2025-02-23 09:57:40 +03:00 · 2006-01-13 20:24:50 +00:00 · 2006-01-13 20:24:50 +00:00 · cefd2d7cb6
commit cefd2d7cb6
parent 77575c64e4
5 changed files with 324 additions and 3 deletions
--- a/source/include/rpc_svcctl.h
+++ b/source/include/rpc_svcctl.h
@ -27,8 +27,8 @@
 #define SVCCTL_CLOSE_SERVICE			0x00
 #define SVCCTL_CONTROL_SERVICE			0x01
 #define SVCCTL_LOCK_SERVICE_DB			0x03
-#define SVCCTL_QUERY_SERVICE_SEC		0x04	/* not impmenented */
-#define SVCCTL_SET_SEVICE_SEC			0x05	/* not implemented */
+#define SVCCTL_QUERY_SERVICE_SEC		0x04
+#define SVCCTL_SET_SERVICE_SEC			0x05
 #define SVCCTL_QUERY_STATUS			0x06
 #define SVCCTL_UNLOCK_SERVICE_DB		0x08
 #define SVCCTL_ENUM_DEPENDENT_SERVICES_W	0x0d
@ -385,5 +385,34 @@ typedef struct {
 	WERROR status;
 } SVCCTL_R_UNLOCK_SERVICE_DB;

+
+/**************************/
+
+typedef struct {
+	POLICY_HND handle;
+	uint32 security_flags;
+	uint32 buffer_size;	
+} SVCCTL_Q_QUERY_SERVICE_SEC;
+
+typedef struct {
+	RPC_BUFFER buffer;
+	uint32 needed;
+	WERROR status;
+} SVCCTL_R_QUERY_SERVICE_SEC;
+
+/**************************/
+
+typedef struct {
+	POLICY_HND handle; 
+	uint32 security_flags;        
+	RPC_BUFFER buffer;
+	uint32 buffer_size;
+} SVCCTL_Q_SET_SERVICE_SEC;
+
+typedef struct {
+	WERROR status;
+} SVCCTL_R_SET_SERVICE_SEC;
+
+
 #endif /* _RPC_SVCCTL_H */

--- a/source/rpc_parse/parse_svcctl.c
+++ b/source/rpc_parse/parse_svcctl.c
@ -1029,6 +1029,109 @@ BOOL svcctl_io_r_unlock_service_db(const char *desc, SVCCTL_R_UNLOCK_SERVICE_DB
 	return True;
 }

+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_q_query_service_sec(const char *desc, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "svcctl_io_q_query_service_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth))
+		return False;
+	if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags))
+		return False;
+	if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
+		return False;
+
+	return True;
+
+}
+
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_r_query_service_sec(const char *desc, SVCCTL_R_QUERY_SERVICE_SEC *r_u, prs_struct *ps, int depth)
+{
+	if ( !r_u )
+		return False;
+
+	prs_debug(ps, depth, desc, "svcctl_io_r_query_service_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!prs_rpcbuffer("buffer", ps, depth, &r_u->buffer))
+		return False;
+
+	if(!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_q_set_service_sec(const char *desc, SVCCTL_Q_SET_SERVICE_SEC *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "svcctl_io_q_set_service_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth))
+		return False;
+	if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags))
+		return False;
+
+	if (!prs_rpcbuffer("buffer", ps, depth, &q_u->buffer))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
+		return False;
+
+	return True;
+
+}
+
+/*******************************************************************
+********************************************************************/
+
+BOOL svcctl_io_r_set_service_sec(const char *desc, SVCCTL_R_SET_SERVICE_SEC *r_u, prs_struct *ps, int depth)
+{
+	if ( !r_u )
+		return False;
+
+	prs_debug(ps, depth, desc, "svcctl_io_r_set_service_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+



--- a/source/rpc_server/srv_svcctl.c
+++ b/source/rpc_server/srv_svcctl.c
@ -358,6 +358,54 @@ static BOOL api_svcctl_unlock_service_db(pipes_struct *p)
 	return True;
 }

+/*******************************************************************
+ ********************************************************************/
+
+static BOOL api_svcctl_query_security_sec(pipes_struct *p)
+{
+	SVCCTL_Q_QUERY_SERVICE_SEC q_u;
+	SVCCTL_R_QUERY_SERVICE_SEC r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!svcctl_io_q_query_service_sec("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _svcctl_query_service_sec(p, &q_u, &r_u);
+
+	if(!svcctl_io_r_query_service_sec("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static BOOL api_svcctl_set_security_sec(pipes_struct *p)
+{
+	SVCCTL_Q_SET_SERVICE_SEC q_u;
+	SVCCTL_R_SET_SERVICE_SEC r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!svcctl_io_q_set_service_sec("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _svcctl_set_service_sec(p, &q_u, &r_u);
+
+	if(!svcctl_io_r_set_service_sec("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+

 /*******************************************************************
 \PIPE\svcctl commands
@ -378,7 +426,9 @@ static struct api_struct api_svcctl_cmds[] =
      { "SVCCTL_CONTROL_SERVICE"            , SVCCTL_CONTROL_SERVICE            , api_svcctl_control_service },
      { "SVCCTL_QUERY_SERVICE_STATUSEX_W"   , SVCCTL_QUERY_SERVICE_STATUSEX_W   , api_svcctl_query_service_status_ex },
      { "SVCCTL_LOCK_SERVICE_DB"            , SVCCTL_LOCK_SERVICE_DB            , api_svcctl_lock_service_db },
-      { "SVCCTL_UNLOCK_SERVICE_DB"          , SVCCTL_UNLOCK_SERVICE_DB          , api_svcctl_unlock_service_db }
+      { "SVCCTL_UNLOCK_SERVICE_DB"          , SVCCTL_UNLOCK_SERVICE_DB          , api_svcctl_unlock_service_db },
+      { "SVCCTL_QUERY_SERVICE_SEC"          , SVCCTL_QUERY_SERVICE_SEC          , api_svcctl_query_security_sec },
+      { "SVCCTL_SET_SERVICE_SEC"            , SVCCTL_SET_SERVICE_SEC            , api_svcctl_set_security_sec }
 };


--- a/source/rpc_server/srv_svcctl_nt.c
+++ b/source/rpc_server/srv_svcctl_nt.c
@ -771,3 +771,95 @@ WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q
 		
 	return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID;
 }
+
+/********************************************************************
+********************************************************************/
+
+WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, SVCCTL_R_QUERY_SERVICE_SEC *r_u )
+{
+	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+	SEC_DESC *sec_desc;
+
+
+	/* only support the SCM and individual services */
+
+	if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
+		return WERR_BADFID;	
+
+	/* check access reights (according to MSDN) */
+
+	if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
+		return WERR_ACCESS_DENIED;
+
+	/* TODO: handle something besides DACL_SECURITY_INFORMATION */
+
+	if ( (q_u->security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+		return WERR_INVALID_PARAM;
+
+	/* lookup the security descriptor and marshall it up for a reply */
+
+	if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
+                return WERR_NOMEM;
+
+	r_u->needed = sec_desc_size( sec_desc );
+
+	if ( r_u->needed > q_u->buffer_size ) {
+		ZERO_STRUCTP( &r_u->buffer );
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
+
+	if ( !sec_io_desc("", &sec_desc, &r_u->buffer.prs, 0 ) )
+		return WERR_NOMEM;
+		
+	return WERR_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u, SVCCTL_R_SET_SERVICE_SEC *r_u )
+{
+	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+	SEC_DESC *sec_desc = NULL;
+	uint32 required_access;
+
+	if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM))  )
+		return WERR_BADFID;
+
+	/* check the access on the open handle */
+	
+	switch ( q_u->security_flags ) {
+		case DACL_SECURITY_INFORMATION:
+			required_access = STD_RIGHT_WRITE_DAC_ACCESS;
+			break;
+			
+		case OWNER_SECURITY_INFORMATION:
+		case GROUP_SECURITY_INFORMATION:
+			required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
+			break;
+			
+		case SACL_SECURITY_INFORMATION:
+			return WERR_INVALID_PARAM;
+		default:
+			return WERR_INVALID_PARAM;
+	}
+	
+	if ( !(info->access_granted & required_access) )
+		return WERR_ACCESS_DENIED;
+	
+	/* read the security descfriptor */
+		
+	if ( !sec_io_desc("", &sec_desc, &q_u->buffer.prs, 0 ) )
+		return WERR_NOMEM;
+		
+	/* store the new SD */
+
+	if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) ) 
+		return WERR_ACCESS_DENIED;
+
+	return WERR_OK;
+}
+
+
--- a/source/services/services_db.c
+++ b/source/services/services_db.c
@ -519,6 +519,53 @@ SEC_DESC* svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *
 	return ret_sd;
 }

+/********************************************************************
+ Wrapper to make storing a Service sd easier
+********************************************************************/
+
+BOOL svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token )
+{
+	REGISTRY_KEY *key;
+	WERROR wresult;
+	pstring path;
+	REGVAL_CTR *values;
+	prs_struct ps;
+	BOOL ret = False;
+	
+	/* now add the security descriptor */
+
+	pstr_sprintf( path, "%s\\%s\\%s", KEY_SERVICES, name, "Security" );
+	wresult = regkey_open_internal( &key, path, token, REG_KEY_ALL );
+	if ( !W_ERROR_IS_OK(wresult) ) {
+		DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n", 
+			path, dos_errstr(wresult)));
+		return False;
+	}
+
+	if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
+		DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
+		regkey_close_internal( key );
+		return False;
+	}
+	
+	/* stream the printer security descriptor */
+	
+	prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL);
+	
+	if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) {
+		uint32 offset = prs_offset( &ps );
+		regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset );
+		ret = store_reg_values( key, values );
+	}
+	
+	/* cleanup */
+	
+	prs_mem_free( &ps );
+	regkey_close_internal( key);
+
+	return ret;
+}
+
 /********************************************************************
 ********************************************************************/