How do I modify the Password command line argument before installing the service

[Kobus Smit]

Hi

I want to install my service via the command line and by specifying an encrypted password, for example

MyService.exe install -servicename "MyService" -username "MyPC\MyServiceUser" -password "0D689361D6D7DC4E"

I've tried to modify the password argument in the constructor  

public class MyService: ServiceControl
{
  public static int Main(string[] args)
  {
    DecodePasswords(args);
    var host = HostFactory.New(x =>
    {
      x.Service<MyService>(hostSettings => new MyService(hostSettings));
    }); 
    return OkStatuses.Contains(exitCode) ? 0 : (int)exitCode;
  }

  private static bool IsInstalling(string[] args)
  {
      return (args.Length > 2) && (args[0].ToUpper() == "INSTALL");
  }
 
  private static void DecodePasswords(string[] args)
  {
      if (IsInstalling(args))
      {
          var encryptedPassword = string.Empty;
          for (int i = 1; i < args.Length; i++)
          {
              var arg = args[i].Trim().ToUpper();
              if (arg == "-PASSWORD" && ((i + 1 < args.Length)))
              {
                  encryptedPassword = args[i + 1];
                  try
                  {
                      args[i + 1] = DecodePassword(encryptedPassword);
                      Console.WriteLine(args[i + 1]); //TODO TEMP
                  }
                  catch
                  {
                      //ignore
                      break;
                  }
                  break;
              }
          }
      }
  }
}

I've checked the arguments and decoded password and they are correct, but when I start the service the following error occurs:

The MyService service failed to start due to the following error: 
The service did not start due to a log-on failure. 
 
 
The MyService service was unable to log on as .\MyServiceUser with the currently configured password due to the following error: 
The username or password is incorrect.


I've tried BeforeInstall but HostSettings but contains the ServiceName etc. but not the Password.

Please advise.

[Dru Sellers]

Currently you can READ the password in BeforeInstall

            return (int)HostFactory.Run(x =>

                {

                    x.BeforeInstall(installOptions =>

                    {

                        installOptions.Password = "abc"; //compile error

                    });

                });

One option we could do is make the password setable, or we could add a decode method like

            return (int)HostFactory.Run(x =>

                {

                    x.BeforeInstall(installOptions =>

                    {

                        installOptions.DecryptPassword(cipherText => ConvertToPlainText(cipherText)); //DecryptPassword(Func<string, string>)

                    });

                });

Thoughts anyone?

-d

--
You received this message because you are subscribed to the Google Groups "topshelf-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to topshelf-discu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Travis Smith]

Just thinking aloud...

* Writable on BeforeInstall: This seems to open up the doors to a number of ways to handle this. Least prescriptive on how to deal with this. 

* Decoder in BeforeInstall: This seems to limit what we're allowing here. The only option would be a simple decryptor. Maybe that is the right answer, but I expect someone else will come up with something else in the future they want. 

* Right now, I don't think you can provide a username or password only, but must pass them both. One could do something like -CustomUsername and -CustomPassword then try to implement that conversion into a x.RunAs(..., ...) call. I do not know if that would work out of the box currently or not. 

Also, remember to use something external to your executable for the decryption, such as the machine key. Otherwise you're not securing anything since the attacker has everything they need inside a deployment. 

-Travis

[Kobus Smit]

Writable on BeforeInstall would work best in my case as I'm using my own method to do the decryption.

[Kobus Smit]

Hi guys

Any feedback/possible ETA on the ability to set the password in BeforeInstall?

Do I need to log it at https://github.com/Topshelf/Topshelf/issues ?

Thanks!

[Chris Patterson]

First, if it's not logged as an issue on GitHub, it will likely get missed. The mailing list is not a good place for issue tracking.

Second, a pull request is a great way to get the work started, so that it can be reviewed and tweaked and ultimately into the next release.

[Dru Sellers]

Hi there, I did a quick look back when the Synthroid first started and I really do think this is going to be as simple as just adding a center to a class so if you have never done a pull request this would be a really great time to do so because it's so simple if you have any questions about how to submit requests I'd be happy to help you with that otherwise thank you for finding this and hopefully sending us an awesome pull request. 

-d

[Kijana Woodard]

" when the Synthroid first started"

"simple as just adding a center to a class"

Phone speak???

Or maybe I really need to read up on c# 6. ;-]

[Dru Sellers]

Oh Siri you're so fun. 

-d

[Kobus Smit]

Thanks Siri for obfuscating that hint message :-) 

I've forked and made the Password writeable but that is not enough for it to work correctly...

The problem is the HostServiceInstaller is created with command line passed password already and then only the BeforeInstall is called. So it is too late to just set the new password in BeforeInstall?

https://github.com/Topshelf/Topshelf/blob/6cfeffea29b59ca7f640b568c9174657709a25d9/src/Topshelf/Runtime/Windows/WindowsHostEnvironment.cs#L205

[Kobus Smit]

Pull request for further discussion: https://github.com/Topshelf/Topshelf/pull/222