[ZBX-9283] Zabbix agent running on domain account does not get proc_info[] for windows services. Created: 2015 Feb 04 Updated: 2017 May 30 Resolved: 2015 Feb 25 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Agent (G) |
Affects Version/s: | 2.4.1 |
Fix Version/s: | 2.2.9rc1, 2.4.5rc1, 2.5.0 |
Type: | Incident report | Priority: | Minor |
Reporter: | Vladimir Selivanov | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | permissions, process, services, windows | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Zabbix agent for Win 2.4.1. |
Attachments: | zabbix_agentd_fixed.exe zabbix_agentd_fixed_x64.exe |
Description |
I installed zabbix agent on windows 2008 computer as service. If zabbix agent started from local system account, then it return right data from If zabbix agent started from domain account (zabbiz_agent) which have administrative rights on this computer, then items I need launching zabbix agent with domain account. Zabbix agent for Win 2.4.1. |
Comments |
Comment by richlv [ 2015 Feb 05 ] |
could this be the same as |
Comment by Vladimir Selivanov [ 2015 Feb 09 ] |
yes. it is the same.
|
Comment by dimir [ 2015 Feb 09 ] |
Thansk for reporting it, this will be fixed in |
Comment by Vladimir Selivanov [ 2015 Feb 09 ] |
in Resolved for proc.num[]. Please reopen this issue. |
Comment by dimir [ 2015 Feb 09 ] |
I tried to resolve both issues in |
Comment by dimir [ 2015 Feb 09 ] |
I have changed the title of this issue to reflect proc_info only. I have found out that behavior of our current functionality to get process information (for proc_info) on Windows e. g 2000 and 2008 acts differently. Namely, it depends on requested access rights when calling OpenProcess(). According to https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx for older versions (up to, including, Windows Server 2003 and Windows XP) we must use PROCESS_QUERY_INFORMATION access rights, for newer versions it is enough to request PROCESS_QUERY_LIMITED_INFORMATION . On newer Windows version the latter allows us collecting more information about the processes we do not own. We'll think on how to implement it properly and then provide the solution. |
Comment by dimir [ 2015 Feb 09 ] |
Attached binaries for testing (x86 and x64). It would be great if you could test it. Example usage, x64 version: zabbix_agentd_fixed_x64.exe -c \zabbix_agentd.conf -t proc_info[ragent.exe,wkset,sum] Example usage, x86 version: zabbix_agentd_fixed.exe -c \zabbix_agentd.conf -t proc_info[ragent.exe,wkset,sum] |
Comment by Vladimir Selivanov [ 2015 Feb 10 ] |
I have tested attached yesterday binary x64 on win2012x64. |
Comment by dimir [ 2015 Feb 10 ] |
Ah, thanks. I have re-attached the binaries that are just usual agents with fixed code. These do not contain test item proc_num2. These should work for both, Windows versions up to XP (or Server 2003) as well as later versions. |
Comment by Vladimir Selivanov [ 2015 Feb 10 ] |
I have tested latest binary_x64 on win2012x64. |
Comment by Vladimir Selivanov [ 2015 Feb 10 ] |
I found a new problem with proc_info with right: |
Comment by dimir [ 2015 Feb 10 ] |
If there are not enough rights we can't do anything. When we just retrieve a list of names of running processes (proc.num) we don't need specific rights to every process. When we request information about a process (proc_info) we may hit denied access. This is why a certain process may be reported in proc.num but not proc_info. |
Comment by dimir [ 2015 Feb 10 ] |
Let's add some implementation details here. Requesting information on a process is done on a process handle. A process handle is requested from operating system with desired access rights. Starting with Windows Vista (major version 6) Microsoft introduced new access right called PROCESS_QUERY_LIMITED_INFORMATION and since then that must be used in order to retrieve information supported by proc_info item. Before:
After:
More information: |
Comment by Andris Zeila [ 2015 Feb 11 ] |
Successfully tested |
Comment by dimir [ 2015 Feb 24 ] |
Fixed in pre-2.2.9 r52384, pre-2.4.5 r52385, pre-2.5.0 r52386. |
Comment by dimir [ 2015 Feb 24 ] |
(1) [D] sasha CLOSED |
Comment by MATSUDA Daiki [ 2015 Feb 25 ] |
I watched the fixed code, but it is not cool. following should be put out of do ... while() loop. DWORD access; if (NULL == (vi = zbx_win_getversion())) { SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot retrieve system version.")); ret = SYSINFO_RET_FAIL; break; }if (6 > vi->dwMajorVersion) { /* PROCESS_QUERY_LIMITED_INFORMATION is not supported on Windows Server 2003 and XP */ access = PROCESS_QUERY_INFORMATION; } else |
Comment by dimir [ 2015 Feb 25 ] |
Reopening to fix getting Windows version as suggested by [email protected]. |
Comment by dimir [ 2015 Feb 25 ] |
(2) Version check out of loop fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-9283 Actually requesting Windows version from operating system is only done once anyway (this is how zbx_win_getversion() is implemented) but I agree, doing it in a loop is silly anyway. Thanks for that notice! wiper CLOSED |