summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-03-23 21:46:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:15 -0500
commit920745f0df024741f28e8557c52187a8db01c5d1 (patch)
treed7a7580c21468aafcd77f1985f0935f6ff7284e8
parentbece9417d2e232e5b13ea340c79430bb9680eb8a (diff)
downloadsamba-920745f0df024741f28e8557c52187a8db01c5d1.tar.gz
samba-920745f0df024741f28e8557c52187a8db01c5d1.tar.bz2
samba-920745f0df024741f28e8557c52187a8db01c5d1.zip
r6009: Add privillage check for SE_DISK_OP (is this the right privilage?)
before allowing users to shut down any sessions. Simo - please check security before allowing state changes. Please review this change. Jeremy. (This used to be commit 51beba71d4d5d3d259e567b65b1694d862814fe9)
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 8bcb5c82ac..a00409afc8 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1354,10 +1354,13 @@ net sess del
WERROR _srv_net_sess_del(pipes_struct *p, SRV_Q_NET_SESS_DEL *q_u, SRV_R_NET_SESS_DEL *r_u)
{
+ struct current_user user;
struct sessionid *session_list;
int num_sessions, snum, ret;
fstring username;
fstring machine;
+ SE_PRIV se_diskop = SE_DISK_OPERATOR; /* Is disk op appropriate here ? JRA. */
+ BOOL is_disk_op = False;
rpcstr_pull_unistr2_fstring(username, &q_u->uni_user_name);
rpcstr_pull_unistr2_fstring(machine, &q_u->uni_cli_name);
@@ -1371,12 +1374,21 @@ WERROR _srv_net_sess_del(pipes_struct *p, SRV_Q_NET_SESS_DEL *q_u, SRV_R_NET_SES
DEBUG(5,("_srv_net_sess_del: %d\n", __LINE__));
+ get_current_user(&user,p);
+
+ is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+
+ /* fail out now if you are not root and not a disk op */
+
+ if ( user.uid != sec_initial_uid() && !is_disk_op )
+ return WERR_ACCESS_DENIED;
+
r_u->status = WERR_ACCESS_DENIED;
for (snum = 0; snum < num_sessions; snum++) {
- if ((StrCaseCmp(session_list[snum].username, username) == 0 || username[0] == '\0' ) &&
- StrCaseCmp(session_list[snum].remote_machine, machine) == 0) {
+ if ((strequal(session_list[snum].username, username) || username[0] == '\0' ) &&
+ strequal(session_list[snum].remote_machine, machine)) {
if ((ret = message_send_pid(session_list[snum].pid, MSG_SHUTDOWN, NULL, 0, False))) {
r_u->status = WERR_OK;
@@ -1497,7 +1509,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
char *path;
SEC_DESC *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
- BOOL is_disk_op;
+ BOOL is_disk_op = False;
DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));