From e7a1a0ead2013464dc8204e5b997ddc3ae46e973 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 13 Jan 2006 20:24:50 +0000 Subject: r12914: adding query/set ops for security descriptors on services. (This used to be commit cefd2d7cb6140b068d66e2383e9acfa4c3c4b4c7) --- source3/include/rpc_svcctl.h | 33 +++++++++++- source3/rpc_parse/parse_svcctl.c | 103 +++++++++++++++++++++++++++++++++++++ source3/rpc_server/srv_svcctl.c | 52 ++++++++++++++++++- source3/rpc_server/srv_svcctl_nt.c | 92 +++++++++++++++++++++++++++++++++ source3/services/services_db.c | 47 +++++++++++++++++ 5 files changed, 324 insertions(+), 3 deletions(-) diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h index 4a058999a3..8ca5e1772b 100644 --- a/source3/include/rpc_svcctl.h +++ b/source3/include/rpc_svcctl.h @@ -27,8 +27,8 @@ #define SVCCTL_CLOSE_SERVICE 0x00 #define SVCCTL_CONTROL_SERVICE 0x01 #define SVCCTL_LOCK_SERVICE_DB 0x03 -#define SVCCTL_QUERY_SERVICE_SEC 0x04 /* not impmenented */ -#define SVCCTL_SET_SEVICE_SEC 0x05 /* not implemented */ +#define SVCCTL_QUERY_SERVICE_SEC 0x04 +#define SVCCTL_SET_SERVICE_SEC 0x05 #define SVCCTL_QUERY_STATUS 0x06 #define SVCCTL_UNLOCK_SERVICE_DB 0x08 #define SVCCTL_ENUM_DEPENDENT_SERVICES_W 0x0d @@ -385,5 +385,34 @@ typedef struct { WERROR status; } SVCCTL_R_UNLOCK_SERVICE_DB; + +/**************************/ + +typedef struct { + POLICY_HND handle; + uint32 security_flags; + uint32 buffer_size; +} SVCCTL_Q_QUERY_SERVICE_SEC; + +typedef struct { + RPC_BUFFER buffer; + uint32 needed; + WERROR status; +} SVCCTL_R_QUERY_SERVICE_SEC; + +/**************************/ + +typedef struct { + POLICY_HND handle; + uint32 security_flags; + RPC_BUFFER buffer; + uint32 buffer_size; +} SVCCTL_Q_SET_SERVICE_SEC; + +typedef struct { + WERROR status; +} SVCCTL_R_SET_SERVICE_SEC; + + #endif /* _RPC_SVCCTL_H */ diff --git a/source3/rpc_parse/parse_svcctl.c b/source3/rpc_parse/parse_svcctl.c index dd0c68bd79..2cb44c6319 100644 --- a/source3/rpc_parse/parse_svcctl.c +++ b/source3/rpc_parse/parse_svcctl.c @@ -1029,6 +1029,109 @@ BOOL svcctl_io_r_unlock_service_db(const char *desc, SVCCTL_R_UNLOCK_SERVICE_DB return True; } +/******************************************************************* +********************************************************************/ + +BOOL svcctl_io_q_query_service_sec(const char *desc, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, prs_struct *ps, int depth) +{ + if (q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "svcctl_io_q_query_service_sec"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth)) + return False; + if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags)) + return False; + if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size)) + return False; + + return True; + +} + +/******************************************************************* +********************************************************************/ + +BOOL svcctl_io_r_query_service_sec(const char *desc, SVCCTL_R_QUERY_SERVICE_SEC *r_u, prs_struct *ps, int depth) +{ + if ( !r_u ) + return False; + + prs_debug(ps, depth, desc, "svcctl_io_r_query_service_sec"); + depth++; + + if(!prs_align(ps)) + return False; + + if (!prs_rpcbuffer("buffer", ps, depth, &r_u->buffer)) + return False; + + if(!prs_uint32("needed", ps, depth, &r_u->needed)) + return False; + + if(!prs_werror("status", ps, depth, &r_u->status)) + return False; + + return True; +} + +/******************************************************************* +********************************************************************/ + +BOOL svcctl_io_q_set_service_sec(const char *desc, SVCCTL_Q_SET_SERVICE_SEC *q_u, prs_struct *ps, int depth) +{ + if (q_u == NULL) + return False; + + prs_debug(ps, depth, desc, "svcctl_io_q_set_service_sec"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth)) + return False; + if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags)) + return False; + + if (!prs_rpcbuffer("buffer", ps, depth, &q_u->buffer)) + return False; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size)) + return False; + + return True; + +} + +/******************************************************************* +********************************************************************/ + +BOOL svcctl_io_r_set_service_sec(const char *desc, SVCCTL_R_SET_SERVICE_SEC *r_u, prs_struct *ps, int depth) +{ + if ( !r_u ) + return False; + + prs_debug(ps, depth, desc, "svcctl_io_r_set_service_sec"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_werror("status", ps, depth, &r_u->status)) + return False; + + return True; +} + diff --git a/source3/rpc_server/srv_svcctl.c b/source3/rpc_server/srv_svcctl.c index 31d8bbe9b3..74ae3aaa16 100644 --- a/source3/rpc_server/srv_svcctl.c +++ b/source3/rpc_server/srv_svcctl.c @@ -358,6 +358,54 @@ static BOOL api_svcctl_unlock_service_db(pipes_struct *p) return True; } +/******************************************************************* + ********************************************************************/ + +static BOOL api_svcctl_query_security_sec(pipes_struct *p) +{ + SVCCTL_Q_QUERY_SERVICE_SEC q_u; + SVCCTL_R_QUERY_SERVICE_SEC r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!svcctl_io_q_query_service_sec("", &q_u, data, 0)) + return False; + + r_u.status = _svcctl_query_service_sec(p, &q_u, &r_u); + + if(!svcctl_io_r_query_service_sec("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + ********************************************************************/ + +static BOOL api_svcctl_set_security_sec(pipes_struct *p) +{ + SVCCTL_Q_SET_SERVICE_SEC q_u; + SVCCTL_R_SET_SERVICE_SEC r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!svcctl_io_q_set_service_sec("", &q_u, data, 0)) + return False; + + r_u.status = _svcctl_set_service_sec(p, &q_u, &r_u); + + if(!svcctl_io_r_set_service_sec("", &r_u, rdata, 0)) + return False; + + return True; +} + /******************************************************************* \PIPE\svcctl commands @@ -378,7 +426,9 @@ static struct api_struct api_svcctl_cmds[] = { "SVCCTL_CONTROL_SERVICE" , SVCCTL_CONTROL_SERVICE , api_svcctl_control_service }, { "SVCCTL_QUERY_SERVICE_STATUSEX_W" , SVCCTL_QUERY_SERVICE_STATUSEX_W , api_svcctl_query_service_status_ex }, { "SVCCTL_LOCK_SERVICE_DB" , SVCCTL_LOCK_SERVICE_DB , api_svcctl_lock_service_db }, - { "SVCCTL_UNLOCK_SERVICE_DB" , SVCCTL_UNLOCK_SERVICE_DB , api_svcctl_unlock_service_db } + { "SVCCTL_UNLOCK_SERVICE_DB" , SVCCTL_UNLOCK_SERVICE_DB , api_svcctl_unlock_service_db }, + { "SVCCTL_QUERY_SERVICE_SEC" , SVCCTL_QUERY_SERVICE_SEC , api_svcctl_query_security_sec }, + { "SVCCTL_SET_SERVICE_SEC" , SVCCTL_SET_SERVICE_SEC , api_svcctl_set_security_sec } }; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 97c38753c3..4db8f7ed3f 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -771,3 +771,95 @@ WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID; } + +/******************************************************************** +********************************************************************/ + +WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, SVCCTL_R_QUERY_SERVICE_SEC *r_u ) +{ + SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle ); + SEC_DESC *sec_desc; + + + /* only support the SCM and individual services */ + + if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) ) + return WERR_BADFID; + + /* check access reights (according to MSDN) */ + + if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) ) + return WERR_ACCESS_DENIED; + + /* TODO: handle something besides DACL_SECURITY_INFORMATION */ + + if ( (q_u->security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION ) + return WERR_INVALID_PARAM; + + /* lookup the security descriptor and marshall it up for a reply */ + + if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) ) + return WERR_NOMEM; + + r_u->needed = sec_desc_size( sec_desc ); + + if ( r_u->needed > q_u->buffer_size ) { + ZERO_STRUCTP( &r_u->buffer ); + return WERR_INSUFFICIENT_BUFFER; + } + + rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx ); + + if ( !sec_io_desc("", &sec_desc, &r_u->buffer.prs, 0 ) ) + return WERR_NOMEM; + + return WERR_OK; +} + +/******************************************************************** +********************************************************************/ + +WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u, SVCCTL_R_SET_SERVICE_SEC *r_u ) +{ + SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle ); + SEC_DESC *sec_desc = NULL; + uint32 required_access; + + if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) ) + return WERR_BADFID; + + /* check the access on the open handle */ + + switch ( q_u->security_flags ) { + case DACL_SECURITY_INFORMATION: + required_access = STD_RIGHT_WRITE_DAC_ACCESS; + break; + + case OWNER_SECURITY_INFORMATION: + case GROUP_SECURITY_INFORMATION: + required_access = STD_RIGHT_WRITE_OWNER_ACCESS; + break; + + case SACL_SECURITY_INFORMATION: + return WERR_INVALID_PARAM; + default: + return WERR_INVALID_PARAM; + } + + if ( !(info->access_granted & required_access) ) + return WERR_ACCESS_DENIED; + + /* read the security descfriptor */ + + if ( !sec_io_desc("", &sec_desc, &q_u->buffer.prs, 0 ) ) + return WERR_NOMEM; + + /* store the new SD */ + + if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) ) + return WERR_ACCESS_DENIED; + + return WERR_OK; +} + + diff --git a/source3/services/services_db.c b/source3/services/services_db.c index b3ba7fcc96..a16657c0ed 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -519,6 +519,53 @@ SEC_DESC* svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN * return ret_sd; } +/******************************************************************** + Wrapper to make storing a Service sd easier +********************************************************************/ + +BOOL svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token ) +{ + REGISTRY_KEY *key; + WERROR wresult; + pstring path; + REGVAL_CTR *values; + prs_struct ps; + BOOL ret = False; + + /* now add the security descriptor */ + + pstr_sprintf( path, "%s\\%s\\%s", KEY_SERVICES, name, "Security" ); + wresult = regkey_open_internal( &key, path, token, REG_KEY_ALL ); + if ( !W_ERROR_IS_OK(wresult) ) { + DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n", + path, dos_errstr(wresult))); + return False; + } + + if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { + DEBUG(0,("add_new_svc_name: talloc() failed!\n")); + regkey_close_internal( key ); + return False; + } + + /* stream the printer security descriptor */ + + prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL); + + if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) { + uint32 offset = prs_offset( &ps ); + regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset ); + ret = store_reg_values( key, values ); + } + + /* cleanup */ + + prs_mem_free( &ps ); + regkey_close_internal( key); + + return ret; +} + /******************************************************************** ********************************************************************/ -- cgit