mirror of
https://github.com/samba-team/samba.git
synced 2024-12-28 07:21:54 +03:00
a60c7b4ff2
This is a become_root user callout that I have never seen in use in more than 20 years of Samba. Why disable now? In the next commit I need to make a change to initializing the registry values for services, the svcctl service won't be able to do registry transactions anymore. I'm not sure that going without transactions is 100% safe in all failure cases, so I decided to propose disabling the problematic code that might lead to security issues. One fix might be to add a lot more validation code to _svcctl_OpenServiceW() to see whether the registry values underlying the service are sane. Yes, this is technical debt, but I would question that starting unix daemons via DCERPC used at all out there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
151 lines
4.0 KiB
C
151 lines
4.0 KiB
C
/*
|
|
* Unix SMB/CIFS implementation.
|
|
* Service Control API Implementation
|
|
* Copyright (C) Gerald Carter 2005.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include "services/services.h"
|
|
|
|
/*********************************************************************
|
|
*********************************************************************/
|
|
|
|
static WERROR rcinit_stop( const char *service, struct SERVICE_STATUS *status )
|
|
{
|
|
int ret = -1;
|
|
|
|
/*
|
|
* Disabled due to security concerns and unknown use in the
|
|
* field -- vl@samba.org
|
|
*/
|
|
#if 0
|
|
char *command = NULL;
|
|
int fd;
|
|
|
|
if (asprintf(&command, "%s/%s/%s stop",
|
|
get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) {
|
|
return WERR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
/* we've already performed the access check when the service was opened */
|
|
|
|
become_root();
|
|
ret = smbrun(command, &fd, NULL);
|
|
unbecome_root();
|
|
|
|
DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret));
|
|
close(fd);
|
|
|
|
SAFE_FREE(command);
|
|
|
|
ZERO_STRUCTP( status );
|
|
|
|
status->type = SERVICE_TYPE_WIN32_SHARE_PROCESS;
|
|
status->state = (ret == 0 ) ? SVCCTL_STOPPED : SVCCTL_RUNNING;
|
|
status->controls_accepted = SVCCTL_ACCEPT_STOP |
|
|
SVCCTL_ACCEPT_SHUTDOWN;
|
|
#endif
|
|
return ( ret == 0 ) ? WERR_OK : WERR_ACCESS_DENIED;
|
|
}
|
|
|
|
/*********************************************************************
|
|
*********************************************************************/
|
|
|
|
static WERROR rcinit_start( const char *service )
|
|
{
|
|
int ret = -1;
|
|
/*
|
|
* Disabled due to security concerns and unknown use in the
|
|
* field -- vl@samba.org
|
|
*/
|
|
#if 0
|
|
char *command = NULL;
|
|
int fd;
|
|
|
|
if (asprintf(&command, "%s/%s/%s start",
|
|
get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) {
|
|
return WERR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
/* we've already performed the access check when the service was opened */
|
|
|
|
become_root();
|
|
ret = smbrun(command, &fd, NULL);
|
|
unbecome_root();
|
|
|
|
DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret));
|
|
close(fd);
|
|
|
|
SAFE_FREE(command);
|
|
#endif
|
|
return ( ret == 0 ) ? WERR_OK : WERR_ACCESS_DENIED;
|
|
}
|
|
|
|
/*********************************************************************
|
|
*********************************************************************/
|
|
|
|
static WERROR rcinit_status( const char *service, struct SERVICE_STATUS *status )
|
|
{
|
|
/*
|
|
* Disabled due to security concerns and unknown use in the
|
|
* field -- vl@samba.org
|
|
*/
|
|
#if 0
|
|
char *command = NULL;
|
|
int ret, fd;
|
|
|
|
if (asprintf(&command, "%s/%s/%s status",
|
|
get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) {
|
|
return WERR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
/* we've already performed the access check when the service was opened */
|
|
/* assume as return code of 0 means that the service is ok. Anything else
|
|
is STOPPED */
|
|
|
|
become_root();
|
|
ret = smbrun(command, &fd, NULL);
|
|
unbecome_root();
|
|
|
|
DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret));
|
|
close(fd);
|
|
|
|
SAFE_FREE(command);
|
|
|
|
ZERO_STRUCTP( status );
|
|
|
|
status->type = SERVICE_TYPE_WIN32_SHARE_PROCESS;
|
|
status->state = (ret == 0 ) ? SVCCTL_RUNNING : SVCCTL_STOPPED;
|
|
status->controls_accepted = SVCCTL_ACCEPT_STOP |
|
|
SVCCTL_ACCEPT_SHUTDOWN;
|
|
|
|
return WERR_OK;
|
|
#else
|
|
return WERR_ACCESS_DENIED;
|
|
#endif
|
|
}
|
|
|
|
/*********************************************************************
|
|
*********************************************************************/
|
|
|
|
/* struct for svcctl control to manipulate rcinit service */
|
|
|
|
SERVICE_CONTROL_OPS rcinit_svc_ops = {
|
|
rcinit_stop,
|
|
rcinit_start,
|
|
rcinit_status
|
|
};
|