diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-09-15 19:25:45 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-09-15 19:25:45 -0700 |
commit | 7ded0741d9d5a4c2859769e4abfbc197aed0e5e1 (patch) | |
tree | 9c9d10956c39f1262780aade62becfd791b567f6 /source4/libcli | |
parent | 10e25fc5e90e9eaabedc2f3477ac1e8947c88c77 (diff) | |
download | samba-7ded0741d9d5a4c2859769e4abfbc197aed0e5e1.tar.gz samba-7ded0741d9d5a4c2859769e4abfbc197aed0e5e1.tar.bz2 samba-7ded0741d9d5a4c2859769e4abfbc197aed0e5e1.zip |
s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/security/security.h | 1 | ||||
-rw-r--r-- | source4/libcli/security/security_token.c | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h index 6dbbe014e7..3cfa484816 100644 --- a/source4/libcli/security/security.h +++ b/source4/libcli/security/security.h @@ -22,6 +22,7 @@ enum security_user_level { SECURITY_ANONYMOUS, SECURITY_USER, + SECURITY_DOMAIN_CONTROLLER, SECURITY_ADMINISTRATOR, SECURITY_SYSTEM }; diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c index 0764dfeb8f..d3eff93ddb 100644 --- a/source4/libcli/security/security_token.c +++ b/source4/libcli/security/security_token.c @@ -142,6 +142,11 @@ bool security_token_has_nt_authenticated_users(const struct security_token *toke return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS); } +bool security_token_has_enterprise_dcs(const struct security_token *token) +{ + return security_token_has_sid_string(token, SID_NT_ENTERPRISE_DCS); +} + enum security_user_level security_session_user_level(struct auth_session_info *session_info) { if (!session_info) { @@ -160,6 +165,10 @@ enum security_user_level security_session_user_level(struct auth_session_info *s return SECURITY_ADMINISTRATOR; } + if (security_token_has_enterprise_dcs(session_info->security_token)) { + return SECURITY_DOMAIN_CONTROLLER; + } + if (security_token_has_nt_authenticated_users(session_info->security_token)) { return SECURITY_USER; } |