New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4592-RestartManager-AddPriviledges #189

Merged
merged 3 commits into from Jan 3, 2015

Conversation

Projects
None yet
2 participants
@phillHgl
Contributor

phillHgl commented Dec 9, 2014

If the named process is running under another user, then OpenProcess must be called using a process token which includes SeDebugPriviledge. To set SeDebugPriviledge the caller must have elevated privileges. If cannot set SeDebugPriviledge, log a message and continue. Let caller handle a reboot request rather than returning a failure.

Tested these changes on Win 7 SP1 x64 Prof, Win 8 Prof x64, Win 7 SP1 Ultimate N German x64, Win 7 SP1 Ultimate N Korean x86, WS2008R2 SP1 Standard, WS2012R2 Korean.

4592-RestartManager-AddPriviledges
If the named process is running under another user, then OpenProcess must be called using a process token which includes SeDebugPriviledge.  To set SeDebugPriviledge the caller must have elevated privledges.  If cannot set SeDebugPriviledge, log a message and continue.  Let caller handle a reboot request rather than returning a failure.
@phillHgl

This comment has been minimized.

Show comment
Hide comment
@phillHgl

phillHgl Dec 9, 2014

Contributor

Tested these changes on Win 7 SP1 x64 Prof, Win 8 Prof x64, Win 7 SP1 Ultimate N German x64, Win 7 SP1 Ultimate N Korean x86, WS2008R2 SP1 Standard, WS2012R2 Korean.

Contributor

phillHgl commented Dec 9, 2014

Tested these changes on Win 7 SP1 x64 Prof, Win 8 Prof x64, Win 7 SP1 Ultimate N German x64, Win 7 SP1 Ultimate N Korean x86, WS2008R2 SP1 Standard, WS2012R2 Korean.

@barnson

View changes

Show outdated Hide outdated src/ext/ca/wixca/dll/RestartManager.cpp
@@ -148,8 +149,17 @@ extern "C" UINT __stdcall WixRegisterRestartResources(
case etApplication:
WcaLog(LOGMSG_VERBOSE, "Registering process name %ls with the Restart Manager.", wzResource);
hr = RmuAddProcessesByName(pSession, wzResource);
ExitOnFailure(hr, "Failed to register the process name with the Restart Manager session.");
break;
if (E_NOTFOUND == hr)

This comment has been minimized.

@barnson

barnson Dec 9, 2014

Member

Tabs are inherently evil. :) Rule 1 at http://wixtoolset.org/development/code-style/.

@barnson

barnson Dec 9, 2014

Member

Tabs are inherently evil. :) Rule 1 at http://wixtoolset.org/development/code-style/.

This comment has been minimized.

@phillHgl

phillHgl Dec 10, 2014

Contributor

Thanks. I found vs option to insert spaces..

@phillHgl

phillHgl Dec 10, 2014

Contributor

Thanks. I found vs option to insert spaces..

@barnson

View changes

Show outdated Hide outdated src/ext/ca/wixca/dll/RestartManager.cpp
break;
if (E_NOTFOUND == hr)
{
//At least one instance of this process, running under another user returned access denied. Since other instances may have been registered, continue this setup.

This comment has been minimized.

@barnson

barnson Dec 9, 2014

Member

Space after comment marker.

@barnson

barnson Dec 9, 2014

Member

Space after comment marker.

@barnson

View changes

Show outdated Hide outdated src/libs/dutil/rmutil.cpp
ProcElevated(::GetCurrentProcess(), &fElevated);
// Must be elevated to adjust process privileges
if (TRUE == fElevated) {

This comment has been minimized.

@barnson

barnson Dec 9, 2014

Member

BOOLs and pointers don't use comparison operators -- if (fBar) or if (!pFoo). Multiple instances.

@barnson

barnson Dec 9, 2014

Member

BOOLs and pointers don't use comparison operators -- if (fBar) or if (!pFoo). Multiple instances.

This comment has been minimized.

@phillHgl

phillHgl Dec 10, 2014

Contributor

I had (fElevated) originally but changed it to use == after searching wix src to see if I could determine what was the prefered style. Happy to change back.

@phillHgl

phillHgl Dec 10, 2014

Contributor

I had (fElevated) originally but changed it to use == after searching wix src to see if I could determine what was the prefered style. Happy to change back.

@barnson

View changes

Show outdated Hide outdated src/libs/dutil/rmutil.cpp
hr = RmuApplicationArrayAlloc(&pSession->rgApplications, &pSession->cApplications, dwProcessId, CreationTime);
ExitOnFailure(hr, "Failed to add the application to the array.");

This comment has been minimized.

@barnson

barnson Dec 9, 2014

Member

Extra whitespace.

@barnson

barnson Dec 9, 2014

Member

Extra whitespace.

@barnson

View changes

Show outdated Hide outdated src/libs/dutil/rmutil.cpp
pPrevPriv = static_cast<TOKEN_PRIVILEGES*>(MemAlloc(cbPrevPriv, TRUE));
ExitOnNull(pPrevPriv, hr, E_OUTOFMEMORY, "Failed to allocate memory for empty previous privileges.");
if (!::AdjustTokenPrivileges(hToken, FALSE, &priv, cbPrevPriv, pPrevPriv, &cbPrevPriv))

This comment has been minimized.

@barnson

barnson Dec 9, 2014

Member

We need to restore the original privileges. MSI reuses custom action host processes so you'd be leaking the debug privilege.

@barnson

barnson Dec 9, 2014

Member

We need to restore the original privileges. MSI reuses custom action host processes so you'd be leaking the debug privilege.

@barnson

This comment has been minimized.

Show comment
Hide comment
@barnson

barnson Dec 9, 2014

Member

Please add message to History.md. Check for "privilege" typos. :)

Member

barnson commented Dec 9, 2014

Please add message to History.md. Check for "privilege" typos. :)

phillHgl added some commits Dec 12, 2014

4592-RestartManager
Implemented pull request feedback.  Try to add SeDebugPrivilege, if
successful remove the privilege when the function returns.  If
OpenProcess() returns AccessDenied, log a message and continue the
install, rather than a fatal error.
4592-RestartManager-history
Added comment to history.md

@barnson barnson merged commit d88039c into wixtoolset:develop Jan 3, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment