2 * Unix SMB/CIFS implementation.
3 * Service Control API Implementation
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * Largely Rewritten by:
7 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 struct rcinit_file_information {
31 struct service_display_info {
32 const char *servicename;
35 const char *description;
38 struct service_display_info builtin_svcs[] = {
39 { "Spooler", "smbd", "Print Spooler", "Internal service for spooling files to print devices" },
40 { "NETLOGON", "smbd", "Net Logon", "File service providing access to policy and profile data (not remotely manageable)" },
41 { "RemoteRegistry", "smbd", "Remote Registry Service", "Internal service providing remote access to "
42 "the Samba registry" },
43 { "WINS", "nmbd", "Windows Internet Name Service (WINS)", "Internal service providing a "
44 "NetBIOS point-to-point name server (not remotely manageable)" },
45 { NULL, NULL, NULL, NULL }
48 struct service_display_info common_unix_svcs[] = {
49 { "cups", NULL, "Common Unix Printing System","Provides unified printing support for all operating systems" },
50 { "postfix", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
51 { "sendmail", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
52 { "portmap", NULL, "TCP Port to RPC PortMapper",NULL },
53 { "xinetd", NULL, "Internet Meta-Daemon", NULL },
54 { "inet", NULL, "Internet Meta-Daemon", NULL },
55 { "xntpd", NULL, "Network Time Service", NULL },
56 { "ntpd", NULL, "Network Time Service", NULL },
57 { "lpd", NULL, "BSD Print Spooler", NULL },
58 { "nfsserver", NULL, "Network File Service", NULL },
59 { "cron", NULL, "Scheduling Service", NULL },
60 { "at", NULL, "Scheduling Service", NULL },
61 { "nscd", NULL, "Name Service Cache Daemon", NULL },
62 { "slapd", NULL, "LDAP Directory Service", NULL },
63 { "ldap", NULL, "LDAP DIrectory Service", NULL },
64 { "ypbind", NULL, "NIS Directory Service", NULL },
65 { "courier-imap", NULL, "IMAP4 Mail Service", NULL },
66 { "courier-pop3", NULL, "POP3 Mail Service", NULL },
67 { "named", NULL, "Domain Name Service", NULL },
68 { "bind", NULL, "Domain Name Service", NULL },
69 { "httpd", NULL, "HTTP Server", NULL },
70 { "apache", NULL, "HTTP Server", "Provides s highly scalable and flexible web server "
71 "capable of implementing various protocols incluing "
72 "but not limited to HTTP" },
73 { "autofs", NULL, "Automounter", NULL },
74 { "squid", NULL, "Web Cache Proxy ", NULL },
75 { "perfcountd", NULL, "Performance Monitoring Daemon", NULL },
76 { "pgsql", NULL, "PgSQL Database Server", "Provides service for SQL database from Postgresql.org" },
77 { "arpwatch", NULL, "ARP Tables watcher", "Provides service for monitoring ARP tables for changes" },
78 { "dhcpd", NULL, "DHCP Server", "Provides service for dynamic host configuration and IP assignment" },
79 { "nwserv", NULL, "NetWare Server Emulator", "Provides service for emulating Novell NetWare 3.12 server" },
80 { "proftpd", NULL, "Professional FTP Server", "Provides high configurable service for FTP connection and "
81 "file transferring" },
82 { "ssh2", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
83 { "sshd", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
84 { NULL, NULL, NULL, NULL }
88 /********************************************************************
89 ********************************************************************/
91 static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
96 SEC_ACL *theacl = NULL;
99 /* basic access for Everyone */
101 init_sec_ace(&ace[i++], &global_sid_World,
102 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0);
104 init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users,
105 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0);
107 init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators,
108 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
109 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
110 SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
112 /* create the security descriptor */
114 if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
117 if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
118 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
125 /********************************************************************
126 This is where we do the dirty work of filling in things like the
127 Display name, Description, etc...
128 ********************************************************************/
130 static char *get_common_service_dispname( const char *servicename )
134 for ( i=0; common_unix_svcs[i].servicename; i++ ) {
135 if (strequal(servicename, common_unix_svcs[i].servicename)) {
137 if (asprintf(&dispname,
139 common_unix_svcs[i].dispname,
140 common_unix_svcs[i].servicename) < 0) {
147 return SMB_STRDUP(servicename );
150 /********************************************************************
151 ********************************************************************/
153 static char *cleanup_string( const char *string )
157 TALLOC_CTX *ctx = talloc_tos();
159 clean = talloc_strdup(ctx, string);
165 /* trim any beginning whilespace */
167 while (isspace(*begin)) {
171 if (*begin == '\0') {
175 /* trim any trailing whitespace or carriage returns.
176 Start at the end and move backwards */
178 end = begin + strlen(begin) - 1;
180 while ( isspace(*end) || *end=='\n' || *end=='\r' ) {
188 /********************************************************************
189 ********************************************************************/
191 static bool read_init_file( const char *servicename, struct rcinit_file_information **service_info )
193 struct rcinit_file_information *info = NULL;
194 char *filepath = NULL;
199 if ( !(info = TALLOC_ZERO_P( NULL, struct rcinit_file_information ) ) )
202 /* attempt the file open */
204 filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_MODULESDIR(),
205 SVCCTL_SCRIPT_DIR, servicename);
210 if (!(f = x_fopen( filepath, O_RDONLY, 0 ))) {
211 DEBUG(0,("read_init_file: failed to open [%s]\n", filepath));
216 while ( (x_fgets( str, sizeof(str)-1, f )) != NULL ) {
217 /* ignore everything that is not a full line
218 comment starting with a '#' */
223 /* Look for a line like '^#.*Description:' */
225 if ( (p = strstr( str, "Description:" )) != NULL ) {
228 p += strlen( "Description:" ) + 1;
232 if ( (desc = cleanup_string(p)) != NULL )
233 info->description = talloc_strdup( info, desc );
239 if ( !info->description )
240 info->description = talloc_strdup( info, "External Unix Service" );
242 *service_info = info;
243 TALLOC_FREE(filepath);
248 /********************************************************************
249 This is where we do the dirty work of filling in things like the
250 Display name, Description, etc...
251 ********************************************************************/
253 static void fill_service_values(const char *name, struct regval_ctr *values)
255 char *dname, *ipath, *description;
259 /* These values are hardcoded in all QueryServiceConfig() replies.
260 I'm just storing them here for cosmetic purposes */
262 dword = SVCCTL_AUTO_START;
263 regval_ctr_addvalue( values, "Start", REG_DWORD, (char*)&dword, sizeof(uint32));
265 dword = SERVICE_TYPE_WIN32_OWN_PROCESS;
266 regval_ctr_addvalue( values, "Type", REG_DWORD, (char*)&dword, sizeof(uint32));
268 dword = SVCCTL_SVC_ERROR_NORMAL;
269 regval_ctr_addvalue( values, "ErrorControl", REG_DWORD, (char*)&dword, sizeof(uint32));
271 /* everything runs as LocalSystem */
273 regval_ctr_addvalue_sz(values, "ObjectName", "LocalSystem");
275 /* special considerations for internal services and the DisplayName value */
277 for ( i=0; builtin_svcs[i].servicename; i++ ) {
278 if ( strequal( name, builtin_svcs[i].servicename ) ) {
279 ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s",
280 get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR,
281 builtin_svcs[i].daemon);
282 description = talloc_strdup(talloc_tos(), builtin_svcs[i].description);
283 dname = talloc_strdup(talloc_tos(), builtin_svcs[i].dispname);
288 /* default to an external service if we haven't found a match */
290 if ( builtin_svcs[i].servicename == NULL ) {
291 char *dispname = NULL;
292 struct rcinit_file_information *init_info = NULL;
294 ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s",
295 get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR,
298 /* lookup common unix display names */
299 dispname = get_common_service_dispname(name);
300 dname = talloc_strdup(talloc_tos(), dispname ? dispname : "");
303 /* get info from init file itself */
304 if ( read_init_file( name, &init_info ) ) {
305 description = talloc_strdup(talloc_tos(), init_info->description);
306 TALLOC_FREE( init_info );
309 description = talloc_strdup(talloc_tos(), "External Unix Service");
313 /* add the new values */
315 regval_ctr_addvalue_sz(values, "DisplayName", dname);
316 regval_ctr_addvalue_sz(values, "ImagePath", ipath);
317 regval_ctr_addvalue_sz(values, "Description", description);
321 TALLOC_FREE(description);
326 /********************************************************************
327 ********************************************************************/
329 static void add_new_svc_name(struct registry_key_handle *key_parent,
330 struct regsubkey_ctr *subkeys,
333 struct registry_key_handle *key_service = NULL, *key_secdesc = NULL;
336 struct regval_ctr *values = NULL;
337 struct regsubkey_ctr *svc_subkeys = NULL;
342 /* add to the list and create the subkey path */
344 regsubkey_ctr_addkey( subkeys, name );
345 store_reg_keys( key_parent, subkeys );
347 /* open the new service key */
349 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
352 wresult = regkey_open_internal( NULL, &key_service, path,
353 get_root_nt_token(), REG_KEY_ALL );
354 if ( !W_ERROR_IS_OK(wresult) ) {
355 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
356 path, win_errstr(wresult)));
362 /* add the 'Security' key */
364 wresult = regsubkey_ctr_init(key_service, &svc_subkeys);
365 if (!W_ERROR_IS_OK(wresult)) {
366 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
367 TALLOC_FREE( key_service );
371 fetch_reg_keys( key_service, svc_subkeys );
372 regsubkey_ctr_addkey( svc_subkeys, "Security" );
373 store_reg_keys( key_service, svc_subkeys );
375 /* now for the service values */
377 if ( !(values = TALLOC_ZERO_P( key_service, struct regval_ctr )) ) {
378 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
379 TALLOC_FREE( key_service );
383 fill_service_values( name, values );
384 store_reg_values( key_service, values );
386 /* cleanup the service key*/
388 TALLOC_FREE( key_service );
390 /* now add the security descriptor */
392 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
395 wresult = regkey_open_internal( NULL, &key_secdesc, path,
396 get_root_nt_token(), REG_KEY_ALL );
397 if ( !W_ERROR_IS_OK(wresult) ) {
398 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
399 path, win_errstr(wresult)));
400 TALLOC_FREE( key_secdesc );
406 if ( !(values = TALLOC_ZERO_P( key_secdesc, struct regval_ctr )) ) {
407 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
408 TALLOC_FREE( key_secdesc );
412 if ( !(sd = construct_service_sd(key_secdesc)) ) {
413 DEBUG(0,("add_new_svc_name: Failed to create default sec_desc!\n"));
414 TALLOC_FREE( key_secdesc );
418 status = marshall_sec_desc(key_secdesc, sd, &sd_blob.data,
420 if (!NT_STATUS_IS_OK(status)) {
421 DEBUG(0, ("marshall_sec_desc failed: %s\n",
423 TALLOC_FREE(key_secdesc);
427 regval_ctr_addvalue(values, "Security", REG_BINARY,
428 (const char *)sd_blob.data, sd_blob.length);
429 store_reg_values( key_secdesc, values );
431 TALLOC_FREE( key_secdesc );
436 /********************************************************************
437 ********************************************************************/
439 void svcctl_init_keys( void )
441 const char **service_list = lp_svcctl_list();
443 struct regsubkey_ctr *subkeys = NULL;
444 struct registry_key_handle *key = NULL;
447 /* bad mojo here if the lookup failed. Should not happen */
449 wresult = regkey_open_internal( NULL, &key, KEY_SERVICES,
450 get_root_nt_token(), REG_KEY_ALL );
452 if ( !W_ERROR_IS_OK(wresult) ) {
453 DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n",
454 win_errstr(wresult)));
458 /* lookup the available subkeys */
460 wresult = regsubkey_ctr_init(key, &subkeys);
461 if (!W_ERROR_IS_OK(wresult)) {
462 DEBUG(0,("svcctl_init_keys: talloc() failed!\n"));
467 fetch_reg_keys( key, subkeys );
469 /* the builtin services exist */
471 for ( i=0; builtin_svcs[i].servicename; i++ )
472 add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
474 for ( i=0; service_list && service_list[i]; i++ ) {
476 /* only add new services */
477 if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
480 /* Add the new service key and initialize the appropriate values */
482 add_new_svc_name( key, subkeys, service_list[i] );
487 /* initialize the control hooks */
489 init_service_op_table();
494 /********************************************************************
495 This is where we do the dirty work of filling in things like the
496 Display name, Description, etc...Always return a default secdesc
497 in case of any failure.
498 ********************************************************************/
500 SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
502 struct registry_key_handle *key = NULL;
503 struct regval_ctr *values = NULL;
504 struct regval_blob *val = NULL;
505 SEC_DESC *ret_sd = NULL;
510 /* now add the security descriptor */
512 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
515 wresult = regkey_open_internal( NULL, &key, path, token,
517 if ( !W_ERROR_IS_OK(wresult) ) {
518 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
519 path, win_errstr(wresult)));
523 if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) {
524 DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n"));
528 if (fetch_reg_values( key, values ) == -1) {
529 DEBUG(0, ("Error getting registry values\n"));
533 if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
534 goto fallback_to_default_sd;
537 /* stream the service security descriptor */
539 status = unmarshall_sec_desc(ctx, regval_data_p(val),
540 regval_size(val), &ret_sd);
542 if (NT_STATUS_IS_OK(status)) {
546 fallback_to_default_sd:
547 DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
548 "service [%s]\n", name));
549 ret_sd = construct_service_sd(ctx);
557 /********************************************************************
558 Wrapper to make storing a Service sd easier
559 ********************************************************************/
561 bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token )
563 struct registry_key_handle *key = NULL;
566 struct regval_ctr *values = NULL;
571 /* now add the security descriptor */
573 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
576 wresult = regkey_open_internal( NULL, &key, path, token,
578 if ( !W_ERROR_IS_OK(wresult) ) {
579 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
580 path, win_errstr(wresult)));
586 if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) {
587 DEBUG(0,("svcctl_set_secdesc: talloc() failed!\n"));
592 /* stream the printer security descriptor */
594 status = marshall_sec_desc(ctx, sec_desc, &blob.data, &blob.length);
595 if (!NT_STATUS_IS_OK(status)) {
596 DEBUG(0,("svcctl_set_secdesc: ndr_push_struct_blob() failed!\n"));
601 regval_ctr_addvalue( values, "Security", REG_BINARY, (const char *)blob.data, blob.length);
602 ret = store_reg_values( key, values );
611 /********************************************************************
612 ********************************************************************/
614 const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
616 const char *display_name = NULL;
617 struct registry_key_handle *key = NULL;
618 struct regval_ctr *values = NULL;
619 struct regval_blob *val = NULL;
624 /* now add the security descriptor */
626 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
629 wresult = regkey_open_internal( NULL, &key, path, token,
631 if ( !W_ERROR_IS_OK(wresult) ) {
632 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
633 path, win_errstr(wresult)));
639 if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) {
640 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
645 fetch_reg_values( key, values );
647 if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) )
650 blob = data_blob_const(regval_data_p(val), regval_size(val));
651 pull_reg_sz(ctx, NULL, &blob, &display_name);
658 /* default to returning the service name */
660 return talloc_strdup(ctx, name);
663 /********************************************************************
664 ********************************************************************/
666 const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
668 const char *description = NULL;
669 struct registry_key_handle *key = NULL;
670 struct regval_ctr *values = NULL;
671 struct regval_blob *val = NULL;
676 /* now add the security descriptor */
678 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
681 wresult = regkey_open_internal( NULL, &key, path, token,
683 if ( !W_ERROR_IS_OK(wresult) ) {
684 DEBUG(0,("svcctl_lookup_description: key lookup failed! [%s] (%s)\n",
685 path, win_errstr(wresult)));
691 if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) {
692 DEBUG(0,("svcctl_lookup_description: talloc() failed!\n"));
697 fetch_reg_values( key, values );
699 if ( !(val = regval_ctr_getvalue( values, "Description" )) ) {
701 return "Unix Service";
704 blob = data_blob_const(regval_data_p(val), regval_size(val));
705 pull_reg_sz(ctx, NULL, &blob, &description);
713 /********************************************************************
714 ********************************************************************/
716 struct regval_ctr *svcctl_fetch_regvalues(const char *name, NT_USER_TOKEN *token)
718 struct registry_key_handle *key = NULL;
719 struct regval_ctr *values = NULL;
723 /* now add the security descriptor */
725 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
728 wresult = regkey_open_internal( NULL, &key, path, token,
730 if ( !W_ERROR_IS_OK(wresult) ) {
731 DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n",
732 path, win_errstr(wresult)));
738 if ( !(values = TALLOC_ZERO_P( NULL, struct regval_ctr )) ) {
739 DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n"));
743 fetch_reg_values( key, values );