database.c File Reference

#include "services.h"
#include <winbase_undoc.h>
#include <userenv.h>
#include <strsafe.h>
#include <debug.h>

Include dependency graph for database.c:

Go to the source code of this file.

Macros
#define	NDEBUG

Functions
static BOOL	ScmIsSecurityService (_In_ PSERVICE_IMAGE pServiceImage)
static DWORD	ScmCreateNewControlPipe (_In_ PSERVICE_IMAGE pServiceImage, _In_ BOOL bSecurityServiceProcess)
static PSERVICE_IMAGE	ScmGetServiceImageByImagePath (LPWSTR lpImagePath)
DWORD	ScmGetServiceNameFromTag (IN PTAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams, OUT PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS *OutParams)
static BOOL	ScmIsSameServiceAccount (_In_ PCWSTR pszAccountName1, _In_ PCWSTR pszAccountName2)
static BOOL	ScmIsLocalSystemAccount (_In_ PCWSTR pszAccountName)
static BOOL	ScmEnableBackupRestorePrivileges (_In_ HANDLE hToken, _In_ BOOL bEnable)
static DWORD	ScmLogonService (IN PSERVICE pService, IN PSERVICE_IMAGE pImage)
static DWORD	ScmCreateOrReferenceServiceImage (PSERVICE pService)
VOID	ScmRemoveServiceImage (PSERVICE_IMAGE pServiceImage)
PSERVICE	ScmGetServiceEntryByName (LPCWSTR lpServiceName)
PSERVICE	ScmGetServiceEntryByDisplayName (LPCWSTR lpDisplayName)
PSERVICE	ScmGetServiceEntryByResumeCount (DWORD dwResumeCount)
DWORD	ScmGenerateServiceTag (PSERVICE lpServiceRecord)
DWORD	ScmCreateNewServiceRecord (LPCWSTR lpServiceName, PSERVICE *lpServiceRecord, DWORD dwServiceType, DWORD dwStartType)
VOID	ScmDeleteServiceRecord (PSERVICE lpService)
DWORD	Int_EnumDependentServicesW (HKEY hServicesKey, PSERVICE lpService, DWORD dwServiceState, PSERVICE *lpServices, LPDWORD pcbBytesNeeded, LPDWORD lpServicesReturned)
DWORD	ScmDeleteService (PSERVICE lpService)
DWORD	ScmReferenceService (PSERVICE lpService)
DWORD	ScmDereferenceService (PSERVICE lpService)
static DWORD	CreateServiceListEntry (LPCWSTR lpServiceName, HKEY hServiceKey)
VOID	ScmDeleteMarkedServices (VOID)
static VOID	ScmGetNoInteractiveServicesValue (VOID)
DWORD	ScmCreateServiceDatabase (VOID)
VOID	ScmShutdownServiceDatabase (VOID)
static NTSTATUS	ScmCheckDriver (PSERVICE Service)
VOID	ScmGetBootAndSystemDriverState (VOID)
DWORD	ScmSendControlPacket (_In_ HANDLE hControlPipe, _In_ PCWSTR pServiceName, _In_ DWORD dwControl, _In_ DWORD dwControlPacketSize, _In_ PVOID pControlPacket)
DWORD	ScmControlServiceEx (_In_ HANDLE hControlPipe, _In_ PCWSTR pServiceName, _In_ DWORD dwControl, _In_ SERVICE_STATUS_HANDLE hServiceStatus, _In_opt_ DWORD dwServiceTag, _In_opt_ DWORD argc, _In_reads_opt_(argc) const PCWSTR *argv)
DWORD	ScmControlService (_In_ HANDLE hControlPipe, _In_ PCWSTR pServiceName, _In_ DWORD dwControl, _In_ SERVICE_STATUS_HANDLE hServiceStatus)
static DWORD	ScmWaitForServiceConnect (PSERVICE Service)
static DWORD	ScmStartUserModeService (PSERVICE Service, DWORD argc, const PCWSTR *argv)
static DWORD	ScmLoadService (PSERVICE Service, DWORD argc, const PCWSTR *argv)
DWORD	ScmStartService (PSERVICE Service, DWORD argc, const PCWSTR *argv)
VOID	ScmAutoStartServices (VOID)
VOID	ScmAutoShutdownServices (VOID)
BOOL	ScmLockDatabaseExclusive (VOID)
BOOL	ScmLockDatabaseShared (VOID)
VOID	ScmUnlockDatabase (VOID)
VOID	ScmInitNamedPipeCriticalSection (VOID)
VOID	ScmDeleteNamedPipeCriticalSection (VOID)

Variables
LIST_ENTRY	ImageListHead
LIST_ENTRY	ServiceListHead
static RTL_RESOURCE	DatabaseLock
static DWORD	ResumeCount = 1
static DWORD	NoInteractiveServices = 0
static DWORD	ServiceTag = 0
static CRITICAL_SECTION	ControlServiceCriticalSection
static DWORD	PipeTimeout = 30000

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 21 of file database.c.

Function Documentation

CreateServiceListEntry()

static DWORD CreateServiceListEntry ( LPCWSTR  lpServiceName, HKEY  hServiceKey  )

static

Definition at line 955 of file database.c.

{
    PSERVICE lpService = NULL;
    LPWSTR lpDisplayName = NULL;
    LPWSTR lpGroup = NULL;
    DWORD dwSize;
    DWORD dwError;
    DWORD dwServiceType;
    DWORD dwStartType;
    DWORD dwErrorControl;
    DWORD dwTagId;
 
    DPRINT("Service: '%S'\n", lpServiceName);
    if (*lpServiceName == L'{')
        return ERROR_SUCCESS;
 
    dwSize = sizeof(DWORD);
    dwError = RegQueryValueExW(hServiceKey,
                               L"Type",
                               NULL,
                               NULL,
                               (LPBYTE)&dwServiceType,
                               &dwSize);
    if (dwError != ERROR_SUCCESS)
        return ERROR_SUCCESS;
 
    if (((dwServiceType & ~SERVICE_INTERACTIVE_PROCESS) != SERVICE_WIN32_OWN_PROCESS) &&
        ((dwServiceType & ~SERVICE_INTERACTIVE_PROCESS) != SERVICE_WIN32_SHARE_PROCESS) &&
        (dwServiceType != SERVICE_KERNEL_DRIVER) &&
        (dwServiceType != SERVICE_FILE_SYSTEM_DRIVER))
        return ERROR_SUCCESS;
 
    DPRINT("Service type: %lx\n", dwServiceType);
 
    dwSize = sizeof(DWORD);
    dwError = RegQueryValueExW(hServiceKey,
                               L"Start",
                               NULL,
                               NULL,
                               (LPBYTE)&dwStartType,
                               &dwSize);
    if (dwError != ERROR_SUCCESS)
        return ERROR_SUCCESS;
 
    DPRINT("Start type: %lx\n", dwStartType);
 
    dwSize = sizeof(DWORD);
    dwError = RegQueryValueExW(hServiceKey,
                               L"ErrorControl",
                               NULL,
                               NULL,
                               (LPBYTE)&dwErrorControl,
                               &dwSize);
    if (dwError != ERROR_SUCCESS)
        return ERROR_SUCCESS;
 
    DPRINT("Error control: %lx\n", dwErrorControl);
 
    dwError = RegQueryValueExW(hServiceKey,
                               L"Tag",
                               NULL,
                               NULL,
                               (LPBYTE)&dwTagId,
                               &dwSize);
    if (dwError != ERROR_SUCCESS)
        dwTagId = 0;
 
    DPRINT("Tag: %lx\n", dwTagId);
 
    dwError = ScmReadString(hServiceKey,
                            L"Group",
                            &lpGroup);
    if (dwError != ERROR_SUCCESS)
        lpGroup = NULL;
 
    DPRINT("Group: %S\n", lpGroup);
 
    dwError = ScmReadString(hServiceKey,
                            L"DisplayName",
                            &lpDisplayName);
    if (dwError != ERROR_SUCCESS)
        lpDisplayName = NULL;
 
    DPRINT("Display name: %S\n", lpDisplayName);
 
    dwError = ScmCreateNewServiceRecord(lpServiceName,
                                        &lpService,
                                        dwServiceType,
                                        dwStartType);
    if (dwError != ERROR_SUCCESS)
        goto done;
 
    lpService->dwErrorControl = dwErrorControl;
    lpService->dwTag = dwTagId;
 
    if (lpGroup != NULL)
    {
        dwError = ScmSetServiceGroup(lpService, lpGroup);
        if (dwError != ERROR_SUCCESS)
            goto done;
    }
 
    if (lpDisplayName != NULL)
    {
        lpService->lpDisplayName = lpDisplayName;
        lpDisplayName = NULL;
    }
 
    DPRINT("ServiceName: '%S'\n", lpService->lpServiceName);
    if (lpService->lpGroup != NULL)
    {
        DPRINT("Group: '%S'\n", lpService->lpGroup->lpGroupName);
    }
    DPRINT("Start %lx  Type %lx  Tag %lx  ErrorControl %lx\n",
           lpService->dwStartType,
           lpService->Status.dwServiceType,
           lpService->dwTag,
           lpService->dwErrorControl);
 
    if (ScmIsDeleteFlagSet(hServiceKey))
        lpService->bDeleted = TRUE;
    else
        ScmGenerateServiceTag(lpService);
 
    if (lpService->Status.dwServiceType & SERVICE_WIN32)
    {
        dwError = ScmReadSecurityDescriptor(hServiceKey,
                                            &lpService->pSecurityDescriptor);
        if (dwError != ERROR_SUCCESS)
            goto done;
 
        /* Assing the default security descriptor if the security descriptor cannot be read */
        if (lpService->pSecurityDescriptor == NULL)
        {
            DPRINT("No security descriptor found! Assign default security descriptor\n");
            dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
            if (dwError != ERROR_SUCCESS)
                goto done;
 
            dwError = ScmWriteSecurityDescriptor(hServiceKey,
                                                 lpService->pSecurityDescriptor);
            if (dwError != ERROR_SUCCESS)
                goto done;
        }
    }
 
done:
    if (lpGroup != NULL)
        HeapFree(GetProcessHeap(), 0, lpGroup);
 
    if (lpDisplayName != NULL)
        HeapFree(GetProcessHeap(), 0, lpDisplayName);
 
    if (lpService != NULL)
    {
        ASSERT(lpService->lpImage == NULL);
    }
 
    return dwError;
}

Referenced by ScmCreateServiceDatabase().

Int_EnumDependentServicesW()

DWORD Int_EnumDependentServicesW	(	HKEY	hServicesKey,
		PSERVICE	lpService,
		DWORD	dwServiceState,
		PSERVICE *	lpServices,
		LPDWORD	pcbBytesNeeded,
		LPDWORD	lpServicesReturned
	)

Definition at line 782 of file rpcserver.c.

{
    DWORD dwError = ERROR_SUCCESS;
    WCHAR szNameBuf[MAX_PATH];
    WCHAR szValueBuf[MAX_PATH];
    WCHAR *lpszNameBuf = szNameBuf;
    WCHAR *lpszValueBuf = szValueBuf;
    DWORD dwSize;
    DWORD dwNumSubKeys;
    DWORD dwIteration;
    PSERVICE lpCurrentService;
    HKEY hServiceEnumKey;
    DWORD dwCurrentServiceState = SERVICE_ACTIVE;
    DWORD dwDependServiceStrPtr = 0;
    DWORD dwRequiredSize = 0;
 
    /* Get the number of service keys */
    dwError = RegQueryInfoKeyW(hServicesKey,
                               NULL,
                               NULL,
                               NULL,
                               &dwNumSubKeys,
                               NULL,
                               NULL,
                               NULL,
                               NULL,
                               NULL,
                               NULL,
                               NULL);
    if (dwError != ERROR_SUCCESS)
    {
        DPRINT("ERROR! Unable to get number of services keys\n");
        return dwError;
    }
 
    /* Iterate the service keys to see if another service depends on the this service */
    for (dwIteration = 0; dwIteration < dwNumSubKeys; dwIteration++)
    {
        dwSize = MAX_PATH;
        dwError = RegEnumKeyExW(hServicesKey,
                                dwIteration,
                                lpszNameBuf,
                                &dwSize,
                                NULL,
                                NULL,
                                NULL,
                                NULL);
        if (dwError != ERROR_SUCCESS)
            return dwError;
 
        /* Open the Service key */
        dwError = RegOpenKeyExW(hServicesKey,
                                lpszNameBuf,
                                0,
                                KEY_READ,
                                &hServiceEnumKey);
        if (dwError != ERROR_SUCCESS)
            return dwError;
 
        dwSize = MAX_PATH * sizeof(WCHAR);
 
        /* Check for the DependOnService Value */
        dwError = RegQueryValueExW(hServiceEnumKey,
                                   L"DependOnService",
                                   NULL,
                                   NULL,
                                   (LPBYTE)lpszValueBuf,
                                   &dwSize);
 
        /* FIXME: Handle load order. */
 
        /* If the service found has a DependOnService value */
        if (dwError == ERROR_SUCCESS)
        {
            dwDependServiceStrPtr = 0;
 
            /* Can be more than one Dependencies in the DependOnService string */
            while (wcslen(lpszValueBuf + dwDependServiceStrPtr) > 0)
            {
                if (_wcsicmp(lpszValueBuf + dwDependServiceStrPtr, lpService->lpServiceName) == 0)
                {
                    /* Get the current enumed service pointer */
                    lpCurrentService = ScmGetServiceEntryByName(lpszNameBuf);
 
                    /* Check for valid Service */
                    if (!lpCurrentService)
                    {
                        /* This should never happen! */
                        DPRINT("This should not happen at this point, report to Developer\n");
                        return ERROR_NOT_FOUND;
                    }
 
                    /* Determine state the service is in */
                    if (lpCurrentService->Status.dwCurrentState == SERVICE_STOPPED)
                        dwCurrentServiceState = SERVICE_INACTIVE;
 
                    /* If the ServiceState matches that requested or searching for SERVICE_STATE_ALL */
                    if ((dwCurrentServiceState == dwServiceState) ||
                        (dwServiceState == SERVICE_STATE_ALL))
                    {
                        /* Calculate the required size */
                        dwRequiredSize += sizeof(SERVICE_STATUS);
                        dwRequiredSize += (DWORD)((wcslen(lpCurrentService->lpServiceName) + 1) * sizeof(WCHAR));
                        dwRequiredSize += (DWORD)((wcslen(lpCurrentService->lpDisplayName) + 1) * sizeof(WCHAR));
 
                        /* Add the size for service name and display name pointers */
                        dwRequiredSize += (2 * sizeof(PVOID));
 
                        /* increase the BytesNeeded size */
                        *pcbBytesNeeded = *pcbBytesNeeded + dwRequiredSize;
 
                        /* Don't fill callers buffer yet, as MSDN read that the last service with dependency
                           comes first */
 
                        /* Recursive call to check for its dependencies */
                        Int_EnumDependentServicesW(hServicesKey,
                                                   lpCurrentService,
                                                   dwServiceState,
                                                   lpServices,
                                                   pcbBytesNeeded,
                                                   lpServicesReturned);
 
                        /* If the lpServices is valid set the service pointer */
                        if (lpServices)
                            lpServices[*lpServicesReturned] = lpCurrentService;
 
                        *lpServicesReturned = *lpServicesReturned + 1;
                    }
                }
 
                dwDependServiceStrPtr += (DWORD)(wcslen(lpszValueBuf + dwDependServiceStrPtr) + 1);
            }
        }
        else if (*pcbBytesNeeded)
        {
            dwError = ERROR_SUCCESS;
        }
 
        RegCloseKey(hServiceEnumKey);
    }
 
    return dwError;
}

Referenced by Int_EnumDependentServicesW(), RControlService(), REnumDependentServicesA(), REnumDependentServicesW(), and ScmDeleteService().

ScmAutoShutdownServices()

VOID ScmAutoShutdownServices

(

VOID

)

Definition at line 2332 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
 
    DPRINT("ScmAutoShutdownServices() called\n");
 
    /* Lock the service database exclusively */
    ScmLockDatabaseExclusive();
 
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
        if ((CurrentService->Status.dwControlsAccepted & SERVICE_ACCEPT_SHUTDOWN) &&
            (CurrentService->Status.dwCurrentState == SERVICE_RUNNING ||
             CurrentService->Status.dwCurrentState == SERVICE_START_PENDING))
        {
            /* Send the shutdown notification */
            DPRINT("Shutdown service: %S\n", CurrentService->lpServiceName);
            ScmControlService(CurrentService->lpImage->hControlPipe,
                              CurrentService->lpServiceName,
                              SERVICE_CONTROL_SHUTDOWN,
                              (SERVICE_STATUS_HANDLE)CurrentService);
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    /* Unlock the service database */
    ScmUnlockDatabase();
 
    DPRINT("ScmAutoShutdownServices() done\n");
}

Referenced by ShutdownHandlerRoutine().

ScmAutoStartServices()

VOID ScmAutoStartServices

(

VOID

)

Definition at line 2121 of file database.c.

{
    DWORD dwError;
    PLIST_ENTRY GroupEntry;
    PLIST_ENTRY ServiceEntry;
    PSERVICE_GROUP CurrentGroup;
    PSERVICE CurrentService;
    WCHAR szSafeBootServicePath[MAX_PATH];
    DWORD SafeBootEnabled;
    HKEY hKey;
    DWORD dwKeySize;
    ULONG i;
 
    /*
     * This function MUST be called ONLY at initialization time.
     * Therefore, no need to acquire the user service start lock.
     */
    ASSERT(ScmInitialize);
 
    /* Retrieve the SafeBoot parameter */
    dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                            L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Option",
                            0,
                            KEY_READ,
                            &hKey);
    if (dwError == ERROR_SUCCESS)
    {
        dwKeySize = sizeof(SafeBootEnabled);
        dwError = RegQueryValueExW(hKey,
                                   L"OptionValue",
                                   0,
                                   NULL,
                                   (LPBYTE)&SafeBootEnabled,
                                   &dwKeySize);
        RegCloseKey(hKey);
    }
 
    /* Default to Normal boot if the value doesn't exist */
    if (dwError != ERROR_SUCCESS)
        SafeBootEnabled = 0;
 
    /* Acquire the service control critical section, to synchronize starts */
    EnterCriticalSection(&ControlServiceCriticalSection);
 
    /* Clear 'ServiceVisited' flag (or set if not to start in Safe Mode) */
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
        /* Build the safe boot path */
        StringCchCopyW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
                       L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot");
 
        switch (SafeBootEnabled)
        {
            /* NOTE: Assumes MINIMAL (1) and DSREPAIR (3) load same items */
            case 1:
            case 3:
                StringCchCatW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
                              L"\\Minimal\\");
                break;
 
            case 2:
                StringCchCatW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
                              L"\\Network\\");
                break;
        }
 
        if (SafeBootEnabled != 0)
        {
            /* If key does not exist then do not assume safe mode */
            dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                                    szSafeBootServicePath,
                                    0,
                                    KEY_READ,
                                    &hKey);
            if (dwError == ERROR_SUCCESS)
            {
                RegCloseKey(hKey);
 
                /* Finish Safe Boot path off */
                StringCchCatW(szSafeBootServicePath, ARRAYSIZE(szSafeBootServicePath),
                              CurrentService->lpServiceName);
 
                /* Check that the key is in the Safe Boot path */
                dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                                        szSafeBootServicePath,
                                        0,
                                        KEY_READ,
                                        &hKey);
                if (dwError != ERROR_SUCCESS)
                {
                    /* Mark service as visited so it is not auto-started */
                    CurrentService->ServiceVisited = TRUE;
                }
                else
                {
                    /* Must be auto-started in safe mode - mark as unvisited */
                    RegCloseKey(hKey);
                    CurrentService->ServiceVisited = FALSE;
                }
            }
            else
            {
                DPRINT1("WARNING: Could not open the associated Safe Boot key\n");
                CurrentService->ServiceVisited = FALSE;
            }
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    /* Start all services which are members of an existing group */
    GroupEntry = GroupListHead.Flink;
    while (GroupEntry != &GroupListHead)
    {
        CurrentGroup = CONTAINING_RECORD(GroupEntry, SERVICE_GROUP, GroupListEntry);
 
        DPRINT("Group '%S'\n", CurrentGroup->lpGroupName);
 
        /* Start all services witch have a valid tag */
        for (i = 0; i < CurrentGroup->TagCount; i++)
        {
            ServiceEntry = ServiceListHead.Flink;
            while (ServiceEntry != &ServiceListHead)
            {
                CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
                if ((CurrentService->lpGroup == CurrentGroup) &&
                    (CurrentService->dwStartType == SERVICE_AUTO_START) &&
                    (CurrentService->ServiceVisited == FALSE) &&
                    (CurrentService->dwTag == CurrentGroup->TagArray[i]))
                {
                    CurrentService->ServiceVisited = TRUE;
                    ScmLoadService(CurrentService, 0, NULL);
                }
 
                ServiceEntry = ServiceEntry->Flink;
             }
        }
 
        /* Start all services which have an invalid tag or which do not have a tag */
        ServiceEntry = ServiceListHead.Flink;
        while (ServiceEntry != &ServiceListHead)
        {
            CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
            if ((CurrentService->lpGroup == CurrentGroup) &&
                (CurrentService->dwStartType == SERVICE_AUTO_START) &&
                (CurrentService->ServiceVisited == FALSE))
            {
                CurrentService->ServiceVisited = TRUE;
                ScmLoadService(CurrentService, 0, NULL);
            }
 
            ServiceEntry = ServiceEntry->Flink;
        }
 
        GroupEntry = GroupEntry->Flink;
    }
 
    /* Start all services which are members of any non-existing group */
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
        if ((CurrentService->lpGroup != NULL) &&
            (CurrentService->dwStartType == SERVICE_AUTO_START) &&
            (CurrentService->ServiceVisited == FALSE))
        {
            CurrentService->ServiceVisited = TRUE;
            ScmLoadService(CurrentService, 0, NULL);
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    /* Start all services which are not a member of any group */
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
        if ((CurrentService->lpGroup == NULL) &&
            (CurrentService->dwStartType == SERVICE_AUTO_START) &&
            (CurrentService->ServiceVisited == FALSE))
        {
            CurrentService->ServiceVisited = TRUE;
            ScmLoadService(CurrentService, 0, NULL);
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    /* Clear 'ServiceVisited' flag again */
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
        CurrentService->ServiceVisited = FALSE;
        ServiceEntry = ServiceEntry->Flink;
    }
 
    /* Release the critical section */
    LeaveCriticalSection(&ControlServiceCriticalSection);
}

Referenced by wWinMain().

ScmCheckDriver()

static NTSTATUS ScmCheckDriver ( PSERVICE  Service )

static

Definition at line 1285 of file database.c.

{
    OBJECT_ATTRIBUTES ObjectAttributes;
    UNICODE_STRING DirName;
    HANDLE DirHandle;
    NTSTATUS Status;
    POBJECT_DIRECTORY_INFORMATION DirInfo;
    ULONG BufferLength;
    ULONG DataLength;
    ULONG Index;
 
    DPRINT("ScmCheckDriver(%S) called\n", Service->lpServiceName);
 
    if (Service->Status.dwServiceType == SERVICE_KERNEL_DRIVER)
    {
        RtlInitUnicodeString(&DirName, L"\\Driver");
    }
    else // if (Service->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER)
    {
        ASSERT(Service->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER);
        RtlInitUnicodeString(&DirName, L"\\FileSystem");
    }
 
    InitializeObjectAttributes(&ObjectAttributes,
                               &DirName,
                               0,
                               NULL,
                               NULL);
 
    Status = NtOpenDirectoryObject(&DirHandle,
                                   DIRECTORY_QUERY | DIRECTORY_TRAVERSE,
                                   &ObjectAttributes);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    BufferLength = sizeof(OBJECT_DIRECTORY_INFORMATION) +
                       2 * MAX_PATH * sizeof(WCHAR);
    DirInfo = HeapAlloc(GetProcessHeap(),
                        HEAP_ZERO_MEMORY,
                        BufferLength);
 
    Index = 0;
    while (TRUE)
    {
        Status = NtQueryDirectoryObject(DirHandle,
                                        DirInfo,
                                        BufferLength,
                                        TRUE,
                                        FALSE,
                                        &Index,
                                        &DataLength);
        if (Status == STATUS_NO_MORE_ENTRIES)
        {
            /* FIXME: Add current service to 'failed service' list */
            DPRINT("Service '%S' failed\n", Service->lpServiceName);
            break;
        }
 
        if (!NT_SUCCESS(Status))
            break;
 
        DPRINT("Comparing: '%S'  '%wZ'\n", Service->lpServiceName, &DirInfo->Name);
 
        if (_wcsicmp(Service->lpServiceName, DirInfo->Name.Buffer) == 0)
        {
            DPRINT("Found: '%S'  '%wZ'\n",
                   Service->lpServiceName, &DirInfo->Name);
 
            /* Mark service as 'running' */
            Service->Status.dwCurrentState = SERVICE_RUNNING;
            Service->Status.dwControlsAccepted = SERVICE_ACCEPT_STOP;
            Service->Status.dwWin32ExitCode = ERROR_SUCCESS;
            Service->Status.dwServiceSpecificExitCode = 0;
            Service->Status.dwCheckPoint = 0;
            Service->Status.dwWaitHint = 0;
 
            /* Mark the service group as 'running' */
            if (Service->lpGroup != NULL)
            {
                Service->lpGroup->ServicesRunning = TRUE;
            }
 
            break;
        }
    }
 
    HeapFree(GetProcessHeap(),
             0,
             DirInfo);
    NtClose(DirHandle);
 
    return STATUS_SUCCESS;
}

Referenced by ScmGetBootAndSystemDriverState().

ScmControlService()

DWORD ScmControlService	(	_In_ HANDLE	hControlPipe,
		_In_ PCWSTR	pServiceName,
		_In_ DWORD	dwControl,
		_In_ SERVICE_STATUS_HANDLE	hServiceStatus
	)

Definition at line 1592 of file database.c.

{
    DWORD dwError = ERROR_SUCCESS;
    PSCM_CONTROL_PACKET ControlPacket;
    DWORD PacketSize;
    PWSTR Ptr;
 
    DPRINT("ScmControlService(%S, %d) called\n", pServiceName, dwControl);
 
    /* Calculate the total size of the control packet:
     * initial structure, the start command line, and the argument vector */
    PacketSize = sizeof(SCM_CONTROL_PACKET);
    PacketSize += (DWORD)((wcslen(pServiceName) + 1) * sizeof(WCHAR));
 
    /* Allocate the control packet */
    ControlPacket = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PacketSize);
    if (!ControlPacket)
        return ERROR_NOT_ENOUGH_MEMORY;
 
    ControlPacket->dwSize = PacketSize;
    ControlPacket->dwControl = dwControl;
    ControlPacket->hServiceStatus = hServiceStatus;
 
    /* Copy the service name */
    ControlPacket->dwServiceNameOffset = sizeof(SCM_CONTROL_PACKET);
    Ptr = (PWSTR)((ULONG_PTR)ControlPacket + ControlPacket->dwServiceNameOffset);
    wcscpy(Ptr, pServiceName);
 
    /* Send the control packet */
    dwError = ScmSendControlPacket(hControlPipe,
                                   pServiceName,
                                   dwControl,
                                   PacketSize,
                                   ControlPacket);
 
    /* Free the control packet */
    HeapFree(GetProcessHeap(), 0, ControlPacket);
 
    DPRINT("ScmControlService(%S, %d) done (Error %lu)\n", pServiceName, dwControl, dwError);
    return dwError;
}

Referenced by RControlService(), ScmAutoShutdownServices(), and ScmStopThread().

ScmControlServiceEx()

DWORD ScmControlServiceEx	(	_In_ HANDLE	hControlPipe,
		_In_ PCWSTR	pServiceName,
		_In_ DWORD	dwControl,
		_In_ SERVICE_STATUS_HANDLE	hServiceStatus,
		_In_opt_ DWORD	dwServiceTag,
		_In_opt_ DWORD	argc,
		_In_reads_opt_(argc) const PCWSTR *	argv
	)

Definition at line 1492 of file database.c.

{
    DWORD dwError = ERROR_SUCCESS;
    PSCM_CONTROL_PACKET ControlPacket;
    DWORD PacketSize;
    DWORD i;
    PWSTR Ptr;
 
    DPRINT("ScmControlServiceEx(%S, %d) called\n", pServiceName, dwControl);
 
    /* Calculate the total size of the control packet:
     * initial structure, the start command line, and the argument vector */
    PacketSize = sizeof(SCM_CONTROL_PACKET);
    PacketSize += (DWORD)((wcslen(pServiceName) + 1) * sizeof(WCHAR));
 
    /*
     * Calculate the required packet size for the start argument vector 'argv',
     * composed of the pointer offsets list, followed by UNICODE strings.
     * The strings are stored successively after the offsets vector, with
     * the offsets being relative to the beginning of the vector, as in the
     * following layout (with N == argc):
     *     [argOff(0)]...[argOff(N-1)][str(0)]...[str(N-1)] .
     */
    if (argc > 0 && argv != NULL)
    {
        PacketSize = ALIGN_UP(PacketSize, PWSTR);
        PacketSize += (argc * sizeof(PWSTR));
 
        DPRINT("Argc: %lu\n", argc);
        for (i = 0; i < argc; i++)
        {
            DPRINT("Argv[%lu]: %S\n", i, argv[i]);
            PacketSize += (DWORD)((wcslen(argv[i]) + 1) * sizeof(WCHAR));
        }
    }
 
    /* Allocate the control packet */
    ControlPacket = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PacketSize);
    if (!ControlPacket)
        return ERROR_NOT_ENOUGH_MEMORY;
 
    ControlPacket->dwSize = PacketSize;
    ControlPacket->dwControl = dwControl;
    ControlPacket->hServiceStatus = hServiceStatus;
    ControlPacket->dwServiceTag = dwServiceTag;
 
    /* Copy the start command line */
    ControlPacket->dwServiceNameOffset = sizeof(SCM_CONTROL_PACKET);
    Ptr = (PWSTR)((ULONG_PTR)ControlPacket + ControlPacket->dwServiceNameOffset);
    wcscpy(Ptr, pServiceName);
 
    ControlPacket->dwArgumentsCount  = 0;
    ControlPacket->dwArgumentsOffset = 0;
 
    /* Copy the argument vector */
    if (argc > 0 && argv != NULL)
    {
        PWSTR *pOffPtr, pArgPtr;
 
        Ptr += wcslen(pServiceName) + 1;
        pOffPtr = (PWSTR*)ALIGN_UP_POINTER(Ptr, PWSTR);
        pArgPtr = (PWSTR)((ULONG_PTR)pOffPtr + argc * sizeof(PWSTR));
 
        ControlPacket->dwArgumentsCount  = argc;
        ControlPacket->dwArgumentsOffset = (DWORD)((ULONG_PTR)pOffPtr - (ULONG_PTR)ControlPacket);
 
        DPRINT("dwArgumentsCount: %lu\n", ControlPacket->dwArgumentsCount);
        DPRINT("dwArgumentsOffset: %lu\n", ControlPacket->dwArgumentsOffset);
 
        for (i = 0; i < argc; i++)
        {
            wcscpy(pArgPtr, argv[i]);
            pOffPtr[i] = (PWSTR)((ULONG_PTR)pArgPtr - (ULONG_PTR)pOffPtr);
            DPRINT("offset[%lu]: %p\n", i, pOffPtr[i]);
            pArgPtr += wcslen(argv[i]) + 1;
        }
    }
 
    dwError = ScmSendControlPacket(hControlPipe,
                                   pServiceName,
                                   dwControl,
                                   PacketSize,
                                   ControlPacket);
 
    /* Free the control packet */
    HeapFree(GetProcessHeap(), 0, ControlPacket);
 
    DPRINT("ScmControlServiceEx(%S, %d) done (Error %lu)\n", pServiceName, dwControl, dwError);
    return dwError;
}

Referenced by ScmStartUserModeService().

ScmCreateNewControlPipe()

static DWORD ScmCreateNewControlPipe ( _In_ PSERVICE_IMAGE  pServiceImage, _In_ BOOL  bSecurityServiceProcess  )

static

Definition at line 52 of file database.c.

{
    WCHAR szControlPipeName[MAX_PATH + 1];
    SECURITY_ATTRIBUTES SecurityAttributes;
    HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE;
    DWORD dwServiceCurrent = 1;
    DWORD dwKeyDisposition;
    DWORD dwKeySize;
    DWORD dwError;
 
    /* Get the service number */
    if (bSecurityServiceProcess == FALSE)
    {
        /* TODO: Create registry entry with correct write access */
        dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE,
                                  L"SYSTEM\\CurrentControlSet\\Control\\ServiceCurrent",
                                  0,
                                  NULL,
                                  REG_OPTION_VOLATILE,
                                  KEY_WRITE | KEY_READ,
                                  NULL,
                                  &hServiceCurrentKey,
                                  &dwKeyDisposition);
        if (dwError != ERROR_SUCCESS)
        {
            DPRINT1("RegCreateKeyEx() failed with error %lu\n", dwError);
            return dwError;
        }
 
        if (dwKeyDisposition == REG_OPENED_EXISTING_KEY)
        {
            dwKeySize = sizeof(DWORD);
            dwError = RegQueryValueExW(hServiceCurrentKey,
                                       L"",
                                       0,
                                       NULL,
                                       (BYTE*)&dwServiceCurrent,
                                       &dwKeySize);
            if (dwError != ERROR_SUCCESS)
            {
                RegCloseKey(hServiceCurrentKey);
                DPRINT1("RegQueryValueEx() failed with error %lu\n", dwError);
                return dwError;
            }
 
            dwServiceCurrent++;
        }
 
        dwError = RegSetValueExW(hServiceCurrentKey,
                                 L"",
                                 0,
                                 REG_DWORD,
                                 (BYTE*)&dwServiceCurrent,
                                 sizeof(dwServiceCurrent));
 
        RegCloseKey(hServiceCurrentKey);
 
        if (dwError != ERROR_SUCCESS)
        {
            DPRINT1("RegSetValueExW() failed (Error %lu)\n", dwError);
            return dwError;
        }
    }
    else
    {
        dwServiceCurrent = 0;
    }
 
    /* Create '\\.\pipe\net\NtControlPipeXXX' instance */
    StringCchPrintfW(szControlPipeName, ARRAYSIZE(szControlPipeName),
                     L"\\\\.\\pipe\\net\\NtControlPipe%lu", dwServiceCurrent);
 
    DPRINT("PipeName: %S\n", szControlPipeName);
 
    SecurityAttributes.nLength = sizeof(SecurityAttributes);
    SecurityAttributes.lpSecurityDescriptor = pPipeSD;
    SecurityAttributes.bInheritHandle = FALSE;
 
    pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
                                                   PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
                                                   PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
                                                   100,
                                                   8000,
                                                   4,
                                                   PipeTimeout,
                                                   &SecurityAttributes);
    DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
    if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
    {
        DPRINT1("Failed to create control pipe\n");
        return GetLastError();
    }
 
    return ERROR_SUCCESS;
}

Referenced by ScmCreateOrReferenceServiceImage().

ScmCreateNewServiceRecord()

DWORD ScmCreateNewServiceRecord	(	LPCWSTR	lpServiceName,
		PSERVICE *	lpServiceRecord,
		DWORD	dwServiceType,
		DWORD	dwStartType
	)

Definition at line 766 of file database.c.

{
    PSERVICE lpService = NULL;
 
    DPRINT("Service: '%S'\n", lpServiceName);
 
    /* Allocate service entry */
    lpService = HeapAlloc(GetProcessHeap(),
                          HEAP_ZERO_MEMORY,
                          FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) + 1]));
    if (lpService == NULL)
        return ERROR_NOT_ENOUGH_MEMORY;
 
    *lpServiceRecord = lpService;
 
    /* Copy service name */
    wcscpy(lpService->szServiceName, lpServiceName);
    lpService->lpServiceName = lpService->szServiceName;
    lpService->lpDisplayName = lpService->lpServiceName;
 
    /* Set the start type */
    lpService->dwStartType = dwStartType;
 
    /* Set the resume count */
    lpService->dwResumeCount = ResumeCount++;
 
    /* Append service record */
    InsertTailList(&ServiceListHead,
                   &lpService->ServiceListEntry);
 
    /* Initialize the service status */
    lpService->Status.dwServiceType = dwServiceType;
    lpService->Status.dwCurrentState = SERVICE_STOPPED;
    lpService->Status.dwControlsAccepted = 0;
    lpService->Status.dwWin32ExitCode =
        (dwStartType == SERVICE_DISABLED) ? ERROR_SERVICE_DISABLED : ERROR_SERVICE_NEVER_STARTED;
    lpService->Status.dwServiceSpecificExitCode = 0;
    lpService->Status.dwCheckPoint = 0;
    lpService->Status.dwWaitHint =
        (dwServiceType & SERVICE_DRIVER) ? 0 : 2000; /* 2 seconds */
 
    return ERROR_SUCCESS;
}

Referenced by CreateServiceListEntry(), and RCreateServiceW().

ScmCreateOrReferenceServiceImage()

static DWORD ScmCreateOrReferenceServiceImage ( PSERVICE  pService )

static

Definition at line 457 of file database.c.

{
    RTL_QUERY_REGISTRY_TABLE QueryTable[3];
    UNICODE_STRING ImagePath;
    UNICODE_STRING ObjectName;
    PSERVICE_IMAGE pServiceImage = NULL;
    NTSTATUS Status;
    DWORD dwError = ERROR_SUCCESS;
    DWORD dwRecordSize;
    LPWSTR pString;
    BOOL bSecurityService;
 
    DPRINT("ScmCreateOrReferenceServiceImage(%p)\n", pService);
 
    RtlInitUnicodeString(&ImagePath, NULL);
    RtlInitUnicodeString(&ObjectName, NULL);
 
    /* Get service data */
    RtlZeroMemory(&QueryTable,
                  sizeof(QueryTable));
 
    QueryTable[0].Name = L"ImagePath";
    QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_REQUIRED;
    QueryTable[0].EntryContext = &ImagePath;
    QueryTable[1].Name = L"ObjectName";
    QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
    QueryTable[1].EntryContext = &ObjectName;
 
    Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,
                                    pService->lpServiceName,
                                    QueryTable,
                                    NULL,
                                    NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("RtlQueryRegistryValues() failed (Status %lx)\n", Status);
        return RtlNtStatusToDosError(Status);
    }
 
    DPRINT("ImagePath: '%wZ'\n", &ImagePath);
    DPRINT("ObjectName: '%wZ'\n", &ObjectName);
 
    pServiceImage = ScmGetServiceImageByImagePath(ImagePath.Buffer);
    if (pServiceImage == NULL)
    {
        dwRecordSize = sizeof(SERVICE_IMAGE) +
                       ImagePath.Length + sizeof(WCHAR) +
                       ((ObjectName.Length != 0) ? (ObjectName.Length + sizeof(WCHAR)) : 0);
 
        /* Create a new service image */
        pServiceImage = HeapAlloc(GetProcessHeap(),
                                  HEAP_ZERO_MEMORY,
                                  dwRecordSize);
        if (pServiceImage == NULL)
        {
            dwError = ERROR_NOT_ENOUGH_MEMORY;
            goto done;
        }
 
        pServiceImage->dwImageRunCount = 1;
        pServiceImage->hControlPipe = INVALID_HANDLE_VALUE;
        pServiceImage->hProcess = INVALID_HANDLE_VALUE;
 
        pString = (PWSTR)((INT_PTR)pServiceImage + sizeof(SERVICE_IMAGE));
 
        /* Set the image path */
        pServiceImage->pszImagePath = pString;
        wcscpy(pServiceImage->pszImagePath,
               ImagePath.Buffer);
 
        /* Set the account name */
        if (ObjectName.Length > 0)
        {
            pString = pString + wcslen(pString) + 1;
 
            pServiceImage->pszAccountName = pString;
            wcscpy(pServiceImage->pszAccountName,
                   ObjectName.Buffer);
        }
 
        /* Service logon */
        dwError = ScmLogonService(pService, pServiceImage);
        if (dwError != ERROR_SUCCESS)
        {
            DPRINT1("ScmLogonService() failed (Error %lu)\n", dwError);
 
            /* Release the service image */
            HeapFree(GetProcessHeap(), 0, pServiceImage);
 
            goto done;
        }
 
        bSecurityService = ScmIsSecurityService(pServiceImage);
 
        /* Create the control pipe */
        dwError = ScmCreateNewControlPipe(pServiceImage,
                                          bSecurityService);
        if (dwError != ERROR_SUCCESS)
        {
            DPRINT1("ScmCreateNewControlPipe() failed (Error %lu)\n", dwError);
 
            /* Unload the user profile */
            if (pServiceImage->hProfile != NULL)
            {
                ScmEnableBackupRestorePrivileges(pServiceImage->hToken, TRUE);
                UnloadUserProfile(pServiceImage->hToken, pServiceImage->hProfile);
                ScmEnableBackupRestorePrivileges(pServiceImage->hToken, FALSE);
            }
 
            /* Close the logon token */
            if (pServiceImage->hToken != NULL)
                CloseHandle(pServiceImage->hToken);
 
            /* Release the service image */
            HeapFree(GetProcessHeap(), 0, pServiceImage);
 
            goto done;
        }
 
        if (bSecurityService)
        {
            SetSecurityServicesEvent();
        }
 
        /* FIXME: Add more initialization code here */
 
 
        /* Append service record */
        InsertTailList(&ImageListHead,
                       &pServiceImage->ImageListEntry);
    }
    else
    {
//        if ((lpService->Status.dwServiceType & SERVICE_WIN32_SHARE_PROCESS) == 0)
 
        /* Fail if services in an image use different accounts */
        if (!ScmIsSameServiceAccount(pServiceImage->pszAccountName, ObjectName.Buffer))
        {
            dwError = ERROR_DIFFERENT_SERVICE_ACCOUNT;
            goto done;
        }
 
        /* Increment the run counter */
        pServiceImage->dwImageRunCount++;
    }
 
    DPRINT("pServiceImage->pszImagePath: %S\n", pServiceImage->pszImagePath);
    DPRINT("pServiceImage->pszAccountName: %S\n", pServiceImage->pszAccountName);
    DPRINT("pServiceImage->dwImageRunCount: %lu\n", pServiceImage->dwImageRunCount);
 
    /* Link the service image to the service */
    pService->lpImage = pServiceImage;
 
done:
    RtlFreeUnicodeString(&ObjectName);
    RtlFreeUnicodeString(&ImagePath);
 
    DPRINT("ScmCreateOrReferenceServiceImage() done (Error: %lu)\n", dwError);
 
    return dwError;
}

Referenced by ScmLoadService().

ScmCreateServiceDatabase()

DWORD ScmCreateServiceDatabase

(

VOID

)

Definition at line 1186 of file database.c.

{
    WCHAR szSubKey[MAX_PATH];
    HKEY hServicesKey;
    HKEY hServiceKey;
    DWORD dwSubKey;
    DWORD dwSubKeyLength;
    FILETIME ftLastChanged;
    DWORD dwError;
 
    DPRINT("ScmCreateServiceDatabase() called\n");
 
    /* Retrieve the NoInteractiveServies value */
    ScmGetNoInteractiveServicesValue();
 
    /* Create the service group list */
    dwError = ScmCreateGroupList();
    if (dwError != ERROR_SUCCESS)
        return dwError;
 
    /* Initialize image and service lists */
    InitializeListHead(&ImageListHead);
    InitializeListHead(&ServiceListHead);
 
    /* Initialize the database lock */
    RtlInitializeResource(&DatabaseLock);
 
    dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                            L"System\\CurrentControlSet\\Services",
                            0,
                            KEY_READ,
                            &hServicesKey);
    if (dwError != ERROR_SUCCESS)
        return dwError;
 
    dwSubKey = 0;
    for (;;)
    {
        dwSubKeyLength = MAX_PATH;
        dwError = RegEnumKeyExW(hServicesKey,
                                dwSubKey,
                                szSubKey,
                                &dwSubKeyLength,
                                NULL,
                                NULL,
                                NULL,
                                &ftLastChanged);
        if (dwError == ERROR_SUCCESS &&
            szSubKey[0] != L'{')
        {
            DPRINT("SubKeyName: '%S'\n", szSubKey);
 
            dwError = RegOpenKeyExW(hServicesKey,
                                    szSubKey,
                                    0,
                                    KEY_READ,
                                    &hServiceKey);
            if (dwError == ERROR_SUCCESS)
            {
                dwError = CreateServiceListEntry(szSubKey,
                                                 hServiceKey);
 
                RegCloseKey(hServiceKey);
            }
        }
 
        if (dwError != ERROR_SUCCESS)
            break;
 
        dwSubKey++;
    }
 
    RegCloseKey(hServicesKey);
 
    /* Wait for the LSA server */
    ScmWaitForLsa();
 
    /* Delete services that are marked for delete */
    ScmDeleteMarkedServices();
 
    DPRINT("ScmCreateServiceDatabase() done\n");
 
    return ERROR_SUCCESS;
}

Referenced by wWinMain().

ScmDeleteMarkedServices()

VOID ScmDeleteMarkedServices

(

VOID

)

Definition at line 1119 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
    HKEY hServicesKey;
    DWORD dwError;
 
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
        ServiceEntry = ServiceEntry->Flink;
 
        if (CurrentService->bDeleted != FALSE)
        {
            dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                                    L"System\\CurrentControlSet\\Services",
                                    0,
                                    DELETE,
                                    &hServicesKey);
            if (dwError == ERROR_SUCCESS)
            {
                dwError = ScmDeleteRegKey(hServicesKey, CurrentService->lpServiceName);
                RegCloseKey(hServicesKey);
                if (dwError == ERROR_SUCCESS)
                {
                    RemoveEntryList(&CurrentService->ServiceListEntry);
                    HeapFree(GetProcessHeap(), 0, CurrentService);
                }
            }
 
            if (dwError != ERROR_SUCCESS)
                DPRINT1("Delete service failed: %S\n", CurrentService->lpServiceName);
        }
    }
}

Referenced by ScmCreateServiceDatabase(), and ScmShutdownServiceDatabase().

ScmDeleteNamedPipeCriticalSection()

VOID ScmDeleteNamedPipeCriticalSection

(

VOID

)

Definition at line 2419 of file database.c.

{
    DeleteCriticalSection(&ControlServiceCriticalSection);
}

Referenced by wWinMain().

ScmDeleteService()

DWORD ScmDeleteService

(

PSERVICE

lpService

)

Definition at line 862 of file database.c.

{
    DWORD dwError;
    DWORD pcbBytesNeeded = 0;
    DWORD dwServicesReturned = 0;
    HKEY hServicesKey;
 
    ASSERT(lpService->RefCount == 0);
 
    /* Open the Services Reg key */
    dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                            L"System\\CurrentControlSet\\Services",
                            0,
                            KEY_SET_VALUE | KEY_READ,
                            &hServicesKey);
    if (dwError != ERROR_SUCCESS)
    {
        DPRINT1("Failed to open services key\n");
        return dwError;
    }
 
    /* Call the function with NULL, just to get bytes we need */
    Int_EnumDependentServicesW(hServicesKey,
                               lpService,
                               SERVICE_ACTIVE,
                               NULL,
                               &pcbBytesNeeded,
                               &dwServicesReturned);
 
    /* If pcbBytesNeeded returned a value then there are services running that are dependent on this service */
    if (pcbBytesNeeded)
    {
        DPRINT1("Deletion failed due to running dependencies\n");
        RegCloseKey(hServicesKey);
        return ERROR_DEPENDENT_SERVICES_RUNNING;
    }
 
    /* There are no references and no running dependencies,
       it is now safe to delete the service */
 
    /* Delete the Service Key */
    dwError = ScmDeleteRegKey(hServicesKey, lpService->lpServiceName);
 
    RegCloseKey(hServicesKey);
 
    if (dwError != ERROR_SUCCESS)
    {
        DPRINT1("Failed to delete the Service Registry key\n");
        return dwError;
    }
 
    /* Delete the Service */
    ScmDeleteServiceRecord(lpService);
 
    return ERROR_SUCCESS;
}

Referenced by ScmDereferenceService().

ScmDeleteServiceRecord()

VOID ScmDeleteServiceRecord

(

PSERVICE

lpService

)

Definition at line 815 of file database.c.

{
    DPRINT("Deleting Service %S\n", lpService->lpServiceName);
 
    /* Delete the display name */
    if (lpService->lpDisplayName != NULL &&
        lpService->lpDisplayName != lpService->lpServiceName)
        HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName);
 
    /* Dereference the service image */
    if (lpService->lpImage)
    {
        lpService->lpImage->dwImageRunCount--;
 
        if (lpService->lpImage->dwImageRunCount == 0)
        {
            ScmRemoveServiceImage(lpService->lpImage);
            lpService->lpImage = NULL;
        }
    }
 
    /* Decrement the group reference counter */
    ScmSetServiceGroup(lpService, NULL);
 
    /* Release the SecurityDescriptor */
    if (lpService->pSecurityDescriptor != NULL)
        HeapFree(GetProcessHeap(), 0, lpService->pSecurityDescriptor);
 
    /* Remove the Service from the List */
    RemoveEntryList(&lpService->ServiceListEntry);
 
    DPRINT("Deleted Service %S\n", lpService->lpServiceName);
 
    /* Delete the service record */
    HeapFree(GetProcessHeap(), 0, lpService);
 
    DPRINT("Done\n");
}

Referenced by ScmDeleteService().

ScmDereferenceService()

DWORD ScmDereferenceService

(

PSERVICE

lpService

)

Definition at line 938 of file database.c.

{
    DWORD ref;
 
    ASSERT(lpService->RefCount > 0);
 
    ref = InterlockedDecrement(&lpService->RefCount);
 
    if (ref == 0 && lpService->bDeleted &&
        lpService->Status.dwCurrentState == SERVICE_STOPPED)
    {
        ScmDeleteService(lpService);
    }
    return ref;
}

Referenced by RCloseServiceHandle(), RSetServiceStatus(), and ScmStopThread().

ScmEnableBackupRestorePrivileges()

static BOOL ScmEnableBackupRestorePrivileges ( _In_ HANDLE  hToken, _In_ BOOL  bEnable  )

static

Definition at line 311 of file database.c.

{
    PTOKEN_PRIVILEGES pTokenPrivileges = NULL;
    DWORD dwSize;
    BOOL bRet = FALSE;
 
    DPRINT("ScmEnableBackupRestorePrivileges(%p %d)\n", hToken, bEnable);
 
    dwSize = sizeof(TOKEN_PRIVILEGES) + 2 * sizeof(LUID_AND_ATTRIBUTES);
    pTokenPrivileges = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
    if (pTokenPrivileges == NULL)
    {
        DPRINT1("Failed to allocate privilege buffer\n");
        goto done;
    }
 
    pTokenPrivileges->PrivilegeCount = 2;
    pTokenPrivileges->Privileges[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
    pTokenPrivileges->Privileges[0].Luid.HighPart = 0;
    pTokenPrivileges->Privileges[0].Attributes = (bEnable ? SE_PRIVILEGE_ENABLED : 0);
    pTokenPrivileges->Privileges[1].Luid.LowPart = SE_RESTORE_PRIVILEGE;
    pTokenPrivileges->Privileges[1].Luid.HighPart = 0;
    pTokenPrivileges->Privileges[1].Attributes = (bEnable ? SE_PRIVILEGE_ENABLED : 0);
 
    bRet = AdjustTokenPrivileges(hToken, FALSE, pTokenPrivileges, 0, NULL, NULL);
    if (!bRet)
    {
        DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError());
    }
    else if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
    {
        DPRINT1("AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
        bRet = FALSE;
    }
 
done:
    if (pTokenPrivileges != NULL)
        HeapFree(GetProcessHeap(), 0, pTokenPrivileges);
 
    return bRet;
}

Referenced by ScmCreateOrReferenceServiceImage(), ScmLogonService(), and ScmRemoveServiceImage().

ScmGenerateServiceTag()

DWORD ScmGenerateServiceTag

(

PSERVICE

lpServiceRecord

)

Definition at line 743 of file database.c.

{
    /* Check for an overflow */
    if (ServiceTag == -1)
    {
        return ERROR_INVALID_DATA;
    }
 
    /* This is only valid for Win32 services */
    if (!(lpServiceRecord->Status.dwServiceType & SERVICE_WIN32))
    {
        return ERROR_INVALID_PARAMETER;
    }
 
    /* Increment the tag counter and set it */
    ServiceTag = ServiceTag % 0xFFFFFFFF + 1;
    lpServiceRecord->dwServiceTag = ServiceTag;
 
    return ERROR_SUCCESS;
}

Referenced by CreateServiceListEntry(), and RCreateServiceW().

ScmGetBootAndSystemDriverState()

VOID ScmGetBootAndSystemDriverState

(

VOID

)

Definition at line 1383 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
 
    DPRINT("ScmGetBootAndSystemDriverState() called\n");
 
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry, SERVICE, ServiceListEntry);
 
        if (CurrentService->dwStartType == SERVICE_BOOT_START ||
            CurrentService->dwStartType == SERVICE_SYSTEM_START)
        {
            /* Check driver */
            DPRINT("  Checking service: %S\n", CurrentService->lpServiceName);
 
            ScmCheckDriver(CurrentService);
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    DPRINT("ScmGetBootAndSystemDriverState() done\n");
}

Referenced by wWinMain().

ScmGetNoInteractiveServicesValue()

static VOID ScmGetNoInteractiveServicesValue ( VOID  )

static

Definition at line 1160 of file database.c.

{
    HKEY hKey;
    DWORD dwKeySize;
    LONG lError;
 
    lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                           L"SYSTEM\\CurrentControlSet\\Control\\Windows",
                           0,
                           KEY_READ,
                           &hKey);
    if (lError == ERROR_SUCCESS)
    {
        dwKeySize = sizeof(NoInteractiveServices);
        lError = RegQueryValueExW(hKey,
                                  L"NoInteractiveServices",
                                  0,
                                  NULL,
                                  (LPBYTE)&NoInteractiveServices,
                                  &dwKeySize);
        RegCloseKey(hKey);
    }
}

Referenced by ScmCreateServiceDatabase().

ScmGetServiceEntryByDisplayName()

PSERVICE ScmGetServiceEntryByDisplayName

(

LPCWSTR

lpDisplayName

)

Definition at line 685 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
 
    DPRINT("ScmGetServiceEntryByDisplayName() called\n");
 
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry,
                                           SERVICE,
                                           ServiceListEntry);
        if (_wcsicmp(CurrentService->lpDisplayName, lpDisplayName) == 0)
        {
            DPRINT("Found service: '%S'\n", CurrentService->lpDisplayName);
            return CurrentService;
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    DPRINT("Couldn't find a matching service\n");
 
    return NULL;
}

Referenced by RCreateServiceW(), RGetServiceKeyNameA(), and RGetServiceKeyNameW().

ScmGetServiceEntryByName()

PSERVICE ScmGetServiceEntryByName

(

LPCWSTR

lpServiceName

)

Definition at line 656 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
 
    DPRINT("ScmGetServiceEntryByName() called\n");
 
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry,
                                           SERVICE,
                                           ServiceListEntry);
        if (_wcsicmp(CurrentService->lpServiceName, lpServiceName) == 0)
        {
            DPRINT("Found service: '%S'\n", CurrentService->lpServiceName);
            return CurrentService;
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    DPRINT("Couldn't find a matching service\n");
 
    return NULL;
}

Referenced by Int_EnumDependentServicesW(), RCreateServiceW(), RGetServiceDisplayNameA(), RGetServiceDisplayNameW(), RI_ScValidatePnPService(), and ROpenServiceW().

ScmGetServiceEntryByResumeCount()

PSERVICE ScmGetServiceEntryByResumeCount

(

DWORD

dwResumeCount

)

Definition at line 714 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
 
    DPRINT("ScmGetServiceEntryByResumeCount() called\n");
 
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry,
                                           SERVICE,
                                           ServiceListEntry);
        if (CurrentService->dwResumeCount > dwResumeCount)
        {
            DPRINT("Found service: '%S'\n", CurrentService->lpDisplayName);
            return CurrentService;
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    DPRINT("Couldn't find a matching service\n");
 
    return NULL;
}

Referenced by REnumServiceGroupW(), and REnumServicesStatusExW().

ScmGetServiceImageByImagePath()

static PSERVICE_IMAGE ScmGetServiceImageByImagePath ( LPWSTR  lpImagePath )

static

Definition at line 152 of file database.c.

{
    PLIST_ENTRY ImageEntry;
    PSERVICE_IMAGE CurrentImage;
 
    DPRINT("ScmGetServiceImageByImagePath(%S) called\n", lpImagePath);
 
    ImageEntry = ImageListHead.Flink;
    while (ImageEntry != &ImageListHead)
    {
        CurrentImage = CONTAINING_RECORD(ImageEntry,
                                         SERVICE_IMAGE,
                                         ImageListEntry);
        if (_wcsicmp(CurrentImage->pszImagePath, lpImagePath) == 0)
        {
            DPRINT("Found image: '%S'\n", CurrentImage->pszImagePath);
            return CurrentImage;
        }
 
        ImageEntry = ImageEntry->Flink;
    }
 
    DPRINT("Couldn't find a matching image\n");
 
    return NULL;
 
}

Referenced by ScmCreateOrReferenceServiceImage().

ScmGetServiceNameFromTag()

DWORD ScmGetServiceNameFromTag	(	IN PTAG_INFO_NAME_FROM_TAG_IN_PARAMS	InParams,
		OUT PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS *	OutParams
	)

Definition at line 182 of file database.c.

{
    PLIST_ENTRY ServiceEntry;
    PSERVICE CurrentService;
    PSERVICE_IMAGE CurrentImage;
    PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutBuffer = NULL;
    DWORD dwError;
 
    /* Lock the database */
    ScmLockDatabaseExclusive();
 
    /* Find the matching service */
    ServiceEntry = ServiceListHead.Flink;
    while (ServiceEntry != &ServiceListHead)
    {
        CurrentService = CONTAINING_RECORD(ServiceEntry,
                                           SERVICE,
                                           ServiceListEntry);
 
        /* We must match the tag */
        if (CurrentService->dwServiceTag == InParams->dwTag &&
            CurrentService->lpImage != NULL)
        {
            CurrentImage = CurrentService->lpImage;
            /* And matching the PID */
            if (CurrentImage->dwProcessId == InParams->dwPid)
            {
                break;
            }
        }
 
        ServiceEntry = ServiceEntry->Flink;
    }
 
    /* No match! */
    if (ServiceEntry == &ServiceListHead)
    {
        dwError = ERROR_RETRY;
        goto Cleanup;
    }
 
    /* Allocate the output buffer */
    OutBuffer = MIDL_user_allocate(sizeof(TAG_INFO_NAME_FROM_TAG_OUT_PARAMS));
    if (OutBuffer == NULL)
    {
        dwError = ERROR_NOT_ENOUGH_MEMORY;
        goto Cleanup;
    }
 
    /* And the buffer for the name */
    OutBuffer->pszName = MIDL_user_allocate(wcslen(CurrentService->lpServiceName) * sizeof(WCHAR) + sizeof(UNICODE_NULL));
    if (OutBuffer->pszName == NULL)
    {
        dwError = ERROR_NOT_ENOUGH_MEMORY;
        goto Cleanup;
    }
 
    /* Fill in output data */
    wcscpy(OutBuffer->pszName, CurrentService->lpServiceName);
    OutBuffer->TagType = TagTypeService;
 
    /* And return */
    *OutParams = OutBuffer;
    dwError = ERROR_SUCCESS;
 
Cleanup:
 
    /* Unlock database */
    ScmUnlockDatabase();
 
    /* If failure, free allocated memory */
    if (dwError != ERROR_SUCCESS)
    {
        if (OutBuffer != NULL)
        {
            MIDL_user_free(OutBuffer);
        }
    }
 
    /* Return error/success */
    return dwError;
}

Referenced by RI_ScQueryServiceTagInfo().

ScmInitNamedPipeCriticalSection()

VOID ScmInitNamedPipeCriticalSection

(

VOID

)

Definition at line 2391 of file database.c.

{
    HKEY hKey;
    DWORD dwKeySize;
    DWORD dwError;
 
    InitializeCriticalSection(&ControlServiceCriticalSection);
 
    dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                            L"SYSTEM\\CurrentControlSet\\Control",
                            0,
                            KEY_READ,
                            &hKey);
   if (dwError == ERROR_SUCCESS)
   {
        dwKeySize = sizeof(PipeTimeout);
        RegQueryValueExW(hKey,
                         L"ServicesPipeTimeout",
                         0,
                         NULL,
                         (LPBYTE)&PipeTimeout,
                         &dwKeySize);
       RegCloseKey(hKey);
   }
}

Referenced by wWinMain().

ScmIsLocalSystemAccount()

static BOOL ScmIsLocalSystemAccount ( _In_ PCWSTR  pszAccountName )

static

Definition at line 298 of file database.c.

{
    if (pszAccountName == NULL ||
        _wcsicmp(pszAccountName, L"LocalSystem") == 0)
        return TRUE;
 
    return FALSE;
}

Referenced by ScmLogonService().

ScmIsSameServiceAccount()

static BOOL ScmIsSameServiceAccount ( _In_ PCWSTR  pszAccountName1, _In_ PCWSTR  pszAccountName2  )

static

Definition at line 269 of file database.c.

{
    if (pszAccountName1 == NULL &&
        pszAccountName2 == NULL)
        return TRUE;
 
    if (pszAccountName1 == NULL &&
        pszAccountName2 != NULL &&
        _wcsicmp(pszAccountName2, L"LocalSystem") == 0)
        return TRUE;
 
    if (pszAccountName1 != NULL &&
        pszAccountName2 == NULL &&
        _wcsicmp(pszAccountName1, L"LocalSystem") == 0)
        return TRUE;
 
    if (pszAccountName1 != NULL &&
        pszAccountName2 != NULL &&
        _wcsicmp(pszAccountName1, pszAccountName2) == 0)
        return TRUE;
 
    return FALSE;
}

Referenced by ScmCreateOrReferenceServiceImage().

ScmIsSecurityService()

static BOOL ScmIsSecurityService ( _In_ PSERVICE_IMAGE  pServiceImage )

static

Definition at line 44 of file database.c.

{
    return (wcsstr(pServiceImage->pszImagePath, L"\\system32\\lsass.exe") != NULL);
}

Referenced by ScmCreateOrReferenceServiceImage(), ScmStartUserModeService(), and ScmWaitForServiceConnect().

ScmLoadService()

static DWORD ScmLoadService ( PSERVICE  Service, DWORD  argc, const PCWSTR *  argv  )

static

Definition at line 1967 of file database.c.

{
    PSERVICE_GROUP Group = Service->lpGroup;
    DWORD dwError = ERROR_SUCCESS;
    LPCWSTR lpLogStrings[2];
    WCHAR szLogBuffer[80];
 
    DPRINT("ScmLoadService() called\n");
    DPRINT("Start Service %p (%S)\n", Service, Service->lpServiceName);
 
    if (Service->Status.dwCurrentState != SERVICE_STOPPED)
    {
        DPRINT("Service %S is already running\n", Service->lpServiceName);
        return ERROR_SERVICE_ALREADY_RUNNING;
    }
 
    DPRINT("Service->Type: %lu\n", Service->Status.dwServiceType);
 
    if (Service->Status.dwServiceType & SERVICE_DRIVER)
    {
        /* Start the driver */
        dwError = ScmStartDriver(Service);
    }
    else // if (Service->Status.dwServiceType & (SERVICE_WIN32 | SERVICE_INTERACTIVE_PROCESS))
    {
        /* Start user-mode service */
        dwError = ScmCreateOrReferenceServiceImage(Service);
        if (dwError == ERROR_SUCCESS)
        {
            dwError = ScmStartUserModeService(Service, argc, argv);
            if (dwError == ERROR_SUCCESS)
            {
                Service->Status.dwCurrentState = SERVICE_START_PENDING;
                Service->Status.dwControlsAccepted = 0;
                ScmReferenceService(Service);
            }
            else
            {
                Service->lpImage->dwImageRunCount--;
                if (Service->lpImage->dwImageRunCount == 0)
                {
                    ScmRemoveServiceImage(Service->lpImage);
                    Service->lpImage = NULL;
                }
            }
        }
    }
 
    DPRINT("ScmLoadService() done (Error %lu)\n", dwError);
 
    if (dwError == ERROR_SUCCESS)
    {
        if (Group != NULL)
        {
            Group->ServicesRunning = TRUE;
        }
 
        /* Log a successful service start */
        LoadStringW(GetModuleHandle(NULL), IDS_SERVICE_START, szLogBuffer, 80);
        lpLogStrings[0] = Service->lpDisplayName;
        lpLogStrings[1] = szLogBuffer;
 
        ScmLogEvent(EVENT_SERVICE_CONTROL_SUCCESS,
                    EVENTLOG_INFORMATION_TYPE,
                    2,
                    lpLogStrings);
    }
    else
    {
        if (Service->dwErrorControl != SERVICE_ERROR_IGNORE)
        {
            /* Log a failed service start */
            StringCchPrintfW(szLogBuffer, ARRAYSIZE(szLogBuffer),
                             L"%lu", dwError);
            lpLogStrings[0] = Service->lpServiceName;
            lpLogStrings[1] = szLogBuffer;
            ScmLogEvent(EVENT_SERVICE_START_FAILED,
                        EVENTLOG_ERROR_TYPE,
                        2,
                        lpLogStrings);
        }
 
#if 0
        switch (Service->dwErrorControl)
        {
            case SERVICE_ERROR_SEVERE:
                if (IsLastKnownGood == FALSE)
                {
                    /* FIXME: Boot last known good configuration */
                }
                break;
 
            case SERVICE_ERROR_CRITICAL:
                if (IsLastKnownGood == FALSE)
                {
                    /* FIXME: Boot last known good configuration */
                }
                else
                {
                    /* FIXME: BSOD! */
                }
                break;
        }
#endif
    }
 
    return dwError;
}

Referenced by ScmAutoStartServices(), and ScmStartService().

ScmLockDatabaseExclusive()

BOOL ScmLockDatabaseExclusive

(

VOID

)

Definition at line 2370 of file database.c.

{
    return RtlAcquireResourceExclusive(&DatabaseLock, TRUE);
}

Referenced by RChangeServiceConfig2W(), RChangeServiceConfigW(), RCloseServiceHandle(), RCreateServiceW(), RDeleteService(), ROpenServiceW(), RSetServiceObjectSecurity(), RSetServiceStatus(), ScmAcquireServiceStartLock(), ScmAutoShutdownServices(), ScmGetServiceNameFromTag(), ScmReleaseServiceStartLock(), and ScmStopThread().

ScmLockDatabaseShared()

BOOL ScmLockDatabaseShared

(

VOID

)

Definition at line 2377 of file database.c.

{
    return RtlAcquireResourceShared(&DatabaseLock, TRUE);
}

Referenced by REnumServiceGroupW(), REnumServicesStatusExW(), RI_ScGetCurrentGroupStateW(), RQueryServiceConfig2A(), RQueryServiceConfig2W(), RQueryServiceConfigA(), RQueryServiceConfigW(), RQueryServiceObjectSecurity(), RQueryServiceStatus(), RQueryServiceStatusEx(), ScmQueryServiceLockStatusA(), and ScmQueryServiceLockStatusW().

ScmLogonService()

static DWORD ScmLogonService ( IN PSERVICE  pService, IN PSERVICE_IMAGE  pImage  )

static

Definition at line 358 of file database.c.

{
    PROFILEINFOW ProfileInfo;
    PWSTR pszUserName = NULL;
    PWSTR pszDomainName = NULL;
    PWSTR pszPassword = NULL;
    PWSTR ptr;
    DWORD dwError = ERROR_SUCCESS;
 
    DPRINT("ScmLogonService(%p %p)\n", pService, pImage);
    DPRINT("Service %S\n", pService->lpServiceName);
 
    if (ScmIsLocalSystemAccount(pImage->pszAccountName) || ScmLiveSetup || ScmSetupInProgress)
        return ERROR_SUCCESS;
 
    /* Get the user and domain names */
    ptr = wcschr(pImage->pszAccountName, L'\\');
    if (ptr != NULL)
    {
        *ptr = L'\0';
        pszUserName = ptr + 1;
        pszDomainName = pImage->pszAccountName;
    }
    else
    {
        // ERROR_INVALID_SERVICE_ACCOUNT
        pszUserName = pImage->pszAccountName;
        pszDomainName = NULL;
    }
 
    /* Build the service 'password' */
    pszPassword = HeapAlloc(GetProcessHeap(),
                            HEAP_ZERO_MEMORY,
                            (wcslen(pService->lpServiceName) + 5) * sizeof(WCHAR));
    if (pszPassword == NULL)
    {
        dwError = ERROR_NOT_ENOUGH_MEMORY;
        goto done;
    }
 
    wcscpy(pszPassword, L"_SC_");
    wcscat(pszPassword, pService->lpServiceName);
 
    DPRINT("Domain: %S  User: %S  Password: %S\n", pszDomainName, pszUserName, pszPassword);
 
    /* Do the service logon */
    if (!LogonUserW(pszUserName,
                    pszDomainName,
                    pszPassword,
                    LOGON32_LOGON_SERVICE,
                    LOGON32_PROVIDER_DEFAULT,
                    &pImage->hToken))
    {
        dwError = GetLastError();
        DPRINT1("LogonUserW() failed (Error %lu)\n", dwError);
 
        /* Normalize the returned error */
        dwError = ERROR_SERVICE_LOGON_FAILED;
        goto done;
    }
 
    /* Load the user profile; the per-user environment variables are thus correctly initialized */
    ZeroMemory(&ProfileInfo, sizeof(ProfileInfo));
    ProfileInfo.dwSize = sizeof(ProfileInfo);
    ProfileInfo.dwFlags = PI_NOUI;
    ProfileInfo.lpUserName = pszUserName;
    // ProfileInfo.lpProfilePath = NULL;
    // ProfileInfo.lpDefaultPath = NULL;
    // ProfileInfo.lpServerName = NULL;
    // ProfileInfo.lpPolicyPath = NULL;
    // ProfileInfo.hProfile = NULL;
 
    ScmEnableBackupRestorePrivileges(pImage->hToken, TRUE);
    if (!LoadUserProfileW(pImage->hToken, &ProfileInfo))
        dwError = GetLastError();
    ScmEnableBackupRestorePrivileges(pImage->hToken, FALSE);
 
    if (dwError != ERROR_SUCCESS)
    {
        DPRINT1("LoadUserProfileW() failed (Error %lu)\n", dwError);
        goto done;
    }
 
    pImage->hProfile = ProfileInfo.hProfile;
 
done:
    if (pszPassword != NULL)
        HeapFree(GetProcessHeap(), 0, pszPassword);
 
    if (ptr != NULL)
        *ptr = L'\\';
 
    return dwError;
}

Referenced by ScmCreateOrReferenceServiceImage().

ScmReferenceService()

DWORD ScmReferenceService

(

PSERVICE

lpService

)

Definition at line 930 of file database.c.

{
    return InterlockedIncrement(&lpService->RefCount);
}

Referenced by RCreateServiceW(), ROpenServiceW(), RSetServiceStatus(), and ScmLoadService().

ScmRemoveServiceImage()

VOID ScmRemoveServiceImage

(

PSERVICE_IMAGE

pServiceImage

)

Definition at line 621 of file database.c.

{
    DPRINT1("ScmRemoveServiceImage() called\n");
 
    /* FIXME: Terminate the process */
 
    /* Remove the service image from the list */
    RemoveEntryList(&pServiceImage->ImageListEntry);
 
    /* Close the process handle */
    if (pServiceImage->hProcess != INVALID_HANDLE_VALUE)
        CloseHandle(pServiceImage->hProcess);
 
    /* Close the control pipe */
    if (pServiceImage->hControlPipe != INVALID_HANDLE_VALUE)
        CloseHandle(pServiceImage->hControlPipe);
 
    /* Unload the user profile */
    if (pServiceImage->hProfile != NULL)
    {
        ScmEnableBackupRestorePrivileges(pServiceImage->hToken, TRUE);
        UnloadUserProfile(pServiceImage->hToken, pServiceImage->hProfile);
        ScmEnableBackupRestorePrivileges(pServiceImage->hToken, FALSE);
    }
 
    /* Close the logon token */
    if (pServiceImage->hToken != NULL)
        CloseHandle(pServiceImage->hToken);
 
    /* Release the service image */
    HeapFree(GetProcessHeap(), 0, pServiceImage);
}

Referenced by ScmDeleteServiceRecord(), ScmLoadService(), and ScmStopThread().

ScmSendControlPacket()

DWORD ScmSendControlPacket	(	_In_ HANDLE	hControlPipe,
		_In_ PCWSTR	pServiceName,
		_In_ DWORD	dwControl,
		_In_ DWORD	dwControlPacketSize,
		_In_ PVOID	pControlPacket
	)

Definition at line 1416 of file database.c.

{
    DWORD dwError = ERROR_SUCCESS;
    BOOL bResult;
    SCM_REPLY_PACKET ReplyPacket;
    DWORD dwReadCount = 0;
    OVERLAPPED Overlapped = {0};
 
    DPRINT("ScmSendControlPacket(%p, %lu, %p) called\n",
           hControlPipe, dwControlPacketSize, pControlPacket);
 
    /* Acquire the service control critical section, to synchronize requests */
    EnterCriticalSection(&ControlServiceCriticalSection);
 
    bResult = TransactNamedPipe(hControlPipe,
                                pControlPacket,
                                dwControlPacketSize,
                                &ReplyPacket,
                                sizeof(ReplyPacket),
                                &dwReadCount,
                                &Overlapped);
    if (!bResult)
    {
        /* Fail for any error other than pending IO */
        dwError = GetLastError();
        if (dwError != ERROR_IO_PENDING)
        {
            DPRINT1("TransactNamedPipe(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
            goto Done;
        }
 
        DPRINT("TransactNamedPipe(%S, %d) returned ERROR_IO_PENDING\n", pServiceName, dwControl);
 
        dwError = WaitForSingleObject(hControlPipe, PipeTimeout);
        DPRINT("WaitForSingleObject(%S, %d) returned %lu\n", pServiceName, dwControl, dwError);
 
        if (dwError == WAIT_TIMEOUT)
        {
            DPRINT1("WaitForSingleObject(%S, %d) timed out\n", pServiceName, dwControl);
            bResult = CancelIo(hControlPipe);
            if (!bResult)
                DPRINT1("CancelIo(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, GetLastError());
 
            dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
        }
        else if (dwError == WAIT_OBJECT_0)
        {
            bResult = GetOverlappedResult(hControlPipe,
                                          &Overlapped,
                                          &dwReadCount,
                                          TRUE);
            if (!bResult)
            {
                dwError = GetLastError();
                DPRINT1("GetOverlappedResult(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
            }
        }
    }
 
Done:
    /* Release the service control critical section */
    LeaveCriticalSection(&ControlServiceCriticalSection);
 
    if (dwReadCount == sizeof(ReplyPacket))
        dwError = ReplyPacket.dwError;
 
    return dwError;
}

Referenced by RI_ScSendPnPMessage(), ScmControlService(), and ScmControlServiceEx().

ScmShutdownServiceDatabase()

VOID ScmShutdownServiceDatabase

(

VOID

)

Definition at line 1273 of file database.c.

{
    DPRINT("ScmShutdownServiceDatabase() called\n");
 
    ScmDeleteMarkedServices();
    RtlDeleteResource(&DatabaseLock);
 
    DPRINT("ScmShutdownServiceDatabase() done\n");
}

Referenced by ShutdownHandlerRoutine().

ScmStartService()

DWORD ScmStartService	(	PSERVICE	Service,
		DWORD	argc,
		const PCWSTR *	argv
	)

Definition at line 2080 of file database.c.

{
    DWORD dwError = ERROR_SUCCESS;
    SC_RPC_LOCK Lock = NULL;
 
    DPRINT("ScmStartService() called\n");
    DPRINT("Start Service %p (%S)\n", Service, Service->lpServiceName);
 
    /* Acquire the service control critical section, to synchronize starts */
    EnterCriticalSection(&ControlServiceCriticalSection);
 
    /*
     * Acquire the user service start lock while the service is starting, if
     * needed (i.e. if we are not starting it during the initialization phase).
     * If we don't success, bail out.
     */
    if (!ScmInitialize)
    {
        dwError = ScmAcquireServiceStartLock(TRUE, &Lock);
        if (dwError != ERROR_SUCCESS)
            goto done;
    }
 
    /* Really start the service */
    dwError = ScmLoadService(Service, argc, argv);
 
    /* Release the service start lock, if needed, and the critical section */
    if (Lock) ScmReleaseServiceStartLock(&Lock);
 
done:
    LeaveCriticalSection(&ControlServiceCriticalSection);
 
    DPRINT("ScmStartService() done (Error %lu)\n", dwError);
 
    return dwError;
}

Referenced by RStartServiceA(), and RStartServiceW().

ScmStartUserModeService()

static DWORD ScmStartUserModeService ( PSERVICE  Service, DWORD  argc, const PCWSTR *  argv  )

static

Definition at line 1817 of file database.c.

{
    PROCESS_INFORMATION ProcessInformation;
    STARTUPINFOW StartupInfo;
    LPVOID lpEnvironment;
    BOOL Result;
    DWORD dwError = ERROR_SUCCESS;
 
    DPRINT("ScmStartUserModeService(%p)\n", Service);
 
    /* If the image is already running, just send a start command */
    if (Service->lpImage->dwImageRunCount > 1)
        goto Quit;
 
    /* Otherwise start its process */
    ZeroMemory(&StartupInfo, sizeof(StartupInfo));
    StartupInfo.cb = sizeof(StartupInfo);
    ZeroMemory(&ProcessInformation, sizeof(ProcessInformation));
 
    if (Service->lpImage->hToken)
    {
        /* User token: Run the service under the user account */
 
        if (!CreateEnvironmentBlock(&lpEnvironment, Service->lpImage->hToken, FALSE))
        {
            /* We failed, run the service with the current environment */
            DPRINT1("CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
                    GetLastError(), Service->lpServiceName);
            lpEnvironment = NULL;
        }
 
        /* Impersonate the new user */
        Result = ImpersonateLoggedOnUser(Service->lpImage->hToken);
        if (Result)
        {
            /* Launch the process in the user's logon session */
            Result = CreateProcessAsUserW(Service->lpImage->hToken,
                                          NULL,
                                          Service->lpImage->pszImagePath,
                                          NULL,
                                          NULL,
                                          FALSE,
                                          CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS | CREATE_SUSPENDED,
                                          lpEnvironment,
                                          NULL,
                                          &StartupInfo,
                                          &ProcessInformation);
            if (!Result)
                dwError = GetLastError();
 
            /* Revert the impersonation */
            RevertToSelf();
        }
        else
        {
            dwError = GetLastError();
            DPRINT1("ImpersonateLoggedOnUser() failed with error %d\n", dwError);
        }
    }
    else
    {
        /* No user token: Run the service under the LocalSystem account */
 
        if (!CreateEnvironmentBlock(&lpEnvironment, NULL, TRUE))
        {
            /* We failed, run the service with the current environment */
            DPRINT1("CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
                    GetLastError(), Service->lpServiceName);
            lpEnvironment = NULL;
        }
 
        /* Use the interactive desktop if the service is interactive */
        if ((NoInteractiveServices == 0) &&
            (Service->Status.dwServiceType & SERVICE_INTERACTIVE_PROCESS))
        {
            StartupInfo.dwFlags |= STARTF_INHERITDESKTOP;
            StartupInfo.lpDesktop = L"WinSta0\\Default";
        }
 
        if (!ScmIsSecurityService(Service->lpImage))
        {
            Result = CreateProcessW(NULL,
                                    Service->lpImage->pszImagePath,
                                    NULL,
                                    NULL,
                                    FALSE,
                                    CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS | CREATE_SUSPENDED,
                                    lpEnvironment,
                                    NULL,
                                    &StartupInfo,
                                    &ProcessInformation);
            if (!Result)
                dwError = GetLastError();
        }
        else
        {
            Result = TRUE;
            dwError = ERROR_SUCCESS;
        }
    }
 
    if (lpEnvironment)
        DestroyEnvironmentBlock(lpEnvironment);
 
    if (!Result)
    {
        DPRINT1("Starting '%S' failed with error %d\n",
                Service->lpServiceName, dwError);
        return dwError;
    }
 
    DPRINT("Process Id: %lu  Handle %p\n",
           ProcessInformation.dwProcessId,
           ProcessInformation.hProcess);
    DPRINT("Thread Id: %lu  Handle %p\n",
           ProcessInformation.dwThreadId,
           ProcessInformation.hThread);
 
    /* Get the process handle and ID */
    Service->lpImage->hProcess = ProcessInformation.hProcess;
    Service->lpImage->dwProcessId = ProcessInformation.dwProcessId;
 
    /* Resume the main thread and close its handle */
    ResumeThread(ProcessInformation.hThread);
    CloseHandle(ProcessInformation.hThread);
 
    /* Connect control pipe */
    dwError = ScmWaitForServiceConnect(Service);
    if (dwError != ERROR_SUCCESS)
    {
        DPRINT1("Connecting control pipe failed! (Error %lu)\n", dwError);
        Service->lpImage->dwProcessId = 0;
        return dwError;
    }
 
Quit:
    /* Send the start command and return */
    return ScmControlServiceEx(Service->lpImage->hControlPipe,
                               Service->lpServiceName,
                               (Service->Status.dwServiceType & SERVICE_WIN32_OWN_PROCESS)
                                  ? SERVICE_CONTROL_START_OWN : SERVICE_CONTROL_START_SHARE,
                               (SERVICE_STATUS_HANDLE)Service,
                               Service->dwServiceTag,
                               argc, argv);
}

Referenced by ScmLoadService().

ScmUnlockDatabase()

VOID ScmUnlockDatabase

(

VOID

)

Definition at line 2384 of file database.c.

{
    RtlReleaseResource(&DatabaseLock);
}

Referenced by RChangeServiceConfig2W(), RChangeServiceConfigW(), RCloseServiceHandle(), RCreateServiceW(), RDeleteService(), REnumServiceGroupW(), REnumServicesStatusExW(), RI_ScGetCurrentGroupStateW(), ROpenServiceW(), RQueryServiceConfig2A(), RQueryServiceConfig2W(), RQueryServiceConfigA(), RQueryServiceConfigW(), RQueryServiceObjectSecurity(), RQueryServiceStatus(), RQueryServiceStatusEx(), RSetServiceObjectSecurity(), RSetServiceStatus(), ScmAcquireServiceStartLock(), ScmAutoShutdownServices(), ScmGetServiceNameFromTag(), ScmQueryServiceLockStatusA(), ScmQueryServiceLockStatusW(), ScmReleaseServiceStartLock(), and ScmStopThread().

ScmWaitForServiceConnect()

static DWORD ScmWaitForServiceConnect ( PSERVICE  Service )

static

Definition at line 1640 of file database.c.

{
    DWORD dwRead = 0;
    DWORD dwProcessId = 0;
    DWORD dwError = ERROR_SUCCESS;
    BOOL bResult;
    OVERLAPPED Overlapped = {0};
#if 0
    LPCWSTR lpLogStrings[3];
    WCHAR szBuffer1[20];
    WCHAR szBuffer2[20];
#endif
 
    DPRINT("ScmWaitForServiceConnect()\n");
 
    bResult = ConnectNamedPipe(Service->lpImage->hControlPipe,
                               &Overlapped);
    if (bResult == FALSE)
    {
        DPRINT("ConnectNamedPipe() returned FALSE\n");
 
        dwError = GetLastError();
        if (dwError == ERROR_IO_PENDING)
        {
            DPRINT("dwError: ERROR_IO_PENDING\n");
 
            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
                                          PipeTimeout);
            DPRINT("WaitForSingleObject() returned %lu\n", dwError);
 
            if (dwError == WAIT_TIMEOUT)
            {
                DPRINT("WaitForSingleObject() returned WAIT_TIMEOUT\n");
 
                bResult = CancelIo(Service->lpImage->hControlPipe);
                if (bResult == FALSE)
                {
                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
                }
 
#if 0
                _ultow(PipeTimeout, szBuffer1, 10);
                lpLogStrings[0] = Service->lpDisplayName;
                lpLogStrings[1] = szBuffer1;
 
                ScmLogEvent(EVENT_CONNECTION_TIMEOUT,
                            EVENTLOG_ERROR_TYPE,
                            2,
                            lpLogStrings);
#endif
                DPRINT1("Log EVENT_CONNECTION_TIMEOUT by %S\n", Service->lpDisplayName);
 
                return ERROR_SERVICE_REQUEST_TIMEOUT;
            }
            else if (dwError == WAIT_OBJECT_0)
            {
                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
                                              &Overlapped,
                                              &dwRead,
                                              TRUE);
                if (bResult == FALSE)
                {
                    dwError = GetLastError();
                    DPRINT1("GetOverlappedResult failed (Error %lu)\n", dwError);
 
                    return dwError;
                }
            }
        }
        else if (dwError != ERROR_PIPE_CONNECTED)
        {
            DPRINT1("ConnectNamedPipe failed (Error %lu)\n", dwError);
            return dwError;
        }
    }
 
    DPRINT("Control pipe connected\n");
 
    Overlapped.hEvent = NULL;
 
    /* Read the process id from pipe */
    bResult = ReadFile(Service->lpImage->hControlPipe,
                       (LPVOID)&dwProcessId,
                       sizeof(DWORD),
                       &dwRead,
                       &Overlapped);
    if (bResult == FALSE)
    {
        DPRINT("ReadFile() returned FALSE\n");
 
        dwError = GetLastError();
        if (dwError == ERROR_IO_PENDING)
        {
            DPRINT("dwError: ERROR_IO_PENDING\n");
 
            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
                                          PipeTimeout);
            if (dwError == WAIT_TIMEOUT)
            {
                DPRINT("WaitForSingleObject() returned WAIT_TIMEOUT\n");
 
                bResult = CancelIo(Service->lpImage->hControlPipe);
                if (bResult == FALSE)
                {
                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
                }
 
#if 0
                _ultow(PipeTimeout, szBuffer1, 10);
                lpLogStrings[0] = szBuffer1;
 
                ScmLogEvent(EVENT_READFILE_TIMEOUT,
                            EVENTLOG_ERROR_TYPE,
                            1,
                            lpLogStrings);
#endif
                DPRINT1("Log EVENT_READFILE_TIMEOUT by %S\n", Service->lpDisplayName);
 
                return ERROR_SERVICE_REQUEST_TIMEOUT;
            }
            else if (dwError == WAIT_OBJECT_0)
            {
                DPRINT("WaitForSingleObject() returned WAIT_OBJECT_0\n");
 
                DPRINT("Process Id: %lu\n", dwProcessId);
 
                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
                                              &Overlapped,
                                              &dwRead,
                                              TRUE);
                if (bResult == FALSE)
                {
                    dwError = GetLastError();
                    DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
 
                    return dwError;
                }
            }
            else
            {
                DPRINT1("WaitForSingleObject() returned %lu\n", dwError);
            }
        }
        else
        {
            DPRINT1("ReadFile() failed (Error %lu)\n", dwError);
            return dwError;
        }
    }
 
    if ((ScmIsSecurityService(Service->lpImage) == FALSE)&&
        (dwProcessId != Service->lpImage->dwProcessId))
    {
#if 0
        _ultow(Service->lpImage->dwProcessId, szBuffer1, 10);
        _ultow(dwProcessId, szBuffer2, 10);
 
        lpLogStrings[0] = Service->lpDisplayName;
        lpLogStrings[1] = szBuffer1;
        lpLogStrings[2] = szBuffer2;
 
        ScmLogEvent(EVENT_SERVICE_DIFFERENT_PID_CONNECTED,
                    EVENTLOG_WARNING_TYPE,
                    3,
                    lpLogStrings);
#endif
 
        DPRINT1("Log EVENT_SERVICE_DIFFERENT_PID_CONNECTED by %S\n", Service->lpDisplayName);
    }
 
    DPRINT("ScmWaitForServiceConnect() done\n");
 
    return ERROR_SUCCESS;
}

Referenced by ScmStartUserModeService().

Variable Documentation

ControlServiceCriticalSection

CRITICAL_SECTION ControlServiceCriticalSection

static

Definition at line 36 of file database.c.

Referenced by ScmAutoStartServices(), ScmDeleteNamedPipeCriticalSection(), ScmInitNamedPipeCriticalSection(), ScmSendControlPacket(), and ScmStartService().

DatabaseLock

RTL_RESOURCE DatabaseLock

static

Definition at line 30 of file database.c.

Referenced by ScmCreateServiceDatabase(), ScmLockDatabaseExclusive(), ScmLockDatabaseShared(), ScmShutdownServiceDatabase(), and ScmUnlockDatabase().

ImageListHead

LIST_ENTRY ImageListHead

Definition at line 27 of file database.c.

Referenced by ScmCreateOrReferenceServiceImage(), ScmCreateServiceDatabase(), and ScmGetServiceImageByImagePath().

NoInteractiveServices

DWORD NoInteractiveServices = 0

static

Definition at line 32 of file database.c.

Referenced by ScmGetNoInteractiveServicesValue(), and ScmStartUserModeService().

PipeTimeout

DWORD PipeTimeout = 30000

static

Definition at line 37 of file database.c.

Referenced by ScmCreateNewControlPipe(), ScmInitNamedPipeCriticalSection(), ScmSendControlPacket(), and ScmWaitForServiceConnect().

ResumeCount

DWORD ResumeCount = 1

static

Definition at line 31 of file database.c.

Referenced by CreateProcessInternalW(), and ScmCreateNewServiceRecord().

ServiceListHead

LIST_ENTRY ServiceListHead

Definition at line 28 of file database.c.

Referenced by REnumServiceGroupW(), REnumServicesStatusExW(), ScmAutoShutdownServices(), ScmAutoStartServices(), ScmCreateNewServiceRecord(), ScmCreateServiceDatabase(), ScmDeleteMarkedServices(), ScmGetBootAndSystemDriverState(), ScmGetServiceEntryByDisplayName(), ScmGetServiceEntryByName(), ScmGetServiceEntryByResumeCount(), and ScmGetServiceNameFromTag().

ServiceTag

DWORD ServiceTag = 0

static

Definition at line 33 of file database.c.

Referenced by GetOwnerModuleFromTagEntry(), ScmGenerateServiceTag(), and service_main().