sharing\natives\windows/

windows.rs

/*
 * Authors: Jorge.A Duran & Mario Gónzalez
 * Company: pispas Technologies SL
 * Date: April 23, 2023
 * Description: windows definition and implementation for singleton.
 */
use std::ffi::CString;

#[allow(unused)]
use winapi::um::synchapi::{CreateMutexA, ReleaseMutex, WaitForSingleObject};
use winapi::um::winnt::HANDLE;
use std::io::Write;
use std::net::TcpStream;
pub type MutexHandle = HANDLE;
pub enum ResultCode {
    Ok,
    Abandoned = winapi::um::winbase::WAIT_ABANDONED as isize,
}

use std::process::{Command, Stdio};
use std::thread::sleep;

pub fn powershell_message_box_non_blocking(message: &str) {
    let title = "UNPISPAS SERVICIO IMPRESION"; 
    let command = format!(
        "[reflection.assembly]::LoadWithPartialName('System.Windows.Forms')|out-null;[windows.forms.messagebox]::Show('{}', '{}')",
        message, title
    );

    let result = Command::new("powershell")        
        .arg("-WindowStyle")
        .arg("Hidden")  
        .arg("-Command")
        .arg(command)
        .stdout(Stdio::null()) 
        .stderr(Stdio::piped())
        .spawn(); 
    
    if let Err(e) = result {
        tracing::error!("Error al ejecutar el comando PowerShell: {}", e);
    }
}

pub fn create_mutex(name: &str) -> MutexHandle {
    unsafe {
        let mutex_name = CString::new(name).unwrap();
        CreateMutexA(std::ptr::null_mut(), 1, mutex_name.as_ptr())
    }
}

pub unsafe fn close_handle(handle: MutexHandle) {
    unsafe {
        winapi::um::handleapi::CloseHandle(handle);
    }
}

pub fn send_messagebox_to_tray(message: String) -> crate::PisPasResult<()> {
    match TcpStream::connect(crate::CHANNEL_NAME) {
        Ok(mut stream) => {
            // Aquí, pasamos el mensaje real
            let action = crate::service::Action::MessageBox(message);
            match stream.write_all(action.to_string().as_bytes()) {
                Ok(_) => {
                    tracing::info!("Message sent: {}", action.to_string());
                    return Ok(());
                }
                Err(e) => {
                    tracing::error!("Failed to write to socket in dedicated thread {}", e);
                    return Err(anyhow::anyhow!("Failed to write to socket in dedicated thread {}", e));
                }
            }
        }
        Err(e) => {
            tracing::error!("Error connecting to pispas-channel: {}", e);
        }
    }
    Ok(())
}

pub fn stop_pispas_modules() -> crate::PisPasResult<()> {
    match TcpStream::connect(crate::CHANNEL_NAME) {
        Ok(mut stream) => {
            match stream.write_all(crate::service::Action::Stop.to_string().as_bytes()) {
                Ok(_) => {
                    tracing::info!("Message sent: {}", crate::service::Action::Stop.to_string());
                    return Ok(());
                }
                Err(e) => {
                    tracing::error!("Failed to write to socket in dedicated thread {}", e);
                    return Err(anyhow::anyhow!("Failed to write to socket in dedicated thread {}", e));
                }
            }
        }
        Err(e) => {
            tracing::error!("Error connecting to pispas-channel: {}", e);            
        }
    }
    sleep(std::time::Duration::from_secs(1));
    Ok(())
}

pub unsafe fn wait_for_single_object(handle: MutexHandle, timeout: u32) -> ResultCode {
    let code = unsafe { WaitForSingleObject(handle, timeout) };
    if !(code == winapi::um::winbase::WAIT_ABANDONED || code == winapi::um::winbase::WAIT_OBJECT_0) {
        ResultCode::Abandoned
    } else {
        ResultCode::Ok
    }
}

pub unsafe fn release_mutex(handle: MutexHandle) {
    unsafe { ReleaseMutex(handle) };
}

#[allow(non_camel_case_types, non_snake_case)]
#[cfg(target_os = "windows")]
pub mod native {
    use std::{
        ffi::CString,
        ptr::null_mut,
        thread::sleep,
        time::Duration,
    };
    use widestring::WideCString;
    use winapi::{
        shared::minwindef::{BOOL, DWORD},
        um::{
            handleapi::CloseHandle,
            processthreadsapi::{CreateProcessAsUserW, OpenProcess},
            winbase::{CREATE_UNICODE_ENVIRONMENT},
            winnt::{HANDLE, PROCESS_ALL_ACCESS, PROCESS_SUSPEND_RESUME},
        },
    };
    use windows_sys::Win32::System::Environment::{
        CreateEnvironmentBlock, DestroyEnvironmentBlock,
    };
    use windows_sys::Win32::Foundation::GetLastError;
    use std::ptr;
    use std::ffi::OsStr;

    /// Windows `CREATE_NO_WINDOW` flag.
    const CREATE_NO_WINDOW: u32 = 0x0800_0000;

    /// Default upper bound for the legacy PowerShell helpers below.
    /// Long enough to swallow a slow Get-WmiObject / Get-ChildItem
    /// recursion on a sluggish disk, short enough that the installer
    /// cannot freeze on a single child.
    const POWERSHELL_TIMEOUT: Duration = Duration::from_secs(30);

    /// Spawn `powershell` non-interactively, kill it after `timeout`,
    /// drain stdout/stderr after exit. Same shape as installer's
    /// `run_with_timeout` but localised here so the legacy callers in
    /// this module (Get-WmiObject lookup, set_permissions_*) stop
    /// hanging the installer when they get into a slow PowerShell
    /// session — the kind of cuelgue we have been chasing.
    ///
    /// Always prepends `-NoProfile -NonInteractive -WindowStyle Hidden
    /// -ExecutionPolicy Bypass` so callers don't need to repeat them
    /// (and so we never accidentally leave one of them out, which is
    /// what allowed Read-Host / profile loading to block in the past).
    fn run_powershell_with_timeout(
        args: &[&str],
        timeout: Duration,
    ) -> Result<std::process::Output, String> {
        use std::io::Read;
        use std::os::windows::process::CommandExt;

        let mut full_args: Vec<String> = vec![
            "-NoProfile".into(),
            "-NonInteractive".into(),
            "-WindowStyle".into(),
            "Hidden".into(),
            "-ExecutionPolicy".into(),
            "Bypass".into(),
        ];
        full_args.extend(args.iter().map(|a| (*a).to_string()));

        let mut child = std::process::Command::new("powershell")
            .args(&full_args)
            .stdin(std::process::Stdio::null())
            .stdout(std::process::Stdio::piped())
            .stderr(std::process::Stdio::piped())
            .creation_flags(CREATE_NO_WINDOW)
            .spawn()
            .map_err(|e| format!("spawn powershell: {}", e))?;

        // Drain stdout/stderr in dedicated reader threads. Without this,
        // a noisy script (e.g. `set_permissions_robust` Write-Warning'ing
        // every Get-ChildItem -Recurse iteration) fills the OS pipe buffer,
        // PowerShell blocks on its next write, and we end up killing it on
        // timeout even though it would have completed had we kept
        // consuming output.
        let stdout_handle = child.stdout.take().map(|mut s| {
            std::thread::spawn(move || {
                let mut buf = Vec::new();
                let _ = s.read_to_end(&mut buf);
                buf
            })
        });
        let stderr_handle = child.stderr.take().map(|mut s| {
            std::thread::spawn(move || {
                let mut buf = Vec::new();
                let _ = s.read_to_end(&mut buf);
                buf
            })
        });

        // Drain helper: join the reader threads. Once the child has been
        // reaped (or killed) the pipes close, read_to_end returns and
        // the threads finish — joining is the right way to (a) collect
        // the buffered output and (b) not leak handles on every call.
        // Used on every exit path below.
        let collect_output = |stdout_h: Option<std::thread::JoinHandle<Vec<u8>>>,
                              stderr_h: Option<std::thread::JoinHandle<Vec<u8>>>|
         -> (Vec<u8>, Vec<u8>) {
            let so = stdout_h.and_then(|h| h.join().ok()).unwrap_or_default();
            let se = stderr_h.and_then(|h| h.join().ok()).unwrap_or_default();
            (so, se)
        };

        let start = std::time::Instant::now();
        let status = loop {
            match child.try_wait() {
                Ok(Some(s)) => break s,
                Ok(None) => {
                    if start.elapsed() > timeout {
                        // Kill + reap so we don't leave an orphan
                        // PowerShell, then drain readers so we don't
                        // leak the JoinHandles either: dropping a
                        // JoinHandle without joining lets those
                        // threads keep running briefly and accumulate
                        // across repeated timeouts.
                        let _ = child.kill();
                        let _ = child.wait();
                        let _ = collect_output(stdout_handle, stderr_handle);
                        return Err(format!("powershell exceeded {:?}, killed", timeout));
                    }
                    std::thread::sleep(Duration::from_millis(100));
                }
                Err(e) => {
                    // try_wait error after spawn: the child might still
                    // be running, so kill + reap explicitly to avoid
                    // an orphan, and join readers before propagating
                    // the error.
                    let _ = child.kill();
                    let _ = child.wait();
                    let _ = collect_output(stdout_handle, stderr_handle);
                    return Err(format!("wait powershell: {}", e));
                }
            }
        };

        // Happy path: process exited on its own. Pipes close, reader
        // threads finish, we collect the buffered output.
        let (stdout, stderr) = collect_output(stdout_handle, stderr_handle);

        Ok(std::process::Output { status, stdout, stderr })
    }
    use std::os::windows::ffi::OsStrExt;
    use winapi::um::winbase::WTSGetActiveConsoleSessionId;
    use std::ffi::c_void; // Asegúrate de usar el tipo de `std::ffi`

    const WTS_CURRENT_SERVER_HANDLE: HANDLE = null_mut();
    const WTS_USER_NAME: DWORD = 5;

    #[repr(C)]
    struct WTS_SESSION_INFO {
        SessionId: DWORD,
        pWinStationName: *mut u16,
        State: DWORD,
    }

    enum WTSSessionState {
        WTSActive = 0,
        WTSConnected = 1,
        WTSDisconnected = 4,
    }

    #[link(name = "wtsapi32")]
    extern "system" {
        fn LoadLibraryA(lpFileName: *const i8) -> HANDLE;
        fn GetProcAddress(hModule: HANDLE, lpProcName: *const i8) -> *mut c_void;
        fn FreeLibrary(hLibModule: HANDLE) -> BOOL;
        fn WTSQueryUserToken(SessionId: DWORD, phToken: *mut HANDLE) -> BOOL;
        // fn WTSEnumerateSessionsW(hServer: HANDLE, Reserved: DWORD, Version: DWORD, ppSessionInfo: *mut *mut WTS_SESSION_INFO, pCount: *mut DWORD) -> BOOL;
        fn WTSQuerySessionInformationW(hServer: HANDLE, SessionId: DWORD, WTSInfoClass: DWORD, ppBuffer: *mut *mut u16, pBytesReturned: *mut DWORD) -> BOOL;
        fn WTSFreeMemory(pMemory: *mut c_void);
    }

    fn load_wtsapi32_module() -> Result<HANDLE, &'static str> {
        let library_name = CString::new("wtsapi32.dll").expect("CString::new failed");
        let h_module = unsafe { LoadLibraryA(library_name.as_ptr()) };
        if h_module.is_null() {
            Err("Failed to load wtsapi32.dll")
        } else {
            Ok(h_module)
        }
    }

    fn get_function_addresses(h_module: HANDLE) -> Result<
        (
            extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut WTS_SESSION_INFO, *mut DWORD) -> BOOL,
            extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut c_void, *mut DWORD) -> BOOL
        ),
        &'static str
    > {
        let function_name = CString::new("WTSEnumerateSessionsW").unwrap();
        let enum_sessions: Option<extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut WTS_SESSION_INFO, *mut DWORD) -> BOOL> = unsafe {
            std::mem::transmute(GetProcAddress(h_module, function_name.as_ptr()))
        };

        let function_name_cstr = CString::new("WTSQuerySessionInformationW").unwrap();
        let query_session: Option<extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut c_void, *mut DWORD) -> BOOL> = unsafe {
            std::mem::transmute(GetProcAddress(h_module, function_name_cstr.as_ptr()))
        };

        match (enum_sessions, query_session) {
            (Some(enumerate_sessions_func), Some(query_session_func)) => Ok((enumerate_sessions_func, query_session_func)),
            _ => Err("Failed to get procedure addresses.")
        }
    }

    fn to_wide_cstring(value: &str) -> WideCString {
        WideCString::from_str(value).unwrap()
    }

    fn create_command_line_wide(executable_path: &str, script_path: &str) -> WideCString {
        let cmd = format!("\"{}\" \"{}\"", executable_path.trim_end_matches('\\'), script_path);
        WideCString::from_str(&cmd).unwrap()
    }

    fn wait_for_user_session(session_id: DWORD) -> anyhow::Result<()> {
        loop {
            let state = query_session_state(session_id)?;
            if state == WTSSessionState::WTSActive as DWORD {
                return Ok(()); // WTSActive
            }
            sleep(Duration::from_millis(500));
        }
    }

    fn query_session_state(session_id: DWORD) -> anyhow::Result<DWORD> {
        let mut p_buffer: *mut u16 = null_mut();
        let mut bytes_returned: DWORD = 0;

        unsafe {
            let success = WTSQuerySessionInformationW(
                WTS_CURRENT_SERVER_HANDLE,
                session_id,
                0, // WTSConnectState
                &mut p_buffer,
                &mut bytes_returned,
            );

            if success == 0 {
                return Err(anyhow::anyhow!("Failed to query session information"));
            }

            let state = *p_buffer as DWORD;
            WTSFreeMemory(p_buffer as *mut c_void);
            Ok(state)
        }
    }

    fn wait_for_any_active_session(enumerate_sessions_func: extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut WTS_SESSION_INFO, *mut DWORD) -> BOOL) -> anyhow::Result<()> {
        loop {
            let mut session_info_ptr: *mut WTS_SESSION_INFO = null_mut();
            let mut session_count: DWORD = 0;

            let success = enumerate_sessions_func(
                WTS_CURRENT_SERVER_HANDLE,
                0,
                1,
                &mut session_info_ptr,
                &mut session_count,
            );

            if success != 0 {
                unsafe {
                    for i in 0..session_count {
                        let session = session_info_ptr.offset(i as isize);

                        if (*session).State == WTSSessionState::WTSActive as u32 {
                            return Ok(()); // Found an active session
                        }
                    }
                }
            }
            sleep(Duration::from_secs(1));
        }
    }

    fn launch_process_for_user(executable_path: &str, command_line: &str, session_id: DWORD) -> Option<HANDLE> {
        unsafe {
            if let Err(e) = wait_for_user_session(session_id) {
                tracing::error!("Failed to wait for user session: {}", e);
                return None;
            }

            // Añadimos un sleep adicional para asegurar que la sesión esté completamente inicializada
            sleep(Duration::from_secs(1));

            let mut user_token: HANDLE = null_mut();
            if WTSQueryUserToken(session_id, &mut user_token) != 0 {
                let exe_path_wide = to_wide_cstring(executable_path);
                let cmd_line_wide = create_command_line_wide(executable_path, command_line);
                let path_current_dir_wide = to_wide_cstring(&crate::paths::bin_dir().display().to_string());

                tracing::info!("Executable path: {}", executable_path);
                tracing::info!("Command line: {:?}", cmd_line_wide);

                let mut startup_info = std::mem::zeroed::<winapi::um::processthreadsapi::STARTUPINFOW>();
                startup_info.cb = std::mem::size_of::<winapi::um::processthreadsapi::STARTUPINFOW>() as u32;

                let desktop_name_wide: Box<Vec<u16>> = Box::new(to_wide_string("WinSta0\\Default"));
                startup_info.lpDesktop = desktop_name_wide.as_ptr() as *mut u16;
                                
                let mut environment_block: *mut c_void = std::ptr::null_mut();
                // create the environment block for the user
                if CreateEnvironmentBlock(&mut environment_block, user_token as *mut c_void, 1)  == 0 {
                    let error_code = GetLastError();
                    tracing::error!("Failed to create environment block for user. Error code: {}", error_code);
                    CloseHandle(user_token);
                    return None;
                }
                
                let _keep_alive = desktop_name_wide; // Esto mantiene la memoria durante el uso

                let mut process_info = std::mem::zeroed::<winapi::um::processthreadsapi::PROCESS_INFORMATION>();
                tracing::info!("exe_path: {:?}, command_line: {:?}, path_current_dir: {:?}", cmd_line_wide, cmd_line_wide, path_current_dir_wide);
                
            
                let success = CreateProcessAsUserW(
                    user_token,
                    exe_path_wide.as_ptr() as *mut u16,
                    cmd_line_wide.as_ptr() as *mut u16,
                    null_mut(),
                    null_mut(),
                    0,
                    CREATE_UNICODE_ENVIRONMENT,
                    environment_block as *mut winapi::ctypes::c_void,
                    path_current_dir_wide.as_ptr() as *mut u16,
                    &mut startup_info,
                    &mut process_info,
                );

                if success != 0 {
                    CloseHandle(user_token);
                    DestroyEnvironmentBlock(environment_block);
                    return Some(process_info.hProcess);
                } else {
                    let error_code = GetLastError();
                    tracing::error!("CreateProcessAsUserW failed: Error code = {}", error_code);
                }
                DestroyEnvironmentBlock(environment_block);
                CloseHandle(user_token);
            } else {
                let error_code = GetLastError();
                tracing::error!("WTSQueryUserToken failed for session {}: Error code = {}", session_id, error_code);
            }
        }

        None
    }

    fn enumerate_and_launch(
        executable_path: &str,
        command_line: &str,
        all_users: bool,
        first_execution: bool,
        enumerate_sessions_func: extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut WTS_SESSION_INFO, *mut DWORD) -> BOOL,
        query_session_func: extern "system" fn(HANDLE, DWORD, DWORD, *mut *mut c_void, *mut DWORD) -> BOOL
    ) -> crate::PisPasResult<Option<HANDLE>> {
        wait_for_any_active_session(enumerate_sessions_func)?;

        let mut session_info_ptr: *mut WTS_SESSION_INFO = null_mut();
        let mut session_count: DWORD = 0;

        let success = enumerate_sessions_func(
            WTS_CURRENT_SERVER_HANDLE,
            0,
            1,
            &mut session_info_ptr,
            &mut session_count,
        );

        if success != 0 {
            tracing::info!("Found {} sessions.", session_count);
            unsafe {
                for i in 0..session_count {
                    if session_info_ptr.is_null() {
                        return Err(anyhow::anyhow!("Session info pointer is null"));
                    }
                    let session = session_info_ptr.offset(i as isize);

                    if (*session).State == WTSSessionState::WTSActive as u32 ||
                        (*session).State == WTSSessionState::WTSConnected as u32 ||
                        (*session).State == WTSSessionState::WTSDisconnected as u32 {
                        let mut data: *mut c_void = null_mut();
                        let mut bytes: DWORD = 0;

                        if query_session_func(WTS_CURRENT_SERVER_HANDLE, (*session).SessionId, WTS_USER_NAME, &mut data, &mut bytes) != 0 {
                            let user_name: *const u16 = data as *const u16;
                            let user_slice = std::slice::from_raw_parts(user_name, bytes as usize / 2);
                            match String::from_utf16(user_slice) {
                                Ok(mut user) => {
                                    user = user.trim_end_matches('\0').to_string(); // Remove null characters
                                    if !user.trim().is_empty() && (*session).SessionId != 0 {
                                        tracing::info!("Session {}: User = {}", (*session).SessionId, user);
                                        let bin_dir = crate::paths::bin_dir().display().to_string();
                                        tracing::info!("bin_dir: {}", bin_dir);
                                        if first_execution {
                                            if let Err(e) = set_permissions_robust(&bin_dir, &user) {
                                                tracing::error!("Failed to set permissions for user {}: {}", user, e);
                                            } else {
                                                tracing::info!("Permissions set for user {}", user);
                                                sleep(Duration::from_secs(1));
                                            }
                                        }

                                        if let Some(process_handle) = launch_process_for_user(executable_path, command_line, (*session).SessionId) {
                                            tracing::info!("Process launched for user {}", user);
                                            if !all_users {
                                                return Ok(Some(process_handle));
                                            }
                                        } else {
                                            tracing::error!("Failed to launch process for user {}", user);
                                        }
                                    } else {
                                        tracing::warn!("Ignoring session {}: User name is empty or session ID is 0", (*session).SessionId);
                                    }
                                }
                                Err(e) => {
                                    tracing::info!("Failed to convert UTF-16 to string: {}", e);
                                    return Err(anyhow::anyhow!("Error converting UTF-16 to string"));
                                }
                            }
                        }
                    }
                }
            }
        } else {
            return Err(anyhow::anyhow!("Error enumerate_sessions_func"));
        }
        Ok(None)
    }
    // Function to convert &str to Vec<u16> for Windows compatibility
    fn to_wide_string(s: &str) -> Vec<u16> {
        OsStr::new(s).encode_wide().chain(Some(0)).collect()
    }
    struct WideString {
        inner: Vec<u16>,
    }

    impl WideString {
        pub fn new(s: &str) -> Self {
            Self {
                inner: to_wide_string(s),
            }
        }

        pub fn as_ptr(&self) -> *const u16 {
            self.inner.as_ptr()
        }
    }
    // other way to launch poss as logged in user
    pub fn launch_process_as_logged_in_user(executable_path: &str, command_line: &str, first_launch: bool) -> crate::PisPasResult<Option<HANDLE>> {
        // Outer cap so a consistently-hanging WMI session cannot keep us
        // here for ~20 attempts × 30s each (≈ 10 minutes), which would
        // look exactly like an "update colgado" to the user. We also
        // stop retrying as soon as a single attempt times out: if WMI
        // hung once it is going to hang the next time too, retrying
        // just wastes the user's life.
        const TOTAL_LOGGED_USER_BUDGET: Duration = Duration::from_secs(60);
        let loop_started = std::time::Instant::now();

        let mut attempts = 0;
        let user = loop {
            if attempts >= 20 {
                return Err(anyhow::anyhow!("No user found logged in after multiple attempts."));
            }
            // Cap each attempt by whatever budget we have left. Without
            // this an attempt that runs the full POWERSHELL_TIMEOUT
            // could push the loop's total elapsed time well past the
            // 60s budget (we only checked the budget BEFORE starting
            // the attempt).
            let budget_remaining = TOTAL_LOGGED_USER_BUDGET
                .checked_sub(loop_started.elapsed())
                .unwrap_or_default();
            if budget_remaining.is_zero() {
                return Err(anyhow::anyhow!(
                    "No user found logged in within {:?} budget — giving up to avoid update hang.",
                    TOTAL_LOGGED_USER_BUDGET
                ));
            }
            let attempt_timeout = std::cmp::min(POWERSHELL_TIMEOUT, budget_remaining);

            // Wrapped in run_powershell_with_timeout so a slow / hanging
            // WMI subsystem cannot freeze the installer (we used to spin
            // here for minutes when WMI was corrupt).
            let result = run_powershell_with_timeout(
                &["-Command", "(Get-WmiObject -Class Win32_ComputerSystem).UserName"],
                attempt_timeout,
            );

            match result {
                Ok(output) if output.status.success() => {
                    let user = String::from_utf8_lossy(&output.stdout).trim().to_string();
                    if !user.is_empty() {
                        break user;
                    } else {
                        tracing::error!("No user found logged in, retrying...");
                    }
                }
                Ok(output) => {
                    let stderr = String::from_utf8_lossy(&output.stderr);
                    tracing::error!("Error getting logged in user: {}, retrying...", stderr);
                }
                Err(e) => {
                    // Helper failed (spawn / wait / try_wait error, or
                    // killed on timeout). Bail immediately: if it is a
                    // timeout we know WMI is hanging and retrying is
                    // pointless; if it is a spawn or wait error the
                    // problem is environmental and not going to clear
                    // itself in a 1-second sleep.
                    return Err(anyhow::anyhow!(
                        "powershell get-user failed, aborting: {}",
                        e
                    ));
                }
            }

            attempts += 1;
            sleep(Duration::from_secs(1));
        };


        tracing::info!("Logged in user: {}", user);
        let username = user.split('\\').last().unwrap_or(&user);
        tracing::info!("Extracted username: {}", username);
        
        //adjust permissions for the user on the specified executable
        if first_launch{
            if let Err(e) = set_permissions_robust(executable_path, &username) {
                tracing::error!("Failed to set permissions for user {}: {}", user, e);
            } else {
                tracing::info!("Permissions set for user {}", user);
                sleep(Duration::from_secs(1));
            }
        }        
        
        // obtain the active session ID and user token
        let session_id = unsafe { WTSGetActiveConsoleSessionId() };
        if session_id == u32::MAX {
            let error_code = unsafe { GetLastError() };
            tracing::error!("Failed to get active session ID: {}", error_code);
            return Err(anyhow::anyhow!("Failed to get active session ID: {}", error_code));
        }

        let mut user_token: HANDLE = ptr::null_mut();
        if unsafe { WTSQueryUserToken(session_id, &mut user_token) } == 0 {
            let error_code = unsafe { GetLastError() };
            tracing::error!("Failed to get user token: {}", error_code);
            return Err(anyhow::anyhow!("Failed to get user token: {}", error_code));
        }
        
        let full_command = format!("\"{}\" \"{}\"", executable_path, command_line);
        let command_utf16 = OsStr::new(&full_command).encode_wide().chain(Some(0)).collect::<Vec<u16>>();

        if first_launch {
            sleep(Duration::from_secs(4));    
        }        
        let mut startup_info = unsafe { std::mem::zeroed::<winapi::um::processthreadsapi::STARTUPINFOW>() };
        startup_info.cb = std::mem::size_of::<winapi::um::processthreadsapi::STARTUPINFOW>() as u32;
        let desktop_name = WideString::new("WinSta0\\Default");
        startup_info.lpDesktop = desktop_name.as_ptr() as *mut u16;

        // Structure to receive process information
        let mut process_info = unsafe { std::mem::zeroed::<winapi::um::processthreadsapi::PROCESS_INFORMATION>() };

        // Lanza el proceso en el contexto del usuario logeado
        let success = unsafe {
            CreateProcessAsUserW(
                user_token,
                ptr::null(),
                command_utf16.as_ptr() as *mut _,
                ptr::null_mut(),
                ptr::null_mut(),
                0,
                CREATE_UNICODE_ENVIRONMENT,
                ptr::null_mut(),
                ptr::null(),
                &mut startup_info,
                &mut process_info,
            )
        };
        
        unsafe { CloseHandle(user_token) };

        if success == 0 {
            let error_code = unsafe { GetLastError() };
            tracing::error!("Failed to launch process: {}", error_code);
            Err(anyhow::anyhow!("Failed to launch process: {}", error_code))
        } else {
            tracing::info!("Process launched successfully in the context of the logged-in user.");
            Ok(Some(process_info.hProcess))
        }
    }
    
    pub fn run_in_all_sessions(executable_path: &str, command_line: &str, all_user: bool, first_execution: bool) -> crate::PisPasResult<Option<HANDLE>> {
        match load_wtsapi32_module() {
            Ok(h_module) => {
                match get_function_addresses(h_module) {
                    Ok((enumerate_sessions_func, query_session_func)) => {
                        tracing::info!("Enumerating sessions...");
                        let result = enumerate_and_launch(executable_path, command_line, all_user, first_execution, enumerate_sessions_func, query_session_func);
                        unsafe { FreeLibrary(h_module); }
                        result
                    }
                    Err(e) => {
                        unsafe { FreeLibrary(h_module); }
                        tracing::error!("{}", e);
                        Err(anyhow::anyhow!("Error getting function addresses"))
                    }
                }
            }
            Err(e) => {
                tracing::error!("error {}", e);
                Err(anyhow::anyhow!("Error loading wtsapi32 module"))
            }
        }
    }

    pub fn open_process(pid: u32) -> Option<HANDLE> {
        let desired_access = PROCESS_ALL_ACCESS | PROCESS_SUSPEND_RESUME;
        let process_handle = unsafe { OpenProcess(desired_access, 0, pid) };

        if process_handle.is_null() {
            unsafe {
                tracing::info!("Error obtaining process handle. Error: {}", GetLastError());
            }
            None
        } else {
            tracing::info!("Process handle: {:?}", process_handle);
            Some(process_handle)
        }
    }

    /// Hybrid approach - use PowerShell with better error handling
    pub fn set_permissions_robust(path: &str, user: &str) -> Result<(), String> {
        let user = user.trim_end_matches('\0');
        let path = path.trim_end_matches('\0');

        let powershell_script = format!(
            r#"
        try {{
            $path = '{}'
            $user = '{}'
            $successCount = 0
            $errorCount = 0
            
            # Set permissions on root folder first
            try {{
                $acl = Get-Acl $path
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,'FullControl','ContainerInherit,ObjectInherit','None','Allow')
                $acl.SetAccessRule($rule)
                Set-Acl $path $acl
                $successCount++
                Write-Output "Root permissions set: $path"
            }} catch {{
                $errorCount++
                Write-Warning "Failed to set root permissions: $($_.Exception.Message)"
            }}
            
            # Process all child items
            Get-ChildItem -Path $path -Recurse -Force -ErrorAction SilentlyContinue | ForEach-Object {{
                try {{
                    $acl = Get-Acl $_.FullName
                    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,'FullControl','ContainerInherit,ObjectInherit','None','Allow')
                    $acl.SetAccessRule($rule)
                    Set-Acl $_.FullName $acl
                    $successCount++
                }} catch {{
                    $errorCount++
                    Write-Warning "Failed: $($_.FullName) - $($_.Exception.Message)"
                }}
            }}
            
            Write-Output "Completed: $successCount successful, $errorCount errors"
        }} catch {{
            Write-Error $_.Exception.Message
            exit 1
        }}
        "#,
            path, user
        );

        tracing::info!("Executing robust recursive permissions for: {}", path);

        // 60s instead of the default 30s: Get-ChildItem -Recurse on a
        // big bin dir on a slow disk can legitimately take a while.
        // Anything beyond that is a real cuelgue and we kill it.
        let output = match run_powershell_with_timeout(
            &["-Command", &powershell_script],
            Duration::from_secs(60),
        ) {
            Ok(o) => o,
            Err(e) => return Err(format!("set_permissions_robust powershell failed: {}", e)),
        };

        let stdout = String::from_utf8_lossy(&output.stdout).to_string();
        let stderr = String::from_utf8_lossy(&output.stderr).to_string();

        tracing::info!("robust_permissions stdout: {}", stdout);
        if !stderr.is_empty() {
            tracing::warn!("robust_permissions stderr: {}", stderr);
        }

        if !output.status.success() {
            return Err(format!("Failed to set robust permissions: {}", stderr));
        }

        Ok(())
    }
    pub fn set_permissions_for_user(path: &str, user: &str) -> Result<(), String> {
        let user = user.trim_end_matches('\0');
        let path = path.trim_end_matches('\0');
        // `exit 1` in the catch is what makes `output.status.success()`
        // return false on the Rust side. Without it, `Write-Error` alone
        // does not set a non-zero exit code, so a failed Set-Acl would
        // silently report success up to the caller. The robust variant
        // already does this; keeping both consistent.
        let powershell_script = format!(
            r#"
        try {{
            $path = '{}'
            $user = '{}'
            $acl = Get-Acl $path
            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,'FullControl','None','None','Allow')
            $acl.SetAccessRule($rule)
            Set-Acl $path $acl
            Write-Output "Permissions set successfully"
        }} catch {{
            Write-Error $_.Exception.Message
            exit 1
        }}
        "#,
            path, user
        );

        tracing::info!("powershell_script: {:?}", powershell_script);

        let output = match run_powershell_with_timeout(
            &["-Command", &powershell_script],
            POWERSHELL_TIMEOUT,
        ) {
            Ok(o) => o,
            Err(e) => return Err(format!("set_permissions_for_user powershell failed: {}", e)),
        };

        let stdout = String::from_utf8_lossy(&output.stdout).to_string();
        let stderr = String::from_utf8_lossy(&output.stderr).to_string();

        tracing::info!("set_permissions_for_user stdout: {}", stdout);
        tracing::info!("set_permissions_for_user stderr: {}", stderr);

        if !output.status.success() {
            return Err(format!("Failed to set permissions: {}", stderr));
        }

        Ok(())
    }
}

pub fn get_name_service() -> String {
    let path = match std::env::current_exe() {
        Ok(path) => path,
        Err(e) => {
            println!("Error al obtener el nombre del archivo ejecutable: {:?}", e);
            return "ServiceDefault".to_string();
        }
    };
    let name = match path.file_name() {
        Some(name_without_extension) => name_without_extension.to_str().unwrap(),
        None => {
            println!("Error al obtener el nombre del archivo ejecutable");
            return "ServiceDefault".to_string();
        }
    };
    let _name_without_extension = name.replace(".exe", "");
    _name_without_extension.to_string()
}