svn commit: samba r4824 - in branches/SAMBA_3_0/source/rpc_server: .

Tue, 18 Jan 2005 10:30:57 -0800 

Author: jerry
Date: 2005-01-18 18:30:32 +0000 (Tue, 18 Jan 2005)
New Revision: 4824

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4824

Log:
wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN 
privilege
Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c   2005-01-18 18:29:55 UTC 
(rev 4823)
+++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c   2005-01-18 18:30:32 UTC 
(rev 4824)
@@ -604,7 +604,7 @@
        
        /* message */
        rpcstr_pull (message, unimsg.buffer, sizeof(message), 
unimsg.uni_str_len*2,0);
-               /* security check */
+       /* security check */
        alpha_strcpy (chkmsg, message, NULL, sizeof(message));
        /* timeout */
        fstr_sprintf(timeout, "%d", q_u->timeout);
@@ -617,12 +617,23 @@
 
        if(*shutdown_script) {
                int shutdown_ret;
+               SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN;
+               BOOL can_shutdown;
+               
+               can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, 
&se_shutdown );
+               
+               /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+               if ( can_shutdown )
+                       become_root();
                all_string_sub(shutdown_script, "%m", chkmsg, 
sizeof(shutdown_script));
                all_string_sub(shutdown_script, "%t", timeout, 
sizeof(shutdown_script));
                all_string_sub(shutdown_script, "%r", r, 
sizeof(shutdown_script));
                all_string_sub(shutdown_script, "%f", f, 
sizeof(shutdown_script));
                shutdown_ret = smbrun(shutdown_script,NULL);
                DEBUG(3,("_reg_shutdown: Running the command `%s' gave 
%d\n",shutdown_script,shutdown_ret));
+               if ( can_shutdown )
+                       unbecome_root();
+               /********** END SeRemoteShutdownPrivilege BLOCK **********/
        }
 
        return status;
@@ -641,8 +652,20 @@
 
        if(*abort_shutdown_script) {
                int abort_shutdown_ret;
+               SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN;
+               BOOL can_shutdown;
+               
+               can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, 
&se_shutdown );
+               
+               /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+               if ( can_shutdown )
+                       become_root();
                abort_shutdown_ret = smbrun(abort_shutdown_script,NULL);
                DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave 
%d\n",abort_shutdown_script,abort_shutdown_ret));
+               if ( can_shutdown )
+                       unbecome_root();
+               /********** END SeRemoteShutdownPrivilege BLOCK **********/
+               
        }
 
        return status;

Reply via email to