-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
wsl: detect host Windows session 0 and disable browser
In order to detect if we have an interactive Windows desktop session from inside WSL we need to 'punch out' from WSL to determine the session ID and window station. Strictly speaking, except for session 0 (from Vista onwards), any Windows session can have exactly one interactive window station (always called WinSta0). However, because we cannot easily determine the window station name from a simple cmd/powershell script, we take a simplified approach which isn't 100% accurate. Instead, we only permit browser auth methods if we are NOT in Windows session 0; any other Windows session we assume we are in WinSta0. The default OpenSSH Server configuration (Windows 10+) has `sshd` running as the built-in NT user NETWORK_SERVICE, which means it runs in session 0 (the services session). This is most common scenario, other than using WSL from a 'real', interactive Windows session that we're likely to face.
- Loading branch information
1 parent
1a5da63
commit 7d11a86
Showing
9 changed files
with
144 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
using GitCredentialManager.Interop.Posix; | ||
|
||
namespace GitCredentialManager.Interop.Linux; | ||
|
||
public class LinuxSessionManager : PosixSessionManager | ||
{ | ||
private bool? _isWebBrowserAvailable; | ||
|
||
public LinuxSessionManager(IEnvironment env, IFileSystem fs) : base(env, fs) | ||
{ | ||
PlatformUtils.EnsureLinux(); | ||
} | ||
|
||
public override bool IsWebBrowserAvailable | ||
{ | ||
get | ||
{ | ||
return _isWebBrowserAvailable ??= GetWebBrowserAvailable(); | ||
} | ||
} | ||
|
||
private bool GetWebBrowserAvailable() | ||
{ | ||
// If this is a Windows Subsystem for Linux distribution we may | ||
// be able to launch the web browser of the host Windows OS. | ||
if (WslUtils.IsWslDistribution(Environment, FileSystem, out _)) | ||
{ | ||
// We need a shell execute handler to be able to launch to browser | ||
if (!BrowserUtils.TryGetLinuxShellExecuteHandler(Environment, out _)) | ||
{ | ||
return false; | ||
} | ||
|
||
// | ||
// If we are in Windows logon session 0 then the user can never interact, | ||
// even in the WinSta0 window station. This is typical when SSH-ing into a | ||
// Windows 10+ machine using the default OpenSSH Server configuration, | ||
// which runs in the 'services' session 0. | ||
// | ||
// If we're in any other session, and in the WinSta0 window station then | ||
// the user can possibly interact. However, since it's hard to determine | ||
// the window station from PowerShell cmdlets (we'd need to write P/Invoke | ||
// code and that's just messy and too many levels of indirection quite | ||
// frankly!) we just assume any non session 0 is interactive. | ||
// | ||
// This assumption doesn't hold true if the user has changed the user that | ||
// the OpenSSH Server service runs as (not a built-in NT service) *AND* | ||
// they've SSH-ed into the Windows host (and then started a WSL shell). | ||
// This feels like a very small subset of users... | ||
// | ||
if (WslUtils.GetWindowsSessionId(FileSystem) == 0) | ||
{ | ||
return false; | ||
} | ||
|
||
// If we are not in session 0, or we cannot get the Windows session ID, | ||
// assume that we *CAN* launch the browser so that users are never blocked. | ||
return true; | ||
} | ||
|
||
// We require an interactive desktop session to be able to launch a browser | ||
return IsDesktopSession; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,15 @@ | ||
using System; | ||
|
||
namespace GitCredentialManager.Interop.Posix | ||
{ | ||
public class PosixSessionManager : SessionManager | ||
public abstract class PosixSessionManager : SessionManager | ||
{ | ||
public PosixSessionManager() | ||
protected PosixSessionManager(IEnvironment env, IFileSystem fs) : base(env, fs) | ||
{ | ||
PlatformUtils.EnsurePosix(); | ||
} | ||
|
||
// Check if we have an X11 or Wayland display environment available | ||
public override bool IsDesktopSession => | ||
!string.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable("DISPLAY")) || | ||
!string.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable("WAYLAND_DISPLAY")); | ||
!string.IsNullOrWhiteSpace(System.Environment.GetEnvironmentVariable("DISPLAY")) || | ||
!string.IsNullOrWhiteSpace(System.Environment.GetEnvironmentVariable("WAYLAND_DISPLAY")); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,4 @@ | ||
using System.Diagnostics; | ||
using System.Threading.Tasks; | ||
|
||
namespace GitCredentialManager; | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters