From 2a6b16e0baf55c9c5f3b65d2ccde4bebf2955b82 Mon Sep 17 00:00:00 2001
From: Sven Rebhan <36194019+srebhan@users.noreply.github.com>
Date: Mon, 16 Oct 2023 16:34:15 +0200
Subject: [PATCH] feat(inputs.win_service): Reduce required rights to
 GENERIC_READ (#14073)

---
 plugins/inputs/win_services/win_services.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/plugins/inputs/win_services/win_services.go b/plugins/inputs/win_services/win_services.go
index 05e00f463..34139b5aa 100644
--- a/plugins/inputs/win_services/win_services.go
+++ b/plugins/inputs/win_services/win_services.go
@@ -8,7 +8,9 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"syscall"
 
+	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
 	"golang.org/x/sys/windows/svc/mgr"
 
@@ -67,8 +69,17 @@ func (m *WinSvcMgr) Disconnect() error {
 }
 
 func (m *WinSvcMgr) OpenService(name string) (WinService, error) {
-	return m.realMgr.OpenService(name)
+	serviceName, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return nil, fmt.Errorf("cannot convert service name %q: %w", name, err)
+	}
+	h, err := windows.OpenService(m.realMgr.Handle, serviceName, windows.GENERIC_READ)
+	if err != nil {
+		return nil, err
+	}
+	return &mgr.Service{Name: name, Handle: h}, nil
 }
+
 func (m *WinSvcMgr) ListServices() ([]string, error) {
 	return m.realMgr.ListServices()
 }
@@ -78,10 +89,11 @@ type MgProvider struct {
 }
 
 func (rmr *MgProvider) Connect() (WinServiceManager, error) {
-	scmgr, err := mgr.Connect()
+	h, err := windows.OpenSCManager(nil, nil, windows.GENERIC_READ)
 	if err != nil {
 		return nil, err
 	}
+	scmgr := &mgr.Mgr{Handle: h}
 	return &WinSvcMgr{scmgr}, nil
 }