reactos/base/system/services/database.c
Hermès Bélusca-Maïto 0f7b021fe6
[SERVICES] Merge ScmControlService() and ScmSendStartCommand() together (#7392)
In addition:

- Acquire ControlServiceCriticalSection just before doing the pipe
  operations, and release it just after.

- SAL2-annotate ScmControlService().

- Re-order the ScmControlService() parameters in a more natural way
  (image comm pipe, service name, control code; then: arguments for
  the control command).

- Improve some DPRINTs.
2024-10-11 16:06:53 +02:00

2420 lines
73 KiB
C

/*
* PROJECT: ReactOS Service Control Manager
* LICENSE: GPL - See COPYING in the top level directory
* FILE: base/system/services/database.c
* PURPOSE: Database control interface
* COPYRIGHT: Copyright 2002-2006 Eric Kohl
* Copyright 2006 Hervé Poussineau <hpoussin@reactos.org>
* Copyright 2007 Ged Murphy <gedmurphy@reactos.org>
* Gregor Brunmar <gregor.brunmar@home.se>
*
*/
/* INCLUDES *****************************************************************/
#include "services.h"
#include <userenv.h>
#include <strsafe.h>
#include <reactos/undocuser.h>
#define NDEBUG
#include <debug.h>
/* GLOBALS *******************************************************************/
LIST_ENTRY ImageListHead;
LIST_ENTRY ServiceListHead;
static RTL_RESOURCE DatabaseLock;
static DWORD ResumeCount = 1;
static DWORD NoInteractiveServices = 0;
static DWORD ServiceTag = 0;
/* The critical section synchronizes service control requests */
static CRITICAL_SECTION ControlServiceCriticalSection;
static DWORD PipeTimeout = 30000; /* 30 Seconds */
/* FUNCTIONS *****************************************************************/
static
BOOL
ScmIsSecurityService(
_In_ PSERVICE_IMAGE pServiceImage)
{
return (wcsstr(pServiceImage->pszImagePath, L"\\system32\\lsass.exe") != NULL);
}
static DWORD
ScmCreateNewControlPipe(
_In_ PSERVICE_IMAGE pServiceImage,
_In_ BOOL bSecurityServiceProcess)
{
WCHAR szControlPipeName[MAX_PATH + 1];
SECURITY_ATTRIBUTES SecurityAttributes;
HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE;
DWORD dwServiceCurrent = 1;
DWORD dwKeyDisposition;
DWORD dwKeySize;
DWORD dwError;
/* Get the service number */
if (bSecurityServiceProcess == FALSE)
{
/* TODO: Create registry entry with correct write access */
dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE,
L"SYSTEM\\CurrentControlSet\\Control\\ServiceCurrent",
0,
NULL,
REG_OPTION_VOLATILE,
KEY_WRITE | KEY_READ,
NULL,
&hServiceCurrentKey,
&dwKeyDisposition);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("RegCreateKeyEx() failed with error %lu\n", dwError);
return dwError;
}
if (dwKeyDisposition == REG_OPENED_EXISTING_KEY)
{
dwKeySize = sizeof(DWORD);
dwError = RegQueryValueExW(hServiceCurrentKey,
L"",
0,
NULL,
(BYTE*)&dwServiceCurrent,
&dwKeySize);
if (dwError != ERROR_SUCCESS)
{
RegCloseKey(hServiceCurrentKey);
DPRINT1("RegQueryValueEx() failed with error %lu\n", dwError);
return dwError;
}
dwServiceCurrent++;
}
dwError = RegSetValueExW(hServiceCurrentKey,
L"",
0,
REG_DWORD,
(BYTE*)&dwServiceCurrent,
sizeof(dwServiceCurrent));
RegCloseKey(hServiceCurrentKey);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("RegSetValueExW() failed (Error %lu)\n", dwError);
return dwError;
}
}
else
{
dwServiceCurrent = 0;
}
/* Create '\\.\pipe\net\NtControlPipeXXX' instance */
StringCchPrintfW(szControlPipeName, ARRAYSIZE(szControlPipeName),
L"\\\\.\\pipe\\net\\NtControlPipe%lu", dwServiceCurrent);
DPRINT("PipeName: %S\n", szControlPipeName);
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = pPipeSD;
SecurityAttributes.bInheritHandle = FALSE;
pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
100,
8000,
4,
PipeTimeout,
&SecurityAttributes);
DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
{
DPRINT1("Failed to create control pipe\n");
return GetLastError();
}
return ERROR_SUCCESS;
}
static PSERVICE_IMAGE
ScmGetServiceImageByImagePath(LPWSTR lpImagePath)
{
PLIST_ENTRY ImageEntry;
PSERVICE_IMAGE CurrentImage;
DPRINT("ScmGetServiceImageByImagePath(%S) called\n", lpImagePath);
ImageEntry = ImageListHead.Flink;
while (ImageEntry != &ImageListHead)
{
CurrentImage = CONTAINING_RECORD(ImageEntry,
SERVICE_IMAGE,
ImageListEntry);
if (_wcsicmp(CurrentImage->pszImagePath, lpImagePath) == 0)
{
DPRINT("Found image: '%S'\n", CurrentImage->pszImagePath);
return CurrentImage;
}
ImageEntry = ImageEntry->Flink;
}
DPRINT("Couldn't find a matching image\n");
return NULL;
}
DWORD
ScmGetServiceNameFromTag(IN PTAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams,
OUT PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS *OutParams)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
PSERVICE_IMAGE CurrentImage;
PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutBuffer = NULL;
DWORD dwError;
/* Lock the database */
ScmLockDatabaseExclusive();
/* Find the matching service */
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry,
SERVICE,
ServiceListEntry);
/* We must match the tag */
if (CurrentService->dwServiceTag == InParams->dwTag &&
CurrentService->lpImage != NULL)
{
CurrentImage = CurrentService->lpImage;
/* And matching the PID */
if (CurrentImage->dwProcessId == InParams->dwPid)
{
break;
}
}
ServiceEntry = ServiceEntry->Flink;
}
/* No match! */
if (ServiceEntry == &ServiceListHead)
{
dwError = ERROR_RETRY;
goto Cleanup;
}
/* Allocate the output buffer */
OutBuffer = MIDL_user_allocate(sizeof(TAG_INFO_NAME_FROM_TAG_OUT_PARAMS));
if (OutBuffer == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto Cleanup;
}
/* And the buffer for the name */
OutBuffer->pszName = MIDL_user_allocate(wcslen(CurrentService->lpServiceName) * sizeof(WCHAR) + sizeof(UNICODE_NULL));
if (OutBuffer->pszName == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto Cleanup;
}
/* Fill in output data */
wcscpy(OutBuffer->pszName, CurrentService->lpServiceName);
OutBuffer->TagType = TagTypeService;
/* And return */
*OutParams = OutBuffer;
dwError = ERROR_SUCCESS;
Cleanup:
/* Unlock database */
ScmUnlockDatabase();
/* If failure, free allocated memory */
if (dwError != ERROR_SUCCESS)
{
if (OutBuffer != NULL)
{
MIDL_user_free(OutBuffer);
}
}
/* Return error/success */
return dwError;
}
static
BOOL
ScmIsSameServiceAccount(
_In_ PCWSTR pszAccountName1,
_In_ PCWSTR pszAccountName2)
{
if (pszAccountName1 == NULL &&
pszAccountName2 == NULL)
return TRUE;
if (pszAccountName1 == NULL &&
pszAccountName2 != NULL &&
_wcsicmp(pszAccountName2, L"LocalSystem") == 0)
return TRUE;
if (pszAccountName1 != NULL &&
pszAccountName2 == NULL &&
_wcsicmp(pszAccountName1, L"LocalSystem") == 0)
return TRUE;
if (pszAccountName1 != NULL &&
pszAccountName2 != NULL &&
_wcsicmp(pszAccountName1, pszAccountName2) == 0)
return TRUE;
return FALSE;
}
static
BOOL
ScmIsLocalSystemAccount(
_In_ PCWSTR pszAccountName)
{
if (pszAccountName == NULL ||
_wcsicmp(pszAccountName, L"LocalSystem") == 0)
return TRUE;
return FALSE;
}
static
BOOL
ScmEnableBackupRestorePrivileges(
_In_ HANDLE hToken,
_In_ BOOL bEnable)
{
PTOKEN_PRIVILEGES pTokenPrivileges = NULL;
DWORD dwSize;
BOOL bRet = FALSE;
DPRINT("ScmEnableBackupRestorePrivileges(%p %d)\n", hToken, bEnable);
dwSize = sizeof(TOKEN_PRIVILEGES) + 2 * sizeof(LUID_AND_ATTRIBUTES);
pTokenPrivileges = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
if (pTokenPrivileges == NULL)
{
DPRINT1("Failed to allocate privilege buffer\n");
goto done;
}
pTokenPrivileges->PrivilegeCount = 2;
pTokenPrivileges->Privileges[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
pTokenPrivileges->Privileges[0].Luid.HighPart = 0;
pTokenPrivileges->Privileges[0].Attributes = (bEnable ? SE_PRIVILEGE_ENABLED : 0);
pTokenPrivileges->Privileges[1].Luid.LowPart = SE_RESTORE_PRIVILEGE;
pTokenPrivileges->Privileges[1].Luid.HighPart = 0;
pTokenPrivileges->Privileges[1].Attributes = (bEnable ? SE_PRIVILEGE_ENABLED : 0);
bRet = AdjustTokenPrivileges(hToken, FALSE, pTokenPrivileges, 0, NULL, NULL);
if (!bRet)
{
DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError());
}
else if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
DPRINT1("AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
bRet = FALSE;
}
done:
if (pTokenPrivileges != NULL)
HeapFree(GetProcessHeap(), 0, pTokenPrivileges);
return bRet;
}
static
DWORD
ScmLogonService(
IN PSERVICE pService,
IN PSERVICE_IMAGE pImage)
{
PROFILEINFOW ProfileInfo;
PWSTR pszUserName = NULL;
PWSTR pszDomainName = NULL;
PWSTR pszPassword = NULL;
PWSTR ptr;
DWORD dwError = ERROR_SUCCESS;
DPRINT("ScmLogonService(%p %p)\n", pService, pImage);
DPRINT("Service %S\n", pService->lpServiceName);
if (ScmIsLocalSystemAccount(pImage->pszAccountName) || ScmLiveSetup || ScmSetupInProgress)
return ERROR_SUCCESS;
/* Get the user and domain names */
ptr = wcschr(pImage->pszAccountName, L'\\');
if (ptr != NULL)
{
*ptr = L'\0';
pszUserName = ptr + 1;
pszDomainName = pImage->pszAccountName;
}
else
{
// ERROR_INVALID_SERVICE_ACCOUNT
pszUserName = pImage->pszAccountName;
pszDomainName = NULL;
}
/* Build the service 'password' */
pszPassword = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
(wcslen(pService->lpServiceName) + 5) * sizeof(WCHAR));
if (pszPassword == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto done;
}
wcscpy(pszPassword, L"_SC_");
wcscat(pszPassword, pService->lpServiceName);
DPRINT("Domain: %S User: %S Password: %S\n", pszDomainName, pszUserName, pszPassword);
/* Do the service logon */
if (!LogonUserW(pszUserName,
pszDomainName,
pszPassword,
LOGON32_LOGON_SERVICE,
LOGON32_PROVIDER_DEFAULT,
&pImage->hToken))
{
dwError = GetLastError();
DPRINT1("LogonUserW() failed (Error %lu)\n", dwError);
/* Normalize the returned error */
dwError = ERROR_SERVICE_LOGON_FAILED;
goto done;
}
/* Load the user profile; the per-user environment variables are thus correctly initialized */
ZeroMemory(&ProfileInfo, sizeof(ProfileInfo));
ProfileInfo.dwSize = sizeof(ProfileInfo);
ProfileInfo.dwFlags = PI_NOUI;
ProfileInfo.lpUserName = pszUserName;
// ProfileInfo.lpProfilePath = NULL;
// ProfileInfo.lpDefaultPath = NULL;
// ProfileInfo.lpServerName = NULL;
// ProfileInfo.lpPolicyPath = NULL;
// ProfileInfo.hProfile = NULL;
ScmEnableBackupRestorePrivileges(pImage->hToken, TRUE);
if (!LoadUserProfileW(pImage->hToken, &ProfileInfo))
dwError = GetLastError();
ScmEnableBackupRestorePrivileges(pImage->hToken, FALSE);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("LoadUserProfileW() failed (Error %lu)\n", dwError);
goto done;
}
pImage->hProfile = ProfileInfo.hProfile;
done:
if (pszPassword != NULL)
HeapFree(GetProcessHeap(), 0, pszPassword);
if (ptr != NULL)
*ptr = L'\\';
return dwError;
}
static DWORD
ScmCreateOrReferenceServiceImage(PSERVICE pService)
{
RTL_QUERY_REGISTRY_TABLE QueryTable[3];
UNICODE_STRING ImagePath;
UNICODE_STRING ObjectName;
PSERVICE_IMAGE pServiceImage = NULL;
NTSTATUS Status;
DWORD dwError = ERROR_SUCCESS;
DWORD dwRecordSize;
LPWSTR pString;
BOOL bSecurityService;
DPRINT("ScmCreateOrReferenceServiceImage(%p)\n", pService);
RtlInitUnicodeString(&ImagePath, NULL);
RtlInitUnicodeString(&ObjectName, NULL);
/* Get service data */
RtlZeroMemory(&QueryTable,
sizeof(QueryTable));
QueryTable[0].Name = L"ImagePath";
QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_REQUIRED;
QueryTable[0].EntryContext = &ImagePath;
QueryTable[1].Name = L"ObjectName";
QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
QueryTable[1].EntryContext = &ObjectName;
Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,
pService->lpServiceName,
QueryTable,
NULL,
NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("RtlQueryRegistryValues() failed (Status %lx)\n", Status);
return RtlNtStatusToDosError(Status);
}
DPRINT("ImagePath: '%wZ'\n", &ImagePath);
DPRINT("ObjectName: '%wZ'\n", &ObjectName);
pServiceImage = ScmGetServiceImageByImagePath(ImagePath.Buffer);
if (pServiceImage == NULL)
{
dwRecordSize = sizeof(SERVICE_IMAGE) +
ImagePath.Length + sizeof(WCHAR) +
((ObjectName.Length != 0) ? (ObjectName.Length + sizeof(WCHAR)) : 0);
/* Create a new service image */
pServiceImage = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
dwRecordSize);
if (pServiceImage == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto done;
}
pServiceImage->dwImageRunCount = 1;
pServiceImage->hControlPipe = INVALID_HANDLE_VALUE;
pServiceImage->hProcess = INVALID_HANDLE_VALUE;
pString = (PWSTR)((INT_PTR)pServiceImage + sizeof(SERVICE_IMAGE));
/* Set the image path */
pServiceImage->pszImagePath = pString;
wcscpy(pServiceImage->pszImagePath,
ImagePath.Buffer);
/* Set the account name */
if (ObjectName.Length > 0)
{
pString = pString + wcslen(pString) + 1;
pServiceImage->pszAccountName = pString;
wcscpy(pServiceImage->pszAccountName,
ObjectName.Buffer);
}
/* Service logon */
dwError = ScmLogonService(pService, pServiceImage);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("ScmLogonService() failed (Error %lu)\n", dwError);
/* Release the service image */
HeapFree(GetProcessHeap(), 0, pServiceImage);
goto done;
}
bSecurityService = ScmIsSecurityService(pServiceImage);
/* Create the control pipe */
dwError = ScmCreateNewControlPipe(pServiceImage,
bSecurityService);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("ScmCreateNewControlPipe() failed (Error %lu)\n", dwError);
/* Unload the user profile */
if (pServiceImage->hProfile != NULL)
{
ScmEnableBackupRestorePrivileges(pServiceImage->hToken, TRUE);
UnloadUserProfile(pServiceImage->hToken, pServiceImage->hProfile);
ScmEnableBackupRestorePrivileges(pServiceImage->hToken, FALSE);
}
/* Close the logon token */
if (pServiceImage->hToken != NULL)
CloseHandle(pServiceImage->hToken);
/* Release the service image */
HeapFree(GetProcessHeap(), 0, pServiceImage);
goto done;
}
if (bSecurityService)
{
SetSecurityServicesEvent();
}
/* FIXME: Add more initialization code here */
/* Append service record */
InsertTailList(&ImageListHead,
&pServiceImage->ImageListEntry);
}
else
{
// if ((lpService->Status.dwServiceType & SERVICE_WIN32_SHARE_PROCESS) == 0)
/* Fail if services in an image use different accounts */
if (!ScmIsSameServiceAccount(pServiceImage->pszAccountName, ObjectName.Buffer))
{
dwError = ERROR_DIFFERENT_SERVICE_ACCOUNT;
goto done;
}
/* Increment the run counter */
pServiceImage->dwImageRunCount++;
}
DPRINT("pServiceImage->pszImagePath: %S\n", pServiceImage->pszImagePath);
DPRINT("pServiceImage->pszAccountName: %S\n", pServiceImage->pszAccountName);
DPRINT("pServiceImage->dwImageRunCount: %lu\n", pServiceImage->dwImageRunCount);
/* Link the service image to the service */
pService->lpImage = pServiceImage;
done:
RtlFreeUnicodeString(&ObjectName);
RtlFreeUnicodeString(&ImagePath);
DPRINT("ScmCreateOrReferenceServiceImage() done (Error: %lu)\n", dwError);
return dwError;
}
VOID
ScmRemoveServiceImage(PSERVICE_IMAGE pServiceImage)
{
DPRINT1("ScmRemoveServiceImage() called\n");
/* FIXME: Terminate the process */
/* Remove the service image from the list */
RemoveEntryList(&pServiceImage->ImageListEntry);
/* Close the process handle */
if (pServiceImage->hProcess != INVALID_HANDLE_VALUE)
CloseHandle(pServiceImage->hProcess);
/* Close the control pipe */
if (pServiceImage->hControlPipe != INVALID_HANDLE_VALUE)
CloseHandle(pServiceImage->hControlPipe);
/* Unload the user profile */
if (pServiceImage->hProfile != NULL)
{
ScmEnableBackupRestorePrivileges(pServiceImage->hToken, TRUE);
UnloadUserProfile(pServiceImage->hToken, pServiceImage->hProfile);
ScmEnableBackupRestorePrivileges(pServiceImage->hToken, FALSE);
}
/* Close the logon token */
if (pServiceImage->hToken != NULL)
CloseHandle(pServiceImage->hToken);
/* Release the service image */
HeapFree(GetProcessHeap(), 0, pServiceImage);
}
PSERVICE
ScmGetServiceEntryByName(LPCWSTR lpServiceName)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
DPRINT("ScmGetServiceEntryByName() called\n");
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry,
SERVICE,
ServiceListEntry);
if (_wcsicmp(CurrentService->lpServiceName, lpServiceName) == 0)
{
DPRINT("Found service: '%S'\n", CurrentService->lpServiceName);
return CurrentService;
}
ServiceEntry = ServiceEntry->Flink;
}
DPRINT("Couldn't find a matching service\n");
return NULL;
}
PSERVICE
ScmGetServiceEntryByDisplayName(LPCWSTR lpDisplayName)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
DPRINT("ScmGetServiceEntryByDisplayName() called\n");
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry,
SERVICE,
ServiceListEntry);
if (_wcsicmp(CurrentService->lpDisplayName, lpDisplayName) == 0)
{
DPRINT("Found service: '%S'\n", CurrentService->lpDisplayName);
return CurrentService;
}
ServiceEntry = ServiceEntry->Flink;
}
DPRINT("Couldn't find a matching service\n");
return NULL;
}
PSERVICE
ScmGetServiceEntryByResumeCount(DWORD dwResumeCount)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
DPRINT("ScmGetServiceEntryByResumeCount() called\n");
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry,
SERVICE,
ServiceListEntry);
if (CurrentService->dwResumeCount > dwResumeCount)
{
DPRINT("Found service: '%S'\n", CurrentService->lpDisplayName);
return CurrentService;
}
ServiceEntry = ServiceEntry->Flink;
}
DPRINT("Couldn't find a matching service\n");
return NULL;
}
DWORD
ScmGenerateServiceTag(PSERVICE lpServiceRecord)
{
/* Check for an overflow */
if (ServiceTag == -1)
{
return ERROR_INVALID_DATA;
}
/* This is only valid for Win32 services */
if (!(lpServiceRecord->Status.dwServiceType & SERVICE_WIN32))
{
return ERROR_INVALID_PARAMETER;
}
/* Increment the tag counter and set it */
ServiceTag = ServiceTag % 0xFFFFFFFF + 1;
lpServiceRecord->dwServiceTag = ServiceTag;
return ERROR_SUCCESS;
}
DWORD
ScmCreateNewServiceRecord(LPCWSTR lpServiceName,
PSERVICE *lpServiceRecord,
DWORD dwServiceType,
DWORD dwStartType)
{
PSERVICE lpService = NULL;
DPRINT("Service: '%S'\n", lpServiceName);
/* Allocate service entry */
lpService = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) + 1]));
if (lpService == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
*lpServiceRecord = lpService;
/* Copy service name */
wcscpy(lpService->szServiceName, lpServiceName);
lpService->lpServiceName = lpService->szServiceName;
lpService->lpDisplayName = lpService->lpServiceName;
/* Set the start type */
lpService->dwStartType = dwStartType;
/* Set the resume count */
lpService->dwResumeCount = ResumeCount++;
/* Append service record */
InsertTailList(&ServiceListHead,
&lpService->ServiceListEntry);
/* Initialize the service status */
lpService->Status.dwServiceType = dwServiceType;
lpService->Status.dwCurrentState = SERVICE_STOPPED;
lpService->Status.dwControlsAccepted = 0;
lpService->Status.dwWin32ExitCode =
(dwStartType == SERVICE_DISABLED) ? ERROR_SERVICE_DISABLED : ERROR_SERVICE_NEVER_STARTED;
lpService->Status.dwServiceSpecificExitCode = 0;
lpService->Status.dwCheckPoint = 0;
lpService->Status.dwWaitHint =
(dwServiceType & SERVICE_DRIVER) ? 0 : 2000; /* 2 seconds */
return ERROR_SUCCESS;
}
VOID
ScmDeleteServiceRecord(PSERVICE lpService)
{
DPRINT("Deleting Service %S\n", lpService->lpServiceName);
/* Delete the display name */
if (lpService->lpDisplayName != NULL &&
lpService->lpDisplayName != lpService->lpServiceName)
HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName);
/* Dereference the service image */
if (lpService->lpImage)
{
lpService->lpImage->dwImageRunCount--;
if (lpService->lpImage->dwImageRunCount == 0)
{
ScmRemoveServiceImage(lpService->lpImage);
lpService->lpImage = NULL;
}
}
/* Decrement the group reference counter */
ScmSetServiceGroup(lpService, NULL);
/* Release the SecurityDescriptor */
if (lpService->pSecurityDescriptor != NULL)
HeapFree(GetProcessHeap(), 0, lpService->pSecurityDescriptor);
/* Remove the Service from the List */
RemoveEntryList(&lpService->ServiceListEntry);
DPRINT("Deleted Service %S\n", lpService->lpServiceName);
/* Delete the service record */
HeapFree(GetProcessHeap(), 0, lpService);
DPRINT("Done\n");
}
DWORD
Int_EnumDependentServicesW(HKEY hServicesKey,
PSERVICE lpService,
DWORD dwServiceState,
PSERVICE *lpServices,
LPDWORD pcbBytesNeeded,
LPDWORD lpServicesReturned);
DWORD ScmDeleteService(PSERVICE lpService)
{
DWORD dwError;
DWORD pcbBytesNeeded = 0;
DWORD dwServicesReturned = 0;
HKEY hServicesKey;
ASSERT(lpService->RefCount == 0);
/* Open the Services Reg key */
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"System\\CurrentControlSet\\Services",
0,
KEY_SET_VALUE | KEY_READ,
&hServicesKey);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("Failed to open services key\n");
return dwError;
}
/* Call the function with NULL, just to get bytes we need */
Int_EnumDependentServicesW(hServicesKey,
lpService,
SERVICE_ACTIVE,
NULL,
&pcbBytesNeeded,
&dwServicesReturned);
/* If pcbBytesNeeded returned a value then there are services running that are dependent on this service */
if (pcbBytesNeeded)
{
DPRINT1("Deletion failed due to running dependencies\n");
RegCloseKey(hServicesKey);
return ERROR_DEPENDENT_SERVICES_RUNNING;
}
/* There are no references and no running dependencies,
it is now safe to delete the service */
/* Delete the Service Key */
dwError = ScmDeleteRegKey(hServicesKey, lpService->lpServiceName);
RegCloseKey(hServicesKey);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("Failed to delete the Service Registry key\n");
return dwError;
}
/* Delete the Service */
ScmDeleteServiceRecord(lpService);
return ERROR_SUCCESS;
}
/*
* This function allows the caller to be sure that the service won't be freed unexpectedly.
* In order to be sure that lpService will be valid until the reference is added
* the caller needs to hold the database lock.
* A running service will keep a reference for the whole time it is not SERVICE_STOPPED.
* A service handle will also keep a reference to a service. Keeping a reference is
* really needed so that ScmControlService can be called without keeping the database locked.
* This means that eventually the correct order of operations to send a control message to
* a service looks like: lock, reference, unlock, send control, lock, dereference, unlock.
*/
DWORD
ScmReferenceService(PSERVICE lpService)
{
return InterlockedIncrement(&lpService->RefCount);
}
/* This function must be called with the database lock held exclusively as
it can end up deleting the service */
DWORD
ScmDereferenceService(PSERVICE lpService)
{
DWORD ref;
ASSERT(lpService->RefCount > 0);
ref = InterlockedDecrement(&lpService->RefCount);
if (ref == 0 && lpService->bDeleted &&
lpService->Status.dwCurrentState == SERVICE_STOPPED)
{
ScmDeleteService(lpService);
}
return ref;
}
static DWORD
CreateServiceListEntry(LPCWSTR lpServiceName,
HKEY hServiceKey)
{
PSERVICE lpService = NULL;
LPWSTR lpDisplayName = NULL;
LPWSTR lpGroup = NULL;
DWORD dwSize;
DWORD dwError;
DWORD dwServiceType;
DWORD dwStartType;
DWORD dwErrorControl;
DWORD dwTagId;
DPRINT("Service: '%S'\n", lpServiceName);
if (*lpServiceName == L'{')
return ERROR_SUCCESS;
dwSize = sizeof(DWORD);
dwError = RegQueryValueExW(hServiceKey,
L"Type",
NULL,
NULL,
(LPBYTE)&dwServiceType,
&dwSize);
if (dwError != ERROR_SUCCESS)
return ERROR_SUCCESS;
if (((dwServiceType & ~SERVICE_INTERACTIVE_PROCESS) != SERVICE_WIN32_OWN_PROCESS) &&
((dwServiceType & ~SERVICE_INTERACTIVE_PROCESS) != SERVICE_WIN32_SHARE_PROCESS) &&
(dwServiceType != SERVICE_KERNEL_DRIVER) &&
(dwServiceType != SERVICE_FILE_SYSTEM_DRIVER))
return ERROR_SUCCESS;
DPRINT("Service type: %lx\n", dwServiceType);
dwSize = sizeof(DWORD);
dwError = RegQueryValueExW(hServiceKey,
L"Start",
NULL,
NULL,
(LPBYTE)&dwStartType,
&dwSize);
if (dwError != ERROR_SUCCESS)
return ERROR_SUCCESS;
DPRINT("Start type: %lx\n", dwStartType);
dwSize = sizeof(DWORD);
dwError = RegQueryValueExW(hServiceKey,
L"ErrorControl",
NULL,
NULL,
(LPBYTE)&dwErrorControl,
&dwSize);
if (dwError != ERROR_SUCCESS)
return ERROR_SUCCESS;
DPRINT("Error control: %lx\n", dwErrorControl);
dwError = RegQueryValueExW(hServiceKey,
L"Tag",
NULL,
NULL,
(LPBYTE)&dwTagId,
&dwSize);
if (dwError != ERROR_SUCCESS)
dwTagId = 0;
DPRINT("Tag: %lx\n", dwTagId);
dwError = ScmReadString(hServiceKey,
L"Group",
&lpGroup);
if (dwError != ERROR_SUCCESS)
lpGroup = NULL;
DPRINT("Group: %S\n", lpGroup);
dwError = ScmReadString(hServiceKey,
L"DisplayName",
&lpDisplayName);
if (dwError != ERROR_SUCCESS)
lpDisplayName = NULL;
DPRINT("Display name: %S\n", lpDisplayName);
dwError = ScmCreateNewServiceRecord(lpServiceName,
&lpService,
dwServiceType,
dwStartType);
if (dwError != ERROR_SUCCESS)
goto done;
lpService->dwErrorControl = dwErrorControl;
lpService->dwTag = dwTagId;
if (lpGroup != NULL)
{
dwError = ScmSetServiceGroup(lpService, lpGroup);
if (dwError != ERROR_SUCCESS)
goto done;
}
if (lpDisplayName != NULL)
{
lpService->lpDisplayName = lpDisplayName;
lpDisplayName = NULL;
}
DPRINT("ServiceName: '%S'\n", lpService->lpServiceName);
if (lpService->lpGroup != NULL)
{
DPRINT("Group: '%S'\n", lpService->lpGroup->lpGroupName);
}
DPRINT("Start %lx Type %lx Tag %lx ErrorControl %lx\n",
lpService->dwStartType,
lpService->Status.dwServiceType,
lpService->dwTag,
lpService->dwErrorControl);
if (ScmIsDeleteFlagSet(hServiceKey))
lpService->bDeleted = TRUE;
else
ScmGenerateServiceTag(lpService);
if (lpService->Status.dwServiceType & SERVICE_WIN32)
{
dwError = ScmReadSecurityDescriptor(hServiceKey,
&lpService->pSecurityDescriptor);
if (dwError != ERROR_SUCCESS)
goto done;
/* Assing the default security descriptor if the security descriptor cannot be read */
if (lpService->pSecurityDescriptor == NULL)
{
DPRINT("No security descriptor found! Assign default security descriptor\n");
dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
if (dwError != ERROR_SUCCESS)
goto done;
dwError = ScmWriteSecurityDescriptor(hServiceKey,
lpService->pSecurityDescriptor);
if (dwError != ERROR_SUCCESS)
goto done;
}
}
done:
if (lpGroup != NULL)
HeapFree(GetProcessHeap(), 0, lpGroup);
if (lpDisplayName != NULL)
HeapFree(GetProcessHeap(), 0, lpDisplayName);
if (lpService != NULL)
{
ASSERT(lpService->lpImage == NULL);
}
return dwError;
}
VOID
ScmDeleteMarkedServices(VOID)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
HKEY hServicesKey;
DWORD dwError;
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
ServiceEntry = ServiceEntry->Flink;
if (CurrentService->bDeleted != FALSE)
{
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"System\\CurrentControlSet\\Services",
0,
DELETE,
&hServicesKey);
if (dwError == ERROR_SUCCESS)
{
dwError = ScmDeleteRegKey(hServicesKey, CurrentService->lpServiceName);
RegCloseKey(hServicesKey);
if (dwError == ERROR_SUCCESS)
{
RemoveEntryList(&CurrentService->ServiceListEntry);
HeapFree(GetProcessHeap(), 0, CurrentService);
}
}
if (dwError != ERROR_SUCCESS)
DPRINT1("Delete service failed: %S\n", CurrentService->lpServiceName);
}
}
}
static
VOID
ScmGetNoInteractiveServicesValue(VOID)
{
HKEY hKey;
DWORD dwKeySize;
LONG lError;
lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"SYSTEM\\CurrentControlSet\\Control\\Windows",
0,
KEY_READ,
&hKey);
if (lError == ERROR_SUCCESS)
{
dwKeySize = sizeof(NoInteractiveServices);
lError = RegQueryValueExW(hKey,
L"NoInteractiveServices",
0,
NULL,
(LPBYTE)&NoInteractiveServices,
&dwKeySize);
RegCloseKey(hKey);
}
}
DWORD
ScmCreateServiceDatabase(VOID)
{
WCHAR szSubKey[MAX_PATH];
HKEY hServicesKey;
HKEY hServiceKey;
DWORD dwSubKey;
DWORD dwSubKeyLength;
FILETIME ftLastChanged;
DWORD dwError;
DPRINT("ScmCreateServiceDatabase() called\n");
/* Retrieve the NoInteractiveServies value */
ScmGetNoInteractiveServicesValue();
/* Create the service group list */
dwError = ScmCreateGroupList();
if (dwError != ERROR_SUCCESS)
return dwError;
/* Initialize image and service lists */
InitializeListHead(&ImageListHead);
InitializeListHead(&ServiceListHead);
/* Initialize the database lock */
RtlInitializeResource(&DatabaseLock);
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"System\\CurrentControlSet\\Services",
0,
KEY_READ,
&hServicesKey);
if (dwError != ERROR_SUCCESS)
return dwError;
dwSubKey = 0;
for (;;)
{
dwSubKeyLength = MAX_PATH;
dwError = RegEnumKeyExW(hServicesKey,
dwSubKey,
szSubKey,
&dwSubKeyLength,
NULL,
NULL,
NULL,
&ftLastChanged);
if (dwError == ERROR_SUCCESS &&
szSubKey[0] != L'{')
{
DPRINT("SubKeyName: '%S'\n", szSubKey);
dwError = RegOpenKeyExW(hServicesKey,
szSubKey,
0,
KEY_READ,
&hServiceKey);
if (dwError == ERROR_SUCCESS)
{
dwError = CreateServiceListEntry(szSubKey,
hServiceKey);
RegCloseKey(hServiceKey);
}
}
if (dwError != ERROR_SUCCESS)
break;
dwSubKey++;
}
RegCloseKey(hServicesKey);
/* Wait for the LSA server */
ScmWaitForLsa();
/* Delete services that are marked for delete */
ScmDeleteMarkedServices();
DPRINT("ScmCreateServiceDatabase() done\n");
return ERROR_SUCCESS;
}
VOID
ScmShutdownServiceDatabase(VOID)
{
DPRINT("ScmShutdownServiceDatabase() called\n");
ScmDeleteMarkedServices();
RtlDeleteResource(&DatabaseLock);
DPRINT("ScmShutdownServiceDatabase() done\n");
}
static NTSTATUS
ScmCheckDriver(PSERVICE Service)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING DirName;
HANDLE DirHandle;
NTSTATUS Status;
POBJECT_DIRECTORY_INFORMATION DirInfo;
ULONG BufferLength;
ULONG DataLength;
ULONG Index;
DPRINT("ScmCheckDriver(%S) called\n", Service->lpServiceName);
if (Service->Status.dwServiceType == SERVICE_KERNEL_DRIVER)
{
RtlInitUnicodeString(&DirName, L"\\Driver");
}
else // if (Service->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER)
{
ASSERT(Service->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER);
RtlInitUnicodeString(&DirName, L"\\FileSystem");
}
InitializeObjectAttributes(&ObjectAttributes,
&DirName,
0,
NULL,
NULL);
Status = NtOpenDirectoryObject(&DirHandle,
DIRECTORY_QUERY | DIRECTORY_TRAVERSE,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
return Status;
}
BufferLength = sizeof(OBJECT_DIRECTORY_INFORMATION) +
2 * MAX_PATH * sizeof(WCHAR);
DirInfo = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
BufferLength);
Index = 0;
while (TRUE)
{
Status = NtQueryDirectoryObject(DirHandle,
DirInfo,
BufferLength,
TRUE,
FALSE,
&Index,
&DataLength);
if (Status == STATUS_NO_MORE_ENTRIES)
{
/* FIXME: Add current service to 'failed service' list */
DPRINT("Service '%S' failed\n", Service->lpServiceName);
break;
}
if (!NT_SUCCESS(Status))
break;
DPRINT("Comparing: '%S' '%wZ'\n", Service->lpServiceName, &DirInfo->Name);
if (_wcsicmp(Service->lpServiceName, DirInfo->Name.Buffer) == 0)
{
DPRINT("Found: '%S' '%wZ'\n",
Service->lpServiceName, &DirInfo->Name);
/* Mark service as 'running' */
Service->Status.dwCurrentState = SERVICE_RUNNING;
Service->Status.dwControlsAccepted = SERVICE_ACCEPT_STOP;
Service->Status.dwWin32ExitCode = ERROR_SUCCESS;
Service->Status.dwServiceSpecificExitCode = 0;
Service->Status.dwCheckPoint = 0;
Service->Status.dwWaitHint = 0;
/* Mark the service group as 'running' */
if (Service->lpGroup != NULL)
{
Service->lpGroup->ServicesRunning = TRUE;
}
break;
}
}
HeapFree(GetProcessHeap(),
0,
DirInfo);
NtClose(DirHandle);
return STATUS_SUCCESS;
}
VOID
ScmGetBootAndSystemDriverState(VOID)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
DPRINT("ScmGetBootAndSystemDriverState() called\n");
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
if (CurrentService->dwStartType == SERVICE_BOOT_START ||
CurrentService->dwStartType == SERVICE_SYSTEM_START)
{
/* Check driver */
DPRINT(" Checking service: %S\n", CurrentService->lpServiceName);
ScmCheckDriver(CurrentService);
}
ServiceEntry = ServiceEntry->Flink;
}
DPRINT("ScmGetBootAndSystemDriverState() done\n");
}
/*
* ScmControlService must never be called with the database lock being held.
* The service passed must always be referenced instead.
*/
DWORD
ScmControlServiceEx(
_In_ HANDLE hControlPipe,
_In_ PCWSTR pServiceName,
_In_ DWORD dwControl,
_In_ SERVICE_STATUS_HANDLE hServiceStatus,
_In_opt_ DWORD dwServiceTag,
_In_opt_ DWORD argc,
_In_reads_opt_(argc) PWSTR* argv)
{
DWORD dwError = ERROR_SUCCESS;
BOOL bResult;
PSCM_CONTROL_PACKET ControlPacket;
SCM_REPLY_PACKET ReplyPacket;
DWORD PacketSize;
DWORD i;
PWSTR Ptr;
DWORD dwWriteCount = 0;
DWORD dwReadCount = 0;
OVERLAPPED Overlapped = {0};
DPRINT("ScmControlService(%S, %d) called\n", pServiceName, dwControl);
/* Calculate the total size of the control packet:
* initial structure, the start command line, and the argument vector */
PacketSize = sizeof(SCM_CONTROL_PACKET);
PacketSize += (DWORD)((wcslen(pServiceName) + 1) * sizeof(WCHAR));
/*
* Calculate the required packet size for the start argument vector 'argv',
* composed of the pointer offsets list, followed by UNICODE strings.
* The strings are stored successively after the offsets vector, with
* the offsets being relative to the beginning of the vector, as in the
* following layout (with N == argc):
* [argOff(0)]...[argOff(N-1)][str(0)]...[str(N-1)] .
*/
if (argc > 0 && argv != NULL)
{
PacketSize = ALIGN_UP(PacketSize, PWSTR);
PacketSize += (argc * sizeof(PWSTR));
DPRINT("Argc: %lu\n", argc);
for (i = 0; i < argc; i++)
{
DPRINT("Argv[%lu]: %S\n", i, argv[i]);
PacketSize += (DWORD)((wcslen(argv[i]) + 1) * sizeof(WCHAR));
}
}
/* Allocate the control packet */
ControlPacket = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PacketSize);
if (!ControlPacket)
return ERROR_NOT_ENOUGH_MEMORY;
ControlPacket->dwSize = PacketSize;
ControlPacket->dwControl = dwControl;
ControlPacket->hServiceStatus = hServiceStatus;
ControlPacket->dwServiceTag = dwServiceTag;
/* Copy the start command line */
ControlPacket->dwServiceNameOffset = sizeof(SCM_CONTROL_PACKET);
Ptr = (PWSTR)((ULONG_PTR)ControlPacket + ControlPacket->dwServiceNameOffset);
wcscpy(Ptr, pServiceName);
ControlPacket->dwArgumentsCount = 0;
ControlPacket->dwArgumentsOffset = 0;
/* Copy the argument vector */
if (argc > 0 && argv != NULL)
{
PWSTR *pOffPtr, pArgPtr;
Ptr += wcslen(pServiceName) + 1;
pOffPtr = (PWSTR*)ALIGN_UP_POINTER(Ptr, PWSTR);
pArgPtr = (PWSTR)((ULONG_PTR)pOffPtr + argc * sizeof(PWSTR));
ControlPacket->dwArgumentsCount = argc;
ControlPacket->dwArgumentsOffset = (DWORD)((ULONG_PTR)pOffPtr - (ULONG_PTR)ControlPacket);
DPRINT("dwArgumentsCount: %lu\n", ControlPacket->dwArgumentsCount);
DPRINT("dwArgumentsOffset: %lu\n", ControlPacket->dwArgumentsOffset);
for (i = 0; i < argc; i++)
{
wcscpy(pArgPtr, argv[i]);
pOffPtr[i] = (PWSTR)((ULONG_PTR)pArgPtr - (ULONG_PTR)pOffPtr);
DPRINT("offset[%lu]: %p\n", i, pOffPtr[i]);
pArgPtr += wcslen(argv[i]) + 1;
}
}
/* Acquire the service control critical section, to synchronize requests */
EnterCriticalSection(&ControlServiceCriticalSection);
bResult = WriteFile(hControlPipe,
ControlPacket,
PacketSize,
&dwWriteCount,
&Overlapped);
if (!bResult)
{
dwError = GetLastError();
if (dwError == ERROR_IO_PENDING)
{
DPRINT("WriteFile(%S, %d) returned ERROR_IO_PENDING\n", pServiceName, dwControl);
dwError = WaitForSingleObject(hControlPipe,
PipeTimeout);
DPRINT("WaitForSingleObject(%S, %d) returned %lu\n", pServiceName, dwControl, dwError);
if (dwError == WAIT_TIMEOUT)
{
DPRINT1("WaitForSingleObject(%S, %d) timed out\n", pServiceName, dwControl);
bResult = CancelIo(hControlPipe);
if (!bResult)
DPRINT1("CancelIo(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, GetLastError());
dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
goto Done;
}
else if (dwError == WAIT_OBJECT_0)
{
bResult = GetOverlappedResult(hControlPipe,
&Overlapped,
&dwWriteCount,
TRUE);
if (!bResult)
{
dwError = GetLastError();
DPRINT1("GetOverlappedResult(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
goto Done;
}
}
}
else
{
DPRINT1("WriteFile(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
goto Done;
}
}
/* Read the reply */
Overlapped.hEvent = NULL;
bResult = ReadFile(hControlPipe,
&ReplyPacket,
sizeof(ReplyPacket),
&dwReadCount,
&Overlapped);
if (!bResult)
{
dwError = GetLastError();
if (dwError == ERROR_IO_PENDING)
{
DPRINT("ReadFile(%S, %d) returned ERROR_IO_PENDING\n", pServiceName, dwControl);
dwError = WaitForSingleObject(hControlPipe,
PipeTimeout);
DPRINT("WaitForSingleObject(%S, %d) returned %lu\n", pServiceName, dwControl, dwError);
if (dwError == WAIT_TIMEOUT)
{
DPRINT1("WaitForSingleObject(%S, %d) timed out\n", pServiceName, dwControl);
bResult = CancelIo(hControlPipe);
if (!bResult)
DPRINT1("CancelIo(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, GetLastError());
dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
goto Done;
}
else if (dwError == WAIT_OBJECT_0)
{
bResult = GetOverlappedResult(hControlPipe,
&Overlapped,
&dwReadCount,
TRUE);
if (!bResult)
{
dwError = GetLastError();
DPRINT1("GetOverlappedResult(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
goto Done;
}
}
}
else
{
DPRINT1("ReadFile(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
goto Done;
}
}
Done:
/* Release the service control critical section */
LeaveCriticalSection(&ControlServiceCriticalSection);
/* Free the control packet */
HeapFree(GetProcessHeap(), 0, ControlPacket);
if (dwReadCount == sizeof(ReplyPacket))
dwError = ReplyPacket.dwError;
DPRINT("ScmControlService(%S, %d) done (Error %lu)\n", pServiceName, dwControl, dwError);
return dwError;
}
DWORD
ScmControlService(
_In_ HANDLE hControlPipe,
_In_ PCWSTR pServiceName,
_In_ DWORD dwControl,
_In_ SERVICE_STATUS_HANDLE hServiceStatus)
{
return ScmControlServiceEx(hControlPipe,
pServiceName,
dwControl,
hServiceStatus,
0, 0, NULL);
}
static DWORD
ScmWaitForServiceConnect(PSERVICE Service)
{
DWORD dwRead = 0;
DWORD dwProcessId = 0;
DWORD dwError = ERROR_SUCCESS;
BOOL bResult;
OVERLAPPED Overlapped = {0};
#if 0
LPCWSTR lpLogStrings[3];
WCHAR szBuffer1[20];
WCHAR szBuffer2[20];
#endif
DPRINT("ScmWaitForServiceConnect()\n");
bResult = ConnectNamedPipe(Service->lpImage->hControlPipe,
&Overlapped);
if (bResult == FALSE)
{
DPRINT("ConnectNamedPipe() returned FALSE\n");
dwError = GetLastError();
if (dwError == ERROR_IO_PENDING)
{
DPRINT("dwError: ERROR_IO_PENDING\n");
dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
PipeTimeout);
DPRINT("WaitForSingleObject() returned %lu\n", dwError);
if (dwError == WAIT_TIMEOUT)
{
DPRINT("WaitForSingleObject() returned WAIT_TIMEOUT\n");
bResult = CancelIo(Service->lpImage->hControlPipe);
if (bResult == FALSE)
{
DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
}
#if 0
_ultow(PipeTimeout, szBuffer1, 10);
lpLogStrings[0] = Service->lpDisplayName;
lpLogStrings[1] = szBuffer1;
ScmLogEvent(EVENT_CONNECTION_TIMEOUT,
EVENTLOG_ERROR_TYPE,
2,
lpLogStrings);
#endif
DPRINT1("Log EVENT_CONNECTION_TIMEOUT by %S\n", Service->lpDisplayName);
return ERROR_SERVICE_REQUEST_TIMEOUT;
}
else if (dwError == WAIT_OBJECT_0)
{
bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
&Overlapped,
&dwRead,
TRUE);
if (bResult == FALSE)
{
dwError = GetLastError();
DPRINT1("GetOverlappedResult failed (Error %lu)\n", dwError);
return dwError;
}
}
}
else if (dwError != ERROR_PIPE_CONNECTED)
{
DPRINT1("ConnectNamedPipe failed (Error %lu)\n", dwError);
return dwError;
}
}
DPRINT("Control pipe connected\n");
Overlapped.hEvent = NULL;
/* Read the process id from pipe */
bResult = ReadFile(Service->lpImage->hControlPipe,
(LPVOID)&dwProcessId,
sizeof(DWORD),
&dwRead,
&Overlapped);
if (bResult == FALSE)
{
DPRINT("ReadFile() returned FALSE\n");
dwError = GetLastError();
if (dwError == ERROR_IO_PENDING)
{
DPRINT("dwError: ERROR_IO_PENDING\n");
dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
PipeTimeout);
if (dwError == WAIT_TIMEOUT)
{
DPRINT("WaitForSingleObject() returned WAIT_TIMEOUT\n");
bResult = CancelIo(Service->lpImage->hControlPipe);
if (bResult == FALSE)
{
DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
}
#if 0
_ultow(PipeTimeout, szBuffer1, 10);
lpLogStrings[0] = szBuffer1;
ScmLogEvent(EVENT_READFILE_TIMEOUT,
EVENTLOG_ERROR_TYPE,
1,
lpLogStrings);
#endif
DPRINT1("Log EVENT_READFILE_TIMEOUT by %S\n", Service->lpDisplayName);
return ERROR_SERVICE_REQUEST_TIMEOUT;
}
else if (dwError == WAIT_OBJECT_0)
{
DPRINT("WaitForSingleObject() returned WAIT_OBJECT_0\n");
DPRINT("Process Id: %lu\n", dwProcessId);
bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
&Overlapped,
&dwRead,
TRUE);
if (bResult == FALSE)
{
dwError = GetLastError();
DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
return dwError;
}
}
else
{
DPRINT1("WaitForSingleObject() returned %lu\n", dwError);
}
}
else
{
DPRINT1("ReadFile() failed (Error %lu)\n", dwError);
return dwError;
}
}
if ((ScmIsSecurityService(Service->lpImage) == FALSE)&&
(dwProcessId != Service->lpImage->dwProcessId))
{
#if 0
_ultow(Service->lpImage->dwProcessId, szBuffer1, 10);
_ultow(dwProcessId, szBuffer2, 10);
lpLogStrings[0] = Service->lpDisplayName;
lpLogStrings[1] = szBuffer1;
lpLogStrings[2] = szBuffer2;
ScmLogEvent(EVENT_SERVICE_DIFFERENT_PID_CONNECTED,
EVENTLOG_WARNING_TYPE,
3,
lpLogStrings);
#endif
DPRINT1("Log EVENT_SERVICE_DIFFERENT_PID_CONNECTED by %S\n", Service->lpDisplayName);
}
DPRINT("ScmWaitForServiceConnect() done\n");
return ERROR_SUCCESS;
}
static DWORD
ScmStartUserModeService(PSERVICE Service,
DWORD argc,
LPWSTR* argv)
{
PROCESS_INFORMATION ProcessInformation;
STARTUPINFOW StartupInfo;
LPVOID lpEnvironment;
BOOL Result;
DWORD dwError = ERROR_SUCCESS;
DPRINT("ScmStartUserModeService(%p)\n", Service);
/* If the image is already running, just send a start command */
if (Service->lpImage->dwImageRunCount > 1)
goto Quit;
/* Otherwise start its process */
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
StartupInfo.cb = sizeof(StartupInfo);
ZeroMemory(&ProcessInformation, sizeof(ProcessInformation));
if (Service->lpImage->hToken)
{
/* User token: Run the service under the user account */
if (!CreateEnvironmentBlock(&lpEnvironment, Service->lpImage->hToken, FALSE))
{
/* We failed, run the service with the current environment */
DPRINT1("CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
GetLastError(), Service->lpServiceName);
lpEnvironment = NULL;
}
/* Impersonate the new user */
Result = ImpersonateLoggedOnUser(Service->lpImage->hToken);
if (Result)
{
/* Launch the process in the user's logon session */
Result = CreateProcessAsUserW(Service->lpImage->hToken,
NULL,
Service->lpImage->pszImagePath,
NULL,
NULL,
FALSE,
CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS | CREATE_SUSPENDED,
lpEnvironment,
NULL,
&StartupInfo,
&ProcessInformation);
if (!Result)
dwError = GetLastError();
/* Revert the impersonation */
RevertToSelf();
}
else
{
dwError = GetLastError();
DPRINT1("ImpersonateLoggedOnUser() failed with error %d\n", dwError);
}
}
else
{
/* No user token: Run the service under the LocalSystem account */
if (!CreateEnvironmentBlock(&lpEnvironment, NULL, TRUE))
{
/* We failed, run the service with the current environment */
DPRINT1("CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
GetLastError(), Service->lpServiceName);
lpEnvironment = NULL;
}
/* Use the interactive desktop if the service is interactive */
if ((NoInteractiveServices == 0) &&
(Service->Status.dwServiceType & SERVICE_INTERACTIVE_PROCESS))
{
StartupInfo.dwFlags |= STARTF_INHERITDESKTOP;
StartupInfo.lpDesktop = L"WinSta0\\Default";
}
if (!ScmIsSecurityService(Service->lpImage))
{
Result = CreateProcessW(NULL,
Service->lpImage->pszImagePath,
NULL,
NULL,
FALSE,
CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS | CREATE_SUSPENDED,
lpEnvironment,
NULL,
&StartupInfo,
&ProcessInformation);
if (!Result)
dwError = GetLastError();
}
else
{
Result = TRUE;
dwError = ERROR_SUCCESS;
}
}
if (lpEnvironment)
DestroyEnvironmentBlock(lpEnvironment);
if (!Result)
{
DPRINT1("Starting '%S' failed with error %d\n",
Service->lpServiceName, dwError);
return dwError;
}
DPRINT("Process Id: %lu Handle %p\n",
ProcessInformation.dwProcessId,
ProcessInformation.hProcess);
DPRINT("Thread Id: %lu Handle %p\n",
ProcessInformation.dwThreadId,
ProcessInformation.hThread);
/* Get the process handle and ID */
Service->lpImage->hProcess = ProcessInformation.hProcess;
Service->lpImage->dwProcessId = ProcessInformation.dwProcessId;
/* Resume the main thread and close its handle */
ResumeThread(ProcessInformation.hThread);
CloseHandle(ProcessInformation.hThread);
/* Connect control pipe */
dwError = ScmWaitForServiceConnect(Service);
if (dwError != ERROR_SUCCESS)
{
DPRINT1("Connecting control pipe failed! (Error %lu)\n", dwError);
Service->lpImage->dwProcessId = 0;
return dwError;
}
Quit:
/* Send the start command and return */
return ScmControlServiceEx(Service->lpImage->hControlPipe,
Service->lpServiceName,
(Service->Status.dwServiceType & SERVICE_WIN32_OWN_PROCESS)
? SERVICE_CONTROL_START_OWN : SERVICE_CONTROL_START_SHARE,
(SERVICE_STATUS_HANDLE)Service,
Service->dwServiceTag,
argc, argv);
}
static DWORD
ScmLoadService(PSERVICE Service,
DWORD argc,
LPWSTR* argv)
{
PSERVICE_GROUP Group = Service->lpGroup;
DWORD dwError = ERROR_SUCCESS;
LPCWSTR lpLogStrings[2];
WCHAR szLogBuffer[80];
DPRINT("ScmLoadService() called\n");
DPRINT("Start Service %p (%S)\n", Service, Service->lpServiceName);
if (Service->Status.dwCurrentState != SERVICE_STOPPED)
{
DPRINT("Service %S is already running\n", Service->lpServiceName);
return ERROR_SERVICE_ALREADY_RUNNING;
}
DPRINT("Service->Type: %lu\n", Service->Status.dwServiceType);
if (Service->Status.dwServiceType & SERVICE_DRIVER)
{
/* Start the driver */
dwError = ScmStartDriver(Service);
}
else // if (Service->Status.dwServiceType & (SERVICE_WIN32 | SERVICE_INTERACTIVE_PROCESS))
{
/* Start user-mode service */
dwError = ScmCreateOrReferenceServiceImage(Service);
if (dwError == ERROR_SUCCESS)
{
dwError = ScmStartUserModeService(Service, argc, argv);
if (dwError == ERROR_SUCCESS)
{
Service->Status.dwCurrentState = SERVICE_START_PENDING;
Service->Status.dwControlsAccepted = 0;
ScmReferenceService(Service);
}
else
{
Service->lpImage->dwImageRunCount--;
if (Service->lpImage->dwImageRunCount == 0)
{
ScmRemoveServiceImage(Service->lpImage);
Service->lpImage = NULL;
}
}
}
}
DPRINT("ScmLoadService() done (Error %lu)\n", dwError);
if (dwError == ERROR_SUCCESS)
{
if (Group != NULL)
{
Group->ServicesRunning = TRUE;
}
/* Log a successful service start */
LoadStringW(GetModuleHandle(NULL), IDS_SERVICE_START, szLogBuffer, 80);
lpLogStrings[0] = Service->lpDisplayName;
lpLogStrings[1] = szLogBuffer;
ScmLogEvent(EVENT_SERVICE_CONTROL_SUCCESS,
EVENTLOG_INFORMATION_TYPE,
2,
lpLogStrings);
}
else
{
if (Service->dwErrorControl != SERVICE_ERROR_IGNORE)
{
/* Log a failed service start */
StringCchPrintfW(szLogBuffer, ARRAYSIZE(szLogBuffer),
L"%lu", dwError);
lpLogStrings[0] = Service->lpServiceName;
lpLogStrings[1] = szLogBuffer;
ScmLogEvent(EVENT_SERVICE_START_FAILED,
EVENTLOG_ERROR_TYPE,
2,
lpLogStrings);
}
#if 0
switch (Service->dwErrorControl)
{
case SERVICE_ERROR_SEVERE:
if (IsLastKnownGood == FALSE)
{
/* FIXME: Boot last known good configuration */
}
break;
case SERVICE_ERROR_CRITICAL:
if (IsLastKnownGood == FALSE)
{
/* FIXME: Boot last known good configuration */
}
else
{
/* FIXME: BSOD! */
}
break;
}
#endif
}
return dwError;
}
DWORD
ScmStartService(PSERVICE Service,
DWORD argc,
LPWSTR* argv)
{
DWORD dwError = ERROR_SUCCESS;
SC_RPC_LOCK Lock = NULL;
DPRINT("ScmStartService() called\n");
DPRINT("Start Service %p (%S)\n", Service, Service->lpServiceName);
/* Acquire the service control critical section, to synchronize starts */
EnterCriticalSection(&ControlServiceCriticalSection);
/*
* Acquire the user service start lock while the service is starting, if
* needed (i.e. if we are not starting it during the initialization phase).
* If we don't success, bail out.
*/
if (!ScmInitialize)
{
dwError = ScmAcquireServiceStartLock(TRUE, &Lock);
if (dwError != ERROR_SUCCESS) goto done;
}
/* Really start the service */
dwError = ScmLoadService(Service, argc, argv);
/* Release the service start lock, if needed, and the critical section */
if (Lock) ScmReleaseServiceStartLock(&Lock);
done:
LeaveCriticalSection(&ControlServiceCriticalSection);
DPRINT("ScmStartService() done (Error %lu)\n", dwError);
return dwError;
}
VOID
ScmAutoStartServices(VOID)
{
DWORD dwError;
PLIST_ENTRY GroupEntry;
PLIST_ENTRY ServiceEntry;
PSERVICE_GROUP CurrentGroup;
PSERVICE CurrentService;
WCHAR szSafeBootServicePath[MAX_PATH];
DWORD SafeBootEnabled;
HKEY hKey;
DWORD dwKeySize;
ULONG i;
/*
* This function MUST be called ONLY at initialization time.
* Therefore, no need to acquire the user service start lock.
*/
ASSERT(ScmInitialize);
/* Retrieve the SafeBoot parameter */
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Option",
0,
KEY_READ,
&hKey);
if (dwError == ERROR_SUCCESS)
{
dwKeySize = sizeof(SafeBootEnabled);
dwError = RegQueryValueExW(hKey,
L"OptionValue",
0,
NULL,
(LPBYTE)&SafeBootEnabled,
&dwKeySize);
RegCloseKey(hKey);
}
/* Default to Normal boot if the value doesn't exist */
if (dwError != ERROR_SUCCESS)
SafeBootEnabled = 0;
/* Acquire the service control critical section, to synchronize starts */
EnterCriticalSection(&ControlServiceCriticalSection);
/* Clear 'ServiceVisited' flag (or set if not to start in Safe Mode) */
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
/* Build the safe boot path */
StringCchCopyW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot");
switch (SafeBootEnabled)
{
/* NOTE: Assumes MINIMAL (1) and DSREPAIR (3) load same items */
case 1:
case 3:
StringCchCatW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
L"\\Minimal\\");
break;
case 2:
StringCchCatW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
L"\\Network\\");
break;
}
if (SafeBootEnabled != 0)
{
/* If key does not exist then do not assume safe mode */
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
szSafeBootServicePath,
0,
KEY_READ,
&hKey);
if (dwError == ERROR_SUCCESS)
{
RegCloseKey(hKey);
/* Finish Safe Boot path off */
StringCchCatW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
CurrentService->lpServiceName);
/* Check that the key is in the Safe Boot path */
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
szSafeBootServicePath,
0,
KEY_READ,
&hKey);
if (dwError != ERROR_SUCCESS)
{
/* Mark service as visited so it is not auto-started */
CurrentService->ServiceVisited = TRUE;
}
else
{
/* Must be auto-started in safe mode - mark as unvisited */
RegCloseKey(hKey);
CurrentService->ServiceVisited = FALSE;
}
}
else
{
DPRINT1("WARNING: Could not open the associated Safe Boot key\n");
CurrentService->ServiceVisited = FALSE;
}
}
ServiceEntry = ServiceEntry->Flink;
}
/* Start all services which are members of an existing group */
GroupEntry = GroupListHead.Flink;
while (GroupEntry != &GroupListHead)
{
CurrentGroup = CONTAINING_RECORD(GroupEntry, SERVICE_GROUP, GroupListEntry);
DPRINT("Group '%S'\n", CurrentGroup->lpGroupName);
/* Start all services witch have a valid tag */
for (i = 0; i < CurrentGroup->TagCount; i++)
{
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
if ((CurrentService->lpGroup == CurrentGroup) &&
(CurrentService->dwStartType == SERVICE_AUTO_START) &&
(CurrentService->ServiceVisited == FALSE) &&
(CurrentService->dwTag == CurrentGroup->TagArray[i]))
{
CurrentService->ServiceVisited = TRUE;
ScmLoadService(CurrentService, 0, NULL);
}
ServiceEntry = ServiceEntry->Flink;
}
}
/* Start all services which have an invalid tag or which do not have a tag */
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
if ((CurrentService->lpGroup == CurrentGroup) &&
(CurrentService->dwStartType == SERVICE_AUTO_START) &&
(CurrentService->ServiceVisited == FALSE))
{
CurrentService->ServiceVisited = TRUE;
ScmLoadService(CurrentService, 0, NULL);
}
ServiceEntry = ServiceEntry->Flink;
}
GroupEntry = GroupEntry->Flink;
}
/* Start all services which are members of any non-existing group */
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
if ((CurrentService->lpGroup != NULL) &&
(CurrentService->dwStartType == SERVICE_AUTO_START) &&
(CurrentService->ServiceVisited == FALSE))
{
CurrentService->ServiceVisited = TRUE;
ScmLoadService(CurrentService, 0, NULL);
}
ServiceEntry = ServiceEntry->Flink;
}
/* Start all services which are not a member of any group */
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
if ((CurrentService->lpGroup == NULL) &&
(CurrentService->dwStartType == SERVICE_AUTO_START) &&
(CurrentService->ServiceVisited == FALSE))
{
CurrentService->ServiceVisited = TRUE;
ScmLoadService(CurrentService, 0, NULL);
}
ServiceEntry = ServiceEntry->Flink;
}
/* Clear 'ServiceVisited' flag again */
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
CurrentService->ServiceVisited = FALSE;
ServiceEntry = ServiceEntry->Flink;
}
/* Release the critical section */
LeaveCriticalSection(&ControlServiceCriticalSection);
}
VOID
ScmAutoShutdownServices(VOID)
{
PLIST_ENTRY ServiceEntry;
PSERVICE CurrentService;
DPRINT("ScmAutoShutdownServices() called\n");
/* Lock the service database exclusively */
ScmLockDatabaseExclusive();
ServiceEntry = ServiceListHead.Flink;
while (ServiceEntry != &ServiceListHead)
{
CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
if ((CurrentService->Status.dwControlsAccepted & SERVICE_ACCEPT_SHUTDOWN) &&
(CurrentService->Status.dwCurrentState == SERVICE_RUNNING ||
CurrentService->Status.dwCurrentState == SERVICE_START_PENDING))
{
/* Send the shutdown notification */
DPRINT("Shutdown service: %S\n", CurrentService->lpServiceName);
ScmControlService(CurrentService->lpImage->hControlPipe,
CurrentService->lpServiceName,
SERVICE_CONTROL_SHUTDOWN,
(SERVICE_STATUS_HANDLE)CurrentService);
}
ServiceEntry = ServiceEntry->Flink;
}
/* Unlock the service database */
ScmUnlockDatabase();
DPRINT("ScmAutoShutdownServices() done\n");
}
BOOL
ScmLockDatabaseExclusive(VOID)
{
return RtlAcquireResourceExclusive(&DatabaseLock, TRUE);
}
BOOL
ScmLockDatabaseShared(VOID)
{
return RtlAcquireResourceShared(&DatabaseLock, TRUE);
}
VOID
ScmUnlockDatabase(VOID)
{
RtlReleaseResource(&DatabaseLock);
}
VOID
ScmInitNamedPipeCriticalSection(VOID)
{
HKEY hKey;
DWORD dwKeySize;
DWORD dwError;
InitializeCriticalSection(&ControlServiceCriticalSection);
dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"SYSTEM\\CurrentControlSet\\Control",
0,
KEY_READ,
&hKey);
if (dwError == ERROR_SUCCESS)
{
dwKeySize = sizeof(PipeTimeout);
RegQueryValueExW(hKey,
L"ServicesPipeTimeout",
0,
NULL,
(LPBYTE)&PipeTimeout,
&dwKeySize);
RegCloseKey(hKey);
}
}
VOID
ScmDeleteNamedPipeCriticalSection(VOID)
{
DeleteCriticalSection(&ControlServiceCriticalSection);
}
/* EOF */