[Bug 16882] Multiple Windows service processes fail to start/ hang due to missing SECURITY_SERVICE_RID in process token ( Microsoft WMI core 1.5 service, PostgreSQL, AMMYY Admin v3.x)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat May 19 05:18:13 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=16882

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Multiple Windows service    |Multiple Windows service
                   |processes fail to           |processes fail to
                   |start/hang due to missing   |start/hang due to missing
                   |SECURITY_SERVICE_RID in     |SECURITY_SERVICE_RID in
                   |process token (Microsoft    |process token (Microsoft
                   |WMI core 1.5 service,       |WMI core 1.5 service,
                   |PostgreSQL)                 |PostgreSQL, AMMYY Admin
                   |                            |v3.x)

--- Comment #14 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

AMMYY Admin v3.0 also needs this (now that bug 32907 is fixed).

The app starts a "helper" service which starts another process via
'CreateProcessAsUser' which exits due to missing SECURITY_LOCAL_SYSTEM_RID in
user token, leading to endless launch loop.

As already said, Windows SCM automatically adds SECURITY_LOCAL_SYSTEM_RID when
starting a service.

--- snip ---
...
0033:Call advapi32.SetTokenInformation(00000088,0000000c,007efdc8,00000004)
ret=0041fbf1
0033:fixme:ntdll:NtSetInformationToken TokenSessionId stub!
0033:Ret  advapi32.SetTokenInformation() retval=00000001 ret=0041fbf1
0033:Call advapi32.CreateProcessAsUserW(00000088,00000000,004d17c4
L"\"Z:\\home\\focht\\Downloads\\install\\AA_v3.exe\"",00000000,00000000,00000000,00000000,00000000,00000000,007efdd8,007efe1c)
ret=0041fdab
0033:fixme:advapi:CreateProcessAsUserW 0x88 (null)
L"\"Z:\\home\\focht\\Downloads\\install\\AA_v3.exe\"" (nil) (nil) 0 0x00000000
(nil) (null) 0x7efdd8 0x7efe1c - semi-stub 
...
0035:Call KERNEL32.__wine_kernel_init() ret=7bc6cef2
0033:Ret  advapi32.CreateProcessAsUserW() retval=00000001 ret=0041fdab 
...
0035:Call KERNEL32.ProcessIdToSessionId(00000034,004afd40) ret=00424d80
0035:Ret  KERNEL32.ProcessIdToSessionId() retval=00000001 ret=00424d80 
...
0035:Call advapi32.OpenProcessToken(ffffffff,00020008,0033f288) ret=0040756f
0035:Ret  advapi32.OpenProcessToken() retval=00000001 ret=0040756f
0035:Call
advapi32.GetTokenInformation(00000078,00000001,0033d278,00002000,0033f284)
ret=004075b8
0035:Ret  advapi32.GetTokenInformation() retval=00000001 ret=004075b8
0035:Call KERNEL32.CloseHandle(00000078) ret=004075c3
0035:Ret  KERNEL32.CloseHandle() retval=00000001 ret=004075c3
0035:Call advapi32.ConvertSidToStringSidA(0033d280,0033f28c) ret=004075f9
0035:Ret  advapi32.ConvertSidToStringSidA() retval=00000001 ret=004075f9
0035:Call msvcrt._stricmp(00167d70 "S-1-5-21-0-0-0-1000",004a13a0 "S-1-5-18")
ret=00407610
0035:Ret  msvcrt._stricmp() retval=00000001 ret=00407610 
...
--- snip ---

The concept of using a helper service to run a process under specified user
identity is demonstrated here:

http://read.pudn.com/downloads178/sourcecode/windows/829566/CreateProcessAsUser.cpp__.htm

--- snip ---
// CreateProcessAsUser.cpp 
//  
// Written by Valery Pryamikov (1999) 
//  
// Command line utility that executes a command under specified user identity  
// by temporarily installing itself as a service. 
// 
// Based on Keith Brown's AsLocalSystem utility (http://www.develop.com/kbrown) 
// Uses some code from Mike Nelson's dcomperm sample utility  
//   and from tlist sample (Microsoft Source Code Samples) 
// 
// Use: 
//    CreateProcessAsUser.exe [-i[nteractive]]|[-s[ystem]]| 
//       [-u"UserName" -d"DomainName" -p"Password"]|[-a"AppID"] command 
//  Command must begin with the process (path to the exe file) to launch 
//  -i        process will be launched under credentials of the  
//            "Interactive User" (retrieved from winlogon\shell process) 
//  -a        process will be launched under credentials of the user  
//            specified in "RunAs" parameter of AppID. 
//  -s        process will be launched as local system 
//  -u -d -p  process will be launched on the result token of the  
//            LogonUser(userName,domainName,password,LOGON32_LOGON_BATCH...) 
// 
// either (-s) or (-i) or (-a) or (-u -d -p) parameters must supplied 
//  
// Examples: 
// CreateProcessAsUser -s cmd.exe 
// CreateProcessAsUser -a"{731A63AF-2990-11D1-B12E-00C04FC2F56F}" winfile.exe 
// 
--- snip ---

$ sha1sum AA_v3.exe
63c52b0ac68ab7464e2cd777442a5807db9b5383  AA_v3.exe

$ du -sh AA_v3.exe
756K    AA_v3.exe

$ wine --version
wine-3.8-128-g8e9ea7a8a1

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list