From 45cc914e9feb72f4d3720e52770c8a66c6a4a383 Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Sat, 11 Jun 2016 15:01:01 +0000
Subject: [PATCH] [SC] Implement the sdset command.

svn path=/trunk/; revision=71612
---
 reactos/base/applications/sc/CMakeLists.txt |  1 +
 reactos/base/applications/sc/sc.c           | 17 +++++
 reactos/base/applications/sc/sc.h           |  2 +
 reactos/base/applications/sc/sdset.c        | 71 +++++++++++++++++++++
 reactos/base/applications/sc/usage.c        | 12 +++-
 5 files changed, 101 insertions(+), 2 deletions(-)
 create mode 100644 reactos/base/applications/sc/sdset.c

diff --git a/reactos/base/applications/sc/CMakeLists.txt b/reactos/base/applications/sc/CMakeLists.txt
index 9b1c70dc50c..adaa05e1d47 100644
--- a/reactos/base/applications/sc/CMakeLists.txt
+++ b/reactos/base/applications/sc/CMakeLists.txt
@@ -8,6 +8,7 @@ list(APPEND SOURCE
     print.c
     query.c
     sc.c
+    sdset.c
     sdshow.c
     start.c
     usage.c
diff --git a/reactos/base/applications/sc/sc.c b/reactos/base/applications/sc/sc.c
index 73876d0989b..762a3bf97ad 100644
--- a/reactos/base/applications/sc/sc.c
+++ b/reactos/base/applications/sc/sc.c
@@ -191,6 +191,23 @@ ScControl(LPCTSTR Server,       // remote machine name
         else
             SdShowUsage();
     }
+    else if (!lstrcmpi(Command, _T("sdset")))
+    {
+        LPCTSTR SecurityDescriptor;
+
+        if (ArgCount > 1)
+        {
+            ServiceName = *ServiceArgs++;
+            ArgCount--;
+
+            SecurityDescriptor = *ServiceArgs++;
+            ArgCount--;
+
+            SdSet(ServiceName, SecurityDescriptor);
+        }
+        else
+            SdSetUsage();
+    }
     else
     {
         MainUsage();
diff --git a/reactos/base/applications/sc/sc.h b/reactos/base/applications/sc/sc.h
index e195d290b80..6ce60a27493 100644
--- a/reactos/base/applications/sc/sc.h
+++ b/reactos/base/applications/sc/sc.h
@@ -20,6 +20,7 @@ BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended);
 
 LPSERVICE_STATUS_PROCESS QueryService(LPCTSTR ServiceName);
 BOOL SdShow(LPCTSTR ServiceName);
+BOOL SdSet(LPCTSTR ServiceName, LPCTSTR SecurityDescriptor);
 
 /* print and error functions */
 VOID PrintService(LPCTSTR ServiceName, LPSERVICE_STATUS_PROCESS pStatus, BOOL bExtended);
@@ -38,5 +39,6 @@ VOID DeleteUsage(VOID);
 VOID CreateUsage(VOID);
 VOID ControlUsage(VOID);
 VOID SdShowUsage(VOID);
+VOID SdSetUsage(VOID);
 
 #endif /* _SC_PCH_ */
diff --git a/reactos/base/applications/sc/sdset.c b/reactos/base/applications/sc/sdset.c
new file mode 100644
index 00000000000..8f85e27e04b
--- /dev/null
+++ b/reactos/base/applications/sc/sdset.c
@@ -0,0 +1,71 @@
+/*
+ * PROJECT:     ReactOS Services
+ * LICENSE:     GPL - See COPYING in the top level directory
+ * FILE:        base/applications/sc/sdset.c
+ * PURPOSE:     Set a service security descriptor
+ * COPYRIGHT:   Copyright 2016 Eric Kohl
+ *
+ */
+
+#include "sc.h"
+
+BOOL SdSet(LPCTSTR ServiceName, LPCTSTR StringSecurityDescriptor)
+{
+    SC_HANDLE hManager = NULL;
+    SC_HANDLE hService = NULL;
+    BOOL bResult = TRUE;
+    ULONG ulSecurityDescriptorSize = 0;
+    PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
+
+#ifdef SCDBG
+    _tprintf(_T("service to set sd - %s\n\n"), ServiceName);
+#endif
+
+    hManager = OpenSCManager(NULL,
+                             NULL,
+                             SC_MANAGER_CONNECT);
+    if (hManager == NULL)
+    {
+        bResult = FALSE;
+        goto done;
+    }
+
+    hService = OpenService(hManager, ServiceName, WRITE_DAC);
+    if (hService == NULL)
+    {
+        bResult = FALSE;
+        goto done;
+    }
+
+    if (!ConvertStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
+                                                             SDDL_REVISION_1,
+                                                             &pSecurityDescriptor,
+                                                             &ulSecurityDescriptorSize))
+    {
+        bResult = FALSE;
+        goto done;
+    }
+
+    if (!SetServiceObjectSecurity(hService,
+                                  DACL_SECURITY_INFORMATION,
+                                  pSecurityDescriptor))
+    {
+        bResult = FALSE;
+        goto done;
+    }
+
+done:
+    if (bResult == FALSE)
+        ReportLastError();
+
+    if (pSecurityDescriptor != NULL)
+        LocalFree(pSecurityDescriptor);
+
+    if (hService)
+        CloseServiceHandle(hService);
+
+    if (hManager)
+        CloseServiceHandle(hManager);
+
+    return bResult;
+}
diff --git a/reactos/base/applications/sc/usage.c b/reactos/base/applications/sc/usage.c
index 1f5b3233a54..be7c60ff2c5 100644
--- a/reactos/base/applications/sc/usage.c
+++ b/reactos/base/applications/sc/usage.c
@@ -42,8 +42,8 @@ VOID MainUsage(VOID)
     _T("\t  delete         : Deletes a service (from the registry).\n")
     _T("\t  create         : Creates a service. (adds it to the registry).\n")
     _T("\t  control        : Sends a control to a service.\n")
-    _T("\t  sdshow         : Displays a service's security descriptor.\n"));
-//    "\t  sdset          : Sets a service's security descriptor.\n")
+    _T("\t  sdshow         : Displays a service's security descriptor.\n")
+    _T("\t  sdset          : Sets a service's security descriptor.\n"));
 //    "\t  GetDisplayName : Gets the DisplayName for a service.\n")
 //    "\t  GetKeyName     : Gets the ServiceKeyName for a service.\n")
 //    "\t  EnumDepend     : Enumerates Service Dependencies.\n")
@@ -198,3 +198,11 @@ VOID SdShowUsage(VOID)
                 _T("USAGE:\n")
                 _T("        sc <server> sdshow <service name>\n"));
 }
+
+VOID SdSetUsage(VOID)
+{
+    _tprintf(_T("DESCRIPTION:\n")
+                _T("        Sets a service's security descriptor.\n")
+                _T("USAGE:\n")
+                _T("        sc <server> sdset <service name> <SD in SDDL format>\n"));
+}