Merge branch 'ent-1404-no-estan-funcionando-correctamente-los-watchdog-de-procesos-windows' into 'develop'

Added module_user_session token to module_proc on windows agent

See merge request artica/pandorafms!916

pandora_agents/win32/modules/pandora_module_factory.cc

@@ -123,6 +123,7 @@ using namespace Pandora_Strutils;
 #define TOKEN_MACRO ("module_macro")
 #define TOKEN_NATIVE_ENCODING ("module_native_encoding")
 #define TOKEN_ALERT_TEMPLATE ("module_alert_template")
+#define TOKEN_USER_SESSION ("module_user_session ")
 	
 string
 parseLine (string line, string token) {
@@ -161,7 +162,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	string                 module_logevent, module_source, module_eventtype, module_eventcode;
 	string                 module_logchannel;
 	string                 module_pattern, module_application, module_async;
-	string                 module_watchdog, module_start_command;
+	string                 module_watchdog, module_start_command, module_user_session;
 	string                 module_wmiquery, module_wmicolumn;
 	string                 module_retries, module_startdelay, module_retrydelay;
 	string                 module_perfcounter, module_tcpcheck;
@@ -257,6 +258,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	module_ff_interval   = "";
 	module_native_encoding	 = "";
 	module_alert_template	 = "";
+	module_user_session	 = "";
 	macro   = "";
     
 	stringtok (tokens, definition, "\n");
@@ -516,6 +518,10 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 			module_alert_template.erase (0,1);
 		}		
 		
+		if (module_user_session == "") {
+			module_user_session = parseLine (line, TOKEN_USER_SESSION);
+		}
+		
 		if (macro == "") {
 			macro = parseLine (line, TOKEN_MACRO);
 			
@@ -1099,6 +1105,13 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 						module_alert_template.replace(pos_macro, macro_name.size(), macro_value);
 					}
 				}
+
+				if (module_user_session != "") {
+					pos_macro = module_user_session.find(macro_name);
+					if (pos_macro != string::npos){
+						module_user_session.replace(pos_macro, macro_name.size(), macro_value);
+					}
+				}
 			}
 		}
 	}
@@ -1135,6 +1148,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 				module_proc->setRetries (atoi(module_retries.c_str ()));
 				module_proc->setStartDelay (atoi(module_startdelay.c_str ()));
 				module_proc->setRetryDelay (atoi(module_retrydelay.c_str ()));
+				module_proc->setUserSession (is_enabled(module_user_session));
 			}
 		}
 	} else if (module_service != "") {

pandora_agents/win32/modules/pandora_module_proc.cc

@@ -48,6 +48,7 @@ Pandora_Module_Proc::Pandora_Module_Proc (string name, string process_name)
 	this->setKind (module_proc_str);
 	
 	this->watchdog = false;
+	this->user_session = false;
 	this->start_command = "";
 	this->retries = 3;
 	this->start_delay = 5000;
@@ -95,6 +96,11 @@ Pandora_Module_Proc::getRetryDelay () const {
 	return this->retry_delay;
 }
 
+bool
+Pandora_Module_Proc::getUserSession () const {
+	return this->user_session;
+}
+
 void
 Pandora_Module_Proc::setWatchdog (bool watchdog) {
 	this->watchdog = watchdog;
@@ -131,6 +137,11 @@ Pandora_Module_Proc::setRetryDelay (int mseconds) {
 	this->retry_delay = mseconds;
 }
 
+void
+Pandora_Module_Proc::setUserSession (bool usession) {
+	this->user_session = usession;
+}
+
 void
 async_run (Pandora_Module_Proc *module) {
 	HANDLE              *processes = NULL;
@@ -156,7 +167,7 @@ async_run (Pandora_Module_Proc *module) {
 				}
 
                 Sleep (module->getRetryDelay ());
-				Pandora_Wmi::runProgram (module->getStartCommand ());
+				Pandora_Wmi::runProgram (module->getStartCommand (), NULL, module->getUserSession());
                 Sleep (module->getStartDelay ());
 				counter++;
 				continue;

pandora_agents/win32/modules/pandora_module_proc.h

@@ -32,6 +32,7 @@ namespace Pandora_Modules {
 		string process_name;
 		HANDLE thread;
 		bool   watchdog;
+		bool   user_session;
 		string start_command;
 		int retries;
 		int start_delay;
@@ -46,12 +47,14 @@ namespace Pandora_Modules {
 		int    getRetries      () const;
 		int    getStartDelay   () const;
 		int    getRetryDelay   () const;
+		bool   getUserSession  () const;
 		
 		void   setWatchdog     (bool watchdog);
 		void   setStartCommand (string command);
 		void   setRetries      (int retries);
 		void   setStartDelay   (int mseconds);
 		void   setRetryDelay   (int mseconds);
+		void   setUserSession  (bool usession);
 		
 		void   run             ();
 	};

pandora_agents/win32/windows/pandora_wmi.cc

@@ -501,7 +501,7 @@ Pandora_Wmi::getSystemName () {
  * @param flags Process creation flags
  */
 bool
-Pandora_Wmi::runProgram (string command, DWORD flags) {
+Pandora_Wmi::runProgram (string command, DWORD flags, BOOL user_session) {
 	PROCESS_INFORMATION process_info;
 	STARTUPINFO         startup_info;
 	bool                success;
@@ -514,11 +514,75 @@ Pandora_Wmi::runProgram (string command, DWORD flags) {
 	startup_info.cb = sizeof (startup_info);
 	ZeroMemory (&process_info, sizeof (process_info));
 	
+	if (user_session) {
+		DWORD sessionId = WTSGetActiveConsoleSessionId();
+		startup_info.cb = sizeof(STARTUPINFO);
+		startup_info.hStdError = 0;
+		startup_info.hStdInput = 0;
+		startup_info.hStdOutput = 0;
+		if (
+			startup_info.hStdError != 0
+			|| startup_info.hStdInput != 0
+			|| startup_info.hStdOutput != 0
+		) {
+			startup_info.dwFlags |= STARTF_USESTDHANDLES;
+		}
+
+		HANDLE procHandle = GetCurrentProcess();
+		HANDLE token, userToken;
+
+		// Tray to open the process
+		if (OpenProcessToken(procHandle, TOKEN_DUPLICATE, &token) == 0) {
+			pandoraDebug ("Open Process Token fails with error %d.", GetLastError());
+			return false;
+		}
+
+		// Duplicate token
+		if (DuplicateTokenEx(token,
+			MAXIMUM_ALLOWED,
+			0,
+			SecurityImpersonation,
+			TokenPrimary,
+			&userToken) == 0) {
+			pandoraDebug ("Duplicate token fails with error %d.", GetLastError());
+			return false;
+		}
+
+		// Set Token Information
+		if (SetTokenInformation(userToken,
+			(TOKEN_INFORMATION_CLASS)TokenSessionId,
+			&sessionId,
+			sizeof(sessionId)) == 0) {
+			// Error 1314 will be thrown if agent is not running as service.
+			if (GetLastError() != 1314) {
+				pandoraDebug ("Set token information fails with error %d.", GetLastError());
+				return false;
+			}
+		}
+
+		LPSTR command_exec = (LPSTR)command.c_str();
+
+		// Create Process As User
+		// Changed inherit and command
+		success = CreateProcessAsUser(
+				userToken,
+				0,
+				command_exec,
+				0,
+				0,
+				FALSE,
+				flags,
+				0,
+				NULL,
+				&startup_info,
+				&process_info);
+	} else {
 		pandoraDebug ("Start process \"%s\".", command.c_str ());
 		cmd = strdup (command.c_str ());
 		success = CreateProcess (NULL, cmd, NULL, NULL, FALSE, flags,
 					NULL, NULL, &startup_info, &process_info);
 		pandoraFree (cmd);
+	}
 	
 	if (success) {
 		pandoraDebug ("The process \"%s\" was started.", command.c_str ());

pandora_agents/win32/windows/pandora_wmi.h

@@ -53,7 +53,7 @@ namespace Pandora_Wmi {
 	string        getOSBuild            ();
 	string        getSystemName         ();	
 	string        getSystemAddress      ();	
-	bool          runProgram            (string command, DWORD flags = 0);
+	bool          runProgram            (string command, DWORD flags = 0, BOOL user_session = false);
 	bool          startService          (string service_name);
 	bool          stopService           (string service_name);
  	void          runWMIQuery       (string wmi_query,