 : if (security_token_has_enterprise_dcs(token)) { 70 69611 : return SECURITY_DOMAIN_CONTROLLER; 71 : } 72 : 73 582722 : return SECURITY_USER; 74 : }