X-Git-Url: http://git.iain.cx/?a=blobdiff_plain;f=service.cpp;h=d01ece0340bc6832a69c53b5ab53ab8c091b1a7c;hb=cca8d28295ce27b7c996b47badc6a1e3a6a34e65;hp=ee60c1072fa7f0cd36712db4489f9bf09f9270ed;hpb=eac4d7eedfe338703f0103aac01af2ca306f615a;p=nssm.git diff --git a/service.cpp b/service.cpp index ee60c10..d01ece0 100644 --- a/service.cpp +++ b/service.cpp @@ -1,8 +1,5 @@ #include "nssm.h" -/* This is explicitly a wide string. */ -#define NSSM_LOGON_AS_SERVICE_RIGHT L"SeServiceLogonRight" - bool is_admin; bool use_critical_section; @@ -475,7 +472,7 @@ int get_service_username(const TCHAR *service_name, const QUERY_SERVICE_CONFIG * if (! qsc) return 1; - if (str_equiv(qsc->lpServiceStartName, NSSM_LOCALSYSTEM_ACCOUNT)) return 0; + if (is_localsystem(qsc->lpServiceStartName)) return 0; size_t len = _tcslen(qsc->lpServiceStartName); *username = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, (len + 1) * sizeof(TCHAR)); @@ -490,153 +487,6 @@ int get_service_username(const TCHAR *service_name, const QUERY_SERVICE_CONFIG * return 0; } -int grant_logon_as_service(const TCHAR *username) { - if (! username) return 0; - if (str_equiv(username, NSSM_LOCALSYSTEM_ACCOUNT)) return 0; - - /* Open Policy object. */ - LSA_OBJECT_ATTRIBUTES attributes; - ZeroMemory(&attributes, sizeof(attributes)); - - LSA_HANDLE policy; - - NTSTATUS status = LsaOpenPolicy(0, &attributes, POLICY_ALL_ACCESS, &policy); - if (status) { - print_message(stderr, NSSM_MESSAGE_LSAOPENPOLICY_FAILED, error_string(LsaNtStatusToWinError(status))); - return 1; - } - - /* Look up SID for the account. */ - LSA_UNICODE_STRING lsa_username; -#ifdef UNICODE - lsa_username.Buffer = (wchar_t *) username; - lsa_username.Length = (unsigned short) _tcslen(username) * sizeof(TCHAR); - lsa_username.MaximumLength = lsa_username.Length + sizeof(TCHAR); -#else - size_t buflen; - mbstowcs_s(&buflen, NULL, 0, username, _TRUNCATE); - lsa_username.MaximumLength = (unsigned short) buflen * sizeof(wchar_t); - lsa_username.Length = lsa_username.MaximumLength - sizeof(wchar_t); - lsa_username.Buffer = (wchar_t *) HeapAlloc(GetProcessHeap(), 0, lsa_username.MaximumLength); - if (lsa_username.Buffer) mbstowcs_s(&buflen, lsa_username.Buffer, lsa_username.MaximumLength, username, _TRUNCATE); - else { - LsaClose(policy); - print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("LSA_UNICODE_STRING"), _T("grant_logon_as_service()")); - return 2; - } -#endif - - LSA_REFERENCED_DOMAIN_LIST *translated_domains; - LSA_TRANSLATED_SID *translated_sid; - status = LsaLookupNames(policy, 1, &lsa_username, &translated_domains, &translated_sid); -#ifndef UNICODE - HeapFree(GetProcessHeap(), 0, lsa_username.Buffer); -#endif - if (status) { - LsaFreeMemory(translated_domains); - LsaFreeMemory(translated_sid); - LsaClose(policy); - print_message(stderr, NSSM_MESSAGE_LSALOOKUPNAMES_FAILED, username, error_string(LsaNtStatusToWinError(status))); - return 3; - } - - if (translated_sid->Use != SidTypeUser) { - LsaFreeMemory(translated_domains); - LsaFreeMemory(translated_sid); - LsaClose(policy); - print_message(stderr, NSSM_GUI_INVALID_USERNAME, username); - return 4; - } - - LSA_TRUST_INFORMATION *trust = &translated_domains->Domains[translated_sid->DomainIndex]; - if (! trust || ! IsValidSid(trust->Sid)) { - LsaFreeMemory(translated_domains); - LsaFreeMemory(translated_sid); - LsaClose(policy); - print_message(stderr, NSSM_GUI_INVALID_USERNAME, username); - return 4; - } - - /* GetSidSubAuthority*() return pointers! */ - unsigned char *n = GetSidSubAuthorityCount(trust->Sid); - - /* Convert translated SID to SID. */ - SID *sid = (SID *) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, GetSidLengthRequired(*n + 1)); - if (! sid) { - LsaFreeMemory(translated_domains); - LsaFreeMemory(translated_sid); - LsaClose(policy); - print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("SID"), _T("grant_logon_as_service")); - return 4; - } - - unsigned long error; - if (! InitializeSid(sid, GetSidIdentifierAuthority(trust->Sid), *n + 1)) { - error = GetLastError(); - HeapFree(GetProcessHeap(), 0, sid); - LsaFreeMemory(translated_domains); - LsaFreeMemory(translated_sid); - LsaClose(policy); - print_message(stderr, NSSM_MESSAGE_INITIALIZESID_FAILED, username, error_string(error)); - return 5; - } - - for (unsigned char i = 0; i <= *n; i++) { - unsigned long *sub = GetSidSubAuthority(sid, i); - if (i < *n) *sub = *GetSidSubAuthority(trust->Sid, i); - else *sub = translated_sid->RelativeId; - } - - LsaFreeMemory(translated_domains); - LsaFreeMemory(translated_sid); - - /* Check if the SID has the "Log on as a service" right. */ - LSA_UNICODE_STRING lsa_right; - lsa_right.Buffer = NSSM_LOGON_AS_SERVICE_RIGHT; - lsa_right.Length = (unsigned short) wcslen(lsa_right.Buffer) * sizeof(wchar_t); - lsa_right.MaximumLength = lsa_right.Length + sizeof(wchar_t); - - LSA_UNICODE_STRING *rights; - unsigned long count = ~0; - status = LsaEnumerateAccountRights(policy, sid, &rights, &count); - if (status) { - /* - If the account has no rights set LsaEnumerateAccountRights() will return - STATUS_OBJECT_NAME_NOT_FOUND and set count to 0. - */ - error = LsaNtStatusToWinError(status); - if (error != ERROR_FILE_NOT_FOUND) { - HeapFree(GetProcessHeap(), 0, sid); - LsaClose(policy); - print_message(stderr, NSSM_MESSAGE_LSAENUMERATEACCOUNTRIGHTS_FAILED, username, error_string(error)); - return 4; - } - } - - for (unsigned long i = 0; i < count; i++) { - if (rights[i].Length != lsa_right.Length) continue; - if (_wcsnicmp(rights[i].Buffer, lsa_right.Buffer, lsa_right.MaximumLength)) continue; - /* The SID has the right. */ - HeapFree(GetProcessHeap(), 0, sid); - LsaFreeMemory(rights); - LsaClose(policy); - return 0; - } - LsaFreeMemory(rights); - - /* Add the right. */ - status = LsaAddAccountRights(policy, sid, &lsa_right, 1); - HeapFree(GetProcessHeap(), 0, sid); - LsaClose(policy); - if (status) { - print_message(stderr, NSSM_MESSAGE_LSAADDACCOUNTRIGHTS_FAILED, error_string(LsaNtStatusToWinError(status))); - return 5; - } - - print_message(stdout, NSSM_MESSAGE_GRANTED_LOGON_AS_SERVICE, username); - return 0; -} - /* Set default values which aren't zero. */ void set_nssm_service_defaults(nssm_service_t *service) { if (! service) return; @@ -791,6 +641,10 @@ int pre_edit_service(int argc, TCHAR **argv) { additional = argv[3]; remainder = 4; } + else if (str_equiv(setting->name, NSSM_NATIVE_OBJECTNAME) && mode == MODE_SETTING) { + additional = argv[3]; + remainder = 4; + } else { additional = argv[remainder]; if (argc < mandatory) return usage(1); @@ -933,6 +787,9 @@ int pre_edit_service(int argc, TCHAR **argv) { /* Unset the parameter. */ value.string = 0; } + else if (remainder == argc) { + value.string = 0; + } else { /* Set the parameter. */ size_t len = 0; @@ -1077,9 +934,11 @@ int edit_service(nssm_service_t *service, bool editing) { } else if (editing) username = NSSM_LOCALSYSTEM_ACCOUNT; - if (grant_logon_as_service(username)) { - print_message(stderr, NSSM_MESSAGE_GRANT_LOGON_AS_SERVICE_FAILED, username); - return 5; + if (requires_password(username)) { + if (grant_logon_as_service(username)) { + print_message(stderr, NSSM_MESSAGE_GRANT_LOGON_AS_SERVICE_FAILED, username); + return 5; + } } if (! ChangeServiceConfig(service->handle, service->type, startup, SERVICE_NO_CHANGE, 0, 0, 0, 0, username, password, service->displayname)) { @@ -1517,7 +1376,6 @@ int start_service(nssm_service_t *service) { TCHAR cmd[CMD_LENGTH]; if (_sntprintf_s(cmd, _countof(cmd), _TRUNCATE, _T("\"%s\" %s"), service->exe, service->flags) < 0) { log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_OUT_OF_MEMORY, _T("command line"), _T("start_service"), 0); - close_output_handles(&si); return stop_service(service, 2, true, true); } @@ -1527,10 +1385,17 @@ int start_service(nssm_service_t *service) { if (service->env) duplicate_environment(service->env); if (service->env_extra) set_environment_block(service->env_extra); + /* Set up I/O redirection. */ + if (get_output_handles(service, &si)) { + log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GET_OUTPUT_HANDLES_FAILED, service->name, 0); + if (! service->no_console) FreeConsole(); + close_output_handles(&si); + return stop_service(service, 4, true, true); + } + bool inherit_handles = false; if (si.dwFlags & STARTF_USESTDHANDLES) inherit_handles = true; unsigned long flags = service->priority & priority_mask(); - if (service->stdin_pipe) flags |= DETACHED_PROCESS; if (service->affinity) flags |= CREATE_SUSPENDED; if (! CreateProcess(0, cmd, 0, 0, inherit_handles, flags, 0, service->dir, &si, &pi)) { unsigned long exitcode = 3; @@ -1547,6 +1412,8 @@ int start_service(nssm_service_t *service) { close_output_handles(&si); + if (! service->no_console) FreeConsole(); + /* Restore our environment. */ duplicate_environment(service->initial_env); @@ -1620,10 +1487,6 @@ int stop_service(nssm_service_t *service, unsigned long exitcode, bool graceful, UnregisterWait(service->wait_handle); service->wait_handle = 0; } - if (service->stdin_pipe) { - CloseHandle(service->stdin_pipe); - service->stdin_pipe = 0; - } service->rotate_stdout_online = service->rotate_stderr_online = NSSM_ROTATE_OFFLINE; @@ -1676,15 +1539,18 @@ void CALLBACK end_service(void *arg, unsigned char why) { service->rotate_stdout_online = service->rotate_stderr_online = NSSM_ROTATE_OFFLINE; + /* Use now as a dummy exit time. */ + GetSystemTimeAsFileTime(&service->exit_time); + /* Check exit code */ unsigned long exitcode = 0; TCHAR code[16]; if (service->process_handle) { GetExitCodeProcess(service->process_handle, &exitcode); - if (exitcode == STILL_ACTIVE || get_process_exit_time(service->process_handle, &service->exit_time)) GetSystemTimeAsFileTime(&service->exit_time); + /* Check real exit time. */ + if (exitcode != STILL_ACTIVE) get_process_exit_time(service->process_handle, &service->exit_time); CloseHandle(service->process_handle); } - else GetSystemTimeAsFileTime(&service->exit_time); service->process_handle = 0;