2 * Unix SMB/CIFS implementation.
3 * Service Control API Implementation
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * Largely Rewritten by:
7 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "services/services.h"
26 #include "registry/reg_util_legacy.h"
27 #include "registry/reg_dispatcher.h"
28 #include "registry/reg_objects.h"
29 #include "registry/reg_api_util.h"
31 struct rcinit_file_information {
35 struct service_display_info {
36 const char *servicename;
39 const char *description;
42 struct service_display_info builtin_svcs[] = {
43 { "Spooler", "smbd", "Print Spooler", "Internal service for spooling files to print devices" },
44 { "NETLOGON", "smbd", "Net Logon", "File service providing access to policy and profile data (not remotely manageable)" },
45 { "RemoteRegistry", "smbd", "Remote Registry Service", "Internal service providing remote access to "
46 "the Samba registry" },
47 { "WINS", "nmbd", "Windows Internet Name Service (WINS)", "Internal service providing a "
48 "NetBIOS point-to-point name server (not remotely manageable)" },
49 { NULL, NULL, NULL, NULL }
52 struct service_display_info common_unix_svcs[] = {
53 { "cups", NULL, "Common Unix Printing System","Provides unified printing support for all operating systems" },
54 { "postfix", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
55 { "sendmail", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
56 { "portmap", NULL, "TCP Port to RPC PortMapper",NULL },
57 { "xinetd", NULL, "Internet Meta-Daemon", NULL },
58 { "inet", NULL, "Internet Meta-Daemon", NULL },
59 { "xntpd", NULL, "Network Time Service", NULL },
60 { "ntpd", NULL, "Network Time Service", NULL },
61 { "lpd", NULL, "BSD Print Spooler", NULL },
62 { "nfsserver", NULL, "Network File Service", NULL },
63 { "cron", NULL, "Scheduling Service", NULL },
64 { "at", NULL, "Scheduling Service", NULL },
65 { "nscd", NULL, "Name Service Cache Daemon", NULL },
66 { "slapd", NULL, "LDAP Directory Service", NULL },
67 { "ldap", NULL, "LDAP DIrectory Service", NULL },
68 { "ypbind", NULL, "NIS Directory Service", NULL },
69 { "courier-imap", NULL, "IMAP4 Mail Service", NULL },
70 { "courier-pop3", NULL, "POP3 Mail Service", NULL },
71 { "named", NULL, "Domain Name Service", NULL },
72 { "bind", NULL, "Domain Name Service", NULL },
73 { "httpd", NULL, "HTTP Server", NULL },
74 { "apache", NULL, "HTTP Server", "Provides s highly scalable and flexible web server "
75 "capable of implementing various protocols incluing "
76 "but not limited to HTTP" },
77 { "autofs", NULL, "Automounter", NULL },
78 { "squid", NULL, "Web Cache Proxy ", NULL },
79 { "perfcountd", NULL, "Performance Monitoring Daemon", NULL },
80 { "pgsql", NULL, "PgSQL Database Server", "Provides service for SQL database from Postgresql.org" },
81 { "arpwatch", NULL, "ARP Tables watcher", "Provides service for monitoring ARP tables for changes" },
82 { "dhcpd", NULL, "DHCP Server", "Provides service for dynamic host configuration and IP assignment" },
83 { "nwserv", NULL, "NetWare Server Emulator", "Provides service for emulating Novell NetWare 3.12 server" },
84 { "proftpd", NULL, "Professional FTP Server", "Provides high configurable service for FTP connection and "
85 "file transferring" },
86 { "ssh2", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
87 { "sshd", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
88 { NULL, NULL, NULL, NULL }
92 /********************************************************************
93 ********************************************************************/
95 static struct security_descriptor* construct_service_sd( TALLOC_CTX *ctx )
97 struct security_ace ace[4];
99 struct security_descriptor *sd = NULL;
100 struct security_acl *theacl = NULL;
103 /* basic access for Everyone */
105 init_sec_ace(&ace[i++], &global_sid_World,
106 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0);
108 init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users,
109 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0);
111 init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators,
112 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
113 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
114 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
116 /* create the security descriptor */
118 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
119 if (theacl == NULL) {
123 sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
124 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
133 /********************************************************************
134 This is where we do the dirty work of filling in things like the
135 Display name, Description, etc...
136 ********************************************************************/
138 static char *get_common_service_dispname( const char *servicename )
142 for ( i=0; common_unix_svcs[i].servicename; i++ ) {
143 if (strequal(servicename, common_unix_svcs[i].servicename)) {
145 if (asprintf(&dispname,
147 common_unix_svcs[i].dispname,
148 common_unix_svcs[i].servicename) < 0) {
155 return SMB_STRDUP(servicename );
158 /********************************************************************
159 ********************************************************************/
161 static char *cleanup_string( const char *string )
165 TALLOC_CTX *ctx = talloc_tos();
167 clean = talloc_strdup(ctx, string);
173 /* trim any beginning whilespace */
175 while (isspace(*begin)) {
179 if (*begin == '\0') {
183 /* trim any trailing whitespace or carriage returns.
184 Start at the end and move backwards */
186 end = begin + strlen(begin) - 1;
188 while ( isspace(*end) || *end=='\n' || *end=='\r' ) {
196 /********************************************************************
197 ********************************************************************/
199 static bool read_init_file( const char *servicename, struct rcinit_file_information **service_info )
201 struct rcinit_file_information *info = NULL;
202 char *filepath = NULL;
207 info = TALLOC_ZERO_P( NULL, struct rcinit_file_information );
212 /* attempt the file open */
214 filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_MODULESDIR(),
215 SVCCTL_SCRIPT_DIR, servicename);
220 f = x_fopen( filepath, O_RDONLY, 0 );
222 DEBUG(0,("read_init_file: failed to open [%s]\n", filepath));
227 while ( (x_fgets( str, sizeof(str)-1, f )) != NULL ) {
228 /* ignore everything that is not a full line
229 comment starting with a '#' */
234 /* Look for a line like '^#.*Description:' */
236 p = strstr( str, "Description:" );
240 p += strlen( "Description:" ) + 1;
244 desc = cleanup_string(p);
246 info->description = talloc_strdup( info, desc );
252 if ( !info->description )
253 info->description = talloc_strdup( info, "External Unix Service" );
255 *service_info = info;
256 TALLOC_FREE(filepath);
261 /********************************************************************
262 This is where we do the dirty work of filling in things like the
263 Display name, Description, etc...
264 ********************************************************************/
266 static void fill_service_values(const char *name, struct regval_ctr *values)
268 char *dname, *ipath, *description;
272 /* These values are hardcoded in all QueryServiceConfig() replies.
273 I'm just storing them here for cosmetic purposes */
275 dword = SVCCTL_AUTO_START;
276 regval_ctr_addvalue( values, "Start", REG_DWORD, (uint8 *)&dword, sizeof(uint32));
278 dword = SERVICE_TYPE_WIN32_OWN_PROCESS;
279 regval_ctr_addvalue( values, "Type", REG_DWORD, (uint8 *)&dword, sizeof(uint32));
281 dword = SVCCTL_SVC_ERROR_NORMAL;
282 regval_ctr_addvalue( values, "ErrorControl", REG_DWORD, (uint8 *)&dword, sizeof(uint32));
284 /* everything runs as LocalSystem */
286 regval_ctr_addvalue_sz(values, "ObjectName", "LocalSystem");
288 /* special considerations for internal services and the DisplayName value */
290 for ( i=0; builtin_svcs[i].servicename; i++ ) {
291 if ( strequal( name, builtin_svcs[i].servicename ) ) {
292 ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s",
293 get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR,
294 builtin_svcs[i].daemon);
295 description = talloc_strdup(talloc_tos(), builtin_svcs[i].description);
296 dname = talloc_strdup(talloc_tos(), builtin_svcs[i].dispname);
301 /* default to an external service if we haven't found a match */
303 if ( builtin_svcs[i].servicename == NULL ) {
304 char *dispname = NULL;
305 struct rcinit_file_information *init_info = NULL;
307 ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s",
308 get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR,
311 /* lookup common unix display names */
312 dispname = get_common_service_dispname(name);
313 dname = talloc_strdup(talloc_tos(), dispname ? dispname : "");
316 /* get info from init file itself */
317 if ( read_init_file( name, &init_info ) ) {
318 description = talloc_strdup(talloc_tos(), init_info->description);
319 TALLOC_FREE( init_info );
322 description = talloc_strdup(talloc_tos(), "External Unix Service");
326 /* add the new values */
328 regval_ctr_addvalue_sz(values, "DisplayName", dname);
329 regval_ctr_addvalue_sz(values, "ImagePath", ipath);
330 regval_ctr_addvalue_sz(values, "Description", description);
334 TALLOC_FREE(description);
339 /********************************************************************
340 ********************************************************************/
342 static void add_new_svc_name(struct registry_key_handle *key_parent,
343 struct regsubkey_ctr *subkeys,
346 struct registry_key_handle *key_service = NULL, *key_secdesc = NULL;
349 struct regval_ctr *values = NULL;
350 struct regsubkey_ctr *svc_subkeys = NULL;
351 struct security_descriptor *sd = NULL;
355 /* add to the list and create the subkey path */
357 regsubkey_ctr_addkey( subkeys, name );
358 store_reg_keys( key_parent, subkeys );
360 /* open the new service key */
362 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
365 wresult = regkey_open_internal( NULL, &key_service, path,
366 get_root_nt_token(), REG_KEY_ALL );
367 if ( !W_ERROR_IS_OK(wresult) ) {
368 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
369 path, win_errstr(wresult)));
375 /* add the 'Security' key */
377 wresult = regsubkey_ctr_init(key_service, &svc_subkeys);
378 if (!W_ERROR_IS_OK(wresult)) {
379 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
380 TALLOC_FREE( key_service );
384 fetch_reg_keys( key_service, svc_subkeys );
385 regsubkey_ctr_addkey( svc_subkeys, "Security" );
386 store_reg_keys( key_service, svc_subkeys );
388 /* now for the service values */
390 wresult = regval_ctr_init(key_service, &values);
391 if (!W_ERROR_IS_OK(wresult)) {
392 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
393 TALLOC_FREE( key_service );
397 fill_service_values( name, values );
398 store_reg_values( key_service, values );
400 /* cleanup the service key*/
402 TALLOC_FREE( key_service );
404 /* now add the security descriptor */
406 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
409 wresult = regkey_open_internal( NULL, &key_secdesc, path,
410 get_root_nt_token(), REG_KEY_ALL );
411 if ( !W_ERROR_IS_OK(wresult) ) {
412 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
413 path, win_errstr(wresult)));
414 TALLOC_FREE( key_secdesc );
420 wresult = regval_ctr_init(key_secdesc, &values);
421 if (!W_ERROR_IS_OK(wresult)) {
422 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
423 TALLOC_FREE( key_secdesc );
427 if ( !(sd = construct_service_sd(key_secdesc)) ) {
428 DEBUG(0,("add_new_svc_name: Failed to create default sec_desc!\n"));
429 TALLOC_FREE( key_secdesc );
433 status = marshall_sec_desc(key_secdesc, sd, &sd_blob.data,
435 if (!NT_STATUS_IS_OK(status)) {
436 DEBUG(0, ("marshall_sec_desc failed: %s\n",
438 TALLOC_FREE(key_secdesc);
442 regval_ctr_addvalue(values, "Security", REG_BINARY,
443 sd_blob.data, sd_blob.length);
444 store_reg_values( key_secdesc, values );
446 TALLOC_FREE( key_secdesc );
451 /********************************************************************
452 ********************************************************************/
454 void svcctl_init_keys( void )
456 const char **service_list = lp_svcctl_list();
458 struct regsubkey_ctr *subkeys = NULL;
459 struct registry_key_handle *key = NULL;
462 /* bad mojo here if the lookup failed. Should not happen */
464 wresult = regkey_open_internal( NULL, &key, KEY_SERVICES,
465 get_root_nt_token(), REG_KEY_ALL );
467 if ( !W_ERROR_IS_OK(wresult) ) {
468 DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n",
469 win_errstr(wresult)));
473 /* lookup the available subkeys */
475 wresult = regsubkey_ctr_init(key, &subkeys);
476 if (!W_ERROR_IS_OK(wresult)) {
477 DEBUG(0,("svcctl_init_keys: talloc() failed!\n"));
482 fetch_reg_keys( key, subkeys );
484 /* the builtin services exist */
486 for ( i=0; builtin_svcs[i].servicename; i++ )
487 add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
489 for ( i=0; service_list && service_list[i]; i++ ) {
491 /* only add new services */
492 if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
495 /* Add the new service key and initialize the appropriate values */
497 add_new_svc_name( key, subkeys, service_list[i] );
502 /* initialize the control hooks */
504 init_service_op_table();
509 /********************************************************************
510 This is where we do the dirty work of filling in things like the
511 Display name, Description, etc...Always return a default secdesc
512 in case of any failure.
513 ********************************************************************/
515 struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token )
517 struct registry_key_handle *key = NULL;
518 struct regval_ctr *values = NULL;
519 struct regval_blob *val = NULL;
520 struct security_descriptor *ret_sd = NULL;
525 /* now add the security descriptor */
527 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
530 wresult = regkey_open_internal( NULL, &key, path, token,
532 if ( !W_ERROR_IS_OK(wresult) ) {
533 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
534 path, win_errstr(wresult)));
538 wresult = regval_ctr_init(key, &values);
539 if (!W_ERROR_IS_OK(wresult)) {
540 DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n"));
544 if (fetch_reg_values( key, values ) == -1) {
545 DEBUG(0, ("Error getting registry values\n"));
549 if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
550 goto fallback_to_default_sd;
553 /* stream the service security descriptor */
555 status = unmarshall_sec_desc(ctx, regval_data_p(val),
556 regval_size(val), &ret_sd);
558 if (NT_STATUS_IS_OK(status)) {
562 fallback_to_default_sd:
563 DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
564 "service [%s]\n", name));
565 ret_sd = construct_service_sd(ctx);
573 /********************************************************************
574 Wrapper to make storing a Service sd easier
575 ********************************************************************/
577 bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token )
579 struct registry_key *key = NULL;
582 struct registry_value value;
586 /* now add the security descriptor */
588 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
592 wresult = reg_open_path(NULL, path, REG_KEY_ALL, token, &key);
594 if ( !W_ERROR_IS_OK(wresult) ) {
595 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
596 path, win_errstr(wresult)));
602 /* stream the printer security descriptor */
604 status = marshall_sec_desc(ctx, sec_desc, &value.data.data, &value.data.length);
605 if (!NT_STATUS_IS_OK(status)) {
606 DEBUG(0,("svcctl_set_secdesc: ndr_push_struct_blob() failed!\n"));
611 value.type = REG_BINARY;
613 wresult = reg_setvalue(key, "Security", &value);
614 if (!W_ERROR_IS_OK(wresult)) {
615 DEBUG(0, ("svcctl_set_secdesc: reg_setvalue failed: %s\n",
616 win_errstr(wresult)));
628 /********************************************************************
629 ********************************************************************/
631 const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token )
633 const char *display_name = NULL;
634 struct registry_key_handle *key = NULL;
635 struct regval_ctr *values = NULL;
636 struct regval_blob *val = NULL;
641 /* now add the security descriptor */
643 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
646 wresult = regkey_open_internal( NULL, &key, path, token,
648 if ( !W_ERROR_IS_OK(wresult) ) {
649 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
650 path, win_errstr(wresult)));
656 wresult = regval_ctr_init(key, &values);
657 if (!W_ERROR_IS_OK(wresult)) {
658 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
663 fetch_reg_values( key, values );
665 if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) )
668 blob = data_blob_const(regval_data_p(val), regval_size(val));
669 pull_reg_sz(ctx, &blob, &display_name);
676 /* default to returning the service name */
678 return talloc_strdup(ctx, name);
681 /********************************************************************
682 ********************************************************************/
684 const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token )
686 const char *description = NULL;
687 struct registry_key_handle *key = NULL;
688 struct regval_ctr *values = NULL;
689 struct regval_blob *val = NULL;
694 /* now add the security descriptor */
696 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
699 wresult = regkey_open_internal( NULL, &key, path, token,
701 if ( !W_ERROR_IS_OK(wresult) ) {
702 DEBUG(0,("svcctl_lookup_description: key lookup failed! [%s] (%s)\n",
703 path, win_errstr(wresult)));
709 wresult = regval_ctr_init(key, &values);
710 if (!W_ERROR_IS_OK(wresult)) {
711 DEBUG(0,("svcctl_lookup_description: talloc() failed!\n"));
716 fetch_reg_values( key, values );
718 if ( !(val = regval_ctr_getvalue( values, "Description" )) ) {
720 return "Unix Service";
723 blob = data_blob_const(regval_data_p(val), regval_size(val));
724 pull_reg_sz(ctx, &blob, &description);
732 /********************************************************************
733 ********************************************************************/
735 struct regval_ctr *svcctl_fetch_regvalues(const char *name, struct security_token *token)
737 struct registry_key_handle *key = NULL;
738 struct regval_ctr *values = NULL;
742 /* now add the security descriptor */
744 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
747 wresult = regkey_open_internal( NULL, &key, path, token,
749 if ( !W_ERROR_IS_OK(wresult) ) {
750 DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n",
751 path, win_errstr(wresult)));
757 wresult = regval_ctr_init(NULL, &values);
758 if (!W_ERROR_IS_OK(wresult)) {
759 DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n"));
763 fetch_reg_values( key, values );
git.samba.org / amitay / samba.git / blob