From db7dde39ddc5176b67cb9f974eb5daaa5c739a2a Mon Sep 17 00:00:00 2001 From: Iain Patterson Date: Thu, 6 Feb 2014 21:30:06 +0000 Subject: [PATCH] UAC awareness. Relaunch NSSM with administrator privileges if an attempt to install, edit or remove a service fails. The new process won't inherit the original console so its output won't be visible. For that reason we don't attempt to elevate for operations which need to be able to display messages, such as controlling a service or editing parameters. Thanks to various people for requesting the feature but mainly to Marco Certelli for advice on the implementation. --- nssm.cpp | 53 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 41 insertions(+), 12 deletions(-) diff --git a/nssm.cpp b/nssm.cpp index e29ead6..7eef69d 100644 --- a/nssm.cpp +++ b/nssm.cpp @@ -55,6 +55,44 @@ void check_admin() { FreeSid(AdministratorsGroup); } +static int elevate(int argc, TCHAR **argv, unsigned long message) { + print_message(stderr, message); + + SHELLEXECUTEINFO sei; + ZeroMemory(&sei, sizeof(sei)); + sei.cbSize = sizeof(sei); + sei.lpVerb = _T("runas"); + sei.lpFile = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, PATH_LENGTH); + if (! sei.lpFile) { + print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("GetModuleFileName()"), _T("elevate()")); + return 111; + } + GetModuleFileName(0, (TCHAR *) sei.lpFile, PATH_LENGTH); + + TCHAR *args = (TCHAR *) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, EXE_LENGTH * sizeof(TCHAR)); + if (! args) { + HeapFree(GetProcessHeap(), 0, (void *) sei.lpFile); + print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("GetCommandLine()"), _T("elevate()")); + return 111; + } + + /* Get command line, which includes the path to NSSM, and skip that part. */ + _sntprintf_s(args, EXE_LENGTH, _TRUNCATE, _T("%s"), GetCommandLine()); + size_t s = _tcslen(argv[0]) + 1; + if (args[0] == _T('"')) s += 2; + while (isspace(args[s])) s++; + + sei.lpParameters = args + s; + sei.nShow = SW_SHOW; + + unsigned long exitcode = 0; + if (! ShellExecuteEx(&sei)) exitcode = 100; + + HeapFree(GetProcessHeap(), 0, (void *) sei.lpFile); + HeapFree(GetProcessHeap(), 0, (void *) args); + return exitcode; +} + int num_cpus() { DWORD_PTR i, affinity, system_affinity; if (! GetProcessAffinityMask(GetCurrentProcess(), &affinity, &system_affinity)) return 64; @@ -98,27 +136,18 @@ int _tmain(int argc, TCHAR **argv) { if (str_equiv(argv[1], _T("status"))) exit(control_service(SERVICE_CONTROL_INTERROGATE, argc - 2, argv + 2)); if (str_equiv(argv[1], _T("rotate"))) exit(control_service(NSSM_SERVICE_CONTROL_ROTATE, argc - 2, argv + 2)); if (str_equiv(argv[1], _T("install"))) { - if (! is_admin) { - print_message(stderr, NSSM_MESSAGE_NOT_ADMINISTRATOR_CANNOT_INSTALL); - exit(100); - } + if (! is_admin) exit(elevate(argc, argv, NSSM_MESSAGE_NOT_ADMINISTRATOR_CANNOT_INSTALL)); exit(pre_install_service(argc - 2, argv + 2)); } if (str_equiv(argv[1], _T("edit")) || str_equiv(argv[1], _T("get")) || str_equiv(argv[1], _T("set")) || str_equiv(argv[1], _T("reset")) || str_equiv(argv[1], _T("unset"))) { - if (! is_admin) { - print_message(stderr, NSSM_MESSAGE_NOT_ADMINISTRATOR_CANNOT_EDIT); - exit(100); - } int ret = pre_edit_service(argc - 1, argv + 1); + if (ret == 3 && ! is_admin && argc == 3) exit(elevate(argc, argv, NSSM_MESSAGE_NOT_ADMINISTRATOR_CANNOT_EDIT)); /* There might be a password here. */ for (int i = 0; i < argc; i++) SecureZeroMemory(argv[i], _tcslen(argv[i]) * sizeof(TCHAR)); exit(ret); } if (str_equiv(argv[1], _T("remove"))) { - if (! is_admin) { - print_message(stderr, NSSM_MESSAGE_NOT_ADMINISTRATOR_CANNOT_REMOVE); - exit(100); - } + if (! is_admin) exit(elevate(argc, argv, NSSM_MESSAGE_NOT_ADMINISTRATOR_CANNOT_REMOVE)); exit(pre_remove_service(argc - 2, argv + 2)); } } -- 2.20.1