From 2fd59920381ea81734565637adcec96e5668ef86 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 14 Mar 2008 14:33:18 +0100
Subject: swig: regenerate _wrap.c files

metze
(This used to be commit 08b41e10699c7bb8058ab0ab61f17a1bbfcc1ce4)
---
 source4/libcli/security/security_wrap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/libcli/security')

diff --git a/source4/libcli/security/security_wrap.c b/source4/libcli/security/security_wrap.c
index 72118b2359..eb9e4c45d9 100644
--- a/source4/libcli/security/security_wrap.c
+++ b/source4/libcli/security/security_wrap.c
@@ -3116,7 +3116,7 @@ SWIGINTERN PyObject *_wrap_security_descriptor_sacl_add(PyObject *SWIGUNUSEDPARM
   arg2 = (struct security_ace *)(argp2);
   result = security_descriptor_sacl_add(arg1,(struct security_ace const *)arg2);
   if (NT_STATUS_IS_ERR(result)) {
-    PyObject *obj = Py_BuildValue((char *)"(i,s)", (&result)->v, nt_errstr(result));
+    PyObject *obj = Py_BuildValue((char *)"(i,s)", NT_STATUS_V(result), nt_errstr(result));
     PyErr_SetObject(PyExc_RuntimeError, obj);
     SWIG_fail;
   } else if (resultobj == NULL) {
@@ -3156,7 +3156,7 @@ SWIGINTERN PyObject *_wrap_security_descriptor_dacl_add(PyObject *SWIGUNUSEDPARM
   arg2 = (struct security_ace *)(argp2);
   result = security_descriptor_dacl_add(arg1,(struct security_ace const *)arg2);
   if (NT_STATUS_IS_ERR(result)) {
-    PyObject *obj = Py_BuildValue((char *)"(i,s)", (&result)->v, nt_errstr(result));
+    PyObject *obj = Py_BuildValue((char *)"(i,s)", NT_STATUS_V(result), nt_errstr(result));
     PyErr_SetObject(PyExc_RuntimeError, obj);
     SWIG_fail;
   } else if (resultobj == NULL) {
@@ -3196,7 +3196,7 @@ SWIGINTERN PyObject *_wrap_security_descriptor_dacl_del(PyObject *SWIGUNUSEDPARM
   arg2 = (struct dom_sid *)(argp2);
   result = security_descriptor_dacl_del(arg1,(struct dom_sid const *)arg2);
   if (NT_STATUS_IS_ERR(result)) {
-    PyObject *obj = Py_BuildValue((char *)"(i,s)", (&result)->v, nt_errstr(result));
+    PyObject *obj = Py_BuildValue((char *)"(i,s)", NT_STATUS_V(result), nt_errstr(result));
     PyErr_SetObject(PyExc_RuntimeError, obj);
     SWIG_fail;
   } else if (resultobj == NULL) {
@@ -3236,7 +3236,7 @@ SWIGINTERN PyObject *_wrap_security_descriptor_sacl_del(PyObject *SWIGUNUSEDPARM
   arg2 = (struct dom_sid *)(argp2);
   result = security_descriptor_sacl_del(arg1,(struct dom_sid const *)arg2);
   if (NT_STATUS_IS_ERR(result)) {
-    PyObject *obj = Py_BuildValue((char *)"(i,s)", (&result)->v, nt_errstr(result));
+    PyObject *obj = Py_BuildValue((char *)"(i,s)", NT_STATUS_V(result), nt_errstr(result));
     PyErr_SetObject(PyExc_RuntimeError, obj);
     SWIG_fail;
   } else if (resultobj == NULL) {
-- 
cgit 


From 9a1bec08013dda77597369387da0193081a7a6e2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Mar 2008 12:12:10 +1100
Subject: More kludge ACLs!

Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.

Andrew Bartlett
(This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
---
 source4/libcli/security/security.h       |  8 ++++++++
 source4/libcli/security/security_token.c | 27 +++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

(limited to 'source4/libcli/security')

diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h
index d9485c825f..c7f2a09311 100644
--- a/source4/libcli/security/security.h
+++ b/source4/libcli/security/security.h
@@ -18,4 +18,12 @@
 */
 
 #include "librpc/gen_ndr/security.h"
+
+enum security_user_level {
+	SECURITY_ANONYMOUS,
+	SECURITY_USER,
+	SECURITY_ADMINISTRATOR,
+	SECURITY_SYSTEM
+};
+
 #include "libcli/security/proto.h"
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index e126340c46..0680c54258 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "dsdb/samdb/samdb.h"
 #include "libcli/security/security.h"
+#include "auth/session.h"
 
 /*
   return a blank security token
@@ -141,3 +142,29 @@ bool security_token_has_nt_authenticated_users(const struct security_token *toke
 {
 	return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
 }
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info) 
+{
+	if (!session_info) {
+		return SECURITY_ANONYMOUS;
+	}
+	
+	if (security_token_is_system(session_info->security_token)) {
+		return SECURITY_SYSTEM;
+	}
+
+	if (security_token_is_anonymous(session_info->security_token)) {
+		return SECURITY_ANONYMOUS;
+	}
+
+	if (security_token_has_builtin_administrators(session_info->security_token)) {
+		return SECURITY_ADMINISTRATOR;
+	}
+
+	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+		return SECURITY_USER;
+	}
+
+	return SECURITY_ANONYMOUS;
+}
+
-- 
cgit