From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 20 Apr 2016 14:29:42 +0000 (+0200)
Subject: libcli/security: implement SECURITY_GUEST
X-Git-Tag: talloc-2.1.7~78
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=837e6176329330893d5a1e4ce4ac67dbac758e56;p=thirdparty%2Fsamba.git

libcli/security: implement SECURITY_GUEST

SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c
index 6812d42ba01..2e5a87be504 100644
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -130,6 +130,11 @@ bool security_token_has_sid_string(const struct security_token *token, const cha
 	return ret;
 }
 
+bool security_token_has_builtin_guests(const struct security_token *token)
+{
+	return security_token_has_sid(token, &global_sid_Builtin_Guests);
+}
+
 bool security_token_has_builtin_administrators(const struct security_token *token)
 {
 	return security_token_has_sid(token, &global_sid_Builtin_Administrators);
diff --git a/libcli/security/security_token.h b/libcli/security/security_token.h
index b8ca990035c..5c5b30bac1c 100644
--- a/libcli/security/security_token.h
+++ b/libcli/security/security_token.h
@@ -51,6 +51,8 @@ bool security_token_has_sid(const struct security_token *token, const struct dom
 
 bool security_token_has_sid_string(const struct security_token *token, const char *sid_string);
 
+bool security_token_has_builtin_guests(const struct security_token *token);
+
 bool security_token_has_builtin_administrators(const struct security_token *token);
 
 bool security_token_has_nt_authenticated_users(const struct security_token *token);
diff --git a/libcli/security/session.c b/libcli/security/session.c
index 0c32556fa44..0fbb87d584e 100644
--- a/libcli/security/session.c
+++ b/libcli/security/session.c
@@ -38,6 +38,10 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
 		return SECURITY_ANONYMOUS;
 	}
 
+	if (security_token_has_builtin_guests(session_info->security_token)) {
+		return SECURITY_GUEST;
+	}
+
 	if (security_token_has_builtin_administrators(session_info->security_token)) {
 		return SECURITY_ADMINISTRATOR;
 	}
diff --git a/libcli/security/session.h b/libcli/security/session.h
index ee9187d2c9b..31e950ed449 100644
--- a/libcli/security/session.h
+++ b/libcli/security/session.h
@@ -24,6 +24,7 @@
 
 enum security_user_level {
 	SECURITY_ANONYMOUS            = 0,
+	SECURITY_GUEST                = 1,
 	SECURITY_USER                 = 10,
 	SECURITY_RO_DOMAIN_CONTROLLER = 20,
 	SECURITY_DOMAIN_CONTROLLER    = 30,