2 * Unix SMB/CIFS implementation.
3 * Service Control API Implementation
5 * Copyright (C) Marcin Krzysztof Porwit 2005.
6 * Largely Rewritten by:
7 * Copyright (C) Gerald (Jerry) Carter 2005.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
25 struct rcinit_file_information {
29 struct service_display_info {
30 const char *servicename;
33 const char *description;
36 struct service_display_info builtin_svcs[] = {
37 { "Spooler", "smbd", "Print Spooler", "Internal service for spooling files to print devices" },
38 { "NETLOGON", "smbd", "Net Logon", "File service providing access to policy and profile data (not remotely manageable)" },
39 { "RemoteRegistry", "smbd", "Remote Registry Service", "Internal service providing remote access to "
40 "the Samba registry" },
41 { "WINS", "nmbd", "Windows Internet Name Service (WINS)", "Internal service providing a "
42 "NetBIOS point-to-point name server (not remotely manageable)" },
43 { NULL, NULL, NULL, NULL }
46 struct service_display_info common_unix_svcs[] = {
47 { "cups", NULL, "Common Unix Printing System","Provides unified printing support for all operating systems" },
48 { "postfix", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
49 { "sendmail", NULL, "Internet Mail Service", "Provides support for sending and receiving electonic mail" },
50 { "portmap", NULL, "TCP Port to RPC PortMapper",NULL },
51 { "xinetd", NULL, "Internet Meta-Daemon", NULL },
52 { "inet", NULL, "Internet Meta-Daemon", NULL },
53 { "xntpd", NULL, "Network Time Service", NULL },
54 { "ntpd", NULL, "Network Time Service", NULL },
55 { "lpd", NULL, "BSD Print Spooler", NULL },
56 { "nfsserver", NULL, "Network File Service", NULL },
57 { "cron", NULL, "Scheduling Service", NULL },
58 { "at", NULL, "Scheduling Service", NULL },
59 { "nscd", NULL, "Name Service Cache Daemon", NULL },
60 { "slapd", NULL, "LDAP Directory Service", NULL },
61 { "ldap", NULL, "LDAP DIrectory Service", NULL },
62 { "ypbind", NULL, "NIS Directory Service", NULL },
63 { "courier-imap", NULL, "IMAP4 Mail Service", NULL },
64 { "courier-pop3", NULL, "POP3 Mail Service", NULL },
65 { "named", NULL, "Domain Name Service", NULL },
66 { "bind", NULL, "Domain Name Service", NULL },
67 { "httpd", NULL, "HTTP Server", NULL },
68 { "apache", NULL, "HTTP Server", "Provides s highly scalable and flexible web server "
69 "capable of implementing various protocols incluing "
70 "but not limited to HTTP" },
71 { "autofs", NULL, "Automounter", NULL },
72 { "squid", NULL, "Web Cache Proxy ", NULL },
73 { "perfcountd", NULL, "Performance Monitoring Daemon", NULL },
74 { "pgsql", NULL, "PgSQL Database Server", "Provides service for SQL database from Postgresql.org" },
75 { "arpwatch", NULL, "ARP Tables watcher", "Provides service for monitoring ARP tables for changes" },
76 { "dhcpd", NULL, "DHCP Server", "Provides service for dynamic host configuration and IP assignment" },
77 { "nwserv", NULL, "NetWare Server Emulator", "Provides service for emulating Novell NetWare 3.12 server" },
78 { "proftpd", NULL, "Professional FTP Server", "Provides high configurable service for FTP connection and "
79 "file transferring" },
80 { "ssh2", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
81 { "sshd", NULL, "SSH Secure Shell", "Provides service for secure connection for remote administration" },
82 { NULL, NULL, NULL, NULL }
86 /********************************************************************
87 ********************************************************************/
89 static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
98 /* basic access for Everyone */
100 init_sec_access(&mask, SERVICE_READ_ACCESS );
101 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
103 init_sec_access(&mask,SERVICE_EXECUTE_ACCESS );
104 init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
106 init_sec_access(&mask,SERVICE_ALL_ACCESS );
107 init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
108 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
110 /* create the security descriptor */
112 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
115 if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
121 /********************************************************************
122 This is where we do the dirty work of filling in things like the
123 Display name, Description, etc...
124 ********************************************************************/
126 static char *get_common_service_dispname( const char *servicename )
130 for ( i=0; common_unix_svcs[i].servicename; i++ ) {
131 if (strequal(servicename, common_unix_svcs[i].servicename)) {
133 if (asprintf(&dispname,
135 common_unix_svcs[i].dispname,
136 common_unix_svcs[i].servicename) < 0) {
143 return SMB_STRDUP(servicename );
146 /********************************************************************
147 ********************************************************************/
149 static char *cleanup_string( const char *string )
153 TALLOC_CTX *ctx = talloc_tos();
155 clean = talloc_strdup(ctx, string);
161 /* trim any beginning whilespace */
163 while (isspace(*begin)) {
167 if (*begin == '\0') {
171 /* trim any trailing whitespace or carriage returns.
172 Start at the end and move backwards */
174 end = begin + strlen(begin) - 1;
176 while ( isspace(*end) || *end=='\n' || *end=='\r' ) {
184 /********************************************************************
185 ********************************************************************/
187 static bool read_init_file( const char *servicename, struct rcinit_file_information **service_info )
189 struct rcinit_file_information *info;
190 char *filepath = NULL;
195 if ( !(info = TALLOC_ZERO_P( NULL, struct rcinit_file_information ) ) )
198 /* attempt the file open */
200 filepath = talloc_asprintf(info, "%s/%s/%s", get_dyn_LIBDIR(),
201 SVCCTL_SCRIPT_DIR, servicename);
206 if (!(f = x_fopen( filepath, O_RDONLY, 0 ))) {
207 DEBUG(0,("read_init_file: failed to open [%s]\n", filepath));
212 while ( (x_fgets( str, sizeof(str)-1, f )) != NULL ) {
213 /* ignore everything that is not a full line
214 comment starting with a '#' */
219 /* Look for a line like '^#.*Description:' */
221 if ( (p = strstr( str, "Description:" )) != NULL ) {
224 p += strlen( "Description:" ) + 1;
228 if ( (desc = cleanup_string(p)) != NULL )
229 info->description = talloc_strdup( info, desc );
235 if ( !info->description )
236 info->description = talloc_strdup( info, "External Unix Service" );
238 *service_info = info;
239 TALLOC_FREE(filepath);
244 /********************************************************************
245 This is where we do the dirty work of filling in things like the
246 Display name, Description, etc...
247 ********************************************************************/
249 static void fill_service_values( const char *name, REGVAL_CTR *values )
251 UNISTR2 data, dname, ipath, description;
255 /* These values are hardcoded in all QueryServiceConfig() replies.
256 I'm just storing them here for cosmetic purposes */
258 dword = SVCCTL_AUTO_START;
259 regval_ctr_addvalue( values, "Start", REG_DWORD, (char*)&dword, sizeof(uint32));
261 dword = SVCCTL_WIN32_OWN_PROC;
262 regval_ctr_addvalue( values, "Type", REG_DWORD, (char*)&dword, sizeof(uint32));
264 dword = SVCCTL_SVC_ERROR_NORMAL;
265 regval_ctr_addvalue( values, "ErrorControl", REG_DWORD, (char*)&dword, sizeof(uint32));
267 /* everything runs as LocalSystem */
269 init_unistr2( &data, "LocalSystem", UNI_STR_TERMINATE );
270 regval_ctr_addvalue( values, "ObjectName", REG_SZ, (char*)data.buffer, data.uni_str_len*2);
272 /* special considerations for internal services and the DisplayName value */
274 for ( i=0; builtin_svcs[i].servicename; i++ ) {
275 if ( strequal( name, builtin_svcs[i].servicename ) ) {
277 if (asprintf(&pstr, "%s/%s/%s",
278 get_dyn_LIBDIR(), SVCCTL_SCRIPT_DIR,
279 builtin_svcs[i].daemon) > 0) {
280 init_unistr2( &ipath, pstr, UNI_STR_TERMINATE );
283 init_unistr2( &ipath, "", UNI_STR_TERMINATE );
285 init_unistr2( &description, builtin_svcs[i].description, UNI_STR_TERMINATE );
286 init_unistr2( &dname, builtin_svcs[i].dispname, UNI_STR_TERMINATE );
291 /* default to an external service if we haven't found a match */
293 if ( builtin_svcs[i].servicename == NULL ) {
295 char *dispname = NULL;
296 struct rcinit_file_information *init_info = NULL;
298 if (asprintf(&pstr, "%s/%s/%s",get_dyn_LIBDIR(),
299 SVCCTL_SCRIPT_DIR, name) > 0) {
300 init_unistr2( &ipath, pstr, UNI_STR_TERMINATE );
303 init_unistr2( &ipath, "", UNI_STR_TERMINATE );
306 /* lookup common unix display names */
307 dispname = get_common_service_dispname(name);
308 init_unistr2( &dname, dispname ? dispname : "", UNI_STR_TERMINATE );
311 /* get info from init file itself */
312 if ( read_init_file( name, &init_info ) ) {
313 init_unistr2( &description, init_info->description, UNI_STR_TERMINATE );
314 TALLOC_FREE( init_info );
317 init_unistr2( &description, "External Unix Service", UNI_STR_TERMINATE );
321 /* add the new values */
323 regval_ctr_addvalue( values, "DisplayName", REG_SZ, (char*)dname.buffer, dname.uni_str_len*2);
324 regval_ctr_addvalue( values, "ImagePath", REG_SZ, (char*)ipath.buffer, ipath.uni_str_len*2);
325 regval_ctr_addvalue( values, "Description", REG_SZ, (char*)description.buffer, description.uni_str_len*2);
330 /********************************************************************
331 ********************************************************************/
333 static void add_new_svc_name( REGISTRY_KEY *key_parent, REGSUBKEY_CTR *subkeys,
336 REGISTRY_KEY *key_service, *key_secdesc;
340 REGSUBKEY_CTR *svc_subkeys;
345 /* add to the list and create the subkey path */
347 regsubkey_ctr_addkey( subkeys, name );
348 store_reg_keys( key_parent, subkeys );
350 /* open the new service key */
352 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
355 wresult = regkey_open_internal( NULL, &key_service, path,
356 get_root_nt_token(), REG_KEY_ALL );
357 if ( !W_ERROR_IS_OK(wresult) ) {
358 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
359 path, dos_errstr(wresult)));
365 /* add the 'Security' key */
367 if ( !(svc_subkeys = TALLOC_ZERO_P( key_service, REGSUBKEY_CTR )) ) {
368 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
369 TALLOC_FREE( key_service );
373 fetch_reg_keys( key_service, svc_subkeys );
374 regsubkey_ctr_addkey( svc_subkeys, "Security" );
375 store_reg_keys( key_service, svc_subkeys );
377 /* now for the service values */
379 if ( !(values = TALLOC_ZERO_P( key_service, REGVAL_CTR )) ) {
380 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
381 TALLOC_FREE( key_service );
385 fill_service_values( name, values );
386 store_reg_values( key_service, values );
388 /* cleanup the service key*/
390 TALLOC_FREE( key_service );
392 /* now add the security descriptor */
394 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
397 wresult = regkey_open_internal( NULL, &key_secdesc, path,
398 get_root_nt_token(), REG_KEY_ALL );
399 if ( !W_ERROR_IS_OK(wresult) ) {
400 DEBUG(0,("add_new_svc_name: key lookup failed! [%s] (%s)\n",
401 path, dos_errstr(wresult)));
402 TALLOC_FREE( key_secdesc );
408 if ( !(values = TALLOC_ZERO_P( key_secdesc, REGVAL_CTR )) ) {
409 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
410 TALLOC_FREE( key_secdesc );
414 if ( !(sd = construct_service_sd(key_secdesc)) ) {
415 DEBUG(0,("add_new_svc_name: Failed to create default sec_desc!\n"));
416 TALLOC_FREE( key_secdesc );
420 status = marshall_sec_desc(key_secdesc, sd, &sd_blob.data,
422 if (!NT_STATUS_IS_OK(status)) {
423 DEBUG(0, ("marshall_sec_desc failed: %s\n",
425 TALLOC_FREE(key_secdesc);
429 regval_ctr_addvalue(values, "Security", REG_BINARY,
430 (const char *)sd_blob.data, sd_blob.length);
431 store_reg_values( key_secdesc, values );
433 TALLOC_FREE( key_secdesc );
438 /********************************************************************
439 ********************************************************************/
441 void svcctl_init_keys( void )
443 const char **service_list = lp_svcctl_list();
445 REGSUBKEY_CTR *subkeys;
446 REGISTRY_KEY *key = NULL;
449 /* bad mojo here if the lookup failed. Should not happen */
451 wresult = regkey_open_internal( NULL, &key, KEY_SERVICES,
452 get_root_nt_token(), REG_KEY_ALL );
454 if ( !W_ERROR_IS_OK(wresult) ) {
455 DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n",
456 dos_errstr(wresult)));
460 /* lookup the available subkeys */
462 if ( !(subkeys = TALLOC_ZERO_P( key, REGSUBKEY_CTR )) ) {
463 DEBUG(0,("svcctl_init_keys: talloc() failed!\n"));
468 fetch_reg_keys( key, subkeys );
470 /* the builting services exist */
472 for ( i=0; builtin_svcs[i].servicename; i++ )
473 add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
475 for ( i=0; service_list && service_list[i]; i++ ) {
477 /* only add new services */
478 if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
481 /* Add the new service key and initialize the appropriate values */
483 add_new_svc_name( key, subkeys, service_list[i] );
488 /* initialize the control hooks */
490 init_service_op_table();
495 /********************************************************************
496 This is where we do the dirty work of filling in things like the
497 Display name, Description, etc...Always return a default secdesc
498 in case of any failure.
499 ********************************************************************/
501 SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
506 SEC_DESC *ret_sd = NULL;
511 /* now add the security descriptor */
513 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
516 wresult = regkey_open_internal( NULL, &key, path, token,
518 if ( !W_ERROR_IS_OK(wresult) ) {
519 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
520 path, dos_errstr(wresult)));
526 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
527 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
532 fetch_reg_values( key, values );
536 if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
537 DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n",
539 return construct_service_sd( ctx );
542 /* stream the service security descriptor */
544 status = unmarshall_sec_desc(ctx, regval_data_p(val),
545 regval_size(val), &ret_sd);
547 if (!NT_STATUS_IS_OK(status)) {
548 return construct_service_sd( ctx );
554 /********************************************************************
555 Wrapper to make storing a Service sd easier
556 ********************************************************************/
558 bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token )
567 /* now add the security descriptor */
569 if (asprintf(&path, "%s\\%s\\%s", KEY_SERVICES, name, "Security") < 0) {
572 wresult = regkey_open_internal( NULL, &key, path, token,
574 if ( !W_ERROR_IS_OK(wresult) ) {
575 DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
576 path, dos_errstr(wresult)));
582 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
583 DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
588 /* stream the printer security descriptor */
589 prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL);
591 if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) {
592 uint32 offset = prs_offset( &ps );
593 regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset );
594 ret = store_reg_values( key, values );
605 /********************************************************************
606 ********************************************************************/
608 const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
610 char *display_name = NULL;
611 REGISTRY_KEY *key = NULL;
617 /* now add the security descriptor */
619 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
622 wresult = regkey_open_internal( NULL, &key, path, token,
624 if ( !W_ERROR_IS_OK(wresult) ) {
625 DEBUG(0,("svcctl_lookup_dispname: key lookup failed! [%s] (%s)\n",
626 path, dos_errstr(wresult)));
632 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
633 DEBUG(0,("svcctl_lookup_dispname: talloc() failed!\n"));
638 fetch_reg_values( key, values );
640 if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) )
643 rpcstr_pull_talloc(ctx, &display_name, regval_data_p(val), regval_size(val), 0 );
650 /* default to returning the service name */
652 return talloc_strdup(ctx, name);
655 /********************************************************************
656 ********************************************************************/
658 const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
660 char *description = NULL;
661 REGISTRY_KEY *key = NULL;
667 /* now add the security descriptor */
669 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
672 wresult = regkey_open_internal( NULL, &key, path, token,
674 if ( !W_ERROR_IS_OK(wresult) ) {
675 DEBUG(0,("svcctl_lookup_description: key lookup failed! [%s] (%s)\n",
676 path, dos_errstr(wresult)));
682 if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
683 DEBUG(0,("svcctl_lookup_description: talloc() failed!\n"));
688 fetch_reg_values( key, values );
690 if ( !(val = regval_ctr_getvalue( values, "Description" )) ) {
692 return "Unix Service";
694 rpcstr_pull_talloc(ctx, &description, regval_data_p(val), regval_size(val), 0 );
701 /********************************************************************
702 ********************************************************************/
704 REGVAL_CTR *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token )
706 REGISTRY_KEY *key = NULL;
711 /* now add the security descriptor */
713 if (asprintf(&path, "%s\\%s", KEY_SERVICES, name) < 0) {
716 wresult = regkey_open_internal( NULL, &key, path, token,
718 if ( !W_ERROR_IS_OK(wresult) ) {
719 DEBUG(0,("svcctl_fetch_regvalues: key lookup failed! [%s] (%s)\n",
720 path, dos_errstr(wresult)));
726 if ( !(values = TALLOC_ZERO_P( NULL, REGVAL_CTR )) ) {
727 DEBUG(0,("svcctl_fetch_regvalues: talloc() failed!\n"));
731 fetch_reg_values( key, values );