From 6c768c909e82badcccf44c03fb522e5a72260b74 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Thu, 4 Mar 2010 13:43:29 +0100 Subject: [PATCH] s3-net_sam: Bug 7125: Do not segfault when called as non-privileged user. Karolin --- source3/utils/net_sam.c | 186 +++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 181 insertions(+), 5 deletions(-) diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 6e3ccfe..dbc72a5 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -43,6 +43,12 @@ static int net_sam_userset(struct net_context *c, int argc, const char **argv, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user settings.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -86,6 +92,12 @@ static int net_sam_userset(struct net_context *c, int argc, const char **argv, static int net_sam_set_fullname(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user attributes.\n")); + return -1; + } + return net_sam_userset(c, argc, argv, "fullname", pdb_set_fullname); } @@ -93,6 +105,12 @@ static int net_sam_set_fullname(struct net_context *c, int argc, static int net_sam_set_logonscript(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user attributes.\n")); + return -1; + } + return net_sam_userset(c, argc, argv, "logonscript", pdb_set_logon_script); } @@ -100,6 +118,12 @@ static int net_sam_set_logonscript(struct net_context *c, int argc, static int net_sam_set_profilepath(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user attributes.\n")); + return -1; + } + return net_sam_userset(c, argc, argv, "profilepath", pdb_set_profile_path); } @@ -107,6 +131,12 @@ static int net_sam_set_profilepath(struct net_context *c, int argc, static int net_sam_set_homedrive(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user attributes.\n")); + return -1; + } + return net_sam_userset(c, argc, argv, "homedrive", pdb_set_dir_drive); } @@ -114,6 +144,12 @@ static int net_sam_set_homedrive(struct net_context *c, int argc, static int net_sam_set_homedir(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user attributes.\n")); + return -1; + } + return net_sam_userset(c, argc, argv, "homedir", pdb_set_homedir); } @@ -121,6 +157,12 @@ static int net_sam_set_homedir(struct net_context *c, int argc, static int net_sam_set_workstations(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to change user attributes.\n")); + return -1; + } + return net_sam_userset(c, argc, argv, "workstations", pdb_set_workstations); } @@ -149,6 +191,12 @@ static int net_sam_set_userflag(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to set user flags.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -241,6 +289,12 @@ static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to set pwdmustchangenow.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -305,6 +359,12 @@ static int net_sam_set_comment(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to set a comment.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -470,6 +530,12 @@ static int net_sam_policy_set(struct net_context *c, int argc, const char **argv return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to set account policy values.\n")); + return -1; + } + account_policy = argv[0]; field = account_policy_name_to_typenum(account_policy); @@ -537,6 +603,12 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to show account policy values.\n")); + return -1; + } + account_policy = argv[0]; field = account_policy_name_to_typenum(account_policy); @@ -701,6 +773,12 @@ static int net_sam_rights_grant(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to grant rights.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -740,6 +818,12 @@ static int net_sam_rights_revoke(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to revoke rights.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -868,6 +952,12 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to map Unix groups.\n")); + return -1; + } + grp = getgrnam(argv[0]); if (grp == NULL) { d_fprintf(stderr, _("Could not find group %s\n"), argv[0]); @@ -932,6 +1022,12 @@ static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char ** return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to unmap Unix groups.\n")); + return -1; + } + grp = getgrnam(argv[0]); if (grp == NULL) { d_fprintf(stderr, _("Could not find mapping for group %s.\n"), @@ -969,6 +1065,12 @@ static int net_sam_createdomaingroup(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to create domain groups.\n")); + return -1; + } + status = pdb_create_dom_group(talloc_tos(), argv[0], &rid); if (!NT_STATUS_IS_OK(status)) { @@ -1002,6 +1104,12 @@ static int net_sam_deletedomaingroup(struct net_context *c, int argc, return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to delete local groups.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find %s.\n"), argv[0]); @@ -1045,6 +1153,12 @@ static int net_sam_createlocalgroup(struct net_context *c, int argc, const char return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to create local groups.\n")); + return -1; + } + if (!winbind_ping()) { d_fprintf(stderr, _("winbind seems not to run. " "createlocalgroup only works when winbind runs.\n")); @@ -1082,6 +1196,13 @@ static int net_sam_deletelocalgroup(struct net_context *c, int argc, const char return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to delete local groups.\n")); + return -1; + } + + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr,_("Could not find %s.\n"), argv[0]); @@ -1126,6 +1247,12 @@ static int net_sam_createbuiltingroup(struct net_context *c, int argc, const cha return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to create builtin groups.\n")); + return -1; + } + if (!winbind_ping()) { d_fprintf(stderr, _("winbind seems not to run. " "createbuiltingroup only works when winbind " @@ -1180,6 +1307,12 @@ static int net_sam_addmem(struct net_context *c, int argc, const char **argv) return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to add members to groups.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, _("Could not find group %s\n"), argv[0]); @@ -1269,6 +1402,12 @@ static int net_sam_delmem(struct net_context *c, int argc, const char **argv) return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to delete members from groups.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, _("Could not find group %s\n"), argv[0]); @@ -1343,6 +1482,12 @@ static int net_sam_listmem(struct net_context *c, int argc, const char **argv) return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to list group members.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &groupdomain, &groupname, &group, &grouptype)) { d_fprintf(stderr, _("Could not find group %s\n"), argv[0]); @@ -1445,6 +1590,12 @@ static int net_sam_do_list(struct net_context *c, int argc, const char **argv, static int net_sam_list_users(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to list users.\n")); + return -1; + } + return net_sam_do_list(c, argc, argv, pdb_search_users(talloc_tos(), ACB_NORMAL), "users"); @@ -1453,6 +1604,12 @@ static int net_sam_list_users(struct net_context *c, int argc, static int net_sam_list_groups(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to list groups.\n")); + return -1; + } + return net_sam_do_list(c, argc, argv, pdb_search_groups(talloc_tos()), "groups"); } @@ -1460,6 +1617,12 @@ static int net_sam_list_groups(struct net_context *c, int argc, static int net_sam_list_localgroups(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to list local groups.\n")); + return -1; + } + return net_sam_do_list(c, argc, argv, pdb_search_aliases(talloc_tos(), get_global_sam_sid()), @@ -1469,6 +1632,12 @@ static int net_sam_list_localgroups(struct net_context *c, int argc, static int net_sam_list_builtin(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to list builtin groups.\n")); + return -1; + } + return net_sam_do_list(c, argc, argv, pdb_search_aliases(talloc_tos(), &global_sid_Builtin), @@ -1478,6 +1647,12 @@ static int net_sam_list_builtin(struct net_context *c, int argc, static int net_sam_list_workstations(struct net_context *c, int argc, const char **argv) { + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to list workstations.\n")); + return -1; + } + return net_sam_do_list(c, argc, argv, pdb_search_users(talloc_tos(), ACB_WSTRUST), "workstations"); @@ -1553,6 +1728,12 @@ static int net_sam_show(struct net_context *c, int argc, const char **argv) return -1; } + if (getuid() != 0) { + d_fprintf(stderr, _("You need to be root " + "to show account information.\n")); + return -1; + } + if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL, &dom, &name, &sid, &type)) { d_fprintf(stderr, _("Could not find name %s\n"), argv[0]); @@ -2139,11 +2320,6 @@ int net_sam(struct net_context *c, int argc, const char **argv) {NULL, NULL, 0, NULL, NULL} }; - if (getuid() != 0) { - d_fprintf(stderr, _("You are not root, most things won't " - "work\n")); - } - return net_run_function(c, argc, argv, "net sam", func); } -- 1.6.4.2