2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
7 * Largely Rewritten (Again) by:
8 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * Copyright (C) Guenther Deschner 2008,2009.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "system/passwd.h" /* uid_wrapper */
28 #include "../librpc/gen_ndr/srv_svcctl.h"
29 #include "../libcli/security/security.h"
30 #include "../librpc/gen_ndr/ndr_security.h"
31 #include "services/services.h"
32 #include "services/svc_winreg_glue.h"
34 #include "rpc_server/svcctl/srv_svcctl_nt.h"
37 #define DBGC_CLASS DBGC_RPC_SRV
39 struct service_control_op {
41 SERVICE_CONTROL_OPS *ops;
44 /* handle external services */
45 extern SERVICE_CONTROL_OPS rcinit_svc_ops;
47 /* builtin services (see service_db.c and services/svc_*.c */
48 extern SERVICE_CONTROL_OPS spoolss_svc_ops;
49 extern SERVICE_CONTROL_OPS netlogon_svc_ops;
50 extern SERVICE_CONTROL_OPS winreg_svc_ops;
51 extern SERVICE_CONTROL_OPS wins_svc_ops;
53 /* make sure this number patches the number of builtin
54 SERVICE_CONTROL_OPS structure listed above */
56 #define SVCCTL_NUM_INTERNAL_SERVICES 4
58 struct service_control_op *svcctl_ops;
60 static const struct generic_mapping scm_generic_map =
61 { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
62 static const struct generic_mapping svc_generic_map =
63 { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
66 /********************************************************************
67 ********************************************************************/
69 bool init_service_op_table( void )
71 const char **service_list = lp_svcctl_list();
72 int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_length( service_list );
75 if ( !(svcctl_ops = talloc_array( NULL, struct service_control_op, num_services+1)) ) {
76 DEBUG(0,("init_service_op_table: talloc() failed!\n"));
80 /* services listed in smb.conf get the rc.init interface */
82 for ( i=0; service_list && service_list[i]; i++ ) {
83 svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
84 svcctl_ops[i].ops = &rcinit_svc_ops;
87 /* add builtin services */
89 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
90 svcctl_ops[i].ops = &spoolss_svc_ops;
93 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
94 svcctl_ops[i].ops = &netlogon_svc_ops;
97 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
98 svcctl_ops[i].ops = &winreg_svc_ops;
101 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
102 svcctl_ops[i].ops = &wins_svc_ops;
105 /* NULL terminate the array */
107 svcctl_ops[i].name = NULL;
108 svcctl_ops[i].ops = NULL;
113 bool shutdown_service_op_table(void)
115 TALLOC_FREE(svcctl_ops);
120 /********************************************************************
121 ********************************************************************/
123 static struct service_control_op* find_service_by_name( const char *name )
127 for ( i=0; svcctl_ops[i].name; i++ ) {
128 if ( strequal( name, svcctl_ops[i].name ) )
129 return &svcctl_ops[i];
134 /********************************************************************
135 ********************************************************************/
137 static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token,
138 uint32_t access_desired, uint32_t *access_granted )
141 if ( geteuid() == sec_initial_uid() ) {
142 DEBUG(5,("svcctl_access_check: using root's token\n"));
143 status = get_root_nt_token(&token);
144 if(!NT_STATUS_IS_OK(status)) {
149 return se_access_check( sec_desc, token, access_desired, access_granted);
152 /********************************************************************
153 ********************************************************************/
155 static struct security_descriptor* construct_scm_sd( TALLOC_CTX *ctx )
157 struct security_ace ace[2];
159 struct security_descriptor *sd;
160 struct security_acl *theacl;
163 /* basic access for Everyone */
165 init_sec_ace(&ace[i++], &global_sid_World,
166 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
168 /* Full Access 'BUILTIN\Administrators' */
170 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
171 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
174 /* create the security descriptor */
176 if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
179 if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
180 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
187 /******************************************************************
188 Find a registry key handle and return a SERVICE_INFO
189 *****************************************************************/
191 static SERVICE_INFO *find_service_info_by_hnd(struct pipes_struct *p,
192 struct policy_handle *hnd)
194 SERVICE_INFO *service_info = NULL;
196 if( !find_policy_by_hnd( p, hnd, (void **)(void *)&service_info) ) {
197 DEBUG(2,("find_service_info_by_hnd: handle not found\n"));
204 /******************************************************************
205 *****************************************************************/
207 static WERROR create_open_service_handle(struct pipes_struct *p,
208 struct policy_handle *handle,
211 uint32_t access_granted)
213 SERVICE_INFO *info = NULL;
214 WERROR result = WERR_OK;
215 struct service_control_op *s_op;
217 if ( !(info = talloc_zero( NULL, SERVICE_INFO )) )
218 return WERR_NOT_ENOUGH_MEMORY;
220 /* the Service Manager has a NULL name */
222 info->type = SVC_HANDLE_IS_SCM;
225 case SVC_HANDLE_IS_SCM:
226 info->type = SVC_HANDLE_IS_SCM;
229 case SVC_HANDLE_IS_DBLOCK:
230 info->type = SVC_HANDLE_IS_DBLOCK;
233 case SVC_HANDLE_IS_SERVICE:
234 info->type = SVC_HANDLE_IS_SERVICE;
236 /* lookup the SERVICE_CONTROL_OPS */
238 if ( !(s_op = find_service_by_name( service )) ) {
239 result = WERR_SERVICE_DOES_NOT_EXIST;
243 info->ops = s_op->ops;
245 if ( !(info->name = talloc_strdup( info, s_op->name )) ) {
246 result = WERR_NOT_ENOUGH_MEMORY;
252 result = WERR_SERVICE_DOES_NOT_EXIST;
256 info->access_granted = access_granted;
258 /* store the SERVICE_INFO and create an open handle */
260 if ( !create_policy_hnd( p, handle, info ) ) {
261 result = WERR_ACCESS_DENIED;
266 if ( !W_ERROR_IS_OK(result) )
272 /********************************************************************
273 _svcctl_OpenSCManagerW
274 ********************************************************************/
276 WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
277 struct svcctl_OpenSCManagerW *r)
279 struct security_descriptor *sec_desc;
280 uint32_t access_granted = 0;
283 /* perform access checks */
285 if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
286 return WERR_NOT_ENOUGH_MEMORY;
288 se_map_generic( &r->in.access_mask, &scm_generic_map );
289 status = svcctl_access_check( sec_desc, p->session_info->security_token,
290 r->in.access_mask, &access_granted );
291 if ( !NT_STATUS_IS_OK(status) )
292 return ntstatus_to_werror( status );
294 return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
297 /********************************************************************
299 ********************************************************************/
301 WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
302 struct svcctl_OpenServiceW *r)
304 struct security_descriptor *sec_desc;
305 uint32_t access_granted = 0;
307 const char *service = NULL;
310 service = r->in.ServiceName;
312 return WERR_NOT_ENOUGH_MEMORY;
314 DEBUG(5, ("_svcctl_OpenServiceW: Attempting to open Service [%s], \n", service));
316 /* based on my tests you can open a service if you have a valid scm handle */
318 if ( !find_service_info_by_hnd( p, r->in.scmanager_handle) )
319 return WERR_INVALID_HANDLE;
322 * Perform access checks. Use the system session_info in order to ensure
323 * that we retrieve the security descriptor
325 err = svcctl_get_secdesc(p->msg_ctx,
326 get_session_info_system(),
330 if (W_ERROR_EQUAL(err, WERR_FILE_NOT_FOUND)) {
331 DBG_NOTICE("service %s does not exist\n", service);
332 return WERR_SERVICE_DOES_NOT_EXIST;
334 if (!W_ERROR_IS_OK(err)) {
335 DBG_NOTICE("Failed to get a valid secdesc for %s: %s\n",
336 service, win_errstr(err));
340 se_map_generic( &r->in.access_mask, &svc_generic_map );
341 status = svcctl_access_check( sec_desc, p->session_info->security_token,
342 r->in.access_mask, &access_granted );
343 if ( !NT_STATUS_IS_OK(status) )
344 return ntstatus_to_werror( status );
346 return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
349 /********************************************************************
350 _svcctl_CloseServiceHandle
351 ********************************************************************/
353 WERROR _svcctl_CloseServiceHandle(struct pipes_struct *p,
354 struct svcctl_CloseServiceHandle *r)
356 if ( !close_policy_hnd( p, r->in.handle ) )
357 return WERR_INVALID_HANDLE;
359 ZERO_STRUCTP(r->out.handle);
364 /********************************************************************
365 _svcctl_GetServiceDisplayNameW
366 ********************************************************************/
368 WERROR _svcctl_GetServiceDisplayNameW(struct pipes_struct *p,
369 struct svcctl_GetServiceDisplayNameW *r)
372 const char *display_name;
373 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
375 /* can only use an SCM handle here */
377 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
378 return WERR_INVALID_HANDLE;
380 service = r->in.service_name;
382 display_name = svcctl_lookup_dispname(p->mem_ctx,
390 *r->out.display_name = display_name;
391 *r->out.display_name_length = strlen(display_name);
396 /********************************************************************
397 _svcctl_QueryServiceStatus
398 ********************************************************************/
400 WERROR _svcctl_QueryServiceStatus(struct pipes_struct *p,
401 struct svcctl_QueryServiceStatus *r)
403 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
405 /* perform access checks */
407 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
408 return WERR_INVALID_HANDLE;
410 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
411 return WERR_ACCESS_DENIED;
413 /* try the service specific status call */
415 return info->ops->service_status( info->name, r->out.service_status );
418 /********************************************************************
419 ********************************************************************/
421 static int enumerate_status(TALLOC_CTX *ctx,
422 struct messaging_context *msg_ctx,
423 struct auth_session_info *session_info,
424 struct ENUM_SERVICE_STATUSW **status)
426 int num_services = 0;
428 struct ENUM_SERVICE_STATUSW *st;
429 const char *display_name;
432 while ( svcctl_ops[num_services].name )
435 if ( !(st = talloc_array( ctx, struct ENUM_SERVICE_STATUSW, num_services )) ) {
436 DEBUG(0,("enumerate_status: talloc() failed!\n"));
440 for ( i=0; i<num_services; i++ ) {
441 st[i].service_name = talloc_strdup(st, svcctl_ops[i].name );
443 display_name = svcctl_lookup_dispname(ctx,
447 st[i].display_name = talloc_strdup(st, display_name ? display_name : "");
449 svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
457 /********************************************************************
458 _svcctl_EnumServicesStatusW
459 ********************************************************************/
461 WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p,
462 struct svcctl_EnumServicesStatusW *r)
464 struct ENUM_SERVICE_STATUSW *services = NULL;
467 size_t buffer_size = 0;
468 WERROR result = WERR_OK;
469 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
470 DATA_BLOB blob = data_blob_null;
472 /* perform access checks */
474 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
475 return WERR_INVALID_HANDLE;
477 if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
478 return WERR_ACCESS_DENIED;
481 num_services = enumerate_status(p->mem_ctx,
485 if (num_services == -1 ) {
486 return WERR_NOT_ENOUGH_MEMORY;
489 for ( i=0; i<num_services; i++ ) {
490 buffer_size += ndr_size_ENUM_SERVICE_STATUSW(&services[i], 0);
493 buffer_size += buffer_size % 4;
495 if (buffer_size > r->in.offered) {
497 result = WERR_MORE_DATA;
500 if ( W_ERROR_IS_OK(result) ) {
502 enum ndr_err_code ndr_err;
503 struct ndr_push *ndr;
505 ndr = ndr_push_init_ctx(p->mem_ctx);
507 return WERR_INVALID_PARAMETER;
510 ndr_err = ndr_push_ENUM_SERVICE_STATUSW_array(
511 ndr, num_services, services);
512 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
513 return ntstatus_to_werror(ndr_map_error2ntstatus(ndr_err));
515 blob = ndr_push_blob(ndr);
516 memcpy(r->out.service, blob.data, MIN(blob.length, r->in.offered));
519 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
520 *r->out.services_returned = (uint32_t)num_services;
521 if (r->out.resume_handle) {
522 *r->out.resume_handle = 0;
528 /********************************************************************
529 _svcctl_StartServiceW
530 ********************************************************************/
532 WERROR _svcctl_StartServiceW(struct pipes_struct *p,
533 struct svcctl_StartServiceW *r)
535 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
537 /* perform access checks */
539 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
540 return WERR_INVALID_HANDLE;
542 if ( !(info->access_granted & SC_RIGHT_SVC_START) )
543 return WERR_ACCESS_DENIED;
545 return info->ops->start_service( info->name );
548 /********************************************************************
549 _svcctl_ControlService
550 ********************************************************************/
552 WERROR _svcctl_ControlService(struct pipes_struct *p,
553 struct svcctl_ControlService *r)
555 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
557 /* perform access checks */
559 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
560 return WERR_INVALID_HANDLE;
562 switch ( r->in.control ) {
563 case SVCCTL_CONTROL_STOP:
564 if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
565 return WERR_ACCESS_DENIED;
567 return info->ops->stop_service( info->name,
568 r->out.service_status );
570 case SVCCTL_CONTROL_INTERROGATE:
571 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
572 return WERR_ACCESS_DENIED;
574 return info->ops->service_status( info->name,
575 r->out.service_status );
577 return WERR_INVALID_PARAMETER;
581 /********************************************************************
582 _svcctl_EnumDependentServicesW
583 ********************************************************************/
585 WERROR _svcctl_EnumDependentServicesW(struct pipes_struct *p,
586 struct svcctl_EnumDependentServicesW *r)
588 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.service );
590 /* perform access checks */
592 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
593 return WERR_INVALID_HANDLE;
595 if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
596 return WERR_ACCESS_DENIED;
598 switch (r->in.state) {
599 case SERVICE_STATE_ACTIVE:
600 case SERVICE_STATE_INACTIVE:
601 case SERVICE_STATE_ALL:
604 return WERR_INVALID_PARAMETER;
607 /* we have to set the outgoing buffer size to the same as the
608 incoming buffer size (even in the case of failure */
609 /* this is done in the autogenerated server already - gd */
611 *r->out.needed = r->in.offered;
613 /* no dependent services...basically a stub function */
614 *r->out.services_returned = 0;
619 /********************************************************************
620 _svcctl_QueryServiceStatusEx
621 ********************************************************************/
623 WERROR _svcctl_QueryServiceStatusEx(struct pipes_struct *p,
624 struct svcctl_QueryServiceStatusEx *r)
626 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
627 uint32_t buffer_size;
629 /* perform access checks */
631 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
632 return WERR_INVALID_HANDLE;
634 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
635 return WERR_ACCESS_DENIED;
637 /* we have to set the outgoing buffer size to the same as the
638 incoming buffer size (even in the case of failure) */
639 *r->out.needed = r->in.offered;
641 switch ( r->in.info_level ) {
642 case SVC_STATUS_PROCESS_INFO:
644 struct SERVICE_STATUS_PROCESS svc_stat_proc;
645 enum ndr_err_code ndr_err;
648 /* Get the status of the service.. */
649 info->ops->service_status( info->name, &svc_stat_proc.status );
650 svc_stat_proc.process_id = getpid();
651 svc_stat_proc.service_flags = 0x0;
653 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &svc_stat_proc,
654 (ndr_push_flags_fn_t)ndr_push_SERVICE_STATUS_PROCESS);
655 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
656 return WERR_INVALID_PARAMETER;
659 r->out.buffer = blob.data;
660 buffer_size = sizeof(struct SERVICE_STATUS_PROCESS);
665 return WERR_INVALID_LEVEL;
669 buffer_size += buffer_size % 4;
670 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
672 if (buffer_size > r->in.offered ) {
673 return WERR_INSUFFICIENT_BUFFER;
679 /********************************************************************
680 ********************************************************************/
682 static WERROR fill_svc_config(TALLOC_CTX *mem_ctx,
683 struct messaging_context *msg_ctx,
684 struct auth_session_info *session_info,
686 struct QUERY_SERVICE_CONFIG *config)
688 const char *result = NULL;
690 /* now fill in the individual values */
692 ZERO_STRUCTP(config);
694 config->displayname = svcctl_lookup_dispname(mem_ctx,
699 result = svcctl_get_string_value(mem_ctx,
704 if (result != NULL) {
705 config->startname = result;
708 result = svcctl_get_string_value(mem_ctx,
713 if (result != NULL) {
714 config->executablepath = result;
717 /* a few hard coded values */
718 /* loadordergroup and dependencies are empty */
720 config->tag_id = 0x00000000; /* unassigned loadorder group */
721 config->service_type = SERVICE_TYPE_WIN32_OWN_PROCESS;
722 config->error_control = SVCCTL_SVC_ERROR_NORMAL;
724 /* set the start type. NetLogon and WINS are disabled to prevent
725 the client from showing the "Start" button (if of course the services
728 if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) )
729 config->start_type = SVCCTL_DISABLED;
730 else if ( strequal( name, "WINS" ) && ( !lp_we_are_a_wins_server() ))
731 config->start_type = SVCCTL_DISABLED;
733 config->start_type = SVCCTL_DEMAND_START;
738 /********************************************************************
739 _svcctl_QueryServiceConfigW
740 ********************************************************************/
742 WERROR _svcctl_QueryServiceConfigW(struct pipes_struct *p,
743 struct svcctl_QueryServiceConfigW *r)
745 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
746 uint32_t buffer_size;
749 /* perform access checks */
751 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
752 return WERR_INVALID_HANDLE;
754 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
755 return WERR_ACCESS_DENIED;
757 /* we have to set the outgoing buffer size to the same as the
758 incoming buffer size (even in the case of failure */
760 *r->out.needed = r->in.offered;
762 wresult = fill_svc_config(p->mem_ctx,
767 if ( !W_ERROR_IS_OK(wresult) )
770 buffer_size = ndr_size_QUERY_SERVICE_CONFIG(r->out.query, 0);
771 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
773 if (buffer_size > r->in.offered ) {
774 ZERO_STRUCTP(r->out.query);
775 return WERR_INSUFFICIENT_BUFFER;
781 /********************************************************************
782 _svcctl_QueryServiceConfig2W
783 ********************************************************************/
785 WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
786 struct svcctl_QueryServiceConfig2W *r)
788 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
789 uint32_t buffer_size;
790 DATA_BLOB blob = data_blob_null;
792 /* perform access checks */
794 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
795 return WERR_INVALID_HANDLE;
797 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
798 return WERR_ACCESS_DENIED;
800 /* we have to set the outgoing buffer size to the same as the
801 incoming buffer size (even in the case of failure */
802 *r->out.needed = r->in.offered;
804 switch ( r->in.info_level ) {
805 case SERVICE_CONFIG_DESCRIPTION:
807 struct SERVICE_DESCRIPTION desc_buf;
808 const char *description;
809 enum ndr_err_code ndr_err;
811 description = svcctl_lookup_description(p->mem_ctx,
816 desc_buf.description = description;
818 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &desc_buf,
819 (ndr_push_flags_fn_t)ndr_push_SERVICE_DESCRIPTION);
820 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
821 return WERR_INVALID_PARAMETER;
827 case SERVICE_CONFIG_FAILURE_ACTIONS:
829 struct SERVICE_FAILURE_ACTIONS actions;
830 enum ndr_err_code ndr_err;
832 /* nothing to say...just service the request */
834 ZERO_STRUCT( actions );
836 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &actions,
837 (ndr_push_flags_fn_t)ndr_push_SERVICE_FAILURE_ACTIONS);
838 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
839 return WERR_INVALID_PARAMETER;
847 return WERR_INVALID_LEVEL;
850 buffer_size = blob.length;
851 buffer_size += buffer_size % 4;
852 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
854 if (buffer_size > r->in.offered)
855 return WERR_INSUFFICIENT_BUFFER;
857 memcpy(r->out.buffer, blob.data, blob.length);
862 /********************************************************************
863 _svcctl_LockServiceDatabase
864 ********************************************************************/
866 WERROR _svcctl_LockServiceDatabase(struct pipes_struct *p,
867 struct svcctl_LockServiceDatabase *r)
869 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
871 /* perform access checks */
873 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
874 return WERR_INVALID_HANDLE;
876 if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
877 return WERR_ACCESS_DENIED;
879 /* Just open a handle. Doesn't actually lock anything */
881 return create_open_service_handle( p, r->out.lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
884 /********************************************************************
885 _svcctl_UnlockServiceDatabase
886 ********************************************************************/
888 WERROR _svcctl_UnlockServiceDatabase(struct pipes_struct *p,
889 struct svcctl_UnlockServiceDatabase *r)
891 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.lock );
894 if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
895 return WERR_INVALID_HANDLE;
897 return close_policy_hnd( p, r->out.lock) ? WERR_OK : WERR_INVALID_HANDLE;
900 /********************************************************************
901 _svcctl_QueryServiceObjectSecurity
902 ********************************************************************/
904 WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
905 struct svcctl_QueryServiceObjectSecurity *r)
907 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
908 struct security_descriptor *sec_desc;
910 uint8_t *buffer = NULL;
915 /* only support the SCM and individual services */
917 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
918 return WERR_INVALID_HANDLE;
920 /* check access reights (according to MSDN) */
922 if ( !(info->access_granted & SEC_STD_READ_CONTROL) )
923 return WERR_ACCESS_DENIED;
925 /* TODO: handle something besides SECINFO_DACL */
927 if ( (r->in.security_flags & SECINFO_DACL) != SECINFO_DACL )
928 return WERR_INVALID_PARAMETER;
930 /* Lookup the security descriptor and marshall it up for a reply */
931 err = svcctl_get_secdesc(p->msg_ctx,
932 get_session_info_system(),
936 if (W_ERROR_EQUAL(err, WERR_FILE_NOT_FOUND)) {
937 DBG_NOTICE("service %s does not exist\n", info->name);
938 return WERR_SERVICE_DOES_NOT_EXIST;
940 if (!W_ERROR_IS_OK(err)) {
941 DBG_NOTICE("Failed to get a valid secdesc for %s: %s\n",
942 info->name, win_errstr(err));
946 *r->out.needed = ndr_size_security_descriptor(sec_desc, 0);
948 if ( *r->out.needed > r->in.offered) {
949 return WERR_INSUFFICIENT_BUFFER;
952 status = marshall_sec_desc(p->mem_ctx, sec_desc, &buffer, &len);
953 if (!NT_STATUS_IS_OK(status)) {
954 return ntstatus_to_werror(status);
957 *r->out.needed = len;
958 memcpy(r->out.buffer, buffer, len);
963 /********************************************************************
964 _svcctl_SetServiceObjectSecurity
965 ********************************************************************/
967 WERROR _svcctl_SetServiceObjectSecurity(struct pipes_struct *p,
968 struct svcctl_SetServiceObjectSecurity *r)
970 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
971 struct security_descriptor *sec_desc = NULL;
972 uint32_t required_access;
975 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
976 return WERR_INVALID_HANDLE;
978 /* can't set the security de4scriptor on the ServiceControlManager */
980 if ( info->type == SVC_HANDLE_IS_SCM )
981 return WERR_ACCESS_DENIED;
983 /* check the access on the open handle */
985 switch ( r->in.security_flags ) {
987 required_access = SEC_STD_WRITE_DAC;
992 required_access = SEC_STD_WRITE_OWNER;
996 return WERR_INVALID_PARAMETER;
998 return WERR_INVALID_PARAMETER;
1001 if ( !(info->access_granted & required_access) )
1002 return WERR_ACCESS_DENIED;
1004 /* read the security descfriptor */
1006 status = unmarshall_sec_desc(p->mem_ctx,
1010 if (!NT_STATUS_IS_OK(status)) {
1011 return ntstatus_to_werror(status);
1014 /* store the new SD */
1016 if (!svcctl_set_secdesc(p->msg_ctx, p->session_info, info->name, sec_desc))
1017 return WERR_ACCESS_DENIED;
1023 WERROR _svcctl_DeleteService(struct pipes_struct *p,
1024 struct svcctl_DeleteService *r)
1026 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1027 return WERR_NOT_SUPPORTED;
1030 WERROR _svcctl_SetServiceStatus(struct pipes_struct *p,
1031 struct svcctl_SetServiceStatus *r)
1033 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1034 return WERR_NOT_SUPPORTED;
1037 WERROR _svcctl_NotifyBootConfigStatus(struct pipes_struct *p,
1038 struct svcctl_NotifyBootConfigStatus *r)
1040 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1041 return WERR_NOT_SUPPORTED;
1044 WERROR _svcctl_SCSetServiceBitsW(struct pipes_struct *p,
1045 struct svcctl_SCSetServiceBitsW *r)
1047 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1048 return WERR_NOT_SUPPORTED;
1051 WERROR _svcctl_ChangeServiceConfigW(struct pipes_struct *p,
1052 struct svcctl_ChangeServiceConfigW *r)
1054 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1055 return WERR_NOT_SUPPORTED;
1058 WERROR _svcctl_CreateServiceW(struct pipes_struct *p,
1059 struct svcctl_CreateServiceW *r)
1061 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1062 return WERR_NOT_SUPPORTED;
1065 WERROR _svcctl_QueryServiceLockStatusW(struct pipes_struct *p,
1066 struct svcctl_QueryServiceLockStatusW *r)
1068 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1069 return WERR_NOT_SUPPORTED;
1072 WERROR _svcctl_GetServiceKeyNameW(struct pipes_struct *p,
1073 struct svcctl_GetServiceKeyNameW *r)
1075 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1076 return WERR_NOT_SUPPORTED;
1079 WERROR _svcctl_SCSetServiceBitsA(struct pipes_struct *p,
1080 struct svcctl_SCSetServiceBitsA *r)
1082 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1083 return WERR_NOT_SUPPORTED;
1086 WERROR _svcctl_ChangeServiceConfigA(struct pipes_struct *p,
1087 struct svcctl_ChangeServiceConfigA *r)
1089 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1090 return WERR_NOT_SUPPORTED;
1093 WERROR _svcctl_CreateServiceA(struct pipes_struct *p,
1094 struct svcctl_CreateServiceA *r)
1096 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1097 return WERR_NOT_SUPPORTED;
1100 WERROR _svcctl_EnumDependentServicesA(struct pipes_struct *p,
1101 struct svcctl_EnumDependentServicesA *r)
1103 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1104 return WERR_NOT_SUPPORTED;
1107 WERROR _svcctl_EnumServicesStatusA(struct pipes_struct *p,
1108 struct svcctl_EnumServicesStatusA *r)
1110 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1111 return WERR_NOT_SUPPORTED;
1114 WERROR _svcctl_OpenSCManagerA(struct pipes_struct *p,
1115 struct svcctl_OpenSCManagerA *r)
1117 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1118 return WERR_NOT_SUPPORTED;
1121 WERROR _svcctl_OpenServiceA(struct pipes_struct *p,
1122 struct svcctl_OpenServiceA *r)
1124 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1125 return WERR_NOT_SUPPORTED;
1128 WERROR _svcctl_QueryServiceConfigA(struct pipes_struct *p,
1129 struct svcctl_QueryServiceConfigA *r)
1131 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1132 return WERR_NOT_SUPPORTED;
1135 WERROR _svcctl_QueryServiceLockStatusA(struct pipes_struct *p,
1136 struct svcctl_QueryServiceLockStatusA *r)
1138 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1139 return WERR_NOT_SUPPORTED;
1142 WERROR _svcctl_StartServiceA(struct pipes_struct *p,
1143 struct svcctl_StartServiceA *r)
1145 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1146 return WERR_NOT_SUPPORTED;
1149 WERROR _svcctl_GetServiceDisplayNameA(struct pipes_struct *p,
1150 struct svcctl_GetServiceDisplayNameA *r)
1152 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1153 return WERR_NOT_SUPPORTED;
1156 WERROR _svcctl_GetServiceKeyNameA(struct pipes_struct *p,
1157 struct svcctl_GetServiceKeyNameA *r)
1159 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1160 return WERR_NOT_SUPPORTED;
1163 WERROR _svcctl_GetCurrentGroupeStateW(struct pipes_struct *p,
1164 struct svcctl_GetCurrentGroupeStateW *r)
1166 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1167 return WERR_NOT_SUPPORTED;
1170 WERROR _svcctl_EnumServiceGroupW(struct pipes_struct *p,
1171 struct svcctl_EnumServiceGroupW *r)
1173 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1174 return WERR_NOT_SUPPORTED;
1177 WERROR _svcctl_ChangeServiceConfig2A(struct pipes_struct *p,
1178 struct svcctl_ChangeServiceConfig2A *r)
1180 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1181 return WERR_NOT_SUPPORTED;
1184 WERROR _svcctl_ChangeServiceConfig2W(struct pipes_struct *p,
1185 struct svcctl_ChangeServiceConfig2W *r)
1187 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1188 return WERR_NOT_SUPPORTED;
1191 WERROR _svcctl_QueryServiceConfig2A(struct pipes_struct *p,
1192 struct svcctl_QueryServiceConfig2A *r)
1194 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1195 return WERR_NOT_SUPPORTED;
1198 WERROR _EnumServicesStatusExA(struct pipes_struct *p,
1199 struct EnumServicesStatusExA *r)
1201 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1202 return WERR_NOT_SUPPORTED;
1205 WERROR _EnumServicesStatusExW(struct pipes_struct *p,
1206 struct EnumServicesStatusExW *r)
1208 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1209 return WERR_NOT_SUPPORTED;
1212 WERROR _svcctl_SCSendTSMessage(struct pipes_struct *p,
1213 struct svcctl_SCSendTSMessage *r)
1215 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
1216 return WERR_NOT_SUPPORTED;