enum security_user_level security_session_user_level(struct auth_session_info *session_info)
{
if (!session_info) {
return SECURITY_ANONYMOUS;
}
if (security_token_is_system(session_info->security_token)) {
return SECURITY_SYSTEM;
}
if (security_token_is_anonymous(session_info->security_token)) {
return SECURITY_ANONYMOUS;
}
if (security_token_has_builtin_administrators(session_info->security_token)) {
return SECURITY_ADMINISTRATOR;
}
if (security_token_has_enterprise_dcs(session_info->security_token)) {
return SECURITY_DOMAIN_CONTROLLER;
}
if (security_token_has_nt_authenticated_users(session_info->security_token)) {
return SECURITY_USER;
}
return SECURITY_ANONYMOUS;
}
static enum user_is what_is_user(struct ldb_module *module)
{
struct auth_session_info *session_info
= ldb_get_opaque(module->ldb, "sessionInfo");
if (!session_info) {
return ANONYMOUS;
}
if (security_token_is_system(session_info->security_token)) {
return SYSTEM;
}
if (security_token_is_anonymous(session_info->security_token)) {
return ANONYMOUS;
}
if (security_token_has_builtin_administrators(session_info->security_token)) {
return ADMINISTRATOR;
}
if (security_token_has_nt_authenticated_users(session_info->security_token)) {
return USER;
}
return ANONYMOUS;
}
/*
setup the privilege mask for this security token based on our
local SAM
*/
NTSTATUS samdb_privilege_setup(struct tevent_context *ev_ctx,
struct loadparm_context *lp_ctx, struct security_token *token)
{
void *samctx;
TALLOC_CTX *mem_ctx;
int i;
NTSTATUS status;
/* Shortcuts to prevent recursion and avoid lookups */
if (token->user_sid == NULL) {
token->privilege_mask = 0;
return NT_STATUS_OK;
}
if (security_token_is_system(token)) {
token->privilege_mask = ~0;
return NT_STATUS_OK;
}
if (security_token_is_anonymous(token)) {
token->privilege_mask = 0;
return NT_STATUS_OK;
}
mem_ctx = talloc_new(token);
samctx = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(mem_ctx, lp_ctx));
if (samctx == NULL) {
talloc_free(mem_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
token->privilege_mask = 0;
for (i=0;i<token->num_sids;i++) {
status = samdb_privilege_setup_sid(samctx, mem_ctx,
token, token->sids[i]);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return status;
}
}
talloc_free(mem_ctx);
return NT_STATUS_OK;
}
enum security_user_level security_session_user_level(struct auth_session_info *session_info,
const struct dom_sid *domain_sid)
{
if (!session_info) {
return SECURITY_ANONYMOUS;
}
if (security_token_is_system(session_info->security_token)) {
return SECURITY_SYSTEM;
}
if (security_token_is_anonymous(session_info->security_token)) {
return SECURITY_ANONYMOUS;
}
if (security_token_has_builtin_administrators(session_info->security_token)) {
return SECURITY_ADMINISTRATOR;
}
if (domain_sid) {
struct dom_sid *rodc_dcs;
rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
talloc_free(rodc_dcs);
return SECURITY_RO_DOMAIN_CONTROLLER;
}
talloc_free(rodc_dcs);
}
if (security_token_has_enterprise_dcs(session_info->security_token)) {
return SECURITY_DOMAIN_CONTROLLER;
}
if (security_token_has_nt_authenticated_users(session_info->security_token)) {
return SECURITY_USER;
}
return SECURITY_ANONYMOUS;
}
