diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-09-17 12:59:24 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-10-12 02:54:16 +0000 |
| commit | ae52f953af457c86e5e6db973fd89b2b5cd5b946 (patch) | |
| tree | 4fcb4b8c59a5d5e18db9da81e4426cf398bd9f00 /source4/libcli/security/session.c | |
| parent | 4e1966db9500c6834cbc0be70a745326b9257070 (diff) | |
| download | samba-ae52f953af457c86e5e6db973fd89b2b5cd5b946.tar.gz samba-ae52f953af457c86e5e6db973fd89b2b5cd5b946.tar.bz2 samba-ae52f953af457c86e5e6db973fd89b2b5cd5b946.zip | |
libcli/security Move most of security_token.c to common code.
The source4-specific session_info functions have been left in session.c
Andrew Bartlett
Diffstat (limited to 'source4/libcli/security/session.c')
| -rw-r--r-- | source4/libcli/security/session.c | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/source4/libcli/security/session.c b/source4/libcli/security/session.c new file mode 100644 index 0000000000..cd09b6d403 --- /dev/null +++ b/source4/libcli/security/session.c @@ -0,0 +1,64 @@ +/* + Unix SMB/CIFS implementation. + + session_info utility functions + + Copyright (C) Andrew Bartlett 2008-2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "auth/session.h" +#include "libcli/security/security.h" + +enum security_user_level security_session_user_level(struct auth_session_info *session_info, + const struct dom_sid *domain_sid) +{ + if (!session_info) { + return SECURITY_ANONYMOUS; + } + + if (security_token_is_system(session_info->security_token)) { + return SECURITY_SYSTEM; + } + + if (security_token_is_anonymous(session_info->security_token)) { + return SECURITY_ANONYMOUS; + } + + if (security_token_has_builtin_administrators(session_info->security_token)) { + return SECURITY_ADMINISTRATOR; + } + + if (domain_sid) { + struct dom_sid *rodc_dcs; + rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS); + if (security_token_has_sid(session_info->security_token, rodc_dcs)) { + talloc_free(rodc_dcs); + return SECURITY_RO_DOMAIN_CONTROLLER; + } + talloc_free(rodc_dcs); + } + + if (security_token_has_enterprise_dcs(session_info->security_token)) { + return SECURITY_DOMAIN_CONTROLLER; + } + + if (security_token_has_nt_authenticated_users(session_info->security_token)) { + return SECURITY_USER; + } + + return SECURITY_ANONYMOUS; +} |