2010-09-17 06:59:24 +04:00
/*
Unix SMB / CIFS implementation .
session_info utility functions
Copyright ( C ) Andrew Bartlett 2008 - 2010
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2023-03-03 20:41:33 +03:00
# include "replace.h"
2010-09-17 06:59:24 +04:00
# include "libcli/security/security.h"
2023-03-03 20:41:33 +03:00
# include "libcli/util/werror.h"
2011-02-10 12:21:11 +03:00
# include "librpc/gen_ndr/auth.h"
2010-09-17 06:59:24 +04:00
enum security_user_level security_session_user_level ( struct auth_session_info * session_info ,
const struct dom_sid * domain_sid )
{
2021-09-25 09:20:18 +03:00
struct security_token * token = NULL ;
2018-03-14 13:44:49 +03:00
bool authenticated = false ;
bool guest = false ;
2010-09-17 06:59:24 +04:00
if ( ! session_info ) {
return SECURITY_ANONYMOUS ;
}
2021-09-25 09:20:18 +03:00
token = session_info - > security_token ;
2010-09-17 06:59:24 +04:00
2021-09-25 09:20:18 +03:00
if ( security_token_is_system ( token ) ) {
2010-09-17 06:59:24 +04:00
return SECURITY_SYSTEM ;
}
2021-09-25 09:20:18 +03:00
if ( security_token_is_anonymous ( token ) ) {
2010-09-17 06:59:24 +04:00
return SECURITY_ANONYMOUS ;
}
2021-09-25 09:20:18 +03:00
authenticated = security_token_has_nt_authenticated_users ( token ) ;
guest = security_token_has_builtin_guests ( token ) ;
2018-03-14 13:44:49 +03:00
if ( ! authenticated ) {
if ( guest ) {
return SECURITY_GUEST ;
}
return SECURITY_ANONYMOUS ;
2016-04-20 17:29:42 +03:00
}
2021-09-25 09:20:18 +03:00
if ( security_token_has_builtin_administrators ( token ) ) {
2010-09-17 06:59:24 +04:00
return SECURITY_ADMINISTRATOR ;
}
if ( domain_sid ) {
2021-09-25 09:23:03 +03:00
struct dom_sid rodc_dcs = { . num_auths = 0 } ;
sid_compose ( & rodc_dcs , domain_sid , DOMAIN_RID_READONLY_DCS ) ;
if ( security_token_has_sid ( token , & rodc_dcs ) ) {
2010-09-17 06:59:24 +04:00
return SECURITY_RO_DOMAIN_CONTROLLER ;
}
}
2021-09-25 09:20:18 +03:00
if ( security_token_has_enterprise_dcs ( token ) ) {
2010-09-17 06:59:24 +04:00
return SECURITY_DOMAIN_CONTROLLER ;
}
2018-03-14 13:44:49 +03:00
return SECURITY_USER ;
2010-09-17 06:59:24 +04:00
}