2 * Unix SMB/CIFS implementation.
3 * Service Control API Implementation
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * Largely Rewritten by:
7 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
25 struct rcinit_file_information {
29 struct service_display_info {
30 const char *servicename;
33 const char *description;
36 struct service_display_info builtin_svcs[] = {
37 { "Spooler", "smbd", "Print Spooler", "Internal service for spooling files to print devices" },
38 { "NETLOGON", "smbd", "Net Logon", "File service providing access to policy and profile data (not remotely manageable)" },
39 { "RemoteRegistry", "smbd", "Remote Registry Service", "Internal service providing remote access to "
40 "the Samba registry" },
41 { "WINS", "nmbd", "Windows Internet Name Service (WINS)", "Internal service providing a "
42 "NetBIOS point-to-point name server (not remotely manageable)" },
43 { NULL, NULL, NULL, NULL }
46 struct service_display_info common_unix_svcs[] = {
47 { "cups", NULL, "Common Unix Printing System","Provides unified printing support for all operating systems" },
48 { "postfix", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
49 { "sendmail", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
50 { "portmap", NULL, "TCP Port to RPC PortMapper",NULL },
51 { "xinetd", NULL, "Internet Meta-Daemon", NULL },
52 { "inet", NULL, "Internet Meta-Daemon", NULL },
53 { "xntpd", NULL, "Network Time Service", NULL },
54 { "ntpd", NULL, "Network Time Service", NULL },
55 { "lpd", NULL, "BSD Print Spooler", NULL },
56 { "nfsserver", NULL, "Network File Service", NULL },
57 { "cron", NULL, "Scheduling Service", NULL },
58 { "at", NULL, "Scheduling Service", NULL },
59 { "nscd", NULL, "Name Service Cache Daemon", NULL },
60 { "slapd", NULL, "LDAP Directory Service", NULL },
61 { "ldap", NULL, "LDAP DIrectory Service", NULL },
62 { "ypbind", NULL, "NIS Directory Service", NULL },
63 { "courier-imap", NULL, "IMAP4 Mail Service", NULL },
64 { "courier-pop3", NULL, "POP3 Mail Service", NULL },
65 { "named", NULL, "Domain Name Service", NULL },
66 { "bind", NULL, "Domain Name Service", NULL },
67 { "httpd", NULL, "HTTP Server", NULL },
68 { "apache", NULL, "HTTP Server", "Provides s highly scalable and flexible web server "
69 "capable of implementing various protocols incluing "
70 "but not limited to HTTP" },
71 { "autofs", NULL, "Automounter", NULL },
72 { "squid", NULL, "Web Cache Proxy ", NULL },
73 { "perfcountd", NULL, "Performance Monitoring Daemon", NULL },
74 { "pgsql", NULL, "PgSQL Database Server", "Provides service for SQL database from Postgresql.org" },
75 { "arpwatch", NULL, "ARP Tables watcher", "Provides service for monitoring ARP tables for changes" },
76 { "dhcpd", NULL, "DHCP Server", "Provides service for dynamic host configuration and IP assignment" },
77 { "nwserv", NULL, "NetWare Server Emulator", "Provides service for emulating Novell NetWare 3.12 server" },
78 { "proftpd", NULL, "Professional FTP Server", "Provides high configurable service for FTP connection and "
79 "file transferring" },
80 { "ssh2", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
81 { "sshd", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
82 { NULL, NULL, NULL, NULL }
86 /********************************************************************
87 ********************************************************************/
89 static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
98 /* basic access for Everyone */
100 init_sec_access(&mask, SERVICE_READ_ACCESS );
101 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
103 init_sec_access(&mask,SERVICE_EXECUTE_ACCESS );
104 init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
106 init_sec_access(&mask,SERVICE_ALL_ACCESS );
107 init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
108 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
110 /* create the security descriptor */
112 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
115 if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
116 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
123 /********************************************************************
124 This is where we do the dirty work of filling in things like the
125 Display name, Description, etc...
126 ********************************************************************/
128 static char *get_common_service_dispname( const char *servicename )
132 for ( i=0; common_unix_svcs[i].servicename; i++ ) {
133 if (strequal(servicename, common_unix_svcs[i].servicename)) {
135 if (asprintf(&dispname,
137 common_unix_svcs[i].dispname,
138 common_unix_svcs[i].servicename) < 0) {
145 return SMB_STRDUP(servicename );
148 /********************************************************************
149 ********************************************************************/
151 static char *cleanup_string( const char *string )
155 TALLOC_CTX *ctx = talloc_tos();
157 clean = talloc_strdup(ctx, string);
163 /* trim any beginning whilespace */
165 while (isspace(*begin)) {
169 if (*begin == '\0') {
173 /* trim any trailing whitespace or carriage returns.
174 Start at the end and move backwards */
176 end = begin + strlen(begin) - 1;
178 while ( isspace(*end) || *end=='\n' || *end=='\r' ) {
186 /********************************************************************
187 ********************************************************************/
189 static bool read_init_file( const char *servicename, struct rcinit_file_information **service_info )
191 struct rcinit_file_information *info;
192 char *filepath = NULL;
197 if ( !(info = TALLOC_ZERO_P( NULL, struct rcinit_file_information ) ) )
200 /* attempt the file open */
202 filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_LIBDIR(),
203 SVCCTL_SCRIPT_DIR, servicename);
208 if (!(f = x_fopen( filepath, O_RDONLY, 0 ))) {
209 DEBUG(0,("read_init_file: failed to open [%s]\n", filepath));
214 while ( (x_fgets( str, sizeof(str)-1, f )) != NULL ) {
215 /* ignore everything that is not a full line
216 comment starting with a '#' */
221 /* Look for a line like '^#.*Description:' */
223 if ( (p = strstr( str, "Description:" )) != NULL ) {
226 p += strlen( "Description:" ) + 1;
230 if ( (desc = cleanup_string(p)) != NULL )
231 info->description = talloc_strdup( info, desc );
237 if ( !info->description )
238 info->description = talloc_strdup( info, "External Unix Service" );
240 *service_info = info;
241 TALLOC_FREE(filepath);
246 /********************************************************************
247 This is where we do the dirty work of filling in things like the
248 Display name, Description, etc...
249 ********************************************************************/
251 static void fill_service_values( const char *name, REGVAL_CTR *values )
253 UNISTR2 data, dname, ipath, description;
257 /* These values are hardcoded in all QueryServiceConfig() replies.
258 I'm just storing them here for cosmetic purposes */
260 dword = SVCCTL_AUTO_START;
261 regval_ctr_addvalue( values, "Start", REG_DWORD, (char*)&dword, sizeof(uint32));
263 dword = SVCCTL_WIN32_OWN_PROC;
264 regval_ctr_addvalue( values, "Type", REG_DWORD, (char*)&dword, sizeof(uint32));
266 dword = SVCCTL_SVC_ERROR_NORMAL;
267 regval_ctr_addvalue( values, "ErrorControl", REG_DWORD, (char*)&dword, sizeof(uint32));
269 /* everything runs as LocalSystem */
271 init_unistr2( &data, "LocalSystem", UNI_STR_TERMINATE );
272 regval_ctr_addvalue( values, "ObjectName", REG_SZ, (char*)data.buffer, data.uni_str_len*2);
274 /* special considerations for internal services and the DisplayName value */
276 for ( i=0; builtin_svcs[i].servicename; i++ ) {
277 if ( strequal( name, builtin_svcs[i].servicename ) ) {
279 if (asprintf(&pstr, "%s/%s/%s",
280 get_dyn_LIBDIR(), SVCCTL_SCRIPT_DIR,
281 builtin_svcs[i].daemon) > 0) {
282 init_unistr2( &ipath, pstr, UNI_STR_TERMINATE );
285 init_unistr2( &ipath, "", UNI_STR_TERMINATE );
287 init_unistr2( &description, builtin_svcs[i].description, UNI_STR_TERMINATE );
288 init_unistr2( &dname, builtin_svcs[i].dispname, UNI_STR_TERMINATE );
293 /* default to an external service if we haven't found a match */
295 if ( builtin_svcs[i].servicename == NULL ) {
297 char *dispname = NULL;
298 struct rcinit_file_information *init_info = NULL;
300 if (asprintf(&pstr, "%s/%s/%s",get_dyn_LIBDIR(),
301 SVCCTL_SCRIPT_DIR, name) > 0) {
302 init_unistr2( &ipath, pstr, UNI_STR_TERMINATE );
305 init_unistr2( &ipath, "", UNI_STR_TERMINATE );
308 /* lookup common unix display names */
309 dispname = get_common_service_dispname(name);
310 init_unistr2( &dname, dispname ? dispname : "", UNI_STR_TERMINATE );
313 /* get info from init file itself */
314 if ( read_init_file( name, &init_info ) ) {
315 init_unistr2( &description, init_info->description, UNI_STR_TERMINATE );
316 TALLOC_FREE( init_info );
319 init_unistr2( &description, "External Unix Service", UNI_STR_TERMINATE );
323 /* add the new values */
325 regval_ctr_addvalue( values, "DisplayName", REG_SZ, (char*)dname.buffer, dname.uni_str_len*2);
326 regval_ctr_addvalue( values, "ImagePath", REG_SZ, (char*)ipath.buffer, ipath.uni_str_len*2);
327 regval_ctr_addvalue( values, "Description", REG_SZ, (char*)description.buffer, description.uni_str_len*2);
332 /********************************************************************
333 ********************************************************************/
335 static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys,
338 REGISTRY_KEY *key_service, *key_secdesc;
342 REGSUBKEY_CTR *svc_subkeys;
347 /* add to the list and create the subkey path */
349 regsubkey_ctr_addkey( subkeys, name );
350 store_reg_keys( key_parent, subkeys );
352 /* open the new service key */
354 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
357 wresult = regkey_open_internal( NULL, &key_service, path,
358 get_root_nt_token(), REG_KEY_ALL );
359 if ( !W_ERROR_IS_OK(wresult) ) {
360 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
361 path, dos_errstr(wresult)));
367 /* add the 'Security' key */
369 if ( !(svc_subkeys = TALLOC_ZERO_P( key_service, REGSUBKEY_CTR )) ) {
370 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
371 TALLOC_FREE( key_service );
375 fetch_reg_keys( key_service, svc_subkeys );
376 regsubkey_ctr_addkey( svc_subkeys, "Security" );
377 store_reg_keys( key_service, svc_subkeys );
379 /* now for the service values */
381 if ( !(values = TALLOC_ZERO_P( key_service, REGVAL_CTR )) ) {
382 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
383 TALLOC_FREE( key_service );
387 fill_service_values( name, values );
388 store_reg_values( key_service, values );
390 /* cleanup the service key*/
392 TALLOC_FREE( key_service );
394 /* now add the security descriptor */
396 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
399 wresult = regkey_open_internal( NULL, &key_secdesc, path,
400 get_root_nt_token(), REG_KEY_ALL );
401 if ( !W_ERROR_IS_OK(wresult) ) {
402 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
403 path, dos_errstr(wresult)));
404 TALLOC_FREE( key_secdesc );
410 if ( !(values = TALLOC_ZERO_P( key_secdesc, REGVAL_CTR )) ) {
411 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
412 TALLOC_FREE( key_secdesc );
416 if ( !(sd = construct_service_sd(key_secdesc)) ) {
417 DEBUG(0,("add_new_svc_name: Failed to create default sec_desc!\n"));
418 TALLOC_FREE( key_secdesc );
422 status = marshall_sec_desc(key_secdesc, sd, &sd_blob.data,
424 if (!NT_STATUS_IS_OK(status)) {
425 DEBUG(0, ("marshall_sec_desc failed: %s\n",
427 TALLOC_FREE(key_secdesc);
431 regval_ctr_addvalue(values, "Security", REG_BINARY,
432 (const char *)sd_blob.data, sd_blob.length);
433 store_reg_values( key_secdesc, values );
435 TALLOC_FREE( key_secdesc );
440 /********************************************************************
441 ********************************************************************/
443 void svcctl_init_keys( void )
445 const char **service_list = lp_svcctl_list();
447 REGSUBKEY_CTR *subkeys;
448 REGISTRY_KEY *key = NULL;
451 /* bad mojo here if the lookup failed. Should not happen */
453 wresult = regkey_open_internal( NULL, &key, KEY_SERVICES,
454 get_root_nt_token(), REG_KEY_ALL );
456 if ( !W_ERROR_IS_OK(wresult) ) {
457 DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n",
458 dos_errstr(wresult)));
462 /* lookup the available subkeys */
464 if ( !(subkeys = TALLOC_ZERO_P( key, REGSUBKEY_CTR )) ) {
465 DEBUG(0,("svcctl_init_keys: talloc() failed!\n"));
470 fetch_reg_keys( key, subkeys );
472 /* the builting services exist */
474 for ( i=0; builtin_svcs[i].servicename; i++ )
475 add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
477 for ( i=0; service_list && service_list[i]; i++ ) {
479 /* only add new services */
480 if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
483 /* Add the new service key and initialize the appropriate values */
485 add_new_svc_name( key, subkeys, service_list[i] );
490 /* initialize the control hooks */
492 init_service_op_table();
497 /********************************************************************
498 This is where we do the dirty work of filling in things like the
499 Display name, Description, etc...Always return a default secdesc
500 in case of any failure.
501 ********************************************************************/
503 SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
508 SEC_DESC *ret_sd = NULL;
513 /* now add the security descriptor */
515 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
518 wresult = regkey_open_internal( NULL, &key, path, token,
520 if ( !W_ERROR_IS_OK(wresult) ) {
521 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
522 path, dos_errstr(wresult)));
528 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
529 DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n"));
534 fetch_reg_values( key, values );
538 if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
539 DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n",
541 return construct_service_sd( ctx );
544 /* stream the service security descriptor */
546 status = unmarshall_sec_desc(ctx, regval_data_p(val),
547 regval_size(val), &ret_sd);
549 if (!NT_STATUS_IS_OK(status)) {
550 return construct_service_sd( ctx );
556 /********************************************************************
557 Wrapper to make storing a Service sd easier
558 ********************************************************************/
560 bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token )
569 /* now add the security descriptor */
571 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
574 wresult = regkey_open_internal( NULL, &key, path, token,
576 if ( !W_ERROR_IS_OK(wresult) ) {
577 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
578 path, dos_errstr(wresult)));
584 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
585 DEBUG(0,("svcctl_set_secdesc: talloc() failed!\n"));
590 /* stream the printer security descriptor */
591 prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL);
593 if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) {
594 uint32 offset = prs_offset( &ps );
595 regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset );
596 ret = store_reg_values( key, values );
607 /********************************************************************
608 ********************************************************************/
610 const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
612 char *display_name = NULL;
613 REGISTRY_KEY *key = NULL;
619 /* now add the security descriptor */
621 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
624 wresult = regkey_open_internal( NULL, &key, path, token,
626 if ( !W_ERROR_IS_OK(wresult) ) {
627 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
628 path, dos_errstr(wresult)));
634 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
635 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
640 fetch_reg_values( key, values );
642 if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) )
645 rpcstr_pull_talloc(ctx, &display_name, regval_data_p(val), regval_size(val), 0 );
652 /* default to returning the service name */
654 return talloc_strdup(ctx, name);
657 /********************************************************************
658 ********************************************************************/
660 const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
662 char *description = NULL;
663 REGISTRY_KEY *key = NULL;
669 /* now add the security descriptor */
671 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
674 wresult = regkey_open_internal( NULL, &key, path, token,
676 if ( !W_ERROR_IS_OK(wresult) ) {
677 DEBUG(0,("svcctl_lookup_description: key lookup failed! [%s] (%s)\n",
678 path, dos_errstr(wresult)));
684 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
685 DEBUG(0,("svcctl_lookup_description: talloc() failed!\n"));
690 fetch_reg_values( key, values );
692 if ( !(val = regval_ctr_getvalue( values, "Description" )) ) {
694 return "Unix Service";
696 rpcstr_pull_talloc(ctx, &description, regval_data_p(val), regval_size(val), 0 );
703 /********************************************************************
704 ********************************************************************/
706 REGVAL_CTR *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token )
708 REGISTRY_KEY *key = NULL;
713 /* now add the security descriptor */
715 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
718 wresult = regkey_open_internal( NULL, &key, path, token,
720 if ( !W_ERROR_IS_OK(wresult) ) {
721 DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n",
722 path, dos_errstr(wresult)));
728 if ( !(values = TALLOC_ZERO_P( NULL, REGVAL_CTR )) ) {
729 DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n"));
733 fetch_reg_values( key, values );