Add logged warnings for elevated launch on windows (#199)

Author: kelltrick

src/Tools/dotnet-monitor/Auth/AuthOptions.cs

@@ -8,7 +8,7 @@ namespace Microsoft.Diagnostics.Tools.Monitor
 {
     internal sealed class AuthOptions : IAuthOptions
     {
-        public bool EnableNegotiate => RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+        public bool EnableNegotiate => RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && KeyAuthenticationMode != KeyAuthenticationMode.NoAuth;
 
         public KeyAuthenticationMode KeyAuthenticationMode { get; }
 

src/Tools/dotnet-monitor/LoggingExtensions.cs

@@ -132,6 +132,18 @@ internal static class LoggingExtensions
                 logLevel: LogLevel.Critical,
                 formatString: "{failure}");
 
+        private static readonly Action<ILogger, Exception> _runningElevated =
+            LoggerMessage.Define(
+                eventId: new EventId(21, "RunningElevated"),
+                logLevel: LogLevel.Warning,
+                formatString: "The process was launched elevated and will have access to all processes on the system. Do not run elevated unless you need to monitor processes launched by another user (e.g., IIS worker processes)");
+
+        private static readonly Action<ILogger, Exception> _disabledNegotiateWhileElevated =
+            LoggerMessage.Define(
+                eventId: new EventId(22, "DisabledNegotiateWhileElevated"),
+                logLevel: LogLevel.Warning,
+                formatString: "Negotiate, Kerberos, and NTLM authentication are not enabled when running with elevated permissions.");
+
         public static void EgressProviderAdded(this ILogger logger, string providerName)
         {
             _egressProviderAdded(logger, providerName, null);
@@ -248,6 +260,16 @@ public static void OptionsValidationFailure(this ILogger logger, OptionsValidati
                 _optionsValidationFalure(logger, failure, null);
         }
 
+        public static void RunningElevated(this ILogger logger)
+        {
+            _runningElevated(logger, null);
+        }
+
+        public static void DisabledNegotiateWhileElevated(this ILogger logger)
+        {
+            _disabledNegotiateWhileElevated(logger, null);
+        }
+
         private static string Redact(string value)
         {
             return string.IsNullOrEmpty(value) ? value : "<REDACTED>";

src/Tools/dotnet-monitor/Startup.cs

@@ -21,6 +21,8 @@
 using System.Collections.Generic;
 using System.IO.Compression;
 using System.Linq;
+using System.Runtime.InteropServices;
+using System.Security.Principal;
 using System.Text.Json.Serialization;
 
 namespace Microsoft.Diagnostics.Tools.Monitor
@@ -130,6 +132,8 @@ public void Configure(
 
             lifetime.ApplicationStarted.Register(() => LogBoundAddresses(app.ServerFeatures, listenResults, logger));
 
+            LogElevatedPermissions(options, logger);
+
             if (options.KeyAuthenticationMode == KeyAuthenticationMode.NoAuth)
             {
                 logger.NoAuthentication();
@@ -209,5 +213,25 @@ private static void LogBoundAddresses(IFeatureCollection features, AddressListen
                 logger.BoundMetricsAddress(metricAddress);
             }
         }
+
+        private static void LogElevatedPermissions(IAuthOptions options, ILogger logger)
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
+                WindowsPrincipal principal = new WindowsPrincipal(currentUser);
+                if (principal.IsInRole(WindowsBuiltInRole.Administrator))
+                {
+                    logger.RunningElevated();
+                    // In the future this will need to be modified when ephemeral keys are setup
+                    if (options.EnableNegotiate)
+                    {
+                        logger.DisabledNegotiateWhileElevated();
+                    }
+                }
+            }
+
+            // in the future we should check that we aren't running root on linux (out of scope for now)
+        }
     }
 }