From 30e7e912c28f2e23ae42ed105b5857f1bef6eaa3 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Sun, 17 Apr 2005 19:56:50 +0000 Subject: [PATCH] ADVAPI32.DLL / SERVICES.EXE: Implement ControlService() RPCRT4.DLL: Disable a bogus buffer overflow check in NdrSimpleStructMarshall. svn path=/trunk/; revision=14658 --- reactos/include/idl/svcctl.idl | 8 +++--- reactos/lib/advapi32/service/scm.c | 31 ++++++++++------------ reactos/lib/rpcrt4/ndr_marshall.c | 22 ++++++++++----- reactos/subsys/system/services/rpcserver.c | 11 ++++---- 4 files changed, 40 insertions(+), 32 deletions(-) diff --git a/reactos/include/idl/svcctl.idl b/reactos/include/idl/svcctl.idl index de93e5e5ba9..724db60f9a3 100644 --- a/reactos/include/idl/svcctl.idl +++ b/reactos/include/idl/svcctl.idl @@ -39,10 +39,10 @@ cpp_quote("#endif"); [in] SC_HANDLE hSCObject); /* Function 1 */ -// BOOL ScmrControlService([in] handle_t BindingHandle, -// [in] SC_HANDLE hService, -// [in] DWORD dwControl, -// [out] LPSERVICE_STATUS lpServiceStatus); + BOOL ScmrControlService([in] handle_t BindingHandle, + [in] SC_HANDLE hService, + [in] DWORD dwControl, + [out] LPSERVICE_STATUS lpServiceStatus); /* Function 2 */ DWORD ScmrDeleteService([in] handle_t BindingHandle, diff --git a/reactos/lib/advapi32/service/scm.c b/reactos/lib/advapi32/service/scm.c index 6adcdbcd952..466046e2dd4 100644 --- a/reactos/lib/advapi32/service/scm.c +++ b/reactos/lib/advapi32/service/scm.c @@ -139,21 +139,22 @@ CloseServiceHandle(SC_HANDLE hSCObject) { DWORD dwError; - DPRINT1("CloseServiceHandle() called\n"); + DPRINT("CloseServiceHandle() called\n"); HandleBind(); /* Call to services.exe using RPC */ dwError = ScmrCloseServiceHandle(BindingHandle, (unsigned int)hSCObject); - DPRINT1("dwError %lu\n", dwError); - if (dwError) { + DPRINT1("ScmrCloseServiceHandle() failed (Error %lu)\n", dwError); SetLastError(dwError); return FALSE; } + DPRINT("CloseServiceHandle() done\n"); + return TRUE; } @@ -168,11 +169,10 @@ ControlService(SC_HANDLE hService, DWORD dwControl, LPSERVICE_STATUS lpServiceStatus) { -#if 0 DWORD dwError; - DPRINT1("ControlService(%x, %x, %p)\n", - hService, dwControl, lpServiceStatus); + DPRINT("ControlService(%x, %x, %p)\n", + hService, dwControl, lpServiceStatus); HandleBind(); @@ -183,18 +183,14 @@ ControlService(SC_HANDLE hService, lpServiceStatus); if (dwError != ERROR_SUCCESS) { + DPRINT1("ScmrControlService() failed (Error %lu)\n", dwError); SetLastError(dwError); return FALSE; } - DPRINT1("ControlService() done\n"); + DPRINT("ControlService() done\n"); return TRUE; -#endif - - DPRINT1("ControlService is unimplemented\n"); - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return FALSE; } @@ -262,7 +258,7 @@ DeleteService(SC_HANDLE hService) { DWORD dwError; - DPRINT1("DeleteService(%x)\n", hService); + DPRINT("DeleteService(%x)\n", hService); HandleBind(); @@ -271,6 +267,7 @@ DeleteService(SC_HANDLE hService) (unsigned int)hService); if (dwError != ERROR_SUCCESS) { + DPRINT1("ScmrDeleteService() failed (Error %lu)\n", dwError); SetLastError(dwError); return FALSE; } @@ -536,7 +533,7 @@ LockServiceDatabase(SC_HANDLE hSCManager) (unsigned int *)&hLock); if (dwError != ERROR_SUCCESS) { - DPRINT("ScmrLockServiceDatabase() failed (Error %lu)\n", dwError); + DPRINT1("ScmrLockServiceDatabase() failed (Error %lu)\n", dwError); SetLastError(dwError); return NULL; } @@ -613,9 +610,9 @@ OpenSCManagerA(LPCSTR lpMachineName, (LPSTR)lpDatabaseName, dwDesiredAccess, (unsigned int*)&hScm); - if (dwError) + if (dwError != ERROR_SUCCESS) { - DPRINT("ScmrOpenSCManagerA() failed (Error %lu)\n", dwError); + DPRINT1("ScmrOpenSCManagerA() failed (Error %lu)\n", dwError); SetLastError(dwError); return NULL; } @@ -928,7 +925,7 @@ UnlockServiceDatabase(SC_LOCK ScLock) (unsigned int)ScLock); if (dwError != ERROR_SUCCESS) { - DPRINT("ScmrUnlockServiceDatabase() failed (Error %lu)\n", dwError); + DPRINT1("ScmrUnlockServiceDatabase() failed (Error %lu)\n", dwError); SetLastError(dwError); return FALSE; } diff --git a/reactos/lib/rpcrt4/ndr_marshall.c b/reactos/lib/rpcrt4/ndr_marshall.c index 314f7ee7c48..36bd4c3034c 100644 --- a/reactos/lib/rpcrt4/ndr_marshall.c +++ b/reactos/lib/rpcrt4/ndr_marshall.c @@ -1161,7 +1161,15 @@ unsigned char * WINAPI NdrSimpleStructMarshall(PMIDL_STUB_MESSAGE pStubMsg, if (pFormat[0] != RPC_FC_STRUCT) EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat+4); + /* + * This test does not work when NdrSimpleStructMarshall is called + * by an rpc-server to marshall data to return to the client because + * BufferStart and BufferEnd are bogus. MIDL does not update them + * when a new buffer is allocated in order to return data to the caller. + */ +#if 0 STD_OVERFLOW_CHECK(pStubMsg); +#endif return NULL; } @@ -1201,20 +1209,22 @@ unsigned char * WINAPI NdrSimpleStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, /*********************************************************************** - * NdrSimpleStructUnmarshall [RPCRT4.@] + * NdrSimpleTypeUnmarshall [RPCRT4.@] */ -void WINAPI NdrSimpleTypeMarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char* pMemory, - unsigned char FormatChar ) +void WINAPI NdrSimpleTypeMarshall(PMIDL_STUB_MESSAGE pStubMsg, + unsigned char *pMemory, + unsigned char FormatChar) { FIXME("stub\n"); } /*********************************************************************** - * NdrSimpleStructUnmarshall [RPCRT4.@] + * NdrSimpleTypeUnmarshall [RPCRT4.@] */ -void WINAPI NdrSimpleTypeUnmarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char* pMemory, - unsigned char FormatChar ) +void WINAPI NdrSimpleTypeUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, + unsigned char *pMemory, + unsigned char FormatChar) { FIXME("stub\n"); } diff --git a/reactos/subsys/system/services/rpcserver.c b/reactos/subsys/system/services/rpcserver.c index e7d1e1fef69..7aae0064134 100644 --- a/reactos/subsys/system/services/rpcserver.c +++ b/reactos/subsys/system/services/rpcserver.c @@ -272,7 +272,6 @@ ScmrCloseServiceHandle(handle_t BindingHandle, /* Function 1 */ -#if 0 unsigned long ScmrControlService(handle_t BindingHandle, unsigned int hService, @@ -281,7 +280,10 @@ ScmrControlService(handle_t BindingHandle, { DPRINT1("ScmrControlService() called\n"); -#if 0 + /* FIXME: return proper service information */ + + /* test data */ +// #if 0 lpServiceStatus->dwServiceType = 0x12345678; lpServiceStatus->dwCurrentState = 0x98765432; lpServiceStatus->dwControlsAccepted = 0xdeadbabe; @@ -289,11 +291,10 @@ ScmrControlService(handle_t BindingHandle, lpServiceStatus->dwServiceSpecificExitCode = 0xdeadf00d; lpServiceStatus->dwCheckPoint = 0xbaadbabe; lpServiceStatus->dwWaitHint = 0x2468ACE1; -#endif +// #endif - return TRUE; + return ERROR_SUCCESS; } -#endif /* Function 2 */