X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=source3%2Fservices%2Fservices_db.c;h=b610c922a9df2d7ed044997d2b835befef1bcfca;hp=37440a299f781ccb0a64d2175b7b8276c48906ab;hb=7c51fa6d699a653cafa90df8e44911b576118ebd;hpb=1638941ba296fff1a5b22ed34dbe6eb7e0dbb4b2 diff --git a/source3/services/services_db.c b/source3/services/services_db.c index 37440a299f7..b610c922a9d 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -89,32 +89,32 @@ struct service_display_info common_unix_svcs[] = { static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx ) { SEC_ACE ace[4]; - SEC_ACCESS mask; size_t i = 0; - SEC_DESC *sd; - SEC_ACL *acl; + SEC_DESC *sd = NULL; + SEC_ACL *theacl = NULL; size_t sd_size; /* basic access for Everyone */ - init_sec_access(&mask, SERVICE_READ_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0); - init_sec_access(&mask,SERVICE_EXECUTE_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0); - init_sec_access(&mask,SERVICE_ALL_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); /* create the security descriptor */ - if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) ) + if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) ) return NULL; if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, - acl, &sd_size)) ) + theacl, &sd_size)) ) return NULL; return sd; @@ -188,18 +188,18 @@ static char *cleanup_string( const char *string ) static bool read_init_file( const char *servicename, struct rcinit_file_information **service_info ) { - struct rcinit_file_information *info; + struct rcinit_file_information *info = NULL; char *filepath = NULL; char str[1024]; - XFILE *f; - char *p; + XFILE *f = NULL; + char *p = NULL; if ( !(info = TALLOC_ZERO_P( NULL, struct rcinit_file_information ) ) ) return False; /* attempt the file open */ - filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_LIBDIR(), + filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, servicename); if (!filepath) { TALLOC_FREE(info); @@ -248,9 +248,9 @@ static bool read_init_file( const char *servicename, struct rcinit_file_informat Display name, Description, etc... ********************************************************************/ -static void fill_service_values( const char *name, REGVAL_CTR *values ) +static void fill_service_values(const char *name, struct regval_ctr *values) { - UNISTR2 data, dname, ipath, description; + char *dname, *ipath, *description; uint32 dword; int i; @@ -260,7 +260,7 @@ static void fill_service_values( const char *name, REGVAL_CTR *values ) dword = SVCCTL_AUTO_START; regval_ctr_addvalue( values, "Start", REG_DWORD, (char*)&dword, sizeof(uint32)); - dword = SVCCTL_WIN32_OWN_PROC; + dword = SERVICE_TYPE_WIN32_OWN_PROCESS; regval_ctr_addvalue( values, "Type", REG_DWORD, (char*)&dword, sizeof(uint32)); dword = SVCCTL_SVC_ERROR_NORMAL; @@ -268,24 +268,17 @@ static void fill_service_values( const char *name, REGVAL_CTR *values ) /* everything runs as LocalSystem */ - init_unistr2( &data, "LocalSystem", UNI_STR_TERMINATE ); - regval_ctr_addvalue( values, "ObjectName", REG_SZ, (char*)data.buffer, data.uni_str_len*2); + regval_ctr_addvalue_sz(values, "ObjectName", "LocalSystem"); /* special considerations for internal services and the DisplayName value */ for ( i=0; builtin_svcs[i].servicename; i++ ) { if ( strequal( name, builtin_svcs[i].servicename ) ) { - char *pstr = NULL; - if (asprintf(&pstr, "%s/%s/%s", - get_dyn_LIBDIR(), SVCCTL_SCRIPT_DIR, - builtin_svcs[i].daemon) > 0) { - init_unistr2( &ipath, pstr, UNI_STR_TERMINATE ); - SAFE_FREE(pstr); - } else { - init_unistr2( &ipath, "", UNI_STR_TERMINATE ); - } - init_unistr2( &description, builtin_svcs[i].description, UNI_STR_TERMINATE ); - init_unistr2( &dname, builtin_svcs[i].dispname, UNI_STR_TERMINATE ); + ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s", + get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, + builtin_svcs[i].daemon); + description = talloc_strdup(talloc_tos(), builtin_svcs[i].description); + dname = talloc_strdup(talloc_tos(), builtin_svcs[i].dispname); break; } } @@ -293,38 +286,37 @@ static void fill_service_values( const char *name, REGVAL_CTR *values ) /* default to an external service if we haven't found a match */ if ( builtin_svcs[i].servicename == NULL ) { - char *pstr = NULL; char *dispname = NULL; struct rcinit_file_information *init_info = NULL; - if (asprintf(&pstr, "%s/%s/%s",get_dyn_LIBDIR(), - SVCCTL_SCRIPT_DIR, name) > 0) { - init_unistr2( &ipath, pstr, UNI_STR_TERMINATE ); - SAFE_FREE(pstr); - } else { - init_unistr2( &ipath, "", UNI_STR_TERMINATE ); - } + ipath = talloc_asprintf(talloc_tos(), "%s/%s/%s", + get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, + name); /* lookup common unix display names */ dispname = get_common_service_dispname(name); - init_unistr2( &dname, dispname ? dispname : "", UNI_STR_TERMINATE ); + dname = talloc_strdup(talloc_tos(), dispname ? dispname : ""); SAFE_FREE(dispname); /* get info from init file itself */ if ( read_init_file( name, &init_info ) ) { - init_unistr2( &description, init_info->description, UNI_STR_TERMINATE ); + description = talloc_strdup(talloc_tos(), init_info->description); TALLOC_FREE( init_info ); } else { - init_unistr2( &description, "External Unix Service", UNI_STR_TERMINATE ); + description = talloc_strdup(talloc_tos(), "External Unix Service"); } } /* add the new values */ - regval_ctr_addvalue( values, "DisplayName", REG_SZ, (char*)dname.buffer, dname.uni_str_len*2); - regval_ctr_addvalue( values, "ImagePath", REG_SZ, (char*)ipath.buffer, ipath.uni_str_len*2); - regval_ctr_addvalue( values, "Description", REG_SZ, (char*)description.buffer, description.uni_str_len*2); + regval_ctr_addvalue_sz(values, "DisplayName", dname); + regval_ctr_addvalue_sz(values, "ImagePath", ipath); + regval_ctr_addvalue_sz(values, "Description", description); + + TALLOC_FREE(dname); + TALLOC_FREE(ipath); + TALLOC_FREE(description); return; } @@ -332,15 +324,16 @@ static void fill_service_values( const char *name, REGVAL_CTR *values ) /******************************************************************** ********************************************************************/ -static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys, - const char *name ) +static void add_new_svc_name(struct registry_key_handle *key_parent, + struct regsubkey_ctr *subkeys, + const char *name ) { - REGISTRY_KEY *key_service, *key_secdesc; + struct registry_key_handle *key_service = NULL, *key_secdesc = NULL; WERROR wresult; char *path = NULL; - REGVAL_CTR *values; - REGSUBKEY_CTR *svc_subkeys; - SEC_DESC *sd; + struct regval_ctr *values = NULL; + struct regsubkey_ctr *svc_subkeys = NULL; + SEC_DESC *sd = NULL; DATA_BLOB sd_blob; NTSTATUS status; @@ -358,7 +351,7 @@ static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys, get_root_nt_token(), REG_KEY_ALL ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); + path, win_errstr(wresult))); SAFE_FREE(path); return; } @@ -366,7 +359,8 @@ static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys, /* add the 'Security' key */ - if ( !(svc_subkeys = TALLOC_ZERO_P( key_service, REGSUBKEY_CTR )) ) { + wresult = regsubkey_ctr_init(key_service, &svc_subkeys); + if (!W_ERROR_IS_OK(wresult)) { DEBUG(0,("add_new_svc_name: talloc() failed!\n")); TALLOC_FREE( key_service ); return; @@ -378,7 +372,7 @@ static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys, /* now for the service values */ - if ( !(values = TALLOC_ZERO_P( key_service, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( key_service, struct regval_ctr )) ) { DEBUG(0,("add_new_svc_name: talloc() failed!\n")); TALLOC_FREE( key_service ); return; @@ -400,14 +394,14 @@ static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys, get_root_nt_token(), REG_KEY_ALL ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); + path, win_errstr(wresult))); TALLOC_FREE( key_secdesc ); SAFE_FREE(path); return; } SAFE_FREE(path); - if ( !(values = TALLOC_ZERO_P( key_secdesc, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( key_secdesc, struct regval_ctr )) ) { DEBUG(0,("add_new_svc_name: talloc() failed!\n")); TALLOC_FREE( key_secdesc ); return; @@ -444,8 +438,8 @@ void svcctl_init_keys( void ) { const char **service_list = lp_svcctl_list(); int i; - REGSUBKEY_CTR *subkeys; - REGISTRY_KEY *key = NULL; + struct regsubkey_ctr *subkeys = NULL; + struct registry_key_handle *key = NULL; WERROR wresult; /* bad mojo here if the lookup failed. Should not happen */ @@ -455,13 +449,14 @@ void svcctl_init_keys( void ) if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n", - dos_errstr(wresult))); + win_errstr(wresult))); return; } /* lookup the available subkeys */ - if ( !(subkeys = TALLOC_ZERO_P( key, REGSUBKEY_CTR )) ) { + wresult = regsubkey_ctr_init(key, &subkeys); + if (!W_ERROR_IS_OK(wresult)) { DEBUG(0,("svcctl_init_keys: talloc() failed!\n")); TALLOC_FREE( key ); return; @@ -502,9 +497,9 @@ void svcctl_init_keys( void ) SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ) { - REGISTRY_KEY *key; - REGVAL_CTR *values; - REGISTRY_VALUE *val; + struct registry_key_handle *key = NULL; + struct regval_ctr *values = NULL; + struct regval_blob *val = NULL; SEC_DESC *ret_sd = NULL; char *path= NULL; WERROR wresult; @@ -519,26 +514,22 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN * REG_KEY_ALL ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); - SAFE_FREE(path); - return NULL; + path, win_errstr(wresult))); + goto done; } - SAFE_FREE(path); - if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) { DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n")); - TALLOC_FREE( key ); - return NULL; + goto done; } - fetch_reg_values( key, values ); - - TALLOC_FREE(key); + if (fetch_reg_values( key, values ) == -1) { + DEBUG(0, ("Error getting registry values\n")); + goto done; + } if ( !(val = regval_ctr_getvalue( values, "Security" )) ) { - DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n", - name)); - return construct_service_sd( ctx ); + goto fallback_to_default_sd; } /* stream the service security descriptor */ @@ -546,10 +537,18 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN * status = unmarshall_sec_desc(ctx, regval_data_p(val), regval_size(val), &ret_sd); - if (!NT_STATUS_IS_OK(status)) { - return construct_service_sd( ctx ); + if (NT_STATUS_IS_OK(status)) { + goto done; } +fallback_to_default_sd: + DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for " + "service [%s]\n", name)); + ret_sd = construct_service_sd(ctx); + +done: + SAFE_FREE(path); + TALLOC_FREE(key); return ret_sd; } @@ -559,11 +558,12 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN * bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token ) { - REGISTRY_KEY *key; + struct registry_key_handle *key = NULL; WERROR wresult; char *path = NULL; - REGVAL_CTR *values; - prs_struct ps; + struct regval_ctr *values = NULL; + DATA_BLOB blob; + NTSTATUS status; bool ret = False; /* now add the security descriptor */ @@ -575,30 +575,32 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, REG_KEY_ALL ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); + path, win_errstr(wresult))); SAFE_FREE(path); return False; } SAFE_FREE(path); - if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) { DEBUG(0,("svcctl_set_secdesc: talloc() failed!\n")); TALLOC_FREE( key ); return False; } /* stream the printer security descriptor */ - prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL); - if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) { - uint32 offset = prs_offset( &ps ); - regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset ); - ret = store_reg_values( key, values ); + status = marshall_sec_desc(ctx, sec_desc, &blob.data, &blob.length); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("svcctl_set_secdesc: ndr_push_struct_blob() failed!\n")); + TALLOC_FREE( key ); + return False; } + regval_ctr_addvalue( values, "Security", REG_BINARY, (const char *)blob.data, blob.length); + ret = store_reg_values( key, values ); + /* cleanup */ - prs_mem_free( &ps ); TALLOC_FREE( key); return ret; @@ -609,12 +611,13 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ) { - char *display_name = NULL; - REGISTRY_KEY *key = NULL; - REGVAL_CTR *values; - REGISTRY_VALUE *val; + const char *display_name = NULL; + struct registry_key_handle *key = NULL; + struct regval_ctr *values = NULL; + struct regval_blob *val = NULL; char *path = NULL; WERROR wresult; + DATA_BLOB blob; /* now add the security descriptor */ @@ -625,13 +628,13 @@ const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TO REG_KEY_READ ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); + path, win_errstr(wresult))); SAFE_FREE(path); goto fail; } SAFE_FREE(path); - if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) { DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n")); TALLOC_FREE( key ); goto fail; @@ -642,7 +645,8 @@ const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TO if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) ) goto fail; - rpcstr_pull_talloc(ctx, &display_name, regval_data_p(val), regval_size(val), 0 ); + blob = data_blob_const(regval_data_p(val), regval_size(val)); + pull_reg_sz(ctx, &blob, &display_name); TALLOC_FREE( key ); @@ -659,12 +663,13 @@ fail: const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ) { - char *description = NULL; - REGISTRY_KEY *key = NULL; - REGVAL_CTR *values; - REGISTRY_VALUE *val; + const char *description = NULL; + struct registry_key_handle *key = NULL; + struct regval_ctr *values = NULL; + struct regval_blob *val = NULL; char *path = NULL; WERROR wresult; + DATA_BLOB blob; /* now add the security descriptor */ @@ -675,13 +680,13 @@ const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER REG_KEY_READ ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("svcctl_lookup_description: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); + path, win_errstr(wresult))); SAFE_FREE(path); return NULL; } SAFE_FREE(path); - if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( key, struct regval_ctr )) ) { DEBUG(0,("svcctl_lookup_description: talloc() failed!\n")); TALLOC_FREE( key ); return NULL; @@ -693,7 +698,10 @@ const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER TALLOC_FREE( key ); return "Unix Service"; } - rpcstr_pull_talloc(ctx, &description, regval_data_p(val), regval_size(val), 0 ); + + blob = data_blob_const(regval_data_p(val), regval_size(val)); + pull_reg_sz(ctx, &blob, &description); + TALLOC_FREE(key); return description; @@ -703,10 +711,10 @@ const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER /******************************************************************** ********************************************************************/ -REGVAL_CTR *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token ) +struct regval_ctr *svcctl_fetch_regvalues(const char *name, NT_USER_TOKEN *token) { - REGISTRY_KEY *key = NULL; - REGVAL_CTR *values; + struct registry_key_handle *key = NULL; + struct regval_ctr *values = NULL; char *path = NULL; WERROR wresult; @@ -719,13 +727,13 @@ REGVAL_CTR *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token ) REG_KEY_READ ); if ( !W_ERROR_IS_OK(wresult) ) { DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n", - path, dos_errstr(wresult))); + path, win_errstr(wresult))); SAFE_FREE(path); return NULL; } SAFE_FREE(path); - if ( !(values = TALLOC_ZERO_P( NULL, REGVAL_CTR )) ) { + if ( !(values = TALLOC_ZERO_P( NULL, struct regval_ctr )) ) { DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n")); TALLOC_FREE( key ); return NULL;