From: "Erich E. Hoover" <ehoover@mymail.mines.edu>
Subject: [PATCH 3/7] advapi32: Support service objects in GetNamedSecurityInfo (try 4).
Message-Id: <CAEU2+voQ4-ABNvRpgERJm3=k=_6NOX1zjJ2x=AZSwjQZtiu9Dg@mail.gmail.com>
Date: Mon, 17 Dec 2012 18:58:35 -0700

This patch adds support for service objects (SE_SERVICE) in
GetNamedSecurityInfo by utilizing OpenSCManagerW, OpenServiceW, and
CloseServiceHandle.

From acb983a112759d6ebf26673074b0ef8f5efbd2da Mon Sep 17 00:00:00 2001
From: Erich Hoover <ehoover@mines.edu>
Date: Mon, 17 Dec 2012 13:36:28 -0700
Subject: advapi32: Support service objects in GetNamedSecurityInfo.

---
 dlls/advapi32/advapi32_misc.h |    2 ++
 dlls/advapi32/security.c      |   39 +++++++++++++++++++++++++---
 dlls/advapi32/service.c       |   57 +++++++++++++++++++++++++----------------
 3 files changed, 73 insertions(+), 25 deletions(-)

diff --git a/dlls/advapi32/advapi32_misc.h b/dlls/advapi32/advapi32_misc.h
index 3e58b04..55650f5 100644
--- a/dlls/advapi32/advapi32_misc.h
+++ b/dlls/advapi32/advapi32_misc.h
@@ -30,6 +30,8 @@ BOOL ADVAPI_GetComputerSid(PSID sid) DECLSPEC_HIDDEN;
 BOOL lookup_local_wellknown_name(const LSA_UNICODE_STRING*, PSID, LPDWORD, LPWSTR, LPDWORD, PSID_NAME_USE, BOOL*) DECLSPEC_HIDDEN;
 BOOL lookup_local_user_name(const LSA_UNICODE_STRING*, PSID, LPDWORD, LPWSTR, LPDWORD, PSID_NAME_USE, BOOL*) DECLSPEC_HIDDEN;
 WCHAR *SERV_dup(const char *str) DECLSPEC_HIDDEN;
+DWORD SERV_OpenSCManagerW(LPCWSTR, LPCWSTR, DWORD, SC_HANDLE*) DECLSPEC_HIDDEN;
+DWORD SERV_OpenServiceW(SC_HANDLE, LPCWSTR, DWORD, SC_HANDLE*) DECLSPEC_HIDDEN;
 NTSTATUS SERV_QueryServiceObjectSecurity(SC_HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR, DWORD, LPDWORD) DECLSPEC_HIDDEN;
 
 #endif /* __WINE_ADVAPI32MISC_H */
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 23a0e31..a89a3b4 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -423,6 +423,19 @@ static inline DWORD get_security_file( LPWSTR full_file_name, DWORD access, HAND
     return RtlNtStatusToDosError( status );
 }
 
+/* helper function for SE_SERVICE objects in [Get|Set]NamedSecurityInfo */
+static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access, HANDLE *service )
+{
+    SC_HANDLE manager = 0;
+    DWORD err;
+
+    err = SERV_OpenSCManagerW( NULL, NULL, access, (SC_HANDLE *)&manager );
+    if (err == ERROR_SUCCESS)
+        err = SERV_OpenServiceW( manager, full_service_name, access, (SC_HANDLE *)service );
+    CloseServiceHandle( manager );
+    return err;
+}
+
 #define	WINE_SIZE_OF_WORLD_ACCESS_ACL	(sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
 
 static void GetWorldAccessACL(PACL pACL)
@@ -5503,8 +5516,12 @@ DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
 
     TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
            group, dacl, sacl, descriptor );
-    if (type != SE_FILE_OBJECT)
+    switch (type)
     {
+    case SE_FILE_OBJECT:
+    case SE_SERVICE:
+        break;
+    default:
         FIXME( "Object type %d is not currently supported.\n", type );
         if (owner) *owner = NULL;
         if (group) *group = NULL;
@@ -5530,11 +5547,27 @@ DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
     if (info & SACL_SECURITY_INFORMATION)
         access |= ACCESS_SYSTEM_SECURITY;
 
-    err = get_security_file( name, access, &handle);
+    switch (type)
+    {
+    case SE_SERVICE:
+        err = get_security_service( name, access, &handle);
+        break;
+    default: /* SE_FILE_OBJECT */
+        err = get_security_file( name, access, &handle);
+        break;
+    }
     if (err != ERROR_SUCCESS)
         return err;
     err = GetSecurityInfo( handle, type, info, owner, group, dacl, sacl, descriptor );
-    CloseHandle( handle );
+    switch (type)
+    {
+    case SE_SERVICE:
+        CloseServiceHandle( handle );
+        break;
+    default: /* SE_FILE_OBJECT */
+        CloseHandle( handle );
+        break;
+    }
     return err;
 }
 
diff --git a/dlls/advapi32/service.c b/dlls/advapi32/service.c
index 9a952e1..4c694b1 100644
--- a/dlls/advapi32/service.c
+++ b/dlls/advapi32/service.c
@@ -777,18 +777,17 @@ SC_HANDLE WINAPI OpenSCManagerA( LPCSTR lpMachineName, LPCSTR lpDatabaseName,
  *
  * See OpenSCManagerA.
  */
-SC_HANDLE WINAPI OpenSCManagerW( LPCWSTR lpMachineName, LPCWSTR lpDatabaseName,
-                                 DWORD dwDesiredAccess )
+DWORD SERV_OpenSCManagerW( LPCWSTR lpMachineName, LPCWSTR lpDatabaseName,
+                           DWORD dwDesiredAccess, SC_HANDLE *handle )
 {
-    SC_HANDLE handle = 0;
-    LONG r;
+    DWORD r;
 
     TRACE("(%s,%s,0x%08x)\n", debugstr_w(lpMachineName),
           debugstr_w(lpDatabaseName), dwDesiredAccess);
 
     __TRY
     {
-        r = svcctl_OpenSCManagerW(lpMachineName, lpDatabaseName, dwDesiredAccess, (SC_RPC_HANDLE *)&handle);
+        r = svcctl_OpenSCManagerW(lpMachineName, lpDatabaseName, dwDesiredAccess, (SC_RPC_HANDLE *)handle);
     }
     __EXCEPT(rpc_filter)
     {
@@ -797,12 +796,21 @@ SC_HANDLE WINAPI OpenSCManagerW( LPCWSTR lpMachineName, LPCWSTR lpDatabaseName,
     __ENDTRY
 
     if (r!=ERROR_SUCCESS)
-    {
-        SetLastError( r );
-        handle = 0;
-    }
+        *handle = 0;
+
+    TRACE("returning %p\n", *handle);
+    return r;
+}
 
-    TRACE("returning %p\n", handle);
+SC_HANDLE WINAPI OpenSCManagerW( LPCWSTR lpMachineName, LPCWSTR lpDatabaseName,
+                                 DWORD dwDesiredAccess )
+{
+    SC_HANDLE handle = 0;
+    DWORD r;
+
+    r = SERV_OpenSCManagerW(lpMachineName, lpDatabaseName, dwDesiredAccess, &handle);
+    if (r!=ERROR_SUCCESS)
+        SetLastError(r);
     return handle;
 }
 
@@ -921,23 +929,19 @@ SC_HANDLE WINAPI OpenServiceA( SC_HANDLE hSCManager, LPCSTR lpServiceName,
  *
  * See OpenServiceA.
  */
-SC_HANDLE WINAPI OpenServiceW( SC_HANDLE hSCManager, LPCWSTR lpServiceName,
-                               DWORD dwDesiredAccess)
+DWORD SERV_OpenServiceW( SC_HANDLE hSCManager, LPCWSTR lpServiceName,
+                         DWORD dwDesiredAccess, SC_HANDLE *handle )
 {
-    SC_HANDLE handle = 0;
     DWORD err;
 
     TRACE("%p %s %d\n", hSCManager, debugstr_w(lpServiceName), dwDesiredAccess);
 
     if (!hSCManager)
-    {
-        SetLastError( ERROR_INVALID_HANDLE );
-        return 0;
-    }
+        return ERROR_INVALID_HANDLE;
 
     __TRY
     {
-        err = svcctl_OpenServiceW(hSCManager, lpServiceName, dwDesiredAccess, (SC_RPC_HANDLE *)&handle);
+        err = svcctl_OpenServiceW(hSCManager, lpServiceName, dwDesiredAccess, (SC_RPC_HANDLE *)handle);
     }
     __EXCEPT(rpc_filter)
     {
@@ -946,12 +950,21 @@ SC_HANDLE WINAPI OpenServiceW( SC_HANDLE hSCManager, LPCWSTR lpServiceName,
     __ENDTRY
 
     if (err != ERROR_SUCCESS)
-    {
-        SetLastError(err);
         handle = 0;
-    }
 
-    TRACE("returning %p\n",handle);
+    TRACE("returning %p\n", *handle);
+    return err;
+}
+
+SC_HANDLE WINAPI OpenServiceW( SC_HANDLE hSCManager, LPCWSTR lpServiceName,
+                               DWORD dwDesiredAccess)
+{
+    SC_HANDLE handle = 0;
+    DWORD err;
+
+    err = SERV_OpenServiceW(hSCManager, lpServiceName, dwDesiredAccess, &handle);
+    if (err != ERROR_SUCCESS)
+        SetLastError(err);
     return handle;
 }
 
-- 
1.7.9.5