summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-03-20 12:12:10 +1100
committerAndrew Bartlett <abartlet@samba.org>2008-03-20 12:12:10 +1100
commit9a1bec08013dda77597369387da0193081a7a6e2 (patch)
tree99893fdde135ebe3ad4cb73fa556899b64d12498 /source4/libcli
parent3cdf0c64ddf5c10037e9f02b7dd568342d0609b2 (diff)
downloadsamba-9a1bec08013dda77597369387da0193081a7a6e2.tar.gz
samba-9a1bec08013dda77597369387da0193081a7a6e2.tar.bz2
samba-9a1bec08013dda77597369387da0193081a7a6e2.zip
More kludge ACLs!
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/security/security.h8
-rw-r--r--source4/libcli/security/security_token.c27
2 files changed, 35 insertions, 0 deletions
diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h
index d9485c825f..c7f2a09311 100644
--- a/source4/libcli/security/security.h
+++ b/source4/libcli/security/security.h
@@ -18,4 +18,12 @@
*/
#include "librpc/gen_ndr/security.h"
+
+enum security_user_level {
+ SECURITY_ANONYMOUS,
+ SECURITY_USER,
+ SECURITY_ADMINISTRATOR,
+ SECURITY_SYSTEM
+};
+
#include "libcli/security/proto.h"
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index e126340c46..0680c54258 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
+#include "auth/session.h"
/*
return a blank security token
@@ -141,3 +142,29 @@ bool security_token_has_nt_authenticated_users(const struct security_token *toke
{
return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
}
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info)
+{
+ if (!session_info) {
+ return SECURITY_ANONYMOUS;
+ }
+
+ if (security_token_is_system(session_info->security_token)) {
+ return SECURITY_SYSTEM;
+ }
+
+ if (security_token_is_anonymous(session_info->security_token)) {
+ return SECURITY_ANONYMOUS;
+ }
+
+ if (security_token_has_builtin_administrators(session_info->security_token)) {
+ return SECURITY_ADMINISTRATOR;
+ }
+
+ if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+ return SECURITY_USER;
+ }
+
+ return SECURITY_ANONYMOUS;
+}
+