1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
|
#
# Author:: Daniel DeLeo (<dan@chef.io>)
# Author:: John Keiser (<jkeiser@chef.io>)
# Author:: Ho-Sheng Hsiao (<hosh@chef.io>)
# Copyright:: Copyright (c) Chef Software Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require "win32/process"
require_relative "windows/core_ext"
module Mixlib
class ShellOut
module Windows
include Process::Functions
include Process::Constants
TIME_SLICE = 0.05
# Option validation that is windows specific
def validate_options(opts)
if opts[:user] && !opts[:password]
raise InvalidCommandOption, "You must supply a password when supplying a user in windows"
end
if !opts[:user] && opts[:password]
raise InvalidCommandOption, "You must supply a user when supplying a password in windows"
end
if opts[:elevated] && !opts[:user] && !opts[:password]
raise InvalidCommandOption, "`elevated` option should be passed only with `username` and `password`."
end
if opts[:elevated] && opts[:elevated] != true && opts[:elevated] != false
raise InvalidCommandOption, "Invalid value passed for `elevated`. Please provide true/false."
end
end
#--
# Missing lots of features from the UNIX version, such as
# uid, etc.
def run_command
#
# Create pipes to capture stdout and stderr,
#
stdout_read, stdout_write = IO.pipe
stderr_read, stderr_write = IO.pipe
stdin_read, stdin_write = IO.pipe
open_streams = [ stdout_read, stderr_read ]
begin
#
# Set cwd, environment, appname, etc.
#
app_name, command_line = command_to_run(combine_args(*command))
create_process_args = {
app_name: app_name,
command_line: command_line,
startup_info: {
stdout: stdout_write,
stderr: stderr_write,
stdin: stdin_read,
},
environment: inherit_environment.map { |k, v| "#{k}=#{v}" },
close_handles: false,
}
create_process_args[:cwd] = cwd if cwd
# default to local account database if domain is not specified
create_process_args[:domain] = domain.nil? ? "." : domain
create_process_args[:with_logon] = with_logon if with_logon
create_process_args[:password] = password if password
create_process_args[:elevated] = elevated if elevated
#
# Start the process
#
process, profile, token = Process.create3(create_process_args)
logger&.debug(format_process(process, app_name, command_line, timeout))
begin
# Start pushing data into input
stdin_write << input if input
# Close pipe to kick things off
stdin_write.close
#
# Wait for the process to finish, consuming output as we go
#
start_wait = Time.now
loop do
wait_status = WaitForSingleObject(process.process_handle, 0)
case wait_status
when WAIT_OBJECT_0
# Get process exit code
exit_code = [0].pack("l")
unless GetExitCodeProcess(process.process_handle, exit_code)
raise get_last_error
end
@status = ThingThatLooksSortOfLikeAProcessStatus.new
@status.exitstatus = exit_code.unpack("l").first
return self
when WAIT_TIMEOUT
# Kill the process
if (Time.now - start_wait) > timeout
begin
require "wmi-lite/wmi"
wmi = WmiLite::Wmi.new
kill_process_tree(process.process_id, wmi, logger)
Process.kill(:KILL, process.process_id)
rescue SystemCallError
logger&.warn("Failed to kill timed out process #{process.process_id}")
end
raise Mixlib::ShellOut::CommandTimeout, [
"command timed out:",
format_for_exception,
format_process(process, app_name, command_line, timeout),
].join("\n")
end
consume_output(open_streams, stdout_read, stderr_read)
else
raise "Unknown response from WaitForSingleObject(#{process.process_handle}, #{timeout * 1000}): #{wait_status}"
end
end
ensure
CloseHandle(process.thread_handle) if process.thread_handle
CloseHandle(process.process_handle) if process.process_handle
Process.unload_user_profile(token, profile) if profile
CloseHandle(token) if token
end
ensure
#
# Consume all remaining data from the pipes until they are closed
#
stdout_write.close
stderr_write.close
while consume_output(open_streams, stdout_read, stderr_read)
end
end
end
class ThingThatLooksSortOfLikeAProcessStatus
attr_accessor :exitstatus
def success?
exitstatus == 0
end
end
private
def consume_output(open_streams, stdout_read, stderr_read)
return false if open_streams.length == 0
ready = IO.select(open_streams, nil, nil, READ_WAIT_TIME)
return true unless ready
if ready.first.include?(stdout_read)
begin
next_chunk = stdout_read.readpartial(READ_SIZE)
@stdout << next_chunk
@live_stdout << next_chunk if @live_stdout
rescue EOFError
stdout_read.close
open_streams.delete(stdout_read)
end
end
if ready.first.include?(stderr_read)
begin
next_chunk = stderr_read.readpartial(READ_SIZE)
@stderr << next_chunk
@live_stderr << next_chunk if @live_stderr
rescue EOFError
stderr_read.close
open_streams.delete(stderr_read)
end
end
true
end
# Use to support array passing semantics on windows
#
# 1. strings with whitespace or quotes in them need quotes around them.
# 2. interior quotes need to get backslash escaped (parser needs to know when it really ends).
# 3. random backlsashes in paths themselves remain untouched.
# 4. if the argument must be quoted by #1 and terminates in a sequence of backslashes then all the backlashes must themselves
# be backslash excaped (double the backslashes).
# 5. if an interior quote that must be escaped by #2 has a sequence of backslashes before it then all the backslashes must
# themselves be backslash excaped along with the backslash escape of the interior quote (double plus one backslashes).
#
# And to restate. We are constructing a string which will be parsed by the windows parser into arguments, and we want those
# arguments to match the *args array we are passed here. So call the windows parser operation A then we need to apply A^-1 to
# our args to construct the string so that applying A gives windows back our *args.
#
# And when the windows parser sees a series of backslashes followed by a double quote, it has to determine if that double quote
# is terminating or not, and how many backslashes to insert in the args. So what it does is divide it by two (rounding down) to
# get the number of backslashes to insert. Then if it is even the double quotes terminate the argument. If it is even the
# double quotes are interior double quotes (the extra backslash quotes the double quote).
#
# We construct the inverse operation so interior double quotes preceeded by N backslashes get 2N+1 backslashes in front of the quote,
# while trailing N backslashes get 2N backslashes in front of the quote that terminates the argument.
#
# see: https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/
#
# @api private
# @param args [Array<String>] array of command arguments
# @return String
def combine_args(*args)
return args[0] if args.length == 1
args.map do |arg|
if arg =~ /[ \t\n\v"]/
arg = arg.gsub(/(\\*)"/, '\1\1\"') # interior quotes with N preceeding backslashes need 2N+1 backslashes
arg = arg.sub(/(\\+)$/, '\1\1') # trailing N backslashes need to become 2N backslashes
"\"#{arg}\""
else
arg
end
end.join(" ")
end
def command_to_run(command)
return run_under_cmd(command) if should_run_under_cmd?(command)
candidate = candidate_executable_for_command(command)
if candidate.length == 0
raise Mixlib::ShellOut::EmptyWindowsCommand, "could not parse script/executable out of command: `#{command}`"
end
# Check if the exe exists directly. Otherwise, search PATH.
exe = which(candidate)
if exe_needs_cmd?(exe)
run_under_cmd(command)
else
[ exe, command ]
end
end
# Batch files MUST use cmd; and if we couldn't find the command we're looking for,
# we assume it must be a cmd builtin.
def exe_needs_cmd?(exe)
!exe || exe =~ /\.bat"?$|\.cmd"?$/i
end
# cmd does not parse multiple quotes well unless the whole thing is wrapped up in quotes.
# https://github.com/chef/mixlib-shellout/pull/2#issuecomment-4837859
# http://ss64.com/nt/syntax-esc.html
def run_under_cmd(command)
[ ENV["COMSPEC"], "cmd /c \"#{command}\"" ]
end
# FIXME: this extracts ARGV[0] but is it correct?
def candidate_executable_for_command(command)
if command =~ /^\s*"(.*?)"/ || command =~ /^\s*([^\s]+)/
# If we have quotes, do an exact match, else pick the first word ignoring the leading spaces
$1
else
""
end
end
def inherit_environment
result = {}
ENV.each_pair do |k, v|
result[k] = v
end
environment.each_pair do |k, v|
if v.nil?
result.delete(k)
else
result[k] = v
end
end
result
end
# api: semi-private
# If there are special characters parsable by cmd.exe (such as file redirection), then
# this method should return true.
#
# This parser is based on
# https://github.com/ruby/ruby/blob/9073db5cb1d3173aff62be5b48d00f0fb2890991/win32/win32.c#L1437
def should_run_under_cmd?(command)
return true if command =~ /^@/
quote = nil
env = false
env_first_char = false
command.dup.each_char do |c|
case c
when "'", '"'
if !quote
quote = c
elsif quote == c
quote = nil
end
next
when ">", "<", "|", "&", "\n"
return true unless quote
when "%"
return true if env
env = env_first_char = true
next
else
next unless env
if env_first_char
env_first_char = false
(env = false) && next if c !~ /[A-Za-z_]/
end
env = false if c !~ /[A-Za-z1-9_]/
end
end
false
end
# FIXME: reduce code duplication with chef/chef
def which(cmd)
exts = ENV["PATHEXT"] ? ENV["PATHEXT"].split(";") + [""] : [""]
# windows always searches '.' first
exts.each do |ext|
filename = "#{cmd}#{ext}"
return filename if File.executable?(filename) && !File.directory?(filename)
end
# only search through the path if the Filename does not contain separators
if File.basename(cmd) == cmd
paths = ENV["PATH"].split(File::PATH_SEPARATOR)
paths.each do |path|
exts.each do |ext|
filename = File.join(path, "#{cmd}#{ext}")
return filename if File.executable?(filename) && !File.directory?(filename)
end
end
end
false
end
def system_required_processes
[
"System Idle Process",
"System",
"spoolsv.exe",
"lsass.exe",
"csrss.exe",
"smss.exe",
"svchost.exe",
]
end
def unsafe_process?(name, logger)
return false unless system_required_processes.include? name
logger.debug(
"A request to kill a critical system process - #{name} - was received and skipped."
)
true
end
# recursively kills all child processes of given pid
# calls itself querying for children child procs until
# none remain. Important that a single WmiLite instance
# is passed in since each creates its own WMI rpc process
def kill_process_tree(pid, wmi, logger)
wmi.query("select * from Win32_Process where ParentProcessID=#{pid}").each do |instance|
next if unsafe_process?(instance.wmi_ole_object.name, logger)
child_pid = instance.wmi_ole_object.processid
kill_process_tree(child_pid, wmi, logger)
kill_process(instance, logger)
end
end
def kill_process(instance, logger)
child_pid = instance.wmi_ole_object.processid
logger&.debug([
"killing child process #{child_pid}::",
"#{instance.wmi_ole_object.Name} of parent #{pid}",
].join)
Process.kill(:KILL, instance.wmi_ole_object.processid)
rescue SystemCallError
logger&.debug([
"Failed to kill child process #{child_pid}::",
"#{instance.wmi_ole_object.Name} of parent #{pid}",
].join)
end
def format_process(process, app_name, command_line, timeout)
msg = []
msg << "ProcessId: #{process.process_id}"
msg << "app_name: #{app_name}"
msg << "command_line: #{command_line}"
msg << "timeout: #{timeout}"
msg.join("\n")
end
# DEPRECATED do not use
class Utils
include Mixlib::ShellOut::Windows
def self.should_run_under_cmd?(cmd)
Mixlib::ShellOut::Windows::Utils.new.send(:should_run_under_cmd?, cmd)
end
end
end
end
end
|
