Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Invoke-gsudo credentials parameter #176

Closed
NorskNoobing opened this issue Sep 9, 2022 · 5 comments · Fixed by #188
Closed

Feature Request: Invoke-gsudo credentials parameter #176

NorskNoobing opened this issue Sep 9, 2022 · 5 comments · Fixed by #188

Comments

@NorskNoobing
Copy link

Description

I want a credentials parameter on the Invoke-gsudo function. This way it would be easier to run multiple different functions when providing the credentials once. You'll also be able to import your credentials from a file instead of using UAC all the time.

Proposed technical details

Here you'll be able to invoke multiple functions into separate variables:
Enter creds before running functions:
$admCreds = Get-Credential -Message "Enter admin credentials"
or import creds from a encrypted file:
$admCreds = Import-Clixml $admCredsPath | ConvertFrom-Securestring -AsPlainText

$var1 = Invoke-gsudo -Credentials $admCreds {function1}
$var2 = Invoke-gsudo -Credentials $admCreds {function2}
@gerardog
Copy link
Owner

gerardog commented Sep 9, 2022

Interesting. In the past I've refrained to send plain text credentials to gsudo, but I like the idea of using PowerShell secure credentials. Specially to start a cache or similar:

Start-Process .\gsudo.exe -ArgumentList "--debug cache on" -Credential $admCreds

which doesn't work right now, but it may in the future.

@gerardog
Copy link
Owner

Implemented in #188
But PowerShell/PowerShell#18333 / PowerShell/PowerShell#12129 may cause some issues for Invoke-gsudo specifically, not for gsudo -u UserName

@gerardog gerardog linked a pull request Oct 20, 2022 that will close this issue
Feature: Run As User gsudo -u username #188
Merged
@gerardog
Copy link
Owner

Pre-Released: https://github.com/gerardog/gsudo/releases/tag/v2.0.0-preview

@NorskNoobing
Copy link
Author

Implemented in #188 But PowerShell/PowerShell#18333 / PowerShell/PowerShell#12129 may cause some issues for Invoke-gsudo specifically, not for gsudo -u UserName

This doesn't solve the issue tho. The end goal is a non-interactive way to run gsudo, so it can be run in e.g. scripts in the background and stuff like that.

The current implementation only adds the option to runas a specific user, but you'll still have to enter password and press "yes" in the UAC prompt.

@gerardog
Copy link
Owner

I can't bypass UAC just with a flag. You need to consent at some point. Or you can disable the consent.

It is not that I won't. I can't ! Even with user & password credentials I can't spawn an elevated process without UAC unless gsudo is already elevated

In your situation, I would either:
a) create a script and add it as a scheduled task. with credentials, etc
b) use gsudo cache for minimal credentials prompt:

gsudo cache on # show one popup.
gsudo X # several actions without popup
gsudo Y
gsudo Z
gsudo cache off

c) disable UAC.

Programming the capability of installing gsudo as a windows service and actually behave like a sudoers is not in the near-future roadmap...

I created #194 to create the most similar to a UAC bypass I can think of now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature: Run As User gsudo -u username gerardog/gsudo
2 participants
@gerardog @NorskNoobing