server-default_integrity: Support the "runas" verb, and set EnableLUA to 1.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50727
2024-11-21 16:46:54 -08:00 · 2021-02-26 22:47:21 -06:00 · 2021-02-26 22:47:21 -06:00 · dfc989712e
commit dfc989712e
parent 783002b5de
3 changed files with 116 additions and 1 deletions
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -3524,10 +3524,12 @@ fi
 # | 	should run unelevated by default with Vista+ setting)
 # |
 # | Modified files:
-# |   *	server/process.c
+# |   *	dlls/shell32/shlexec.c, loader/wine.inf.in, server/process.c
 # |
 if test "$enable_server_default_integrity" -eq 1; then
 	patch_apply server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch
+	patch_apply server-default_integrity/0002-shell32-Implement-the-runas-verb.patch
+	patch_apply server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch
 fi

 # Patchset setupapi-DiskSpaceList
--- a/patches/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch
+++ b/patches/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch
@ -0,0 +1,84 @@
+From 4fd79db7e859dfa62c1c00cffa3de53b25086346 Mon Sep 17 00:00:00 2001
+From: Zebediah Figura <z.figura12@gmail.com>
+Date: Fri, 26 Feb 2021 22:31:19 -0600
+Subject: [PATCH] shell32: Implement the "runas" verb.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Based on a patch by Michael Müller.
+
+Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
+---
+ dlls/shell32/shlexec.c | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c
+index ce0b8f6d2be..9da9a0c81da 100644
+--- a/dlls/shell32/shlexec.c
+++ b/dlls/shell32/shlexec.c
+@@ -305,6 +305,21 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz
+     return hr;
+ }
+ 
+static HANDLE get_admin_token(void)
+{
+    TOKEN_ELEVATION_TYPE type;
+    TOKEN_LINKED_TOKEN linked;
+    DWORD size;
+
+    if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenElevationType, &type, sizeof(type), &size)
+            || type == TokenElevationTypeFull)
+        return NULL;
+
+    if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenLinkedToken, &linked, sizeof(linked), &size))
+        return NULL;
+    return linked.LinkedToken;
+}
+
+ /*************************************************************************
+  *	SHELL_ExecuteW [Internal]
+  *
+@@ -312,6 +327,7 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz
+ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+ 			    const SHELLEXECUTEINFOW *psei, LPSHELLEXECUTEINFOW psei_out)
+ {
+    static const WCHAR runasW[] = {'r','u','n','a','s',0};
+     STARTUPINFOW  startup;
+     PROCESS_INFORMATION info;
+     UINT_PTR retval = SE_ERR_NOASSOC;
+@@ -319,6 +335,7 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+     WCHAR curdir[MAX_PATH];
+     DWORD dwCreationFlags;
+     const WCHAR *lpDirectory = NULL;
+    HANDLE token = NULL;
+ 
+     TRACE("Execute %s from directory %s\n", debugstr_w(lpCmd), debugstr_w(psei->lpDirectory));
+ 
+@@ -344,8 +361,12 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+     dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;
+     if (!(psei->fMask & SEE_MASK_NO_CONSOLE))
+         dwCreationFlags |= CREATE_NEW_CONSOLE;
+-    if (CreateProcessW(NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, dwCreationFlags, env,
+-                       lpDirectory, &startup, &info))
+
+    if (psei->lpVerb && !strcmpiW(psei->lpVerb, runasW))
+        token = get_admin_token();
+
+    if (CreateProcessAsUserW(token, NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE,
+            dwCreationFlags, env, lpDirectory, &startup, &info))
+     {
+         /* Give 30 seconds to the app to come up, if desired. Probably only needed
+            when starting app immediately before making a DDE connection. */
+@@ -365,6 +386,8 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
+         retval = ERROR_BAD_FORMAT;
+     }
+ 
+    CloseHandle(token);
+
+     TRACE("returning %lu\n", retval);
+ 
+     psei_out->hInstApp = (HINSTANCE)retval;
+-- 
+2.20.1
+
--- a/patches/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch
+++ b/patches/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch
@ -0,0 +1,29 @@
+From 899085939fc7af0d53c5b1d4200a67acf12bb134 Mon Sep 17 00:00:00 2001
+From: Zebediah Figura <z.figura12@gmail.com>
+Date: Fri, 26 Feb 2021 22:41:35 -0600
+Subject: [PATCH] wine.inf: Set the EnableLUA value to 1.
+
+This signifies that UAC is active.
+
+Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50727
+Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
+---
+ loader/wine.inf.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/loader/wine.inf.in b/loader/wine.inf.in
+index d5dd2d5b66b..4294371c627 100644
+--- a/loader/wine.inf.in
+++ b/loader/wine.inf.in
+@@ -550,7 +550,7 @@ HKLM,%CurrentVersion%\Explorer\DriveIcons,,16
+ HKLM,%CurrentVersion%\Explorer\KindMap,,16
+ HKLM,%CurrentVersion%\Group Policy,,16
+ HKLM,%CurrentVersion%\Installer,"InstallerLocation",,"%11%"
+-HKLM,%CurrentVersion%\Policies\System,"EnableLUA",0x10003,0
+HKLM,%CurrentVersion%\Policies\System,"EnableLUA",0x10003,1
+ HKLM,%CurrentVersion%\PreviewHandlers,,16
+ HKLM,%CurrentVersion%\Run,,16
+ HKLM,%CurrentVersion%\Setup,"BootDir",,"%30%"
+-- 
+2.20.1
+