2 * Unix SMB/CIFS implementation.
3 * Service Control API Implementation
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * Largely Rewritten by:
7 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 struct rcinit_file_information {
30 struct service_display_info {
31 const char *servicename;
34 const char *description;
37 struct service_display_info builtin_svcs[] = {
38 { "Spooler", "smbd", "Print Spooler",
39 "Internal service for spooling files to print devices" },
40 { "NETLOGON", "smbd", "Net Logon",
41 "File service providing access to policy and profile data" },
42 { "RemoteRegistry", "smbd", "Remote Registry Service",
43 "Internal service providing remote access to the Samba registry" },
44 { "WINS", "nmbd", "Windows Internet Name Service (WINS)",
45 "Internal service providing a NetBIOS point-to-point name server" },
46 { NULL, NULL, NULL, NULL }
49 struct service_display_info common_unix_svcs[] = {
50 { "cups", NULL, "Common Unix Printing System", NULL },
51 { "postfix", NULL, "Internet Mail Service", NULL },
52 { "sendmail", NULL, "Internet Mail Service", NULL },
53 { "portmap", NULL, "TCP Port to RPC PortMapper", NULL },
54 { "xinetd", NULL, "Internet Meta-Daemon", NULL },
55 { "inet", NULL, "Internet Meta-Daemon", NULL },
56 { "xntpd", NULL, "Network Time Service", NULL },
57 { "ntpd", NULL, "Network Time Service", NULL },
58 { "lpd", NULL, "BSD Print Spooler", NULL },
59 { "nfsserver", NULL, "Network File Service", NULL },
60 { "cron", NULL, "Scheduling Service", NULL },
61 { "at", NULL, "Scheduling Service", NULL },
62 { "nscd", NULL, "Name Service Cache Daemon", NULL },
63 { "slapd", NULL, "LDAP Directory Service", NULL },
64 { "ldap", NULL, "LDAP DIrectory Service", NULL },
65 { "ypbind", NULL, "NIS Directory Service", NULL },
66 { "courier-imap", NULL, "IMAP4 Mail Service", NULL },
67 { "courier-pop3", NULL, "POP3 Mail Service", NULL },
68 { "named", NULL, "Domain Name Service", NULL },
69 { "bind", NULL, "Domain Name Service", NULL },
70 { "httpd", NULL, "HTTP Server", NULL },
71 { "apache", NULL, "HTTP Server", NULL },
72 { "autofs", NULL, "Automounter", NULL },
73 { "squid", NULL, "Web Cache Proxy ", NULL },
74 { NULL, NULL, NULL, NULL }
78 /********************************************************************
79 ********************************************************************/
81 static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
90 /* basic access for Everyone */
92 init_sec_access(&mask, SERVICE_READ_ACCESS );
93 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
95 init_sec_access(&mask,SERVICE_EXECUTE_ACCESS );
96 init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
98 init_sec_access(&mask,SERVICE_ALL_ACCESS );
99 init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
100 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
102 /* create the security descriptor */
104 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
107 if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
113 /********************************************************************
114 This is where we do the dirty work of filling in things like the
115 Display name, Description, etc...
116 ********************************************************************/
118 static char *get_common_service_dispname( const char *servicename )
120 static fstring dispname;
123 for ( i=0; common_unix_svcs[i].servicename; i++ ) {
124 if ( strequal( servicename, common_unix_svcs[i].servicename ) ) {
125 fstr_sprintf( dispname, "%s (%s)",
126 common_unix_svcs[i].dispname,
127 common_unix_svcs[i].servicename );
133 fstrcpy( dispname, servicename );
138 /********************************************************************
139 ********************************************************************/
141 static char* cleanup_string( const char *string )
143 static pstring clean;
146 pstrcpy( clean, string );
149 /* trim any beginning whilespace */
151 while ( isspace(*begin) )
157 /* trim any trailing whitespace or carriage returns.
158 Start at the end and move backwards */
160 end = begin + strlen(begin) - 1;
162 while ( isspace(*end) || *end=='\n' || *end=='\r' ) {
170 /********************************************************************
171 ********************************************************************/
173 static BOOL read_init_file( const char *servicename, struct rcinit_file_information **service_info )
175 struct rcinit_file_information *info;
176 pstring filepath, str;
180 if ( !(info = TALLOC_ZERO_P( NULL, struct rcinit_file_information ) ) )
183 /* attempt the file open */
185 pstr_sprintf( filepath, "%s/%s/%s", dyn_LIBDIR, SVCCTL_SCRIPT_DIR, servicename );
186 if ( !(f = x_fopen( filepath, O_RDONLY, 0 )) ) {
187 DEBUG(0,("read_init_file: failed to open [%s]\n", filepath));
192 while ( (x_fgets( str, sizeof(str)-1, f )) != NULL ) {
193 /* ignore everything that is not a full line
194 comment starting with a '#' */
199 /* Look for a line like '^#.*Description:' */
201 if ( (p = strstr( str, "Description:" )) != NULL ) {
204 p += strlen( "Description:" ) + 1;
208 if ( (desc = cleanup_string(p)) != NULL )
209 info->description = talloc_strdup( info, desc );
215 if ( !info->description )
216 info->description = talloc_strdup( info, "External Unix Service" );
218 *service_info = info;
223 /********************************************************************
224 This is where we do the dirty work of filling in things like the
225 Display name, Description, etc...
226 ********************************************************************/
228 static void fill_service_values( const char *name, REGVAL_CTR *values )
230 UNISTR2 data, dname, ipath, description;
235 /* These values are hardcoded in all QueryServiceConfig() replies.
236 I'm just storing them here for cosmetic purposes */
238 dword = SVCCTL_AUTO_START;
239 regval_ctr_addvalue( values, "Start", REG_DWORD, (char*)&dword, sizeof(uint32));
241 dword = SVCCTL_WIN32_OWN_PROC;
242 regval_ctr_addvalue( values, "Type", REG_DWORD, (char*)&dword, sizeof(uint32));
244 dword = SVCCTL_SVC_ERROR_NORMAL;
245 regval_ctr_addvalue( values, "ErrorControl", REG_DWORD, (char*)&dword, sizeof(uint32));
247 /* everything runs as LocalSystem */
249 init_unistr2( &data, "LocalSystem", UNI_STR_TERMINATE );
250 regval_ctr_addvalue( values, "ObjectName", REG_SZ, (char*)data.buffer, data.uni_str_len*2);
252 /* special considerations for internal services and the DisplayName value */
254 for ( i=0; builtin_svcs[i].servicename; i++ ) {
255 if ( strequal( name, builtin_svcs[i].servicename ) ) {
256 pstr_sprintf( pstr, "%s/%s/%s",dyn_LIBDIR, SVCCTL_SCRIPT_DIR, builtin_svcs[i].daemon );
257 init_unistr2( &ipath, pstr, UNI_STR_TERMINATE );
258 init_unistr2( &description, builtin_svcs[i].description, UNI_STR_TERMINATE );
259 init_unistr2( &dname, builtin_svcs[i].dispname, UNI_STR_TERMINATE );
264 /* default to an external service if we haven't found a match */
266 if ( builtin_svcs[i].servicename == NULL ) {
267 struct rcinit_file_information *init_info = NULL;
269 pstr_sprintf( pstr, "%s/%s/%s",dyn_LIBDIR, SVCCTL_SCRIPT_DIR, name );
270 init_unistr2( &ipath, pstr, UNI_STR_TERMINATE );
272 /* lookup common unix display names */
273 init_unistr2( &dname, get_common_service_dispname( name ), UNI_STR_TERMINATE );
275 /* get info from init file itself */
276 if ( read_init_file( name, &init_info ) ) {
277 init_unistr2( &description, init_info->description, UNI_STR_TERMINATE );
278 TALLOC_FREE( init_info );
281 init_unistr2( &description, "External Unix Service", UNI_STR_TERMINATE );
285 /* add the new values */
287 regval_ctr_addvalue( values, "DisplayName", REG_SZ, (char*)dname.buffer, dname.uni_str_len*2);
288 regval_ctr_addvalue( values, "ImagePath", REG_SZ, (char*)ipath.buffer, ipath.uni_str_len*2);
289 regval_ctr_addvalue( values, "Description", REG_SZ, (char*)description.buffer, description.uni_str_len*2);
294 /********************************************************************
295 ********************************************************************/
297 static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys,
300 REGISTRY_KEY *key_service, *key_secdesc;
304 REGSUBKEY_CTR *svc_subkeys;
308 /* add to the list and create the subkey path */
310 regsubkey_ctr_addkey( subkeys, name );
311 store_reg_keys( key_parent, subkeys );
313 /* open the new service key */
315 pstr_sprintf( path, "%s\\%s", KEY_SERVICES, name );
316 wresult = regkey_open_internal( &key_service, path, get_root_nt_token(),
318 if ( !W_ERROR_IS_OK(wresult) ) {
319 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
320 path, dos_errstr(wresult)));
324 /* add the 'Security' key */
326 if ( !(svc_subkeys = TALLOC_ZERO_P( key_service, REGSUBKEY_CTR )) ) {
327 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
328 regkey_close_internal( key_service );
332 fetch_reg_keys( key_service, svc_subkeys );
333 regsubkey_ctr_addkey( svc_subkeys, "Security" );
334 store_reg_keys( key_service, svc_subkeys );
336 /* now for the service values */
338 if ( !(values = TALLOC_ZERO_P( key_service, REGVAL_CTR )) ) {
339 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
340 regkey_close_internal( key_service );
344 fill_service_values( name, values );
345 store_reg_values( key_service, values );
347 /* cleanup the service key*/
349 regkey_close_internal( key_service );
351 /* now add the security descriptor */
353 pstr_sprintf( path, "%s\\%s\\%s", KEY_SERVICES, name, "Security" );
354 wresult = regkey_open_internal( &key_secdesc, path, get_root_nt_token(),
356 if ( !W_ERROR_IS_OK(wresult) ) {
357 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
358 path, dos_errstr(wresult)));
359 regkey_close_internal( key_secdesc );
363 if ( !(values = TALLOC_ZERO_P( key_secdesc, REGVAL_CTR )) ) {
364 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
365 regkey_close_internal( key_secdesc );
369 if ( !(sd = construct_service_sd(key_secdesc)) ) {
370 DEBUG(0,("add_new_svc_name: Failed to create default sec_desc!\n"));
371 regkey_close_internal( key_secdesc );
375 /* stream the printer security descriptor */
377 prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key_secdesc, MARSHALL);
379 if ( sec_io_desc("sec_desc", &sd, &ps, 0 ) ) {
380 uint32 offset = prs_offset( &ps );
381 regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset );
382 store_reg_values( key_secdesc, values );
385 /* finally cleanup the Security key */
388 regkey_close_internal( key_secdesc );
393 /********************************************************************
394 ********************************************************************/
396 void svcctl_init_keys( void )
398 const char **service_list = lp_svcctl_list();
400 REGSUBKEY_CTR *subkeys;
401 REGISTRY_KEY *key = NULL;
404 /* bad mojo here if the lookup failed. Should not happen */
406 wresult = regkey_open_internal( &key, KEY_SERVICES, get_root_nt_token(),
409 if ( !W_ERROR_IS_OK(wresult) ) {
410 DEBUG(0,("init_services_keys: key lookup failed! (%s)\n",
411 dos_errstr(wresult)));
415 /* lookup the available subkeys */
417 if ( !(subkeys = TALLOC_ZERO_P( key, REGSUBKEY_CTR )) ) {
418 DEBUG(0,("init_services_keys: talloc() failed!\n"));
419 regkey_close_internal( key );
423 fetch_reg_keys( key, subkeys );
425 /* the builting services exist */
427 for ( i=0; builtin_svcs[i].servicename; i++ )
428 add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
430 for ( i=0; service_list[i]; i++ ) {
432 /* only add new services */
433 if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
436 /* Add the new service key and initialize the appropriate values */
438 add_new_svc_name( key, subkeys, service_list[i] );
441 regkey_close_internal( key );
443 /* initialize the control hooks */
445 init_service_op_table();
450 /********************************************************************
451 This is where we do the dirty work of filling in things like the
452 Display name, Description, etc...Always return a default secdesc
453 in case of any failure.
454 ********************************************************************/
456 SEC_DESC* svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
463 SEC_DESC *ret_sd = NULL;
467 /* now add the security descriptor */
469 pstr_sprintf( path, "%s\\%s\\%s", KEY_SERVICES, name, "Security" );
470 wresult = regkey_open_internal( &key, path, token, REG_KEY_ALL );
471 if ( !W_ERROR_IS_OK(wresult) ) {
472 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
473 path, dos_errstr(wresult)));
477 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
478 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
479 regkey_close_internal( key );
483 fetch_reg_values( key, values );
485 if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
486 DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n",
488 regkey_close_internal( key );
489 return construct_service_sd( ctx );
493 /* stream the printer security descriptor */
495 prs_init( &ps, 0, key, UNMARSHALL);
496 prs_give_memory( &ps, (char *)regval_data_p(val), regval_size(val), False );
498 if ( !sec_io_desc("sec_desc", &sd, &ps, 0 ) ) {
499 regkey_close_internal( key );
500 return construct_service_sd( ctx );
503 ret_sd = dup_sec_desc( ctx, sd );
505 /* finally cleanup the Security key */
508 regkey_close_internal( key );
513 /********************************************************************
514 ********************************************************************/
516 char* svcctl_lookup_dispname( const char *name, NT_USER_TOKEN *token )
518 static fstring display_name;
525 /* now add the security descriptor */
527 pstr_sprintf( path, "%s\\%s", KEY_SERVICES, name );
528 wresult = regkey_open_internal( &key, path, token, REG_KEY_READ );
529 if ( !W_ERROR_IS_OK(wresult) ) {
530 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
531 path, dos_errstr(wresult)));
535 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
536 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
537 regkey_close_internal( key );
541 fetch_reg_values( key, values );
543 if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) )
546 rpcstr_pull( display_name, regval_data_p(val), sizeof(display_name), regval_size(val), 0 );
548 regkey_close_internal( key );
553 /* default to returning the service name */
554 regkey_close_internal( key );
555 fstrcpy( display_name, name );
559 /********************************************************************
560 ********************************************************************/
562 char* svcctl_lookup_description( const char *name, NT_USER_TOKEN *token )
564 static fstring description;
571 /* now add the security descriptor */
573 pstr_sprintf( path, "%s\\%s", KEY_SERVICES, name );
574 wresult = regkey_open_internal( &key, path, token, REG_KEY_READ );
575 if ( !W_ERROR_IS_OK(wresult) ) {
576 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
577 path, dos_errstr(wresult)));
581 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
582 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
583 regkey_close_internal( key );
587 fetch_reg_values( key, values );
589 if ( !(val = regval_ctr_getvalue( values, "Description" )) )
590 fstrcpy( description, "Unix Service");
592 rpcstr_pull( description, regval_data_p(val), sizeof(description), regval_size(val), 0 );
594 regkey_close_internal( key );
600 /********************************************************************
601 ********************************************************************/
603 REGVAL_CTR* svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token )
610 /* now add the security descriptor */
612 pstr_sprintf( path, "%s\\%s", KEY_SERVICES, name );
613 wresult = regkey_open_internal( &key, path, token, REG_KEY_READ );
614 if ( !W_ERROR_IS_OK(wresult) ) {
615 DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n",
616 path, dos_errstr(wresult)));
620 if ( !(values = TALLOC_ZERO_P( NULL, REGVAL_CTR )) ) {
621 DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n"));
622 regkey_close_internal( key );
626 fetch_reg_values( key, values );
628 regkey_close_internal( key );
git.samba.org / samba.git / blob