func spawn(cmd *exec.Cmd, _ *garden.TTYSpec, stdout io.Writer, stderr io.Writer) (process, io.WriteCloser, error) { ro, wo, err := os.Pipe() if err != nil { return nil, nil, fmt.Errorf("pipe failed: %s", err) } re, we, err := os.Pipe() if err != nil { return nil, nil, fmt.Errorf("pipe failed: %s", err) } ri, wi, err := os.Pipe() if err != nil { return nil, nil, fmt.Errorf("pipe failed: %s", err) } go io.Copy(stdout, ro) go io.Copy(stderr, re) attr := &syscall.ProcAttr{ Dir: cmd.Dir, Env: cmd.Env, Files: []uintptr{ri.Fd(), wo.Fd(), we.Fd()}, } lookedUpPath, err := lookExtensions(cmd.Path, cmd.Dir) if err != nil { return nil, nil, fmt.Errorf("look extensions failed: %s", err) } // Acquire the fork lock so that no other threads // create new fds that are not yet close-on-exec // before we fork. syscall.ForkLock.Lock() defer syscall.ForkLock.Unlock() p, _ := syscall.GetCurrentProcess() fd := make([]syscall.Handle, len(attr.Files)) for i := range attr.Files { if attr.Files[i] > 0 { err := syscall.DuplicateHandle(p, syscall.Handle(attr.Files[i]), p, &fd[i], 0, true, syscall.DUPLICATE_SAME_ACCESS) if err != nil { return nil, nil, fmt.Errorf("duplicating handle failed: %s", err) } defer syscall.CloseHandle(syscall.Handle(fd[i])) } } si := new(syscall.StartupInfo) si.Cb = uint32(unsafe.Sizeof(*si)) si.Flags = syscall.STARTF_USESTDHANDLES si.StdInput = fd[0] si.StdOutput = fd[1] si.StdErr = fd[2] pi := new(syscall.ProcessInformation) flags := uint32(syscall.CREATE_UNICODE_ENVIRONMENT) flags |= win32.CREATE_SUSPENDED flags |= win32.CREATE_BREAKAWAY_FROM_JOB argvp0, err := syscall.UTF16PtrFromString(lookedUpPath) if err != nil { return nil, nil, fmt.Errorf("stringing failed: %s", err) } argvp0v0v0v0, err := syscall.UTF16PtrFromString(makeCmdLine(cmd.Args)) if err != nil { return nil, nil, fmt.Errorf("stringing failed: %s", err) } dirp, err := syscall.UTF16PtrFromString(attr.Dir) if err != nil { return nil, nil, fmt.Errorf("stringing failed: %s", err) } err = syscall.CreateProcess( argvp0, argvp0v0v0v0, nil, nil, true, flags, createEnvBlock(attr.Env), dirp, si, pi, ) if err != nil { return nil, nil, fmt.Errorf("create process: %s", err) } ri.Close() wo.Close() we.Close() jobName, err := syscall.UTF16PtrFromString(fmt.Sprintf("%d", time.Now().UnixNano())) if err != nil { return nil, nil, fmt.Errorf("stringing failed: %s", err) } jobHandle, err := win32.CreateJobObject(nil, jobName) if err != nil { return nil, nil, fmt.Errorf("create job failed: %s", err) } err = win32.AssignProcessToJobObject(jobHandle, pi.Process) if err != nil { return nil, nil, fmt.Errorf("assign failed: %s", err) } _, err = win32.ResumeThread(pi.Thread) if err != nil { return nil, nil, fmt.Errorf("resume failed: %s", err) } return &jobProcess{ jobHandle: jobHandle, processHandle: pi.Process, }, wi, nil }
func startProcessAsUser( argv0 string, argv []string, username string, domain string, password string, attr *syscall.ProcAttr, ) (pid int, handle uintptr, err error) { if len(argv0) == 0 { return 0, 0, syscall.EWINDOWS } if attr == nil { attr = &zeroProcAttr } sys := attr.Sys if sys == nil { sys = &zeroSysProcAttr } if len(attr.Files) > 3 { return 0, 0, syscall.EWINDOWS } if len(attr.Files) < 3 { return 0, 0, syscall.EINVAL } if len(attr.Dir) != 0 { // StartProcess assumes that argv0 is relative to attr.Dir, // because it implies Chdir(attr.Dir) before executing argv0. // Windows CreateProcess assumes the opposite: it looks for // argv0 relative to the current directory, and, only once the new // process is started, it does Chdir(attr.Dir). We are adjusting // for that difference here by making argv0 absolute. var err error argv0, err = joinExeDirAndFName(attr.Dir, argv0) if err != nil { return 0, 0, err } } argv0p, err := syscall.UTF16PtrFromString(argv0) if err != nil { return 0, 0, err } var cmdline string // Windows CreateProcess takes the command line as a single string: // use attr.CmdLine if set, else build the command line by escaping // and joining each argument with spaces if sys.CmdLine != "" { cmdline = sys.CmdLine } else { cmdline = makeCmdLine(argv) } var argvp *uint16 if len(cmdline) != 0 { argvp, err = syscall.UTF16PtrFromString(cmdline) if err != nil { return 0, 0, err } } // Acquire the fork lock so that no other threads // create new fds that are not yet close-on-exec // before we fork. syscall.ForkLock.Lock() defer syscall.ForkLock.Unlock() p, _ := syscall.GetCurrentProcess() fd := make([]syscall.Handle, len(attr.Files)) for i := range attr.Files { if attr.Files[i] > 0 { err = syscall.DuplicateHandle(p, syscall.Handle(attr.Files[i]), p, &fd[i], 0, true, syscall.DUPLICATE_SAME_ACCESS) if err != nil { return 0, 0, errors.New("DuplicateHandle: " + err.Error()) } defer syscall.CloseHandle(syscall.Handle(fd[i])) } } si := new(syscall.StartupInfo) si.Cb = uint32(unsafe.Sizeof(*si)) si.Flags = syscall.STARTF_USESTDHANDLES if sys.HideWindow { si.Flags |= syscall.STARTF_USESHOWWINDOW si.ShowWindow = syscall.SW_HIDE } si.StdInput = fd[0] si.StdOutput = fd[1] si.StdErr = fd[2] token, err := logonUser(username, domain, password, logon32LogonInteractive, logon32ProviderDefault) if err != nil { return 0, 0, errors.New("logonUser: "******"createEnvironmentBlock: " + err.Error()) } env = &e[0] } else { env = createEnvBlock(attr.Env) } err = impersonateLoggedOnUser(token) if err != nil { return 0, 0, errors.New("impersonateLoggedOnUser: "******"createProcessAsUser: " + err.Error()) } defer syscall.CloseHandle(syscall.Handle(pi.Thread)) return int(pi.ProcessId), uintptr(pi.Process), nil }