Skip to content

Commit

Permalink
Merge branch 'master' into snyk-fix-402cafacd65f3ea5e38c1c202c3528ca
Browse files Browse the repository at this point in the history
  • Loading branch information
gerardog authored Dec 18, 2023
2 parents b0b07ef + c23b102 commit a7fcc1a
Show file tree
Hide file tree
Showing 7 changed files with 13 additions and 74 deletions.
2 changes: 1 addition & 1 deletion src/gsudo/AppSettings/Settings.cs
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ class Settings

public static RegistrySetting<string> ExceptionList { get; } =
new RegistrySetting<string>(nameof(ExceptionList),
defaultValue: "notepad.exe;powershell.exe;",
defaultValue: "notepad.exe;powershell.exe;whoami.exe;",
deserializer: (string s)=>s,
scope: RegistrySettingScope.GlobalOnly);

Expand Down
60 changes: 0 additions & 60 deletions src/gsudo/Commands/AttachRunCommand.cs

This file was deleted.

6 changes: 3 additions & 3 deletions src/gsudo/Commands/RunCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -120,15 +120,15 @@ private async Task<int> RunUsingService(ElevationRequest elevationRequest)
serviceLocation = await ServiceHelper.WaitForNewService(callingPid).ConfigureAwait(false);
}

if (serviceLocation==null)
throw new ApplicationException("Unable to connect to the elevated service.");

if (!InputArguments.IntegrityLevel.HasValue)
{
// This is the edge case where user does `gsudo -u SomeOne` and we dont know if SomeOne can elevate or not.
elevationRequest.IntegrityLevel = serviceLocation.IsHighIntegrity ? IntegrityLevel.High : IntegrityLevel.Medium;
}

if (serviceLocation==null)
throw new ApplicationException("Unable to connect to the elevated service.");

connection = await ServiceHelper.Connect(serviceLocation).ConfigureAwait(false);
if (connection == null) // service is not running or listening.
{
Expand Down
4 changes: 1 addition & 3 deletions src/gsudo/Helpers/CommandLineParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ private ICommand ParseOptions()
if (c != null)
return c;
}
else if (arg.In("-noninteractive")) { } // ignore due to gerardog/gsudo#305
else if (arg.StartsWith("-", StringComparison.OrdinalIgnoreCase)
&& arg.NotIn("-encodedCommand")) // -encodedCommand is not posix compliant, but is what powershell sends on: gsudo { script block }
// So treat -encodedCommand as part of the CommandToRun, for gerardog/gsudo#160
Expand Down Expand Up @@ -273,9 +274,6 @@ private ICommand ParseVerb()
if (arg.In("run"))
return new RunCommand(commandToRun: args.ToArray());

if (arg.In("AttachRun"))
return new AttachRunCommand(commandToRun: args.ToArray());

args.AddFirst(arg);

if (arg == "!!" || arg.StartsWith("!", StringComparison.InvariantCulture))
Expand Down
5 changes: 1 addition & 4 deletions src/gsudo/Helpers/CommandToRunAdapter.cs
Original file line number Diff line number Diff line change
@@ -1,15 +1,12 @@
using gsudo.Native;
using Microsoft.VisualBasic;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;

namespace gsudo.Helpers
{
Expand Down Expand Up @@ -133,7 +130,7 @@ Running ./gsudo {command} should elevate the powershell command.
if (!Settings.PowerShellLoadProfile)
newArgs.Add("-NoProfile");

if (args[0] == "-encodedCommand")
if (args[0].In("-encodedCommand", "-noninteractive"))
{
newArgs.AddRange(args);
}
Expand Down
5 changes: 4 additions & 1 deletion src/gsudo/Helpers/ServiceHelper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,12 @@ private static ServiceLocation FindServiceByIntegrity(int? clientPid, string use
var anyIntegrity = InputArguments.UserName != null;
var tryHighIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value >= IntegrityLevel.High;
var tryLowIntegrity = !InputArguments.IntegrityLevel.HasValue || InputArguments.IntegrityLevel.Value < IntegrityLevel.High;

var targetUserSid = InputArguments.RunAsSystem ? "S-1-5-18" : InputArguments.UserSid;

if (tryHighIntegrity)
{
var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true);
var pipeName = NamedPipeClient.TryGetServicePipe(user, clientPid.Value, true, null);
if (pipeName != null)
{
return new ServiceLocation
Expand Down
5 changes: 3 additions & 2 deletions src/gsudo/Rpc/NamedPipeNameFactory.cs
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ public static string GetPipeName(string allowedSid, int allowedPid, string targe
if (allowedPid < 0) allowedPid = 0;

var ti = InputArguments.TrustedInstaller ? "_TI" : string.Empty;
var admin = !isAdmin ? "_NonAdmin" : string.Empty;
var s = InputArguments.RunAsSystem ? "_S" : string.Empty;
var admin = !isAdmin ? "_NonAdmin" : string.Empty;

var data = $"{allowedSid}_{targetSid}_{allowedPid}_{ti}{admin}";
var data = $"allowedSid-{allowedSid}_targetSid-{targetSid}{allowedPid}{s}{ti}{admin}";
#if !DEBUG
data = GetHash(data);
#endif
Expand Down

0 comments on commit a7fcc1a

Please sign in to comment.