From dfc989712e8265ea8026dfe3f5281350fcb4a1fe Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Fri, 26 Feb 2021 22:47:21 -0600 Subject: [PATCH] server-default_integrity: Support the "runas" verb, and set EnableLUA to 1. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50727 --- patches/patchinstall.sh | 4 +- ...002-shell32-Implement-the-runas-verb.patch | 84 +++++++++++++++++++ ...ine.inf-Set-the-EnableLUA-value-to-1.patch | 29 +++++++ 3 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 patches/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch create mode 100644 patches/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index a934da7d..6be1a689 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -3524,10 +3524,12 @@ fi # | should run unelevated by default with Vista+ setting) # | # | Modified files: -# | * server/process.c +# | * dlls/shell32/shlexec.c, loader/wine.inf.in, server/process.c # | if test "$enable_server_default_integrity" -eq 1; then patch_apply server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch + patch_apply server-default_integrity/0002-shell32-Implement-the-runas-verb.patch + patch_apply server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch fi # Patchset setupapi-DiskSpaceList diff --git a/patches/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch b/patches/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch new file mode 100644 index 00000000..832c6a9a --- /dev/null +++ b/patches/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch @@ -0,0 +1,84 @@ +From 4fd79db7e859dfa62c1c00cffa3de53b25086346 Mon Sep 17 00:00:00 2001 +From: Zebediah Figura +Date: Fri, 26 Feb 2021 22:31:19 -0600 +Subject: [PATCH] shell32: Implement the "runas" verb. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Based on a patch by Michael Müller. + +Signed-off-by: Zebediah Figura +--- + dlls/shell32/shlexec.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c +index ce0b8f6d2be..9da9a0c81da 100644 +--- a/dlls/shell32/shlexec.c ++++ b/dlls/shell32/shlexec.c +@@ -305,6 +305,21 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz + return hr; + } + ++static HANDLE get_admin_token(void) ++{ ++ TOKEN_ELEVATION_TYPE type; ++ TOKEN_LINKED_TOKEN linked; ++ DWORD size; ++ ++ if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenElevationType, &type, sizeof(type), &size) ++ || type == TokenElevationTypeFull) ++ return NULL; ++ ++ if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenLinkedToken, &linked, sizeof(linked), &size)) ++ return NULL; ++ return linked.LinkedToken; ++} ++ + /************************************************************************* + * SHELL_ExecuteW [Internal] + * +@@ -312,6 +327,7 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz + static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, + const SHELLEXECUTEINFOW *psei, LPSHELLEXECUTEINFOW psei_out) + { ++ static const WCHAR runasW[] = {'r','u','n','a','s',0}; + STARTUPINFOW startup; + PROCESS_INFORMATION info; + UINT_PTR retval = SE_ERR_NOASSOC; +@@ -319,6 +335,7 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, + WCHAR curdir[MAX_PATH]; + DWORD dwCreationFlags; + const WCHAR *lpDirectory = NULL; ++ HANDLE token = NULL; + + TRACE("Execute %s from directory %s\n", debugstr_w(lpCmd), debugstr_w(psei->lpDirectory)); + +@@ -344,8 +361,12 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, + dwCreationFlags = CREATE_UNICODE_ENVIRONMENT; + if (!(psei->fMask & SEE_MASK_NO_CONSOLE)) + dwCreationFlags |= CREATE_NEW_CONSOLE; +- if (CreateProcessW(NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, dwCreationFlags, env, +- lpDirectory, &startup, &info)) ++ ++ if (psei->lpVerb && !strcmpiW(psei->lpVerb, runasW)) ++ token = get_admin_token(); ++ ++ if (CreateProcessAsUserW(token, NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, ++ dwCreationFlags, env, lpDirectory, &startup, &info)) + { + /* Give 30 seconds to the app to come up, if desired. Probably only needed + when starting app immediately before making a DDE connection. */ +@@ -365,6 +386,8 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, + retval = ERROR_BAD_FORMAT; + } + ++ CloseHandle(token); ++ + TRACE("returning %lu\n", retval); + + psei_out->hInstApp = (HINSTANCE)retval; +-- +2.20.1 + diff --git a/patches/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch b/patches/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch new file mode 100644 index 00000000..cc1a532a --- /dev/null +++ b/patches/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch @@ -0,0 +1,29 @@ +From 899085939fc7af0d53c5b1d4200a67acf12bb134 Mon Sep 17 00:00:00 2001 +From: Zebediah Figura +Date: Fri, 26 Feb 2021 22:41:35 -0600 +Subject: [PATCH] wine.inf: Set the EnableLUA value to 1. + +This signifies that UAC is active. + +Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50727 +Signed-off-by: Zebediah Figura +--- + loader/wine.inf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/loader/wine.inf.in b/loader/wine.inf.in +index d5dd2d5b66b..4294371c627 100644 +--- a/loader/wine.inf.in ++++ b/loader/wine.inf.in +@@ -550,7 +550,7 @@ HKLM,%CurrentVersion%\Explorer\DriveIcons,,16 + HKLM,%CurrentVersion%\Explorer\KindMap,,16 + HKLM,%CurrentVersion%\Group Policy,,16 + HKLM,%CurrentVersion%\Installer,"InstallerLocation",,"%11%" +-HKLM,%CurrentVersion%\Policies\System,"EnableLUA",0x10003,0 ++HKLM,%CurrentVersion%\Policies\System,"EnableLUA",0x10003,1 + HKLM,%CurrentVersion%\PreviewHandlers,,16 + HKLM,%CurrentVersion%\Run,,16 + HKLM,%CurrentVersion%\Setup,"BootDir",,"%30%" +-- +2.20.1 +