Skip to content

Commit

Permalink
Fix launching process in user's security context
Browse files Browse the repository at this point in the history
  • Loading branch information
@nirbar
nirbar committed Apr 2, 2024
1 parent 333aef2 commit 7f65928
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 13 deletions.
23 changes: 12 additions & 11 deletions src/PanelSwCustomActions/ExecOnComponent.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -655,7 +655,7 @@ HRESULT CExecOnComponent::ExecuteOne(const com::panelsw::ca::ExecOnDetails& deta
ExitOnFailure(hr, "Failed setting environment");

// By default, exitCode is what the process returned. If couldn't execute the process, use failure code is result.
hr = LaunchProcess((LPWSTR)szCommand, szWorkingDirectory, (LPCWSTR)szEnvironmentMultiSz, &hProc, &hStdOut);
hr = LaunchProcess(&ctxImpersonation, (LPWSTR)szCommand, szWorkingDirectory, (LPCWSTR)szEnvironmentMultiSz, &hProc, &hStdOut);

if (details.async())
{
Expand Down Expand Up @@ -1004,7 +1004,7 @@ HRESULT CExecOnComponent::SetEnvironment(CWixString* pszEnvironmentMultiSz, cons
return hr;
}

HRESULT CExecOnComponent::LaunchProcess(LPWSTR szCommand, LPCWSTR szWorkingDirectory, LPCWSTR rgszEnvironment, HANDLE* phProcess, HANDLE* phStdOut)
HRESULT CExecOnComponent::LaunchProcess(IMPERSONATION_CONTEXT* pctxImpersonation, LPWSTR szCommand, LPCWSTR szWorkingDirectory, LPCWSTR rgszEnvironment, HANDLE* phProcess, HANDLE* phStdOut)
{
const UINT OUTPUT_BUFFER_SIZE = 1024;
HRESULT hr = S_OK;
Expand Down Expand Up @@ -1081,8 +1081,16 @@ HRESULT CExecOnComponent::LaunchProcess(LPWSTR szCommand, LPCWSTR szWorkingDirec
si.hStdOutput = hOutWrite;
si.hStdError = hErrWrite;

bRes = ::CreateProcessW(nullptr, szCommand, nullptr, nullptr, TRUE, ::GetPriorityClass(::GetCurrentProcess()) | CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT, (LPVOID)rgszEnvironment, szWorkingDirectory, &si, &pi);
ExitOnNullWithLastError(bRes, hr, "Failed to create process");
if (pctxImpersonation->hUserToken)
{
bRes = ::CreateProcessAsUser(pctxImpersonation->hUserToken, nullptr, szCommand, nullptr, nullptr, TRUE, ::GetPriorityClass(::GetCurrentProcess()) | CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT, (LPVOID)rgszEnvironment, szWorkingDirectory, &si, &pi);
ExitOnNullWithLastError(bRes, hr, "Failed to create process");
}
else
{
bRes = ::CreateProcess(nullptr, szCommand, nullptr, nullptr, TRUE, ::GetPriorityClass(::GetCurrentProcess()) | CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT, (LPVOID)rgszEnvironment, szWorkingDirectory, &si, &pi);
ExitOnNullWithLastError(bRes, hr, "Failed to create process");
}
WcaLog(LOGLEVEL::LOGMSG_VERBOSE, "Launched process '%ls'", szCommand);

if (phStdOut)
Expand Down Expand Up @@ -1176,13 +1184,6 @@ HRESULT CExecOnComponent::Impersonate(LPCWSTR szDomain, LPCWSTR szUser, LPCWSTR
bRes = ::CreateEnvironmentBlock(&pEnvironment, hUserToken, FALSE);
ExitOnNullWithLastError(bRes, hr, "Failed to get environment block");

if (hUserToken)
{
bRes = ::ImpersonateLoggedOnUser(hUserToken);
ExitOnNullWithLastError(bRes, hr, "Failed to impersonate user");
bImpersonated = TRUE;
}

for (LPCWSTR sz = (LPCWSTR)pEnvironment; sz && *sz; sz += 1 + wcslen(sz))
{
hr = pszEnvironmentMultiSz->MultiStringInsertString(sz);
Expand Down
2 changes: 1 addition & 1 deletion src/PanelSwCustomActions/ExecOnComponent.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class CExecOnComponent :

HRESULT LogProcessOutput(HANDLE hProc, HANDLE hStdErrOut, LPWSTR *pszText);

HRESULT LaunchProcess(LPWSTR szCommand, LPCWSTR szWorkingDirectory, LPCWSTR rgszEnvironment, HANDLE* phProcess, HANDLE* phStdOut);
HRESULT LaunchProcess(IMPERSONATION_CONTEXT* pctxImpersonation, LPWSTR szCommand, LPCWSTR szWorkingDirectory, LPCWSTR rgszEnvironment, HANDLE* phProcess, HANDLE* phStdOut);

// S_FALSE: Had no matches, go on with error handling.
// S_OK: Ignore errors and continue
Expand Down
2 changes: 1 addition & 1 deletion src/TidyBuild.custom.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<Project ToolsVersion="16.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildThisFileDirectory)TidyBuild.user.props" Condition="Exists('$(MSBuildThisFileDirectory)TidyBuild.user.props')"/>
<PropertyGroup>
<FullVersion>3.18.12</FullVersion>
<FullVersion>3.18.13</FullVersion>
<FullVersion Condition=" '$(GITHUB_RUN_NUMBER)'!='' ">$(FullVersion).$(GITHUB_RUN_NUMBER)</FullVersion>
<ProductName>PanelSwWixExtension</ProductName>
<Manufacturer>Panel::Software</Manufacturer>
Expand Down

0 comments on commit 7f65928

Please sign in to comment.