wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-01-28 22:04:43 -08:00
Code Issues Packages Projects Releases Wiki Activity

server-default_integrity: Elevate processes if the manifest requests.

Browse Source 
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51000
This commit is contained in:
Zebediah Figura 2021-05-21 22:10:52 -05:00
parent f308782dad
commit be3928a809
4 changed files with 294 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
patches/patchinstall.sh
View File

@ -51,7 +51,7 @@ usage()
# Get the upstream commit sha
upstream_commit()
{
echo "dff85646517526562644c23648d11596daeb26d0"
echo "9561af9a7d8d77e2f98341e278c842226cae47ed"
}
# Show version information
@ -3070,13 +3070,17 @@ fi
# | should run unelevated by default with Vista+ setting)
# |
# | Modified files:
# | * dlls/msi/custom.c, dlls/shell32/shlexec.c, loader/wine.inf.in, server/process.c
# | * dlls/kernelbase/process.c, dlls/msi/custom.c, dlls/ntdll/process.c, dlls/ntdll/unix/env.c, dlls/shell32/shlexec.c,
# | loader/wine.inf.in, server/process.c
# |
if test "$enable_server_default_integrity" -eq 1; then
patch_apply server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch
patch_apply server-default_integrity/0002-shell32-Implement-the-runas-verb.patch
patch_apply server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch
patch_apply server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch
patch_apply server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch
patch_apply server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch
patch_apply server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch
fi
# Patchset setupapi-DiskSpaceList

61
patches/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch Normal file
View File

@ -0,0 +1,61 @@
From cd7883aaf87e8c15a6171d013e6b6c1ca518d158 Mon Sep 17 00:00:00 2001
From: Zebediah Figura <z.figura12@gmail.com>
Date: Fri, 21 May 2021 21:52:06 -0500
Subject: [PATCH] ntdll: Always start the initial process through start.exe.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
---
dlls/ntdll/unix/env.c | 23 ++++-------------------
1 file changed, 4 insertions(+), 19 deletions(-)
diff --git a/dlls/ntdll/unix/env.c b/dlls/ntdll/unix/env.c
index 5d8c14625f9..69f2dda1c2b 100644
--- a/dlls/ntdll/unix/env.c
+++ b/dlls/ntdll/unix/env.c
@@ -1921,6 +1921,7 @@ static inline DWORD append_string( void **ptr, const RTL_USER_PROCESS_PARAMETERS
*/
static RTL_USER_PROCESS_PARAMETERS *build_initial_params(void)
{
+ static const char *args[] = { "start.exe", "/exec" };
static const WCHAR valueW[] = {'1',0};
static const WCHAR pathW[] = {'P','A','T','H'};
RTL_USER_PROCESS_PARAMETERS *params = NULL;
@@ -1928,7 +1929,7 @@ static RTL_USER_PROCESS_PARAMETERS *build_initial_params(void)
WCHAR *dst, *image, *cmdline, *path, *bootstrap;
WCHAR *env = get_initial_environment( &env_pos, &env_size );
WCHAR *curdir = get_initial_directory();
- void *module = NULL;
+ void *module;
NTSTATUS status;
/* store the initial PATH value */
@@ -1950,24 +1951,8 @@ static RTL_USER_PROCESS_PARAMETERS *build_initial_params(void)
add_registry_environment( &env, &env_pos, &env_size );
env[env_pos++] = 0;
- status = load_main_exe( NULL, main_argv[1], curdir, &image, &module );
- if (!status)
- {
- if (main_image_info.ImageCharacteristics & IMAGE_FILE_DLL) status = STATUS_INVALID_IMAGE_FORMAT;
- if (main_image_info.ImageFlags & IMAGE_FLAGS_ComPlusNativeReady)
- main_image_info.Machine = native_machine;
- if (main_image_info.Machine != current_machine) status = STATUS_INVALID_IMAGE_FORMAT;
- }
-
- if (status) /* try launching it through start.exe */
- {
- static const char *args[] = { "start.exe", "/exec" };
- free( image );
- if (module) NtUnmapViewOfSection( GetCurrentProcess(), module );
- load_start_exe( &image, &module );
- prepend_argv( args, 2 );
- }
- else rebuild_argv();
+ load_start_exe( &image, &module );
+ prepend_argv( args, 2 );
NtCurrentTeb()->Peb->ImageBaseAddress = module;
main_wargv = build_wargv( get_dos_path( image ));
--
2.30.2

110
patches/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch Normal file
View File

@ -0,0 +1,110 @@
From e695c71722c3ecf8b2666da109dfe172e50f75da Mon Sep 17 00:00:00 2001
From: Zebediah Figura <z.figura12@gmail.com>
Date: Sun, 18 Apr 2021 17:46:35 -0500
Subject: [PATCH] kernelbase: Elevate processes if requested in
CreateProcessInternal().
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
---
dlls/kernelbase/process.c | 57 +++++++++++++++++++++++++++++++++++++--
1 file changed, 55 insertions(+), 2 deletions(-)
diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c
index ab89d3bcf31..270951a795e 100644
--- a/dlls/kernelbase/process.c
+++ b/dlls/kernelbase/process.c
@@ -30,6 +30,7 @@
#include "winnls.h"
#include "wincontypes.h"
#include "winternl.h"
+#include "winuser.h"
#include "kernelbase.h"
#include "wine/debug.h"
@@ -413,6 +414,54 @@ BOOL WINAPI DECLSPEC_HOTPATCH CloseHandle( HANDLE handle )
}
+static BOOL image_needs_elevation( const WCHAR *path )
+{
+ ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION run_level;
+ BOOL ret = FALSE;
+ HANDLE handle;
+ ACTCTXW ctx;
+
+ ctx.cbSize = sizeof(ctx);
+ ctx.dwFlags = ACTCTX_FLAG_RESOURCE_NAME_VALID;
+ ctx.lpSource = path;
+ ctx.lpResourceName = (const WCHAR *)CREATEPROCESS_MANIFEST_RESOURCE_ID;
+
+ if (RtlCreateActivationContext( &handle, &ctx )) return FALSE;
+
+ if (!RtlQueryInformationActivationContext( 0, handle, NULL, RunlevelInformationInActivationContext,
+ &run_level, sizeof(run_level), NULL ))
+ {
+ TRACE( "image requested run level %#x\n", run_level.RunLevel );
+ if (run_level.RunLevel == ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE
+ || run_level.RunLevel == ACTCTX_RUN_LEVEL_REQUIRE_ADMIN)
+ ret = TRUE;
+ }
+ RtlReleaseActivationContext( handle );
+
+ return ret;
+}
+
+
+static HANDLE get_elevated_token(void)
+{
+ TOKEN_ELEVATION_TYPE type;
+ TOKEN_LINKED_TOKEN linked;
+ NTSTATUS status;
+
+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(),
+ TokenElevationType, &type, sizeof(type), NULL )))
+ return NULL;
+
+ if (type == TokenElevationTypeFull) return NULL;
+
+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(),
+ TokenLinkedToken, &linked, sizeof(linked), NULL )))
+ return NULL;
+
+ return linked.LinkedToken;
+}
+
+
/**********************************************************************
* CreateProcessAsUserA (kernelbase.@)
*/
@@ -499,7 +548,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
WCHAR *p, *tidy_cmdline = cmd_line;
RTL_USER_PROCESS_PARAMETERS *params = NULL;
RTL_USER_PROCESS_INFORMATION rtl_info;
- HANDLE parent = 0, debug = 0;
+ HANDLE parent = 0, debug = 0, elevated_token = NULL;
ULONG nt_flags = 0;
NTSTATUS status;
@@ -607,6 +656,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
if (flags & CREATE_BREAKAWAY_FROM_JOB) nt_flags |= PROCESS_CREATE_FLAGS_BREAKAWAY;
if (flags & CREATE_SUSPENDED) nt_flags |= PROCESS_CREATE_FLAGS_SUSPENDED;
+ if (!token && image_needs_elevation( params->ImagePathName.Buffer ))
+ token = elevated_token = get_elevated_token();
+
status = create_nt_process( token, debug, process_attr, thread_attr,
nt_flags, params, &rtl_info, parent, handle_list, job_list );
switch (status)
@@ -648,7 +700,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
TRACE( "started process pid %04x tid %04x\n", info->dwProcessId, info->dwThreadId );
}
- done:
+done:
+ if (elevated_token) NtClose( elevated_token );
RtlDestroyProcessParameters( params );
if (tidy_cmdline != cmd_line) HeapFree( GetProcessHeap(), 0, tidy_cmdline );
return set_ntstatus( status );
--
2.30.2

117
patches/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch Normal file
View File

@ -0,0 +1,117 @@
From 6439bc264e8d7673ebf783303927bb7a4af54506 Mon Sep 17 00:00:00 2001
From: Zebediah Figura <z.figura12@gmail.com>
Date: Sun, 18 Apr 2021 17:46:44 -0500
Subject: [PATCH] ntdll: Elevate processes if requested in
RtlCreateUserProcess().
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
---
dlls/ntdll/process.c | 69 ++++++++++++++++++++++++++++++++++++++++----
1 file changed, 64 insertions(+), 5 deletions(-)
diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
index 3ed31e22100..86c45d6dfff 100644
--- a/dlls/ntdll/process.c
+++ b/dlls/ntdll/process.c
@@ -39,6 +39,9 @@
WINE_DEFAULT_DEBUG_CHANNEL(process);
+/* we don't want to include winuser.h */
+#define CREATEPROCESS_MANIFEST_RESOURCE_ID ((ULONG_PTR)1)
+
/******************************************************************************
* RtlGetCurrentPeb [NTDLL.@]
*
@@ -49,6 +52,55 @@ PEB * WINAPI RtlGetCurrentPeb(void)
}
+static BOOL image_needs_elevation( const WCHAR *path )
+{
+ ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION run_level;
+ BOOL ret = FALSE;
+ HANDLE handle;
+ ACTCTXW ctx;
+
+ ctx.cbSize = sizeof(ctx);
+ ctx.dwFlags = ACTCTX_FLAG_RESOURCE_NAME_VALID;
+ ctx.lpSource = path;
+ ctx.lpResourceName = (const WCHAR *)CREATEPROCESS_MANIFEST_RESOURCE_ID;
+
+ if (RtlCreateActivationContext( &handle, &ctx )) return FALSE;
+
+ if (!RtlQueryInformationActivationContext( 0, handle, NULL, RunlevelInformationInActivationContext,
+ &run_level, sizeof(run_level), NULL ))
+ {
+ TRACE( "image requested run level %#x\n", run_level.RunLevel );
+ if (run_level.RunLevel == ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE
+ || run_level.RunLevel == ACTCTX_RUN_LEVEL_REQUIRE_ADMIN)
+ ret = TRUE;
+ }
+ RtlReleaseActivationContext( handle );
+
+ return ret;
+}
+
+
+static HANDLE get_elevated_token(void)
+{
+ TOKEN_ELEVATION_TYPE type;
+ TOKEN_LINKED_TOKEN linked;
+ NTSTATUS status;
+
+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(),
+ TokenElevationType, &type, sizeof(type), NULL )))
+ return NULL;
+
+ if (type == TokenElevationTypeFull) return NULL;
+
+
+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(),
+ TokenLinkedToken, &linked, sizeof(linked), NULL )))
+ return NULL;
+
+ return linked.LinkedToken;
+}
+
+
/**********************************************************************
* RtlWow64GetCurrentMachine (NTDLL.@)
*/
@@ -176,8 +228,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes,
PS_CREATE_INFO create_info;
ULONG_PTR buffer[offsetof( PS_ATTRIBUTE_LIST, Attributes[6] ) / sizeof(ULONG_PTR)];
PS_ATTRIBUTE_LIST *attr = (PS_ATTRIBUTE_LIST *)buffer;
+ HANDLE elevated_token = NULL;
+ NTSTATUS status;
UINT pos = 0;
+ if (!token && image_needs_elevation( params->ImagePathName.Buffer ))
+ token = elevated_token = get_elevated_token();
+
RtlNormalizeProcessParams( params );
attr->Attributes[pos].Attribute = PS_ATTRIBUTE_IMAGE_NAME;
@@ -224,11 +281,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes,
InitializeObjectAttributes( &process_attr, NULL, 0, NULL, process_descr );
InitializeObjectAttributes( &thread_attr, NULL, 0, NULL, thread_descr );
- return NtCreateUserProcess( &info->Process, &info->Thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS,
- &process_attr, &thread_attr,
- inherit ? PROCESS_CREATE_FLAGS_INHERIT_HANDLES : 0,
- THREAD_CREATE_FLAGS_CREATE_SUSPENDED, params,
- &create_info, attr );
+ status = NtCreateUserProcess( &info->Process, &info->Thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS,
+ &process_attr, &thread_attr,
+ inherit ? PROCESS_CREATE_FLAGS_INHERIT_HANDLES : 0,
+ THREAD_CREATE_FLAGS_CREATE_SUSPENDED, params, &create_info, attr );
+
+ if (elevated_token) NtClose( elevated_token );
+ return status;
}
/***********************************************************************
--
2.30.2