gsudo icon indicating copy to clipboard operation
gsudo copied to clipboard
verified publisher icon gerardog

Feature Request: Invoke-gsudo credentials parameter

Open NorskNoobing opened this issue 3 years ago • 1 comments

Description

I want a credentials parameter on the Invoke-gsudo function. This way it would be easier to run multiple different functions when providing the credentials once. You'll also be able to import your credentials from a file instead of using UAC all the time.

Proposed technical details

Here you'll be able to invoke multiple functions into separate variables: Enter creds before running functions: $admCreds = Get-Credential -Message "Enter admin credentials" or import creds from a encrypted file: $admCreds = Import-Clixml $admCredsPath | ConvertFrom-Securestring -AsPlainText

$var1 = Invoke-gsudo -Credentials $admCreds {function1}
$var2 = Invoke-gsudo -Credentials $admCreds {function2}

NorskNoobing avatar Sep 09 '22 09:09 NorskNoobing

Interesting. In the past I've refrained to send plain text credentials to gsudo, but I like the idea of using PowerShell secure credentials. Specially to start a cache or similar:

Start-Process .\gsudo.exe -ArgumentList "--debug cache on" -Credential $admCreds

which doesn't work right now, but it may in the future.

gerardog avatar Sep 09 '22 23:09 gerardog

Implemented in #188 But PowerShell/PowerShell#18333 / PowerShell/PowerShell#12129 may cause some issues for Invoke-gsudo specifically, not for gsudo -u UserName

gerardog avatar Oct 20 '22 05:10 gerardog

Pre-Released: https://github.com/gerardog/gsudo/releases/tag/v2.0.0-preview

gerardog avatar Oct 23 '22 19:10 gerardog

Implemented in #188 But PowerShell/PowerShell#18333 / PowerShell/PowerShell#12129 may cause some issues for Invoke-gsudo specifically, not for gsudo -u UserName

This doesn't solve the issue tho. The end goal is a non-interactive way to run gsudo, so it can be run in e.g. scripts in the background and stuff like that.

The current implementation only adds the option to runas a specific user, but you'll still have to enter password and press "yes" in the UAC prompt.

NorskNoobing avatar Oct 26 '22 13:10 NorskNoobing

I can't bypass UAC just with a flag. You need to consent at some point. Or you can disable the consent.

It is not that I won't. I can't ! Even with user & password credentials I can't spawn an elevated process without UAC unless gsudo is already elevated

In your situation, I would either: a) create a script and add it as a scheduled task. with credentials, etc b) use gsudo cache for minimal credentials prompt:

gsudo cache on # show one popup.
gsudo X # several actions without popup
gsudo Y
gsudo Z
gsudo cache off

c) disable UAC.

Programming the capability of installing gsudo as a windows service and actually behave like a sudoers is not in the near-future roadmap...

I created #194 to create the most similar to a UAC bypass I can think of now.

gerardog avatar Oct 26 '22 19:10 gerardog