cmd script started by Abyss service - Windows impersonation

 
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI
View previous topic :: View next topic  
Author Message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Sun Jun 09, 2019 10:48 am    Post subject: cmd script started by Abyss service - Windows impersonation Reply with quote

Situation:

Have .cmd script file peridodically running on windows 7 machine and mantaining specific user variable via SETX command without /M switch.
Have web page utilizing batwrap.exe to running script display this user variable on web page. Abyss windows service running with same user privileges as a periodical .cmd script.

Issue:

Script started by Abyss server does not see the user variable, whis was set-up by periodicaly started script. Errormessage:

'System variable VARIABLE not defined'

outputted by

'set VARIABLE 2>&1'

command


Circumstances:

Variable IS visible by opening new cmd window and type 'set VARIABLE'
Variable IS defined in 'HKCU\Environment' registry key (verified by regedit)
Output of command 'whoami' IS exact same on both windows cmd window, and web page script output.

Question:

Why script started by Abyss with proper impersonation does not see the defined user variable?
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 912

PostPosted: Tue Jun 11, 2019 1:32 pm    Post subject: Re: cmd script started by Abyss service - Windows impersonat Reply with quote

lazna,

Abyss Web Server when running as a Windows service is launched way before any user session is started and as such uses environment variables that were at its time of startup.

When you later change these vars, the change is not communicated to already running processes but is effective for processes launched after the change has been made. This isn't specific to our software but rather how env variables are transmitted to processes (actually each process gets a copy of the env vars list at its startup and propagates it down to its children.)

So the solution is not about using env variables but rather by sharing the data in files or using better IPC mechanisms (Interprocess Communication.)

The files solution is probably the easiest and the one with minimal changes to your BAT files:

Code:

rem Read value of MYVAR from C:\shared\myvar.txt
set /p MYVAR=<C:\shared\myvar.txt

rem Use MYVAR as if it came from the env
echo Here is the value of the var %MYVAR%


_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Wed Jun 12, 2019 9:21 pm    Post subject: Re: cmd script started by Abyss service - Windows impersonat Reply with quote

admin wrote:

Abyss Web Server when running as a Windows service is launched way before any user session is started and as such uses environment variables that were at its time of startup.


So batwrap.exe (as a CGI interpreter) does not started new cmd.exe instance each time is called by launching "http://server/path/script.cmd"?? Windows cmd shell read system variables in time its started...

L.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 912

PostPosted: Thu Jun 13, 2019 2:53 pm    Post subject: Re: cmd script started by Abyss service - Windows impersonat Reply with quote

lazna wrote:
So batwrap.exe (as a CGI interpreter) does not started new cmd.exe instance each time is called by launching "http://server/path/script.cmd"?? Windows cmd shell read system variables in time its started...

L.


A new CMD is started but it inherits its parent's (Abyss Web Server) view of the environment block which was read at the server startup.

When you run CMD from Windows Explorer, the same rule applies. CMD inherits the environment block from Explorer. But Explorer is a bit special since it "monitors" global env changes in the registry and updates its environment accordingly. When such a change is detected, it broadcasts a special message to all windows in the user session.

Abyss Web Server does not process that message. But even if it does, it wouldn't be able to receive it in the Windows service mode.

The message is only sent to applications which have physical windows on the screen!

https://docs.microsoft.com/en-us/windows/desktop/winmsg/wm-settingchange
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Fri Jun 14, 2019 2:27 pm    Post subject: Re: cmd script started by Abyss service - Windows impersonat Reply with quote

admin wrote:
lazna wrote:
So batwrap.exe (as a CGI interpreter) does not started new cmd.exe instance each time is called by launching "http://server/path/script.cmd"?? Windows cmd shell read system variables in time its started...

L.


A new CMD is started but it inherits its parent's (Abyss Web Server) view of the environment block which was read at the server startup.

When you run CMD from Windows Explorer, the same rule applies. CMD inherits the environment block from Explorer. But Explorer is a bit special since it "monitors" global env changes in the registry and updates its environment accordingly. When such a change is detected, it broadcasts a special message to all windows in the user session.

Abyss Web Server does not process that message. But even if it does, it wouldn't be able to receive it in the Windows service mode.

The message is only sent to applications which have physical windows on the screen!

https://docs.microsoft.com/en-us/windows/desktop/winmsg/wm-settingchange


Thanks for explanation, I cant realize the cmd.exe read system variables VIA parent app.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 912

PostPosted: Tue Jun 18, 2019 5:07 pm    Post subject: Re: cmd script started by Abyss service - Windows impersonat Reply with quote

lazna wrote:
Thanks for explanation, I cant realize the cmd.exe read system variables VIA parent app.


You're welcome. That's why we suggested using files for interprocess communication. That's a lot easier to handle.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group