Skip to content

Commit

Permalink
Merge pull request #323 from gerardog/fix/cache-as-system
Browse files Browse the repository at this point in the history
Fix issue in system/trusted-installer credentials cache support
  • Loading branch information
gerardog authored Dec 18, 2023
2 parents 71d84a1 + 49738f0 commit c23b102
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 70 deletions.
2 changes: 1 addition & 1 deletion src/gsudo/AppSettings/Settings.cs
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ class Settings

public static RegistrySetting<string> ExceptionList { get; } =
new RegistrySetting<string>(nameof(ExceptionList),
defaultValue: "notepad.exe;powershell.exe;",
defaultValue: "notepad.exe;powershell.exe;whoami.exe;",
deserializer: (string s)=>s,
scope: RegistrySettingScope.GlobalOnly);

Expand Down
60 changes: 0 additions & 60 deletions src/gsudo/Commands/AttachRunCommand.cs

This file was deleted.

6 changes: 3 additions & 3 deletions src/gsudo/Commands/RunCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -120,15 +120,15 @@ private async Task<int> RunUsingService(ElevationRequest elevationRequest)
serviceLocation = await ServiceHelper.WaitForNewService(callingPid).ConfigureAwait(false);
}

if (serviceLocation==null)
throw new ApplicationException("Unable to connect to the elevated service.");

if (!InputArguments.IntegrityLevel.HasValue)
{
// This is the edge case where user does `gsudo -u SomeOne` and we dont know if SomeOne can elevate or not.
elevationRequest.IntegrityLevel = serviceLocation.IsHighIntegrity ? IntegrityLevel.High : IntegrityLevel.Medium;
}

if (serviceLocation==null)
throw new ApplicationException("Unable to connect to the elevated service.");

connection = await ServiceHelper.Connect(serviceLocation).ConfigureAwait(false);
if (connection == null) // service is not running or listening.
{
Expand Down
3 changes: 0 additions & 3 deletions src/gsudo/Helpers/CommandLineParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -274,9 +274,6 @@ private ICommand ParseVerb()
if (arg.In("run"))
return new RunCommand(commandToRun: args.ToArray());

if (arg.In("AttachRun"))
return new AttachRunCommand(commandToRun: args.ToArray());

args.AddFirst(arg);

if (arg == "!!" || arg.StartsWith("!", StringComparison.InvariantCulture))
Expand Down
5 changes: 4 additions & 1 deletion src/gsudo/Helpers/ServiceHelper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,12 @@ private static ServiceLocation FindServiceByIntegrity(int? clientPid, string use
var anyIntegrity = InputArguments.UserName != null;
var tryHighIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value >= IntegrityLevel.High;
var tryLowIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value < IntegrityLevel.High;

var targetUserSid = InputArguments.RunAsSystem ? "S-1-5-18" : InputArguments.UserSid;

if (tryHighIntegrity)
{
var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true);
var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true, null);
if (pipeName != null)
{
return new ServiceLocation
Expand Down
5 changes: 3 additions & 2 deletions src/gsudo/Rpc/NamedPipeNameFactory.cs
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ public static string GetPipeName(string allowedSid, int allowedPid, string targe
if (allowedPid < 0) allowedPid = 0;

var ti = InputArguments.TrustedInstaller ? "_TI" : string.Empty;
var admin = !isAdmin ? "_NonAdmin" : string.Empty;
var s = InputArguments.RunAsSystem ? "_S" : string.Empty;
var admin = !isAdmin ? "_NonAdmin" : string.Empty;

var data = $"{allowedSid}_{targetSid}_{allowedPid}_{ti}{admin}";
var data = $"allowedSid-{allowedSid}_targetSid-{targetSid}{allowedPid}{s}{ti}{admin}";
#if !DEBUG
data = GetHash(data);
#endif
Expand Down

0 comments on commit c23b102

Please sign in to comment.