r4824: wrap the shutdown and abort_shutdown calls in check for the SE_REMOTE_SHUTDOWN...

author Gerald Carter <jerry@samba.org>

Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 15:53:56 +0000 (10:53 -0500)
author Gerald Carter <jerry@samba.org>
Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:53:56 +0000 (10:53 -0500)
diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c

index 27cdf1b1b9e9a5eb676717c8cb5fcf3c43587f8b..c11e0d59a056915253dd83b54e35a33fda704125 100644 (file)
--- a/source/rpc_server/srv_reg_nt.c
+++ b/source/rpc_server/srv_reg_nt.c
@@ -604,7 +604,7 @@ WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u)
         
         /* message */
         rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0);
-               /* security check */
+       /* security check */
         alpha_strcpy (chkmsg, message, NULL, sizeof(message));
         /* timeout */
         fstr_sprintf(timeout, "%d", q_u->timeout);
@@ -617,12 +617,23 @@ WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u)
  
         if(*shutdown_script) {
                 int shutdown_ret;
+               SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN;
+               BOOL can_shutdown;
+               
+               can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown );
+               
+               /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+               if ( can_shutdown )
+                       become_root();
                 all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script));
                 all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script));
                 all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script));
                 all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script));
                 shutdown_ret = smbrun(shutdown_script,NULL);
                 DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret));
+               if ( can_shutdown )
+                       unbecome_root();
+               /********** END SeRemoteShutdownPrivilege BLOCK **********/
         }
  
         return status;
@@ -641,8 +652,20 @@ WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABO
  
         if(*abort_shutdown_script) {
                 int abort_shutdown_ret;
+               SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN;
+               BOOL can_shutdown;
+               
+               can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown );
+               
+               /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+               if ( can_shutdown )
+                       become_root();
                 abort_shutdown_ret = smbrun(abort_shutdown_script,NULL);
                 DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret));
+               if ( can_shutdown )
+                       unbecome_root();
+               /********** END SeRemoteShutdownPrivilege BLOCK **********/
+               
         }
  
         return status;
author	Gerald Carter <jerry@samba.org>
	Tue, 18 Jan 2005 18:30:32 +0000 (18:30 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 15:53:56 +0000 (10:53 -0500)