2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
7 * Largely Rewritten (Again) by:
8 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * Copyright (C) Guenther Deschner 2008,2009.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "../librpc/gen_ndr/srv_svcctl.h"
27 #include "../libcli/security/security.h"
28 #include "../librpc/gen_ndr/ndr_security.h"
29 #include "services/services.h"
30 #include "services/svc_winreg_glue.h"
35 #define DBGC_CLASS DBGC_RPC_SRV
37 struct service_control_op {
39 SERVICE_CONTROL_OPS *ops;
42 /* handle external services */
43 extern SERVICE_CONTROL_OPS rcinit_svc_ops;
45 /* builtin services (see service_db.c and services/svc_*.c */
46 extern SERVICE_CONTROL_OPS spoolss_svc_ops;
47 extern SERVICE_CONTROL_OPS netlogon_svc_ops;
48 extern SERVICE_CONTROL_OPS winreg_svc_ops;
49 extern SERVICE_CONTROL_OPS wins_svc_ops;
51 /* make sure this number patches the number of builtin
52 SERVICE_CONTROL_OPS structure listed above */
54 #define SVCCTL_NUM_INTERNAL_SERVICES 4
56 struct service_control_op *svcctl_ops;
58 static const struct generic_mapping scm_generic_map =
59 { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
60 static const struct generic_mapping svc_generic_map =
61 { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
64 /********************************************************************
65 ********************************************************************/
67 bool init_service_op_table( void )
69 const char **service_list = lp_svcctl_list();
70 int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_length( service_list );
73 if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
74 DEBUG(0,("init_service_op_table: talloc() failed!\n"));
78 /* services listed in smb.conf get the rc.init interface */
80 for ( i=0; service_list && service_list[i]; i++ ) {
81 svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
82 svcctl_ops[i].ops = &rcinit_svc_ops;
85 /* add builtin services */
87 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
88 svcctl_ops[i].ops = &spoolss_svc_ops;
91 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
92 svcctl_ops[i].ops = &netlogon_svc_ops;
95 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
96 svcctl_ops[i].ops = &winreg_svc_ops;
99 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
100 svcctl_ops[i].ops = &wins_svc_ops;
103 /* NULL terminate the array */
105 svcctl_ops[i].name = NULL;
106 svcctl_ops[i].ops = NULL;
111 bool shutdown_service_op_table(void)
113 TALLOC_FREE(svcctl_ops);
118 /********************************************************************
119 ********************************************************************/
121 static struct service_control_op* find_service_by_name( const char *name )
125 for ( i=0; svcctl_ops[i].name; i++ ) {
126 if ( strequal( name, svcctl_ops[i].name ) )
127 return &svcctl_ops[i];
132 /********************************************************************
133 ********************************************************************/
135 static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token,
136 uint32 access_desired, uint32 *access_granted )
138 if ( geteuid() == sec_initial_uid() ) {
139 DEBUG(5,("svcctl_access_check: using root's token\n"));
140 token = get_root_nt_token();
143 return se_access_check( sec_desc, token, access_desired, access_granted);
146 /********************************************************************
147 ********************************************************************/
149 static struct security_descriptor* construct_scm_sd( TALLOC_CTX *ctx )
151 struct security_ace ace[2];
153 struct security_descriptor *sd;
154 struct security_acl *theacl;
157 /* basic access for Everyone */
159 init_sec_ace(&ace[i++], &global_sid_World,
160 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
162 /* Full Access 'BUILTIN\Administrators' */
164 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
165 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
168 /* create the security descriptor */
170 if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
173 if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
174 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
181 /******************************************************************
182 Find a registry key handle and return a SERVICE_INFO
183 *****************************************************************/
185 static SERVICE_INFO *find_service_info_by_hnd(struct pipes_struct *p,
186 struct policy_handle *hnd)
188 SERVICE_INFO *service_info = NULL;
190 if( !find_policy_by_hnd( p, hnd, (void **)(void *)&service_info) ) {
191 DEBUG(2,("find_service_info_by_hnd: handle not found\n"));
198 /******************************************************************
199 *****************************************************************/
201 static WERROR create_open_service_handle(struct pipes_struct *p,
202 struct policy_handle *handle,
205 uint32_t access_granted)
207 SERVICE_INFO *info = NULL;
208 WERROR result = WERR_OK;
209 struct service_control_op *s_op;
211 if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
214 /* the Service Manager has a NULL name */
216 info->type = SVC_HANDLE_IS_SCM;
219 case SVC_HANDLE_IS_SCM:
220 info->type = SVC_HANDLE_IS_SCM;
223 case SVC_HANDLE_IS_DBLOCK:
224 info->type = SVC_HANDLE_IS_DBLOCK;
227 case SVC_HANDLE_IS_SERVICE:
228 info->type = SVC_HANDLE_IS_SERVICE;
230 /* lookup the SERVICE_CONTROL_OPS */
232 if ( !(s_op = find_service_by_name( service )) ) {
233 result = WERR_NO_SUCH_SERVICE;
237 info->ops = s_op->ops;
239 if ( !(info->name = talloc_strdup( info, s_op->name )) ) {
246 result = WERR_NO_SUCH_SERVICE;
250 info->access_granted = access_granted;
252 /* store the SERVICE_INFO and create an open handle */
254 if ( !create_policy_hnd( p, handle, info ) ) {
255 result = WERR_ACCESS_DENIED;
260 if ( !W_ERROR_IS_OK(result) )
266 /********************************************************************
267 _svcctl_OpenSCManagerW
268 ********************************************************************/
270 WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
271 struct svcctl_OpenSCManagerW *r)
273 struct security_descriptor *sec_desc;
274 uint32 access_granted = 0;
277 /* perform access checks */
279 if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
282 se_map_generic( &r->in.access_mask, &scm_generic_map );
283 status = svcctl_access_check( sec_desc, p->session_info->security_token,
284 r->in.access_mask, &access_granted );
285 if ( !NT_STATUS_IS_OK(status) )
286 return ntstatus_to_werror( status );
288 return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
291 /********************************************************************
293 ********************************************************************/
295 WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
296 struct svcctl_OpenServiceW *r)
298 struct security_descriptor *sec_desc;
299 uint32 access_granted = 0;
301 const char *service = NULL;
303 service = r->in.ServiceName;
307 DEBUG(5, ("_svcctl_OpenServiceW: Attempting to open Service [%s], \n", service));
309 /* based on my tests you can open a service if you have a valid scm handle */
311 if ( !find_service_info_by_hnd( p, r->in.scmanager_handle) )
315 * Perform access checks. Use the system session_info in order to ensure
316 * that we retrieve the security descriptor
318 sec_desc = svcctl_get_secdesc(p->mem_ctx,
320 get_session_info_system(),
322 if (sec_desc == NULL) {
323 DEBUG(0, ("_svcctl_OpenServiceW: Failed to get a valid security "
328 se_map_generic( &r->in.access_mask, &svc_generic_map );
329 status = svcctl_access_check( sec_desc, p->session_info->security_token,
330 r->in.access_mask, &access_granted );
331 if ( !NT_STATUS_IS_OK(status) )
332 return ntstatus_to_werror( status );
334 return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
337 /********************************************************************
338 _svcctl_CloseServiceHandle
339 ********************************************************************/
341 WERROR _svcctl_CloseServiceHandle(struct pipes_struct *p,
342 struct svcctl_CloseServiceHandle *r)
344 if ( !close_policy_hnd( p, r->in.handle ) )
347 ZERO_STRUCTP(r->out.handle);
352 /********************************************************************
353 _svcctl_GetServiceDisplayNameW
354 ********************************************************************/
356 WERROR _svcctl_GetServiceDisplayNameW(struct pipes_struct *p,
357 struct svcctl_GetServiceDisplayNameW *r)
360 const char *display_name;
361 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
363 /* can only use an SCM handle here */
365 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
368 service = r->in.service_name;
370 display_name = svcctl_lookup_dispname(p->mem_ctx,
378 *r->out.display_name = display_name;
379 *r->out.display_name_length = strlen(display_name);
384 /********************************************************************
385 _svcctl_QueryServiceStatus
386 ********************************************************************/
388 WERROR _svcctl_QueryServiceStatus(struct pipes_struct *p,
389 struct svcctl_QueryServiceStatus *r)
391 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
393 /* perform access checks */
395 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
398 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
399 return WERR_ACCESS_DENIED;
401 /* try the service specific status call */
403 return info->ops->service_status( info->name, r->out.service_status );
406 /********************************************************************
407 ********************************************************************/
409 static int enumerate_status(TALLOC_CTX *ctx,
410 struct messaging_context *msg_ctx,
411 struct auth_serversupplied_info *session_info,
412 struct ENUM_SERVICE_STATUSW **status)
414 int num_services = 0;
416 struct ENUM_SERVICE_STATUSW *st;
417 const char *display_name;
420 while ( svcctl_ops[num_services].name )
423 if ( !(st = TALLOC_ARRAY( ctx, struct ENUM_SERVICE_STATUSW, num_services )) ) {
424 DEBUG(0,("enumerate_status: talloc() failed!\n"));
428 for ( i=0; i<num_services; i++ ) {
429 st[i].service_name = talloc_strdup(st, svcctl_ops[i].name );
431 display_name = svcctl_lookup_dispname(ctx,
435 st[i].display_name = talloc_strdup(st, display_name ? display_name : "");
437 svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
445 /********************************************************************
446 _svcctl_EnumServicesStatusW
447 ********************************************************************/
449 WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p,
450 struct svcctl_EnumServicesStatusW *r)
452 struct ENUM_SERVICE_STATUSW *services = NULL;
455 size_t buffer_size = 0;
456 WERROR result = WERR_OK;
457 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
458 DATA_BLOB blob = data_blob_null;
460 /* perform access checks */
462 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
465 if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
466 return WERR_ACCESS_DENIED;
469 num_services = enumerate_status(p->mem_ctx,
473 if (num_services == -1 ) {
477 for ( i=0; i<num_services; i++ ) {
478 buffer_size += ndr_size_ENUM_SERVICE_STATUSW(&services[i], 0);
481 buffer_size += buffer_size % 4;
483 if (buffer_size > r->in.offered) {
485 result = WERR_MORE_DATA;
488 if ( W_ERROR_IS_OK(result) ) {
490 enum ndr_err_code ndr_err;
491 struct ndr_push *ndr;
493 ndr = ndr_push_init_ctx(p->mem_ctx);
495 return WERR_INVALID_PARAM;
498 ndr_err = ndr_push_ENUM_SERVICE_STATUSW_array(
499 ndr, num_services, services);
500 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
501 return ntstatus_to_werror(ndr_map_error2ntstatus(ndr_err));
503 blob = ndr_push_blob(ndr);
504 memcpy(r->out.service, blob.data, MIN(blob.length, r->in.offered));
507 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
508 *r->out.services_returned = (uint32)num_services;
509 if (r->out.resume_handle) {
510 *r->out.resume_handle = 0;
516 /********************************************************************
517 _svcctl_StartServiceW
518 ********************************************************************/
520 WERROR _svcctl_StartServiceW(struct pipes_struct *p,
521 struct svcctl_StartServiceW *r)
523 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
525 /* perform access checks */
527 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
530 if ( !(info->access_granted & SC_RIGHT_SVC_START) )
531 return WERR_ACCESS_DENIED;
533 return info->ops->start_service( info->name );
536 /********************************************************************
537 _svcctl_ControlService
538 ********************************************************************/
540 WERROR _svcctl_ControlService(struct pipes_struct *p,
541 struct svcctl_ControlService *r)
543 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
545 /* perform access checks */
547 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
550 switch ( r->in.control ) {
551 case SVCCTL_CONTROL_STOP:
552 if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
553 return WERR_ACCESS_DENIED;
555 return info->ops->stop_service( info->name,
556 r->out.service_status );
558 case SVCCTL_CONTROL_INTERROGATE:
559 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
560 return WERR_ACCESS_DENIED;
562 return info->ops->service_status( info->name,
563 r->out.service_status );
565 return WERR_INVALID_PARAM;
569 /********************************************************************
570 _svcctl_EnumDependentServicesW
571 ********************************************************************/
573 WERROR _svcctl_EnumDependentServicesW(struct pipes_struct *p,
574 struct svcctl_EnumDependentServicesW *r)
576 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.service );
578 /* perform access checks */
580 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
583 if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
584 return WERR_ACCESS_DENIED;
586 switch (r->in.state) {
587 case SERVICE_STATE_ACTIVE:
588 case SERVICE_STATE_INACTIVE:
589 case SERVICE_STATE_ALL:
592 return WERR_INVALID_PARAM;
595 /* we have to set the outgoing buffer size to the same as the
596 incoming buffer size (even in the case of failure */
597 /* this is done in the autogenerated server already - gd */
599 *r->out.needed = r->in.offered;
601 /* no dependent services...basically a stub function */
602 *r->out.services_returned = 0;
607 /********************************************************************
608 _svcctl_QueryServiceStatusEx
609 ********************************************************************/
611 WERROR _svcctl_QueryServiceStatusEx(struct pipes_struct *p,
612 struct svcctl_QueryServiceStatusEx *r)
614 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
617 /* perform access checks */
619 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
622 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
623 return WERR_ACCESS_DENIED;
625 /* we have to set the outgoing buffer size to the same as the
626 incoming buffer size (even in the case of failure) */
627 *r->out.needed = r->in.offered;
629 switch ( r->in.info_level ) {
630 case SVC_STATUS_PROCESS_INFO:
632 struct SERVICE_STATUS_PROCESS svc_stat_proc;
633 enum ndr_err_code ndr_err;
636 /* Get the status of the service.. */
637 info->ops->service_status( info->name, &svc_stat_proc.status );
638 svc_stat_proc.process_id = sys_getpid();
639 svc_stat_proc.service_flags = 0x0;
641 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &svc_stat_proc,
642 (ndr_push_flags_fn_t)ndr_push_SERVICE_STATUS_PROCESS);
643 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
644 return WERR_INVALID_PARAM;
647 r->out.buffer = blob.data;
648 buffer_size = sizeof(struct SERVICE_STATUS_PROCESS);
653 return WERR_UNKNOWN_LEVEL;
657 buffer_size += buffer_size % 4;
658 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
660 if (buffer_size > r->in.offered ) {
661 return WERR_INSUFFICIENT_BUFFER;
667 /********************************************************************
668 ********************************************************************/
670 static WERROR fill_svc_config(TALLOC_CTX *ctx,
671 struct messaging_context *msg_ctx,
672 struct auth_serversupplied_info *session_info,
674 struct QUERY_SERVICE_CONFIG *config)
676 TALLOC_CTX *mem_ctx = talloc_stackframe();
677 const char *result = NULL;
679 /* now fill in the individual values */
681 config->displayname = svcctl_lookup_dispname(mem_ctx,
686 result = svcctl_get_string_value(mem_ctx,
691 if (result != NULL) {
692 config->startname = result;
695 result = svcctl_get_string_value(mem_ctx,
700 if (result != NULL) {
701 config->executablepath = result;
704 /* a few hard coded values */
705 /* loadordergroup and dependencies are empty */
707 config->tag_id = 0x00000000; /* unassigned loadorder group */
708 config->service_type = SERVICE_TYPE_WIN32_OWN_PROCESS;
709 config->error_control = SVCCTL_SVC_ERROR_NORMAL;
711 /* set the start type. NetLogon and WINS are disabled to prevent
712 the client from showing the "Start" button (if of course the services
715 if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) )
716 config->start_type = SVCCTL_DISABLED;
717 else if ( strequal( name, "WINS" ) && ( !lp_wins_support() ))
718 config->start_type = SVCCTL_DISABLED;
720 config->start_type = SVCCTL_DEMAND_START;
723 talloc_free(mem_ctx);
728 /********************************************************************
729 _svcctl_QueryServiceConfigW
730 ********************************************************************/
732 WERROR _svcctl_QueryServiceConfigW(struct pipes_struct *p,
733 struct svcctl_QueryServiceConfigW *r)
735 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
739 /* perform access checks */
741 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
744 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
745 return WERR_ACCESS_DENIED;
747 /* we have to set the outgoing buffer size to the same as the
748 incoming buffer size (even in the case of failure */
750 *r->out.needed = r->in.offered;
752 wresult = fill_svc_config(p->mem_ctx,
757 if ( !W_ERROR_IS_OK(wresult) )
760 buffer_size = ndr_size_QUERY_SERVICE_CONFIG(r->out.query, 0);
761 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
763 if (buffer_size > r->in.offered ) {
764 ZERO_STRUCTP(r->out.query);
765 return WERR_INSUFFICIENT_BUFFER;
771 /********************************************************************
772 _svcctl_QueryServiceConfig2W
773 ********************************************************************/
775 WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
776 struct svcctl_QueryServiceConfig2W *r)
778 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
781 /* perform access checks */
783 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
786 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
787 return WERR_ACCESS_DENIED;
789 /* we have to set the outgoing buffer size to the same as the
790 incoming buffer size (even in the case of failure */
791 *r->out.needed = r->in.offered;
793 switch ( r->in.info_level ) {
794 case SERVICE_CONFIG_DESCRIPTION:
796 struct SERVICE_DESCRIPTION desc_buf;
797 const char *description;
798 enum ndr_err_code ndr_err;
801 description = svcctl_lookup_description(p->mem_ctx,
806 desc_buf.description = description;
808 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &desc_buf,
809 (ndr_push_flags_fn_t)ndr_push_SERVICE_DESCRIPTION);
810 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
811 return WERR_INVALID_PARAM;
814 buffer_size = ndr_size_SERVICE_DESCRIPTION(&desc_buf, 0);
815 r->out.buffer = blob.data;
820 case SERVICE_CONFIG_FAILURE_ACTIONS:
822 struct SERVICE_FAILURE_ACTIONS actions;
823 enum ndr_err_code ndr_err;
826 /* nothing to say...just service the request */
828 ZERO_STRUCT( actions );
830 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &actions,
831 (ndr_push_flags_fn_t)ndr_push_SERVICE_FAILURE_ACTIONS);
832 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
833 return WERR_INVALID_PARAM;
836 buffer_size = ndr_size_SERVICE_FAILURE_ACTIONS(&actions, 0);
837 r->out.buffer = blob.data;
844 return WERR_UNKNOWN_LEVEL;
847 buffer_size += buffer_size % 4;
848 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
850 if (buffer_size > r->in.offered)
851 return WERR_INSUFFICIENT_BUFFER;
856 /********************************************************************
857 _svcctl_LockServiceDatabase
858 ********************************************************************/
860 WERROR _svcctl_LockServiceDatabase(struct pipes_struct *p,
861 struct svcctl_LockServiceDatabase *r)
863 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
865 /* perform access checks */
867 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
870 if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
871 return WERR_ACCESS_DENIED;
873 /* Just open a handle. Doesn't actually lock anything */
875 return create_open_service_handle( p, r->out.lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
878 /********************************************************************
879 _svcctl_UnlockServiceDatabase
880 ********************************************************************/
882 WERROR _svcctl_UnlockServiceDatabase(struct pipes_struct *p,
883 struct svcctl_UnlockServiceDatabase *r)
885 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.lock );
888 if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
891 return close_policy_hnd( p, r->out.lock) ? WERR_OK : WERR_BADFID;
894 /********************************************************************
895 _svcctl_QueryServiceObjectSecurity
896 ********************************************************************/
898 WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
899 struct svcctl_QueryServiceObjectSecurity *r)
901 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
902 struct security_descriptor *sec_desc;
904 uint8_t *buffer = NULL;
908 /* only support the SCM and individual services */
910 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
913 /* check access reights (according to MSDN) */
915 if ( !(info->access_granted & SEC_STD_READ_CONTROL) )
916 return WERR_ACCESS_DENIED;
918 /* TODO: handle something besides SECINFO_DACL */
920 if ( (r->in.security_flags & SECINFO_DACL) != SECINFO_DACL )
921 return WERR_INVALID_PARAM;
923 /* Lookup the security descriptor and marshall it up for a reply */
924 sec_desc = svcctl_get_secdesc(p->mem_ctx,
926 get_session_info_system(),
928 if (sec_desc == NULL) {
932 *r->out.needed = ndr_size_security_descriptor(sec_desc, 0);
934 if ( *r->out.needed > r->in.offered) {
935 return WERR_INSUFFICIENT_BUFFER;
938 status = marshall_sec_desc(p->mem_ctx, sec_desc, &buffer, &len);
939 if (!NT_STATUS_IS_OK(status)) {
940 return ntstatus_to_werror(status);
943 *r->out.needed = len;
944 r->out.buffer = buffer;
949 /********************************************************************
950 _svcctl_SetServiceObjectSecurity
951 ********************************************************************/
953 WERROR _svcctl_SetServiceObjectSecurity(struct pipes_struct *p,
954 struct svcctl_SetServiceObjectSecurity *r)
956 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
957 struct security_descriptor *sec_desc = NULL;
958 uint32 required_access;
961 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
964 /* can't set the security de4scriptor on the ServiceControlManager */
966 if ( info->type == SVC_HANDLE_IS_SCM )
967 return WERR_ACCESS_DENIED;
969 /* check the access on the open handle */
971 switch ( r->in.security_flags ) {
973 required_access = SEC_STD_WRITE_DAC;
978 required_access = SEC_STD_WRITE_OWNER;
982 return WERR_INVALID_PARAM;
984 return WERR_INVALID_PARAM;
987 if ( !(info->access_granted & required_access) )
988 return WERR_ACCESS_DENIED;
990 /* read the security descfriptor */
992 status = unmarshall_sec_desc(p->mem_ctx,
996 if (!NT_STATUS_IS_OK(status)) {
997 return ntstatus_to_werror(status);
1000 /* store the new SD */
1002 if (!svcctl_set_secdesc(p->msg_ctx, p->session_info, info->name, sec_desc))
1003 return WERR_ACCESS_DENIED;
1009 WERROR _svcctl_DeleteService(struct pipes_struct *p,
1010 struct svcctl_DeleteService *r)
1012 p->rng_fault_state = True;
1013 return WERR_NOT_SUPPORTED;
1016 WERROR _svcctl_SetServiceStatus(struct pipes_struct *p,
1017 struct svcctl_SetServiceStatus *r)
1019 p->rng_fault_state = True;
1020 return WERR_NOT_SUPPORTED;
1023 WERROR _svcctl_NotifyBootConfigStatus(struct pipes_struct *p,
1024 struct svcctl_NotifyBootConfigStatus *r)
1026 p->rng_fault_state = True;
1027 return WERR_NOT_SUPPORTED;
1030 WERROR _svcctl_SCSetServiceBitsW(struct pipes_struct *p,
1031 struct svcctl_SCSetServiceBitsW *r)
1033 p->rng_fault_state = True;
1034 return WERR_NOT_SUPPORTED;
1037 WERROR _svcctl_ChangeServiceConfigW(struct pipes_struct *p,
1038 struct svcctl_ChangeServiceConfigW *r)
1040 p->rng_fault_state = True;
1041 return WERR_NOT_SUPPORTED;
1044 WERROR _svcctl_CreateServiceW(struct pipes_struct *p,
1045 struct svcctl_CreateServiceW *r)
1047 p->rng_fault_state = True;
1048 return WERR_NOT_SUPPORTED;
1051 WERROR _svcctl_QueryServiceLockStatusW(struct pipes_struct *p,
1052 struct svcctl_QueryServiceLockStatusW *r)
1054 p->rng_fault_state = True;
1055 return WERR_NOT_SUPPORTED;
1058 WERROR _svcctl_GetServiceKeyNameW(struct pipes_struct *p,
1059 struct svcctl_GetServiceKeyNameW *r)
1061 p->rng_fault_state = True;
1062 return WERR_NOT_SUPPORTED;
1065 WERROR _svcctl_SCSetServiceBitsA(struct pipes_struct *p,
1066 struct svcctl_SCSetServiceBitsA *r)
1068 p->rng_fault_state = True;
1069 return WERR_NOT_SUPPORTED;
1072 WERROR _svcctl_ChangeServiceConfigA(struct pipes_struct *p,
1073 struct svcctl_ChangeServiceConfigA *r)
1075 p->rng_fault_state = True;
1076 return WERR_NOT_SUPPORTED;
1079 WERROR _svcctl_CreateServiceA(struct pipes_struct *p,
1080 struct svcctl_CreateServiceA *r)
1082 p->rng_fault_state = True;
1083 return WERR_NOT_SUPPORTED;
1086 WERROR _svcctl_EnumDependentServicesA(struct pipes_struct *p,
1087 struct svcctl_EnumDependentServicesA *r)
1089 p->rng_fault_state = True;
1090 return WERR_NOT_SUPPORTED;
1093 WERROR _svcctl_EnumServicesStatusA(struct pipes_struct *p,
1094 struct svcctl_EnumServicesStatusA *r)
1096 p->rng_fault_state = True;
1097 return WERR_NOT_SUPPORTED;
1100 WERROR _svcctl_OpenSCManagerA(struct pipes_struct *p,
1101 struct svcctl_OpenSCManagerA *r)
1103 p->rng_fault_state = True;
1104 return WERR_NOT_SUPPORTED;
1107 WERROR _svcctl_OpenServiceA(struct pipes_struct *p,
1108 struct svcctl_OpenServiceA *r)
1110 p->rng_fault_state = True;
1111 return WERR_NOT_SUPPORTED;
1114 WERROR _svcctl_QueryServiceConfigA(struct pipes_struct *p,
1115 struct svcctl_QueryServiceConfigA *r)
1117 p->rng_fault_state = True;
1118 return WERR_NOT_SUPPORTED;
1121 WERROR _svcctl_QueryServiceLockStatusA(struct pipes_struct *p,
1122 struct svcctl_QueryServiceLockStatusA *r)
1124 p->rng_fault_state = True;
1125 return WERR_NOT_SUPPORTED;
1128 WERROR _svcctl_StartServiceA(struct pipes_struct *p,
1129 struct svcctl_StartServiceA *r)
1131 p->rng_fault_state = True;
1132 return WERR_NOT_SUPPORTED;
1135 WERROR _svcctl_GetServiceDisplayNameA(struct pipes_struct *p,
1136 struct svcctl_GetServiceDisplayNameA *r)
1138 p->rng_fault_state = True;
1139 return WERR_NOT_SUPPORTED;
1142 WERROR _svcctl_GetServiceKeyNameA(struct pipes_struct *p,
1143 struct svcctl_GetServiceKeyNameA *r)
1145 p->rng_fault_state = True;
1146 return WERR_NOT_SUPPORTED;
1149 WERROR _svcctl_GetCurrentGroupeStateW(struct pipes_struct *p,
1150 struct svcctl_GetCurrentGroupeStateW *r)
1152 p->rng_fault_state = True;
1153 return WERR_NOT_SUPPORTED;
1156 WERROR _svcctl_EnumServiceGroupW(struct pipes_struct *p,
1157 struct svcctl_EnumServiceGroupW *r)
1159 p->rng_fault_state = True;
1160 return WERR_NOT_SUPPORTED;
1163 WERROR _svcctl_ChangeServiceConfig2A(struct pipes_struct *p,
1164 struct svcctl_ChangeServiceConfig2A *r)
1166 p->rng_fault_state = True;
1167 return WERR_NOT_SUPPORTED;
1170 WERROR _svcctl_ChangeServiceConfig2W(struct pipes_struct *p,
1171 struct svcctl_ChangeServiceConfig2W *r)
1173 p->rng_fault_state = True;
1174 return WERR_NOT_SUPPORTED;
1177 WERROR _svcctl_QueryServiceConfig2A(struct pipes_struct *p,
1178 struct svcctl_QueryServiceConfig2A *r)
1180 p->rng_fault_state = True;
1181 return WERR_NOT_SUPPORTED;
1184 WERROR _EnumServicesStatusExA(struct pipes_struct *p,
1185 struct EnumServicesStatusExA *r)
1187 p->rng_fault_state = True;
1188 return WERR_NOT_SUPPORTED;
1191 WERROR _EnumServicesStatusExW(struct pipes_struct *p,
1192 struct EnumServicesStatusExW *r)
1194 p->rng_fault_state = True;
1195 return WERR_NOT_SUPPORTED;
1198 WERROR _svcctl_SCSendTSMessage(struct pipes_struct *p,
1199 struct svcctl_SCSendTSMessage *r)
1201 p->rng_fault_state = True;
1202 return WERR_NOT_SUPPORTED;