I'm trying to restart the "postgres" service in my C++ application on windows 10 but I having some problems with access rights( my guess ). I have tried running the code as a domain user that has local admin rights and as a local administrator but none of these seem to work. I can restart the service manually via the services.msc. The code fails already at OpenSCManager which returns NULL. I have also tried other access rights but then OpenService fails. This is my code
auto showError = []()
{
std::ostringstream os;
os << GetLastError();
qDebug() << "Restart PostgreSQL service failed : " << QString::fromStdString( os.str());
};
SERVICE_STATUS Status;
SC_HANDLE SCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS );
if(SCManager == NULL)
showError();
SC_HANDLE SHandle = OpenService(SCManager, L"postgres", SERVICE_ALL_ACCESS );
if(SHandle == NULL)
showError();
if(!ControlService(SHandle, SERVICE_CONTROL_STOP, &Status))
showError();
do
{
QueryServiceStatus(SHandle, &Status);
qDebug() << "Checking Service Status...\n";
}while(Status.dwCurrentState != SERVICE_STOPPED);
if(!StartService(SHandle, 0, NULL))
showError();
std::cin.sync();
std::cin.ignore();
CloseServiceHandle(SCManager);
CloseServiceHandle(SHandle);
You are asking for too many permissions that you don't actually need. Don't use SC_MANAGER_ALL_ACCESS and SERVICE_ALL_ACCESS. NEVER ask for more permissions than you really need. All you really need in this situation are SC_MANAGER_CONNECT for OpenSCManager(), and SERVICE_STOP, SERVICE_START and SERVICE_QUERY_STATUS for OpenService().
If you still get an "Access Denied" error after fixing this in your code, then the service really requires your account to have permissions to start/stop the service. So either run your code in an elevated admin process, or at least configure your user account with the appropriate permissions.
And FYI, your query loop is too minimalistic. You are ignoring the Status that ControlService() reports, and you are not accounting for the possibility of the service entering a pending state, or refusing to stop. You need to check the initial status, only if it is in a pending state than enter the query loop until it is no longer in a pending state, then check the final state for stopped before then attempting to start the service. Also be sure to check if the service hangs while trying to stop it.
See Stopping a Service on MSDN.
Try something more like this:
auto showError = []()
{
DWORD err = GetLastError();
qDebug() << "Restart PostgreSQL service failed. Error: " << err << "\n";
};
SERVICE_STATUS Status;
SC_HANDLE SCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
if (!SCManager)
{
showError();
return;
}
SC_HANDLE SHandle = OpenService(SCManager, L"postgres", SERVICE_STOP | SERVICE_START | SERVICE_QUERY_STATUS);
if (!SHandle)
{
showError();
CloseServiceHandle(SCManager);
return;
}
if (!QueryServiceStatus(SHandle, &Status))
{
showError();
CloseServiceHandle(SHandle);
CloseServiceHandle(SCManager);
return;
}
if (Status.dwCurrentState != SERVICE_STOPPED)
{
qDebug() << "Stopping PostgreSQL service...\n";
if (!ControlService(SHandle, SERVICE_CONTROL_STOP, &Status))
{
showError();
CloseServiceHandle(SHandle);
CloseServiceHandle(SCManager);
return;
}
DWORD dwStartTime = GetTickCount();
DWORD dwTimeout = 30000; // 30-second time-out
DWORD dwWaitTime;
while (Status.dwCurrentState == SERVICE_STOP_PENDING)
{
qDebug() << "Waiting for PostgreSQL service to stop...\n";
dwWaitTime = Status.dwWaitHint / 10;
if (dwWaitTime < 1000)
dwWaitTime = 1000;
else if (dwWaitTime > 10000)
dwWaitTime = 10000;
Sleep(dwWaitTime);
if (!QueryServiceStatus(SHandle, &Status))
{
showError();
CloseServiceHandle(SHandle);
CloseServiceHandle(SCManager);
return;
}
if (Status.dwCurrentState != SERVICE_STOP_PENDING)
break;
if (GetTickCount() - dwStartTime > dwTimeout)
{
qDebug() << "Stop of PostgreSQL service timed out.\n";
CloseServiceHandle(SHandle);
CloseServiceHandle(SCManager);
return;
}
}
if (Status.dwCurrentState != SERVICE_STOPPED)
{
qDebug() << "Restart PostgreSQL service failed. Service did not stop.\n";
CloseServiceHandle(SHandle);
CloseServiceHandle(SCManager);
return;
}
qDebug() << "PostgreSQL service stopped successfully.\n";
}
if (!StartService(SHandle, 0, NULL))
showError();
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
Related
I am working on a very confused issue all this afternoon, I want to check the windows service status by QueryServiceStatusEx, but always get 0. MSDN says
"If the function fails, the return value is zero. To get extended
error information, call GetLastError."
To get more error information, I call GetLastError, the error code is 1.
ERROR_INVALID_HANDLE : The handle is invalid.
Here is my code, e.g. I check the window service :"Spooler", where is wrong in my code? Why I can't get the service SC_HANDLE by using OpenService()?
bool isServiceStart()
{
SERVICE_STATUS_PROCESS status;
SC_HANDLE schSCManager;
SC_HANDLE schService;
//get hadnle to the scm database
schSCManager = OpenSCManager(
NULL, //local machine
NULL, //services acitive database
SC_MANAGER_ALL_ACCESS
);
if(NULL == schSCManager){
qDebug() << "Open SCManager failed: " << (GetLastError() == ERROR_ACCESS_DENIED);
CloseServiceHandle(schSCManager);
return false;
}
//Get a hadle to the service
QString serviceName = "Spooler";
schService = OpenService(
schSCManager, //database
(LPCTSTR)serviceName.data(),
SERVICE_ALL_ACCESS
);
if(schService == NULL){
qDebug() << "service doesn't exist: " << GetLastError();
CloseServiceHandle(schSCManager);
return false;
}
DWORD dwBytesNeeded;
if(!QueryServiceStatusEx(
schService,
SC_STATUS_PROCESS_INFO, // information level
(LPBYTE) &status, // address of structure
sizeof(SERVICE_STATUS_PROCESS),
&dwBytesNeeded // size needed if buffer is too small
))
{
qInfo() << "service status" << status.dwCurrentState;
}else{
qInfo() << "hahaha alway is 0" <<GetLastError();
}
return false;
}
Your condition is wrong, you write "hahaha alway is 0" when QueryServiceStatusEx returns non-zero.
Either remove the ! operator in the condition, or switch places of the outputs.
Is it possible to launch process in system context from a parent process thats running under administrator account with elevation(say a command prompt). The problem is similar to what psexec does but more of how it actually implements this.
I was thinking opening the crss.exe/winlogon.exe process duplicating the token and launching a new process using that process token. But I fail to even open the process handle (Getlasterror return 5). Can someone let me know if this is the right approach or the process should be launched differently ?
HANDLE hWinLogonProcess;
for(const auto& ps : running_processes)
{
if(ps.id == GetCurrentProcessId() ||
0 != ps.short_name.CompareNoCase(L"winlogon.exe"))
{
continue;
}
DWORD dwWinLogonSessionId(0);
if(FALSE == ProcessIdToSessionId(GetCurrentProcessId(), &dwWinLogonSessionId))
{
std::wcerr<<"Could not get Winlogon process session id"<<std::endl;
continue;
}
if(dwWinLogonSessionId != dwCurSessionId)
{
continue;
}
hWinLogonProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ps.id);
if(FALSE == hWinLogonProcess)
{
std::wcerr<<"Failed to get winlogon process handle"<<std::endl;
return;
}
else
{
std::wcout<<"Able to open process "<<ps.short_name.GetString()<<" handle"<<std::endl;
break;
}
}
I am sure its possible as there is a working tool (psexec) but I couldnt find any reference online to do this.
Also this is similar to question, but posting separately as there was details on how it had to be achieved.
Yes, this is possible (without any service help).
But I fail to even open the process handle
Does your process have the SE_DEBUG_PRIVILEGE privilege enabled?
With this privilege, you can open a system process with all access if it is not protected (smss.exe, csrss.exe, services.exe), and use that handle in CreateProcessAsUser(), or with UpdateProcThreadAttribute(PROC_THREAD_ATTRIBUTE_PARENT_PROCESS) if you also have SE_ASSIGNPRIMARYTOKEN_PRIVILEGE and SE_TCB_PRIVILEGE privileges enabled (for setting the token's SessionId to 0), which you can get in 2 ways:
open a thread from an unprotected system process and impersonate it, then open your own thread token and adjust privileges on it.
open a token from any system process (this works even for protected processes), duplicate the token, adjust privileges on it, and then impersonate with this token.
To "launch a process in the system context", if you want to run the process:
with the LocalSystem token.
in the System terminal session (0)
Both, as I say, are possible. And all you need is SE_DEBUG_PRIVILEGE.
more simply - open some system process with PROCESS_CREATE_PROCESS access right. Use this handle with UpdateProcThreadAttribute(PROC_THREAD_ATTRIBUTE_PARENT_PROCESS). As a result, your started process inherits a token from the system process. This will be not work on XP, but there it is possible to hook NtCreateProcess/Ex() to replace HANDLE ParentProcess with your opened handle.
Another way is to use CreateProcessAsUser(). Before creating the process, you will be need SE_ASSIGNPRIMARYTOKEN_PRIVILEGE and SE_TCB_PRIVILEGE privileges to set the token's TokenSessionId (if you want to run in session 0).
Thanks to RbMm answer I figured a way to accomplish this task.
For any of you who did not succeed, I leave below something that might help:
//First we need to add debug privilege to this process
HANDLE hToken;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken))
{
std::cout << "OpenProcessToken failed: " << GetLastError();
return 0;
}
TOKEN_PRIVILEGES tk;
tk.PrivilegeCount = 1;
tk.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tk.Privileges[0].Luid))
{
std::cout << "LookupPrivilegeValue failed: " << GetLastError();
return 0;
}
AdjustTokenPrivileges(hToken, FALSE, &tk, 0, NULL, 0);
if((DWORD res = GetLastError()) != ERROR_SUCCESS)
{
std::cout << "AdjustTokenPrivileges failed: " << res;
}
CloseHandle(hToken);
//Now we need a handle to a process that already runs as SYSTEM.
//You can choose any process that is not protected (if OpenProcess fails try with other process)
//pid of chosen process (you can get this by opening task manager and go to
//Details tab or by enumerating all processes and extract that one you need)
DWORD pid;
HANDLE hProcess = OpenProcess(PROCESS_CREATE_PROCESS, FALSE, pid);
if (!hProcess)
{
std::cout << "OpenProcess with pid " << pid << "failed: " << GetLastError();
return 0
}
//We need to initialize a list that contains PROC_THREAD_ATTRIBUTE_PARENT_PROCESS
//to specify that parent process of the process we are going to start is the
//process we opened earlier (this will make the child process inherit the system context).
//This list will be specified in a STARTUPINFOEX object that CreateProcess will get
STARTUPINFOEX siex = { sizeof(STARTUPINFOEX) };
siex.StartupInfo.cb = sizeof(STARTUPINFOEXW);
//We need to initialize our list. To do this we call InitializeProcThreadAttributeList
//with a NULL list to get how big our list needs to be to store all attributes
//we want to specify, then we allocate our list with the size we got from first call
//and we call again the function to initialize the list.
SIZE_T cbAttributeListSize = 0;
if(!InitializeProcThreadAttributeList(NULL, 1, 0, &cbAttributeListSize))
{
std::cout << "InitializeProcThreadAttributeList failed: " << GetLastError();
return 0
}
siex.lpAttributeList = reinterpret_cast<PPROC_THREAD_ATTRIBUTE_LIST>(HeapAlloc(GetProcessHeap(), 0, cbAttributeListSize));
if(!InitializeProcThreadAttributeList(siex.lpAttributeList, 1, 0, &cbAttributeListSize))
{
std::cout << "InitializeProcThreadAttributeList failed: " << GetLastError();
return 0
}
if(!UpdateProcThreadAttribute(siex.lpAttributeList, 0, PROC_THREAD_ATTRIBUTE_PARENT_PROCESS, &hProcess, sizeof(hProcess), NULL, NULL))
{
std::cout << "UpdateProcThreadAttribute failed: " << GetLastError();
return 0
}
//path to program we want to run in system context
LPWSTR szCmdline = _wcsdup(TEXT("C:\\Windows\\System32\\notepad.exe"));
PROCESS_INFORMATION pi = { 0 };
if(!CreateProcess(NULL, szCmdline, nullptr, nullptr, FALSE, EXTENDED_STARTUPINFO_PRESENT, NULL, NULL, reinterpret_cast<LPSTARTUPINFOW>(&siex), &pi))
{
std::cout << "CreateProcess failed: " << GetLastError();
return 0
}
This is a System service. After ImpersonateLoggedOnUser(), I can call CreateProcessAsUser() successfully. But it fails to call one Windows API SetDisplayConfig(). The error is 5 (ERROR_ACCESS_DENIED). Please see the code below.
// This function is called in a System service.
void SetDisplayToExtendMode()
{
DWORD dwSessionId = WTSGetActiveConsoleSessionId();
if (dwSessionId == 0xFFFFFFFF)
{
qCritical() << "Failed to get active console session Id when setting extend mode for display!";
}
HANDLE hUserToken = NULL;
if (WTSQueryUserToken(dwSessionId, &hUserToken) == FALSE)
{
qCritical() << "Failed to query user token when setting extend mode for display!";
}
HANDLE hTheToken = NULL;
if (DuplicateTokenEx(hUserToken, TOKEN_ASSIGN_PRIMARY | TOKEN_ALL_ACCESS, 0, SecurityImpersonation, TokenPrimary, &hTheToken) == TRUE)
{
if (ImpersonateLoggedOnUser(hTheToken) == TRUE)
{
DWORD dwCreationFlags = HIGH_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
LPVOID pEnv = NULL;
if (CreateEnvironmentBlock(&pEnv, hTheToken, TRUE) == TRUE)
{
dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
}
// Way 1: Call Windows API directly.
// Fail. Error code is ERROR_ACCESS_DENIED
LONG errCode = SetDisplayConfig(0, NULL, 0, NULL, SDC_TOPOLOGY_EXTEND | SDC_APPLY);
if (errCode != ERROR_SUCCESS)
{
qCritical() << "Failed to set Windows Display to Extended mode! Error is " << errCode;
if (errCode == ERROR_ACCESS_DENIED)
{
qCritical() << "ACCESS denied!";
}
}
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi;
SECURITY_ATTRIBUTES Security1 = { sizeof(Security1) };
SECURITY_ATTRIBUTES Security2 = { sizeof(Security2) };
std::wstring command = L"C:\\Users\\SomeUser\\Desktop\\QT_Projects\\build\\release\\TestSetDisplay.exe";
TCHAR commandLine[MAX_PATH];
_tcscpy_s(commandLine, MAX_PATH, command.c_str());
// Way 2: This way can be successful.
BOOL bResult = CreateProcessAsUser(
hTheToken,
NULL, // (LPWSTR)(path),
(LPWSTR)(commandLine),
&Security1,
&Security2,
FALSE,
dwCreationFlags,
pEnv,
NULL,
&si,
&pi
);
if (!bResult)
{
qCritical() << "Failed to CreateProcessAsUser()";
}
RevertToSelf();
if (pEnv)
{
DestroyEnvironmentBlock(pEnv);
}
}
CloseHandle(hTheToken);
}
CloseHandle(hUserToken);
}
So, after ImpersonateLoggedOnUser(), how to call Windows API SetDisplayConfig() successfully?
Alternatively, in one System service, how to call one Windows API as a user? (For this case, the purpose of calling SetDisplayConfig() is to set the display mode to Extend mode. This display mode is set per user. So, as a system service, it may need to impersonateLoggedOnUser() first.)
from SetDisplayConfig documentation
ERROR_ACCESS_DENIED The caller does not have access to the console
session. This error occurs if the calling process does not have access
to the current desktop or is running on a remote session.
and you wrote
This is a System service.
but System service have no access to interactive desktop. so you need call it from interactive session
I'm trying to change audit settings of a folder.As i was testing my code on different machines i found that SetNamedSecurityInfo call restarts the system.This happened with some machines.A pop up generates which says "Windows has encountered a security issue and will restart in one minute".I'm not able to figure out the reason.Any help will be appreciated!
HANDLE hProcess = GetCurrentProcess();
HANDLE hToken;
DWORD val;
BOOL result;
result = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken);
if (result == 0)
{
printf("\nBreak After open process");
return 0;
}
else{
printf("\ncontinue after open process");
}
// Used for reading SACL's
result = SetPrivilege(hToken, SE_SECURITY_NAME, TRUE);
if (result == 0)
{
printf("\nBreak After setprivilege");
return 0;
}
else{
printf("\ncontinue after open process");
}
CloseHandle(hToken);
retval = GetNamedSecurityInfo(file, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, &owner, NULL, NULL, &sacl, &psd);
if(retval != 0)
{
wcout << "GetNamedSecurityInfo failed with error: " << retval << endl;
return -1;
}
printf("\nBuilt trust successfully before");
BuildTrusteeWithSid(ptrust,psd);
printf("\nBuilt trust successfully");
printf("\ntrying to modify ...");
EXPLICIT_ACCESS ea;
PACL pNewSACL = NULL;
ACCESS_MODE AccessMode = SET_AUDIT_SUCCESS; //SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE
DWORD dwAccessRights = 0X410D0060;
DWORD dwInheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = dwAccessRights;
ea.grfAccessMode = SET_AUDIT_SUCCESS;
ea.grfInheritance = dwInheritance;
ea.Trustee = *(ptrust);
DWORD dwRes = SetEntriesInAcl(1, &ea, sacl, &pNewSACL);
if(dwRes != ERROR_SUCCESS)
{
printf("SetEntriesInAcl() error %u\n", dwRes);
}
else
{
printf("SetEntriesInAcl() is OK\n");
}
dwRes = SetNamedSecurityInfo(file, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, pNewSACL);
if(dwRes != ERROR_SUCCESS)
{
printf("SetNamedSecurityInfo() error %u\n", dwRes);
}
else
printf("SetNamedSecurityInfo() is OK\n\n");
LocalFree(psd);
There is an global policy entry that controls the shutdown if the system was unable to log security audits.
See:
"Computer Configuration\Windows Settings\Local Policies\Security Options"
"Audit: Shut down system immediately if unable to log security audits"
This could happen in combination with:
"Computer Configuration\Windows Settings\Local Policies\Security Options"
"Audit: Audit the accesss of global system objects"
Whenever I try to stop my service through the services manager, I get the following error and the service stays in a started state. "Could not stop the service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error."
I've had such trouble with this issue that I tried to follow the logic from Microsoft as best as I could.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb540474(v=vs.85).aspx
There is a similar issue with this in .Net 1.1 that you'll find if you search; however, I'm not using the framweork at all.
void WINAPI serviceCtrlHandler(DWORD dwCtrl )
{
switch(dwCtrl)
{
case SERVICE_CONTROL_STOP:
ReportSvcStatus(SERVICE_STOP_PENDING, NO_ERROR, 0);
SetEvent(stopEvent);
ReportSvcStatus(serviceStatus->dwCurrentState, NO_ERROR, 0);
return;
case SERVICE_CONTROL_INTERROGATE:
break;
default:
break;
}
}
void WINAPI startMain(DWORD argc, LPTSTR *argv)
{
serviceStatusHandle = RegisterServiceCtrlHandler(SERVICE_NAME, serviceCtrlHandler);
serviceStatus->dwServiceType = SERVICE_WIN32_OWN_PROCESS;
serviceStatus->dwServiceSpecificExitCode = NO_ERROR;
if (serviceStatusHandle == 0)
{
debug->DebugMessage(L"RegisterServiceCtrlHandler() failed, error: " + Error::GetErrorMessageW(GetLastError()));
return;
}
ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 3000);
if (!SetServiceStatus(serviceStatusHandle, serviceStatus))
{
//debug->DebugMessage(L"SetserviceStatus() failed, error: " + Error::GetErrorMessageW(GetLastError()));
//return;
}
stopEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0);
boost::thread dust_main_thread(dust_main);
while(1)
{
WaitForSingleObject(stopEvent, INFINITE);
ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, 0);
return;
}
}
VOID ReportSvcStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint)
{
static DWORD dwCheckPoint = 1;
serviceStatus->dwCurrentState = dwCurrentState;
serviceStatus->dwWin32ExitCode = dwWin32ExitCode;
serviceStatus->dwWaitHint = dwWaitHint;
if (dwCurrentState == SERVICE_START_PENDING)
serviceStatus->dwControlsAccepted = 0;
else serviceStatus->dwControlsAccepted = SERVICE_ACCEPT_STOP;
if ((dwCurrentState == SERVICE_RUNNING) || (dwCurrentState == SERVICE_STOPPED))
serviceStatus->dwCheckPoint = 0;
else
serviceStatus->dwCheckPoint = dwCheckPoint++;
SetServiceStatus(serviceStatusHandle, serviceStatus);
}
Run the service and then attach the debugger to the running process. Put a breakpoint at the serviceCtrlHandler and after the WaitForSingleObject(stopEvent, INFINITE) -- make sure what you think should happen does.