This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
outfd (or discard it if outfd is NULL).
****************************************************************************/
-int smbrun(const char *cmd, int *outfd)
+static int smbrun_internal(const char *cmd, int *outfd, BOOL sanitize)
{
pid_t pid;
- uid_t uid = current_user.uid;
- gid_t gid = current_user.gid;
+ uid_t uid = current_user.ut.uid;
+ gid_t gid = current_user.ut.gid;
/*
- * Lose any kernel oplock capabilities we may have.
+ * Lose any elevated privileges.
*/
- oplock_set_capability(False, False);
+ drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
+ drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
/* point our stdout at the file we want output to go into */
}
#endif
- execl("/bin/sh","sh","-c",cmd,NULL);
+ {
+ const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd;
+ if (!newcmd) {
+ exit(82);
+ }
+ execl("/bin/sh","sh","-c",newcmd,NULL);
+ }
/* not reached */
- exit(82);
+ exit(83);
return 1;
}
+/****************************************************************************
+ Use only in known safe shell calls (printing).
+****************************************************************************/
+
+int smbrun_no_sanitize(const char *cmd, int *outfd)
+{
+ return smbrun_internal(cmd, outfd, False);
+}
+
+/****************************************************************************
+ By default this now sanitizes shell expansion.
+****************************************************************************/
+
+int smbrun(const char *cmd, int *outfd)
+{
+ return smbrun_internal(cmd, outfd, True);
+}
/****************************************************************************
run a command being careful about uid/gid handling and putting the output in
int smbrunsecret(const char *cmd, const char *secret)
{
pid_t pid;
- uid_t uid = current_user.uid;
- gid_t gid = current_user.gid;
+ uid_t uid = current_user.ut.uid;
+ gid_t gid = current_user.ut.gid;
int ifd[2];
/*
- * Lose any kernel oplock capabilities we may have.
+ * Lose any elevated privileges.
*/
- oplock_set_capability(False, False);
+ drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
+ drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
/* build up an input pipe */
if(pipe(ifd)) {
#endif
execl("/bin/sh", "sh", "-c", cmd, NULL);
-
+
/* not reached */
exit(82);
return 1;
git.samba.org / samba.git / blobdiff