public Task <int> Start()
{
try
{
var t1 = new StreamReader(_connection.ControlStream).ConsumeOutput(HandleControlStream);
WaitHandle.WaitAny(new WaitHandle[] { tokenSwitchSuccessEvent.WaitHandle, _process.GetProcessWaitHandle(), _connection.DisconnectedWaitHandle });
if (!tokenSwitchSuccessEvent.IsSet)
{
Logger.Instance.Log(
_connection?.IsAlive ?? true
? $"Failed to substitute token."
: $"Failed to substitute token. Connection from server lost."
, LogLevel.Error);
TerminateProcess();
return(Task.FromResult(Constants.GSUDO_ERROR_EXITCODE));
}
Logger.Instance.Log("Process token successfully substituted.", LogLevel.Debug);
_ = _connection.FlushAndCloseAll();
return(GetResult());
}
finally
{
ConsoleApi.SetConsoleCtrlHandler(ConsoleHelper.IgnoreConsoleCancelKeyPress, false);
}
}
public TokenSwitchRenderer(Connection connection, ElevationRequest elevationRequest)
{
if (Settings.SecurityEnforceUacIsolation && !elevationRequest.NewWindow)
{
throw new Exception("TokenSwitch mode not supported when SecurityEnforceUacIsolation is set.");
}
_connection = connection;
_elevationRequest = elevationRequest;
Environment.SetEnvironmentVariable("prompt", Environment.ExpandEnvironmentVariables(elevationRequest.Prompt));
ProcessApi.CreateProcessFlags dwCreationFlags = ProcessApi.CreateProcessFlags.CREATE_SUSPENDED;
if (elevationRequest.NewWindow)
{
dwCreationFlags |= ProcessApi.CreateProcessFlags.CREATE_NEW_CONSOLE;
}
string exeName, args;
if (elevationRequest.IntegrityLevel == IntegrityLevel.MediumPlus &&
ArgumentsHelper.UnQuote(elevationRequest.FileName.ToUpperInvariant()) != Environment.GetEnvironmentVariable("COMSPEC").ToUpperInvariant())
{
// Now, we have an issue with this method: The process launched with the new token throws Access Denied if it tries to read its own token.
// Kind of dirty workaround is to wrap the call with a "CMD.exe /c ".. this intermediate process will then
// launching the command with a fresh new (desired) token and we know cmd wont try to read it's substitute token (throwing Access Denied).
exeName = Environment.GetEnvironmentVariable("COMSPEC");
args = $"/s /c \"{elevationRequest.FileName} {elevationRequest.Arguments}\"";
}
else
{
// Hack not needed if we are already calling CMD
exeName = elevationRequest.FileName;
args = elevationRequest.Arguments;
}
_process = ProcessFactory.CreateProcessAsUserWithFlags(exeName, args, dwCreationFlags, out _processInformation);
elevationRequest.TargetProcessId = _processInformation.dwProcessId;
if (!elevationRequest.NewWindow)
{
ConsoleApi.SetConsoleCtrlHandler(ConsoleHelper.IgnoreConsoleCancelKeyPress, true);
}
}
public Task <int> GetResult()
{
try
{
_ = ProcessApi.ResumeThread(_processInformation.hThread);
if (_elevationRequest.Wait)
{
_process.GetProcessWaitHandle().WaitOne();
if (ProcessApi.GetExitCodeProcess(_process, out int exitCode))
{
return(Task.FromResult(exitCode));
}
}
return(Task.FromResult(0));
}
finally
{
ConsoleApi.SetConsoleCtrlHandler(ConsoleHelper.IgnoreConsoleCancelKeyPress, false);
}
}
static Console()
{
Handler = ConsoleCtrlHandler;
ConsoleApi.SetConsoleCtrlHandler(Handler, true);
SystemEvents.SessionEnding += SystemEvents_SessionEnding;
}