win32-service_8c_source.html

 /* Copyright (C) 2007-2010 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
  * Software Foundation.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * version 2 along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301, USA.
  */

 /**
  * \file
  *
  * \author Ondrej Slanina <oslanina@kerio.com>
  *
  * Windows service functions
  */

 #ifdef OS_WIN32

 #include "suricata-common.h"
 #include "suricata.h"
 #include "win32-service.h"

 static SERVICE_STATUS_HANDLE service_status_handle = 0;

 static int service_argc = 0;

 static char **service_argv = NULL;

 static int service_initialized = 0;

 int main(int argc, char **argv);

 /**
  * \brief Detect if running as service or console app
  */
 int SCRunningAsService(void)
 {
     HANDLE h = INVALID_HANDLE_VALUE;
     if ((h = CreateFile("CONIN$", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0)) == INVALID_HANDLE_VALUE) {
         SCLogInfo("Running as service: yes");
         return 1;
     }
     CloseHandle(h);
     SCLogInfo("Running as service: no");
     return 0;
 }

 /**
  * \brief Detect if running as service or console app
  */
 static void SCAtExitHandler(void)
 {
     SERVICE_STATUS status = {
         SERVICE_WIN32,
         SERVICE_STOPPED,
         SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN,
         NO_ERROR,
         NO_ERROR,
         0,
         0
     };

     SCLogInfo("Exit handler called.");

     /* mark service as stopped */
     if (!SetServiceStatus(service_status_handle, &status)) {
         SCLogWarning(SC_ERR_SVC, "Can't set service status: %d", (int)GetLastError());
     } else {
         SCLogInfo("Service status set to: SERVICE_STOPPED");
     }
 }

 /**
  * \brief Service handler
  */
 static DWORD WINAPI SCServiceCtrlHandlerEx(DWORD code, DWORD etype, LPVOID edata, LPVOID context)
 {
     if (code == SERVICE_CONTROL_SHUTDOWN || code == SERVICE_CONTROL_STOP) {
         SERVICE_STATUS status = {
             SERVICE_WIN32,
             SERVICE_STOP_PENDING,
             SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN,
             NO_ERROR,
             NO_ERROR,
             0,
             0
         };

         SCLogInfo("Service control handler called with %s control code.",
                 ((code == SERVICE_CONTROL_SHUTDOWN) ? ("SERVICE_CONTROL_SHUTDOWN") : ("SERVICE_CONTROL_STOP")));

         /* mark service as stop pending */
         if (!SetServiceStatus(service_status_handle, &status)) {
             SCLogWarning(SC_ERR_SVC, "Can't set service status: %d", (int)GetLastError());
         } else {
             SCLogInfo("Service status set to: SERVICE_STOP_PENDING");
         }

         /* mark engine as stopping */
         EngineStop();

         return NO_ERROR;
     }

     return ERROR_CALL_NOT_IMPLEMENTED;
 }

 /**
  * \brief Service main function
  */
 static void WINAPI SCServiceMain(uint32_t argc, char** argv)
 {
     SERVICE_STATUS status = {
         SERVICE_WIN32,
         SERVICE_RUNNING,
         SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN,
         NO_ERROR,
         NO_ERROR,
         0,
         0
     };

     if ((service_status_handle = RegisterServiceCtrlHandlerEx((char *)PROG_NAME, SCServiceCtrlHandlerEx, NULL)) == (SERVICE_STATUS_HANDLE)0) {
         SCLogError(SC_ERR_SVC, "Can't register service control handler: %d", (int)GetLastError());
         return;
     }

     /* register exit handler */
     if (atexit(SCAtExitHandler)) {
         SCLogWarning(SC_ERR_SVC, "Can't register exit handler: %d", (int)GetLastError());
     }

     /* mark service as running immediately */
     if (!SetServiceStatus(service_status_handle, &status)) {
         SCLogWarning(SC_ERR_SVC, "Can't set service status: %d", (int)GetLastError());
     } else {
         SCLogInfo("Service status set to: SERVICE_RUNNING");
     }

     SCLogInfo("Entering main function...");

     /* suricata initialization -> main loop -> uninitialization */
     main(service_argc, service_argv);

     SCLogInfo("Leaving main function.");

     /* mark service as stopped */
     status.dwCurrentState = SERVICE_STOPPED;

     if (!SetServiceStatus(service_status_handle, &status)) {
         SCLogWarning(SC_ERR_SVC, "Can't set service status: %d", (int)GetLastError());
     } else {
         SCLogInfo("Service status set to: SERVICE_STOPPED");
     }
 }

 /**
  * \brief Init suricata service
  *
  * \param argc num of arguments
  * \param argv passed arguments
  */
 int SCServiceInit(int argc, char **argv)
 {
     SERVICE_TABLE_ENTRY DispatchTable[] = {
         {(char *)PROG_NAME, (LPSERVICE_MAIN_FUNCTION) SCServiceMain},
         {NULL, NULL}
     };

     /* continue with suricata initialization */
     if (service_initialized) {
         SCLogWarning(SC_ERR_SVC, "Service is already initialized.");
         return 0;
     }

     /* save args */
     service_argc = argc;
     service_argv = argv;

     service_initialized = 1;

     SCLogInfo("Entering service control dispatcher...");

     if (!StartServiceCtrlDispatcher(DispatchTable)) {
         /* exit with failure */
         exit(EXIT_FAILURE);
     }

     SCLogInfo("Leaving service control dispatcher.");

     /* exit with success */
     exit(EXIT_SUCCESS);
 }

 /**
  * \brief Install suricata as service
  *
  * \param argc num of arguments
  * \param argv passed arguments
  */
 int SCServiceInstall(int argc, char **argv)
 {
     char path[2048];
     SC_HANDLE service = NULL;
     SC_HANDLE scm = NULL;
     int ret = -1;
     int i = 0;

     do {
         memset(path, 0, sizeof(path));

         if (GetModuleFileName(NULL, path, MAX_PATH) == 0 ){
             SCLogError(SC_ERR_SVC, "Can't get path to service binary: %d", (int)GetLastError());
             break;
         }

         /* skip name of binary itself */
         for (i = 1; i < argc; i++) {
             if ((strlen(argv[i]) <= strlen("--service-install")) && (strncmp("--service-install", argv[i], strlen(argv[i])) == 0)) {
                 continue;
             }
             strlcat(path, " ", sizeof(path) - strlen(path) - 1);
             strlcat(path, argv[i], sizeof(path) - strlen(path) - 1);
         }

         if ((scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS)) == NULL) {
             SCLogError(SC_ERR_SVC, "Can't open SCM: %d", (int)GetLastError());
             break;
         }

         service = CreateService(
                 scm,
                 PROG_NAME,
                 PROG_NAME,
                 SERVICE_ALL_ACCESS,
                 SERVICE_WIN32_OWN_PROCESS,
                 SERVICE_DEMAND_START,
                 SERVICE_ERROR_NORMAL,
                 path,
                 NULL,
                 NULL,
                 NULL,
                 NULL,
                 NULL);

         if (service == NULL) {
             SCLogError(SC_ERR_SVC, "Can't create service: %d", (int)GetLastError());
             break;
         }

         ret = 0;

     } while(0);

     if (service) {
         CloseServiceHandle(service);
     }

     if (scm) {
         CloseServiceHandle(scm);
     }

     return ret;
 }

 /**
  * \brief Remove suricata service
  *
  * \param argc num of arguments
  * \param argv passed arguments
  */
 int SCServiceRemove(int argc, char **argv)
 {
     SERVICE_STATUS status;
     SC_HANDLE service = NULL;
     SC_HANDLE scm = NULL;
     int ret = -1;

     do {
         if ((scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS)) == NULL) {
             SCLogError(SC_ERR_SVC, "Can't open SCM: %d", (int)GetLastError());
             break;
         }

         if ((service = OpenService(scm, PROG_NAME, SERVICE_ALL_ACCESS)) == NULL) {
             SCLogError(SC_ERR_SVC, "Can't open service: %d", (int)GetLastError());
             break;
         }

         if (!QueryServiceStatus(service, &status)) {
             SCLogError(SC_ERR_SVC, "Can't query service status: %d", (int)GetLastError());
             break;
         }

         if (status.dwCurrentState != SERVICE_STOPPED) {
             SCLogError(SC_ERR_SVC, "Service isn't in stopped state: %d", (int)GetLastError());
             break;
         }

         if (!DeleteService(service)) {
             SCLogError(SC_ERR_SVC, "Can't delete service: %d", (int)GetLastError());
             break;
         }

         ret = 0;

     } while(0);

     if (service) {
         CloseServiceHandle(service);
     }

     if (scm) {
         CloseServiceHandle(scm);
     }

     return ret;
 }

 /**
  * \brief Change suricata service startup parameters
  *
  * \param argc num of arguments
  * \param argv passed arguments
  */
 int SCServiceChangeParams(int argc, char **argv)
 {
     char path[2048];
     SC_HANDLE service = NULL;
     SC_HANDLE scm = NULL;
     int ret = -1;
     int i = 0;

     do {
         memset(path, 0, sizeof(path));

         if (GetModuleFileName(NULL, path, MAX_PATH) == 0 ){
             SCLogError(SC_ERR_SVC, "Can't get path to service binary: %d", (int)GetLastError());
             break;
         }

         /* skip name of binary itself */
         for (i = 1; i < argc; i++) {
             if ((strlen(argv[i]) <= strlen("--service-change-params")) && (strncmp("--service-change-params", argv[i], strlen(argv[i])) == 0)) {
                 continue;
             }
             strlcat(path, " ", sizeof(path) - strlen(path) - 1);
             strlcat(path, argv[i], sizeof(path) - strlen(path) - 1);
         }

         if ((scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS)) == NULL) {
             SCLogError(SC_ERR_SVC, "Can't open SCM: %d", (int)GetLastError());
             break;
         }

         if ((service = OpenService(scm, PROG_NAME, SERVICE_ALL_ACCESS)) == NULL) {
             SCLogError(SC_ERR_SVC, "Can't open service: %d", (int)GetLastError());
             break;
         }

         if (!ChangeServiceConfig(
                     service,
                     SERVICE_WIN32_OWN_PROCESS,
                     SERVICE_DEMAND_START,
                     SERVICE_ERROR_NORMAL,
                     path,
                     NULL,
                     NULL,
                     NULL,
                     NULL,
                     NULL,
                     PROG_NAME))
         {
             SCLogError(SC_ERR_SVC, "Can't change service configuration: %d", (int)GetLastError());
             break;
         }

         ret = 0;

     } while(0);

     return ret;
 }

 #endif /* OS_WIN32 */
PROG_NAME
#define PROG_NAME
Definition: suricata.h:71

suricata.h

strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45

SC_ERR_SVC
Definition: util-error.h:194

SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294

suricata-common.h

SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281

SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254

main
int main(int argc, char **argv)
Definition: suricata.c:2884

EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:420

code
uint8_t code
Definition: decode-icmpv4.h:801

win32-service.h