s3:registry: move reg_objects.h to registry/ and use it only where needed
[kai/samba.git] / source3 / rpc_server / srv_svcctl_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *
5  *  Copyright (C) Marcin Krzysztof Porwit           2005.
6  *
7  *  Largely Rewritten (Again) by:
8  *  Copyright (C) Gerald (Jerry) Carter             2005.
9  *  Copyright (C) Guenther Deschner                 2008,2009.
10  *
11  *  This program is free software; you can redistribute it and/or modify
12  *  it under the terms of the GNU General Public License as published by
13  *  the Free Software Foundation; either version 3 of the License, or
14  *  (at your option) any later version.
15  *
16  *  This program is distributed in the hope that it will be useful,
17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  *  GNU General Public License for more details.
20  *
21  *  You should have received a copy of the GNU General Public License
22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 #include "includes.h"
26 #include "../librpc/gen_ndr/srv_svcctl.h"
27 #include "services/services.h"
28 #include "registry.h"
29 #include "registry/reg_objects.h"
30
31 #undef DBGC_CLASS
32 #define DBGC_CLASS DBGC_RPC_SRV
33
34 struct service_control_op {
35         const char *name;
36         SERVICE_CONTROL_OPS *ops;
37 };
38
39 /* handle external services */
40 extern SERVICE_CONTROL_OPS rcinit_svc_ops;
41
42 /* builtin services (see service_db.c and services/svc_*.c */
43 extern SERVICE_CONTROL_OPS spoolss_svc_ops;
44 extern SERVICE_CONTROL_OPS netlogon_svc_ops;
45 extern SERVICE_CONTROL_OPS winreg_svc_ops;
46 extern SERVICE_CONTROL_OPS wins_svc_ops;
47
48 /* make sure this number patches the number of builtin
49    SERVICE_CONTROL_OPS structure listed above */
50
51 #define SVCCTL_NUM_INTERNAL_SERVICES    4
52
53 struct service_control_op *svcctl_ops;
54
55 static const struct generic_mapping scm_generic_map =
56         { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
57 static const struct generic_mapping svc_generic_map =
58         { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
59
60
61 /********************************************************************
62 ********************************************************************/
63
64 bool init_service_op_table( void )
65 {
66         const char **service_list = lp_svcctl_list();
67         int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_length( service_list );
68         int i;
69
70         if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
71                 DEBUG(0,("init_service_op_table: talloc() failed!\n"));
72                 return False;
73         }
74
75         /* services listed in smb.conf get the rc.init interface */
76
77         for ( i=0; service_list && service_list[i]; i++ ) {
78                 svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
79                 svcctl_ops[i].ops  = &rcinit_svc_ops;
80         }
81
82         /* add builtin services */
83
84         svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
85         svcctl_ops[i].ops  = &spoolss_svc_ops;
86         i++;
87
88         svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
89         svcctl_ops[i].ops  = &netlogon_svc_ops;
90         i++;
91
92         svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
93         svcctl_ops[i].ops  = &winreg_svc_ops;
94         i++;
95
96         svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
97         svcctl_ops[i].ops  = &wins_svc_ops;
98         i++;
99
100         /* NULL terminate the array */
101
102         svcctl_ops[i].name = NULL;
103         svcctl_ops[i].ops  = NULL;
104
105         return True;
106 }
107
108 /********************************************************************
109 ********************************************************************/
110
111 static struct service_control_op* find_service_by_name( const char *name )
112 {
113         int i;
114
115         for ( i=0; svcctl_ops[i].name; i++ ) {
116                 if ( strequal( name, svcctl_ops[i].name ) )
117                         return &svcctl_ops[i];
118         }
119
120         return NULL;
121 }
122 /********************************************************************
123 ********************************************************************/
124
125 static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, NT_USER_TOKEN *token,
126                                      uint32 access_desired, uint32 *access_granted )
127 {
128         if ( geteuid() == sec_initial_uid() ) {
129                 DEBUG(5,("svcctl_access_check: using root's token\n"));
130                 token = get_root_nt_token();
131         }
132
133         return se_access_check( sec_desc, token, access_desired, access_granted);
134 }
135
136 /********************************************************************
137 ********************************************************************/
138
139 static struct security_descriptor* construct_scm_sd( TALLOC_CTX *ctx )
140 {
141         struct security_ace ace[2];
142         size_t i = 0;
143         struct security_descriptor *sd;
144         struct security_acl *theacl;
145         size_t sd_size;
146
147         /* basic access for Everyone */
148
149         init_sec_ace(&ace[i++], &global_sid_World,
150                 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
151
152         /* Full Access 'BUILTIN\Administrators' */
153
154         init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
155                 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
156
157
158         /* create the security descriptor */
159
160         if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
161                 return NULL;
162
163         if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
164                                   SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
165                                   theacl, &sd_size)) )
166                 return NULL;
167
168         return sd;
169 }
170
171 /******************************************************************
172  Find a registry key handle and return a SERVICE_INFO
173  *****************************************************************/
174
175 static SERVICE_INFO *find_service_info_by_hnd(pipes_struct *p, struct policy_handle *hnd)
176 {
177         SERVICE_INFO *service_info = NULL;
178
179         if( !find_policy_by_hnd( p, hnd, (void **)(void *)&service_info) ) {
180                 DEBUG(2,("find_service_info_by_hnd: handle not found\n"));
181                 return NULL;
182         }
183
184         return service_info;
185 }
186
187 /******************************************************************
188  *****************************************************************/
189
190 static WERROR create_open_service_handle( pipes_struct *p, struct policy_handle *handle, uint32 type,
191                                           const char *service, uint32 access_granted )
192 {
193         SERVICE_INFO *info = NULL;
194         WERROR result = WERR_OK;
195         struct service_control_op *s_op;
196
197         if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
198                 return WERR_NOMEM;
199
200         /* the Service Manager has a NULL name */
201
202         info->type = SVC_HANDLE_IS_SCM;
203
204         switch ( type ) {
205         case SVC_HANDLE_IS_SCM:
206                 info->type = SVC_HANDLE_IS_SCM;
207                 break;
208
209         case SVC_HANDLE_IS_DBLOCK:
210                 info->type = SVC_HANDLE_IS_DBLOCK;
211                 break;
212
213         case SVC_HANDLE_IS_SERVICE:
214                 info->type = SVC_HANDLE_IS_SERVICE;
215
216                 /* lookup the SERVICE_CONTROL_OPS */
217
218                 if ( !(s_op = find_service_by_name( service )) ) {
219                         result = WERR_NO_SUCH_SERVICE;
220                         goto done;
221                 }
222
223                 info->ops = s_op->ops;
224
225                 if ( !(info->name  = talloc_strdup( info, s_op->name )) ) {
226                         result = WERR_NOMEM;
227                         goto done;
228                 }
229                 break;
230
231         default:
232                 result = WERR_NO_SUCH_SERVICE;
233                 goto done;
234         }
235
236         info->access_granted = access_granted;
237
238         /* store the SERVICE_INFO and create an open handle */
239
240         if ( !create_policy_hnd( p, handle, info ) ) {
241                 result = WERR_ACCESS_DENIED;
242                 goto done;
243         }
244
245 done:
246         if ( !W_ERROR_IS_OK(result) )
247                 TALLOC_FREE(info);
248
249         return result;
250 }
251
252 /********************************************************************
253  _svcctl_OpenSCManagerW
254 ********************************************************************/
255
256 WERROR _svcctl_OpenSCManagerW(pipes_struct *p,
257                               struct svcctl_OpenSCManagerW *r)
258 {
259         struct security_descriptor *sec_desc;
260         uint32 access_granted = 0;
261         NTSTATUS status;
262
263         /* perform access checks */
264
265         if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
266                 return WERR_NOMEM;
267
268         se_map_generic( &r->in.access_mask, &scm_generic_map );
269         status = svcctl_access_check( sec_desc, p->server_info->ptok,
270                                       r->in.access_mask, &access_granted );
271         if ( !NT_STATUS_IS_OK(status) )
272                 return ntstatus_to_werror( status );
273
274         return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
275 }
276
277 /********************************************************************
278  _svcctl_OpenServiceW
279 ********************************************************************/
280
281 WERROR _svcctl_OpenServiceW(pipes_struct *p,
282                             struct svcctl_OpenServiceW *r)
283 {
284         struct security_descriptor *sec_desc;
285         uint32 access_granted = 0;
286         NTSTATUS status;
287         const char *service = NULL;
288
289         service = r->in.ServiceName;
290         if (!service) {
291                 return WERR_NOMEM;
292         }
293         DEBUG(5, ("_svcctl_OpenServiceW: Attempting to open Service [%s], \n", service));
294
295         /* based on my tests you can open a service if you have a valid scm handle */
296
297         if ( !find_service_info_by_hnd( p, r->in.scmanager_handle) )
298                 return WERR_BADFID;
299
300         /* perform access checks.  Use the root token in order to ensure that we
301            retrieve the security descriptor */
302
303         if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
304                 return WERR_NOMEM;
305
306         se_map_generic( &r->in.access_mask, &svc_generic_map );
307         status = svcctl_access_check( sec_desc, p->server_info->ptok,
308                                       r->in.access_mask, &access_granted );
309         if ( !NT_STATUS_IS_OK(status) )
310                 return ntstatus_to_werror( status );
311
312         return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
313 }
314
315 /********************************************************************
316  _svcctl_CloseServiceHandle
317 ********************************************************************/
318
319 WERROR _svcctl_CloseServiceHandle(pipes_struct *p,
320                                   struct svcctl_CloseServiceHandle *r)
321 {
322         if ( !close_policy_hnd( p, r->in.handle ) )
323                 return  WERR_BADFID;
324
325         ZERO_STRUCTP(r->out.handle);
326
327         return WERR_OK;
328 }
329
330 /********************************************************************
331  _svcctl_GetServiceDisplayNameW
332 ********************************************************************/
333
334 WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p,
335                                       struct svcctl_GetServiceDisplayNameW *r)
336 {
337         const char *service;
338         const char *display_name;
339         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
340
341         /* can only use an SCM handle here */
342
343         if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
344                 return WERR_BADFID;
345
346         service = r->in.service_name;
347
348         display_name = svcctl_lookup_dispname(p->mem_ctx, service,
349                                               p->server_info->ptok);
350         if (!display_name) {
351                 display_name = "";
352         }
353
354         *r->out.display_name = display_name;
355         *r->out.display_name_length = strlen(display_name);
356
357         return WERR_OK;
358 }
359
360 /********************************************************************
361  _svcctl_QueryServiceStatus
362 ********************************************************************/
363
364 WERROR _svcctl_QueryServiceStatus(pipes_struct *p,
365                                   struct svcctl_QueryServiceStatus *r)
366 {
367         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
368
369         /* perform access checks */
370
371         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
372                 return WERR_BADFID;
373
374         if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
375                 return WERR_ACCESS_DENIED;
376
377         /* try the service specific status call */
378
379         return info->ops->service_status( info->name, r->out.service_status );
380 }
381
382 /********************************************************************
383 ********************************************************************/
384
385 static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, NT_USER_TOKEN *token )
386 {
387         int num_services = 0;
388         int i;
389         struct ENUM_SERVICE_STATUSW *st;
390         const char *display_name;
391
392         /* just count */
393         while ( svcctl_ops[num_services].name )
394                 num_services++;
395
396         if ( !(st = TALLOC_ARRAY( ctx, struct ENUM_SERVICE_STATUSW, num_services )) ) {
397                 DEBUG(0,("enumerate_status: talloc() failed!\n"));
398                 return -1;
399         }
400
401         for ( i=0; i<num_services; i++ ) {
402                 st[i].service_name = talloc_strdup(st, svcctl_ops[i].name );
403
404                 display_name = svcctl_lookup_dispname(ctx, svcctl_ops[i].name, token );
405                 st[i].display_name = talloc_strdup(st, display_name ? display_name : "");
406
407                 svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
408         }
409
410         *status = st;
411
412         return num_services;
413 }
414
415 /********************************************************************
416  _svcctl_EnumServicesStatusW
417 ********************************************************************/
418
419 WERROR _svcctl_EnumServicesStatusW(pipes_struct *p,
420                                    struct svcctl_EnumServicesStatusW *r)
421 {
422         struct ENUM_SERVICE_STATUSW *services = NULL;
423         int num_services;
424         int i = 0;
425         size_t buffer_size = 0;
426         WERROR result = WERR_OK;
427         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
428         NT_USER_TOKEN *token = p->server_info->ptok;
429         DATA_BLOB blob = data_blob_null;
430
431         /* perform access checks */
432
433         if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
434                 return WERR_BADFID;
435
436         if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
437                 return WERR_ACCESS_DENIED;
438         }
439
440         num_services = enumerate_status( p->mem_ctx, &services, token );
441         if (num_services == -1 ) {
442                 return WERR_NOMEM;
443         }
444
445         for ( i=0; i<num_services; i++ ) {
446                 buffer_size += ndr_size_ENUM_SERVICE_STATUSW(&services[i], 0);
447         }
448
449         buffer_size += buffer_size % 4;
450
451         if (buffer_size > r->in.offered) {
452                 num_services = 0;
453                 result = WERR_MORE_DATA;
454         }
455
456         if ( W_ERROR_IS_OK(result) ) {
457
458                 enum ndr_err_code ndr_err;
459                 struct ndr_push *ndr;
460
461                 ndr = ndr_push_init_ctx(p->mem_ctx);
462                 if (ndr == NULL) {
463                         return WERR_INVALID_PARAM;
464                 }
465
466                 ndr_err = ndr_push_ENUM_SERVICE_STATUSW_array(
467                         ndr, num_services, services);
468                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
469                         return ntstatus_to_werror(ndr_map_error2ntstatus(ndr_err));
470                 }
471                 blob = ndr_push_blob(ndr);
472                 memcpy(r->out.service, blob.data, MIN(blob.length, r->in.offered));
473         }
474
475         *r->out.needed                  = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
476         *r->out.services_returned       = (uint32)num_services;
477         if (r->out.resume_handle) {
478                 *r->out.resume_handle   = 0;
479         }
480
481         return result;
482 }
483
484 /********************************************************************
485  _svcctl_StartServiceW
486 ********************************************************************/
487
488 WERROR _svcctl_StartServiceW(pipes_struct *p,
489                              struct svcctl_StartServiceW *r)
490 {
491         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
492
493         /* perform access checks */
494
495         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
496                 return WERR_BADFID;
497
498         if ( !(info->access_granted & SC_RIGHT_SVC_START) )
499                 return WERR_ACCESS_DENIED;
500
501         return info->ops->start_service( info->name );
502 }
503
504 /********************************************************************
505  _svcctl_ControlService
506 ********************************************************************/
507
508 WERROR _svcctl_ControlService(pipes_struct *p,
509                               struct svcctl_ControlService *r)
510 {
511         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
512
513         /* perform access checks */
514
515         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
516                 return WERR_BADFID;
517
518         switch ( r->in.control ) {
519         case SVCCTL_CONTROL_STOP:
520                 if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
521                         return WERR_ACCESS_DENIED;
522
523                 return info->ops->stop_service( info->name,
524                                                 r->out.service_status );
525
526         case SVCCTL_CONTROL_INTERROGATE:
527                 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
528                         return WERR_ACCESS_DENIED;
529
530                 return info->ops->service_status( info->name,
531                                                   r->out.service_status );
532         default:
533                 return WERR_INVALID_PARAM;
534         }
535 }
536
537 /********************************************************************
538  _svcctl_EnumDependentServicesW
539 ********************************************************************/
540
541 WERROR _svcctl_EnumDependentServicesW(pipes_struct *p,
542                                       struct svcctl_EnumDependentServicesW *r)
543 {
544         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.service );
545
546         /* perform access checks */
547
548         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
549                 return WERR_BADFID;
550
551         if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
552                 return WERR_ACCESS_DENIED;
553
554         switch (r->in.state) {
555         case SERVICE_STATE_ACTIVE:
556         case SERVICE_STATE_INACTIVE:
557         case SERVICE_STATE_ALL:
558                 break;
559         default:
560                 return WERR_INVALID_PARAM;
561         }
562
563         /* we have to set the outgoing buffer size to the same as the
564            incoming buffer size (even in the case of failure */
565         /* this is done in the autogenerated server already - gd */
566
567         *r->out.needed = r->in.offered;
568
569         /* no dependent services...basically a stub function */
570         *r->out.services_returned = 0;
571
572         return WERR_OK;
573 }
574
575 /********************************************************************
576  _svcctl_QueryServiceStatusEx
577 ********************************************************************/
578
579 WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p,
580                                     struct svcctl_QueryServiceStatusEx *r)
581 {
582         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
583         uint32 buffer_size;
584
585         /* perform access checks */
586
587         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
588                 return WERR_BADFID;
589
590         if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
591                 return WERR_ACCESS_DENIED;
592
593         /* we have to set the outgoing buffer size to the same as the
594            incoming buffer size (even in the case of failure) */
595         *r->out.needed = r->in.offered;
596
597         switch ( r->in.info_level ) {
598                 case SVC_STATUS_PROCESS_INFO:
599                 {
600                         struct SERVICE_STATUS_PROCESS svc_stat_proc;
601                         enum ndr_err_code ndr_err;
602                         DATA_BLOB blob;
603
604                         /* Get the status of the service.. */
605                         info->ops->service_status( info->name, &svc_stat_proc.status );
606                         svc_stat_proc.process_id     = sys_getpid();
607                         svc_stat_proc.service_flags  = 0x0;
608
609                         ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &svc_stat_proc,
610                                                        (ndr_push_flags_fn_t)ndr_push_SERVICE_STATUS_PROCESS);
611                         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
612                                 return WERR_INVALID_PARAM;
613                         }
614
615                         r->out.buffer = blob.data;
616                         buffer_size = sizeof(struct SERVICE_STATUS_PROCESS);
617                         break;
618                 }
619
620                 default:
621                         return WERR_UNKNOWN_LEVEL;
622         }
623
624
625         buffer_size += buffer_size % 4;
626         *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
627
628         if (buffer_size > r->in.offered ) {
629                 return WERR_INSUFFICIENT_BUFFER;
630         }
631
632         return WERR_OK;
633 }
634
635 /********************************************************************
636 ********************************************************************/
637
638 static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name,
639                                struct QUERY_SERVICE_CONFIG *config,
640                                NT_USER_TOKEN *token )
641 {
642         struct regval_ctr *values;
643         struct regval_blob *val;
644
645         /* retrieve the registry values for this service */
646
647         if ( !(values = svcctl_fetch_regvalues( name, token )) )
648                 return WERR_REG_CORRUPT;
649
650         /* now fill in the individual values */
651
652         if ( (val = regval_ctr_getvalue( values, "DisplayName" )) != NULL )
653                 config->displayname = regval_sz(val);
654         else
655                 config->displayname = name;
656
657         if ( (val = regval_ctr_getvalue( values, "ObjectName" )) != NULL ) {
658                 config->startname = regval_sz(val);
659         }
660
661         if ( (val = regval_ctr_getvalue( values, "ImagePath" )) != NULL ) {
662                 config->executablepath = regval_sz(val);
663         }
664
665         /* a few hard coded values */
666         /* loadordergroup and dependencies are empty */
667
668         config->tag_id           = 0x00000000;                  /* unassigned loadorder group */
669         config->service_type     = SERVICE_TYPE_WIN32_OWN_PROCESS;
670         config->error_control    = SVCCTL_SVC_ERROR_NORMAL;
671
672         /* set the start type.  NetLogon and WINS are disabled to prevent
673            the client from showing the "Start" button (if of course the services
674            are not running */
675
676         if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) )
677                 config->start_type = SVCCTL_DISABLED;
678         else if ( strequal( name, "WINS" ) && ( !lp_wins_support() ))
679                 config->start_type = SVCCTL_DISABLED;
680         else
681                 config->start_type = SVCCTL_DEMAND_START;
682
683
684         TALLOC_FREE( values );
685
686         return WERR_OK;
687 }
688
689 /********************************************************************
690  _svcctl_QueryServiceConfigW
691 ********************************************************************/
692
693 WERROR _svcctl_QueryServiceConfigW(pipes_struct *p,
694                                    struct svcctl_QueryServiceConfigW *r)
695 {
696         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
697         uint32 buffer_size;
698         WERROR wresult;
699
700         /* perform access checks */
701
702         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
703                 return WERR_BADFID;
704
705         if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
706                 return WERR_ACCESS_DENIED;
707
708         /* we have to set the outgoing buffer size to the same as the
709            incoming buffer size (even in the case of failure */
710
711         *r->out.needed = r->in.offered;
712
713         wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query,
714                                    p->server_info->ptok);
715         if ( !W_ERROR_IS_OK(wresult) )
716                 return wresult;
717
718         buffer_size = ndr_size_QUERY_SERVICE_CONFIG(r->out.query, 0);
719         *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
720
721         if (buffer_size > r->in.offered ) {
722                 ZERO_STRUCTP(r->out.query);
723                 return WERR_INSUFFICIENT_BUFFER;
724         }
725
726         return WERR_OK;
727 }
728
729 /********************************************************************
730  _svcctl_QueryServiceConfig2W
731 ********************************************************************/
732
733 WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p,
734                                     struct svcctl_QueryServiceConfig2W *r)
735 {
736         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
737         uint32 buffer_size;
738
739         /* perform access checks */
740
741         if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
742                 return WERR_BADFID;
743
744         if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
745                 return WERR_ACCESS_DENIED;
746
747         /* we have to set the outgoing buffer size to the same as the
748            incoming buffer size (even in the case of failure */
749         *r->out.needed = r->in.offered;
750
751         switch ( r->in.info_level ) {
752         case SERVICE_CONFIG_DESCRIPTION:
753                 {
754                         struct SERVICE_DESCRIPTION desc_buf;
755                         const char *description;
756                         enum ndr_err_code ndr_err;
757                         DATA_BLOB blob;
758
759                         description = svcctl_lookup_description(
760                                 p->mem_ctx, info->name, p->server_info->ptok);
761
762                         desc_buf.description = description;
763
764                         ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &desc_buf,
765                                                        (ndr_push_flags_fn_t)ndr_push_SERVICE_DESCRIPTION);
766                         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
767                                 return WERR_INVALID_PARAM;
768                         }
769
770                         buffer_size = ndr_size_SERVICE_DESCRIPTION(&desc_buf, 0);
771                         r->out.buffer = blob.data;
772
773                         break;
774                 }
775                 break;
776         case SERVICE_CONFIG_FAILURE_ACTIONS:
777                 {
778                         struct SERVICE_FAILURE_ACTIONS actions;
779                         enum ndr_err_code ndr_err;
780                         DATA_BLOB blob;
781
782                         /* nothing to say...just service the request */
783
784                         ZERO_STRUCT( actions );
785
786                         ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &actions,
787                                                        (ndr_push_flags_fn_t)ndr_push_SERVICE_FAILURE_ACTIONS);
788                         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
789                                 return WERR_INVALID_PARAM;
790                         }
791
792                         buffer_size = ndr_size_SERVICE_FAILURE_ACTIONS(&actions, 0);
793                         r->out.buffer = blob.data;
794
795                         break;
796                 }
797                 break;
798
799         default:
800                 return WERR_UNKNOWN_LEVEL;
801         }
802
803         buffer_size += buffer_size % 4;
804         *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
805
806         if (buffer_size > r->in.offered)
807                 return WERR_INSUFFICIENT_BUFFER;
808
809         return WERR_OK;
810 }
811
812 /********************************************************************
813  _svcctl_LockServiceDatabase
814 ********************************************************************/
815
816 WERROR _svcctl_LockServiceDatabase(pipes_struct *p,
817                                    struct svcctl_LockServiceDatabase *r)
818 {
819         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
820
821         /* perform access checks */
822
823         if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
824                 return WERR_BADFID;
825
826         if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
827                 return WERR_ACCESS_DENIED;
828
829         /* Just open a handle.  Doesn't actually lock anything */
830
831         return create_open_service_handle( p, r->out.lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
832 }
833
834 /********************************************************************
835  _svcctl_UnlockServiceDatabase
836 ********************************************************************/
837
838 WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p,
839                                      struct svcctl_UnlockServiceDatabase *r)
840 {
841         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.lock );
842
843
844         if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
845                 return WERR_BADFID;
846
847         return close_policy_hnd( p, r->out.lock) ? WERR_OK : WERR_BADFID;
848 }
849
850 /********************************************************************
851  _svcctl_QueryServiceObjectSecurity
852 ********************************************************************/
853
854 WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
855                                           struct svcctl_QueryServiceObjectSecurity *r)
856 {
857         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
858         struct security_descriptor *sec_desc;
859         NTSTATUS status;
860         uint8_t *buffer = NULL;
861         size_t len = 0;
862
863
864         /* only support the SCM and individual services */
865
866         if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
867                 return WERR_BADFID;
868
869         /* check access reights (according to MSDN) */
870
871         if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
872                 return WERR_ACCESS_DENIED;
873
874         /* TODO: handle something besides DACL_SECURITY_INFORMATION */
875
876         if ( (r->in.security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
877                 return WERR_INVALID_PARAM;
878
879         /* lookup the security descriptor and marshall it up for a reply */
880
881         if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
882                 return WERR_NOMEM;
883
884         *r->out.needed = ndr_size_security_descriptor(sec_desc, 0);
885
886         if ( *r->out.needed > r->in.offered) {
887                 return WERR_INSUFFICIENT_BUFFER;
888         }
889
890         status = marshall_sec_desc(p->mem_ctx, sec_desc, &buffer, &len);
891         if (!NT_STATUS_IS_OK(status)) {
892                 return ntstatus_to_werror(status);
893         }
894
895         *r->out.needed = len;
896         r->out.buffer = buffer;
897
898         return WERR_OK;
899 }
900
901 /********************************************************************
902  _svcctl_SetServiceObjectSecurity
903 ********************************************************************/
904
905 WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
906                                         struct svcctl_SetServiceObjectSecurity *r)
907 {
908         SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
909         struct security_descriptor *sec_desc = NULL;
910         uint32 required_access;
911         NTSTATUS status;
912
913         if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM))  )
914                 return WERR_BADFID;
915
916         /* can't set the security de4scriptor on the ServiceControlManager */
917
918         if ( info->type == SVC_HANDLE_IS_SCM )
919                 return WERR_ACCESS_DENIED;
920
921         /* check the access on the open handle */
922
923         switch ( r->in.security_flags ) {
924                 case DACL_SECURITY_INFORMATION:
925                         required_access = STD_RIGHT_WRITE_DAC_ACCESS;
926                         break;
927
928                 case OWNER_SECURITY_INFORMATION:
929                 case GROUP_SECURITY_INFORMATION:
930                         required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
931                         break;
932
933                 case SACL_SECURITY_INFORMATION:
934                         return WERR_INVALID_PARAM;
935                 default:
936                         return WERR_INVALID_PARAM;
937         }
938
939         if ( !(info->access_granted & required_access) )
940                 return WERR_ACCESS_DENIED;
941
942         /* read the security descfriptor */
943
944         status = unmarshall_sec_desc(p->mem_ctx,
945                                      r->in.buffer,
946                                      r->in.offered,
947                                      &sec_desc);
948         if (!NT_STATUS_IS_OK(status)) {
949                 return ntstatus_to_werror(status);
950         }
951
952         /* store the new SD */
953
954         if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc,
955                                   p->server_info->ptok) )
956                 return WERR_ACCESS_DENIED;
957
958         return WERR_OK;
959 }
960
961
962 WERROR _svcctl_DeleteService(pipes_struct *p, struct svcctl_DeleteService *r)
963 {
964         p->rng_fault_state = True;
965         return WERR_NOT_SUPPORTED;
966 }
967
968 WERROR _svcctl_SetServiceStatus(pipes_struct *p, struct svcctl_SetServiceStatus *r)
969 {
970         p->rng_fault_state = True;
971         return WERR_NOT_SUPPORTED;
972 }
973
974 WERROR _svcctl_NotifyBootConfigStatus(pipes_struct *p, struct svcctl_NotifyBootConfigStatus *r)
975 {
976         p->rng_fault_state = True;
977         return WERR_NOT_SUPPORTED;
978 }
979
980 WERROR _svcctl_SCSetServiceBitsW(pipes_struct *p, struct svcctl_SCSetServiceBitsW *r)
981 {
982         p->rng_fault_state = True;
983         return WERR_NOT_SUPPORTED;
984 }
985
986 WERROR _svcctl_ChangeServiceConfigW(pipes_struct *p, struct svcctl_ChangeServiceConfigW *r)
987 {
988         p->rng_fault_state = True;
989         return WERR_NOT_SUPPORTED;
990 }
991
992 WERROR _svcctl_CreateServiceW(pipes_struct *p, struct svcctl_CreateServiceW *r)
993 {
994         p->rng_fault_state = True;
995         return WERR_NOT_SUPPORTED;
996 }
997
998 WERROR _svcctl_QueryServiceLockStatusW(pipes_struct *p, struct svcctl_QueryServiceLockStatusW *r)
999 {
1000         p->rng_fault_state = True;
1001         return WERR_NOT_SUPPORTED;
1002 }
1003
1004 WERROR _svcctl_GetServiceKeyNameW(pipes_struct *p, struct svcctl_GetServiceKeyNameW *r)
1005 {
1006         p->rng_fault_state = True;
1007         return WERR_NOT_SUPPORTED;
1008 }
1009
1010 WERROR _svcctl_SCSetServiceBitsA(pipes_struct *p, struct svcctl_SCSetServiceBitsA *r)
1011 {
1012         p->rng_fault_state = True;
1013         return WERR_NOT_SUPPORTED;
1014 }
1015
1016 WERROR _svcctl_ChangeServiceConfigA(pipes_struct *p, struct svcctl_ChangeServiceConfigA *r)
1017 {
1018         p->rng_fault_state = True;
1019         return WERR_NOT_SUPPORTED;
1020 }
1021
1022 WERROR _svcctl_CreateServiceA(pipes_struct *p, struct svcctl_CreateServiceA *r)
1023 {
1024         p->rng_fault_state = True;
1025         return WERR_NOT_SUPPORTED;
1026 }
1027
1028 WERROR _svcctl_EnumDependentServicesA(pipes_struct *p, struct svcctl_EnumDependentServicesA *r)
1029 {
1030         p->rng_fault_state = True;
1031         return WERR_NOT_SUPPORTED;
1032 }
1033
1034 WERROR _svcctl_EnumServicesStatusA(pipes_struct *p, struct svcctl_EnumServicesStatusA *r)
1035 {
1036         p->rng_fault_state = True;
1037         return WERR_NOT_SUPPORTED;
1038 }
1039
1040 WERROR _svcctl_OpenSCManagerA(pipes_struct *p, struct svcctl_OpenSCManagerA *r)
1041 {
1042         p->rng_fault_state = True;
1043         return WERR_NOT_SUPPORTED;
1044 }
1045
1046 WERROR _svcctl_OpenServiceA(pipes_struct *p, struct svcctl_OpenServiceA *r)
1047 {
1048         p->rng_fault_state = True;
1049         return WERR_NOT_SUPPORTED;
1050 }
1051
1052 WERROR _svcctl_QueryServiceConfigA(pipes_struct *p, struct svcctl_QueryServiceConfigA *r)
1053 {
1054         p->rng_fault_state = True;
1055         return WERR_NOT_SUPPORTED;
1056 }
1057
1058 WERROR _svcctl_QueryServiceLockStatusA(pipes_struct *p, struct svcctl_QueryServiceLockStatusA *r)
1059 {
1060         p->rng_fault_state = True;
1061         return WERR_NOT_SUPPORTED;
1062 }
1063
1064 WERROR _svcctl_StartServiceA(pipes_struct *p, struct svcctl_StartServiceA *r)
1065 {
1066         p->rng_fault_state = True;
1067         return WERR_NOT_SUPPORTED;
1068 }
1069
1070 WERROR _svcctl_GetServiceDisplayNameA(pipes_struct *p, struct svcctl_GetServiceDisplayNameA *r)
1071 {
1072         p->rng_fault_state = True;
1073         return WERR_NOT_SUPPORTED;
1074 }
1075
1076 WERROR _svcctl_GetServiceKeyNameA(pipes_struct *p, struct svcctl_GetServiceKeyNameA *r)
1077 {
1078         p->rng_fault_state = True;
1079         return WERR_NOT_SUPPORTED;
1080 }
1081
1082 WERROR _svcctl_GetCurrentGroupeStateW(pipes_struct *p, struct svcctl_GetCurrentGroupeStateW *r)
1083 {
1084         p->rng_fault_state = True;
1085         return WERR_NOT_SUPPORTED;
1086 }
1087
1088 WERROR _svcctl_EnumServiceGroupW(pipes_struct *p, struct svcctl_EnumServiceGroupW *r)
1089 {
1090         p->rng_fault_state = True;
1091         return WERR_NOT_SUPPORTED;
1092 }
1093
1094 WERROR _svcctl_ChangeServiceConfig2A(pipes_struct *p, struct svcctl_ChangeServiceConfig2A *r)
1095 {
1096         p->rng_fault_state = True;
1097         return WERR_NOT_SUPPORTED;
1098 }
1099
1100 WERROR _svcctl_ChangeServiceConfig2W(pipes_struct *p, struct svcctl_ChangeServiceConfig2W *r)
1101 {
1102         p->rng_fault_state = True;
1103         return WERR_NOT_SUPPORTED;
1104 }
1105
1106 WERROR _svcctl_QueryServiceConfig2A(pipes_struct *p, struct svcctl_QueryServiceConfig2A *r)
1107 {
1108         p->rng_fault_state = True;
1109         return WERR_NOT_SUPPORTED;
1110 }
1111
1112 WERROR _EnumServicesStatusExA(pipes_struct *p, struct EnumServicesStatusExA *r)
1113 {
1114         p->rng_fault_state = True;
1115         return WERR_NOT_SUPPORTED;
1116 }
1117
1118 WERROR _EnumServicesStatusExW(pipes_struct *p, struct EnumServicesStatusExW *r)
1119 {
1120         p->rng_fault_state = True;
1121         return WERR_NOT_SUPPORTED;
1122 }
1123
1124 WERROR _svcctl_SCSendTSMessage(pipes_struct *p, struct svcctl_SCSendTSMessage *r)
1125 {
1126         p->rng_fault_state = True;
1127         return WERR_NOT_SUPPORTED;
1128 }
1129