📄 rpcserver.c
字号:
if (hMgr->Handle.Tag != MANAGER_TAG)
return ERROR_INVALID_HANDLE;
if (!RtlAreAllAccessesGranted(hMgr->Handle.DesiredAccess,
SC_MANAGER_LOCK))
return ERROR_ACCESS_DENIED;
// return ScmLockDatabase(0, hMgr->0xC, hLock);
/* FIXME: Lock the database */
*hLock = 0x12345678; /* Dummy! */
return ERROR_SUCCESS;
}
/* Function 4 */
unsigned long
ScmrQueryServiceObjectSecurity(handle_t BindingHandle,
unsigned int hService,
unsigned long dwSecurityInformation,
unsigned char *lpSecurityDescriptor,
unsigned long dwSecuityDescriptorSize,
unsigned long *pcbBytesNeeded)
{
#if 0
PSERVICE_HANDLE hSvc;
PSERVICE lpService;
ULONG DesiredAccess = 0;
NTSTATUS Status;
DWORD dwBytesNeeded;
DWORD dwError;
DPRINT("ScmrQueryServiceObjectSecurity() called\n");
hSvc = (PSERVICE_HANDLE)hService;
if (hSvc->Handle.Tag != SERVICE_TAG)
{
DPRINT1("Invalid handle tag!\n");
return ERROR_INVALID_HANDLE;
}
if (dwSecurityInformation & (DACL_SECURITY_INFORMATION ||
GROUP_SECURITY_INFORMATION ||
OWNER_SECURITY_INFORMATION))
DesiredAccess |= READ_CONTROL;
if (dwSecurityInformation & SACL_SECURITY_INFORMATION)
DesiredAccess |= ACCESS_SYSTEM_SECURITY;
if (!RtlAreAllAccessesGranted(hSvc->Handle.DesiredAccess,
DesiredAccess))
{
DPRINT1("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess);
return ERROR_ACCESS_DENIED;
}
lpService = hSvc->ServiceEntry;
if (lpService == NULL)
{
DPRINT1("lpService == NULL!\n");
return ERROR_INVALID_HANDLE;
}
/* FIXME: Lock the service list */
Status = RtlQuerySecurityObject(lpService->lpSecurityDescriptor,
dwSecurityInformation,
(PSECURITY_DESCRIPTOR)lpSecurityDescriptor,
dwSecuityDescriptorSize,
&dwBytesNeeded);
/* FIXME: Unlock the service list */
if (NT_SUCCESS(Status))
{
*pcbBytesNeeded = dwBytesNeeded;
dwError = STATUS_SUCCESS;
}
else if (Status == STATUS_BUFFER_TOO_SMALL)
{
*pcbBytesNeeded = dwBytesNeeded;
dwError = ERROR_INSUFFICIENT_BUFFER;
}
else if (Status == STATUS_BAD_DESCRIPTOR_FORMAT)
{
dwError = ERROR_GEN_FAILURE;
}
else
{
dwError = RtlNtStatusToDosError(Status);
}
return dwError;
#endif
DPRINT1("ScmrQueryServiceObjectSecurity() is unimplemented\n");
return ERROR_CALL_NOT_IMPLEMENTED;
}
/* Function 5 */
unsigned long
ScmrSetServiceObjectSecurity(handle_t BindingHandle,
unsigned int hService,
unsigned long dwSecurityInformation,
unsigned char *lpSecurityDescriptor,
unsigned long dwSecuityDescriptorSize)
{
#if 0
PSERVICE_HANDLE hSvc;
PSERVICE lpService;
ULONG DesiredAccess = 0;
HANDLE hToken = NULL;
HKEY hServiceKey;
NTSTATUS Status;
DWORD dwError;
DPRINT1("ScmrSetServiceObjectSecurity() called\n");
hSvc = (PSERVICE_HANDLE)hService;
if (hSvc->Handle.Tag != SERVICE_TAG)
{
DPRINT1("Invalid handle tag!\n");
return ERROR_INVALID_HANDLE;
}
if (dwSecurityInformation == 0 ||
dwSecurityInformation & ~0xF)
return 0x57;
if (!RtlValidSecurityDescriptor((PSECURITY_DESCRIPTOR)lpSecurityDescriptor))
return 0x57;
if (dwSecurityInformation & SACL_SECURITY_INFORMATION)
DesiredAccess |= ACCESS_SYSTEM_SECURITY;
if (dwSecurityInformation & DACL_SECURITY_INFORMATION)
DesiredAccess |= 0x40000;
if (dwSecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
DesiredAccess |= 0x80000;
if ((dwSecurityInformation & OWNER_SECURITY_INFORMATION) &&
(((PSECURITY_DESCRIPTOR)lpSecurityDescriptor)->Owner == NULL))
return 0x57;
if ((dwSecurityInformation & GROUP_SECURITY_INFORMATION) &&
(((PSECURITY_DESCRIPTOR)lpSecurityDescriptor)->Group == NULL))
return 0x57;
if (!RtlAreAllAccessesGranted(hSvc->Handle.DesiredAccess,
DesiredAccess))
{
DPRINT1("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess);
return ERROR_ACCESS_DENIED;
}
lpService = hSvc->ServiceEntry;
if (lpService == NULL)
{
DPRINT1("lpService == NULL!\n");
return ERROR_INVALID_HANDLE;
}
if (lpService->bDeleted)
return 0x430;
// RpcImpersonateClient(NULL);
Status = NtOpenThreadToken(NtCurrentThread(),
8,
1,
&hToken);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
// RpcRevertToSelf();
/* FIXME: Lock service database */
Status = RtlSetSecurityObject(dwSecurityInformation,
(PSECURITY_DESCRIPTOR)lpSecurityDescriptor,
&lpService->lpSecurityDescriptor,
&ScmServiceMapping,
hToken);
if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
goto Done;
}
dwError = ScmOpenServiceKey(lpService->lpServiceName,
0x20006,
&hServiceKey);
if (dwError != ERROR_SUCCESS)
goto Done;
// dwError = ScmWriteSecurityDescriptor(hServiceKey,
// lpService->lpSecurityDescriptor);
RegFlushKey(hServiceKey);
RegCloseKey(hServiceKey);
Done:;
if (hToken != NULL)
NtClose(hToken);
/* FIXME: Unlock service database */
DPRINT1("ScmrSetServiceObjectSecurity() done (Error %lu)\n", dwError);
return dwError;
#endif
DPRINT1("ScmrSetServiceObjectSecurity() is unimplemented\n");
return ERROR_CALL_NOT_IMPLEMENTED;
}
/* Function 6 */
unsigned long
ScmrQueryServiceStatus(handle_t BindingHandle,
unsigned int hService,
LPSERVICE_STATUS lpServiceStatus)
{
PSERVICE_HANDLE hSvc;
PSERVICE lpService;
DPRINT("ScmrQueryServiceStatus() called\n");
if (ScmShutdown)
return ERROR_SHUTDOWN_IN_PROGRESS;
hSvc = (PSERVICE_HANDLE)hService;
if (hSvc->Handle.Tag != SERVICE_TAG)
{
DPRINT1("Invalid handle tag!\n");
return ERROR_INVALID_HANDLE;
}
if (!RtlAreAllAccessesGranted(hSvc->Handle.DesiredAccess,
SERVICE_QUERY_STATUS))
{
DPRINT1("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess);
return ERROR_ACCESS_DENIED;
}
lpService = hSvc->ServiceEntry;
if (lpService == NULL)
{
DPRINT1("lpService == NULL!\n");
return ERROR_INVALID_HANDLE;
}
/* Return service status information */
RtlCopyMemory(lpServiceStatus,
&lpService->Status,
sizeof(SERVICE_STATUS));
return ERROR_SUCCESS;
}
/* Function 7 */
unsigned long
ScmrSetServiceStatus(handle_t BindingHandle,
unsigned long hServiceStatus) /* FIXME */
{
DPRINT1("ScmrSetServiceStatus() is unimplemented\n");
/* FIXME */
return ERROR_CALL_NOT_IMPLEMENTED;
}
/* Function 8 */
unsigned long
ScmrUnlockServiceDatabase(handle_t BindingHandle,
unsigned int hLock)
{
DPRINT1("ScmrUnlockServiceDatabase() called\n");
/* FIXME */
return ERROR_SUCCESS;
}
/* Function 9 */
unsigned long
ScmrNotifyBootConfigStatus(handle_t BindingHandle,
unsigned long BootAcceptable)
{
DPRINT1("ScmrNotifyBootConfigStatus() called\n");
/* FIXME */
return ERROR_CALL_NOT_IMPLEMENTED;
}
/* Function 10 */
unsigned long
ScmrSetServiceBitsW(handle_t BindingHandle,
unsigned long hServiceStatus,
unsigned long dwServiceBits,
unsigned long bSetBitsOn,
unsigned long bUpdateImmediately,
wchar_t *lpString)
{
DPRINT1("ScmrSetServiceBitsW() called\n");
/* FIXME */
return ERROR_CALL_NOT_IMPLEMENTED;
}
/* Function 11 */
unsigned long
ScmrChangeServiceConfigW(handle_t BiningHandle,
unsigned int hService,
unsigned long dwServiceType,
unsigned long dwStartType,
unsigned long dwErrorControl,
wchar_t *lpBinaryPathName,
wchar_t *lpLoadOrderGroup,
unsigned long *lpdwTagId, /* in, out, unique */
wchar_t *lpDependencies,
unsigned long dwDependenciesLength,
wchar_t *lpServiceStartName,
wchar_t *lpPassword,
unsigned long dwPasswordLength,
wchar_t *lpDisplayName)
{
DWORD dwError = ERROR_SUCCESS;
PSERVICE_HANDLE hSvc;
PSERVICE lpService = NULL;
HKEY hServiceKey = NULL;
DPRINT("ScmrChangeServiceConfigW() called\n");
DPRINT("dwServiceType = %lu\n", dwServiceType);
DPRINT("dwStartType = %lu\n", dwStartType);
DPRINT("dwErrorControl = %lu\n", dwErrorControl);
DPRINT("lpBinaryPathName = %S\n", lpBinaryPathName);
DPRINT("lpLoadOrderGroup = %S\n", lpLoadOrderGroup);
DPRINT("lpDisplayName = %S\n", lpDisplayName);
if (ScmShutdown)
return ERROR_SHUTDOWN_IN_PROGRESS;
hSvc = (PSERVICE_HANDLE)hService;
if (hSvc->Handle.Tag != SERVICE_TAG)
{
DPRINT1("Invalid handle tag!\n");
return ERROR_INVALID_HANDLE;
}
if (!RtlAreAllAccessesGranted(hSvc->Handle.DesiredAccess,
SERVICE_CHANGE_CONFIG))
{
DPRINT1("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess);
return ERROR_ACCESS_DENIED;
}
lpService = hSvc->ServiceEntry;
if (lpService == NULL)
{
DPRINT1("lpService == NULL!\n");
return ERROR_INVALID_HANDLE;
}
/* FIXME: Lock database exclusively */
if (lpService->bDeleted)
{
/* FIXME: Unlock database */
DPRINT1("The service has already been marked for delete!\n");
return ERROR_SERVICE_MARKED_FOR_DELETE;
}
/* Open the service key */
dwError = ScmOpenServiceKey(lpService->szServiceName,
KEY_SET_VALUE,
&hServiceKey);
if (dwError != ERROR_SUCCESS)
goto done;
/* Write service data to the registry */
/* Set the display name */
if (lpDisplayName != NULL && *lpDisplayName != 0)
{
RegSetValueExW(hServiceKey,
L"DisplayName",
0,
REG_SZ,
(LPBYTE)lpDisplayName,
(wcslen(lpDisplayName) + 1) * sizeof(WCHAR));
/* FIXME: update lpService->lpDisplayName */
}
if (dwServiceType != SERVICE_NO_CHANGE)
{
/* Set the service type */
dwError = RegSetValueExW(hServiceKey,
L"Type",
0,
REG_DWORD,
(LPBYTE)&dwServiceType,
sizeof(DWORD));
if (dwError != ERROR_SUCCESS)
goto done;
lpService->Status.dwServiceType = dwServiceType;
}
if (dwStartType != SERVICE_NO_CHANGE)
{
/* Set the start value */
dwError = RegSetValueExW(hServiceKey,
L"Start",
0,
REG_DWORD,
(LPBYTE)&dwStartType,
sizeof(DWORD));
if (dwError != ERROR_SUCCESS)
goto done;
lpService->dwStartType = dwStartType;
}
if (dwErrorControl != SERVICE_NO_CHANGE)
{
/* Set the error control value */
dwError = RegSetValueExW(hServiceKey,
L"ErrorControl",
0,
REG_DWORD,
(LPBYTE)&dwErrorControl,
sizeof(DWORD));
if (dwError != ERROR_SUCCESS)
goto done;
lpService->dwErrorControl = dwErrorControl;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -