summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_svcctl.h33
-rw-r--r--source3/rpc_parse/parse_svcctl.c103
-rw-r--r--source3/rpc_server/srv_svcctl.c52
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c92
-rw-r--r--source3/services/services_db.c47
5 files changed, 324 insertions, 3 deletions
diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h
index 4a058999a3..8ca5e1772b 100644
--- a/source3/include/rpc_svcctl.h
+++ b/source3/include/rpc_svcctl.h
@@ -27,8 +27,8 @@
#define SVCCTL_CLOSE_SERVICE 0x00
#define SVCCTL_CONTROL_SERVICE 0x01
#define SVCCTL_LOCK_SERVICE_DB 0x03
-#define SVCCTL_QUERY_SERVICE_SEC 0x04 /* not impmenented */
-#define SVCCTL_SET_SEVICE_SEC 0x05 /* not implemented */
+#define SVCCTL_QUERY_SERVICE_SEC 0x04
+#define SVCCTL_SET_SERVICE_SEC 0x05
#define SVCCTL_QUERY_STATUS 0x06
#define SVCCTL_UNLOCK_SERVICE_DB 0x08
#define SVCCTL_ENUM_DEPENDENT_SERVICES_W 0x0d
@@ -385,5 +385,34 @@ typedef struct {
WERROR status;
} SVCCTL_R_UNLOCK_SERVICE_DB;
+
+/**************************/
+
+typedef struct {
+ POLICY_HND handle;
+ uint32 security_flags;
+ uint32 buffer_size;
+} SVCCTL_Q_QUERY_SERVICE_SEC;
+
+typedef struct {
+ RPC_BUFFER buffer;
+ uint32 needed;
+ WERROR status;
+} SVCCTL_R_QUERY_SERVICE_SEC;
+
+/**************************/
+
+typedef struct {
+ POLICY_HND handle;
+ uint32 security_flags;
+ RPC_BUFFER buffer;
+ uint32 buffer_size;
+} SVCCTL_Q_SET_SERVICE_SEC;
+
+typedef struct {
+ WERROR status;
+} SVCCTL_R_SET_SERVICE_SEC;
+
+
#endif /* _RPC_SVCCTL_H */
diff --git a/source3/rpc_parse/parse_svcctl.c b/source3/rpc_parse/parse_svcctl.c
index dd0c68bd79..2cb44c6319 100644
--- a/source3/rpc_parse/parse_svcctl.c
+++ b/source3/rpc_parse/parse_svcctl.c
@@ -1029,6 +1029,109 @@ BOOL svcctl_io_r_unlock_service_db(const char *desc, SVCCTL_R_UNLOCK_SERVICE_DB
return True;
}
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_q_query_service_sec(const char *desc, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, prs_struct *ps, int depth)
+{
+ if (q_u == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, "svcctl_io_q_query_service_sec");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth))
+ return False;
+ if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags))
+ return False;
+ if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
+ return False;
+
+ return True;
+
+}
+
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_r_query_service_sec(const char *desc, SVCCTL_R_QUERY_SERVICE_SEC *r_u, prs_struct *ps, int depth)
+{
+ if ( !r_u )
+ return False;
+
+ prs_debug(ps, depth, desc, "svcctl_io_r_query_service_sec");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if (!prs_rpcbuffer("buffer", ps, depth, &r_u->buffer))
+ return False;
+
+ if(!prs_uint32("needed", ps, depth, &r_u->needed))
+ return False;
+
+ if(!prs_werror("status", ps, depth, &r_u->status))
+ return False;
+
+ return True;
+}
+
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_q_set_service_sec(const char *desc, SVCCTL_Q_SET_SERVICE_SEC *q_u, prs_struct *ps, int depth)
+{
+ if (q_u == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, "svcctl_io_q_set_service_sec");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth))
+ return False;
+ if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags))
+ return False;
+
+ if (!prs_rpcbuffer("buffer", ps, depth, &q_u->buffer))
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
+ return False;
+
+ return True;
+
+}
+
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_r_set_service_sec(const char *desc, SVCCTL_R_SET_SERVICE_SEC *r_u, prs_struct *ps, int depth)
+{
+ if ( !r_u )
+ return False;
+
+ prs_debug(ps, depth, desc, "svcctl_io_r_set_service_sec");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_werror("status", ps, depth, &r_u->status))
+ return False;
+
+ return True;
+}
+
diff --git a/source3/rpc_server/srv_svcctl.c b/source3/rpc_server/srv_svcctl.c
index 31d8bbe9b3..74ae3aaa16 100644
--- a/source3/rpc_server/srv_svcctl.c
+++ b/source3/rpc_server/srv_svcctl.c
@@ -358,6 +358,54 @@ static BOOL api_svcctl_unlock_service_db(pipes_struct *p)
return True;
}
+/*******************************************************************
+ ********************************************************************/
+
+static BOOL api_svcctl_query_security_sec(pipes_struct *p)
+{
+ SVCCTL_Q_QUERY_SERVICE_SEC q_u;
+ SVCCTL_R_QUERY_SERVICE_SEC r_u;
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!svcctl_io_q_query_service_sec("", &q_u, data, 0))
+ return False;
+
+ r_u.status = _svcctl_query_service_sec(p, &q_u, &r_u);
+
+ if(!svcctl_io_r_query_service_sec("", &r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static BOOL api_svcctl_set_security_sec(pipes_struct *p)
+{
+ SVCCTL_Q_SET_SERVICE_SEC q_u;
+ SVCCTL_R_SET_SERVICE_SEC r_u;
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!svcctl_io_q_set_service_sec("", &q_u, data, 0))
+ return False;
+
+ r_u.status = _svcctl_set_service_sec(p, &q_u, &r_u);
+
+ if(!svcctl_io_r_set_service_sec("", &r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
/*******************************************************************
\PIPE\svcctl commands
@@ -378,7 +426,9 @@ static struct api_struct api_svcctl_cmds[] =
{ "SVCCTL_CONTROL_SERVICE" , SVCCTL_CONTROL_SERVICE , api_svcctl_control_service },
{ "SVCCTL_QUERY_SERVICE_STATUSEX_W" , SVCCTL_QUERY_SERVICE_STATUSEX_W , api_svcctl_query_service_status_ex },
{ "SVCCTL_LOCK_SERVICE_DB" , SVCCTL_LOCK_SERVICE_DB , api_svcctl_lock_service_db },
- { "SVCCTL_UNLOCK_SERVICE_DB" , SVCCTL_UNLOCK_SERVICE_DB , api_svcctl_unlock_service_db }
+ { "SVCCTL_UNLOCK_SERVICE_DB" , SVCCTL_UNLOCK_SERVICE_DB , api_svcctl_unlock_service_db },
+ { "SVCCTL_QUERY_SERVICE_SEC" , SVCCTL_QUERY_SERVICE_SEC , api_svcctl_query_security_sec },
+ { "SVCCTL_SET_SERVICE_SEC" , SVCCTL_SET_SERVICE_SEC , api_svcctl_set_security_sec }
};
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 97c38753c3..4db8f7ed3f 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -771,3 +771,95 @@ WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q
return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID;
}
+
+/********************************************************************
+********************************************************************/
+
+WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, SVCCTL_R_QUERY_SERVICE_SEC *r_u )
+{
+ SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+ SEC_DESC *sec_desc;
+
+
+ /* only support the SCM and individual services */
+
+ if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
+ return WERR_BADFID;
+
+ /* check access reights (according to MSDN) */
+
+ if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
+ return WERR_ACCESS_DENIED;
+
+ /* TODO: handle something besides DACL_SECURITY_INFORMATION */
+
+ if ( (q_u->security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+ return WERR_INVALID_PARAM;
+
+ /* lookup the security descriptor and marshall it up for a reply */
+
+ if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
+ return WERR_NOMEM;
+
+ r_u->needed = sec_desc_size( sec_desc );
+
+ if ( r_u->needed > q_u->buffer_size ) {
+ ZERO_STRUCTP( &r_u->buffer );
+ return WERR_INSUFFICIENT_BUFFER;
+ }
+
+ rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
+
+ if ( !sec_io_desc("", &sec_desc, &r_u->buffer.prs, 0 ) )
+ return WERR_NOMEM;
+
+ return WERR_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u, SVCCTL_R_SET_SERVICE_SEC *r_u )
+{
+ SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+ SEC_DESC *sec_desc = NULL;
+ uint32 required_access;
+
+ if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
+ return WERR_BADFID;
+
+ /* check the access on the open handle */
+
+ switch ( q_u->security_flags ) {
+ case DACL_SECURITY_INFORMATION:
+ required_access = STD_RIGHT_WRITE_DAC_ACCESS;
+ break;
+
+ case OWNER_SECURITY_INFORMATION:
+ case GROUP_SECURITY_INFORMATION:
+ required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
+ break;
+
+ case SACL_SECURITY_INFORMATION:
+ return WERR_INVALID_PARAM;
+ default:
+ return WERR_INVALID_PARAM;
+ }
+
+ if ( !(info->access_granted & required_access) )
+ return WERR_ACCESS_DENIED;
+
+ /* read the security descfriptor */
+
+ if ( !sec_io_desc("", &sec_desc, &q_u->buffer.prs, 0 ) )
+ return WERR_NOMEM;
+
+ /* store the new SD */
+
+ if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) )
+ return WERR_ACCESS_DENIED;
+
+ return WERR_OK;
+}
+
+
diff --git a/source3/services/services_db.c b/source3/services/services_db.c
index b3ba7fcc96..a16657c0ed 100644
--- a/source3/services/services_db.c
+++ b/source3/services/services_db.c
@@ -520,6 +520,53 @@ SEC_DESC* svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *
}
/********************************************************************
+ Wrapper to make storing a Service sd easier
+********************************************************************/
+
+BOOL svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token )
+{
+ REGISTRY_KEY *key;
+ WERROR wresult;
+ pstring path;
+ REGVAL_CTR *values;
+ prs_struct ps;
+ BOOL ret = False;
+
+ /* now add the security descriptor */
+
+ pstr_sprintf( path, "%s\\%s\\%s", KEY_SERVICES, name, "Security" );
+ wresult = regkey_open_internal( &key, path, token, REG_KEY_ALL );
+ if ( !W_ERROR_IS_OK(wresult) ) {
+ DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
+ path, dos_errstr(wresult)));
+ return False;
+ }
+
+ if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
+ DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
+ regkey_close_internal( key );
+ return False;
+ }
+
+ /* stream the printer security descriptor */
+
+ prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL);
+
+ if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) {
+ uint32 offset = prs_offset( &ps );
+ regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset );
+ ret = store_reg_values( key, values );
+ }
+
+ /* cleanup */
+
+ prs_mem_free( &ps );
+ regkey_close_internal( key);
+
+ return ret;
+}
+
+/********************************************************************
********************************************************************/
char* svcctl_lookup_dispname( const char *name, NT_USER_TOKEN *token )