Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

3218 lines
97 KiB

/*++
Copyright (c) 1992 Microsoft Corporation
Module Name:
CfgAPI.cxx
Abstract:
This file contains the Service Controller's Config API.
RChangeServiceConfigW
RCreateServiceW
RDeleteService
RQueryServiceConfigW
ScCanonDriverImagePath
Author:
John Rogers (JohnRo) 10-Apr-1992
Environment:
User Mode - Win32
Revision History:
26-Mar-1992 danl
Created the stubbed out version for RPC.
22-Apr-1992 JohnRo
Use SC_LOG0(), FORMAT_ equates, etc
Wrote real code for these APIs.
Split lock APIs into server/lockapi.c.
Added some assertion checks here and there. Added handle checks too.
28-Apr-1992 JohnRo
Undo all group operations (ifdef USE_GROUPS).
28-May-1992 JohnRo
Put back load order group in APIs.
Avoid compiler warnings.
02-Jun-1992 JohnRo
RAID 10709: QueryServiceConfig() has bad length check.
08-Aug-1992 Danl
RDeleteService: Add call to ScMarkForDelete so the registry entry
is marked for deletion.
25-Aug-1992 Danl
RQueryServiceConfig: Fix problem where it failed if it couldn't
read the StartName from the registry. (This should be optional).
21-Jan-1994 Danl
RChangeServiceConfigW: Fixed BUG where a unicode DisplayName was
being copied into a buffer whose size assumed ansi characters.
Also changed so that displayname is not allocated unless it is
different from the ServiceName.
24-Mar-1994 Danl
RQueryServiceConfigW: Add worse case number of bytes (3) for RPC
alignment. I removed the exact calculation because it assumed
that strings went into the buffer in a particular order. Since RPC
picks the order for unmarshalling into the users buffer, the order
may be random.
06-Jun-1994 Danl
We were allocating memory for the display name in the service record only
when it was the same. It should have been doing this only when different.
The behaviour was such that if you changed the display name to something
other than the KeyName, the new name was placed in the registry, but not
in the service record. So GetKeyName on the new name would fail.
20-Jun-1994 Danl
Added SERVICE_WIN32_INTERACTIVE support to service type.
21-Jan-1995 AnirudhS
RCreateServiceW: This was calling ScAccessValidate to check if the caller
had the desired access to the object on creation of a new service object.
Fixed this to just grant the desired access instead.
26-Feb-1996 AnirudhS
RChangeServiceConfigW: Would generate a tag only if the group name
changed. Fixed it to always generate and return a tag if one is
requested, just like RCreateServiceW.
09-Dec-1996 AnirudhS
Added SC_LOG printouts to help diagnose the annoying
ERROR_INVALID_PARAMETER and ERROR_INVALID_SERVICE_ACCOUNT return codes.
22-Oct-1997 JSchwart (after AnirudhS in _CAIRO_ 12-Apr-1995)
RChangeServiceConfigW and RCreateServiceW: Allow services that run under
accounts other than LocalSystem to share processes too.
--*/
//
// INCLUDES
//
#include "precomp.hxx"
#include <scconfig.h> // ScGetImageFileName().
#include <sclib.h> // ScImagePathsMatch(), ScIsValidImagePath(), etc.
#include <scsec.h> // ScAccessValidate().
#include <valid.h> // SERVICE_TYPE_INVALID(), etc.
#include <sccrypt.h> // ScDecryptPassword
#include "account.h" // ScValidateAndSaveAccount
#include <strarray.h> // ScWStrArraySize
#include <align.h> // ROUND_UP_COUNT
#include "smartp.h" // CHeapPtr
#include "resource.h" // IDS_SC_CONFIG_* constants
#include "scaudit.h" // ScGenerateServiceInstallAudit
#define SC_NT_SYSTEM_ROOT L"\\SystemRoot\\"
#define SC_NT_SYSTEM_ROOT_LENGTH (sizeof(SC_NT_SYSTEM_ROOT) / sizeof(WCHAR) - 1)
#define SC_DOS_SYSTEM_ROOT L"%SystemRoot%\\"
#define SC_DOS_SYSTEM_ROOT_LENGTH (sizeof(SC_DOS_SYSTEM_ROOT) / sizeof(WCHAR) - 1)
#define ARC_PREFIX L"\\Arcname"
#define ARC_PREFIX_LENGTH (sizeof(ARC_PREFIX) / sizeof(WCHAR) - 1)
#define SERVICE_TYPE_CHANGED 0x00000001
#define START_TYPE_CHANGED 0x00000002
#define ERROR_CONTROL_CHANGED 0x00000004
#define BINARY_PATH_CHANGED 0x00000008
#define REG_GROUP_CHANGED 0x00000010
#define TAG_ID_CHANGED 0x00000020
#define DEPENDENCIES_CHANGED_SR 0x00000040 // Not in NT4
#define DEPENDENCIES_CHANGED_REG 0x00000080 // Not in NT4
#define START_NAME_CHANGED 0x00000100
#define SR_GROUP_CHANGED 0x00000200
#define DISPLAY_NAME_CHANGED_SR 0x00000400
#define DISPLAY_NAME_CHANGED_REG 0x00000800
DWORD
ScCanonDriverImagePath(
IN DWORD DriverStartType,
IN LPWSTR DriverPath,
OUT LPWSTR *CanonDriverPath
);
DWORD
ScConvertToBootPathName(
LPWSTR FullQualPathName,
LPWSTR * RelativePathName
);
DWORD
ScValidateDisplayName(
LPWSTR lpDisplayName,
LPSERVICE_RECORD lpServiceRecord
);
BOOLEAN
ScIsArcName(
LPWSTR PathName
);
DWORD
RChangeServiceConfigW(
IN SC_RPC_HANDLE hService,
IN DWORD dwServiceType,
IN DWORD dwStartType,
IN DWORD dwErrorControl,
IN LPWSTR lpBinaryPathName,
IN LPWSTR lpLoadOrderGroup,
OUT LPDWORD lpdwTagId,
IN LPBYTE lpDependencies,
IN DWORD dwDependSize,
IN LPWSTR lpServiceStartName,
IN LPBYTE EncryptedPassword,
IN DWORD PasswordSize,
IN LPWSTR lpDisplayName
)
/*++
Routine Description:
Arguments:
Return Value:
--*/
{
DWORD ApiStatus;
DWORD backoutStatus;
DWORD newServiceType;
LPSC_HANDLE_STRUCT serviceHandleStruct = (LPSC_HANDLE_STRUCT) hService;
HKEY ServiceNameKey = NULL;
LPSERVICE_RECORD serviceRecord;
LPWSTR CanonBinaryPath = NULL;
LPWSTR NewBinaryPath = NULL;
LPWSTR OldAccountName = NULL;
LPWSTR CanonAccountName = NULL;
DWORD CurrentServiceType = 0;
DWORD CurrentStartType = 0;
DWORD CurrentErrorControl = 0;
LPWSTR CurrentImageName = NULL;
LPWSTR CurrentDependencies = NULL;
LPWSTR CurrentDisplayName = NULL;
LPWSTR CurrentGroup = NULL;
LPWSTR CurrentStartName = NULL;
DWORD CurrentTag = 0;
DWORD Tag = 0;
DWORD Progress = 0;
LPWSTR Password = NULL;
LPWSTR OldSRDisplayName = NULL;
LPWSTR NewDisplayName = NULL;
if (ScShutdownInProgress) {
return(ERROR_SHUTDOWN_IN_PROGRESS);
}
//
// Check the handle.
//
if ( !ScIsValidServiceHandle( hService ) ) {
return(ERROR_INVALID_HANDLE);
}
SC_LOG(CONFIG_API, "RChangeServiceConfigW(%ws)\n",
serviceHandleStruct->Type.ScServiceObject.ServiceRecord->ServiceName);
//
// Do we have permission to do this?
//
if ( !RtlAreAllAccessesGranted(
serviceHandleStruct->AccessGranted,
SERVICE_CHANGE_CONFIG
)) {
return(ERROR_ACCESS_DENIED);
}
if (lpdwTagId != NULL) {
//
// Asking for new tag value but didn't specify group
//
if ((lpLoadOrderGroup == NULL) || (*lpLoadOrderGroup == 0)) {
SC_LOG0(ERROR, "Asking for new tag value but didn't specify group\n");
return(ERROR_INVALID_PARAMETER);
}
}
//
// Lock database, as we want to add stuff without other threads tripping
// on our feet. NOTE: since we may need the group list lock, we
// must get that lock first.
//
CGroupListExclusiveLock GLock;
CServiceListSharedLock LLock;
CServiceRecordExclusiveLock RLock;
//
// Find the service record for this handle.
//
serviceRecord =
serviceHandleStruct->Type.ScServiceObject.ServiceRecord;
SC_ASSERT( serviceRecord != NULL );
SC_ASSERT( serviceRecord->Signature == SERVICE_SIGNATURE );
//
// Disallow this call if record is marked for delete.
//
if (DELETE_FLAG_IS_SET(serviceRecord)) {
return(ERROR_SERVICE_MARKED_FOR_DELETE);
}
//
// If there is a DisplayName specified, check to see if it already
// exists.
//
ApiStatus = ScValidateDisplayName(lpDisplayName,serviceRecord);
if (ApiStatus != NO_ERROR) {
SC_LOG0(ERROR, "DisplayName invalid\n");
return(ApiStatus);
}
//
// Figure-out what the resulting service type will be.
// (Some other stuff below depends on this.)
//
if (dwServiceType != SERVICE_NO_CHANGE) {
if ( SERVICE_TYPE_INVALID( dwServiceType ) ) {
SC_LOG0(ERROR, "ServiceType invalid\n");
return(ERROR_INVALID_PARAMETER);
}
newServiceType = dwServiceType;
}
else {
newServiceType = serviceRecord->ServiceStatus.dwServiceType;
}
SC_ASSERT( newServiceType != SERVICE_NO_CHANGE );
//
// Validate other parameters.
//
ApiStatus = ScCheckServiceConfigParms(
TRUE, // This is a change operation
serviceRecord->ServiceName,
serviceRecord->ServiceStatus.dwServiceType, // new actual type
dwServiceType,
dwStartType,
dwErrorControl,
lpBinaryPathName,
lpLoadOrderGroup,
(LPWSTR)lpDependencies,
dwDependSize);
if (ApiStatus != NO_ERROR) {
return(ApiStatus);
}
//-----------------------------
//
// Begin Updating the Registry
//
//-----------------------------
ApiStatus = ScOpenServiceConfigKey(
serviceRecord->ServiceName,
KEY_WRITE | KEY_READ,
FALSE, // don't create if missing
& ServiceNameKey );
if (ApiStatus != NO_ERROR) {
return(ApiStatus);
}
//--------------------------------------
// (from here on we need to use Cleanup)
//
// Service Type
//--------------------------------------
if (dwServiceType != SERVICE_NO_CHANGE) {
//
// If this service is supposed to be interactive, make sure
// the service account is LocalSystem. Otherwise, it should
// fail with ERROR_INVALID_PARAMETER.
//
if (dwServiceType & SERVICE_INTERACTIVE_PROCESS) {
if (ARGUMENT_PRESENT(lpServiceStartName)) {
ApiStatus = ScCanonAccountName(lpServiceStartName, &CanonAccountName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
if (_wcsicmp(CanonAccountName,SC_LOCAL_SYSTEM_USER_NAME) != 0) {
SC_LOG0(ERROR, "Service must run in LocalSystem account to be interactive\n");
ApiStatus = ERROR_INVALID_PARAMETER;
goto Cleanup;
}
}
else {
//
// Get old account name
//
ApiStatus = ScReadStartName(ServiceNameKey, &OldAccountName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
if (_wcsicmp(OldAccountName, SC_LOCAL_SYSTEM_USER_NAME) != 0) {
SC_LOG0(ERROR, "Service must run in LocalSystem account to be interactive\n");
ApiStatus = ERROR_INVALID_PARAMETER;
goto Cleanup;
}
}
}
ApiStatus = ScReadServiceType( ServiceNameKey, &CurrentServiceType);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ApiStatus = ScWriteServiceType( ServiceNameKey, dwServiceType);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= SERVICE_TYPE_CHANGED;
}
else {
//
// ServiceType is not being changed.
//
CurrentServiceType = serviceRecord->ServiceStatus.dwServiceType;
//
// if the current service type contains the interactive bit, and the
// account type is being changed to something other than LocalSystem,
// then we should fail the call with ERROR_INVALID_PARAMETER.
//
if (ARGUMENT_PRESENT(lpServiceStartName)) {
if ((CurrentServiceType & SERVICE_INTERACTIVE_PROCESS) &&
(_wcsicmp(lpServiceStartName,SC_LOCAL_SYSTEM_USER_NAME) != 0)) {
SC_LOG0(ERROR, "Service must run in LocalSystem account to be interactive\n");
ApiStatus = ERROR_INVALID_PARAMETER;
goto Cleanup;
}
}
}
//---------------------
// Start Type
//---------------------
if (dwStartType != SERVICE_NO_CHANGE) {
ApiStatus = ScReadStartType( ServiceNameKey, &CurrentStartType);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ApiStatus = ScWriteStartType( ServiceNameKey, dwStartType);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= START_TYPE_CHANGED;
//
// If they're supplying a new binary name, making it correct for the
// Start type will happen automatically. If they're keeping the
// same imagepath, we need to make sure it of the correct format,
// and if not, fix it.
//
if (lpBinaryPathName == NULL) {
//
// If the start type is changing from SERVICE_BOOT_START we need
// to turn the start path into a fully qualified NT name (BOOT
// drivers have paths relative to systemroot)
//
if (CurrentStartType == SERVICE_BOOT_START &&
dwStartType != SERVICE_BOOT_START) {
//
// Note: The following call allocates storage for the
// CurrentImageName
//
ApiStatus = ScGetImageFileName (
serviceRecord->ServiceName,
&CurrentImageName );
if (ApiStatus != NO_ERROR && ApiStatus != ERROR_PATH_NOT_FOUND) {
SC_LOG(ERROR,"RChangeServiceConfigW: ScGetImageFileName failed %d\n",
ApiStatus);
goto Cleanup;
}
//
// If there's an existing path, we need to fix
// If it is an ARC name, leave it alone
//
//
if (ApiStatus != ERROR_PATH_NOT_FOUND &&
!ScIsArcName(CurrentImageName)) {
//
// Prepend \systemroot\ to the beginning of the path
//
NewBinaryPath = (LPWSTR)LocalAlloc(LMEM_ZEROINIT,
(UINT) ((wcslen(CurrentImageName) +
SC_NT_SYSTEM_ROOT_LENGTH + 1) * sizeof(WCHAR)));
if (!NewBinaryPath) {
SC_LOG(ERROR,"RChangeServiceConfigW: LocalAlloc failed %d\n",
GetLastError());
ApiStatus = ERROR_NOT_ENOUGH_MEMORY;
goto Cleanup;
}
wcscpy(NewBinaryPath, SC_NT_SYSTEM_ROOT);
wcscat(NewBinaryPath, CurrentImageName);
lpBinaryPathName = NewBinaryPath;
}
ApiStatus = NO_ERROR;
LocalFree(CurrentImageName);
}
//
// If the start type is changing to SERVICE_BOOT_START, we need
// to make sure the ImagePath gets canonicalized
//
else if (dwStartType == SERVICE_BOOT_START && CurrentStartType != SERVICE_BOOT_START)
{
//
// Note: The following call allocates storage for the
// CurrentImageName
//
ApiStatus = ScGetImageFileName (
serviceRecord->ServiceName,
&CurrentImageName );
if (ApiStatus != NO_ERROR && ApiStatus != ERROR_PATH_NOT_FOUND) {
SC_LOG(ERROR,"RChangeServiceConfigW: ScGetImageFileName failed %d\n",
ApiStatus);
goto Cleanup;
}
//
// If there's an existing path and it's not an ARC name, we
// need to fix
//
if (ApiStatus != ERROR_PATH_NOT_FOUND &&
!ScIsArcName(CurrentImageName)) {
//
// Now make sure it's in the proper canonical form for a
// boot driver.
//
ApiStatus = ScConvertToBootPathName(
CurrentImageName,
&NewBinaryPath
);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR, "ScConvertToBootPathName error %lu\n", ApiStatus);
goto Cleanup;
}
lpBinaryPathName = NewBinaryPath;
LocalFree(CurrentImageName);
}
ApiStatus = NO_ERROR;
}
}
}
//---------------------
// ErrorControl
//---------------------
if (dwErrorControl != SERVICE_NO_CHANGE) {
ApiStatus = ScReadErrorControl( ServiceNameKey, &CurrentErrorControl);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ApiStatus = ScWriteErrorControl( ServiceNameKey, dwErrorControl );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= ERROR_CONTROL_CHANGED;
}
//---------------------
// DisplayName
//---------------------
if (lpDisplayName != NULL) {
//
// UPDATE SERVICE RECORD
//
// We always update the display name in the service record - even
// if we delay in updating the rest of the config. If we don't
// do this, then we leave an opening where two services can end
// up with the same display name.
// The following scenario can take place if we don't update
// the service record until the service is stopped:
//
// Until serviceA is stopped, the new display name only exists
// in the registry. In the meantime, another service (serviceB)
// can be given the same name. Name validation only looks in
// the service records for duplicate names. Then when serviceA is
// stopped, it takes on the new name which is the same as the
// display name for serviceB.
//
OldSRDisplayName = serviceRecord->DisplayName;
//
// If the display name is the same as the service name,
// then set the display name pointer to point to
// the service name.
//
if ((*lpDisplayName != L'\0') &&
(_wcsicmp(lpDisplayName,serviceRecord->ServiceName) != 0)) {
NewDisplayName = (LPWSTR)LocalAlloc(
LMEM_FIXED,
WCSSIZE(lpDisplayName));
if (NewDisplayName == NULL) {
SC_LOG0(ERROR,"RChangeServiceConfigW: LocalAlloc failed\n");
ApiStatus = ERROR_NOT_ENOUGH_MEMORY;
serviceRecord->DisplayName = OldSRDisplayName;
goto Cleanup;
}
//
// Copy the display name into new buffer, and free up memory
// for old name if necessary.
//
wcscpy(NewDisplayName, lpDisplayName);
}
else {
NewDisplayName = serviceRecord->ServiceName;
}
serviceRecord->DisplayName = NewDisplayName;
Progress |= DISPLAY_NAME_CHANGED_SR;
//
// UPDATE REGISTRY
//
ApiStatus = ScReadDisplayName(ServiceNameKey, &CurrentDisplayName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ApiStatus = ScWriteDisplayName( ServiceNameKey, lpDisplayName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= DISPLAY_NAME_CHANGED_REG;
}
//---------------------
// BinaryPathName
//---------------------
if (lpBinaryPathName != NULL) {
//
// Note: The following call allocates storage for the CurrentImageName
//
ApiStatus = ScGetImageFileName (
serviceRecord->ServiceName,
&CurrentImageName );
if (ApiStatus != NO_ERROR && ApiStatus != ERROR_PATH_NOT_FOUND) {
SC_LOG(ERROR,"RChangeServiceConfigW: ScGetImageFileName failed %d\n",
ApiStatus);
goto Cleanup;
}
if (CurrentServiceType & SERVICE_DRIVER) {
//
// Driver service
//
ApiStatus = ScCanonDriverImagePath(
dwStartType,
lpBinaryPathName,
&CanonBinaryPath
);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR, "ScCanonDriverImagePath error %lu\n", ApiStatus);
goto Cleanup;
}
if (CurrentImageName == NULL ||
!ScImagePathsMatch(CanonBinaryPath, CurrentImageName)) {
ApiStatus = ScWriteImageFileName(ServiceNameKey, CanonBinaryPath);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR,"RChangeServiceConfigW: ScWriteImageFileName "
"failed %d\n",ApiStatus);
goto Cleanup;
}
Progress |= BINARY_PATH_CHANGED;
}
}
else {
//
// Win32 service
//
if (CurrentImageName == NULL ||
!ScImagePathsMatch(lpBinaryPathName, CurrentImageName)) {
ApiStatus = ScWriteImageFileName(ServiceNameKey, lpBinaryPathName);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR,"RChangeServiceConfigW: ScWriteImageFileName "
"failed %d\n",ApiStatus);
goto Cleanup;
}
Progress |= BINARY_PATH_CHANGED;
}
}
}
//---------------------
// Dependencies
//---------------------
if (lpDependencies != NULL) {
//
// Read the existing dependencies from registry so
// that we can restore it in case of failure later.
// We don't check for error here. We assume a failure means
// that there are no current dependencies.
//
ScReadDependencies(
ServiceNameKey,
&CurrentDependencies,
serviceRecord->ServiceName);
//
// Dynamically update the dependencies and check to make sure
// updating was error-free
//
ApiStatus = ScUpdateServiceRecordConfig(
serviceRecord,
SERVICE_NO_CHANGE,
SERVICE_NO_CHANGE,
SERVICE_NO_CHANGE,
NULL,
(LPBYTE)lpDependencies);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= DEPENDENCIES_CHANGED_SR;
//
// Update the dependencies in the registry
//
ApiStatus = ScWriteDependencies(
ServiceNameKey,
(LPWSTR) lpDependencies,
dwDependSize
);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= DEPENDENCIES_CHANGED_REG;
}
//---------------------
// Load order group
//---------------------
if (lpLoadOrderGroup != NULL) {
//
// Save existing group membership info so that we can restore
// it in case of error.
// Read the current LoadOrderGroup value from Registry
//
if (ScAllocateAndReadConfigValue(
ServiceNameKey,
GROUP_VALUENAME_W,
&CurrentGroup,
NULL
) != NO_ERROR) {
CurrentGroup = NULL;
}
//
// Read current Tag Id to save in case of error.
//
CurrentTag = serviceRecord->Tag;
if ((CurrentGroup != NULL) &&
(_wcsicmp(lpLoadOrderGroup, CurrentGroup) == 0)) {
//
// The new load order group is the same as what is currently
// in the registry. This means that no group change is occuring.
//
if (lpdwTagId != NULL) {
//
// The caller requested a tag. If there isn't one, generate
// one and write it to the registry.
//
Tag = CurrentTag;
if (CurrentTag == 0) {
ScGetUniqueTag(
lpLoadOrderGroup,
&Tag
);
ApiStatus = ScWriteTag(ServiceNameKey, Tag);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Update the service record with the tag id.
//
serviceRecord->Tag = Tag;
Progress |= TAG_ID_CHANGED;
}
}
}
else {
//
// The new load order group is different from what is currently
// stored in the registry. Save the new one in the registry.
//
ApiStatus = ScWriteGroupForThisService(
ServiceNameKey,
lpLoadOrderGroup);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Also save it in the service controller database.
//
Progress |= REG_GROUP_CHANGED;
ScDeleteRegistryGroupPointer(serviceRecord);
ApiStatus = ScCreateRegistryGroupPointer(
serviceRecord,
lpLoadOrderGroup);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= SR_GROUP_CHANGED;
//
// Check to see if the LoadOrderGroup is being cleared
// (0 length string) or set to a new string. If there
// is a new string, we need to get a new unique Tag for it.
//
if (*lpLoadOrderGroup != 0) {
//
// We have a new LoadOrderGroup information. Get a unique
// Tag value.
//
if (lpdwTagId != NULL) {
ScGetUniqueTag(
lpLoadOrderGroup,
&Tag
);
}
}
//
// Write tag entry to registry if not 0. If 0, we delete the tag
// value from the registry.
//
if (Tag == 0) {
ScDeleteTag(ServiceNameKey);
}
else {
ApiStatus = ScWriteTag(ServiceNameKey, Tag);
}
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Update the service record with the tag id.
//
serviceRecord->Tag = Tag;
Progress |= TAG_ID_CHANGED;
}
}
//---------------------
// ServiceStartName
//---------------------
//
// If the service type is a DRIVER then we must interpret the
// lpServiceStartName as an NT driver object name and add it to
// the registry. If the type is WIN32, then lpServiceStartName
// must be an account name. This will be handled by
// ScUpdateServiceRecordConfig.
//
if ((newServiceType & SERVICE_DRIVER) &&
(ARGUMENT_PRESENT(lpServiceStartName))) {
//
// Read StartName to save in case of error.
//
ApiStatus = ScReadStartName( ServiceNameKey, &CurrentStartName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Write the driver objectname to the registry.
//
ApiStatus = ScWriteStartName(
ServiceNameKey,
lpServiceStartName
);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
Progress |= START_NAME_CHANGED;
}
//==============================
// UPDATE Account Information
//==============================
if ((newServiceType & SERVICE_WIN32) &&
(ARGUMENT_PRESENT(lpServiceStartName) ||
ARGUMENT_PRESENT(EncryptedPassword))) {
//
// Changing the account.
//
//
// Get old account name.
// It may have already been retreived when we were handling
// ServiceType (above).
//
if (OldAccountName == NULL) {
ApiStatus = ScReadStartName(ServiceNameKey, &OldAccountName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
if (! ARGUMENT_PRESENT(lpServiceStartName)) {
//
// Account name is specified as the one saved in the registry
//
CanonAccountName = OldAccountName;
}
else {
//
// NOTE: We may have already obtained a CanonAccountName when we
// checked the INTERACTIVE service type.
//
if (CanonAccountName == NULL) {
ApiStatus = ScCanonAccountName(lpServiceStartName, &CanonAccountName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
}
//
// Decrypt the password. This function returns a pointer to
// the decrypted password that must be freed later.
//
if (ARGUMENT_PRESENT(EncryptedPassword)) {
ApiStatus = ScDecryptPassword(
hService,
EncryptedPassword,
PasswordSize,
&Password
);
if (ApiStatus != NO_ERROR) {
SC_LOG0(ERROR, "RChangeServiceConfigW: ScDecryptPassword failed\n");
goto Cleanup;
}
}
//
// NOTE: The following needs to be the last operation in the
// function. This is because there is no way to back out of this
// if something after it fails.
//
//
// Validate and update internal data structures for the new
// account, as well as write the new AccountName back to the
// registry if appropriate.
//
ApiStatus = ScValidateAndChangeAccount(
serviceRecord,
ServiceNameKey,
OldAccountName,
CanonAccountName,
Password
);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR, "ScValidateAndChangeAccount error %lu\n", ApiStatus);
goto Cleanup;
}
}
//
// Update the service record with the new configuration if the
// service is stopped. If it is running, then set a flag to
// remind us to do it later. We don't update the dependencies
// here since it is done dynamically in RChangeServiceConfigW
//
if (serviceRecord->ServiceStatus.dwCurrentState == SERVICE_STOPPED) {
//
// Dependencies are NULL since they're updated dynamically
//
ApiStatus = ScUpdateServiceRecordConfig(
serviceRecord,
dwServiceType,
dwStartType,
dwErrorControl,
lpLoadOrderGroup,
NULL);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
else {
//
// The service is running. Mark is so that we update the status
// when it stops.
//
SET_UPDATE_FLAG(serviceRecord);
}
Cleanup:
if (ApiStatus == NO_ERROR)
{
if (lpdwTagId != NULL)
{
*lpdwTagId = Tag;
}
if (Progress & DISPLAY_NAME_CHANGED_SR)
{
if (OldSRDisplayName != serviceRecord->ServiceName)
{
LocalFree(OldSRDisplayName);
}
}
}
else
{
//
// An error occured. Backout any changes that may have occured.
//
if (Progress & SERVICE_TYPE_CHANGED) {
backoutStatus = ScWriteServiceType( ServiceNameKey, CurrentServiceType);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_SERVICE_TYPE);
}
}
if (Progress & START_TYPE_CHANGED) {
backoutStatus = ScWriteStartType( ServiceNameKey, CurrentStartType);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_START_TYPE);
}
}
if (Progress & ERROR_CONTROL_CHANGED) {
backoutStatus = ScWriteErrorControl( ServiceNameKey, CurrentErrorControl);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_ERROR_CONTROL);
}
}
if (Progress & DISPLAY_NAME_CHANGED_REG) {
if (CurrentDisplayName == NULL) {
backoutStatus = ScWriteDisplayName(
ServiceNameKey,
L"");
}
else {
backoutStatus = ScWriteDisplayName(
ServiceNameKey,
CurrentDisplayName);
}
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_DISPLAY_NAME);
}
}
if (Progress & DISPLAY_NAME_CHANGED_SR) {
if (serviceRecord->DisplayName != serviceRecord->ServiceName) {
LocalFree(serviceRecord->DisplayName);
serviceRecord->DisplayName = OldSRDisplayName;
}
}
if (Progress & BINARY_PATH_CHANGED) {
if (CurrentImageName == NULL) {
ScRegDeleteValue(ServiceNameKey, IMAGE_VALUENAME_W);
}
else {
backoutStatus = ScWriteImageFileName( ServiceNameKey, CurrentImageName);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_BINARY_PATH);
}
}
}
if (Progress & DEPENDENCIES_CHANGED_REG) {
//
// ScWriteDependencies doesn't like NULL dependencies
//
LPWSTR lpTempDepend = (CurrentDependencies ? CurrentDependencies : L"\0");
backoutStatus = ScWriteDependencies(
ServiceNameKey,
lpTempDepend,
ScWStrArraySize(lpTempDepend));
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_DEPENDENCIES);
}
}
if (Progress & DEPENDENCIES_CHANGED_SR) {
backoutStatus = ScUpdateServiceRecordConfig(
serviceRecord,
SERVICE_NO_CHANGE,
SERVICE_NO_CHANGE,
SERVICE_NO_CHANGE,
NULL,
(LPBYTE)CurrentDependencies);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_DEPENDENCIES);
}
}
if (Progress & REG_GROUP_CHANGED) {
if (CurrentGroup != NULL) {
backoutStatus = ScWriteGroupForThisService(
ServiceNameKey, CurrentGroup);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_GROUP);
}
}
else {
ScRegDeleteValue(ServiceNameKey, GROUP_VALUENAME_W);
}
}
if (Progress & SR_GROUP_CHANGED) {
ScDeleteRegistryGroupPointer(serviceRecord);
backoutStatus = ScCreateRegistryGroupPointer( serviceRecord, CurrentGroup);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_GROUP);
}
}
if (Progress & TAG_ID_CHANGED)
{
if (CurrentTag == 0)
{
ScDeleteTag(ServiceNameKey);
}
else
{
backoutStatus = ScWriteTag( ServiceNameKey, CurrentTag);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_TAG);
}
}
serviceRecord->Tag = CurrentTag;
}
if (Progress & START_NAME_CHANGED)
{
backoutStatus = ScWriteStartName( ServiceNameKey, CurrentStartName);
if (backoutStatus != NO_ERROR)
{
ScLogControlEvent(NEVENT_SERVICE_CONFIG_BACKOUT_FAILED,
OldSRDisplayName ? OldSRDisplayName :
serviceRecord->DisplayName,
IDS_SC_CONFIG_ACCOUNT);
}
}
}
if (CanonAccountName == OldAccountName) {
LocalFree(OldAccountName);
}
else {
LocalFree(OldAccountName);
LocalFree(CanonAccountName);
}
//
// Free memory resources
//
LocalFree(CurrentDisplayName);
LocalFree(CurrentImageName);
LocalFree(CurrentDependencies);
LocalFree(CurrentGroup);
LocalFree(CurrentStartName);
LocalFree(CanonBinaryPath);
LocalFree(NewBinaryPath);
LocalFree(Password);
if (ServiceNameKey != NULL) {
ScRegFlushKey(ServiceNameKey);
ScRegCloseKey(ServiceNameKey);
}
SC_LOG1(CONFIG_API, "RChangeServiceConfigW returning status " FORMAT_DWORD ".\n", ApiStatus);
return ApiStatus;
}
DWORD
RCreateServiceW(
IN SC_RPC_HANDLE hSCManager,
IN LPWSTR lpServiceName,
IN LPWSTR lpDisplayName,
IN DWORD dwDesiredAccess,
IN DWORD dwServiceType,
IN DWORD dwStartType,
IN DWORD dwErrorControl,
IN LPWSTR lpBinaryPathName,
IN LPWSTR lpLoadOrderGroup,
OUT LPDWORD lpdwTagId OPTIONAL,
IN LPBYTE lpDependencies OPTIONAL,
IN DWORD dwDependSize,
IN LPWSTR lpServiceStartName OPTIONAL,
IN LPBYTE EncryptedPassword OPTIONAL,
IN DWORD PasswordSize,
IN OUT LPSC_RPC_HANDLE lpServiceHandle
)
/*++
Routine Description:
Arguments:
Return Value:
--*/
{
DWORD ApiStatus;
LPSERVICE_RECORD newServiceRecord = NULL;
LPSERVICE_RECORD oldServiceRecord;
LPSC_HANDLE_STRUCT serviceHandleStruct = NULL;
HKEY serviceKey = NULL;
CHeapPtr<LPWSTR> Password;
CHeapPtr<LPWSTR> CanonAccountName;
CHeapPtr<LPWSTR> CanonBinaryPath;
DWORD Tag = 0;
SC_LOG1( CONFIG_API, "In RCreateServiceW - creating %ws\n",lpServiceName);
if (ScShutdownInProgress) {
return(ERROR_SHUTDOWN_IN_PROGRESS);
}
if ( !ScIsValidScManagerHandle( hSCManager ) ) {
ApiStatus = ERROR_INVALID_HANDLE;
return(ApiStatus);
}
if ( !RtlAreAllAccessesGranted(
((LPSC_HANDLE_STRUCT)hSCManager)->AccessGranted,
SC_MANAGER_CREATE_SERVICE
)) {
ApiStatus = ERROR_ACCESS_DENIED;
return(ApiStatus);
}
if ( !ScIsValidServiceName( lpServiceName ) ) {
ApiStatus = ERROR_INVALID_NAME;
return(ApiStatus);
}
//
// Validate other parameters.
//
ApiStatus = ScCheckServiceConfigParms(
FALSE, // no, this is not a change operation
lpServiceName,
dwServiceType, // new actual type = same one app gave us.
dwServiceType,
dwStartType,
dwErrorControl,
lpBinaryPathName,
lpLoadOrderGroup,
(LPWSTR)lpDependencies,
dwDependSize);
if (ApiStatus != NO_ERROR) {
return(ApiStatus);
}
if (lpdwTagId != NULL) {
//
// Asking for tag value but didn't specify group
//
if ((lpLoadOrderGroup == NULL) ||
((lpLoadOrderGroup != NULL) && (*lpLoadOrderGroup == 0))){
SC_LOG0(ERROR, "Asking for tag value but didn't specify group\n");
ApiStatus = ERROR_INVALID_PARAMETER;
return(ApiStatus);
}
}
if (dwServiceType & SERVICE_WIN32) {
//
// Canonicalize the StartName if it is an account name.
//
LPWSTR AccountName = SC_LOCAL_SYSTEM_USER_NAME; // Default
if (ARGUMENT_PRESENT(lpServiceStartName)) {
AccountName = lpServiceStartName;
}
ApiStatus = ScCanonAccountName(
AccountName,
&CanonAccountName
);
if (ApiStatus != NO_ERROR) {
return(ApiStatus);
}
//
// The services that are expected to be interactive MUST
// run in the LocalSystem account only.
//
if ((dwServiceType & SERVICE_INTERACTIVE_PROCESS) &&
(_wcsicmp(CanonAccountName,SC_LOCAL_SYSTEM_USER_NAME) != 0)) {
SC_LOG0(ERROR, "Service must run in LocalSystem account to be interactive\n");
ApiStatus = ERROR_INVALID_PARAMETER;
return(ApiStatus);
}
}
else if (dwServiceType & SERVICE_DRIVER) {
//
// Canonicalize the path name for drivers
//
ApiStatus = ScCanonDriverImagePath(
dwStartType,
lpBinaryPathName,
&CanonBinaryPath
);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR, "ScCanonDriverImagePath error %lu\n", ApiStatus);
return(ApiStatus);
}
}
if (lpServiceHandle == NULL) {
SC_LOG0(ERROR, "Null lpServiceHandle\n");
ApiStatus = ERROR_INVALID_PARAMETER;
return(ApiStatus);
}
//
// Lock database, as we want to add stuff without other threads tripping
// on our feet. NOTE: since we may need the group list lock, we must
// get that lock first.
//
CGroupListExclusiveLock GLock;
CServiceListExclusiveLock LLock;
CServiceRecordExclusiveLock RLock;
//
// Look for unique tag
//
if (lpdwTagId != NULL) {
ScGetUniqueTag(
lpLoadOrderGroup,
&Tag
);
}
//
// Look for an existing service.
//
SC_LOG0( CONFIG_API, "RCreateServiceW: See if Service already exists\n");
ApiStatus = ScGetNamedServiceRecord (
lpServiceName,
&oldServiceRecord );
if (ApiStatus == NO_ERROR) {
if (DELETE_FLAG_IS_SET(oldServiceRecord)) {
ApiStatus = ERROR_SERVICE_MARKED_FOR_DELETE;
}
else {
ApiStatus = ERROR_SERVICE_EXISTS;
}
goto Cleanup;
} else if (ApiStatus != ERROR_SERVICE_DOES_NOT_EXIST) {
goto Cleanup;
}
//
// If there is a DisplayName specified, check to see if it already
// exists.
//
ApiStatus = ScValidateDisplayName(lpDisplayName, NULL);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Allocate new service record. Put the service name in the record too.
//
SC_LOG0( CONFIG_API, "RCreateServiceW: Create a new service record\n");
ApiStatus = ScCreateServiceRecord(
lpServiceName,
& newServiceRecord );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
SC_LOG0( CONFIG_API, "RCreateServiceW: Add Config Info to Service Record\n");
ApiStatus = ScAddConfigInfoServiceRecord(
newServiceRecord,
dwServiceType,
dwStartType,
dwErrorControl,
lpLoadOrderGroup,
Tag,
(LPWSTR) lpDependencies,
lpDisplayName,
NULL // Create new security descriptor
);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR, "ScAddConfigInfoServiceRecord error %lu\n", ApiStatus);
goto Cleanup;
}
SC_LOG0( CONFIG_API, "RCreateServiceW: Set dependency pointers\n");
ApiStatus = ScSetDependencyPointers(
newServiceRecord
);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//--------------------------------------------
// Create a key in registry for this service.
//--------------------------------------------
SC_LOG0( CONFIG_API, "RCreateServiceW: Open Registry Key for service\n");
ApiStatus = ScOpenServiceConfigKey(
lpServiceName,
KEY_READ | KEY_WRITE, // desired access
TRUE, // create if it doesn't exist
&serviceKey );
if (ApiStatus != NO_ERROR) {
SC_LOG1( CONFIG_API, "RCreateServiceW: ScOpenServiceConfigKey failed %d\n",
ApiStatus);
goto Cleanup;
}
//
// Write stuff to the registry (except user name and password).
//
SC_LOG0( CONFIG_API, "RCreateServiceW: Write RegistryInfo\n");
ApiStatus = ScWriteServiceType( serviceKey, dwServiceType );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ApiStatus = ScWriteStartType( serviceKey, dwStartType );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ApiStatus = ScWriteErrorControl( serviceKey, dwErrorControl );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
if (lpdwTagId != NULL) {
ApiStatus = ScWriteTag( serviceKey, Tag );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
if (dwServiceType & SERVICE_WIN32) {
ApiStatus = ScWriteImageFileName( serviceKey, lpBinaryPathName );
}
else if (dwServiceType & SERVICE_DRIVER) {
ApiStatus = ScWriteImageFileName( serviceKey, CanonBinaryPath );
}
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
ScWriteDisplayName(serviceKey, lpDisplayName);
if ( (lpLoadOrderGroup != NULL) && ( (*lpLoadOrderGroup) != L'\0' ) ) {
ApiStatus = ScWriteGroupForThisService( serviceKey, lpLoadOrderGroup );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
if ( (lpDependencies != NULL) && ( (*lpDependencies) != L'\0' ) ) {
ApiStatus = ScWriteDependencies(
serviceKey,
(LPWSTR) lpDependencies,
dwDependSize );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
if (newServiceRecord != NULL && newServiceRecord->ServiceSd != NULL) {
ApiStatus = ScWriteSd(
serviceKey,
newServiceRecord->ServiceSd
);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
//
// Create a handle which caller can use.
//
SC_LOG0( CONFIG_API, "RCreateServiceW: Create Service Handle\n");
ApiStatus = ScCreateServiceHandle( newServiceRecord,
&serviceHandleStruct );
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Give the handle the access that the caller requested.
//
ApiStatus = ScGrantAccess(
serviceHandleStruct,
dwDesiredAccess);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Resolve outstanding dependency to this service.
//
SC_LOG0( CONFIG_API, "RCreateServiceW: Resolve Dependencies\n");
ApiStatus = ScResolveDependencyToService(newServiceRecord);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// Decrypt the password. This function returns a pointer to
// the decrypted password that must be freed later.
//
if (ARGUMENT_PRESENT(EncryptedPassword)) {
ApiStatus = ScDecryptPassword(
hSCManager,
EncryptedPassword,
PasswordSize,
&Password
);
if (ApiStatus != NO_ERROR) {
SC_LOG0(ERROR, "RCreateServiceW: ScDecryptPassword failed\n");
goto Cleanup;
}
}
//
// The LAST thing we must do (which might fail) is call
// ScValidateAndSaveAccount(). This must be last because there is no
// way to undo this routine's actions.
//
if (dwServiceType & SERVICE_WIN32) {
SC_LOG0( CONFIG_API, "RCreateServiceW: Validate and save account\n");
ApiStatus = ScValidateAndSaveAccount(
lpServiceName,
serviceKey,
CanonAccountName,
Password
);
if (ApiStatus != NO_ERROR) {
SC_LOG(ERROR, "ScValidateAndSaveAccount error %lu\n", ApiStatus);
goto Cleanup;
}
}
else if ((dwServiceType & SERVICE_DRIVER) &&
(ARGUMENT_PRESENT(lpServiceStartName))) {
SC_LOG0( CONFIG_API, "RCreateServiceW: Write Driver ObjectName to "
"registry\n");
//
// Write the driver objectname to the registry.
//
ApiStatus = ScWriteStartName(
serviceKey,
lpServiceStartName
);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
}
SC_LOG0( CONFIG_API, "RCreateServiceW: Done - No Errors\n");
ApiStatus = NO_ERROR;
//
// generate an audit
//
ScGenerateServiceInstallAudit(
lpServiceName,
lpBinaryPathName,
dwServiceType,
dwStartType,
lpServiceStartName
);
Cleanup:
if (serviceKey != NULL) {
ScRegFlushKey( serviceKey);
ScRegCloseKey( serviceKey );
}
if (ApiStatus == NO_ERROR) {
newServiceRecord->UseCount = 1;
*lpServiceHandle = (SC_RPC_HANDLE) serviceHandleStruct;
SC_LOG2(USECOUNT, "CreateService: " FORMAT_LPWSTR
" increment USECOUNT=%lu\n", newServiceRecord->ServiceName, newServiceRecord->UseCount);
if (lpdwTagId != NULL) {
*lpdwTagId = Tag;
}
}
else {
if (newServiceRecord != NULL) {
//
// Delete partially created service record.
//
SET_DELETE_FLAG(newServiceRecord);
newServiceRecord->UseCount = 1;
SC_LOG2(USECOUNT, "CreateService: " FORMAT_LPWSTR
" increment USECOUNT=%lu\n", newServiceRecord->ServiceName, newServiceRecord->UseCount);
//
// ScDecrementUseCountAndDelete deletes the service record
// and the registry entry for that service.
//
ScDecrementUseCountAndDelete(newServiceRecord);
newServiceRecord = NULL;
}
LocalFree(serviceHandleStruct);
if (lpServiceHandle != NULL) {
*lpServiceHandle = NULL;
}
}
SC_LOG2( CONFIG_API, "RCreateServiceW returning status " FORMAT_DWORD
" and handle " FORMAT_LPVOID ".\n", ApiStatus,
(LPVOID) serviceHandleStruct );
return(ApiStatus);
}
DWORD
RDeleteService(
IN SC_RPC_HANDLE hService
)
/*++
Routine Description:
Arguments:
Return Value:
--*/
{
NTSTATUS status;
RPC_STATUS RpcStatus;
UNICODE_STRING Subsystem;
ULONG privileges[1];
DWORD ApiStatus;
BOOL fImpersonated = TRUE;
LPSC_HANDLE_STRUCT serviceHandleStruct = (LPSC_HANDLE_STRUCT) hService;
LPSERVICE_RECORD serviceRecord;
if (ScShutdownInProgress) {
return(ERROR_SHUTDOWN_IN_PROGRESS);
}
//
// Check the handle.
//
if ( !ScIsValidServiceHandle( hService ) ) {
return(ERROR_INVALID_HANDLE);
}
//
// Do we have permission to do this?
//
if ( !RtlAreAllAccessesGranted(
serviceHandleStruct->AccessGranted,
DELETE
)) {
return(ERROR_ACCESS_DENIED);
}
//
// Lock database, as we want to change stuff without other threads tripping
// on our feet.
//
CServiceRecordExclusiveLock RLock;
//
// Find the service record
//
serviceRecord = serviceHandleStruct->Type.ScServiceObject.ServiceRecord;
SC_ASSERT( serviceRecord != NULL );
SC_ASSERT( serviceRecord->Signature == SERVICE_SIGNATURE );
//
// Check if marked for deletion (by another call to this API).
//
if (DELETE_FLAG_IS_SET(serviceRecord)) {
ApiStatus = ERROR_SERVICE_MARKED_FOR_DELETE;
goto Cleanup;
}
//
// Mark the service for deletion.
// It will actually be deleted when the last handle to it is closed.
// NOTE: Since the service itself owns a handle, the deletion is
// not complete until the service has stopped.
//
SET_DELETE_FLAG(serviceRecord);
//
// Set the start type to disabled. If we're deleting a driver that's
// started by the system, we don't want the system to start it on the
// next boot since we're going to remove the key from the registry
//
serviceRecord->StartType = SERVICE_DISABLED;
//
// Mark the registry entry for this service for deletion. If we notice
// this as being present when we go throught our initialization routine
// (during boot), the service entry in the registry will be deleted.
//
ScMarkForDelete(serviceRecord);
//
// Get Audit Privilege
//
privileges[0] = SE_AUDIT_PRIVILEGE;
status = ScGetPrivilege( 1, privileges);
if (status != NO_ERROR) {
SC_LOG1(ERROR, "RDeleteService: ScGetPrivilege (Enable) failed %d\n",
status);
}
//
// Generate the audit -- must be done as the user as per C2 requirements.
//
RpcStatus = RpcImpersonateClient(NULL);
if (RpcStatus != RPC_S_OK)
{
SC_LOG1(ERROR,
"RCloseServiceHandle: Failed to impersonate client " FORMAT_RPC_STATUS "\n",
RpcStatus);
ScLogEvent(
NEVENT_CALL_TO_FUNCTION_FAILED,
SC_RPC_IMPERSONATE,
RpcStatus);
//
// Can't impersonate the user -- do the audit as System instead so
// the close is at least logged.
//
fImpersonated = FALSE;
}
RtlInitUnicodeString(&Subsystem, SC_MANAGER_AUDIT_NAME);
status = NtDeleteObjectAuditAlarm(
&Subsystem,
hService,
(BOOLEAN)((serviceHandleStruct->Flags
& SC_HANDLE_GENERATE_ON_CLOSE) != 0));
if (!NT_SUCCESS(status))
{
SC_LOG1(ERROR, "RDeleteService: NtDeleteObjectAuditAlarm failed %#lx\n",
status);
}
if (fImpersonated)
{
RpcStatus = RpcRevertToSelf();
if (RpcStatus != RPC_S_OK)
{
SC_LOG(ERROR,
"RCloseServiceHandle: Fail to revert to self %08lx\n",
RpcStatus);
ScLogEvent(
NEVENT_CALL_TO_FUNCTION_FAILED,
SC_RPC_REVERT,
RpcStatus);
ASSERT(FALSE);
//
// Not much else we can do at this point -- keep on going.
//
}
}
ScReleasePrivilege();
ApiStatus = NO_ERROR;
Cleanup:
SC_LOG2( CONFIG_API, "RDeleteService(%ws) returning status " FORMAT_DWORD
".\n", serviceRecord->ServiceName, ApiStatus );
return (ApiStatus);
}
DWORD
RQueryServiceConfigW(
IN SC_RPC_HANDLE hService,
OUT LPQUERY_SERVICE_CONFIGW lpServiceConfig,
IN DWORD cbBufSize,
OUT LPDWORD pcbBytesNeeded
)
/*++
Routine Description:
This function returns the service configuration information that
is currently stored in the registry.
NOTE:
When a service is running and its configuration is changed, the
change only affects the registry information as long as the service
is running. During this period (while the service is running), it is
not possible to obtain the configuration of the running service.
All that can be obtained is the configuration stored in the registry.
This is the configuration that the service will have the next time
it is run. Stopping a service causes it to get its configuration
information refreshed from the registry.
Arguments:
Return Value:
--*/
{
DWORD ApiStatus;
DWORD bytesNeeded = sizeof(QUERY_SERVICE_CONFIG); // (initial)
LPWSTR endOfVariableData;
LPWSTR fixedDataEnd;
LPSC_HANDLE_STRUCT serviceHandleStruct = (LPSC_HANDLE_STRUCT) hService;
LPSERVICE_RECORD serviceRecord = NULL;
HKEY ServiceNameKey = (HKEY) NULL;
DWORD bufSize;
DWORD dependSize=0;
LPWSTR CurrentImagePathName = NULL;
LPWSTR CurrentDependencies = NULL;
LPWSTR CurrentGroup = NULL;
LPWSTR CurrentStartName = NULL;
LPWSTR pDependString;
LPWSTR CurrentDisplayName = NULL;
LPWSTR ConvertImageName;
if (ScShutdownInProgress) {
return(ERROR_SHUTDOWN_IN_PROGRESS);
}
//
// Check the handle.
//
if ( !ScIsValidServiceHandle( hService ) ) {
return(ERROR_INVALID_HANDLE);
}
//
// Check other caller parms (except buffer too small, we need more info).
//
if (lpServiceConfig == NULL) {
return(ERROR_INVALID_PARAMETER);
} else if (pcbBytesNeeded == NULL) {
return(ERROR_INVALID_PARAMETER);
}
//
// Do we have permission to do this?
//
if ( !RtlAreAllAccessesGranted(
serviceHandleStruct->AccessGranted,
SERVICE_QUERY_CONFIG
)) {
return(ERROR_ACCESS_DENIED);
}
//
// Lock database, as we want to look at stuff without other threads changing
// fields at the same time.
//
CServiceRecordSharedLock RLock;
serviceRecord = serviceHandleStruct->Type.ScServiceObject.ServiceRecord;
SC_ASSERT( serviceRecord != NULL );
//
// Open the service name key.
//
ApiStatus = ScOpenServiceConfigKey(
serviceRecord->ServiceName,
KEY_READ,
FALSE, // Create if missing
&ServiceNameKey
);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//--------------------------------
// Get the BinaryPathName
//--------------------------------
SC_ASSERT( serviceRecord->ServiceName != NULL );
ApiStatus = ScGetImageFileName (
serviceRecord->ServiceName,
& CurrentImagePathName ); // alloc and set ptr.
if (ApiStatus != NO_ERROR) {
CurrentImagePathName = NULL;
}
ApiStatus = ScReadConfigFromReg(
serviceRecord,
&lpServiceConfig->dwServiceType,
&lpServiceConfig->dwStartType,
&lpServiceConfig->dwErrorControl,
&lpServiceConfig->dwTagId,
&CurrentDependencies,
&CurrentGroup,
&CurrentDisplayName);
if (ApiStatus != NO_ERROR) {
goto Cleanup;
}
//
// If the starttype is SERVICE_BOOT_START the name is a relative path
// from \SystemRoot. Fix it to be a fully qualified name, unless it is
// an ARC name, then leave it alone.
//
if (CurrentImagePathName &&
lpServiceConfig->dwStartType == SERVICE_BOOT_START &&
!ScIsArcName(CurrentImagePathName)) {
ConvertImageName = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) ((wcslen(CurrentImagePathName) +
SC_NT_SYSTEM_ROOT_LENGTH + 1) * sizeof(WCHAR)));
if (ConvertImageName == NULL) {
SC_LOG1(ERROR, "RQueryServiceConfigW: LocalAlloc failed %lu\n",
GetLastError());
ApiStatus = ERROR_NOT_ENOUGH_MEMORY;
goto Cleanup;
}
wcscpy(ConvertImageName, SC_NT_SYSTEM_ROOT);
wcscat(ConvertImageName, CurrentImagePathName);
LocalFree(CurrentImagePathName);
CurrentImagePathName = ConvertImageName;
}
//--------------------------------
// Get StartName
//--------------------------------
ApiStatus = ScReadStartName( ServiceNameKey, &CurrentStartName);
if (ApiStatus != NO_ERROR) {
SC_LOG1(TRACE,"StartName for %ws service does not exist\n",
serviceRecord->ServiceName);
CurrentStartName = NULL;
}
//
// Figure-out how much space we'll need for the record.
// We've already got the initial (fixed) size in bytesNeeded...
//
SC_ASSERT( bytesNeeded == sizeof(QUERY_SERVICE_CONFIG) );
//
// Add on some extra for RPC byte count alignment.
// NOTE: We don't try to solve any exact alignment problem because
// RPC will choose a random order in which to load strings into
// the buffer.
//
bytesNeeded += sizeof(ULONG_PTR) - 1; // extra for RPC alignment
if (CurrentImagePathName != NULL)
{
bytesNeeded += (DWORD) WCSSIZE(CurrentImagePathName);
}
else {
bytesNeeded += sizeof(WCHAR);
}
bytesNeeded += sizeof(ULONG_PTR) - 1; // extra for RPC alignment
//
// If the display name is not stored in the registry, the
// Service Name is returned instead.
//
if (CurrentDisplayName == NULL) {
CurrentDisplayName = serviceRecord->ServiceName;
}
bytesNeeded += (DWORD) WCSSIZE(CurrentDisplayName);
//
// Add on some extra for RPC byte count alignment.
//
bytesNeeded += sizeof(ULONG_PTR) - 1; // extra for RPC alignment
if (CurrentGroup != NULL) {
bytesNeeded += (DWORD) WCSSIZE(CurrentGroup);
}
else {
bytesNeeded += sizeof(WCHAR);
}
bytesNeeded += sizeof(ULONG_PTR) - 1; // extra for RPC alignment
if (CurrentDependencies != NULL) {
dependSize = ScWStrArraySize(CurrentDependencies);
bytesNeeded += dependSize;
}
else {
bytesNeeded += (2 * sizeof(WCHAR));
}
bytesNeeded += sizeof(ULONG_PTR) - 1; // extra for RPC alignment
if (CurrentStartName != NULL) {
bytesNeeded += (DWORD) WCSSIZE(CurrentStartName);
}
else {
bytesNeeded += sizeof(WCHAR);
}
bytesNeeded = ROUND_UP_COUNT(bytesNeeded, ALIGN_WCHAR);
//
// Make sure app gave us enough space.
//
if (bytesNeeded > cbBufSize) {
*pcbBytesNeeded = bytesNeeded;
ApiStatus = ERROR_INSUFFICIENT_BUFFER;
goto Cleanup;
}
//========================
// Fill in the strings.
//========================
fixedDataEnd = (LPWSTR) (lpServiceConfig + 1);
endOfVariableData = (LPWSTR) ((LPBYTE)lpServiceConfig + bytesNeeded);
bufSize = 0;
if (CurrentImagePathName != NULL) {
bufSize = (DWORD) wcslen( CurrentImagePathName );
}
if ( !ScCopyStringToBufferW (
CurrentImagePathName,
bufSize,
fixedDataEnd,
& endOfVariableData,
& lpServiceConfig->lpBinaryPathName,
NULL
) ) {
SC_LOG0(ERROR,
"RQueryServiceConfigW:ScCopyStringtoBufferW "
"(BinaryPathName)Failed\n");
SC_ASSERT( FALSE );
ApiStatus = ERROR_INSUFFICIENT_BUFFER;
goto Cleanup;
}
bufSize = 0;
if (CurrentGroup != NULL) {
bufSize = (DWORD) wcslen( CurrentGroup );
}
if ( !ScCopyStringToBufferW (
CurrentGroup,
bufSize,
fixedDataEnd,
&endOfVariableData,
&lpServiceConfig->lpLoadOrderGroup,
NULL
) ) {
SC_LOG0(ERROR,
"RQueryServiceConfigW:ScCopyStringtoBufferW "
"(LoadOrderGroup)Failed\n");
SC_ASSERT( FALSE );
ApiStatus = ERROR_INSUFFICIENT_BUFFER;
goto Cleanup;
}
//
// Dependencies
//
if ((CurrentDependencies == NULL) || (dependSize == 0)) {
//
// There are no dependencies so put in a double null terminated
// null string.
//
// NOTE: The separator character '/' is inserted to allow the
// double NULL terminated string to make it across RPC.
// This is removed by the client side.
//
lpServiceConfig->lpDependencies = endOfVariableData - 2;
endOfVariableData = lpServiceConfig->lpDependencies;
lpServiceConfig->lpDependencies[0] = L'/';
lpServiceConfig->lpDependencies[1] = L'\0';
}
else {
lpServiceConfig->lpDependencies = (LPWSTR)((LPBYTE)endOfVariableData - dependSize);
pDependString = lpServiceConfig->lpDependencies;
endOfVariableData = pDependString;
RtlCopyMemory(lpServiceConfig->lpDependencies, CurrentDependencies, dependSize);
//
// Add separator characters.
//
while ((bufSize = (DWORD) wcslen(pDependString)) != 0) {
pDependString += bufSize;
*pDependString = L'/';
pDependString++;
}
}
//
// StartName
//
bufSize = 0;
if (CurrentStartName != NULL) {
bufSize = (DWORD) wcslen(CurrentStartName);
}
if ( !ScCopyStringToBufferW (
CurrentStartName,
bufSize,
fixedDataEnd,
& endOfVariableData,
& lpServiceConfig->lpServiceStartName,
NULL
) ) {
SC_LOG0(ERROR,
"RQueryServiceConfigW:ScCopyStringtoBufferW (StartName)Failed\n");
SC_ASSERT( FALSE );
ApiStatus = ERROR_INSUFFICIENT_BUFFER;
goto Cleanup;
}
//
// DisplayName
//
bufSize = 0;
SC_ASSERT(CurrentDisplayName);
bufSize = (DWORD) wcslen(CurrentDisplayName);
if ( !ScCopyStringToBufferW (
CurrentDisplayName,
bufSize,
fixedDataEnd,
& endOfVariableData,
& lpServiceConfig->lpDisplayName,
NULL
) ) {
SC_LOG0(ERROR,
"RQueryServiceConfigW:ScCopyStringtoBufferW (DisplayName)Failed\n");
SC_ASSERT( FALSE );
ApiStatus = ERROR_INSUFFICIENT_BUFFER;
goto Cleanup;
}
//
// That's all, folks! --JR
//
ApiStatus = NO_ERROR;
Cleanup:
if (ServiceNameKey != (HKEY) NULL) {
ScRegCloseKey(ServiceNameKey);
}
LocalFree(CurrentStartName);
LocalFree(CurrentImagePathName);
if (serviceRecord != NULL && CurrentDisplayName != serviceRecord->DisplayName)
{
LocalFree( CurrentDisplayName );
}
LocalFree( CurrentGroup );
LocalFree( CurrentDependencies );
if (pcbBytesNeeded != NULL) {
*pcbBytesNeeded = bytesNeeded;
}
SC_LOG2( CONFIG_API, "RQueryServiceConfigW returning status " FORMAT_DWORD
" and size needed " FORMAT_DWORD ".\n", ApiStatus, bytesNeeded );
//
// If an error occurs, we set the pointers in the structure to NULL.
// This is for RPC. Since we are using the byte_count feature, the
// server marshalling code must look at the pointers. Otherwise, it
// doesn't know how to marshall the strings.
//
if (ApiStatus != NO_ERROR) {
lpServiceConfig->lpBinaryPathName = NULL;
lpServiceConfig->lpLoadOrderGroup = NULL;
lpServiceConfig->lpDependencies = NULL;
lpServiceConfig->lpServiceStartName = NULL;
lpServiceConfig->lpDisplayName = NULL;
}
return (ApiStatus);
}
DWORD
ScCanonDriverImagePath(
IN DWORD DriverStartType,
IN LPWSTR DriverPath,
OUT LPWSTR *CanonDriverPath
)
/*++
Routine Description:
This function converts the user specified DOS path name to the driver
binary file into an NT path format understood by NtLoadDriver.
Examples:
C:\nt\system32\file.sys -> \DosDevices\c:\nt\system32\file.sys
%SystemRoot%\system32\drivers\file.sys -> \SystemRoot\system32\driver\file.sys
Arguments:
DriverPath - User specified DOS path name to driver .SYS file.
CanonDriverPath - Receives a pointer to a buffer which contains the
NT path to the driver .SYS file. This buffer should be freed
with LocalFree.
Return Value:
NO_ERROR - successful.
ERROR_NOT_ENOUGH_MEMORY - no memory to allocate output buffer.
ERROR_INVALID_PARAMETER - RtlDosPathNameToNtPath_U failure.
--*/
{
UNICODE_STRING NewPath;
DWORD DriverPathLength;
LPWSTR RelativeCanonPath;
DWORD Status;
SC_LOG1(DEPEND, "ScCanonDriverImagePath: Input path " FORMAT_LPWSTR "\n", DriverPath);
DriverPathLength = (DWORD) wcslen(DriverPath);
if (DriverPathLength > SC_NT_SYSTEM_ROOT_LENGTH &&
(_wcsnicmp(SC_NT_SYSTEM_ROOT, DriverPath, SC_NT_SYSTEM_ROOT_LENGTH) == 0))
{
//
// Path is already in NT form with \SystemRoot\ prefix.
// Just return a buffer that contains the same path as input.
//
*CanonDriverPath = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) ((DriverPathLength + 1) * sizeof(WCHAR)));
if (*CanonDriverPath == NULL) {
SC_LOG1(ERROR, "ScCanonDriverPathName: LocalAlloc failed %lu\n",
GetLastError());
return ERROR_NOT_ENOUGH_MEMORY;
}
//
// Boot drivers need relative path names
//
if (DriverStartType == SERVICE_BOOT_START) {
wcscpy(*CanonDriverPath, DriverPath + SC_NT_SYSTEM_ROOT_LENGTH);
}
else {
wcscpy(*CanonDriverPath, DriverPath);
}
SC_LOG1(DEPEND, "ScCanonDriverImagePath: Canonicalized path "
FORMAT_LPWSTR "\n", *CanonDriverPath);
return NO_ERROR;
}
if (DriverPathLength > SC_DOS_SYSTEM_ROOT_LENGTH &&
(_wcsnicmp(SC_DOS_SYSTEM_ROOT, DriverPath, SC_DOS_SYSTEM_ROOT_LENGTH) == 0))
{
//
// DOS path has %SystemRoot%\ prefix
//
*CanonDriverPath = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) ((DriverPathLength + 1) * sizeof(WCHAR)));
if (*CanonDriverPath == NULL) {
SC_LOG1(ERROR, "ScCanonDriverPathName: LocalAlloc failed %lu\n",
GetLastError());
return ERROR_NOT_ENOUGH_MEMORY;
}
if (DriverStartType != SERVICE_BOOT_START) {
wcscpy(*CanonDriverPath, SC_NT_SYSTEM_ROOT);
}
else {
*CanonDriverPath[0] = '\0';
}
wcscat(*CanonDriverPath, DriverPath + SC_DOS_SYSTEM_ROOT_LENGTH);
SC_LOG1(DEPEND, "ScCanonDriverImagePath: Canonicalized path "
FORMAT_LPWSTR "\n", *CanonDriverPath);
return NO_ERROR;
}
//
// If it's already a relative path name, leave it alone
//
if (DriverPath[0] != L'\\' && DriverPath[1] != L':')
{
*CanonDriverPath = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) ((DriverPathLength + 1) * sizeof(WCHAR)));
if (*CanonDriverPath == NULL)
{
SC_LOG1(ERROR, "ScCanonDriverPathName: LocalAlloc failed %lu\n",
GetLastError());
return ERROR_NOT_ENOUGH_MEMORY;
}
wcscpy(*CanonDriverPath, DriverPath);
return NO_ERROR;
}
//
// Convert DOS path to NT path using Rtl routine which allocates
// the Unicode string buffer.
//
if (! RtlDosPathNameToNtPathName_U(
(PCWSTR) DriverPath,
&NewPath,
NULL,
NULL
))
{
return ERROR_INVALID_PARAMETER;
}
*CanonDriverPath = (LPWSTR) LocalAlloc(
LMEM_ZEROINIT,
(UINT) NewPath.Length + sizeof(WCHAR)
);
if (*CanonDriverPath == NULL) {
SC_LOG1(ERROR, "ScCanonDriverPathName: LocalAlloc failed %lu\n",
GetLastError());
RtlFreeUnicodeString(&NewPath);
return ERROR_NOT_ENOUGH_MEMORY;
}
wcsncpy(*CanonDriverPath, NewPath.Buffer, NewPath.Length / sizeof(WCHAR));
RtlFreeUnicodeString(&NewPath);
//
// Boot drivers' imagepath must be relative to \systemroot
//
if (DriverStartType == SERVICE_BOOT_START)
{
Status = ScConvertToBootPathName(*CanonDriverPath, &RelativeCanonPath);
if (Status == NO_ERROR)
{
SC_ASSERT(RelativeCanonPath != NULL);
wcscpy(*CanonDriverPath, RelativeCanonPath + SC_NT_SYSTEM_ROOT_LENGTH);
LocalFree(RelativeCanonPath);
}
else
{
LocalFree(*CanonDriverPath);
*CanonDriverPath = NULL;
}
return Status;
}
SC_LOG1(DEPEND, "ScCanonDriverImagePath: Canonicalized path "
FORMAT_LPWSTR "\n", *CanonDriverPath);
return NO_ERROR;
}
DWORD
RGetServiceDisplayNameW(
SC_RPC_HANDLE hSCManager,
LPWSTR lpServiceName,
LPWSTR lpDisplayName,
LPDWORD lpcchBuffer
)
/*++
Routine Description:
This function returns the DisplayName that is associated with a
particular ServiceName. If the buffer that is to receive the
DisplayName is too small, no data is returned in the buffer. Instead,
the actual string size (in characters - not including NUL terminator)
is returned in *lpcchBuffer.
Arguments:
hSCManager - Handle to the Service Control Manager. This parameter
is the RPC handle that was used to get us to this point.
lpServiceName - This is a pointer to the service name string. This
name is the same as the registry key name for that service.
lpDisplayName - This is a pointer to the buffer where the display name
is to be placed. If this function fails, this buffer will contain
an empty string.
lpcchBuffer - This is a pointer to a DWORD that contains the size of
the buffer (in characters) upon input. On return, this DWORD
indicates how many characters (excluding the NUL terminator) are
in the DisplayName.
Return Value:
NO_ERROR - If the operation was successful.
ERROR_INSUFFICIENT_BUFFER - if the buffer is too small to contain the
whole string.
ERROR_SERVICE_DOES_NOT_EXIST - If there is no record of a service
by this name in the database.
ERROR_INVALID_NAME - if the ServiceName is invalid (NULL);
--*/
{
DWORD status;
DWORD reqSize;
LPSERVICE_RECORD ServiceRecord;
UNREFERENCED_PARAMETER(hSCManager);
//
// Find the proper service record.
//
CServiceListSharedLock LLock;
CServiceRecordSharedLock RLock;
status = ScGetNamedServiceRecord(lpServiceName, &ServiceRecord);
if (status != NO_ERROR) {
return(status);
}
//
// Get the display name and determine if it will fit in the buffer.
//
reqSize = (DWORD) wcslen(ServiceRecord->DisplayName);
if (*lpcchBuffer < (reqSize + 1))
{
*lpcchBuffer = reqSize;
return(ERROR_INSUFFICIENT_BUFFER);
}
wcscpy(lpDisplayName, ServiceRecord->DisplayName);
*lpcchBuffer = reqSize;
return(NO_ERROR);
}
DWORD
RGetServiceKeyNameW(
SC_RPC_HANDLE hSCManager,
LPWSTR lpDisplayName,
LPWSTR lpServiceName,
LPDWORD lpcchBuffer
)
/*++
Routine Description:
This function returns the ServiceName that is associated with a
particular DisplayName. If the buffer that is to receive the
ServiceName is too small, no data is returned in the buffer. Instead,
the actual string size (in characters - not including NUL terminator)
is returned in *lpcchBuffer.
Arguments:
hSCManager - Handle to the Service Control Manager. This parameter
is the RPC handle that was used to get us to this point.
lpDisplayName - This is a pointer to the service display name string.
lpServiceName - This is a pointer to the buffer where the service name
string is to be placed. If this function fails, this buffer will
contain an empty string.
lpcchBuffer - This is a pointer to a DWORD that contains the size of
the buffer (in characters) upon input. On return, this DWORD
indicates how many characters (excluding the NUL terminator) are
in the DisplayName.
Return Value:
--*/
{
DWORD status;
DWORD reqSize;
LPSERVICE_RECORD ServiceRecord;
UNREFERENCED_PARAMETER(hSCManager);
//
// Find the proper service record.
//
CServiceListSharedLock LLock;
CServiceRecordSharedLock RLock;
status = ScGetDisplayNamedServiceRecord(lpDisplayName, &ServiceRecord);
if (status != NO_ERROR)
{
return(status);
}
//
// Get the service key name and determine if it will fit in the buffer.
//
reqSize = (DWORD) wcslen(ServiceRecord->ServiceName);
if (*lpcchBuffer < (reqSize + 1)) {
*lpcchBuffer = reqSize;
return(ERROR_INSUFFICIENT_BUFFER);
}
wcscpy(lpServiceName, ServiceRecord->ServiceName);
*lpcchBuffer = reqSize;
return(NO_ERROR);
}
DWORD
ScValidateDisplayName(
LPWSTR lpDisplayName,
LPSERVICE_RECORD lpServiceRecord
)
/*++
Routine Description:
This function validates display names by checking to see if the name
string already exists in the database. The display name must not match
any other display name or another service name. The display name can
match the service name if it they both refer to the same service.
Arguments:
lpDisplayName - A pointer to the proposed DisplayName.
lpServiceRecord - A pointer to the service record to which the display
name is to be added. If this function is called from CreateService,
the lpServiceRecord pointer will be NULL.
Return Value:
NO_ERROR - If the DisplayName doesn't conflict with any other names
in the database.
ERROR_DUPLICATE_SERVICE_NAME - If the DisplayName conflicts with another name.
--*/
{
DWORD status = NO_ERROR;
LPSERVICE_RECORD displayServiceRecord;
if (lpDisplayName != NULL) {
if (wcslen(lpDisplayName) > MAX_SERVICE_NAME_LENGTH) {
return(ERROR_INVALID_NAME);
}
status = ScGetDisplayNamedServiceRecord(
lpDisplayName,
&displayServiceRecord);
if (status == NO_ERROR)
{
if (displayServiceRecord != lpServiceRecord)
{
//
// The display name already exists for a different
// service. Therefore we must reject it.
//
return(ERROR_DUPLICATE_SERVICE_NAME);
}
}
status = ScGetNamedServiceRecord(lpDisplayName, &displayServiceRecord);
if (status == NO_ERROR)
{
if (displayServiceRecord != lpServiceRecord)
{
//
// The display name is already used as a service name.
// Therefore we must reject it.
//
return(ERROR_DUPLICATE_SERVICE_NAME);
}
}
}
return NO_ERROR;
}
DWORD
ScConvertToBootPathName(
LPWSTR FullQualPathName,
LPWSTR * RelativePathName
)
/*++
Routine Description:
This function takes an NT style image path name and turns it into an
NT style path name that is accessed via \systemroot. This is required
for drivers that are loaded by the boot loader.
Arguments:
FullQualPathName - The fully qualified name
RelativePathName - A pointer to the pointer for the new buffer which
contains the fully qualified path name using
\systemroot\. The caller must free this buffer using
LocalFree.
Return Value:
NO_ERROR - If the name can be converted.
ERROR_INVALID_PARAMETER - If the Name is not relative to \systemroot
--*/
{
WCHAR Dummy;
ULONG PrefixLength;
LPWSTR Prefix = &Dummy;
UNICODE_STRING NewPrefix;
DWORD PathLength;
DWORD NumRequired;
DWORD CharsReturned;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE Handle = NULL;
UNICODE_STRING FileName;
UNICODE_STRING LinkTarget = { 0, 0, NULL };
NTSTATUS Status;
DWORD dwError = NO_ERROR;
DWORD BytesRequired;
PathLength = (DWORD) wcslen(FullQualPathName);
if ((PathLength > SC_NT_SYSTEM_ROOT_LENGTH) &&
(_wcsnicmp(SC_NT_SYSTEM_ROOT, FullQualPathName, SC_NT_SYSTEM_ROOT_LENGTH) == 0))
{
//
// Path is already in NT form with \SystemRoot\ prefix.
// Just return it
//
*RelativePathName = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) (PathLength + 1) * sizeof(WCHAR));
if (*RelativePathName == NULL)
{
SC_LOG1(ERROR, "ScConvertToBootName: LocalAlloc failed %d\n",
GetLastError());
return(ERROR_NOT_ENOUGH_MEMORY);
}
wcscpy(*RelativePathName, FullQualPathName);
return(ERROR_SUCCESS);
}
if (PathLength > SC_DOS_SYSTEM_ROOT_LENGTH &&
(_wcsnicmp(SC_DOS_SYSTEM_ROOT, FullQualPathName, SC_DOS_SYSTEM_ROOT_LENGTH) == 0))
{
//
// Path is in DOS form with %SystemRoot% prefix.
// Just return it after replacing the %SystemRoot%\ prefix with
// \SystemRoot
//
*RelativePathName = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) (PathLength - SC_DOS_SYSTEM_ROOT_LENGTH + SC_NT_SYSTEM_ROOT_LENGTH + 1)
* sizeof(WCHAR));
if (*RelativePathName == NULL) {
SC_LOG1(ERROR, "ScConvertToBootName: LocalAlloc failed %d\n",
GetLastError());
return(ERROR_NOT_ENOUGH_MEMORY);
}
wcscpy(*RelativePathName, SC_NT_SYSTEM_ROOT);
wcscat(*RelativePathName, FullQualPathName + SC_DOS_SYSTEM_ROOT_LENGTH);
return NO_ERROR;
}
//
// Create a string that represents the path to systemroot that you
// would get if you started with a Dos style name
//
//
// Make the first call just to get the number of characters that
// will be returned.
//
NumRequired = ExpandEnvironmentStringsW (SC_DOS_SYSTEM_ROOT, Prefix, 1);
if (NumRequired > 1) {
Prefix = (LPWSTR)LocalAlloc(LMEM_ZEROINIT,
(UINT) ((NumRequired + 1) * sizeof(WCHAR)));
if (Prefix == NULL) {
SC_LOG2(ERROR, "ScConvertToBootName: LocalAlloc of numChar= "
FORMAT_DWORD " failed " FORMAT_DWORD "\n",
NumRequired + 1, GetLastError());
return(ERROR_NOT_ENOUGH_MEMORY);
}
//
// Now expand the string into a dos type path
//
CharsReturned = ExpandEnvironmentStringsW (
SC_DOS_SYSTEM_ROOT,
Prefix,
NumRequired);
if (CharsReturned > NumRequired) {
SC_LOG1(ERROR, "ScConvertToBootName: ExpandEnvironmentStrings "
" failed for " FORMAT_LPWSTR " \n", SC_DOS_SYSTEM_ROOT);
LocalFree(Prefix);
return(ERROR_NOT_ENOUGH_MEMORY);
}
}
else {
//
// This shouldn't ever happen
//
ASSERT(FALSE);
return ERROR_INVALID_ENVIRONMENT;
}
//
// Now convert the DOS path to an NT path
//
if (! RtlDosPathNameToNtPathName_U(
(PCWSTR) Prefix,
&NewPrefix,
NULL,
NULL
))
{
//
// This shouldn't ever happen
//
ASSERT(FALSE);
LocalFree(Prefix);
return ERROR_INVALID_ENVIRONMENT;
}
LocalFree(Prefix);
PrefixLength = NewPrefix.Length / sizeof(WCHAR);
Prefix = (LPWSTR)LocalAlloc(LMEM_ZEROINIT,
(UINT) (NewPrefix.Length + sizeof(WCHAR)));
if (Prefix == NULL)
{
SC_LOG2(ERROR, "ScConvertToBootName: LocalAlloc of numChar= "
FORMAT_DWORD " failed " FORMAT_DWORD "\n",
NewPrefix.Length + sizeof(WCHAR), GetLastError());
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto ErrorExit;
}
wcsncpy(Prefix, NewPrefix.Buffer, PrefixLength);
if (PathLength > PrefixLength &&
(_wcsnicmp(Prefix, FullQualPathName, PrefixLength) == 0))
{
//
// Path is in DOS form without using %systemroot%
// Convert to \SystemRoot format
//
*RelativePathName = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) (PathLength - PrefixLength + SC_NT_SYSTEM_ROOT_LENGTH + 1)
* sizeof(WCHAR));
if (*RelativePathName == NULL)
{
SC_LOG2(ERROR, "ScConvertToBootName: LocalAlloc of numChar= "
FORMAT_DWORD " failed " FORMAT_DWORD "\n",
(PathLength - PrefixLength + SC_NT_SYSTEM_ROOT_LENGTH + 1) *
sizeof(WCHAR), GetLastError());
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto ErrorExit;
}
wcscpy(*RelativePathName, SC_NT_SYSTEM_ROOT);
wcscat(*RelativePathName, FullQualPathName + PrefixLength);
dwError = NO_ERROR;
goto CleanExit;
}
//
// Create a string that represents the path to systemroot that you
// would get if you started with a NT style name
//
//
// Make the first call just to get the number of characters that
// will be returned.
//
RtlInitUnicodeString(&FileName, L"\\SystemRoot");
InitializeObjectAttributes(
&ObjectAttributes,
&FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
Status = NtOpenSymbolicLinkObject(&Handle, SYMBOLIC_LINK_QUERY, &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
//
// This should never happen
//
ASSERT(FALSE);
dwError = ERROR_INVALID_ENVIRONMENT;
goto ErrorExit;
}
Status = NtQuerySymbolicLinkObject(Handle, &LinkTarget, &BytesRequired);
if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_TOO_SMALL)
{
//
// This should never happen
//
ASSERT(FALSE);
dwError = ERROR_INVALID_ENVIRONMENT;
goto ErrorExit;
}
LinkTarget.Buffer = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
BytesRequired + sizeof(WCHAR));
if (LinkTarget.Buffer == NULL)
{
SC_LOG2(ERROR, "ScConvertToBootName: LocalAlloc of numChar= "
FORMAT_DWORD " failed " FORMAT_DWORD "\n",
BytesRequired, GetLastError());
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto ErrorExit;
}
LinkTarget.Length = (USHORT) BytesRequired;
LinkTarget.MaximumLength = (USHORT) (BytesRequired + sizeof(WCHAR));
Status = NtQuerySymbolicLinkObject(Handle, &LinkTarget, &BytesRequired);
if (!NT_SUCCESS(Status))
{
//
// This should never happen
//
ASSERT(FALSE);
dwError = ERROR_INVALID_ENVIRONMENT;
goto ErrorExit;
}
PrefixLength = LinkTarget.Length / sizeof(WCHAR);
if (PathLength > PrefixLength &&
(_wcsnicmp(LinkTarget.Buffer, FullQualPathName, PrefixLength) == 0))
{
//
// Path is in NT form without using \Systemroot
// Convert to \SystemRoot format
//
*RelativePathName = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
(UINT) (PathLength - PrefixLength + SC_NT_SYSTEM_ROOT_LENGTH + 1)
* sizeof(WCHAR));
if (*RelativePathName == NULL)
{
SC_LOG2(ERROR, "ScConvertToBootName: LocalAlloc of numChar= "
FORMAT_DWORD " failed " FORMAT_DWORD "\n",
(PathLength - PrefixLength + SC_NT_SYSTEM_ROOT_LENGTH + 1) *
sizeof(WCHAR), GetLastError());
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto ErrorExit;
}
wcscpy(*RelativePathName, SC_NT_SYSTEM_ROOT);
//
// Skip the \ between \SystemRoot and the relative name
//
wcscat(*RelativePathName, FullQualPathName + PrefixLength + 1);
dwError = NO_ERROR;
goto CleanExit;
}
//
// If we get this far, the imagepath is not relative to the systemroot.
//
dwError = ERROR_INVALID_PARAMETER;
ErrorExit:
//
// Return an error and a NULL pointer.
//
*RelativePathName = NULL;
CleanExit:
if (Handle)
{
NtClose(Handle);
}
LocalFree(LinkTarget.Buffer);
RtlFreeUnicodeString(&NewPrefix);
LocalFree(Prefix);
return dwError;
}
BOOLEAN
ScIsArcName(
LPWSTR PathName
)
/*++
Routine Description:
This function takes a driver's path name and determines if it is an
ARC style name. This is done by trying to open the file with \Arcname
prepended. There are symbolic links of this form for every valid arcname.
Arguments:
PathName - The image path
Return Value:
TRUE - If it is an arcname
FALSE - If it's not an arcname
--*/
{
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING FileName;
NTSTATUS Status;
LPWSTR NewString;
UINT BufferSize;
//
// Allocate the buffer for the composite string
//
BufferSize = ((DWORD) wcslen(PathName) + ARC_PREFIX_LENGTH + 1) * sizeof(WCHAR);
NewString = (LPWSTR) LocalAlloc(LMEM_ZEROINIT, BufferSize);
if (NewString == NULL)
{
SC_LOG2(ERROR, "ScIsArcName: LocalAlloc of numChar= "
FORMAT_DWORD " failed " FORMAT_DWORD "\n", BufferSize, GetLastError());
return FALSE;
}
//
// Create the composite string
//
wcscpy(NewString, ARC_PREFIX);
wcscat(NewString, PathName);
RtlInitUnicodeString(&FileName, NewString);
//
// Try to open it
//
InitializeObjectAttributes(
&ObjectAttributes,
&FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(&Handle,
FILE_GENERIC_READ,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_NONALERT);
LocalFree(NewString);
//
// If you could open it, it's an arcname
//
if (NT_SUCCESS(Status))
{
//
// Close it, we just need the status
//
NtClose(Handle);
return TRUE;
}
else
{
return FALSE;
}
}