Author: jerry Date: 2005-01-18 18:30:32 +0000 (Tue, 18 Jan 2005) New Revision: 4824
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4824 Log: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-01-18 18:29:55 UTC (rev 4823) +++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-01-18 18:30:32 UTC (rev 4824) @@ -604,7 +604,7 @@ /* message */ rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0); - /* security check */ + /* security check */ alpha_strcpy (chkmsg, message, NULL, sizeof(message)); /* timeout */ fstr_sprintf(timeout, "%d", q_u->timeout); @@ -617,12 +617,23 @@ if(*shutdown_script) { int shutdown_ret; + SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; + BOOL can_shutdown; + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + if ( can_shutdown ) + become_root(); all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script)); all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script)); all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script)); all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script)); shutdown_ret = smbrun(shutdown_script,NULL); DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret)); + if ( can_shutdown ) + unbecome_root(); + /********** END SeRemoteShutdownPrivilege BLOCK **********/ } return status; @@ -641,8 +652,20 @@ if(*abort_shutdown_script) { int abort_shutdown_ret; + SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; + BOOL can_shutdown; + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + if ( can_shutdown ) + become_root(); abort_shutdown_ret = smbrun(abort_shutdown_script,NULL); DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret)); + if ( can_shutdown ) + unbecome_root(); + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + } return status;