Merge pull request #174 from gerardog/Fix.NonAdminToSystem

Fix: Elevation to System from non-admin account

src/gsudo/Commands/RunCommand.cs

@@ -244,8 +244,8 @@ private static bool IsElevationRequired()
         /// <returns></returns>
         private static ElevationRequest.ConsoleMode GetElevationMode(bool isWindowsApp)
         {
-            if (!ProcessHelper.IsMemberOfLocalAdmins() || // => Not local admin? Force attached mode, so the new process has admin user env vars. (See #113)
-                Settings.ForceAttachedConsole)
+            if ((!ProcessHelper.IsMemberOfLocalAdmins() || // => Not local admin? Force attached mode, so the new process has admin user env vars. (See #113)
+                Settings.ForceAttachedConsole) && !Settings.ForcePipedConsole && !Settings.ForceVTConsole)
             {
                 if (Console.IsErrorRedirected
                     || Console.IsInputRedirected
@@ -254,6 +254,8 @@ private static ElevationRequest.ConsoleMode GetElevationMode(bool isWindowsApp)
                     // Attached mode doesnt supports redirection.
                     return ElevationRequest.ConsoleMode.Piped; 
                 }
+                if (InputArguments.TrustedInstaller)
+                    return ElevationRequest.ConsoleMode.VT; // workaround for #173
 
                 return ElevationRequest.ConsoleMode.Attached;
             }

src/gsudo/Commands/ServiceCommand.cs

@@ -37,9 +37,10 @@ public async Task<int> Execute()
 
             Console.Title = "gsudo Service";
 
-            if (InputArguments.TrustedInstaller && !System.Security.Principal.WindowsIdentity.GetCurrent().Claims.Any(c => c.Value == Constants.TI_SID))
+            if ((InputArguments.TrustedInstaller && !System.Security.Principal.WindowsIdentity.GetCurrent().Claims.Any(c => c.Value == Constants.TI_SID))
+                || (InputArguments.RunAsSystem && !System.Security.Principal.WindowsIdentity.GetCurrent().IsSystem))
             {
-                return Helpers.ServiceHelper.StartElevatedService(AllowedPid, CacheDuration, singleUse: SingleUse) ? 0: Constants.GSUDO_ERROR_EXITCODE;
+                return Helpers.ServiceHelper.StartElevatedService(AllowedPid, CacheDuration, singleUse: SingleUse, allowedSid: AllowedSid) ? 0: Constants.GSUDO_ERROR_EXITCODE;
             }
 
             var cacheLifetime = new CredentialsCacheLifetimeManager(AllowedPid);

src/gsudo/Helpers/ServiceHelper.cs

@@ -66,8 +66,7 @@ internal static bool StartElevatedService(int? allowedPid, TimeSpan? cacheDurati
 
             var @params = InputArguments.Debug ? "--debug " : string.Empty;
             //            if (InputArguments.IntegrityLevel.HasValue) @params += $"-i {InputArguments.IntegrityLevel.Value} ";
-            //            if (InputArguments.RunAsSystem) @params += "-s ";
-
+            if (InputArguments.RunAsSystem && allowedSid != System.Security.Principal.WindowsIdentity.GetCurrent().User.Value) @params += "-s ";
             if (InputArguments.TrustedInstaller) @params += "--ti ";
 
             verb = "gsudoservice";