search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r10656: BIG merge from trunk. Features not copied over
[Samba/nascimento.git] / source3 / rpc_server / srv_svcctl_nt.c
blobe8df2acb22fec61ea99995e048343afcd4c875c5
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 *
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 *
7 * Largely Rewritten (Again) by:
8 * Copyright (C) Gerald (Jerry) Carter 2005.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_RPC_SRV
29
30 struct service_control_op {
31 const char *name;
32 SERVICE_CONTROL_OPS *ops;
33 };
34
35 extern SERVICE_CONTROL_OPS spoolss_svc_ops;
36 extern SERVICE_CONTROL_OPS rcinit_svc_ops;
37 extern SERVICE_CONTROL_OPS netlogon_svc_ops;
38 extern SERVICE_CONTROL_OPS winreg_svc_ops;
39
40 struct service_control_op *svcctl_ops;
41
42 static struct generic_mapping scm_generic_map =
43 { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
44 static struct generic_mapping svc_generic_map =
45 { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
46
47
48 /********************************************************************
49 ********************************************************************/
50
51 BOOL init_service_op_table( void )
52 {
53 const char **service_list = lp_svcctl_list();
54 int num_services = 3 + str_list_count( service_list );
55 int i;
56
57 if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
58 DEBUG(0,("init_service_op_table: talloc() failed!\n"));
59 return False;
60 }
61
62 /* services listed in smb.conf get the rc.init interface */
63
64 for ( i=0; service_list[i]; i++ ) {
65 svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
66 svcctl_ops[i].ops = &rcinit_svc_ops;
67 }
68
69 /* add builtin services */
70
71 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
72 svcctl_ops[i].ops = &spoolss_svc_ops;
73 i++;
74
75 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
76 svcctl_ops[i].ops = &netlogon_svc_ops;
77 i++;
78
79 svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
80 svcctl_ops[i].ops = &winreg_svc_ops;
81 i++;
82
83 /* NULL terminate the array */
84
85 svcctl_ops[i].name = NULL;
86 svcctl_ops[i].ops = NULL;
87
88 return True;
89 }
90
91 /********************************************************************
92 ********************************************************************/
93
94 static struct service_control_op* find_service_by_name( const char *name )
95 {
96 int i;
97
98 for ( i=0; svcctl_ops[i].name; i++ ) {
99 if ( strequal( name, svcctl_ops[i].name ) )
100 return &svcctl_ops[i];
101 }
102
103 return NULL;
104 }
105 /********************************************************************
106 ********************************************************************/
107
108 static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
109 uint32 access_desired, uint32 *access_granted )
110 {
111 NTSTATUS result;
112
113 if ( geteuid() == sec_initial_uid() ) {
114 DEBUG(5,("svcctl_access_check: using root's token\n"));
115 token = get_root_nt_token();
116 }
117
118 se_access_check( sec_desc, token, access_desired, access_granted, &result );
119
120 return result;
121 }
122
123 /********************************************************************
124 ********************************************************************/
125
126 static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
127 {
128 SEC_ACE ace[2];
129 SEC_ACCESS mask;
130 size_t i = 0;
131 SEC_DESC *sd;
132 SEC_ACL *acl;
133 size_t sd_size;
134
135 /* basic access for Everyone */
136
137 init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
138 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
139
140 /* Full Access 'BUILTIN\Administrators' */
141
142 init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
143 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
144
145
146 /* create the security descriptor */
147
148 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
149 return NULL;
150
151 if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
152 return NULL;
153
154 return sd;
155 }
156
157 /******************************************************************
158 free() function for REGISTRY_KEY
159 *****************************************************************/
160
161 static void free_service_handle_info(void *ptr)
162 {
163 TALLOC_FREE( ptr );
164 }
165
166 /******************************************************************
167 Find a registry key handle and return a SERVICE_INFO
168 *****************************************************************/
169
170 static SERVICE_INFO *find_service_info_by_hnd(pipes_struct *p, POLICY_HND *hnd)
171 {
172 SERVICE_INFO *service_info = NULL;
173
174 if( !find_policy_by_hnd( p, hnd, (void **)&service_info) ) {
175 DEBUG(2,("find_service_info_by_hnd: handle not found"));
176 return NULL;
177 }
178
179 return service_info;
180 }
181
182 /******************************************************************
183 *****************************************************************/
184
185 static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, uint32 type,
186 const char *service, uint32 access_granted )
187 {
188 SERVICE_INFO *info = NULL;
189 WERROR result = WERR_OK;
190 struct service_control_op *s_op;
191
192 if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
193 return WERR_NOMEM;
194
195 /* the Service Manager has a NULL name */
196
197 info->type = SVC_HANDLE_IS_SCM;
198
199 switch ( type ) {
200 case SVC_HANDLE_IS_SCM:
201 info->type = SVC_HANDLE_IS_SCM;
202 break;
203
204 case SVC_HANDLE_IS_DBLOCK:
205 info->type = SVC_HANDLE_IS_DBLOCK;
206 break;
207
208 case SVC_HANDLE_IS_SERVICE:
209 info->type = SVC_HANDLE_IS_SERVICE;
210
211 /* lookup the SERVICE_CONTROL_OPS */
212
213 if ( !(s_op = find_service_by_name( service )) ) {
214 result = WERR_NO_SUCH_SERVICE;
215 goto done;
216 }
217
218 info->ops = s_op->ops;
219
220 if ( !(info->name = talloc_strdup( info, s_op->name )) ) {
221 result = WERR_NOMEM;
222 goto done;
223 }
224 break;
225
226 default:
227 result = WERR_NO_SUCH_SERVICE;
228 goto done;
229 }
230
231 info->access_granted = access_granted;
232
233 /* store the SERVICE_INFO and create an open handle */
234
235 if ( !create_policy_hnd( p, handle, free_service_handle_info, info ) ) {
236 result = WERR_ACCESS_DENIED;
237 goto done;
238 }
239
240 done:
241 if ( !W_ERROR_IS_OK(result) )
242 free_service_handle_info( info );
243
244 return result;
245 }
246
247 /********************************************************************
248 ********************************************************************/
249
250 WERROR _svcctl_open_scmanager(pipes_struct *p, SVCCTL_Q_OPEN_SCMANAGER *q_u, SVCCTL_R_OPEN_SCMANAGER *r_u)
251 {
252 SEC_DESC *sec_desc;
253 uint32 access_granted = 0;
254 NTSTATUS status;
255
256 /* perform access checks */
257
258 if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
259 return WERR_NOMEM;
260
261 se_map_generic( &q_u->access, &scm_generic_map );
262 status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
263 if ( !NT_STATUS_IS_OK(status) )
264 return ntstatus_to_werror( status );
265
266 return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
267 }
268
269 /********************************************************************
270 ********************************************************************/
271
272 WERROR _svcctl_open_service(pipes_struct *p, SVCCTL_Q_OPEN_SERVICE *q_u, SVCCTL_R_OPEN_SERVICE *r_u)
273 {
274 SEC_DESC *sec_desc;
275 uint32 access_granted = 0;
276 NTSTATUS status;
277 pstring service;
278
279 rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
280
281 DEBUG(5, ("_svcctl_open_service: Attempting to open Service [%s], \n", service));
282
283
284 /* based on my tests you can open a service if you have a valid scm handle */
285
286 if ( !find_service_info_by_hnd( p, &q_u->handle ) )
287 return WERR_BADFID;
288
289 /* perform access checks. Use the root token in order to ensure that we
290 retreive the security descriptor */
291
292 if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
293 return WERR_NOMEM;
294
295 se_map_generic( &q_u->access, &svc_generic_map );
296 status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
297 if ( !NT_STATUS_IS_OK(status) )
298 return ntstatus_to_werror( status );
299
300 return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
301 }
302
303 /********************************************************************
304 ********************************************************************/
305
306 WERROR _svcctl_close_service(pipes_struct *p, SVCCTL_Q_CLOSE_SERVICE *q_u, SVCCTL_R_CLOSE_SERVICE *r_u)
307 {
308 return close_policy_hnd( p, &q_u->handle ) ? WERR_OK : WERR_BADFID;
309 }
310
311 /********************************************************************
312 ********************************************************************/
313
314 WERROR _svcctl_get_display_name(pipes_struct *p, SVCCTL_Q_GET_DISPLAY_NAME *q_u, SVCCTL_R_GET_DISPLAY_NAME *r_u)
315 {
316 fstring service;
317 const char *display_name;
318 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
319
320 /* can only use an SCM handle here */
321
322 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
323 return WERR_BADFID;
324
325 rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
326
327 display_name = svcctl_lookup_dispname( service, p->pipe_user.nt_user_token );
328 init_svcctl_r_get_display_name( r_u, display_name );
329
330 return WERR_OK;
331 }
332
333 /********************************************************************
334 ********************************************************************/
335
336 WERROR _svcctl_query_status(pipes_struct *p, SVCCTL_Q_QUERY_STATUS *q_u, SVCCTL_R_QUERY_STATUS *r_u)
337 {
338 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
339
340 /* perform access checks */
341
342 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
343 return WERR_BADFID;
344
345 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
346 return WERR_ACCESS_DENIED;
347
348 /* try the service specific status call */
349
350 return info->ops->service_status( info->name, &r_u->svc_status );
351 }
352
353 /********************************************************************
354 ********************************************************************/
355
356 static int enumerate_status( TALLOC_CTX *ctx, ENUM_SERVICES_STATUS **status, NT_USER_TOKEN *token )
357 {
358 int num_services = 0;
359 int i;
360 ENUM_SERVICES_STATUS *st;
361 const char *display_name;
362
363 /* just count */
364 while ( svcctl_ops[num_services].name )
365 num_services++;
366
367 if ( !(st = TALLOC_ARRAY( ctx, ENUM_SERVICES_STATUS, num_services )) ) {
368 DEBUG(0,("enumerate_status: talloc() failed!\n"));
369 return -1;
370 }
371
372 for ( i=0; i<num_services; i++ ) {
373 init_unistr( &st[i].servicename, svcctl_ops[i].name );
374
375 display_name = svcctl_lookup_dispname( svcctl_ops[i].name, token );
376 init_unistr( &st[i].displayname, display_name );
377
378 svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
379 }
380
381 *status = st;
382
383 return num_services;
384 }
385
386 /********************************************************************
387 ********************************************************************/
388
389 WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STATUS *q_u, SVCCTL_R_ENUM_SERVICES_STATUS *r_u)
390 {
391 ENUM_SERVICES_STATUS *services = NULL;
392 uint32 num_services;
393 int i = 0;
394 size_t buffer_size = 0;
395 WERROR result = WERR_OK;
396 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
397 NT_USER_TOKEN *token = p->pipe_user.nt_user_token;
398
399 /* perform access checks */
400
401 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
402 return WERR_BADFID;
403
404 if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) )
405 return WERR_ACCESS_DENIED;
406
407 if ( (num_services = enumerate_status( p->mem_ctx, &services, token )) == -1 )
408 return WERR_NOMEM;
409
410 for ( i=0; i<num_services; i++ ) {
411 buffer_size += svcctl_sizeof_enum_services_status(&services[i]);
412 }
413
414 buffer_size += buffer_size % 4;
415
416 if (buffer_size > q_u->buffer_size ) {
417 num_services = 0;
418 result = WERR_MORE_DATA;
419 }
420
421 rpcbuf_init(&r_u->buffer, q_u->buffer_size, p->mem_ctx);
422
423 if ( W_ERROR_IS_OK(result) ) {
424 for ( i=0; i<num_services; i++ )
425 svcctl_io_enum_services_status( "", &services[i], &r_u->buffer, 0 );
426 }
427
428 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
429 r_u->returned = num_services;
430
431 if ( !(r_u->resume = TALLOC_P( p->mem_ctx, uint32 )) )
432 return WERR_NOMEM;
433
434 *r_u->resume = 0x0;
435
436 return result;
437 }
438
439 /********************************************************************
440 ********************************************************************/
441
442 WERROR _svcctl_start_service(pipes_struct *p, SVCCTL_Q_START_SERVICE *q_u, SVCCTL_R_START_SERVICE *r_u)
443 {
444 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
445
446 /* perform access checks */
447
448 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
449 return WERR_BADFID;
450
451 if ( !(info->access_granted & SC_RIGHT_SVC_START) )
452 return WERR_ACCESS_DENIED;
453
454 return info->ops->start_service( info->name );
455 }
456
457 /********************************************************************
458 ********************************************************************/
459
460 WERROR _svcctl_control_service(pipes_struct *p, SVCCTL_Q_CONTROL_SERVICE *q_u, SVCCTL_R_CONTROL_SERVICE *r_u)
461 {
462 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
463
464 /* perform access checks */
465
466 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
467 return WERR_BADFID;
468
469 switch ( q_u->control ) {
470 case SVCCTL_CONTROL_STOP:
471 if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
472 return WERR_ACCESS_DENIED;
473
474 return info->ops->stop_service( info->name, &r_u->svc_status );
475
476 case SVCCTL_CONTROL_INTERROGATE:
477 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
478 return WERR_ACCESS_DENIED;
479
480 return info->ops->service_status( info->name, &r_u->svc_status );
481 }
482
483 /* default control action */
484
485 return WERR_ACCESS_DENIED;
486 }
487
488 /********************************************************************
489 ********************************************************************/
490
491 WERROR _svcctl_enum_dependent_services( pipes_struct *p, SVCCTL_Q_ENUM_DEPENDENT_SERVICES *q_u, SVCCTL_R_ENUM_DEPENDENT_SERVICES *r_u )
492 {
493 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
494
495 /* perform access checks */
496
497 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
498 return WERR_BADFID;
499
500 if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
501 return WERR_ACCESS_DENIED;
502
503 /* we have to set the outgoing buffer size to the same as the
504 incoming buffer size (even in the case of failure */
505
506 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
507
508 r_u->needed = q_u->buffer_size;
509
510 /* no dependent services...basically a stub function */
511 r_u->returned = 0;
512
513 return WERR_OK;
514 }
515
516 /********************************************************************
517 ********************************************************************/
518
519 WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u )
520 {
521 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
522 uint32 buffer_size;
523
524 /* perform access checks */
525
526 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
527 return WERR_BADFID;
528
529 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
530 return WERR_ACCESS_DENIED;
531
532 /* we have to set the outgoing buffer size to the same as the
533 incoming buffer size (even in the case of failure) */
534
535 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
536 r_u->needed = q_u->buffer_size;
537
538 switch ( q_u->level ) {
539 case SVC_STATUS_PROCESS_INFO:
540 {
541 SERVICE_STATUS_PROCESS svc_stat_proc;
542
543 /* Get the status of the service.. */
544 info->ops->service_status( info->name, &svc_stat_proc.status );
545 svc_stat_proc.process_id = sys_getpid();
546 svc_stat_proc.service_flags = 0x0;
547
548 svcctl_io_service_status_process( "", &svc_stat_proc, &r_u->buffer, 0 );
549 buffer_size = sizeof(SERVICE_STATUS_PROCESS);
550 break;
551 }
552
553 default:
554 return WERR_UNKNOWN_LEVEL;
555 }
556
557
558 buffer_size += buffer_size % 4;
559 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
560
561 if (buffer_size > q_u->buffer_size )
562 return WERR_MORE_DATA;
563
564 return WERR_OK;
565 }
566
567 /********************************************************************
568 ********************************************************************/
569
570 static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG *config, NT_USER_TOKEN *token )
571 {
572 REGVAL_CTR *values;
573 REGISTRY_VALUE *val;
574
575 /* retrieve the registry values for this service */
576
577 if ( !(values = svcctl_fetch_regvalues( name, token )) )
578 return WERR_REG_CORRUPT;
579
580 /* now fill in the individual values */
581
582 config->displayname = TALLOC_ZERO_P( ctx, UNISTR2 );
583 if ( (val = regval_ctr_getvalue( values, "DisplayName" )) != NULL )
584 init_unistr2( config->displayname, regval_sz( val ), UNI_STR_TERMINATE );
585 else
586 init_unistr2( config->displayname, name, UNI_STR_TERMINATE );
587
588 if ( (val = regval_ctr_getvalue( values, "ObjectName" )) != NULL ) {
589 config->startname = TALLOC_ZERO_P( ctx, UNISTR2 );
590 init_unistr2( config->startname, regval_sz( val ), UNI_STR_TERMINATE );
591 }
592
593 if ( (val = regval_ctr_getvalue( values, "ImagePath" )) != NULL ) {
594 config->executablepath = TALLOC_ZERO_P( ctx, UNISTR2 );
595 init_unistr2( config->executablepath, regval_sz( val ), UNI_STR_TERMINATE );
596 }
597
598 /* a few hard coded values */
599 /* loadordergroup and dependencies are empty */
600
601 config->tag_id = 0x00000000; /* unassigned loadorder group */
602 config->service_type = SVCCTL_WIN32_OWN_PROC;
603 config->start_type = SVCCTL_DEMAND_START;
604 config->error_control = SVCCTL_SVC_ERROR_NORMAL;
605
606 TALLOC_FREE( values );
607
608 return WERR_OK;
609 }
610
611 /********************************************************************
612 ********************************************************************/
613
614 WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG *r_u )
615 {
616 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
617 uint32 buffer_size;
618 WERROR wresult;
619
620 /* perform access checks */
621
622 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
623 return WERR_BADFID;
624
625 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
626 return WERR_ACCESS_DENIED;
627
628 /* we have to set the outgoing buffer size to the same as the
629 incoming buffer size (even in the case of failure */
630
631 r_u->needed = q_u->buffer_size;
632
633 wresult = fill_svc_config( p->mem_ctx, info->name, &r_u->config, p->pipe_user.nt_user_token );
634 if ( !W_ERROR_IS_OK(wresult) )
635 return wresult;
636
637 buffer_size = svcctl_sizeof_service_config( &r_u->config );
638 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
639
640 if (buffer_size > q_u->buffer_size ) {
641 ZERO_STRUCTP( &r_u->config );
642 return WERR_INSUFFICIENT_BUFFER;
643 }
644
645 return WERR_OK;
646 }
647
648 /********************************************************************
649 ********************************************************************/
650
651 WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG2 *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG2 *r_u )
652 {
653 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
654 uint32 buffer_size;
655
656 /* perform access checks */
657
658 if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
659 return WERR_BADFID;
660
661 if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
662 return WERR_ACCESS_DENIED;
663
664 /* we have to set the outgoing buffer size to the same as the
665 incoming buffer size (even in the case of failure */
666
667 rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
668 r_u->needed = q_u->buffer_size;
669
670 switch ( q_u->level ) {
671 case SERVICE_CONFIG_DESCRIPTION:
672 {
673 SERVICE_DESCRIPTION desc_buf;
674 const char *description;
675
676 description = svcctl_lookup_description( info->name, p->pipe_user.nt_user_token );
677
678 ZERO_STRUCTP( &desc_buf );
679
680 init_service_description_buffer( &desc_buf, description );
681 svcctl_io_service_description( "", &desc_buf, &r_u->buffer, 0 );
682 buffer_size = svcctl_sizeof_service_description( &desc_buf );
683
684 break;
685 }
686 break;
687 case SERVICE_CONFIG_FAILURE_ACTIONS:
688 {
689 SERVICE_FAILURE_ACTIONS actions;
690
691 /* nothing to say...just service the request */
692
693 ZERO_STRUCTP( &actions );
694 svcctl_io_service_fa( "", &actions, &r_u->buffer, 0 );
695 buffer_size = svcctl_sizeof_service_fa( &actions );
696
697 break;
698 }
699 break;
700
701 default:
702 return WERR_UNKNOWN_LEVEL;
703 }
704
705 buffer_size += buffer_size % 4;
706 r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
707
708 if (buffer_size > q_u->buffer_size )
709 return WERR_INSUFFICIENT_BUFFER;
710
711 return WERR_OK;
712 }
713
714 /********************************************************************
715 ********************************************************************/
716
717 WERROR _svcctl_lock_service_db( pipes_struct *p, SVCCTL_Q_LOCK_SERVICE_DB *q_u, SVCCTL_R_LOCK_SERVICE_DB *r_u )
718 {
719 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
720
721 /* perform access checks */
722
723 if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
724 return WERR_BADFID;
725
726 if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
727 return WERR_ACCESS_DENIED;
728
729 /* Just open a handle. Doesn't actually lock anything */
730
731 return create_open_service_handle( p, &r_u->h_lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
732 ;
733 }
734
735 /********************************************************************
736 ********************************************************************/
737
738 WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q_u, SVCCTL_R_UNLOCK_SERVICE_DB *r_u )
739 {
740 SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->h_lock );
741
742
743 if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
744 return WERR_BADFID;
745
746 return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID;
747 }