#include "nssm.h"\r
\r
-/* This is explicitly a wide string. */\r
-#define NSSM_LOGON_AS_SERVICE_RIGHT L"SeServiceLogonRight"\r
-\r
bool is_admin;\r
bool use_critical_section;\r
\r
}\r
\r
/* Connect to the service manager */\r
-SC_HANDLE open_service_manager() {\r
- SC_HANDLE ret = OpenSCManager(0, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS);\r
+SC_HANDLE open_service_manager(unsigned long access) {\r
+ SC_HANDLE ret = OpenSCManager(0, SERVICES_ACTIVE_DATABASE, access);\r
if (! ret) {\r
if (is_admin) log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_OPENSCMANAGER_FAILED, 0);\r
return 0;\r
}\r
\r
/* Open a service by name or display name. */\r
-SC_HANDLE open_service(SC_HANDLE services, TCHAR *service_name, TCHAR *canonical_name, unsigned long canonical_namelen) {\r
- SC_HANDLE service_handle = OpenService(services, service_name, SERVICE_ALL_ACCESS);\r
+SC_HANDLE open_service(SC_HANDLE services, TCHAR *service_name, unsigned long access, TCHAR *canonical_name, unsigned long canonical_namelen) {\r
+ SC_HANDLE service_handle = OpenService(services, service_name, access);\r
if (service_handle) {\r
if (canonical_name && canonical_name != service_name) {\r
if (_sntprintf_s(canonical_name, canonical_namelen, _TRUNCATE, _T("%s"), service_name) < 0) {\r
}\r
\r
HeapFree(GetProcessHeap(), 0, status);\r
- return open_service(services, canonical_name, 0, 0);\r
+ return open_service(services, canonical_name, access, 0, 0);\r
}\r
}\r
\r
}\r
\r
/* Recurse so we can get an error message. */\r
- return open_service(services, service_name, 0, 0);\r
+ return open_service(services, service_name, access, 0, 0);\r
}\r
\r
QUERY_SERVICE_CONFIG *query_service_config(const TCHAR *service_name, SC_HANDLE service_handle) {\r
\r
if (! qsc) return 1;\r
\r
- if (str_equiv(qsc->lpServiceStartName, NSSM_LOCALSYSTEM_ACCOUNT)) return 0;\r
-\r
- size_t len = _tcslen(qsc->lpServiceStartName);\r
- *username = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, (len + 1) * sizeof(TCHAR));\r
- if (! *username) {\r
- print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("username"), _T("get_service_username()"));\r
- return 2;\r
- }\r
-\r
- memmove(*username, qsc->lpServiceStartName, (len + 1) * sizeof(TCHAR));\r
- *usernamelen = len;\r
-\r
- return 0;\r
-}\r
-\r
-int grant_logon_as_service(const TCHAR *username) {\r
- if (! username) return 0;\r
- if (str_equiv(username, NSSM_LOCALSYSTEM_ACCOUNT)) return 0;\r
-\r
- /* Open Policy object. */\r
- LSA_OBJECT_ATTRIBUTES attributes;\r
- ZeroMemory(&attributes, sizeof(attributes));\r
-\r
- LSA_HANDLE policy;\r
+ if (qsc->lpServiceStartName[0]) {\r
+ if (is_localsystem(qsc->lpServiceStartName)) return 0;\r
\r
- NTSTATUS status = LsaOpenPolicy(0, &attributes, POLICY_ALL_ACCESS, &policy);\r
- if (status) {\r
- print_message(stderr, NSSM_MESSAGE_LSAOPENPOLICY_FAILED, error_string(LsaNtStatusToWinError(status)));\r
- return 1;\r
- }\r
-\r
- /* Look up SID for the account. */\r
- LSA_UNICODE_STRING lsa_username;\r
-#ifdef UNICODE\r
- lsa_username.Buffer = (wchar_t *) username;\r
- lsa_username.Length = (unsigned short) _tcslen(username) * sizeof(TCHAR);\r
- lsa_username.MaximumLength = lsa_username.Length + sizeof(TCHAR);\r
-#else\r
- size_t buflen;\r
- mbstowcs_s(&buflen, NULL, 0, username, _TRUNCATE);\r
- lsa_username.MaximumLength = (unsigned short) buflen * sizeof(wchar_t);\r
- lsa_username.Length = lsa_username.MaximumLength - sizeof(wchar_t);\r
- lsa_username.Buffer = (wchar_t *) HeapAlloc(GetProcessHeap(), 0, lsa_username.MaximumLength);\r
- if (lsa_username.Buffer) mbstowcs_s(&buflen, lsa_username.Buffer, lsa_username.MaximumLength, username, _TRUNCATE);\r
- else {\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("LSA_UNICODE_STRING"), _T("grant_logon_as_service()"));\r
- return 2;\r
- }\r
-#endif\r
-\r
- LSA_REFERENCED_DOMAIN_LIST *translated_domains;\r
- LSA_TRANSLATED_SID *translated_sid;\r
- status = LsaLookupNames(policy, 1, &lsa_username, &translated_domains, &translated_sid);\r
-#ifndef UNICODE\r
- HeapFree(GetProcessHeap(), 0, lsa_username.Buffer);\r
-#endif\r
- if (status) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_LSALOOKUPNAMES_FAILED, username, error_string(LsaNtStatusToWinError(status)));\r
- return 3;\r
- }\r
-\r
- if (translated_sid->Use != SidTypeUser) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
- return 4;\r
- }\r
-\r
- LSA_TRUST_INFORMATION *trust = &translated_domains->Domains[translated_sid->DomainIndex];\r
- if (! trust || ! IsValidSid(trust->Sid)) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
- return 4;\r
- }\r
-\r
- /* GetSidSubAuthority*() return pointers! */\r
- unsigned char *n = GetSidSubAuthorityCount(trust->Sid);\r
-\r
- /* Convert translated SID to SID. */\r
- SID *sid = (SID *) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, GetSidLengthRequired(*n + 1));\r
- if (! sid) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("SID"), _T("grant_logon_as_service"));\r
- return 4;\r
- }\r
-\r
- unsigned long error;\r
- if (! InitializeSid(sid, GetSidIdentifierAuthority(trust->Sid), *n + 1)) {\r
- error = GetLastError();\r
- HeapFree(GetProcessHeap(), 0, sid);\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_INITIALIZESID_FAILED, username, error_string(error));\r
- return 5;\r
- }\r
-\r
- for (unsigned char i = 0; i <= *n; i++) {\r
- unsigned long *sub = GetSidSubAuthority(sid, i);\r
- if (i < *n) *sub = *GetSidSubAuthority(trust->Sid, i);\r
- else *sub = translated_sid->RelativeId;\r
- }\r
-\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
-\r
- /* Check if the SID has the "Log on as a service" right. */\r
- LSA_UNICODE_STRING lsa_right;\r
- lsa_right.Buffer = NSSM_LOGON_AS_SERVICE_RIGHT;\r
- lsa_right.Length = (unsigned short) wcslen(lsa_right.Buffer) * sizeof(wchar_t);\r
- lsa_right.MaximumLength = lsa_right.Length + sizeof(wchar_t);\r
-\r
- LSA_UNICODE_STRING *rights;\r
- unsigned long count = ~0;\r
- status = LsaEnumerateAccountRights(policy, sid, &rights, &count);\r
- if (status) {\r
- /*\r
- If the account has no rights set LsaEnumerateAccountRights() will return\r
- STATUS_OBJECT_NAME_NOT_FOUND and set count to 0.\r
- */\r
- error = LsaNtStatusToWinError(status);\r
- if (error != ERROR_FILE_NOT_FOUND) {\r
- HeapFree(GetProcessHeap(), 0, sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_LSAENUMERATEACCOUNTRIGHTS_FAILED, username, error_string(error));\r
- return 4;\r
+ size_t len = _tcslen(qsc->lpServiceStartName);\r
+ *username = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, (len + 1) * sizeof(TCHAR));\r
+ if (! *username) {\r
+ print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("username"), _T("get_service_username()"));\r
+ return 2;\r
}\r
- }\r
-\r
- for (unsigned long i = 0; i < count; i++) {\r
- if (rights[i].Length != lsa_right.Length) continue;\r
- if (_wcsnicmp(rights[i].Buffer, lsa_right.Buffer, lsa_right.MaximumLength)) continue;\r
- /* The SID has the right. */\r
- HeapFree(GetProcessHeap(), 0, sid);\r
- LsaFreeMemory(rights);\r
- LsaClose(policy);\r
- return 0;\r
- }\r
- LsaFreeMemory(rights);\r
\r
- /* Add the right. */\r
- status = LsaAddAccountRights(policy, sid, &lsa_right, 1);\r
- HeapFree(GetProcessHeap(), 0, sid);\r
- LsaClose(policy);\r
- if (status) {\r
- print_message(stderr, NSSM_MESSAGE_LSAADDACCOUNTRIGHTS_FAILED, error_string(LsaNtStatusToWinError(status)));\r
- return 5;\r
+ memmove(*username, qsc->lpServiceStartName, (len + 1) * sizeof(TCHAR));\r
+ *usernamelen = len;\r
}\r
\r
- print_message(stdout, NSSM_MESSAGE_GRANTED_LOGON_AS_SERVICE, username);\r
return 0;\r
}\r
\r
additional = argv[3];\r
remainder = 4;\r
}\r
+ else if (str_equiv(setting->name, NSSM_NATIVE_OBJECTNAME) && mode == MODE_SETTING) {\r
+ additional = argv[3];\r
+ remainder = 4;\r
+ }\r
else {\r
additional = argv[remainder];\r
if (argc < mandatory) return usage(1);\r
_sntprintf_s(service->name, _countof(service->name), _TRUNCATE, _T("%s"), service_name);\r
\r
/* Open service manager */\r
- SC_HANDLE services = open_service_manager();\r
+ SC_HANDLE services = open_service_manager(SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE);\r
if (! services) {\r
print_message(stderr, NSSM_MESSAGE_OPEN_SERVICE_MANAGER_FAILED);\r
return 2;\r
}\r
\r
/* Try to open the service */\r
- service->handle = open_service(services, service->name, service->name, _countof(service->name));\r
+ unsigned long access = SERVICE_QUERY_CONFIG;\r
+ if (mode != MODE_GETTING) access |= SERVICE_CHANGE_CONFIG;\r
+ service->handle = open_service(services, service->name, access, service->name, _countof(service->name));\r
if (! service->handle) {\r
CloseServiceHandle(services);\r
return 3;\r
/* Unset the parameter. */\r
value.string = 0;\r
}\r
+ else if (remainder == argc) {\r
+ value.string = 0;\r
+ }\r
else {\r
/* Set the parameter. */\r
size_t len = 0;\r
if (! service) return 1;\r
\r
/* Open service manager */\r
- SC_HANDLE services = open_service_manager();\r
+ SC_HANDLE services = open_service_manager(SC_MANAGER_CONNECT | SC_MANAGER_CREATE_SERVICE);\r
if (! services) {\r
print_message(stderr, NSSM_MESSAGE_OPEN_SERVICE_MANAGER_FAILED);\r
cleanup_nssm_service(service);\r
}\r
else if (editing) username = NSSM_LOCALSYSTEM_ACCOUNT;\r
\r
- if (grant_logon_as_service(username)) {\r
- print_message(stderr, NSSM_MESSAGE_GRANT_LOGON_AS_SERVICE_FAILED, username);\r
- return 5;\r
+ if (well_known_username(username)) password = _T("");\r
+ else {\r
+ if (grant_logon_as_service(username)) {\r
+ print_message(stderr, NSSM_MESSAGE_GRANT_LOGON_AS_SERVICE_FAILED, username);\r
+ return 5;\r
+ }\r
}\r
\r
if (! ChangeServiceConfig(service->handle, service->type, startup, SERVICE_NO_CHANGE, 0, 0, 0, 0, username, password, service->displayname)) {\r
TCHAR *service_name = argv[0];\r
TCHAR canonical_name[SERVICE_NAME_LENGTH];\r
\r
- SC_HANDLE services = open_service_manager();\r
+ SC_HANDLE services = open_service_manager(SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE);\r
if (! services) {\r
print_message(stderr, NSSM_MESSAGE_OPEN_SERVICE_MANAGER_FAILED);\r
return 2;\r
}\r
\r
- SC_HANDLE service_handle = open_service(services, service_name, canonical_name, _countof(canonical_name));\r
+ unsigned long access = SERVICE_QUERY_STATUS;\r
+ switch (control) {\r
+ case NSSM_SERVICE_CONTROL_START:\r
+ access |= SERVICE_START;\r
+ break;\r
+\r
+ case SERVICE_CONTROL_CONTINUE:\r
+ case SERVICE_CONTROL_PAUSE:\r
+ access |= SERVICE_PAUSE_CONTINUE;\r
+ break;\r
+\r
+ case SERVICE_CONTROL_STOP:\r
+ access |= SERVICE_STOP;\r
+ break;\r
+\r
+ case NSSM_SERVICE_CONTROL_ROTATE:\r
+ access |= SERVICE_USER_DEFINED_CONTROL;\r
+ break;\r
+ }\r
+\r
+ SC_HANDLE service_handle = open_service(services, service_name, access, canonical_name, _countof(canonical_name));\r
if (! service_handle) {\r
CloseServiceHandle(services);\r
return 3;\r
if (! service) return 1;\r
\r
/* Open service manager */\r
- SC_HANDLE services = open_service_manager();\r
+ SC_HANDLE services = open_service_manager(SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE);\r
if (! services) {\r
print_message(stderr, NSSM_MESSAGE_OPEN_SERVICE_MANAGER_FAILED);\r
return 2;\r
}\r
\r
/* Try to open the service */\r
- service->handle = open_service(services, service->name, service->name, _countof(service->name));\r
+ service->handle = open_service(services, service->name, DELETE, service->name, _countof(service->name));\r
if (! service->handle) {\r
CloseServiceHandle(services);\r
return 3;\r
/* Try to create the exit action parameters; we don't care if it fails */\r
create_exit_action(service->name, exit_action_strings[0], false);\r
\r
- SC_HANDLE services = open_service_manager();\r
+ SC_HANDLE services = open_service_manager(SC_MANAGER_CONNECT);\r
if (services) {\r
- service->handle = OpenService(services, service->name, SC_MANAGER_ALL_ACCESS);\r
+ service->handle = open_service(services, service->name, SERVICE_CHANGE_CONFIG, 0, 0);\r
set_service_recovery(service);\r
CloseServiceHandle(services);\r
}\r
TCHAR cmd[CMD_LENGTH];\r
if (_sntprintf_s(cmd, _countof(cmd), _TRUNCATE, _T("\"%s\" %s"), service->exe, service->flags) < 0) {\r
log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_OUT_OF_MEMORY, _T("command line"), _T("start_service"), 0);\r
- close_output_handles(&si);\r
return stop_service(service, 2, true, true);\r
}\r
\r
if (service->env) duplicate_environment(service->env);\r
if (service->env_extra) set_environment_block(service->env_extra);\r
\r
+ /* Set up I/O redirection. */\r
+ if (get_output_handles(service, &si)) {\r
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GET_OUTPUT_HANDLES_FAILED, service->name, 0);\r
+ if (! service->no_console) FreeConsole();\r
+ close_output_handles(&si);\r
+ return stop_service(service, 4, true, true);\r
+ }\r
+\r
bool inherit_handles = false;\r
if (si.dwFlags & STARTF_USESTDHANDLES) inherit_handles = true;\r
unsigned long flags = service->priority & priority_mask();\r
\r
close_output_handles(&si);\r
\r
+ if (! service->no_console) FreeConsole();\r
+\r
/* Restore our environment. */\r
duplicate_environment(service->initial_env);\r
\r
\r
service->rotate_stdout_online = service->rotate_stderr_online = NSSM_ROTATE_OFFLINE;\r
\r
+ /* Use now as a dummy exit time. */\r
+ GetSystemTimeAsFileTime(&service->exit_time);\r
+\r
/* Check exit code */\r
unsigned long exitcode = 0;\r
TCHAR code[16];\r
if (service->process_handle) {\r
GetExitCodeProcess(service->process_handle, &exitcode);\r
- if (exitcode == STILL_ACTIVE || get_process_exit_time(service->process_handle, &service->exit_time)) GetSystemTimeAsFileTime(&service->exit_time);\r
+ /* Check real exit time. */\r
+ if (exitcode != STILL_ACTIVE) get_process_exit_time(service->process_handle, &service->exit_time);\r
CloseHandle(service->process_handle);\r
}\r
- else GetSystemTimeAsFileTime(&service->exit_time);\r
\r
service->process_handle = 0;\r
\r
if (service->pid) kill_process_tree(service, service->pid, exitcode, service->pid);\r
service->pid = 0;\r
\r
- if (! service->no_console) FreeConsole();\r
-\r
/*\r
The why argument is true if our wait timed out or false otherwise.\r
Our wait is infinite so why will never be true when called by the system.\r
git://git.iain.cx/iain / nssm.git / blobdiff