2 * Unix SMB/CIFS implementation.
3 * Service Control API Implementation
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * Largely Rewritten by:
7 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "services/services.h"
26 #include "registry/reg_util_legacy.h"
27 #include "registry/reg_dispatcher.h"
29 struct rcinit_file_information {
33 struct service_display_info {
34 const char *servicename;
37 const char *description;
40 struct service_display_info builtin_svcs[] = {
41 { "Spooler", "smbd", "Print Spooler", "Internal service for spooling files to print devices" },
42 { "NETLOGON", "smbd", "Net Logon", "File service providing access to policy and profile data (not remotely manageable)" },
43 { "RemoteRegistry", "smbd", "Remote Registry Service", "Internal service providing remote access to "
44 "the Samba registry" },
45 { "WINS", "nmbd", "Windows Internet Name Service (WINS)", "Internal service providing a "
46 "NetBIOS point-to-point name server (not remotely manageable)" },
47 { NULL, NULL, NULL, NULL }
50 struct service_display_info common_unix_svcs[] = {
51 { "cups", NULL, "Common Unix Printing System","Provides unified printing support for all operating systems" },
52 { "postfix", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
53 { "sendmail", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
54 { "portmap", NULL, "TCP Port to RPC PortMapper",NULL },
55 { "xinetd", NULL, "Internet Meta-Daemon", NULL },
56 { "inet", NULL, "Internet Meta-Daemon", NULL },
57 { "xntpd", NULL, "Network Time Service", NULL },
58 { "ntpd", NULL, "Network Time Service", NULL },
59 { "lpd", NULL, "BSD Print Spooler", NULL },
60 { "nfsserver", NULL, "Network File Service", NULL },
61 { "cron", NULL, "Scheduling Service", NULL },
62 { "at", NULL, "Scheduling Service", NULL },
63 { "nscd", NULL, "Name Service Cache Daemon", NULL },
64 { "slapd", NULL, "LDAP Directory Service", NULL },
65 { "ldap", NULL, "LDAP DIrectory Service", NULL },
66 { "ypbind", NULL, "NIS Directory Service", NULL },
67 { "courier-imap", NULL, "IMAP4 Mail Service", NULL },
68 { "courier-pop3", NULL, "POP3 Mail Service", NULL },
69 { "named", NULL, "Domain Name Service", NULL },
70 { "bind", NULL, "Domain Name Service", NULL },
71 { "httpd", NULL, "HTTP Server", NULL },
72 { "apache", NULL, "HTTP Server", "Provides s highly scalable and flexible web server "
73 "capable of implementing various protocols incluing "
74 "but not limited to HTTP" },
75 { "autofs", NULL, "Automounter", NULL },
76 { "squid", NULL, "Web Cache Proxy ", NULL },
77 { "perfcountd", NULL, "Performance Monitoring Daemon", NULL },
78 { "pgsql", NULL, "PgSQL Database Server", "Provides service for SQL database from Postgresql.org" },
79 { "arpwatch", NULL, "ARP Tables watcher", "Provides service for monitoring ARP tables for changes" },
80 { "dhcpd", NULL, "DHCP Server", "Provides service for dynamic host configuration and IP assignment" },
81 { "nwserv", NULL, "NetWare Server Emulator", "Provides service for emulating Novell NetWare 3.12 server" },
82 { "proftpd", NULL, "Professional FTP Server", "Provides high configurable service for FTP connection and "
83 "file transferring" },
84 { "ssh2", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
85 { "sshd", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
86 { NULL, NULL, NULL, NULL }
90 /********************************************************************
91 ********************************************************************/
93 static struct security_descriptor* construct_service_sd( TALLOC_CTX *ctx )
95 struct security_ace ace[4];
97 struct security_descriptor *sd = NULL;
98 struct security_acl *theacl = NULL;
101 /* basic access for Everyone */
103 init_sec_ace(&ace[i++], &global_sid_World,
104 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0);
106 init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users,
107 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0);
109 init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators,
110 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
111 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
112 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
114 /* create the security descriptor */
116 if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
119 if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
120 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
127 /********************************************************************
128 This is where we do the dirty work of filling in things like the
129 Display name, Description, etc...
130 ********************************************************************/
132 static char *get_common_service_dispname( const char *servicename )
136 for ( i=0; common_unix_svcs[i].servicename; i++ ) {
137 if (strequal(servicename, common_unix_svcs[i].servicename)) {
139 if (asprintf(&dispname,
141 common_unix_svcs[i].dispname,
142 common_unix_svcs[i].servicename) < 0) {
149 return SMB_STRDUP(servicename );
152 /********************************************************************
153 ********************************************************************/
155 static char *cleanup_string( const char *string )
159 TALLOC_CTX *ctx = talloc_tos();
161 clean = talloc_strdup(ctx, string);
167 /* trim any beginning whilespace */
169 while (isspace(*begin)) {
173 if (*begin == '\0') {
177 /* trim any trailing whitespace or carriage returns.
178 Start at the end and move backwards */
180 end = begin + strlen(begin) - 1;
182 while ( isspace(*end) || *end=='\n' || *end=='\r' ) {
190 /********************************************************************
191 ********************************************************************/
193 static bool read_init_file( const char *servicename, struct rcinit_file_information **service_info )
195 struct rcinit_file_information *info = NULL;
196 char *filepath = NULL;
201 if ( !(info = TALLOC_ZERO_P( NULL, struct rcinit_file_information ) ) )
204 /* attempt the file open */
206 filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_MODULESDIR(),
207 SVCCTL_SCRIPT_DIR, servicename);
212 if (!(f = x_fopen( filepath, O_RDONLY, 0 ))) {
213 DEBUG(0,("read_init_file: failed to open [%s]\n", filepath));
218 while ( (x_fgets( str, sizeof(str)-1, f )) != NULL ) {
219 /* ignore everything that is not a full line
220 comment starting with a '#' */
225 /* Look for a line like '^#.*Description:' */
227 if ( (p = strstr( str, "Description:" )) != NULL ) {
230 p += strlen( "Description:" ) + 1;
234 if ( (desc = cleanup_string(p)) != NULL )
235 info->description = talloc_strdup( info, desc );
241 if ( !info->description )
242 info->description = talloc_strdup( info, "External Unix Service" );
244 *service_info = info;
245 TALLOC_FREE(filepath);
250 /********************************************************************
251 This is where we do the dirty work of filling in things like the
252 Display name, Description, etc...
253 ********************************************************************/
255 static void fill_service_values(const char *name, struct regval_ctr *values)
257 char *dname, *ipath, *description;
261 /* These values are hardcoded in all QueryServiceConfig() replies.
262 I'm just storing them here for cosmetic purposes */
264 dword = SVCCTL_AUTO_START;
265 regval_ctr_addvalue( values, "Start", REG_DWORD, (uint8 *)&dword, sizeof(uint32));
267 dword = SERVICE_TYPE_WIN32_OWN_PROCESS;
268 regval_ctr_addvalue( values, "Type", REG_DWORD, (uint8 *)&dword, sizeof(uint32));
270 dword = SVCCTL_SVC_ERROR_NORMAL;
271 regval_ctr_addvalue( values, "ErrorControl", REG_DWORD, (uint8 *)&dword, sizeof(uint32));
273 /* everything runs as LocalSystem */
275 regval_ctr_addvalue_sz(values, "ObjectName", "LocalSystem");
277 /* special considerations for internal services and the DisplayName value */
279 for ( i=0; builtin_svcs[i].servicename; i++ ) {
280 if ( strequal( name, builtin_svcs[i].servicename ) ) {
281 ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s",
282 get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR,
283 builtin_svcs[i].daemon);
284 description = talloc_strdup(talloc_tos(), builtin_svcs[i].description);
285 dname = talloc_strdup(talloc_tos(), builtin_svcs[i].dispname);
290 /* default to an external service if we haven't found a match */
292 if ( builtin_svcs[i].servicename == NULL ) {
293 char *dispname = NULL;
294 struct rcinit_file_information *init_info = NULL;
296 ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s",
297 get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR,
300 /* lookup common unix display names */
301 dispname = get_common_service_dispname(name);
302 dname = talloc_strdup(talloc_tos(), dispname ? dispname : "");
305 /* get info from init file itself */
306 if ( read_init_file( name, &init_info ) ) {
307 description = talloc_strdup(talloc_tos(), init_info->description);
308 TALLOC_FREE( init_info );
311 description = talloc_strdup(talloc_tos(), "External Unix Service");
315 /* add the new values */
317 regval_ctr_addvalue_sz(values, "DisplayName", dname);
318 regval_ctr_addvalue_sz(values, "ImagePath", ipath);
319 regval_ctr_addvalue_sz(values, "Description", description);
323 TALLOC_FREE(description);
328 /********************************************************************
329 ********************************************************************/
331 static void add_new_svc_name(struct registry_key_handle *key_parent,
332 struct regsubkey_ctr *subkeys,
335 struct registry_key_handle *key_service = NULL, *key_secdesc = NULL;
338 struct regval_ctr *values = NULL;
339 struct regsubkey_ctr *svc_subkeys = NULL;
340 struct security_descriptor *sd = NULL;
344 /* add to the list and create the subkey path */
346 regsubkey_ctr_addkey( subkeys, name );
347 store_reg_keys( key_parent, subkeys );
349 /* open the new service key */
351 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
354 wresult = regkey_open_internal( NULL, &key_service, path,
355 get_root_nt_token(), REG_KEY_ALL );
356 if ( !W_ERROR_IS_OK(wresult) ) {
357 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
358 path, win_errstr(wresult)));
364 /* add the 'Security' key */
366 wresult = regsubkey_ctr_init(key_service, &svc_subkeys);
367 if (!W_ERROR_IS_OK(wresult)) {
368 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
369 TALLOC_FREE( key_service );
373 fetch_reg_keys( key_service, svc_subkeys );
374 regsubkey_ctr_addkey( svc_subkeys, "Security" );
375 store_reg_keys( key_service, svc_subkeys );
377 /* now for the service values */
379 wresult = regval_ctr_init(key_service, &values);
380 if (!W_ERROR_IS_OK(wresult)) {
381 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
382 TALLOC_FREE( key_service );
386 fill_service_values( name, values );
387 store_reg_values( key_service, values );
389 /* cleanup the service key*/
391 TALLOC_FREE( key_service );
393 /* now add the security descriptor */
395 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
398 wresult = regkey_open_internal( NULL, &key_secdesc, path,
399 get_root_nt_token(), REG_KEY_ALL );
400 if ( !W_ERROR_IS_OK(wresult) ) {
401 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
402 path, win_errstr(wresult)));
403 TALLOC_FREE( key_secdesc );
409 wresult = regval_ctr_init(key_secdesc, &values);
410 if (!W_ERROR_IS_OK(wresult)) {
411 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
412 TALLOC_FREE( key_secdesc );
416 if ( !(sd = construct_service_sd(key_secdesc)) ) {
417 DEBUG(0,("add_new_svc_name: Failed to create default sec_desc!\n"));
418 TALLOC_FREE( key_secdesc );
422 status = marshall_sec_desc(key_secdesc, sd, &sd_blob.data,
424 if (!NT_STATUS_IS_OK(status)) {
425 DEBUG(0, ("marshall_sec_desc failed: %s\n",
427 TALLOC_FREE(key_secdesc);
431 regval_ctr_addvalue(values, "Security", REG_BINARY,
432 sd_blob.data, sd_blob.length);
433 store_reg_values( key_secdesc, values );
435 TALLOC_FREE( key_secdesc );
440 /********************************************************************
441 ********************************************************************/
443 void svcctl_init_keys( void )
445 const char **service_list = lp_svcctl_list();
447 struct regsubkey_ctr *subkeys = NULL;
448 struct registry_key_handle *key = NULL;
451 /* bad mojo here if the lookup failed. Should not happen */
453 wresult = regkey_open_internal( NULL, &key, KEY_SERVICES,
454 get_root_nt_token(), REG_KEY_ALL );
456 if ( !W_ERROR_IS_OK(wresult) ) {
457 DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n",
458 win_errstr(wresult)));
462 /* lookup the available subkeys */
464 wresult = regsubkey_ctr_init(key, &subkeys);
465 if (!W_ERROR_IS_OK(wresult)) {
466 DEBUG(0,("svcctl_init_keys: talloc() failed!\n"));
471 fetch_reg_keys( key, subkeys );
473 /* the builtin services exist */
475 for ( i=0; builtin_svcs[i].servicename; i++ )
476 add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
478 for ( i=0; service_list && service_list[i]; i++ ) {
480 /* only add new services */
481 if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
484 /* Add the new service key and initialize the appropriate values */
486 add_new_svc_name( key, subkeys, service_list[i] );
491 /* initialize the control hooks */
493 init_service_op_table();
498 /********************************************************************
499 This is where we do the dirty work of filling in things like the
500 Display name, Description, etc...Always return a default secdesc
501 in case of any failure.
502 ********************************************************************/
504 struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
506 struct registry_key_handle *key = NULL;
507 struct regval_ctr *values = NULL;
508 struct regval_blob *val = NULL;
509 struct security_descriptor *ret_sd = NULL;
514 /* now add the security descriptor */
516 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
519 wresult = regkey_open_internal( NULL, &key, path, token,
521 if ( !W_ERROR_IS_OK(wresult) ) {
522 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
523 path, win_errstr(wresult)));
527 wresult = regval_ctr_init(key, &values);
528 if (!W_ERROR_IS_OK(wresult)) {
529 DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n"));
533 if (fetch_reg_values( key, values ) == -1) {
534 DEBUG(0, ("Error getting registry values\n"));
538 if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
539 goto fallback_to_default_sd;
542 /* stream the service security descriptor */
544 status = unmarshall_sec_desc(ctx, regval_data_p(val),
545 regval_size(val), &ret_sd);
547 if (NT_STATUS_IS_OK(status)) {
551 fallback_to_default_sd:
552 DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
553 "service [%s]\n", name));
554 ret_sd = construct_service_sd(ctx);
562 /********************************************************************
563 Wrapper to make storing a Service sd easier
564 ********************************************************************/
566 bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token )
568 struct registry_key_handle *key = NULL;
571 struct regval_ctr *values = NULL;
576 /* now add the security descriptor */
578 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
581 wresult = regkey_open_internal( NULL, &key, path, token,
583 if ( !W_ERROR_IS_OK(wresult) ) {
584 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
585 path, win_errstr(wresult)));
591 wresult = regval_ctr_init(key, &values);
592 if (!W_ERROR_IS_OK(wresult)) {
593 DEBUG(0,("svcctl_set_secdesc: talloc() failed!\n"));
598 /* stream the printer security descriptor */
600 status = marshall_sec_desc(ctx, sec_desc, &blob.data, &blob.length);
601 if (!NT_STATUS_IS_OK(status)) {
602 DEBUG(0,("svcctl_set_secdesc: ndr_push_struct_blob() failed!\n"));
607 regval_ctr_addvalue( values, "Security", REG_BINARY, blob.data, blob.length);
608 ret = store_reg_values( key, values );
617 /********************************************************************
618 ********************************************************************/
620 const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
622 const char *display_name = NULL;
623 struct registry_key_handle *key = NULL;
624 struct regval_ctr *values = NULL;
625 struct regval_blob *val = NULL;
630 /* now add the security descriptor */
632 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
635 wresult = regkey_open_internal( NULL, &key, path, token,
637 if ( !W_ERROR_IS_OK(wresult) ) {
638 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
639 path, win_errstr(wresult)));
645 wresult = regval_ctr_init(key, &values);
646 if (!W_ERROR_IS_OK(wresult)) {
647 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
652 fetch_reg_values( key, values );
654 if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) )
657 blob = data_blob_const(regval_data_p(val), regval_size(val));
658 pull_reg_sz(ctx, &blob, &display_name);
665 /* default to returning the service name */
667 return talloc_strdup(ctx, name);
670 /********************************************************************
671 ********************************************************************/
673 const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
675 const char *description = NULL;
676 struct registry_key_handle *key = NULL;
677 struct regval_ctr *values = NULL;
678 struct regval_blob *val = NULL;
683 /* now add the security descriptor */
685 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
688 wresult = regkey_open_internal( NULL, &key, path, token,
690 if ( !W_ERROR_IS_OK(wresult) ) {
691 DEBUG(0,("svcctl_lookup_description: key lookup failed! [%s] (%s)\n",
692 path, win_errstr(wresult)));
698 wresult = regval_ctr_init(key, &values);
699 if (!W_ERROR_IS_OK(wresult)) {
700 DEBUG(0,("svcctl_lookup_description: talloc() failed!\n"));
705 fetch_reg_values( key, values );
707 if ( !(val = regval_ctr_getvalue( values, "Description" )) ) {
709 return "Unix Service";
712 blob = data_blob_const(regval_data_p(val), regval_size(val));
713 pull_reg_sz(ctx, &blob, &description);
721 /********************************************************************
722 ********************************************************************/
724 struct regval_ctr *svcctl_fetch_regvalues(const char *name, NT_USER_TOKEN *token)
726 struct registry_key_handle *key = NULL;
727 struct regval_ctr *values = NULL;
731 /* now add the security descriptor */
733 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
736 wresult = regkey_open_internal( NULL, &key, path, token,
738 if ( !W_ERROR_IS_OK(wresult) ) {
739 DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n",
740 path, win_errstr(wresult)));
746 wresult = regval_ctr_init(NULL, &values);
747 if (!W_ERROR_IS_OK(wresult)) {
748 DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n"));
752 fetch_reg_values( key, values );
git.samba.org / amitay / samba.git / blob