svn commit: samba r4824 - in branches/SAMBA_3_0/source/rpc_server: .

jerry at samba.org jerry at samba.org
Tue Jan 18 18:30:33 GMT 2005 

Author: jerry
Date: 2005-01-18 18:30:32 +0000 (Tue, 18 Jan 2005)
New Revision: 4824

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4824

Log:
wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN privilege
Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c	2005-01-18 18:29:55 UTC (rev 4823)
+++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c	2005-01-18 18:30:32 UTC (rev 4824)
@@ -604,7 +604,7 @@
 	
 	/* message */
 	rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0);
-		/* security check */
+	/* security check */
 	alpha_strcpy (chkmsg, message, NULL, sizeof(message));
 	/* timeout */
 	fstr_sprintf(timeout, "%d", q_u->timeout);
@@ -617,12 +617,23 @@
 
 	if(*shutdown_script) {
 		int shutdown_ret;
+		SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN;
+		BOOL can_shutdown;
+		
+		can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown );
+		
+		/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+		if ( can_shutdown )
+			become_root();
 		all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script));
 		all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script));
 		all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script));
 		all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script));
 		shutdown_ret = smbrun(shutdown_script,NULL);
 		DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret));
+		if ( can_shutdown )
+			unbecome_root();
+		/********** END SeRemoteShutdownPrivilege BLOCK **********/
 	}
 
 	return status;
@@ -641,8 +652,20 @@
 
 	if(*abort_shutdown_script) {
 		int abort_shutdown_ret;
+		SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN;
+		BOOL can_shutdown;
+		
+		can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown );
+		
+		/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+		if ( can_shutdown )
+			become_root();
 		abort_shutdown_ret = smbrun(abort_shutdown_script,NULL);
 		DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret));
+		if ( can_shutdown )
+			unbecome_root();
+		/********** END SeRemoteShutdownPrivilege BLOCK **********/
+		
 	}
 
 	return status;

More information about the samba-cvs mailing list