From 4b5e95a9894b8c5bf2a7243ba4f3190a2f5cc5d2 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 20 Apr 2016 16:29:42 +0200
Subject: [PATCH] libcli/security: implement SECURITY_GUEST
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: GÃ¼nther Deschner <gd@samba.org>
(cherry picked from commit 837e6176329330893d5a1e4ce4ac67dbac758e56)
---
 libcli/security/security_token.c | 5 +++++
 libcli/security/security_token.h | 2 ++
 libcli/security/session.c        | 4 ++++
 libcli/security/session.h        | 1 +
 4 files changed, 12 insertions(+)

diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c
index 6812d42ba01..2e5a87be504 100644
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -130,6 +130,11 @@ bool security_token_has_sid_string(const struct security_token *token, const cha
 	return ret;
 }
 
+bool security_token_has_builtin_guests(const struct security_token *token)
+{
+	return security_token_has_sid(token, &global_sid_Builtin_Guests);
+}
+
 bool security_token_has_builtin_administrators(const struct security_token *token)
 {
 	return security_token_has_sid(token, &global_sid_Builtin_Administrators);
diff --git a/libcli/security/security_token.h b/libcli/security/security_token.h
index b8ca990035c..5c5b30bac1c 100644
--- a/libcli/security/security_token.h
+++ b/libcli/security/security_token.h
@@ -51,6 +51,8 @@ bool security_token_has_sid(const struct security_token *token, const struct dom
 
 bool security_token_has_sid_string(const struct security_token *token, const char *sid_string);
 
+bool security_token_has_builtin_guests(const struct security_token *token);
+
 bool security_token_has_builtin_administrators(const struct security_token *token);
 
 bool security_token_has_nt_authenticated_users(const struct security_token *token);
diff --git a/libcli/security/session.c b/libcli/security/session.c
index 0c32556fa44..0fbb87d584e 100644
--- a/libcli/security/session.c
+++ b/libcli/security/session.c
@@ -38,6 +38,10 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
 		return SECURITY_ANONYMOUS;
 	}
 
+	if (security_token_has_builtin_guests(session_info->security_token)) {
+		return SECURITY_GUEST;
+	}
+
 	if (security_token_has_builtin_administrators(session_info->security_token)) {
 		return SECURITY_ADMINISTRATOR;
 	}
diff --git a/libcli/security/session.h b/libcli/security/session.h
index ee9187d2c9b..31e950ed449 100644
--- a/libcli/security/session.h
+++ b/libcli/security/session.h
@@ -24,6 +24,7 @@
 
 enum security_user_level {
 	SECURITY_ANONYMOUS            = 0,
+	SECURITY_GUEST                = 1,
 	SECURITY_USER                 = 10,
 	SECURITY_RO_DOMAIN_CONTROLLER = 20,
 	SECURITY_DOMAIN_CONTROLLER    = 30,
-- 
2.47.2