From f1b999cc2e47a07d84ce6344b01f43df1fe92285 Mon Sep 17 00:00:00 2001
From: Gerardo Grignoli <gerardo.grignoli@emerios.com>
Date: Wed, 8 Jan 2020 20:31:46 -0300
Subject: [PATCH] Wrong NamedPipe name was used when elevating as another user.
 Fixes #4

---
 src/gsudo/Commands/RunCommand.cs     | 5 +++--
 src/gsudo/Commands/ServiceCommand.cs | 3 ++-
 src/gsudo/Helpers/ArgumentsHelper.cs | 5 +++--
 src/gsudo/Rpc/NamedPipeServer.cs     | 8 +++++---
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/gsudo/Commands/RunCommand.cs b/src/gsudo/Commands/RunCommand.cs
index 6e649f7a..d6a92475 100644
--- a/src/gsudo/Commands/RunCommand.cs
+++ b/src/gsudo/Commands/RunCommand.cs
@@ -6,6 +6,7 @@
 using System.Diagnostics;
 using System.Linq;
 using System.Runtime.Serialization.Formatters.Binary;
+using System.Security.Principal;
 using System.Threading.Tasks;
 
 namespace gsudo.Commands
@@ -104,6 +105,7 @@ public async Task<int> Execute()
             {
                 Logger.Instance.Log($"Using Console mode {elevationRequest.Mode}", LogLevel.Debug);
                 var callingPid = GetCallingPid(currentProcess);
+                var callingSid = WindowsIdentity.GetCurrent().User.Value;
                 Logger.Instance.Log($"Caller ProcessId is {callingPid}", LogLevel.Debug);
 
                 var cmd = CommandToRun.FirstOrDefault();
@@ -130,7 +132,7 @@ public async Task<int> Execute()
                         Logger.Instance.Log("Elevating process...", LogLevel.Debug);
 
                         var dbg = GlobalSettings.Debug ? "--debug " : string.Empty;
-                        using (var process = ProcessFactory.StartElevatedDetached(currentProcess.MainModule.FileName, $"{dbg}gsudoservice {callingPid} {GlobalSettings.LogLevel}", !GlobalSettings.Debug))
+                        using (var process = ProcessFactory.StartElevatedDetached(currentProcess.MainModule.FileName, $"{dbg}gsudoservice {callingPid} {callingSid} {GlobalSettings.LogLevel}", !GlobalSettings.Debug))
                         {
                             Logger.Instance.Log("Elevated instance started.", LogLevel.Debug);
                         }
@@ -157,7 +159,6 @@ public async Task<int> Execute()
                     connection?.Dispose();
                 }
             }
-
         }
 
         private static int GetCallingPid(Process currentProcess)
diff --git a/src/gsudo/Commands/ServiceCommand.cs b/src/gsudo/Commands/ServiceCommand.cs
index 39e0add5..2bb11db8 100644
--- a/src/gsudo/Commands/ServiceCommand.cs
+++ b/src/gsudo/Commands/ServiceCommand.cs
@@ -12,6 +12,7 @@ namespace gsudo.Commands
     class ServiceCommand : ICommand
     {
         public int allowedPid { get; set; }
+        public string allowedSid { get; set; }
 
         public LogLevel? LogLvl { get; set; }
 
@@ -78,7 +79,7 @@ private static IProcessHost CreateProcessHost(ElevationRequest request)
 
         private IRpcServer CreateServer()
         {
-            return new NamedPipeServer(allowedPid);
+            return new NamedPipeServer(allowedPid, allowedSid);
         }
 
         private async Task<ElevationRequest> ReadElevationRequest(Stream dataPipe)
diff --git a/src/gsudo/Helpers/ArgumentsHelper.cs b/src/gsudo/Helpers/ArgumentsHelper.cs
index bd0f2a88..3075377e 100644
--- a/src/gsudo/Helpers/ArgumentsHelper.cs
+++ b/src/gsudo/Helpers/ArgumentsHelper.cs
@@ -168,14 +168,15 @@ internal static ICommand ParseCommand(string[] args)
             {
                 bool hasLoglevel = false;
                 LogLevel logLevel = LogLevel.Info;
-                if (args.Length>2)
+                if (args.Length>3)
                 {
-                    hasLoglevel = Enum.TryParse<LogLevel>(args[2], true, out logLevel);
+                    hasLoglevel = Enum.TryParse<LogLevel>(args[3], true, out logLevel);
                 }
 
                 return new ServiceCommand()
                 {
                     allowedPid = int.Parse(args[1], CultureInfo.InvariantCulture),
+                    allowedSid = args[2],
                     LogLvl = hasLoglevel ? logLevel : (LogLevel?)null,
                 };
             }
diff --git a/src/gsudo/Rpc/NamedPipeServer.cs b/src/gsudo/Rpc/NamedPipeServer.cs
index 02f65b72..3d0e3bcc 100644
--- a/src/gsudo/Rpc/NamedPipeServer.cs
+++ b/src/gsudo/Rpc/NamedPipeServer.cs
@@ -13,6 +13,7 @@ namespace gsudo.Rpc
     class NamedPipeServer : IRpcServer
     {
         private readonly int _allowedPid;
+        private readonly string _allowedSid;
         CancellationTokenSource cancellationTokenSource = new CancellationTokenSource();
 
         public event EventHandler<Connection> ConnectionAccepted;
@@ -20,9 +21,10 @@ class NamedPipeServer : IRpcServer
 
         const int MAX_SERVER_INSTANCES = 20;
 
-        public NamedPipeServer(int AllowedPid)
+        public NamedPipeServer(int AllowedPid, string AllowedSid)
         {
             _allowedPid = AllowedPid;
+            _allowedSid = AllowedSid;
         }
 
         public async Task Listen()
@@ -30,11 +32,11 @@ public async Task Listen()
             var ps = new PipeSecurity();
 
             ps.AddAccessRule(new PipeAccessRule(
-                WindowsIdentity.GetCurrent().User,
+                new SecurityIdentifier(_allowedSid),
                 PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance,
                 AccessControlType.Allow));
 
-            var pipeName = GetPipeName(_allowedPid);
+            var pipeName = GetPipeName(_allowedSid, _allowedPid);
             Logger.Instance.Log($"Using named pipe {pipeName}.", LogLevel.Debug);
 
             Logger.Instance.Log($"Access allowed only for ProcessID {_allowedPid} and childs", LogLevel.Debug);