2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
7 * Largely Rewritten (Again) by:
8 * Copyright (C) Gerald (Jerry) Carter 2005.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #define DBGC_CLASS DBGC_RPC_SRV
29 struct service_control_op {
31 SERVICE_CONTROL_OPS *ops;
34 #define SVCCTL_NUM_INTERNAL_SERVICES 4
36 /* handle external services */
37 extern SERVICE_CONTROL_OPS rcinit_svc_ops;
39 /* builtin services (see service_db.c and services/svc_*.c */
40 extern SERVICE_CONTROL_OPS spoolss_svc_ops;
41 extern SERVICE_CONTROL_OPS netlogon_svc_ops;
42 extern SERVICE_CONTROL_OPS winreg_svc_ops;
43 extern SERVICE_CONTROL_OPS wins_svc_ops;
45 /* make sure this number patches the number of builtin
46 SERVICE_CONTROL_OPS structure listed above */
48 #define SVCCTL_NUM_INTERNAL_SERVICES 4
50 struct service_control_op *svcctl_ops;
52 static const struct generic_mapping scm_generic_map =
53 { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
54 static const struct generic_mapping svc_generic_map =
55 { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
58 /********************************************************************
59 ********************************************************************/
61 bool init_service_op_table( void )
63 const char **service_list = lp_svcctl_list();
64 int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_count( service_list );
67 if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
68 DEBUG(0,("init_service_op_table: talloc() failed!\n"));
72 /* services listed in smb.conf get the rc.init interface */
74 for ( i=0; service_list && service_list[i]; i++ ) {
75 svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
76 svcctl_ops[i].ops = &rcinit_svc_ops;
79 /* add builtin services */
81 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
82 svcctl_ops[i].ops = &spoolss_svc_ops;
85 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
86 svcctl_ops[i].ops = &netlogon_svc_ops;
89 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
90 svcctl_ops[i].ops = &winreg_svc_ops;
93 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
94 svcctl_ops[i].ops = &wins_svc_ops;
97 /* NULL terminate the array */
99 svcctl_ops[i].name = NULL;
100 svcctl_ops[i].ops = NULL;
105 /********************************************************************
106 ********************************************************************/
108 static struct service_control_op* find_service_by_name( const char *name )
112 for ( i=0; svcctl_ops[i].name; i++ ) {
113 if ( strequal( name, svcctl_ops[i].name ) )
114 return &svcctl_ops[i];
119 /********************************************************************
120 ********************************************************************/
122 static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
123 uint32 access_desired, uint32 *access_granted )
127 if ( geteuid() == sec_initial_uid() ) {
128 DEBUG(5,("svcctl_access_check: using root's token\n"));
129 token = get_root_nt_token();
132 se_access_check( sec_desc, token, access_desired, access_granted, &result );
137 /********************************************************************
138 ********************************************************************/
140 static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
149 /* basic access for Everyone */
151 init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
152 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
154 /* Full Access 'BUILTIN\Administrators' */
156 init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
157 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
160 /* create the security descriptor */
162 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
165 if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
171 /******************************************************************
172 free() function for REGISTRY_KEY
173 *****************************************************************/
175 static void free_service_handle_info(void *ptr)
180 /******************************************************************
181 Find a registry key handle and return a SERVICE_INFO
182 *****************************************************************/
184 static SERVICE_INFO *find_service_info_by_hnd(pipes_struct *p, POLICY_HND *hnd)
186 SERVICE_INFO *service_info = NULL;
188 if( !find_policy_by_hnd( p, hnd, (void **)(void *)&service_info) ) {
189 DEBUG(2,("find_service_info_by_hnd: handle not found"));
196 /******************************************************************
197 *****************************************************************/
199 static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, uint32 type,
200 const char *service, uint32 access_granted )
202 SERVICE_INFO *info = NULL;
203 WERROR result = WERR_OK;
204 struct service_control_op *s_op;
206 if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
209 /* the Service Manager has a NULL name */
211 info->type = SVC_HANDLE_IS_SCM;
214 case SVC_HANDLE_IS_SCM:
215 info->type = SVC_HANDLE_IS_SCM;
218 case SVC_HANDLE_IS_DBLOCK:
219 info->type = SVC_HANDLE_IS_DBLOCK;
222 case SVC_HANDLE_IS_SERVICE:
223 info->type = SVC_HANDLE_IS_SERVICE;
225 /* lookup the SERVICE_CONTROL_OPS */
227 if ( !(s_op = find_service_by_name( service )) ) {
228 result = WERR_NO_SUCH_SERVICE;
232 info->ops = s_op->ops;
234 if ( !(info->name = talloc_strdup( info, s_op->name )) ) {
241 result = WERR_NO_SUCH_SERVICE;
245 info->access_granted = access_granted;
247 /* store the SERVICE_INFO and create an open handle */
249 if ( !create_policy_hnd( p, handle, free_service_handle_info, info ) ) {
250 result = WERR_ACCESS_DENIED;
255 if ( !W_ERROR_IS_OK(result) )
256 free_service_handle_info( info );
261 /********************************************************************
262 ********************************************************************/
264 WERROR _svcctl_open_scmanager(pipes_struct *p, SVCCTL_Q_OPEN_SCMANAGER *q_u, SVCCTL_R_OPEN_SCMANAGER *r_u)
267 uint32 access_granted = 0;
270 /* perform access checks */
272 if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
275 se_map_generic( &q_u->access, &scm_generic_map );
276 status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
277 if ( !NT_STATUS_IS_OK(status) )
278 return ntstatus_to_werror( status );
280 return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
283 /********************************************************************
284 ********************************************************************/
286 WERROR _svcctl_open_service(pipes_struct *p, SVCCTL_Q_OPEN_SERVICE *q_u, SVCCTL_R_OPEN_SERVICE *r_u)
289 uint32 access_granted = 0;
293 rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
295 DEBUG(5, ("_svcctl_open_service: Attempting to open Service [%s], \n", service));
298 /* based on my tests you can open a service if you have a valid scm handle */
300 if ( !find_service_info_by_hnd( p, &q_u->handle ) )
303 /* perform access checks. Use the root token in order to ensure that we
304 retrieve the security descriptor */
306 if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
309 se_map_generic( &q_u->access, &svc_generic_map );
310 status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
311 if ( !NT_STATUS_IS_OK(status) )
312 return ntstatus_to_werror( status );
314 return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
317 /********************************************************************
318 ********************************************************************/
320 WERROR _svcctl_CloseServiceHandle(pipes_struct *p, struct svcctl_CloseServiceHandle *r)
322 if ( !close_policy_hnd( p, r->in.handle ) )
328 /********************************************************************
329 ********************************************************************/
331 WERROR _svcctl_get_display_name(pipes_struct *p, SVCCTL_Q_GET_DISPLAY_NAME *q_u, SVCCTL_R_GET_DISPLAY_NAME *r_u)
334 const char *display_name;
335 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
337 /* can only use an SCM handle here */
339 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
342 rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
344 display_name = svcctl_lookup_dispname( service, p->pipe_user.nt_user_token );
345 init_svcctl_r_get_display_name( r_u, display_name );
350 /********************************************************************
351 ********************************************************************/
353 WERROR _svcctl_query_status(pipes_struct *p, SVCCTL_Q_QUERY_STATUS *q_u, SVCCTL_R_QUERY_STATUS *r_u)
355 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
357 /* perform access checks */
359 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
362 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
363 return WERR_ACCESS_DENIED;
365 /* try the service specific status call */
367 return info->ops->service_status( info->name, &r_u->svc_status );
370 /********************************************************************
371 ********************************************************************/
373 static int enumerate_status( TALLOC_CTX *ctx, ENUM_SERVICES_STATUS **status, NT_USER_TOKEN *token )
375 int num_services = 0;
377 ENUM_SERVICES_STATUS *st;
378 const char *display_name;
381 while ( svcctl_ops[num_services].name )
384 if ( !(st = TALLOC_ARRAY( ctx, ENUM_SERVICES_STATUS, num_services )) ) {
385 DEBUG(0,("enumerate_status: talloc() failed!\n"));
389 for ( i=0; i<num_services; i++ ) {
390 init_unistr( &st[i].servicename, svcctl_ops[i].name );
392 display_name = svcctl_lookup_dispname( svcctl_ops[i].name, token );
393 init_unistr( &st[i].displayname, display_name );
395 svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
403 /********************************************************************
404 ********************************************************************/
406 WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STATUS *q_u, SVCCTL_R_ENUM_SERVICES_STATUS *r_u)
408 ENUM_SERVICES_STATUS *services = NULL;
411 size_t buffer_size = 0;
412 WERROR result = WERR_OK;
413 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
414 NT_USER_TOKEN *token = p->pipe_user.nt_user_token;
416 /* perform access checks */
418 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
421 if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
422 return WERR_ACCESS_DENIED;
425 num_services = enumerate_status( p->mem_ctx, &services, token );
426 if (num_services == -1 ) {
430 for ( i=0; i<num_services; i++ ) {
431 buffer_size += svcctl_sizeof_enum_services_status(&services[i]);
434 buffer_size += buffer_size % 4;
436 if (buffer_size > q_u->buffer_size ) {
438 result = WERR_MORE_DATA;
441 rpcbuf_init(&r_u->buffer, q_u->buffer_size, p->mem_ctx);
443 if ( W_ERROR_IS_OK(result) ) {
444 for ( i=0; i<num_services; i++ )
445 svcctl_io_enum_services_status( "", &services[i], &r_u->buffer, 0 );
448 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
449 r_u->returned = (uint32)num_services;
451 if ( !(r_u->resume = TALLOC_P( p->mem_ctx, uint32 )) )
459 /********************************************************************
460 ********************************************************************/
462 WERROR _svcctl_start_service(pipes_struct *p, SVCCTL_Q_START_SERVICE *q_u, SVCCTL_R_START_SERVICE *r_u)
464 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
466 /* perform access checks */
468 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
471 if ( !(info->access_granted & SC_RIGHT_SVC_START) )
472 return WERR_ACCESS_DENIED;
474 return info->ops->start_service( info->name );
477 /********************************************************************
478 ********************************************************************/
480 WERROR _svcctl_control_service(pipes_struct *p, SVCCTL_Q_CONTROL_SERVICE *q_u, SVCCTL_R_CONTROL_SERVICE *r_u)
482 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
484 /* perform access checks */
486 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
489 switch ( q_u->control ) {
490 case SVCCTL_CONTROL_STOP:
491 if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
492 return WERR_ACCESS_DENIED;
494 return info->ops->stop_service( info->name, &r_u->svc_status );
496 case SVCCTL_CONTROL_INTERROGATE:
497 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
498 return WERR_ACCESS_DENIED;
500 return info->ops->service_status( info->name, &r_u->svc_status );
503 /* default control action */
505 return WERR_ACCESS_DENIED;
508 /********************************************************************
509 ********************************************************************/
511 WERROR _svcctl_enum_dependent_services( pipes_struct *p, SVCCTL_Q_ENUM_DEPENDENT_SERVICES *q_u, SVCCTL_R_ENUM_DEPENDENT_SERVICES *r_u )
513 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
515 /* perform access checks */
517 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
520 if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
521 return WERR_ACCESS_DENIED;
523 /* we have to set the outgoing buffer size to the same as the
524 incoming buffer size (even in the case of failure */
526 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
528 r_u->needed = q_u->buffer_size;
530 /* no dependent services...basically a stub function */
536 /********************************************************************
537 ********************************************************************/
539 WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u )
541 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
544 /* perform access checks */
546 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
549 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
550 return WERR_ACCESS_DENIED;
552 /* we have to set the outgoing buffer size to the same as the
553 incoming buffer size (even in the case of failure) */
555 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
556 r_u->needed = q_u->buffer_size;
558 switch ( q_u->level ) {
559 case SVC_STATUS_PROCESS_INFO:
561 SERVICE_STATUS_PROCESS svc_stat_proc;
563 /* Get the status of the service.. */
564 info->ops->service_status( info->name, &svc_stat_proc.status );
565 svc_stat_proc.process_id = sys_getpid();
566 svc_stat_proc.service_flags = 0x0;
568 svcctl_io_service_status_process( "", &svc_stat_proc, &r_u->buffer, 0 );
569 buffer_size = sizeof(SERVICE_STATUS_PROCESS);
574 return WERR_UNKNOWN_LEVEL;
578 buffer_size += buffer_size % 4;
579 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
581 if (buffer_size > q_u->buffer_size )
582 return WERR_MORE_DATA;
587 /********************************************************************
588 ********************************************************************/
590 static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG *config, NT_USER_TOKEN *token )
595 /* retrieve the registry values for this service */
597 if ( !(values = svcctl_fetch_regvalues( name, token )) )
598 return WERR_REG_CORRUPT;
600 /* now fill in the individual values */
602 config->displayname = TALLOC_ZERO_P( ctx, UNISTR2 );
603 if ( (val = regval_ctr_getvalue( values, "DisplayName" )) != NULL )
604 init_unistr2( config->displayname, regval_sz( val ), UNI_STR_TERMINATE );
606 init_unistr2( config->displayname, name, UNI_STR_TERMINATE );
608 if ( (val = regval_ctr_getvalue( values, "ObjectName" )) != NULL ) {
609 config->startname = TALLOC_ZERO_P( ctx, UNISTR2 );
610 init_unistr2( config->startname, regval_sz( val ), UNI_STR_TERMINATE );
613 if ( (val = regval_ctr_getvalue( values, "ImagePath" )) != NULL ) {
614 config->executablepath = TALLOC_ZERO_P( ctx, UNISTR2 );
615 init_unistr2( config->executablepath, regval_sz( val ), UNI_STR_TERMINATE );
618 /* a few hard coded values */
619 /* loadordergroup and dependencies are empty */
621 config->tag_id = 0x00000000; /* unassigned loadorder group */
622 config->service_type = SVCCTL_WIN32_OWN_PROC;
623 config->error_control = SVCCTL_SVC_ERROR_NORMAL;
625 /* set the start type. NetLogon and WINS are disabled to prevent
626 the client from showing the "Start" button (if of course the services
629 if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) )
630 config->start_type = SVCCTL_DISABLED;
631 else if ( strequal( name, "WINS" ) && ( !lp_wins_support() ))
632 config->start_type = SVCCTL_DISABLED;
634 config->start_type = SVCCTL_DEMAND_START;
637 TALLOC_FREE( values );
642 /********************************************************************
643 ********************************************************************/
645 WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG *r_u )
647 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
651 /* perform access checks */
653 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
656 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
657 return WERR_ACCESS_DENIED;
659 /* we have to set the outgoing buffer size to the same as the
660 incoming buffer size (even in the case of failure */
662 r_u->needed = q_u->buffer_size;
664 wresult = fill_svc_config( p->mem_ctx, info->name, &r_u->config, p->pipe_user.nt_user_token );
665 if ( !W_ERROR_IS_OK(wresult) )
668 buffer_size = svcctl_sizeof_service_config( &r_u->config );
669 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
671 if (buffer_size > q_u->buffer_size ) {
672 ZERO_STRUCTP( &r_u->config );
673 return WERR_INSUFFICIENT_BUFFER;
679 /********************************************************************
680 ********************************************************************/
682 WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG2 *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG2 *r_u )
684 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
687 /* perform access checks */
689 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
692 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
693 return WERR_ACCESS_DENIED;
695 /* we have to set the outgoing buffer size to the same as the
696 incoming buffer size (even in the case of failure */
698 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
699 r_u->needed = q_u->buffer_size;
701 switch ( q_u->level ) {
702 case SERVICE_CONFIG_DESCRIPTION:
704 SERVICE_DESCRIPTION desc_buf;
705 const char *description;
707 description = svcctl_lookup_description( info->name, p->pipe_user.nt_user_token );
709 ZERO_STRUCTP( &desc_buf );
711 init_service_description_buffer( &desc_buf, description );
712 svcctl_io_service_description( "", &desc_buf, &r_u->buffer, 0 );
713 buffer_size = svcctl_sizeof_service_description( &desc_buf );
718 case SERVICE_CONFIG_FAILURE_ACTIONS:
720 SERVICE_FAILURE_ACTIONS actions;
722 /* nothing to say...just service the request */
724 ZERO_STRUCTP( &actions );
725 svcctl_io_service_fa( "", &actions, &r_u->buffer, 0 );
726 buffer_size = svcctl_sizeof_service_fa( &actions );
733 return WERR_UNKNOWN_LEVEL;
736 buffer_size += buffer_size % 4;
737 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
739 if (buffer_size > q_u->buffer_size )
740 return WERR_INSUFFICIENT_BUFFER;
745 /********************************************************************
746 ********************************************************************/
748 WERROR _svcctl_lock_service_db( pipes_struct *p, SVCCTL_Q_LOCK_SERVICE_DB *q_u, SVCCTL_R_LOCK_SERVICE_DB *r_u )
750 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
752 /* perform access checks */
754 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
757 if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
758 return WERR_ACCESS_DENIED;
760 /* Just open a handle. Doesn't actually lock anything */
762 return create_open_service_handle( p, &r_u->h_lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
766 /********************************************************************
767 ********************************************************************/
769 WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q_u, SVCCTL_R_UNLOCK_SERVICE_DB *r_u )
771 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->h_lock );
774 if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
777 return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID;
780 /********************************************************************
781 ********************************************************************/
783 WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, SVCCTL_R_QUERY_SERVICE_SEC *r_u )
785 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
789 /* only support the SCM and individual services */
791 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
794 /* check access reights (according to MSDN) */
796 if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
797 return WERR_ACCESS_DENIED;
799 /* TODO: handle something besides DACL_SECURITY_INFORMATION */
801 if ( (q_u->security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
802 return WERR_INVALID_PARAM;
804 /* lookup the security descriptor and marshall it up for a reply */
806 if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
809 r_u->needed = sec_desc_size( sec_desc );
811 if ( r_u->needed > q_u->buffer_size ) {
812 ZERO_STRUCTP( &r_u->buffer );
813 return WERR_INSUFFICIENT_BUFFER;
816 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
818 if ( !sec_io_desc("", &sec_desc, &r_u->buffer.prs, 0 ) )
824 /********************************************************************
825 ********************************************************************/
827 WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u, SVCCTL_R_SET_SERVICE_SEC *r_u )
829 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
830 SEC_DESC *sec_desc = NULL;
831 uint32 required_access;
833 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
836 /* can't set the security de4scriptor on the ServiceControlManager */
838 if ( info->type == SVC_HANDLE_IS_SCM )
839 return WERR_ACCESS_DENIED;
841 /* check the access on the open handle */
843 switch ( q_u->security_flags ) {
844 case DACL_SECURITY_INFORMATION:
845 required_access = STD_RIGHT_WRITE_DAC_ACCESS;
848 case OWNER_SECURITY_INFORMATION:
849 case GROUP_SECURITY_INFORMATION:
850 required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
853 case SACL_SECURITY_INFORMATION:
854 return WERR_INVALID_PARAM;
856 return WERR_INVALID_PARAM;
859 if ( !(info->access_granted & required_access) )
860 return WERR_ACCESS_DENIED;
862 /* read the security descfriptor */
864 if ( !sec_io_desc("", &sec_desc, &q_u->buffer.prs, 0 ) )
867 /* store the new SD */
869 if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) )
870 return WERR_ACCESS_DENIED;
876 WERROR _svcctl_ControlService(pipes_struct *p, struct svcctl_ControlService *r)
878 p->rng_fault_state = True;
879 return WERR_NOT_SUPPORTED;
882 WERROR _svcctl_DeleteService(pipes_struct *p, struct svcctl_DeleteService *r)
884 p->rng_fault_state = True;
885 return WERR_NOT_SUPPORTED;
888 WERROR _svcctl_LockServiceDatabase(pipes_struct *p, struct svcctl_LockServiceDatabase *r)
890 p->rng_fault_state = True;
891 return WERR_NOT_SUPPORTED;
894 WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, struct svcctl_QueryServiceObjectSecurity *r)
896 p->rng_fault_state = True;
897 return WERR_NOT_SUPPORTED;
900 WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, struct svcctl_SetServiceObjectSecurity *r)
902 p->rng_fault_state = True;
903 return WERR_NOT_SUPPORTED;
906 WERROR _svcctl_QueryServiceStatus(pipes_struct *p, struct svcctl_QueryServiceStatus *r)
908 p->rng_fault_state = True;
909 return WERR_NOT_SUPPORTED;
912 WERROR _svcctl_SetServiceStatus(pipes_struct *p, struct svcctl_SetServiceStatus *r)
914 p->rng_fault_state = True;
915 return WERR_NOT_SUPPORTED;
918 WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p, struct svcctl_UnlockServiceDatabase *r)
920 p->rng_fault_state = True;
921 return WERR_NOT_SUPPORTED;
924 WERROR _svcctl_NotifyBootConfigStatus(pipes_struct *p, struct svcctl_NotifyBootConfigStatus *r)
926 p->rng_fault_state = True;
927 return WERR_NOT_SUPPORTED;
930 WERROR _svcctl_SCSetServiceBitsW(pipes_struct *p, struct svcctl_SCSetServiceBitsW *r)
932 p->rng_fault_state = True;
933 return WERR_NOT_SUPPORTED;
936 WERROR _svcctl_ChangeServiceConfigW(pipes_struct *p, struct svcctl_ChangeServiceConfigW *r)
938 p->rng_fault_state = True;
939 return WERR_NOT_SUPPORTED;
942 WERROR _svcctl_CreateServiceW(pipes_struct *p, struct svcctl_CreateServiceW *r)
944 p->rng_fault_state = True;
945 return WERR_NOT_SUPPORTED;
948 WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, struct svcctl_EnumDependentServicesW *r)
950 p->rng_fault_state = True;
951 return WERR_NOT_SUPPORTED;
954 WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, struct svcctl_EnumServicesStatusW *r)
956 p->rng_fault_state = True;
957 return WERR_NOT_SUPPORTED;
960 WERROR _svcctl_OpenSCManagerW(pipes_struct *p, struct svcctl_OpenSCManagerW *r)
962 p->rng_fault_state = True;
963 return WERR_NOT_SUPPORTED;
966 WERROR _svcctl_OpenServiceW(pipes_struct *p, struct svcctl_OpenServiceW *r)
968 p->rng_fault_state = True;
969 return WERR_NOT_SUPPORTED;
972 WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, struct svcctl_QueryServiceConfigW *r)
974 p->rng_fault_state = True;
975 return WERR_NOT_SUPPORTED;
978 WERROR _svcctl_QueryServiceLockStatusW(pipes_struct *p, struct svcctl_QueryServiceLockStatusW *r)
980 p->rng_fault_state = True;
981 return WERR_NOT_SUPPORTED;
984 WERROR _svcctl_StartServiceW(pipes_struct *p, struct svcctl_StartServiceW *r)
986 p->rng_fault_state = True;
987 return WERR_NOT_SUPPORTED;
990 WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, struct svcctl_GetServiceDisplayNameW *r)
992 p->rng_fault_state = True;
993 return WERR_NOT_SUPPORTED;
996 WERROR _svcctl_GetServiceKeyNameW(pipes_struct *p, struct svcctl_GetServiceKeyNameW *r)
998 p->rng_fault_state = True;
999 return WERR_NOT_SUPPORTED;
1002 WERROR _svcctl_SCSetServiceBitsA(pipes_struct *p, struct svcctl_SCSetServiceBitsA *r)
1004 p->rng_fault_state = True;
1005 return WERR_NOT_SUPPORTED;
1008 WERROR _svcctl_ChangeServiceConfigA(pipes_struct *p, struct svcctl_ChangeServiceConfigA *r)
1010 p->rng_fault_state = True;
1011 return WERR_NOT_SUPPORTED;
1014 WERROR _svcctl_CreateServiceA(pipes_struct *p, struct svcctl_CreateServiceA *r)
1016 p->rng_fault_state = True;
1017 return WERR_NOT_SUPPORTED;
1020 WERROR _svcctl_EnumDependentServicesA(pipes_struct *p, struct svcctl_EnumDependentServicesA *r)
1022 p->rng_fault_state = True;
1023 return WERR_NOT_SUPPORTED;
1026 WERROR _svcctl_EnumServicesStatusA(pipes_struct *p, struct svcctl_EnumServicesStatusA *r)
1028 p->rng_fault_state = True;
1029 return WERR_NOT_SUPPORTED;
1032 WERROR _svcctl_OpenSCManagerA(pipes_struct *p, struct svcctl_OpenSCManagerA *r)
1034 p->rng_fault_state = True;
1035 return WERR_NOT_SUPPORTED;
1038 WERROR _svcctl_OpenServiceA(pipes_struct *p, struct svcctl_OpenServiceA *r)
1040 p->rng_fault_state = True;
1041 return WERR_NOT_SUPPORTED;
1044 WERROR _svcctl_QueryServiceConfigA(pipes_struct *p, struct svcctl_QueryServiceConfigA *r)
1046 p->rng_fault_state = True;
1047 return WERR_NOT_SUPPORTED;
1050 WERROR _svcctl_QueryServiceLockStatusA(pipes_struct *p, struct svcctl_QueryServiceLockStatusA *r)
1052 p->rng_fault_state = True;
1053 return WERR_NOT_SUPPORTED;
1056 WERROR _svcctl_StartServiceA(pipes_struct *p, struct svcctl_StartServiceA *r)
1058 p->rng_fault_state = True;
1059 return WERR_NOT_SUPPORTED;
1062 WERROR _svcctl_GetServiceDisplayNameA(pipes_struct *p, struct svcctl_GetServiceDisplayNameA *r)
1064 p->rng_fault_state = True;
1065 return WERR_NOT_SUPPORTED;
1068 WERROR _svcctl_GetServiceKeyNameA(pipes_struct *p, struct svcctl_GetServiceKeyNameA *r)
1070 p->rng_fault_state = True;
1071 return WERR_NOT_SUPPORTED;
1074 WERROR _svcctl_GetCurrentGroupeStateW(pipes_struct *p, struct svcctl_GetCurrentGroupeStateW *r)
1076 p->rng_fault_state = True;
1077 return WERR_NOT_SUPPORTED;
1080 WERROR _svcctl_EnumServiceGroupW(pipes_struct *p, struct svcctl_EnumServiceGroupW *r)
1082 p->rng_fault_state = True;
1083 return WERR_NOT_SUPPORTED;
1086 WERROR _svcctl_ChangeServiceConfig2A(pipes_struct *p, struct svcctl_ChangeServiceConfig2A *r)
1088 p->rng_fault_state = True;
1089 return WERR_NOT_SUPPORTED;
1092 WERROR _svcctl_ChangeServiceConfig2W(pipes_struct *p, struct svcctl_ChangeServiceConfig2W *r)
1094 p->rng_fault_state = True;
1095 return WERR_NOT_SUPPORTED;
1098 WERROR _svcctl_QueryServiceConfig2A(pipes_struct *p, struct svcctl_QueryServiceConfig2A *r)
1100 p->rng_fault_state = True;
1101 return WERR_NOT_SUPPORTED;
1104 WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p, struct svcctl_QueryServiceConfig2W *r)
1106 p->rng_fault_state = True;
1107 return WERR_NOT_SUPPORTED;
1110 WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p, struct svcctl_QueryServiceStatusEx *r)
1112 p->rng_fault_state = True;
1113 return WERR_NOT_SUPPORTED;
1116 WERROR _EnumServicesStatusExA(pipes_struct *p, struct EnumServicesStatusExA *r)
1118 p->rng_fault_state = True;
1119 return WERR_NOT_SUPPORTED;
1122 WERROR _EnumServicesStatusExW(pipes_struct *p, struct EnumServicesStatusExW *r)
1124 p->rng_fault_state = True;
1125 return WERR_NOT_SUPPORTED;
1128 WERROR _svcctl_SCSendTSMessage(pipes_struct *p, struct svcctl_SCSendTSMessage *r)
1130 p->rng_fault_state = True;
1131 return WERR_NOT_SUPPORTED;
git.samba.org / ira / wip.git / blob