/*
Unix SMB/CIFS implementation.
test suite for svcctl rpc operations
Copyright (C) Jelmer Vernooij 2004
Copyright (C) Guenther Deschner 2008,2009,2020
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_svcctl_c.h"
#include "librpc/gen_ndr/ndr_svcctl.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "torture/rpc/torture_rpc.h"
#include "param/param.h"
#define TORTURE_DEFAULT_SERVICE "Spooler"
static bool test_OpenSCManager(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *h)
{
struct svcctl_OpenSCManagerW r;
r.in.MachineName = NULL;
r.in.DatabaseName = NULL;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = h;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_OpenSCManagerW_r(b, tctx, &r),
"OpenSCManager failed!");
return true;
}
static bool test_CloseServiceHandle(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *h)
{
struct svcctl_CloseServiceHandle r;
r.in.handle = h;
r.out.handle = h;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_CloseServiceHandle_r(b, tctx, &r),
"CloseServiceHandle failed");
return true;
}
static bool test_OpenService(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *h,
const char *name,
struct policy_handle *s)
{
struct svcctl_OpenServiceW r;
r.in.scmanager_handle = h;
r.in.ServiceName = name;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = s;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_OpenServiceW_r(b, tctx, &r),
"OpenServiceW failed!");
torture_assert_werr_ok(tctx, r.out.result, "OpenServiceW failed!");
return true;
}
static bool test_QueryServiceStatus(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_QueryServiceStatus r;
struct policy_handle h, s;
struct SERVICE_STATUS service_status;
NTSTATUS status;
struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
r.out.service_status = &service_status;
status = dcerpc_svcctl_QueryServiceStatus_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatus failed!");
torture_assert_werr_ok(tctx, r.out.result, "QueryServiceStatus failed!");
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerpc_pipe *p)
{
struct svcctl_QueryServiceStatusEx r;
struct policy_handle h, s;
NTSTATUS status;
struct dcerpc_binding_handle *b = p->binding_handle;
uint32_t info_level = SVC_STATUS_PROCESS_INFO;
uint8_t *buffer;
uint32_t offered = 0;
uint32_t needed = 0;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
buffer = talloc(tctx, uint8_t);
r.in.handle = &s;
r.in.info_level = info_level;
r.in.offered = offered;
r.out.buffer = buffer;
r.out.needed = &needed;
status = dcerpc_svcctl_QueryServiceStatusEx_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatusEx failed!");
if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
r.in.offered = needed;
buffer = talloc_array(tctx, uint8_t, needed);
r.out.buffer = buffer;
status = dcerpc_svcctl_QueryServiceStatusEx_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatusEx failed!");
torture_assert_werr_ok(tctx, r.out.result, "QueryServiceStatusEx failed!");
}
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_QueryServiceConfigW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_QueryServiceConfigW r;
struct QUERY_SERVICE_CONFIG query;
struct policy_handle h, s;
NTSTATUS status;
struct dcerpc_binding_handle *b = p->binding_handle;
uint32_t offered = 0;
uint32_t needed = 0;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
r.in.offered = offered;
r.out.query = &query;
r.out.needed = &needed;
status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
r.in.offered = needed;
status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
}
torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfigW failed!");
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerpc_pipe *p)
{
struct svcctl_QueryServiceConfig2W r;
struct policy_handle h, s;
NTSTATUS status;
struct dcerpc_binding_handle *b = p->binding_handle;
uint32_t info_level = SERVICE_CONFIG_DESCRIPTION;
uint8_t *buffer;
uint32_t offered = 0;
uint32_t needed = 0;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
buffer = talloc(tctx, uint8_t);
r.in.handle = &s;
r.in.info_level = info_level;
r.in.offered = offered;
r.out.buffer = buffer;
r.out.needed = &needed;
status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
r.in.offered = needed;
buffer = talloc_array(tctx, uint8_t, needed);
r.out.buffer = buffer;
status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!");
}
r.in.info_level = SERVICE_CONFIG_FAILURE_ACTIONS;
r.in.offered = offered;
r.out.buffer = buffer;
r.out.needed = &needed;
status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
r.in.offered = needed;
buffer = talloc_array(tctx, uint8_t, needed);
r.out.buffer = buffer;
status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!");
}
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_QueryServiceObjectSecurity(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_QueryServiceObjectSecurity r;
struct policy_handle h, s;
struct dcerpc_binding_handle *b = p->binding_handle;
uint8_t *buffer = NULL;
uint32_t needed;
enum ndr_err_code ndr_err;
struct security_descriptor sd;
DATA_BLOB blob;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
r.in.security_flags = 0;
r.in.offered = 0;
r.out.buffer = NULL;
r.out.needed = &needed;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &r),
"QueryServiceObjectSecurity failed!");
torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
"QueryServiceObjectSecurity failed!");
r.in.security_flags = SECINFO_DACL;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &r),
"QueryServiceObjectSecurity failed!");
if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
r.in.offered = needed;
buffer = talloc_array(tctx, uint8_t, needed);
r.out.buffer = buffer;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &r),
"QueryServiceObjectSecurity failed!");
}
torture_assert_werr_ok(tctx, r.out.result, "QueryServiceObjectSecurity failed!");
blob = data_blob_const(buffer, needed);
ndr_err = ndr_pull_struct_blob(&blob, tctx, &sd,
(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return false;
}
if (DEBUGLEVEL >= 1) {
NDR_PRINT_DEBUG(security_descriptor, &sd);
}
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_SetServiceObjectSecurity(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_QueryServiceObjectSecurity q;
struct svcctl_SetServiceObjectSecurity r;
struct policy_handle h, s;
struct dcerpc_binding_handle *b = p->binding_handle;
uint8_t *buffer;
uint32_t needed;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
q.in.handle = &s;
q.in.security_flags = SECINFO_DACL;
q.in.offered = 0;
q.out.buffer = NULL;
q.out.needed = &needed;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &q),
"QueryServiceObjectSecurity failed!");
if (W_ERROR_EQUAL(q.out.result, WERR_INSUFFICIENT_BUFFER)) {
q.in.offered = needed;
buffer = talloc_array(tctx, uint8_t, needed);
q.out.buffer = buffer;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &q),
"QueryServiceObjectSecurity failed!");
}
torture_assert_werr_ok(tctx, q.out.result,
"QueryServiceObjectSecurity failed!");
r.in.handle = &s;
r.in.security_flags = SECINFO_DACL;
r.in.buffer = q.out.buffer;
r.in.offered = *q.out.needed;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_SetServiceObjectSecurity_r(b, tctx, &r),
"SetServiceObjectSecurity failed!");
torture_assert_werr_ok(tctx, r.out.result,
"SetServiceObjectSecurity failed!");
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_StartServiceW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_StartServiceW r;
struct policy_handle h, s;
struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
r.in.NumArgs = 0;
r.in.Arguments = NULL;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_StartServiceW_r(b, tctx, &r),
"StartServiceW failed!");
torture_assert_werr_equal(tctx, r.out.result,
WERR_SERVICE_ALREADY_RUNNING,
"StartServiceW failed!");
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_ControlService(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_ControlService r;
struct policy_handle h, s;
struct SERVICE_STATUS service_status;
struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
r.in.control = 0;
r.out.service_status = &service_status;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_ControlService_r(b, tctx, &r),
"ControlService failed!");
torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
"ControlService failed!");
if (!test_CloseServiceHandle(b, tctx, &s))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p)
{
struct svcctl_EnumServicesStatusW r;
struct policy_handle h;
int i;
NTSTATUS status;
uint32_t resume_handle = 0;
struct ENUM_SERVICE_STATUSW *service = NULL;
uint32_t needed = 0;
uint32_t services_returned = 0;
struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_OpenSCManager(b, tctx, &h))
return false;
r.in.handle = &h;
r.in.type = SERVICE_TYPE_WIN32;
r.in.state = SERVICE_STATE_ALL;
r.in.offered = 0;
r.in.resume_handle = &resume_handle;
r.out.service = NULL;
r.out.resume_handle = &resume_handle;
r.out.services_returned = &services_returned;
r.out.needed = &needed;
status = dcerpc_svcctl_EnumServicesStatusW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!");
if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
r.in.offered = needed;
r.out.service = talloc_array(tctx, uint8_t, needed);
status = dcerpc_svcctl_EnumServicesStatusW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!");
torture_assert_werr_ok(tctx, r.out.result, "EnumServicesStatus failed");
}
if (services_returned > 0) {
enum ndr_err_code ndr_err;
DATA_BLOB blob;
struct ndr_pull *ndr;
blob.length = r.in.offered;
blob.data = talloc_steal(tctx, r.out.service);
ndr = ndr_pull_init_blob(&blob, tctx);
service = talloc_array(tctx, struct ENUM_SERVICE_STATUSW, services_returned);
if (!service) {
return false;
}
ndr_err = ndr_pull_ENUM_SERVICE_STATUSW_array(
ndr, services_returned, service);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return false;
}
}
for(i = 0; i < services_returned; i++) {
torture_assert(tctx, service[i].service_name,
"Service without name returned!");
printf("%-20s \"%s\", Type: %d, State: %d\n",
service[i].service_name, service[i].display_name,
service[i].status.type, service[i].status.state);
}
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_EnumDependentServicesW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_EnumDependentServicesW r;
struct policy_handle h, s;
uint32_t needed;
uint32_t services_returned;
uint32_t i;
uint32_t states[] = { SERVICE_STATE_ACTIVE,
SERVICE_STATE_INACTIVE,
SERVICE_STATE_ALL };
struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.service = &s;
r.in.offered = 0;
r.in.state = 0;
r.out.service_status = NULL;
r.out.services_returned = &services_returned;
r.out.needed = &needed;
torture_assert_ntstatus_ok(tctx,
dcerpc_svcctl_EnumDependentServicesW_r(b, tctx, &r),
"EnumDependentServicesW failed!");
torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
"EnumDependentServicesW failed!");
for (i=0; ibinding_handle;
if (!test_OpenSCManager(b, tctx, &h))
return false;
if (!test_CloseServiceHandle(b, tctx, &h))
return false;
return true;
}
static bool test_ChangeServiceConfigW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct svcctl_ChangeServiceConfigW r;
struct svcctl_QueryServiceConfigW q;
struct policy_handle h, s;
NTSTATUS status;
struct dcerpc_binding_handle *b = p->binding_handle;
struct QUERY_SERVICE_CONFIG query;
bool ok;
uint32_t offered = 0;
uint32_t needed = 0;
ok = test_OpenSCManager(b, tctx, &h);
if (!ok) {
return false;
}
ok = test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s);
if (!ok) {
return false;
}
q.in.handle = &s;
q.in.offered = offered;
q.out.query = &query;
q.out.needed = &needed;
status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
if (W_ERROR_EQUAL(q.out.result, WERR_INSUFFICIENT_BUFFER)) {
q.in.offered = needed;
status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q);
torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
}
torture_assert_werr_ok(tctx, q.out.result, "QueryServiceConfigW failed!");
r.in.handle = &s;
r.in.type = query.service_type;
r.in.start_type = query.start_type;
r.in.error_control = query.error_control;
/*
* according to MS-SCMR 3.1.4.11 NULL params are supposed to leave the
* existing values intact.
*/
r.in.binary_path = NULL;
r.in.load_order_group = NULL;
r.in.dependencies = NULL;
r.in.dwDependSize = 0;
r.in.service_start_name = NULL;
r.in.password = NULL;
r.in.dwPwSize = 0;
r.in.display_name = NULL;
r.in.tag_id = NULL;
r.out.tag_id = NULL;
status = dcerpc_svcctl_ChangeServiceConfigW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ChangeServiceConfigW failed!");
torture_assert_werr_ok(tctx, r.out.result, "ChangeServiceConfigW failed!");
ok = test_CloseServiceHandle(b, tctx, &s);
if (!ok) {
return false;
}
ok = test_CloseServiceHandle(b, tctx, &h);
if (!ok) {
return false;
}
return true;
}
struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx)
{
struct torture_suite *suite = torture_suite_create(mem_ctx, "svcctl");
struct torture_rpc_tcase *tcase;
tcase = torture_suite_add_rpc_iface_tcase(suite, "svcctl", &ndr_table_svcctl);
torture_rpc_tcase_add_test(tcase, "SCManager",
test_SCManager);
torture_rpc_tcase_add_test(tcase, "EnumServicesStatus",
test_EnumServicesStatus);
torture_rpc_tcase_add_test(tcase, "EnumDependentServicesW",
test_EnumDependentServicesW);
torture_rpc_tcase_add_test(tcase, "QueryServiceStatus",
test_QueryServiceStatus);
torture_rpc_tcase_add_test(tcase, "QueryServiceStatusEx",
test_QueryServiceStatusEx);
torture_rpc_tcase_add_test(tcase, "QueryServiceConfigW",
test_QueryServiceConfigW);
torture_rpc_tcase_add_test(tcase, "QueryServiceConfig2W",
test_QueryServiceConfig2W);
torture_rpc_tcase_add_test(tcase, "QueryServiceObjectSecurity",
test_QueryServiceObjectSecurity);
torture_rpc_tcase_add_test(tcase, "SetServiceObjectSecurity",
test_SetServiceObjectSecurity);
torture_rpc_tcase_add_test(tcase, "StartServiceW",
test_StartServiceW);
torture_rpc_tcase_add_test(tcase, "ControlService",
test_ControlService);
torture_rpc_tcase_add_test(tcase, "ChangeServiceConfigW",
test_ChangeServiceConfigW);
return suite;
}