r23994: Finish my work to ensure that non-root and non-administrator users

cannot vampire, provision or upgrade a Samba4 server via SWAT.

(The previous commit was an accident, and not complete).

This should get Samba4 closer to being 'secure' for an alpha release.

Andrew Bartlett
(This used to be commit 3b6695de36bcea8a76001c9a5585eac871646450)

1 files changed, 77 insertions, 71 deletions

diff --git a/webapps/install/samba3.esp b/webapps/install/samba3.esp
index 31857c01e9..c6fc9f1418 100644
--- a/webapps/install/samba3.esp
+++ b/webapps/install/samba3.esp
@@ -15,91 +15,97 @@
 <h1>Import from Samba3</h1>
 
 <%
-if (form['submit'] == "Cancel") {
-	redirect("/");
-}
+if (session.authinfo.user_class == "ADMINISTRATOR"
+    || session.authinfo.user_class == "SYSTEM") {
 
-function confirm_form()
-{
-	var samba3 = samba3_read(form['LIBDIR'], form['SMBCONF']);
-
-	var subobj = upgrade_provision(samba3);
-	var f = FormObj("Import from Samba3", 0, 2);
-	subobj.ADMINPASS = "";
-
-	f.add("REALM", "Realm");
-	f.add("DOMAIN", "Domain Name");
-	f.add("HOSTNAME", "Hostname");
-	f.add("ADMINPASS", "Administrator Password", "password");
-	f.add("CONFIRM", "Confirm Password", "password");
-	f.add("DOMAINSID", "Domain SID");
-	f.add("HOSTGUID", "Host GUID");
-	f.add("HOSTIP", "Host IP");
-	f.add("DEFAULTSITE", "Default Site");
-
-	for (i=0;i<f.element.length;i++) {
-		f.element[i].value = subobj[f.element[i].name];
+	if (form['submit'] == "Cancel") {
+		redirect("/");
 	}
 
-	f.add("SMBCONF", "", "hidden", form['SMBCONF']);
-	f.add("LIBDIR", "", "hidden", form['LIBDIR']);
+	function confirm_form()
+	{
+		var samba3 = samba3_read(form['LIBDIR'], form['SMBCONF']);
+
+		var subobj = upgrade_provision(samba3);
+		var f = FormObj("Import from Samba3", 0, 2);
+		subobj.ADMINPASS = "";
+
+		f.add("REALM", "Realm");
+		f.add("DOMAIN", "Domain Name");
+		f.add("HOSTNAME", "Hostname");
+		f.add("ADMINPASS", "Administrator Password", "password");
+		f.add("CONFIRM", "Confirm Password", "password");
+		f.add("DOMAINSID", "Domain SID");
+		f.add("HOSTGUID", "Host GUID");
+		f.add("HOSTIP", "Host IP");
+		f.add("DEFAULTSITE", "Default Site");
+
+		for (i=0;i<f.element.length;i++) {
+			f.element[i].value = subobj[f.element[i].name];
+		}
 
-	f.submit[0] = "Continue";
-	f.submit[1] = "Cancel";
-	f.display();	
-}
+		f.add("SMBCONF", "", "hidden", form['SMBCONF']);
+		f.add("LIBDIR", "", "hidden", form['LIBDIR']);
 
-if (form['submit'] == "Import") {
-	confirm_form();
-} else if (form['submit'] == "Continue") {
-	var samba3 = samba3_read(form['LIBDIR'], form['SMBCONF']);
-	assert(samba3 != undefined);
-	var subobj = upgrade_provision(samba3);
-	for (r in form) {
-		subobj[r] = form[r];
+		f.submit[0] = "Continue";
+		f.submit[1] = "Cancel";
+		f.display();	
 	}
 
-	var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
-
-	if (!goodpass) {
-		write("<h3>Passwords don't match.  Please try again.</h3>");
-		confirm_form();
-	} else if (subobj.ADMINPASS == "") {
-		write("<h3>You must choose an administrator password.  Please try again.</h3>");
+	if (form['submit'] == "Import") {
 		confirm_form();
-	} else {
-		var paths = provision_default_paths(subobj);
-		if (!provision(subobj, writefln, true, paths, 
-			       session.authinfo.session_info, session.authinfo.credentials)) {
-			writefln("Provision failed!");
-		} else { 
-			var ret = upgrade(subobj,samba3,message,paths,
-					  session.authinfo.session_info, session.authinfo.credentials);
-			if (ret > 0) {
-				writefln("Failed to import %d entries\n", ret);
-			} else {
-				if (!provision_dns(subobj, writefln, paths,
-						   session.authinfo.session_info, session.authinfo.credentials)) {
-					writefln("DNS Provision failed!");
+	} else if (form['submit'] == "Continue") {
+		var samba3 = samba3_read(form['LIBDIR'], form['SMBCONF']);
+		assert(samba3 != undefined);
+		var subobj = upgrade_provision(samba3);
+		for (r in form) {
+			subobj[r] = form[r];
+		}
+
+		var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
+
+		if (!goodpass) {
+			write("<h3>Passwords don't match.  Please try again.</h3>");
+			confirm_form();
+		} else if (subobj.ADMINPASS == "") {
+			write("<h3>You must choose an administrator password.  Please try again.</h3>");
+			confirm_form();
+		} else {
+			var paths = provision_default_paths(subobj);
+			if (!provision(subobj, writefln, true, paths, 
+				       session.authinfo.session_info, session.authinfo.credentials)) {
+				writefln("Provision failed!");
+			} else { 
+				var ret = upgrade(subobj,samba3,message,paths,
+						  session.authinfo.session_info, session.authinfo.credentials);
+				if (ret > 0) {
+					writefln("Failed to import %d entries\n", ret);
 				} else {
-					writefln("Reloading smb.conf\n");
-					var lp = loadparm_init();
-					lp.reload();
-					writefln("Upgrade Complete!");
+					if (!provision_dns(subobj, writefln, paths,
+							   session.authinfo.session_info, session.authinfo.credentials)) {
+						writefln("DNS Provision failed!");
+					} else {
+						writefln("Reloading smb.conf\n");
+						var lp = loadparm_init();
+						lp.reload();
+						writefln("Upgrade Complete!");
+					}
 				}
 			}
 		}
-	}
-} else {
-	var f = FormObj("Import from Samba3", 0, 2);
+	} else {
+		var f = FormObj("Import from Samba3", 0, 2);
 
-	f.add("SMBCONF", "smb.conf file", "text", "/etc/samba/smb.conf");
-	f.add("LIBDIR", "Lib directory", "text", "/var/lib/samba");
-	f.submit[0] = "Import";
-	f.submit[1] = "Cancel";
+		f.add("SMBCONF", "smb.conf file", "text", "/etc/samba/smb.conf");
+		f.add("LIBDIR", "Lib directory", "text", "/var/lib/samba");
+		f.submit[0] = "Import";
+		f.submit[1] = "Cancel";
 
-	write('<p>Warning: This will erase your current configuration!</p>');
-	f.display();
+		write('<p>Warning: This will erase your current configuration!</p>');
+		f.display();
+	}
+} else {
+	redirect("/");
 }
 %>