Unable to run as a non-admin

Question

Unable to run as a non-admin

kwygant opened this issue 5 years ago · 6 comments

Polaris Bug Report

Description of the bug

Unable to run Polaris as a non-admin due to httplistener use of http.sys and that needs admin rights to create a port reservation.

Steps to reproduce

Steps to reproduce the behavior:

Attempt to create a Polaris route and start polaris as a non-admin, you get access denied. If you use an admin account to pre-create a url reservation via "netsh http add urlacl url=http://:8082/ user=<USER>", you will no longer get access denied however Polaris will still not be responsive. This is due to line 265 of polaris.class $this.UriPrefix = $ListenerPrefix + '://' + $HostName + ':' + $this.Port + '/'" is creating the UriPrefix for the root path, not the specific route. If I manually modified that line to reflect the route, everything worked,

Expected behavior

If url reservation(s) is/are pre-created by an admin, Polaris should do the other side and create uriprefixes for each route. I'd suggest a foreach to create the uriprefix for each route. Something like

    ForEach($route in $routes){
        $this.UriPrefix = $ListenerPrefix + '://' + $HostName + ':' + $this.Port + $route + '/'

        $this.Listener.Prefixes.Add($this.UriPrefix)

        $this.Log("URI Prefix set to: $($this.UriPrefix)")
    }

Verbose output of the script

"PS C:\temp> C:\temp\polaris.ps1
VERBOSE: URI Prefix set to: http://CM4:8082/
VERBOSE: Authentication Scheme set to: Anonymous
Exception calling "Start" with "0" argument(s): "Access is denied"
At D:\Polaris\lib\Polaris.Class.ps1:283 char:9

```
    $this.Listener.Start()
```
```
    ~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : HttpListenerException
  "

Additional context

Add any other context about the problem here.

Version Information

Name	Version
Polaris	0.2.0

PSVersion	PSEdition	PSCompatibleVersions	BuildVersion	CLRVersion	WSManStackVersion	PSRemotingProtocolVersion	SerializationVersion
5.1.17763.503	Desktop	1.0.-1.-1, 2.0.-1.-1, 3.0.-1.-1, 4.0.-1.-1, 5.0.-1.-1, 5.1.17763.503	10.0.17763.503	4.0.30319.42000	3.0	2.3	1.1.0.1

```

Answer 1 · 2019-11-08T16:08:40.000Z

Also, wildcards in the url reservation did not work for me, nor did using "everyone". I had to use the exact url and user I was going to run Polaris as,

Answer 2 · 2019-11-08T16:31:02.000Z

Hi kwygant,

It looks like you may have a typo in your urlacl command. I just tested to make sure and this works for me:

Run as admin user

netsh http add urlacl url=http://CM4:8082/ user=MYDOMAIN\MYUSER

Run as MYDOMAIN\MYUSER (non-administrator)

Start-Polaris -Port 8082 -HostName CM4

If you wanted to do wildcards you should be able to do:

Run as admin user

netsh http add urlacl url=http://*:8082/ user=MYDOMAIN\MYUSER

Run as MYDOMAIN\MYUSER (non-administrator)

Start-Polaris -Port 8082 -HostName "+"

Answer 3 · 2019-11-08T16:31:52.000Z

Optionally of course for local development or if you're hosting inside of a docker environment localhost and 127.0.0.1 do not require admin rights or a urlacl to use.

Answer 4 · 2019-11-08T17:33:15.000Z

Somehow when I was removing the hostname and domain, I didn't get the new ones to stick. The command I ran looks just like what you have so I tried starting over on a new test system. I must have the other test system screwed up from everything I was trying. I'll reset it and try again with my custom routes added.

Answer 5 · 2019-11-08T17:39:50.000Z

Sounds good. I'll hold the bug open until we hear back it's working for you.

Answer 6 · 2019-11-08T18:05:51.000Z

Confirmed on multiple systems to work, it was just that test box.