Merge branch 'master' into snyk-upgrade-052f54cd8bc336d74b4f9bb4e0960612

gerardog · web-flow · commit fb6acd6a933e · 2023-12-18T10:46:06.000-03:00
diff --git a/src/gsudo/AppSettings/Settings.cs b/src/gsudo/AppSettings/Settings.cs
@@ -82,7 +82,7 @@ class Settings
 
         public static RegistrySetting<string> ExceptionList { get; } =
             new RegistrySetting<string>(nameof(ExceptionList),
-                defaultValue: "notepad.exe;powershell.exe;",
+                defaultValue: "notepad.exe;powershell.exe;whoami.exe;",
                 deserializer: (string s)=>s,
                 scope: RegistrySettingScope.GlobalOnly);
 
diff --git a/src/gsudo/Commands/AttachRunCommand.cs b/src/gsudo/Commands/AttachRunCommand.cs
diff --git a/src/gsudo/Commands/RunCommand.cs b/src/gsudo/Commands/RunCommand.cs
@@ -120,15 +120,15 @@ private async Task<int> RunUsingService(ElevationRequest elevationRequest)
                     serviceLocation = await ServiceHelper.WaitForNewService(callingPid).ConfigureAwait(false);
                 }
 
+                if (serviceLocation==null)
+                    throw new ApplicationException("Unable to connect to the elevated service.");
+
                 if (!InputArguments.IntegrityLevel.HasValue)
                 {
                     // This is the edge case where user does `gsudo -u SomeOne` and we dont know if SomeOne can elevate or not.
                     elevationRequest.IntegrityLevel = serviceLocation.IsHighIntegrity ? IntegrityLevel.High : IntegrityLevel.Medium;
                 }
 
-                if (serviceLocation==null)
-                    throw new ApplicationException("Unable to connect to the elevated service.");
-
                 connection = await ServiceHelper.Connect(serviceLocation).ConfigureAwait(false);
                 if (connection == null) // service is not running or listening.
                 {
diff --git a/src/gsudo/Helpers/CommandLineParser.cs b/src/gsudo/Helpers/CommandLineParser.cs
@@ -79,6 +79,7 @@ private ICommand ParseOptions()
                     if (c != null)
                         return c;
                 }
+                else if (arg.In("-noninteractive")) { } // ignore due to gerardog/gsudo#305
                 else if (arg.StartsWith("-", StringComparison.OrdinalIgnoreCase)
                             && arg.NotIn("-encodedCommand")) // -encodedCommand is not posix compliant, but is what powershell sends on: gsudo { script block }
                                                              // So treat -encodedCommand as part of the CommandToRun, for gerardog/gsudo#160
@@ -273,9 +274,6 @@ private ICommand ParseVerb()
             if (arg.In("run"))
                 return new RunCommand(commandToRun: args.ToArray());
 
-            if (arg.In("AttachRun"))
-                return new AttachRunCommand(commandToRun: args.ToArray());
-
             args.AddFirst(arg);
 
             if (arg == "!!" || arg.StartsWith("!", StringComparison.InvariantCulture))
diff --git a/src/gsudo/Helpers/CommandToRunAdapter.cs b/src/gsudo/Helpers/CommandToRunAdapter.cs
@@ -1,15 +1,12 @@
 ﻿using gsudo.Native;
-using Microsoft.VisualBasic;
 using System;
 using System.Collections;
 using System.Collections.Generic;
-using System.Globalization;
 using System.IO;
 using System.Linq;
 using System.Security.AccessControl;
 using System.Security.Principal;
 using System.Text;
-using System.Threading.Tasks;
 
 namespace gsudo.Helpers
 {
@@ -133,7 +130,7 @@ Running ./gsudo {command}   should elevate the powershell command.
                         if (!Settings.PowerShellLoadProfile)
                             newArgs.Add("-NoProfile");
 
-                        if (args[0] == "-encodedCommand")
+                        if (args[0].In("-encodedCommand", "-noninteractive"))
                         {
                             newArgs.AddRange(args);
                         }
diff --git a/src/gsudo/Helpers/ServiceHelper.cs b/src/gsudo/Helpers/ServiceHelper.cs
@@ -71,9 +71,12 @@ private static ServiceLocation FindServiceByIntegrity(int? clientPid, string use
             var anyIntegrity = InputArguments.UserName != null;
             var tryHighIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value >= IntegrityLevel.High;
             var tryLowIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value < IntegrityLevel.High;
+
+            var targetUserSid = InputArguments.RunAsSystem ? "S-1-5-18" : InputArguments.UserSid;
+
             if (tryHighIntegrity)
             {
-                var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true);
+                var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true, null);
                 if (pipeName != null)
                 {
                     return new ServiceLocation
diff --git a/src/gsudo/Rpc/NamedPipeNameFactory.cs b/src/gsudo/Rpc/NamedPipeNameFactory.cs
@@ -13,9 +13,10 @@ public static string GetPipeName(string allowedSid, int allowedPid, string targe
             if (allowedPid < 0) allowedPid = 0;
 
             var ti = InputArguments.TrustedInstaller ? "_TI" : string.Empty;
-            var admin = !isAdmin ? "_NonAdmin" : string.Empty;
+            var s = InputArguments.RunAsSystem ? "_S" : string.Empty;
+            var admin = !isAdmin ? "_NonAdmin" : string.Empty;
 
-            var data = $"{allowedSid}_{targetSid}_{allowedPid}_{ti}{admin}";
+            var data = $"allowedSid-{allowedSid}_targetSid-{targetSid}{allowedPid}{s}{ti}{admin}";
 #if !DEBUG
             data = GetHash(data);
 #endif

Original file line number	Diff line number	Diff line change
`@@ -120,15 +120,15 @@ private async Task<int> RunUsingService(ElevationRequest elevationRequest)`
`120`	`120`	`serviceLocation = await ServiceHelper.WaitForNewService(callingPid).ConfigureAwait(false);`
`121`	`121`	`}`
`122`	`122`
	`123`	`+ if (serviceLocation==null)`
	`124`	`+ throw new ApplicationException("Unable to connect to the elevated service.");`
	`125`	`+`
`123`	`126`	`if (!InputArguments.IntegrityLevel.HasValue)`
`124`	`127`	`{`
`125`	`128`	// This is the edge case where user does `gsudo -u SomeOne` and we dont know if SomeOne can elevate or not.
`126`	`129`	`elevationRequest.IntegrityLevel = serviceLocation.IsHighIntegrity ? IntegrityLevel.High : IntegrityLevel.Medium;`
`127`	`130`	`}`
`128`	`131`
`129`		`- if (serviceLocation==null)`
`130`		`- throw new ApplicationException("Unable to connect to the elevated service.");`
`131`		`-`
`132`	`132`	`connection = await ServiceHelper.Connect(serviceLocation).ConfigureAwait(false);`
`133`	`133`	`if (connection == null) // service is not running or listening.`
`134`	`134`	`{`
Original file line number	Diff line number	Diff line change
`@@ -71,9 +71,12 @@ private static ServiceLocation FindServiceByIntegrity(int? clientPid, string use`
`71`	`71`	`var anyIntegrity = InputArguments.UserName != null;`
`72`	`72`	`var tryHighIntegrity = !InputArguments.IntegrityLevel.HasValue \|\| InputArguments.IntegrityLevel.Value >= IntegrityLevel.High;`
`73`	`73`	`var tryLowIntegrity = !InputArguments.IntegrityLevel.HasValue \|\| InputArguments.IntegrityLevel.Value < IntegrityLevel.High;`
	`74`	`+`
	`75`	`+ var targetUserSid = InputArguments.RunAsSystem ? "S-1-5-18" : InputArguments.UserSid;`
	`76`	`+`
`74`	`77`	`if (tryHighIntegrity)`
`75`	`78`	`{`
`76`		`- var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true);`
	`79`	`+ var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true, null);`
`77`	`80`	`if (pipeName != null)`
`78`	`81`	`{`
`79`	`82`	`return new ServiceLocation`