uint32_t access_granted = 0;
NTSTATUS status;
const char *service = NULL;
+ WERROR err;
service = r->in.ServiceName;
if (!service) {
* Perform access checks. Use the system session_info in order to ensure
* that we retrieve the security descriptor
*/
- sec_desc = svcctl_get_secdesc(p->mem_ctx,
- p->msg_ctx,
- get_session_info_system(),
- service);
- if (sec_desc == NULL) {
- DEBUG(0, ("_svcctl_OpenServiceW: Failed to get a valid security "
- "descriptor"));
- return WERR_NOT_ENOUGH_MEMORY;
+ err = svcctl_get_secdesc(p->msg_ctx,
+ get_session_info_system(),
+ service,
+ p->mem_ctx,
+ &sec_desc);
+ if (W_ERROR_EQUAL(err, WERR_FILE_NOT_FOUND)) {
+ DBG_NOTICE("service %s does not exist\n", service);
+ return WERR_SERVICE_DOES_NOT_EXIST;
+ }
+ if (!W_ERROR_IS_OK(err)) {
+ DBG_NOTICE("Failed to get a valid secdesc for %s: %s\n",
+ service, win_errstr(err));
+ return err;
}
se_map_generic( &r->in.access_mask, &svc_generic_map );
NTSTATUS status;
uint8_t *buffer = NULL;
size_t len = 0;
+ WERROR err;
/* only support the SCM and individual services */
return WERR_INVALID_PARAMETER;
/* Lookup the security descriptor and marshall it up for a reply */
- sec_desc = svcctl_get_secdesc(p->mem_ctx,
- p->msg_ctx,
- get_session_info_system(),
- info->name);
- if (sec_desc == NULL) {
- return WERR_NOT_ENOUGH_MEMORY;
+ err = svcctl_get_secdesc(p->msg_ctx,
+ get_session_info_system(),
+ info->name,
+ p->mem_ctx,
+ &sec_desc);
+ if (W_ERROR_EQUAL(err, WERR_FILE_NOT_FOUND)) {
+ DBG_NOTICE("service %s does not exist\n", info->name);
+ return WERR_SERVICE_DOES_NOT_EXIST;
+ }
+ if (!W_ERROR_IS_OK(err)) {
+ DBG_NOTICE("Failed to get a valid secdesc for %s: %s\n",
+ info->name, win_errstr(err));
+ return err;
}
*r->out.needed = ndr_size_security_descriptor(sec_desc, 0);
return sd;
}
-struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
- struct messaging_context *msg_ctx,
- const struct auth_session_info *session_info,
- const char *name)
+WERROR svcctl_get_secdesc(struct messaging_context *msg_ctx,
+ const struct auth_session_info *session_info,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **psd)
{
struct dcerpc_binding_handle *h = NULL;
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
"%s\\%s\\Security",
TOP_LEVEL_SERVICES_KEY, name);
if (key == NULL) {
- return NULL;
+ return WERR_NOT_ENOUGH_MEMORY;
}
status = dcerpc_winreg_int_hklm_openkey(mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("svcctl_set_secdesc: Could not open %s - %s\n",
key, nt_errstr(status)));
- return NULL;
+ return WERR_INTERNAL_ERROR;
}
if (!W_ERROR_IS_OK(result)) {
DEBUG(2, ("svcctl_set_secdesc: Could not open %s - %s\n",
key, win_errstr(result)));
- return NULL;
+ return result;
}
status = dcerpc_winreg_query_sd(mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("svcctl_get_secdesc: error getting value 'Security': "
"%s\n", nt_errstr(status)));
- return NULL;
+ return WERR_INTERNAL_ERROR;
}
if (W_ERROR_EQUAL(result, WERR_FILE_NOT_FOUND)) {
goto fallback_to_default_sd;
} else if (!W_ERROR_IS_OK(result)) {
DEBUG(2, ("svcctl_get_secdesc: error getting value 'Security': "
"%s\n", win_errstr(result)));
- return NULL;
+ return result;
}
goto done;
DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
"service [%s]\n", name));
sd = svcctl_gen_service_sd(mem_ctx);
+ if (sd == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
done:
- return sd;
+ *psd = sd;
+ return WERR_OK;
}
bool svcctl_set_secdesc(struct messaging_context *msg_ctx,
struct security_descriptor* svcctl_gen_service_sd(TALLOC_CTX *mem_ctx);
-struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
- struct messaging_context *msg_ctx,
- const struct auth_session_info *session_info,
- const char *name);
+WERROR svcctl_get_secdesc(struct messaging_context *msg_ctx,
+ const struct auth_session_info *session_info,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **result);
bool svcctl_set_secdesc(struct messaging_context *msg_ctx,
const struct auth_session_info *session_info,