diff options
| author | Simo Sorce <idra@samba.org> | 2005-03-24 00:01:56 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:16 -0500 |
| commit | 899ade0e62ebbfd6994101c45bb56d20357535af (patch) | |
| tree | 997194cb73b502c625bd3c761c8d2044d8179c09 /source3/rpc_server/srv_srvsvc_nt.c | |
| parent | 5d1cb8e79edea9e8581d3c2c9dd297310cd9a98c (diff) | |
| download | samba-899ade0e62ebbfd6994101c45bb56d20357535af.tar.gz samba-899ade0e62ebbfd6994101c45bb56d20357535af.tar.bz2 samba-899ade0e62ebbfd6994101c45bb56d20357535af.zip | |
r6016: Give access only to root and Domain Users
(This used to be commit d3557ed4b7c4d58a50cc6041c06cc4eff5ef659a)
Diffstat (limited to 'source3/rpc_server/srv_srvsvc_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index a00409afc8..5dd2e6e47f 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1354,13 +1354,13 @@ net sess del WERROR _srv_net_sess_del(pipes_struct *p, SRV_Q_NET_SESS_DEL *q_u, SRV_R_NET_SESS_DEL *r_u) { - struct current_user user; struct sessionid *session_list; + struct current_user user; int num_sessions, snum, ret; fstring username; fstring machine; - SE_PRIV se_diskop = SE_DISK_OPERATOR; /* Is disk op appropriate here ? JRA. */ - BOOL is_disk_op = False; + /* SE_PRIV se_diskop = SE_DISK_OPERATOR; / * Is disk op appropriate here ? JRA. * / + BOOL is_disk_op = False; / * No. SSS. :) */ rpcstr_pull_unistr2_fstring(username, &q_u->uni_user_name); rpcstr_pull_unistr2_fstring(machine, &q_u->uni_cli_name); @@ -1374,32 +1374,44 @@ WERROR _srv_net_sess_del(pipes_struct *p, SRV_Q_NET_SESS_DEL *q_u, SRV_R_NET_SES DEBUG(5,("_srv_net_sess_del: %d\n", __LINE__)); - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); - - /* fail out now if you are not root and not a disk op */ + /* is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); */ - if ( user.uid != sec_initial_uid() && !is_disk_op ) - return WERR_ACCESS_DENIED; - r_u->status = WERR_ACCESS_DENIED; + get_current_user(&user, p); + /* fail out now if you are not root */ + /* or at least domain admins */ + if ((user.uid != sec_initial_uid()) && + ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) { + + goto done; + } + for (snum = 0; snum < num_sessions; snum++) { if ((strequal(session_list[snum].username, username) || username[0] == '\0' ) && strequal(session_list[snum].remote_machine, machine)) { + if (user.uid != sec_initial_uid()) { + become_root(); + } if ((ret = message_send_pid(session_list[snum].pid, MSG_SHUTDOWN, NULL, 0, False))) { r_u->status = WERR_OK; } else { r_u->status = WERR_ACCESS_DENIED; } + if (user.uid != sec_initial_uid()) { + unbecome_root(); + } } } DEBUG(5,("_srv_net_sess_del: %d\n", __LINE__)); + +done: + SAFE_FREE(session_list); + return r_u->status; } |