| Author |
|
maba
Joined: 05 Feb 2012
Posts: 64
Location: Germany, Heilbronn
|
 Posted: Fri 18 Mar '16 11:21 Post subject: Apache Service "Interactive" in newer Windows vers |
 |
|
As the title suggests, I am trying to make my Apache Service "Interactive" under Windows 7 and later. Microsoft has introduced session isolation with Windows Vista as described here:
https://msdn.microsoft.com/de-de/library/windows/desktop/ms683502(v=vs.85).aspx
and
https://msdn.microsoft.com/en-us/library/windows/hardware/dn653293(v=vs.85).aspx
I also found an older topic in the ApacheLounge forum:
https://www.apachelounge.com/viewtopic.php?t=5931
Goal:
be able to perform background PDF conversion using LibreOffice command line.
This seems to require an interactive desktop.
Environment:
- Windows 7, Windows Server 2012R2, Windows Server 2008R2
- Apache 2.4.16, 2.4.18
What I have tried so far (testing is all done on the Windows 7 box):
- created Desktop folders for SYSTEM account
| Code: |
mkdir C:\Windows\SysWOW64\config\systemprofile\Desktop
mkdir C:\Windows\System32\config\systemprofile\Desktop
|
- Checked the flag "Interact with desktop" (still using the SYSTEM user)
- Run Apache on a special "Standard User" account with "Service" privileges (and with manual registry tweak to turn on "Interact with desktop" (0x00000110)
Nothing worked so far. I have two very simple tests, both implemented as CGI Batch files (to rule out any influences from other scripting languages.
Test script 1 looks like this (purpose is PDF conversion of an Excel document):
| Code: |
@echo off
echo Content-Type: text/plain
echo.
echo PATH %PATH%
set PATH="C:\Program Files\LibreOffice 5\program;%PATH%"
echo PATH %PATH%
"C:\Program Files\LibreOffice 5\program\scalc.exe" --headless --convert-to pdf --outdir C:\websvr\tmp_pdf C:\websvr\imsfiles\qims\DOK\AKTIV\AA_07-01.xlsx
dir
|
Test script 2 looks like this (just fire up Notepad for testing):
| Code: |
@echo off
echo Content-Type: text/plain
echo.
notepad
dir
|
Both scripts work fine when Apache is started from the console and both scripts refuse to work when Apache is started as a service (regardless what the config looks like).
Any help is greatly appreciated.
Maba |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 18 Mar '16 16:05 Post subject: |
|
|
| Is that so different from running apache as an account with guest permissions? We had a topic with jailing apache. |
|
| Back to top |
|
maba
Joined: 05 Feb 2012
Posts: 64
Location: Germany, Heilbronn
|
| Posted: Fri 18 Mar '16 20:46 Post subject: |
|
|
The question is, how to get around this. I need the old functionality back (which was working fine until Windows Server 2003, Windows XP) where Apache can call scripts that need an "Interactive Desktop".
AKA: Unjailing Apache is my goal. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
maba
Joined: 05 Feb 2012
Posts: 64
Location: Germany, Heilbronn
|
| Posted: Sat 19 Mar '16 19:42 Post subject: |
|
|
Pure VBS will work (or COM / .NET for that matter). The key differentiator is whether or not the called program requires what Microsoft calls an "Interactive Desktop".
This is why I have included the two cgi batch programs. The simplest test is to fire up "Notepad". The batch program itself will obviously block if you do not push the "Close" button on Notepad prior to the Apache timeout. |
|
| Back to top |
|
maba
Joined: 05 Feb 2012
Posts: 64
Location: Germany, Heilbronn
|
| Posted: Sat 19 Mar '16 19:46 Post subject: |
|
|
| Actually you were my hope. If someone would know, it must be JB I thought. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 21 Mar '16 18:10 Post subject: |
|
|
Since the scripts do work fine in console.
Why don't you create a normal windows user. Login with that user so the default files and directories will be created and then change the user from apache service to that user?
in the vhost I tried the following ( running apache as my user ( not admin) )
| Code: |
AddHandler cgi-script .cmd .bat
AddHandler cgi-script .vbs
Options ExecCGI |
your script 2 works, but it never closes the APP.
test.vbs works
| Code: |
'!c:/windows/system32/cscript -nologo
Option Explicit
Dim objShell, objArray, str, envvar, envval
Set objShell = CreateObject("WScript.Shell")
Set objArray = CreateObject("System.Collections.ArrayList")
WScript.StdOut.WriteLine "Content-type: text/plain; charset=iso-8859-1" & vbLF
For Each str In objShell.Environment("PROCESS")
objArray.Add str
Next
objArray.Sort()
For Each str In objArray
envvar = Left(str, InStr(str, "="))
envval = Replace(Mid(str, InStr(str, "=") + 1), vbLF, "\n")
WScript.StdOut.WriteLine envvar & Chr(34) & envval & Chr(34)
Next
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 21 Mar '16 18:15 Post subject: |
|
|
Your script 2 works also with the default system account if I enable the correct checkbox.
"Datenaustausch zwischen Dienst und Desktop zulassen." ( on the second tab "Anmelden". )
However running a vbs as cgi can and will work fine. Even closing the app after running works.
Tested on Windows 7 Pro. |
|
| Back to top |
|
maba
Joined: 05 Feb 2012
Posts: 64
Location: Germany, Heilbronn
|
| Posted: Tue 22 Mar '16 14:19 Post subject: |
|
|
| I will do some more testing and keep you posted. |
|
| Back to top |
|
