Windows: Do not fail ProcState.Get when run by non-admin #121

When running under Windows as a non-administrator user, ProcState.Get() will fail with the error "OpenProcessToken failed for pid=XXX: Permission denied". This is a known issue under Windows: A non-admin won't be able to access the token of most processes, regardless of privileges (i.e. SeDebugPrivilege). We should still allow ProcState.Get to return with a missing username instead of failing completely.
opsramp · May 27, 2019 · eed54fc · eed54fc
2 parents 1227b9d + ca8679e
commit eed54fc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 
 ### Fixed
+- ProcState.Get() doesn't fail under Windows when it cannot obtain process ownership information. #121
 
 ### Changed
 

diff --git a/sigar_windows.go b/sigar_windows.go
@@ -194,10 +194,11 @@ func (self *ProcState) Get(pid int) error {
 		errs = append(errs, errors.Wrap(err, "getParentPid failed"))
 	}
 
-	self.Username, err = getProcCredName(pid)
-	if err != nil {
-		errs = append(errs, errors.Wrap(err, "getProcCredName failed"))
-	}
+	// getProcCredName will often fail when run as a non-admin user. This is
+	// caused by strict ACL of the process token belonging to other users.
+	// Instead of failing completely, ignore this error and still return most
+	// data with an empty Username.
+	self.Username, _ = getProcCredName(pid)
 
 	if len(errs) > 0 {
 		errStrs := make([]string, 0, len(errs))
@@ -274,19 +275,15 @@ func getProcCredName(pid int) (string, error) {
 	if err != nil {
 		return "", errors.Wrapf(err, "OpenProcessToken failed for pid=%v", pid)
 	}
+	// Close token to prevent handle leaks.
+	defer token.Close()
 
 	// Find the token user.
 	tokenUser, err := token.GetTokenUser()
 	if err != nil {
 		return "", errors.Wrapf(err, "GetTokenInformation failed for pid=%v", pid)
 	}
 
-	// Close token to prevent handle leaks.
-	err = token.Close()
-	if err != nil {
-		return "", errors.Wrapf(err, "failed while closing process token handle for pid=%v", pid)
-	}
-
 	// Look up domain account by SID.
 	account, domain, _, err := tokenUser.User.Sid.LookupAccount("")
 	if err != nil {