diff --git a/src/gsudo/AppSettings/Settings.cs b/src/gsudo/AppSettings/Settings.cs index d100351..ae85bd3 100644 --- a/src/gsudo/AppSettings/Settings.cs +++ b/src/gsudo/AppSettings/Settings.cs @@ -82,7 +82,7 @@ namespace gsudo public static RegistrySetting ExceptionList { get; } = new RegistrySetting(nameof(ExceptionList), - defaultValue: "notepad.exe;powershell.exe;", + defaultValue: "notepad.exe;powershell.exe;whoami.exe;", deserializer: (string s)=>s, scope: RegistrySettingScope.GlobalOnly); diff --git a/src/gsudo/Commands/AttachRunCommand.cs b/src/gsudo/Commands/AttachRunCommand.cs deleted file mode 100644 index cc8a518..0000000 --- a/src/gsudo/Commands/AttachRunCommand.cs +++ /dev/null @@ -1,60 +0,0 @@ -using System; -using gsudo.Helpers; -using System.Collections.Generic; -using System.ComponentModel; -using System.IO; -using System.Linq; -using System.Threading.Tasks; -using gsudo.Native; - -namespace gsudo.Commands -{ - /// - /// This command attaches to the parent console, then executes the command. - /// This works even if the parent has higher integrity level than us. - /// This must be launched by the caller gsudo and not the elevated service, because the parent process id must have the user console. - /// - class AttachRunCommand : ICommand - { - public IEnumerable CommandToRun { get; private set; } - - public AttachRunCommand(IEnumerable commandToRun) - { - CommandToRun = commandToRun; - } - - public Task Execute() - { - ConsoleApi.FreeConsole(); - if (!ConsoleApi.AttachConsole(-1)) - { - ConsoleApi.AllocConsole(); - throw new ApplicationException($"Failed to attach console: {new Win32Exception()}"); - } - - var app = CommandToRun.First(); - var args = string.Join(" ", CommandToRun.Skip(1).ToArray()); - - if (InputArguments.IntegrityLevel.HasValue && - (int) InputArguments.IntegrityLevel != SecurityHelper.GetCurrentIntegrityLevel() && - Environment.GetEnvironmentVariable("gsudoAttachRun") != "1") - { - Environment.SetEnvironmentVariable("gsudoAttachRun", "1"); // prevents infinite loop on machines with UAC disabled. - - var process = ProcessFactory.StartAttachedWithIntegrity( - InputArguments.GetIntegrityLevel(), app, args, Directory.GetCurrentDirectory(), false, true); - - process.GetProcessWaitHandle().WaitOne(); - - if (ProcessApi.GetExitCodeProcess(process, out var exitCode)) - return Task.FromResult(exitCode); - } - else - { - ProcessFactory.StartAttached(app, args).WaitForExit(); - } - - return Task.FromResult(0); - } - } -} diff --git a/src/gsudo/Commands/RunCommand.cs b/src/gsudo/Commands/RunCommand.cs index 0302ef6..58dc566 100644 --- a/src/gsudo/Commands/RunCommand.cs +++ b/src/gsudo/Commands/RunCommand.cs @@ -120,15 +120,15 @@ namespace gsudo.Commands serviceLocation = await ServiceHelper.WaitForNewService(callingPid).ConfigureAwait(false); } + if (serviceLocation==null) + throw new ApplicationException("Unable to connect to the elevated service."); + if (!InputArguments.IntegrityLevel.HasValue) { // This is the edge case where user does `gsudo -u SomeOne` and we dont know if SomeOne can elevate or not. elevationRequest.IntegrityLevel = serviceLocation.IsHighIntegrity ? IntegrityLevel.High : IntegrityLevel.Medium; } - if (serviceLocation==null) - throw new ApplicationException("Unable to connect to the elevated service."); - connection = await ServiceHelper.Connect(serviceLocation).ConfigureAwait(false); if (connection == null) // service is not running or listening. { diff --git a/src/gsudo/Helpers/CommandLineParser.cs b/src/gsudo/Helpers/CommandLineParser.cs index 5f1de79..cb405d2 100644 --- a/src/gsudo/Helpers/CommandLineParser.cs +++ b/src/gsudo/Helpers/CommandLineParser.cs @@ -79,6 +79,7 @@ namespace gsudo.Helpers if (c != null) return c; } + else if (arg.In("-noninteractive")) { } // ignore due to gerardog/gsudo#305 else if (arg.StartsWith("-", StringComparison.OrdinalIgnoreCase) && arg.NotIn("-encodedCommand")) // -encodedCommand is not posix compliant, but is what powershell sends on: gsudo { script block } // So treat -encodedCommand as part of the CommandToRun, for gerardog/gsudo#160 @@ -273,9 +274,6 @@ namespace gsudo.Helpers if (arg.In("run")) return new RunCommand(commandToRun: args.ToArray()); - if (arg.In("AttachRun")) - return new AttachRunCommand(commandToRun: args.ToArray()); - args.AddFirst(arg); if (arg == "!!" || arg.StartsWith("!", StringComparison.InvariantCulture)) diff --git a/src/gsudo/Helpers/CommandToRunAdapter.cs b/src/gsudo/Helpers/CommandToRunAdapter.cs index bdb5ef6..99968b0 100644 --- a/src/gsudo/Helpers/CommandToRunAdapter.cs +++ b/src/gsudo/Helpers/CommandToRunAdapter.cs @@ -1,15 +1,12 @@ using gsudo.Native; -using Microsoft.VisualBasic; using System; using System.Collections; using System.Collections.Generic; -using System.Globalization; using System.IO; using System.Linq; using System.Security.AccessControl; using System.Security.Principal; using System.Text; -using System.Threading.Tasks; namespace gsudo.Helpers { @@ -133,7 +130,7 @@ namespace gsudo.Helpers if (!Settings.PowerShellLoadProfile) newArgs.Add("-NoProfile"); - if (args[0] == "-encodedCommand") + if (args[0].In("-encodedCommand", "-noninteractive")) { newArgs.AddRange(args); } diff --git a/src/gsudo/Helpers/ServiceHelper.cs b/src/gsudo/Helpers/ServiceHelper.cs index c777e6f..c615c0b 100644 --- a/src/gsudo/Helpers/ServiceHelper.cs +++ b/src/gsudo/Helpers/ServiceHelper.cs @@ -71,9 +71,12 @@ namespace gsudo.Helpers var anyIntegrity = InputArguments.UserName != null; var tryHighIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value >= IntegrityLevel.High; var tryLowIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value < IntegrityLevel.High; + + var targetUserSid = InputArguments.RunAsSystem ? "S-1-5-18" : InputArguments.UserSid; + if (tryHighIntegrity) { - var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true); + var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true, null); if (pipeName != null) { return new ServiceLocation diff --git a/src/gsudo/Rpc/NamedPipeNameFactory.cs b/src/gsudo/Rpc/NamedPipeNameFactory.cs index 362b5b6..d048427 100644 --- a/src/gsudo/Rpc/NamedPipeNameFactory.cs +++ b/src/gsudo/Rpc/NamedPipeNameFactory.cs @@ -13,9 +13,10 @@ namespace gsudo.Rpc if (allowedPid < 0) allowedPid = 0; var ti = InputArguments.TrustedInstaller ? "_TI" : string.Empty; - var admin = !isAdmin ? "_NonAdmin" : string.Empty; + var s = InputArguments.RunAsSystem ? "_S" : string.Empty; + var admin = !isAdmin ? "_NonAdmin" : string.Empty; - var data = $"{allowedSid}_{targetSid}_{allowedPid}_{ti}{admin}"; + var data = $"allowedSid-{allowedSid}_targetSid-{targetSid}{allowedPid}{s}{ti}{admin}"; #if !DEBUG data = GetHash(data); #endif