From 9a1bec08013dda77597369387da0193081a7a6e2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Mar 2008 12:12:10 +1100
Subject: More kludge ACLs!

Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.

Andrew Bartlett
(This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
---
 source4/libcli/security/security.h       |  8 ++++++++
 source4/libcli/security/security_token.c | 27 +++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

(limited to 'source4/libcli')

diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h
index d9485c825f..c7f2a09311 100644
--- a/source4/libcli/security/security.h
+++ b/source4/libcli/security/security.h
@@ -18,4 +18,12 @@
 */
 
 #include "librpc/gen_ndr/security.h"
+
+enum security_user_level {
+	SECURITY_ANONYMOUS,
+	SECURITY_USER,
+	SECURITY_ADMINISTRATOR,
+	SECURITY_SYSTEM
+};
+
 #include "libcli/security/proto.h"
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index e126340c46..0680c54258 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "dsdb/samdb/samdb.h"
 #include "libcli/security/security.h"
+#include "auth/session.h"
 
 /*
   return a blank security token
@@ -141,3 +142,29 @@ bool security_token_has_nt_authenticated_users(const struct security_token *toke
 {
 	return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
 }
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info) 
+{
+	if (!session_info) {
+		return SECURITY_ANONYMOUS;
+	}
+	
+	if (security_token_is_system(session_info->security_token)) {
+		return SECURITY_SYSTEM;
+	}
+
+	if (security_token_is_anonymous(session_info->security_token)) {
+		return SECURITY_ANONYMOUS;
+	}
+
+	if (security_token_has_builtin_administrators(session_info->security_token)) {
+		return SECURITY_ADMINISTRATOR;
+	}
+
+	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+		return SECURITY_USER;
+	}
+
+	return SECURITY_ANONYMOUS;
+}
+
-- 
cgit