From d50816d59a830ab1ecea271063fe0b2fade9683d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 18 Jan 2005 18:30:32 +0000 Subject: r4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege (This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1) --- source3/rpc_server/srv_reg_nt.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index 27cdf1b1b9..c11e0d59a0 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -604,7 +604,7 @@ WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) /* message */ rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0); - /* security check */ + /* security check */ alpha_strcpy (chkmsg, message, NULL, sizeof(message)); /* timeout */ fstr_sprintf(timeout, "%d", q_u->timeout); @@ -617,12 +617,23 @@ WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) if(*shutdown_script) { int shutdown_ret; + SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; + BOOL can_shutdown; + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + if ( can_shutdown ) + become_root(); all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script)); all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script)); all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script)); all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script)); shutdown_ret = smbrun(shutdown_script,NULL); DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret)); + if ( can_shutdown ) + unbecome_root(); + /********** END SeRemoteShutdownPrivilege BLOCK **********/ } return status; @@ -641,8 +652,20 @@ WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABO if(*abort_shutdown_script) { int abort_shutdown_ret; + SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; + BOOL can_shutdown; + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + if ( can_shutdown ) + become_root(); abort_shutdown_ret = smbrun(abort_shutdown_script,NULL); DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret)); + if ( can_shutdown ) + unbecome_root(); + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + } return status; -- cgit