search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pyldb: Fix memory context, add more OOM checks.
[Samba.git] / source3 / rpc_server / srv_svcctl_nt.c
blob2a7ef816456f29e7776d7d2ff533481e478e8e7f
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 *
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 *
7 * Largely Rewritten (Again) by:
8 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * Copyright (C) Guenther Deschner 2008,2009.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "../librpc/gen_ndr/srv_svcctl.h"
27 #include "services/services.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30
31 #undef DBGC_CLASS
32 #define DBGC_CLASS DBGC_RPC_SRV
33
34 struct service_control_op {
35 const char *name;
36 SERVICE_CONTROL_OPS *ops;
37 };
38
39 /* handle external services */
40 extern SERVICE_CONTROL_OPS rcinit_svc_ops;
41
42 /* builtin services (see service_db.c and services/svc_*.c */
43 extern SERVICE_CONTROL_OPS spoolss_svc_ops;
44 extern SERVICE_CONTROL_OPS netlogon_svc_ops;
45 extern SERVICE_CONTROL_OPS winreg_svc_ops;
46 extern SERVICE_CONTROL_OPS wins_svc_ops;
47
48 /* make sure this number patches the number of builtin
49 SERVICE_CONTROL_OPS structure listed above */
50
51 #define SVCCTL_NUM_INTERNAL_SERVICES 4
52
53 struct service_control_op *svcctl_ops;
54
55 static const struct generic_mapping scm_generic_map =
56 { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
57 static const struct generic_mapping svc_generic_map =
58 { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
59
60
61 /********************************************************************
62 ********************************************************************/
63
64 bool init_service_op_table( void )
65 {
66 const char **service_list = lp_svcctl_list();
67 int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_length( service_list );
68 int i;
69
70 if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
71 DEBUG(0,("init_service_op_table: talloc() failed!\n"));
72 return False;
73 }
74
75 /* services listed in smb.conf get the rc.init interface */
76
77 for ( i=0; service_list && service_list[i]; i++ ) {
78 svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
79 svcctl_ops[i].ops = &rcinit_svc_ops;
80 }
81
82 /* add builtin services */
83
84 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
85 svcctl_ops[i].ops = &spoolss_svc_ops;
86 i++;
87
88 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
89 svcctl_ops[i].ops = &netlogon_svc_ops;
90 i++;
91
92 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
93 svcctl_ops[i].ops = &winreg_svc_ops;
94 i++;
95
96 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
97 svcctl_ops[i].ops = &wins_svc_ops;
98 i++;
99
100 /* NULL terminate the array */
101
102 svcctl_ops[i].name = NULL;
103 svcctl_ops[i].ops = NULL;
104
105 return True;
106 }
107
108 /********************************************************************
109 ********************************************************************/
110
111 static struct service_control_op* find_service_by_name( const char *name )
112 {
113 int i;
114
115 for ( i=0; svcctl_ops[i].name; i++ ) {
116 if ( strequal( name, svcctl_ops[i].name ) )
117 return &svcctl_ops[i];
118 }
119
120 return NULL;
121 }
122 /********************************************************************
123 ********************************************************************/
124
125 static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token,
126 uint32 access_desired, uint32 *access_granted )
127 {
128 if ( geteuid() == sec_initial_uid() ) {
129 DEBUG(5,("svcctl_access_check: using root's token\n"));
130 token = get_root_nt_token();
131 }
132
133 return se_access_check( sec_desc, token, access_desired, access_granted);
134 }
135
136 /********************************************************************
137 ********************************************************************/
138
139 static struct security_descriptor* construct_scm_sd( TALLOC_CTX *ctx )
140 {
141 struct security_ace ace[2];
142 size_t i = 0;
143 struct security_descriptor *sd;
144 struct security_acl *theacl;
145 size_t sd_size;
146
147 /* basic access for Everyone */
148
149 init_sec_ace(&ace[i++], &global_sid_World,
150 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
151
152 /* Full Access 'BUILTIN\Administrators' */
153
154 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
155 SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
156
157
158 /* create the security descriptor */
159
160 if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
161 return NULL;
162
163 if ( !(sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
164 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
165 theacl, &sd_size)) )
166 return NULL;
167
168 return sd;
169 }
170
171 /******************************************************************
172 Find a registry key handle and return a SERVICE_INFO
173 *****************************************************************/
174
175 static SERVICE_INFO *find_service_info_by_hnd(struct pipes_struct *p,
176 struct policy_handle *hnd)
177 {
178 SERVICE_INFO *service_info = NULL;
179
180 if( !find_policy_by_hnd( p, hnd, (void **)(void *)&service_info) ) {
181 DEBUG(2,("find_service_info_by_hnd: handle not found\n"));
182 return NULL;
183 }
184
185 return service_info;
186 }
187
188 /******************************************************************
189 *****************************************************************/
190
191 static WERROR create_open_service_handle(struct pipes_struct *p,
192 struct policy_handle *handle,
193 uint32_t type,
194 const char *service,
195 uint32_t access_granted)
196 {
197 SERVICE_INFO *info = NULL;
198 WERROR result = WERR_OK;
199 struct service_control_op *s_op;
200
201 if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
202 return WERR_NOMEM;
203
204 /* the Service Manager has a NULL name */
205
206 info->type = SVC_HANDLE_IS_SCM;
207
208 switch ( type ) {
209 case SVC_HANDLE_IS_SCM:
210 info->type = SVC_HANDLE_IS_SCM;
211 break;
212
213 case SVC_HANDLE_IS_DBLOCK:
214 info->type = SVC_HANDLE_IS_DBLOCK;
215 break;
216
217 case SVC_HANDLE_IS_SERVICE:
218 info->type = SVC_HANDLE_IS_SERVICE;
219
220 /* lookup the SERVICE_CONTROL_OPS */
221
222 if ( !(s_op = find_service_by_name( service )) ) {
223 result = WERR_NO_SUCH_SERVICE;
224 goto done;
225 }
226
227 info->ops = s_op->ops;
228
229 if ( !(info->name = talloc_strdup( info, s_op->name )) ) {
230 result = WERR_NOMEM;
231 goto done;
232 }
233 break;
234
235 default:
236 result = WERR_NO_SUCH_SERVICE;
237 goto done;
238 }
239
240 info->access_granted = access_granted;
241
242 /* store the SERVICE_INFO and create an open handle */
243
244 if ( !create_policy_hnd( p, handle, info ) ) {
245 result = WERR_ACCESS_DENIED;
246 goto done;
247 }
248
249 done:
250 if ( !W_ERROR_IS_OK(result) )
251 TALLOC_FREE(info);
252
253 return result;
254 }
255
256 /********************************************************************
257 _svcctl_OpenSCManagerW
258 ********************************************************************/
259
260 WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
261 struct svcctl_OpenSCManagerW *r)
262 {
263 struct security_descriptor *sec_desc;
264 uint32 access_granted = 0;
265 NTSTATUS status;
266
267 /* perform access checks */
268
269 if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
270 return WERR_NOMEM;
271
272 se_map_generic( &r->in.access_mask, &scm_generic_map );
273 status = svcctl_access_check( sec_desc, p->server_info->ptok,
274 r->in.access_mask, &access_granted );
275 if ( !NT_STATUS_IS_OK(status) )
276 return ntstatus_to_werror( status );
277
278 return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
279 }
280
281 /********************************************************************
282 _svcctl_OpenServiceW
283 ********************************************************************/
284
285 WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
286 struct svcctl_OpenServiceW *r)
287 {
288 struct security_descriptor *sec_desc;
289 uint32 access_granted = 0;
290 NTSTATUS status;
291 const char *service = NULL;
292
293 service = r->in.ServiceName;
294 if (!service) {
295 return WERR_NOMEM;
296 }
297 DEBUG(5, ("_svcctl_OpenServiceW: Attempting to open Service [%s], \n", service));
298
299 /* based on my tests you can open a service if you have a valid scm handle */
300
301 if ( !find_service_info_by_hnd( p, r->in.scmanager_handle) )
302 return WERR_BADFID;
303
304 /* perform access checks. Use the root token in order to ensure that we
305 retrieve the security descriptor */
306
307 if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
308 return WERR_NOMEM;
309
310 se_map_generic( &r->in.access_mask, &svc_generic_map );
311 status = svcctl_access_check( sec_desc, p->server_info->ptok,
312 r->in.access_mask, &access_granted );
313 if ( !NT_STATUS_IS_OK(status) )
314 return ntstatus_to_werror( status );
315
316 return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
317 }
318
319 /********************************************************************
320 _svcctl_CloseServiceHandle
321 ********************************************************************/
322
323 WERROR _svcctl_CloseServiceHandle(struct pipes_struct *p,
324 struct svcctl_CloseServiceHandle *r)
325 {
326 if ( !close_policy_hnd( p, r->in.handle ) )
327 return WERR_BADFID;
328
329 ZERO_STRUCTP(r->out.handle);
330
331 return WERR_OK;
332 }
333
334 /********************************************************************
335 _svcctl_GetServiceDisplayNameW
336 ********************************************************************/
337
338 WERROR _svcctl_GetServiceDisplayNameW(struct pipes_struct *p,
339 struct svcctl_GetServiceDisplayNameW *r)
340 {
341 const char *service;
342 const char *display_name;
343 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
344
345 /* can only use an SCM handle here */
346
347 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
348 return WERR_BADFID;
349
350 service = r->in.service_name;
351
352 display_name = svcctl_lookup_dispname(p->mem_ctx, service,
353 p->server_info->ptok);
354 if (!display_name) {
355 display_name = "";
356 }
357
358 *r->out.display_name = display_name;
359 *r->out.display_name_length = strlen(display_name);
360
361 return WERR_OK;
362 }
363
364 /********************************************************************
365 _svcctl_QueryServiceStatus
366 ********************************************************************/
367
368 WERROR _svcctl_QueryServiceStatus(struct pipes_struct *p,
369 struct svcctl_QueryServiceStatus *r)
370 {
371 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
372
373 /* perform access checks */
374
375 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
376 return WERR_BADFID;
377
378 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
379 return WERR_ACCESS_DENIED;
380
381 /* try the service specific status call */
382
383 return info->ops->service_status( info->name, r->out.service_status );
384 }
385
386 /********************************************************************
387 ********************************************************************/
388
389 static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, struct security_token *token )
390 {
391 int num_services = 0;
392 int i;
393 struct ENUM_SERVICE_STATUSW *st;
394 const char *display_name;
395
396 /* just count */
397 while ( svcctl_ops[num_services].name )
398 num_services++;
399
400 if ( !(st = TALLOC_ARRAY( ctx, struct ENUM_SERVICE_STATUSW, num_services )) ) {
401 DEBUG(0,("enumerate_status: talloc() failed!\n"));
402 return -1;
403 }
404
405 for ( i=0; i<num_services; i++ ) {
406 st[i].service_name = talloc_strdup(st, svcctl_ops[i].name );
407
408 display_name = svcctl_lookup_dispname(ctx, svcctl_ops[i].name, token );
409 st[i].display_name = talloc_strdup(st, display_name ? display_name : "");
410
411 svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
412 }
413
414 *status = st;
415
416 return num_services;
417 }
418
419 /********************************************************************
420 _svcctl_EnumServicesStatusW
421 ********************************************************************/
422
423 WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p,
424 struct svcctl_EnumServicesStatusW *r)
425 {
426 struct ENUM_SERVICE_STATUSW *services = NULL;
427 int num_services;
428 int i = 0;
429 size_t buffer_size = 0;
430 WERROR result = WERR_OK;
431 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
432 struct security_token *token = p->server_info->ptok;
433 DATA_BLOB blob = data_blob_null;
434
435 /* perform access checks */
436
437 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
438 return WERR_BADFID;
439
440 if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
441 return WERR_ACCESS_DENIED;
442 }
443
444 num_services = enumerate_status( p->mem_ctx, &services, token );
445 if (num_services == -1 ) {
446 return WERR_NOMEM;
447 }
448
449 for ( i=0; i<num_services; i++ ) {
450 buffer_size += ndr_size_ENUM_SERVICE_STATUSW(&services[i], 0);
451 }
452
453 buffer_size += buffer_size % 4;
454
455 if (buffer_size > r->in.offered) {
456 num_services = 0;
457 result = WERR_MORE_DATA;
458 }
459
460 if ( W_ERROR_IS_OK(result) ) {
461
462 enum ndr_err_code ndr_err;
463 struct ndr_push *ndr;
464
465 ndr = ndr_push_init_ctx(p->mem_ctx);
466 if (ndr == NULL) {
467 return WERR_INVALID_PARAM;
468 }
469
470 ndr_err = ndr_push_ENUM_SERVICE_STATUSW_array(
471 ndr, num_services, services);
472 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
473 return ntstatus_to_werror(ndr_map_error2ntstatus(ndr_err));
474 }
475 blob = ndr_push_blob(ndr);
476 memcpy(r->out.service, blob.data, MIN(blob.length, r->in.offered));
477 }
478
479 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
480 *r->out.services_returned = (uint32)num_services;
481 if (r->out.resume_handle) {
482 *r->out.resume_handle = 0;
483 }
484
485 return result;
486 }
487
488 /********************************************************************
489 _svcctl_StartServiceW
490 ********************************************************************/
491
492 WERROR _svcctl_StartServiceW(struct pipes_struct *p,
493 struct svcctl_StartServiceW *r)
494 {
495 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
496
497 /* perform access checks */
498
499 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
500 return WERR_BADFID;
501
502 if ( !(info->access_granted & SC_RIGHT_SVC_START) )
503 return WERR_ACCESS_DENIED;
504
505 return info->ops->start_service( info->name );
506 }
507
508 /********************************************************************
509 _svcctl_ControlService
510 ********************************************************************/
511
512 WERROR _svcctl_ControlService(struct pipes_struct *p,
513 struct svcctl_ControlService *r)
514 {
515 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
516
517 /* perform access checks */
518
519 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
520 return WERR_BADFID;
521
522 switch ( r->in.control ) {
523 case SVCCTL_CONTROL_STOP:
524 if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
525 return WERR_ACCESS_DENIED;
526
527 return info->ops->stop_service( info->name,
528 r->out.service_status );
529
530 case SVCCTL_CONTROL_INTERROGATE:
531 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
532 return WERR_ACCESS_DENIED;
533
534 return info->ops->service_status( info->name,
535 r->out.service_status );
536 default:
537 return WERR_INVALID_PARAM;
538 }
539 }
540
541 /********************************************************************
542 _svcctl_EnumDependentServicesW
543 ********************************************************************/
544
545 WERROR _svcctl_EnumDependentServicesW(struct pipes_struct *p,
546 struct svcctl_EnumDependentServicesW *r)
547 {
548 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.service );
549
550 /* perform access checks */
551
552 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
553 return WERR_BADFID;
554
555 if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
556 return WERR_ACCESS_DENIED;
557
558 switch (r->in.state) {
559 case SERVICE_STATE_ACTIVE:
560 case SERVICE_STATE_INACTIVE:
561 case SERVICE_STATE_ALL:
562 break;
563 default:
564 return WERR_INVALID_PARAM;
565 }
566
567 /* we have to set the outgoing buffer size to the same as the
568 incoming buffer size (even in the case of failure */
569 /* this is done in the autogenerated server already - gd */
570
571 *r->out.needed = r->in.offered;
572
573 /* no dependent services...basically a stub function */
574 *r->out.services_returned = 0;
575
576 return WERR_OK;
577 }
578
579 /********************************************************************
580 _svcctl_QueryServiceStatusEx
581 ********************************************************************/
582
583 WERROR _svcctl_QueryServiceStatusEx(struct pipes_struct *p,
584 struct svcctl_QueryServiceStatusEx *r)
585 {
586 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
587 uint32 buffer_size;
588
589 /* perform access checks */
590
591 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
592 return WERR_BADFID;
593
594 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
595 return WERR_ACCESS_DENIED;
596
597 /* we have to set the outgoing buffer size to the same as the
598 incoming buffer size (even in the case of failure) */
599 *r->out.needed = r->in.offered;
600
601 switch ( r->in.info_level ) {
602 case SVC_STATUS_PROCESS_INFO:
603 {
604 struct SERVICE_STATUS_PROCESS svc_stat_proc;
605 enum ndr_err_code ndr_err;
606 DATA_BLOB blob;
607
608 /* Get the status of the service.. */
609 info->ops->service_status( info->name, &svc_stat_proc.status );
610 svc_stat_proc.process_id = sys_getpid();
611 svc_stat_proc.service_flags = 0x0;
612
613 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &svc_stat_proc,
614 (ndr_push_flags_fn_t)ndr_push_SERVICE_STATUS_PROCESS);
615 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
616 return WERR_INVALID_PARAM;
617 }
618
619 r->out.buffer = blob.data;
620 buffer_size = sizeof(struct SERVICE_STATUS_PROCESS);
621 break;
622 }
623
624 default:
625 return WERR_UNKNOWN_LEVEL;
626 }
627
628
629 buffer_size += buffer_size % 4;
630 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
631
632 if (buffer_size > r->in.offered ) {
633 return WERR_INSUFFICIENT_BUFFER;
634 }
635
636 return WERR_OK;
637 }
638
639 /********************************************************************
640 ********************************************************************/
641
642 static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name,
643 struct QUERY_SERVICE_CONFIG *config,
644 struct security_token *token )
645 {
646 TALLOC_CTX *mem_ctx = talloc_stackframe();
647 const char *result = NULL;
648
649 /* now fill in the individual values */
650
651 config->displayname = svcctl_lookup_dispname(mem_ctx, name, token);
652
653 result = svcctl_get_string_value(mem_ctx, name, "ObjectName", token);
654 if (result != NULL) {
655 config->startname = result;
656 }
657
658 result = svcctl_get_string_value(mem_ctx, name, "ImagePath", token);
659 if (result != NULL) {
660 config->executablepath = result;
661 }
662
663 /* a few hard coded values */
664 /* loadordergroup and dependencies are empty */
665
666 config->tag_id = 0x00000000; /* unassigned loadorder group */
667 config->service_type = SERVICE_TYPE_WIN32_OWN_PROCESS;
668 config->error_control = SVCCTL_SVC_ERROR_NORMAL;
669
670 /* set the start type. NetLogon and WINS are disabled to prevent
671 the client from showing the "Start" button (if of course the services
672 are not running */
673
674 if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) )
675 config->start_type = SVCCTL_DISABLED;
676 else if ( strequal( name, "WINS" ) && ( !lp_wins_support() ))
677 config->start_type = SVCCTL_DISABLED;
678 else
679 config->start_type = SVCCTL_DEMAND_START;
680
681
682 talloc_free(mem_ctx);
683
684 return WERR_OK;
685 }
686
687 /********************************************************************
688 _svcctl_QueryServiceConfigW
689 ********************************************************************/
690
691 WERROR _svcctl_QueryServiceConfigW(struct pipes_struct *p,
692 struct svcctl_QueryServiceConfigW *r)
693 {
694 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
695 uint32 buffer_size;
696 WERROR wresult;
697
698 /* perform access checks */
699
700 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
701 return WERR_BADFID;
702
703 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
704 return WERR_ACCESS_DENIED;
705
706 /* we have to set the outgoing buffer size to the same as the
707 incoming buffer size (even in the case of failure */
708
709 *r->out.needed = r->in.offered;
710
711 wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query,
712 p->server_info->ptok);
713 if ( !W_ERROR_IS_OK(wresult) )
714 return wresult;
715
716 buffer_size = ndr_size_QUERY_SERVICE_CONFIG(r->out.query, 0);
717 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
718
719 if (buffer_size > r->in.offered ) {
720 ZERO_STRUCTP(r->out.query);
721 return WERR_INSUFFICIENT_BUFFER;
722 }
723
724 return WERR_OK;
725 }
726
727 /********************************************************************
728 _svcctl_QueryServiceConfig2W
729 ********************************************************************/
730
731 WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
732 struct svcctl_QueryServiceConfig2W *r)
733 {
734 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
735 uint32 buffer_size;
736
737 /* perform access checks */
738
739 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
740 return WERR_BADFID;
741
742 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
743 return WERR_ACCESS_DENIED;
744
745 /* we have to set the outgoing buffer size to the same as the
746 incoming buffer size (even in the case of failure */
747 *r->out.needed = r->in.offered;
748
749 switch ( r->in.info_level ) {
750 case SERVICE_CONFIG_DESCRIPTION:
751 {
752 struct SERVICE_DESCRIPTION desc_buf;
753 const char *description;
754 enum ndr_err_code ndr_err;
755 DATA_BLOB blob;
756
757 description = svcctl_lookup_description(
758 p->mem_ctx, info->name, p->server_info->ptok);
759
760 desc_buf.description = description;
761
762 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &desc_buf,
763 (ndr_push_flags_fn_t)ndr_push_SERVICE_DESCRIPTION);
764 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
765 return WERR_INVALID_PARAM;
766 }
767
768 buffer_size = ndr_size_SERVICE_DESCRIPTION(&desc_buf, 0);
769 r->out.buffer = blob.data;
770
771 break;
772 }
773 break;
774 case SERVICE_CONFIG_FAILURE_ACTIONS:
775 {
776 struct SERVICE_FAILURE_ACTIONS actions;
777 enum ndr_err_code ndr_err;
778 DATA_BLOB blob;
779
780 /* nothing to say...just service the request */
781
782 ZERO_STRUCT( actions );
783
784 ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, &actions,
785 (ndr_push_flags_fn_t)ndr_push_SERVICE_FAILURE_ACTIONS);
786 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
787 return WERR_INVALID_PARAM;
788 }
789
790 buffer_size = ndr_size_SERVICE_FAILURE_ACTIONS(&actions, 0);
791 r->out.buffer = blob.data;
792
793 break;
794 }
795 break;
796
797 default:
798 return WERR_UNKNOWN_LEVEL;
799 }
800
801 buffer_size += buffer_size % 4;
802 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
803
804 if (buffer_size > r->in.offered)
805 return WERR_INSUFFICIENT_BUFFER;
806
807 return WERR_OK;
808 }
809
810 /********************************************************************
811 _svcctl_LockServiceDatabase
812 ********************************************************************/
813
814 WERROR _svcctl_LockServiceDatabase(struct pipes_struct *p,
815 struct svcctl_LockServiceDatabase *r)
816 {
817 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
818
819 /* perform access checks */
820
821 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
822 return WERR_BADFID;
823
824 if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
825 return WERR_ACCESS_DENIED;
826
827 /* Just open a handle. Doesn't actually lock anything */
828
829 return create_open_service_handle( p, r->out.lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
830 }
831
832 /********************************************************************
833 _svcctl_UnlockServiceDatabase
834 ********************************************************************/
835
836 WERROR _svcctl_UnlockServiceDatabase(struct pipes_struct *p,
837 struct svcctl_UnlockServiceDatabase *r)
838 {
839 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.lock );
840
841
842 if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
843 return WERR_BADFID;
844
845 return close_policy_hnd( p, r->out.lock) ? WERR_OK : WERR_BADFID;
846 }
847
848 /********************************************************************
849 _svcctl_QueryServiceObjectSecurity
850 ********************************************************************/
851
852 WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
853 struct svcctl_QueryServiceObjectSecurity *r)
854 {
855 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
856 struct security_descriptor *sec_desc;
857 NTSTATUS status;
858 uint8_t *buffer = NULL;
859 size_t len = 0;
860
861
862 /* only support the SCM and individual services */
863
864 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
865 return WERR_BADFID;
866
867 /* check access reights (according to MSDN) */
868
869 if ( !(info->access_granted & SEC_STD_READ_CONTROL) )
870 return WERR_ACCESS_DENIED;
871
872 /* TODO: handle something besides SECINFO_DACL */
873
874 if ( (r->in.security_flags & SECINFO_DACL) != SECINFO_DACL )
875 return WERR_INVALID_PARAM;
876
877 /* lookup the security descriptor and marshall it up for a reply */
878
879 if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
880 return WERR_NOMEM;
881
882 *r->out.needed = ndr_size_security_descriptor(sec_desc, 0);
883
884 if ( *r->out.needed > r->in.offered) {
885 return WERR_INSUFFICIENT_BUFFER;
886 }
887
888 status = marshall_sec_desc(p->mem_ctx, sec_desc, &buffer, &len);
889 if (!NT_STATUS_IS_OK(status)) {
890 return ntstatus_to_werror(status);
891 }
892
893 *r->out.needed = len;
894 r->out.buffer = buffer;
895
896 return WERR_OK;
897 }
898
899 /********************************************************************
900 _svcctl_SetServiceObjectSecurity
901 ********************************************************************/
902
903 WERROR _svcctl_SetServiceObjectSecurity(struct pipes_struct *p,
904 struct svcctl_SetServiceObjectSecurity *r)
905 {
906 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
907 struct security_descriptor *sec_desc = NULL;
908 uint32 required_access;
909 NTSTATUS status;
910
911 if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
912 return WERR_BADFID;
913
914 /* can't set the security de4scriptor on the ServiceControlManager */
915
916 if ( info->type == SVC_HANDLE_IS_SCM )
917 return WERR_ACCESS_DENIED;
918
919 /* check the access on the open handle */
920
921 switch ( r->in.security_flags ) {
922 case SECINFO_DACL:
923 required_access = SEC_STD_WRITE_DAC;
924 break;
925
926 case SECINFO_OWNER:
927 case SECINFO_GROUP:
928 required_access = SEC_STD_WRITE_OWNER;
929 break;
930
931 case SECINFO_SACL:
932 return WERR_INVALID_PARAM;
933 default:
934 return WERR_INVALID_PARAM;
935 }
936
937 if ( !(info->access_granted & required_access) )
938 return WERR_ACCESS_DENIED;
939
940 /* read the security descfriptor */
941
942 status = unmarshall_sec_desc(p->mem_ctx,
943 r->in.buffer,
944 r->in.offered,
945 &sec_desc);
946 if (!NT_STATUS_IS_OK(status)) {
947 return ntstatus_to_werror(status);
948 }
949
950 /* store the new SD */
951
952 if (!svcctl_set_secdesc(info->name, sec_desc, p->server_info->ptok))
953 return WERR_ACCESS_DENIED;
954
955 return WERR_OK;
956 }
957
958
959 WERROR _svcctl_DeleteService(struct pipes_struct *p,
960 struct svcctl_DeleteService *r)
961 {
962 p->rng_fault_state = True;
963 return WERR_NOT_SUPPORTED;
964 }
965
966 WERROR _svcctl_SetServiceStatus(struct pipes_struct *p,
967 struct svcctl_SetServiceStatus *r)
968 {
969 p->rng_fault_state = True;
970 return WERR_NOT_SUPPORTED;
971 }
972
973 WERROR _svcctl_NotifyBootConfigStatus(struct pipes_struct *p,
974 struct svcctl_NotifyBootConfigStatus *r)
975 {
976 p->rng_fault_state = True;
977 return WERR_NOT_SUPPORTED;
978 }
979
980 WERROR _svcctl_SCSetServiceBitsW(struct pipes_struct *p,
981 struct svcctl_SCSetServiceBitsW *r)
982 {
983 p->rng_fault_state = True;
984 return WERR_NOT_SUPPORTED;
985 }
986
987 WERROR _svcctl_ChangeServiceConfigW(struct pipes_struct *p,
988 struct svcctl_ChangeServiceConfigW *r)
989 {
990 p->rng_fault_state = True;
991 return WERR_NOT_SUPPORTED;
992 }
993
994 WERROR _svcctl_CreateServiceW(struct pipes_struct *p,
995 struct svcctl_CreateServiceW *r)
996 {
997 p->rng_fault_state = True;
998 return WERR_NOT_SUPPORTED;
999 }
1000
1001 WERROR _svcctl_QueryServiceLockStatusW(struct pipes_struct *p,
1002 struct svcctl_QueryServiceLockStatusW *r)
1003 {
1004 p->rng_fault_state = True;
1005 return WERR_NOT_SUPPORTED;
1006 }
1007
1008 WERROR _svcctl_GetServiceKeyNameW(struct pipes_struct *p,
1009 struct svcctl_GetServiceKeyNameW *r)
1010 {
1011 p->rng_fault_state = True;
1012 return WERR_NOT_SUPPORTED;
1013 }
1014
1015 WERROR _svcctl_SCSetServiceBitsA(struct pipes_struct *p,
1016 struct svcctl_SCSetServiceBitsA *r)
1017 {
1018 p->rng_fault_state = True;
1019 return WERR_NOT_SUPPORTED;
1020 }
1021
1022 WERROR _svcctl_ChangeServiceConfigA(struct pipes_struct *p,
1023 struct svcctl_ChangeServiceConfigA *r)
1024 {
1025 p->rng_fault_state = True;
1026 return WERR_NOT_SUPPORTED;
1027 }
1028
1029 WERROR _svcctl_CreateServiceA(struct pipes_struct *p,
1030 struct svcctl_CreateServiceA *r)
1031 {
1032 p->rng_fault_state = True;
1033 return WERR_NOT_SUPPORTED;
1034 }
1035
1036 WERROR _svcctl_EnumDependentServicesA(struct pipes_struct *p,
1037 struct svcctl_EnumDependentServicesA *r)
1038 {
1039 p->rng_fault_state = True;
1040 return WERR_NOT_SUPPORTED;
1041 }
1042
1043 WERROR _svcctl_EnumServicesStatusA(struct pipes_struct *p,
1044 struct svcctl_EnumServicesStatusA *r)
1045 {
1046 p->rng_fault_state = True;
1047 return WERR_NOT_SUPPORTED;
1048 }
1049
1050 WERROR _svcctl_OpenSCManagerA(struct pipes_struct *p,
1051 struct svcctl_OpenSCManagerA *r)
1052 {
1053 p->rng_fault_state = True;
1054 return WERR_NOT_SUPPORTED;
1055 }
1056
1057 WERROR _svcctl_OpenServiceA(struct pipes_struct *p,
1058 struct svcctl_OpenServiceA *r)
1059 {
1060 p->rng_fault_state = True;
1061 return WERR_NOT_SUPPORTED;
1062 }
1063
1064 WERROR _svcctl_QueryServiceConfigA(struct pipes_struct *p,
1065 struct svcctl_QueryServiceConfigA *r)
1066 {
1067 p->rng_fault_state = True;
1068 return WERR_NOT_SUPPORTED;
1069 }
1070
1071 WERROR _svcctl_QueryServiceLockStatusA(struct pipes_struct *p,
1072 struct svcctl_QueryServiceLockStatusA *r)
1073 {
1074 p->rng_fault_state = True;
1075 return WERR_NOT_SUPPORTED;
1076 }
1077
1078 WERROR _svcctl_StartServiceA(struct pipes_struct *p,
1079 struct svcctl_StartServiceA *r)
1080 {
1081 p->rng_fault_state = True;
1082 return WERR_NOT_SUPPORTED;
1083 }
1084
1085 WERROR _svcctl_GetServiceDisplayNameA(struct pipes_struct *p,
1086 struct svcctl_GetServiceDisplayNameA *r)
1087 {
1088 p->rng_fault_state = True;
1089 return WERR_NOT_SUPPORTED;
1090 }
1091
1092 WERROR _svcctl_GetServiceKeyNameA(struct pipes_struct *p,
1093 struct svcctl_GetServiceKeyNameA *r)
1094 {
1095 p->rng_fault_state = True;
1096 return WERR_NOT_SUPPORTED;
1097 }
1098
1099 WERROR _svcctl_GetCurrentGroupeStateW(struct pipes_struct *p,
1100 struct svcctl_GetCurrentGroupeStateW *r)
1101 {
1102 p->rng_fault_state = True;
1103 return WERR_NOT_SUPPORTED;
1104 }
1105
1106 WERROR _svcctl_EnumServiceGroupW(struct pipes_struct *p,
1107 struct svcctl_EnumServiceGroupW *r)
1108 {
1109 p->rng_fault_state = True;
1110 return WERR_NOT_SUPPORTED;
1111 }
1112
1113 WERROR _svcctl_ChangeServiceConfig2A(struct pipes_struct *p,
1114 struct svcctl_ChangeServiceConfig2A *r)
1115 {
1116 p->rng_fault_state = True;
1117 return WERR_NOT_SUPPORTED;
1118 }
1119
1120 WERROR _svcctl_ChangeServiceConfig2W(struct pipes_struct *p,
1121 struct svcctl_ChangeServiceConfig2W *r)
1122 {
1123 p->rng_fault_state = True;
1124 return WERR_NOT_SUPPORTED;
1125 }
1126
1127 WERROR _svcctl_QueryServiceConfig2A(struct pipes_struct *p,
1128 struct svcctl_QueryServiceConfig2A *r)
1129 {
1130 p->rng_fault_state = True;
1131 return WERR_NOT_SUPPORTED;
1132 }
1133
1134 WERROR _EnumServicesStatusExA(struct pipes_struct *p,
1135 struct EnumServicesStatusExA *r)
1136 {
1137 p->rng_fault_state = True;
1138 return WERR_NOT_SUPPORTED;
1139 }
1140
1141 WERROR _EnumServicesStatusExW(struct pipes_struct *p,
1142 struct EnumServicesStatusExW *r)
1143 {
1144 p->rng_fault_state = True;
1145 return WERR_NOT_SUPPORTED;
1146 }
1147
1148 WERROR _svcctl_SCSendTSMessage(struct pipes_struct *p,
1149 struct svcctl_SCSendTSMessage *r)
1150 {
1151 p->rng_fault_state = True;
1152 return WERR_NOT_SUPPORTED;
1153 }
1154
Samba GIT mirror