Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : session_info utility functions
5 :
6 : Copyright (C) Andrew Bartlett 2008-2010
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "libcli/security/security.h"
24 : #include "librpc/gen_ndr/auth.h"
25 :
26 51604826 : enum security_user_level security_session_user_level(struct auth_session_info *session_info,
27 : const struct dom_sid *domain_sid)
28 : {
29 51604826 : struct security_token *token = NULL;
30 51604826 : bool authenticated = false;
31 51604826 : bool guest = false;
32 :
33 51604826 : if (!session_info) {
34 762263 : return SECURITY_ANONYMOUS;
35 : }
36 50842563 : token = session_info->security_token;
37 :
38 50842563 : if (security_token_is_system(token)) {
39 34018186 : return SECURITY_SYSTEM;
40 : }
41 :
42 16824377 : if (security_token_is_anonymous(token)) {
43 670452 : return SECURITY_ANONYMOUS;
44 : }
45 :
46 16153925 : authenticated = security_token_has_nt_authenticated_users(token);
47 16153925 : guest = security_token_has_builtin_guests(token);
48 16153925 : if (!authenticated) {
49 6777 : if (guest) {
50 66 : return SECURITY_GUEST;
51 : }
52 6711 : return SECURITY_ANONYMOUS;
53 : }
54 :
55 16147148 : if (security_token_has_builtin_administrators(token)) {
56 15741075 : return SECURITY_ADMINISTRATOR;
57 : }
58 :
59 406073 : if (domain_sid) {
60 3840 : struct dom_sid rodc_dcs = { .num_auths = 0 };
61 3840 : sid_compose(&rodc_dcs, domain_sid, DOMAIN_RID_READONLY_DCS);
62 :
63 3840 : if (security_token_has_sid(token, &rodc_dcs)) {
64 2018 : return SECURITY_RO_DOMAIN_CONTROLLER;
65 : }
66 : }
67 :
68 404055 : if (security_token_has_enterprise_dcs(token)) {
69 24495 : return SECURITY_DOMAIN_CONTROLLER;
70 : }
71 :
72 379560 : return SECURITY_USER;
73 : }
|
