diff --git a/config/games/default.nix b/config/games/default.nix index d5adb3dd..421c537d 100644 --- a/config/games/default.nix +++ b/config/games/default.nix @@ -5,20 +5,6 @@ args: { system, ... }: let - wine = nix-gaming.packages.x86_64-linux.wine-ge.overrideAttrs (super: { - patches = - super.patches - or [] - ++ [ - ./wine/server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch - ./wine/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch - ./wine/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch - ./wine/server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch - ./wine/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch - ./wine/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch - ./wine/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch - ]; - }); in { home.packages = [ @@ -30,7 +16,7 @@ in { then [ pkgs.xivlauncher nix-gaming.packages.x86_64-linux.osu-lazer-bin - wine + (pkgs.wineWowPackages.stagingFull.override {waylandSupport = true;}) ] else [] ); diff --git a/config/games/wine/server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch b/config/games/wine/server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch deleted file mode 100644 index f92eeac7..00000000 --- a/config/games/wine/server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 9804dd77fd8c0ec56963306f409fea6b910bb48d Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Sun, 7 Feb 2021 22:54:19 -0600 -Subject: [PATCH] server: Create processes using a limited administrator token - by default. - -Signed-off-by: Zebediah Figura ---- - server/process.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/server/process.c b/server/process.c -index 15387a2affa..3a8bbdbfb2e 100644 ---- a/server/process.c -+++ b/server/process.c -@@ -664,7 +664,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla - if (!parent) - { - process->handles = alloc_handle_table( process, 0 ); -- process->token = token_create_admin( TRUE, -1, TokenElevationTypeFull, default_session_id ); -+ process->token = token_create_admin( TRUE, -1, TokenElevationTypeLimited, default_session_id ); - process->affinity = ~0; - } - else --- -2.30.2 - diff --git a/config/games/wine/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch b/config/games/wine/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch deleted file mode 100644 index e80bcd1b..00000000 --- a/config/games/wine/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch +++ /dev/null @@ -1,76 +0,0 @@ -From ede24db26773b5ce2c2d7e13bf12939b55124281 Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Fri, 26 Feb 2021 22:31:19 -0600 -Subject: [PATCH] shell32: Implement the "runas" verb. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Based on a patch by Michael Müller. - -Signed-off-by: Zebediah Figura ---- - dlls/shell32/shlexec.c | 26 ++++++++++++++++++++++++-- - 1 file changed, 24 insertions(+), 2 deletions(-) - -diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c -index 8c7e3cf0808..c9a996a13dd 100644 ---- a/dlls/shell32/shlexec.c -+++ b/dlls/shell32/shlexec.c -@@ -292,6 +292,21 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz - return hr; - } - -+static HANDLE get_admin_token(void) -+{ -+ TOKEN_ELEVATION_TYPE type; -+ TOKEN_LINKED_TOKEN linked; -+ DWORD size; -+ -+ if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenElevationType, &type, sizeof(type), &size) -+ || type == TokenElevationTypeFull) -+ return NULL; -+ -+ if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenLinkedToken, &linked, sizeof(linked), &size)) -+ return NULL; -+ return linked.LinkedToken; -+} -+ - /************************************************************************* - * SHELL_ExecuteW [Internal] - * -@@ -305,6 +320,7 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, - UINT gcdret = 0; - WCHAR curdir[MAX_PATH]; - DWORD dwCreationFlags; -+ HANDLE token = NULL; - - TRACE("Execute %s from directory %s\n", debugstr_w(lpCmd), debugstr_w(psei->lpDirectory)); - -@@ -326,8 +342,12 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, - dwCreationFlags = CREATE_UNICODE_ENVIRONMENT; - if (!(psei->fMask & SEE_MASK_NO_CONSOLE)) - dwCreationFlags |= CREATE_NEW_CONSOLE; -- if (CreateProcessW(NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, dwCreationFlags, env, -- NULL, &startup, &info)) -+ -+ if (psei->lpVerb && !wcsicmp(psei->lpVerb, L"runas")) -+ token = get_admin_token(); -+ -+ if (CreateProcessAsUserW(token, NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, -+ dwCreationFlags, env, NULL, &startup, &info)) - { - /* Give 30 seconds to the app to come up, if desired. Probably only needed - when starting app immediately before making a DDE connection. */ -@@ -347,6 +367,8 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, - retval = ERROR_BAD_FORMAT; - } - -+ CloseHandle(token); -+ - TRACE("returning %Iu\n", retval); - - psei_out->hInstApp = (HINSTANCE)retval; --- -2.34.1 - diff --git a/config/games/wine/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch b/config/games/wine/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch deleted file mode 100644 index 8b0ccf78..00000000 --- a/config/games/wine/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch +++ /dev/null @@ -1,29 +0,0 @@ -From dc1f602da6ed3a574697fe8b5bc4590d74e344f5 Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Fri, 26 Feb 2021 22:41:35 -0600 -Subject: [PATCH] wine.inf: Set the EnableLUA value to 1. - -This signifies that UAC is active. - -Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50727 -Signed-off-by: Zebediah Figura ---- - loader/wine.inf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/loader/wine.inf.in b/loader/wine.inf.in -index 24da6f3af6b..a72279e9881 100644 ---- a/loader/wine.inf.in -+++ b/loader/wine.inf.in -@@ -526,7 +526,7 @@ HKLM,%CurrentVersion%\Explorer\DriveIcons,,16 - HKLM,%CurrentVersion%\Explorer\KindMap,,16 - HKLM,%CurrentVersion%\Group Policy,,16 - HKLM,%CurrentVersion%\Installer,"InstallerLocation",,"%11%" --HKLM,%CurrentVersion%\Policies\System,"EnableLUA",0x10003,0 -+HKLM,%CurrentVersion%\Policies\System,"EnableLUA",0x10001,1 - HKLM,%CurrentVersion%\PreviewHandlers,,16 - HKLM,%CurrentVersion%\Run,,16 - HKLM,%CurrentVersion%\Setup,"BootDir",,"%30%" --- -2.30.2 - diff --git a/config/games/wine/server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch b/config/games/wine/server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch deleted file mode 100644 index 476725ba..00000000 --- a/config/games/wine/server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch +++ /dev/null @@ -1,68 +0,0 @@ -From f2de1c5d2fcda876276e077b61f9fba5ff3f7f12 Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Sun, 16 May 2021 20:49:05 -0500 -Subject: [PATCH] msi: Create the custom action server as an elevated process. - -Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51143 -Signed-off-by: Zebediah Figura ---- - dlls/msi/custom.c | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/dlls/msi/custom.c b/dlls/msi/custom.c -index fb03958eb11..874b9b92118 100644 ---- a/dlls/msi/custom.c -+++ b/dlls/msi/custom.c -@@ -574,12 +574,28 @@ UINT CDECL __wine_msi_call_dll_function(DWORD client_pid, const GUID *guid) - return r; - } - -+static HANDLE get_admin_token(void) -+{ -+ TOKEN_ELEVATION_TYPE type; -+ TOKEN_LINKED_TOKEN linked; -+ DWORD size; -+ -+ if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenElevationType, &type, sizeof(type), &size) -+ || type == TokenElevationTypeFull) -+ return NULL; -+ -+ if (!GetTokenInformation(GetCurrentThreadEffectiveToken(), TokenLinkedToken, &linked, sizeof(linked), &size)) -+ return NULL; -+ return linked.LinkedToken; -+} -+ - static DWORD custom_start_server(MSIPACKAGE *package, DWORD arch) - { - WCHAR path[MAX_PATH], cmdline[MAX_PATH + 23]; - PROCESS_INFORMATION pi = {0}; - STARTUPINFOW si = {0}; - WCHAR buffer[24]; -+ HANDLE token; - void *cookie; - HANDLE pipe; - -@@ -601,14 +617,18 @@ static DWORD custom_start_server(MSIPACKAGE *package, DWORD arch) - lstrcatW(path, L"\\msiexec.exe"); - swprintf(cmdline, ARRAY_SIZE(cmdline), L"%s -Embedding %d", path, GetCurrentProcessId()); - -+ token = get_admin_token(); -+ - if (is_wow64 && arch == SCS_64BIT_BINARY) - { - Wow64DisableWow64FsRedirection(&cookie); -- CreateProcessW(path, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi); -+ CreateProcessAsUserW(token, path, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi); - Wow64RevertWow64FsRedirection(cookie); - } - else -- CreateProcessW(path, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi); -+ CreateProcessAsUserW(token, path, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi); -+ -+ if (token) CloseHandle(token); - - CloseHandle(pi.hThread); - --- -2.30.2 - diff --git a/config/games/wine/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch b/config/games/wine/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch deleted file mode 100644 index e6ad033a..00000000 --- a/config/games/wine/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch +++ /dev/null @@ -1,50 +0,0 @@ -From b08427ea0575faf213100269bf5bc931ec05930b Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Fri, 21 May 2021 21:52:06 -0500 -Subject: [PATCH] ntdll: Always start the initial process through start.exe. - -Signed-off-by: Zebediah Figura ---- - dlls/ntdll/unix/env.c | 19 +++---------------- - 1 file changed, 3 insertions(+), 16 deletions(-) - -diff --git a/dlls/ntdll/unix/env.c b/dlls/ntdll/unix/env.c -index ae1afb2797b..02af2c5ca5a 100644 ---- a/dlls/ntdll/unix/env.c -+++ b/dlls/ntdll/unix/env.c -@@ -2116,6 +2116,7 @@ static void init_peb( RTL_USER_PROCESS_PARAMETERS *params, void *module ) - */ - static RTL_USER_PROCESS_PARAMETERS *build_initial_params( void **module ) - { -+ static const char *args[] = { "start.exe", "/exec" }; - static const WCHAR valueW[] = {'1',0}; - static const WCHAR pathW[] = {'P','A','T','H'}; - RTL_USER_PROCESS_PARAMETERS *params = NULL; -@@ -2144,22 +2145,8 @@ static RTL_USER_PROCESS_PARAMETERS *build_initial_params( void **module ) - add_registry_environment( &env, &env_pos, &env_size ); - env[env_pos++] = 0; - -- status = load_main_exe( NULL, main_argv[1], curdir, &image, module ); -- if (!status) -- { -- if (main_image_info.ImageCharacteristics & IMAGE_FILE_DLL) status = STATUS_INVALID_IMAGE_FORMAT; -- if (main_image_info.Machine != current_machine) status = STATUS_INVALID_IMAGE_FORMAT; -- } -- -- if (status) /* try launching it through start.exe */ -- { -- static const char *args[] = { "start.exe", "/exec" }; -- free( image ); -- if (*module) NtUnmapViewOfSection( GetCurrentProcess(), *module ); -- load_start_exe( &image, module ); -- prepend_argv( args, 2 ); -- } -- else rebuild_argv(); -+ load_start_exe( &image, module ); -+ prepend_argv( args, 2 ); - - main_wargv = build_wargv( get_dos_path( image )); - cmdline = build_command_line( main_wargv ); --- -2.32.0 - diff --git a/config/games/wine/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch b/config/games/wine/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch deleted file mode 100644 index 619a1446..00000000 --- a/config/games/wine/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 71aba24d166ee16f6ea52d1b63acabccf0532514 Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Sun, 18 Apr 2021 17:46:35 -0500 -Subject: [PATCH] kernelbase: Elevate processes if requested in - CreateProcessInternal(). - -Signed-off-by: Zebediah Figura ---- - dlls/kernelbase/process.c | 57 +++++++++++++++++++++++++++++++++++++-- - 1 file changed, 55 insertions(+), 2 deletions(-) - -diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c -index 35381f409e9..e64076cb860 100644 ---- a/dlls/kernelbase/process.c -+++ b/dlls/kernelbase/process.c -@@ -30,6 +30,7 @@ - #include "winnls.h" - #include "wincontypes.h" - #include "winternl.h" -+#include "winuser.h" - - #include "kernelbase.h" - #include "wine/debug.h" -@@ -414,6 +415,54 @@ BOOL WINAPI DECLSPEC_HOTPATCH CloseHandle( HANDLE handle ) - } - - -+static BOOL image_needs_elevation( const WCHAR *path ) -+{ -+ ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION run_level; -+ BOOL ret = FALSE; -+ HANDLE handle; -+ ACTCTXW ctx; -+ -+ ctx.cbSize = sizeof(ctx); -+ ctx.dwFlags = ACTCTX_FLAG_RESOURCE_NAME_VALID; -+ ctx.lpSource = path; -+ ctx.lpResourceName = (const WCHAR *)CREATEPROCESS_MANIFEST_RESOURCE_ID; -+ -+ if (RtlCreateActivationContext( &handle, &ctx )) return FALSE; -+ -+ if (!RtlQueryInformationActivationContext( 0, handle, NULL, RunlevelInformationInActivationContext, -+ &run_level, sizeof(run_level), NULL )) -+ { -+ TRACE( "image requested run level %#x\n", run_level.RunLevel ); -+ if (run_level.RunLevel == ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE -+ || run_level.RunLevel == ACTCTX_RUN_LEVEL_REQUIRE_ADMIN) -+ ret = TRUE; -+ } -+ RtlReleaseActivationContext( handle ); -+ -+ return ret; -+} -+ -+ -+static HANDLE get_elevated_token(void) -+{ -+ TOKEN_ELEVATION_TYPE type; -+ TOKEN_LINKED_TOKEN linked; -+ NTSTATUS status; -+ -+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(), -+ TokenElevationType, &type, sizeof(type), NULL ))) -+ return NULL; -+ -+ if (type == TokenElevationTypeFull) return NULL; -+ -+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(), -+ TokenLinkedToken, &linked, sizeof(linked), NULL ))) -+ return NULL; -+ -+ return linked.LinkedToken; -+} -+ -+ - /********************************************************************** - * CreateProcessAsUserA (kernelbase.@) - */ -@@ -500,7 +549,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR - WCHAR *p, *tidy_cmdline = cmd_line, *orig_app_name = NULL; - RTL_USER_PROCESS_PARAMETERS *params = NULL; - RTL_USER_PROCESS_INFORMATION rtl_info; -- HANDLE parent = 0, debug = 0; -+ HANDLE parent = 0, debug = 0, elevated_token = NULL; - const WCHAR *append; - ULONG nt_flags = 0; - NTSTATUS status; - -@@ -608,6 +657,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR - if (flags & CREATE_BREAKAWAY_FROM_JOB) nt_flags |= PROCESS_CREATE_FLAGS_BREAKAWAY; - if (flags & CREATE_SUSPENDED) nt_flags |= PROCESS_CREATE_FLAGS_SUSPENDED; - -+ if (!token && image_needs_elevation( params->ImagePathName.Buffer )) -+ token = elevated_token = get_elevated_token(); -+ - status = create_nt_process( token, debug, process_attr, thread_attr, - nt_flags, params, &rtl_info, parent, handle_list, job_list ); - switch (status) -@@ -649,7 +701,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR - TRACE( "started process pid %04lx tid %04lx\n", info->dwProcessId, info->dwThreadId ); - } - -- done: -+done: -+ if (elevated_token) NtClose( elevated_token ); - RtlDestroyProcessParameters( params ); - if (tidy_cmdline != cmd_line) HeapFree( GetProcessHeap(), 0, tidy_cmdline ); - return set_ntstatus( status ); --- -2.34.1 - diff --git a/config/games/wine/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch b/config/games/wine/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch deleted file mode 100644 index a0b94438..00000000 --- a/config/games/wine/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 20e95575948faec1eca2e88967e985539a512cd5 Mon Sep 17 00:00:00 2001 -From: Zebediah Figura -Date: Sun, 18 Apr 2021 17:46:44 -0500 -Subject: [PATCH] ntdll: Elevate processes if requested in - RtlCreateUserProcess(). - -Signed-off-by: Zebediah Figura ---- - dlls/ntdll/process.c | 79 +++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 74 insertions(+), 5 deletions(-) - -diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c -index 160b1f549c9..fd437ea07d4 100644 ---- a/dlls/ntdll/process.c -+++ b/dlls/ntdll/process.c -@@ -39,6 +39,9 @@ - WINE_DEFAULT_DEBUG_CHANNEL(process); - - -+/* we don't want to include winuser.h */ -+#define CREATEPROCESS_MANIFEST_RESOURCE_ID ((ULONG_PTR)1) -+ - /****************************************************************************** - * RtlGetCurrentPeb [NTDLL.@] - * -@@ -82,6 +85,63 @@ NTSTATUS WINAPI RtlWow64EnableFsRedirectionEx( ULONG disable, ULONG *old_value ) - } - - -+static BOOL image_needs_elevation( const UNICODE_STRING *path ) -+{ -+ ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION run_level; -+ UNICODE_STRING path0; -+ BOOL ret = FALSE; -+ HANDLE handle; -+ ACTCTXW ctx; -+ -+ if (RtlDuplicateUnicodeString( 1, path, &path0 )) -+ return FALSE; -+ -+ ctx.cbSize = sizeof(ctx); -+ ctx.dwFlags = ACTCTX_FLAG_RESOURCE_NAME_VALID; -+ ctx.lpSource = path0.Buffer; -+ ctx.lpResourceName = (const WCHAR *)CREATEPROCESS_MANIFEST_RESOURCE_ID; -+ -+ if (RtlCreateActivationContext( &handle, &ctx )) -+ { -+ RtlFreeUnicodeString( &path0 ); -+ return FALSE; -+ } -+ -+ if (!RtlQueryInformationActivationContext( 0, handle, NULL, RunlevelInformationInActivationContext, -+ &run_level, sizeof(run_level), NULL )) -+ { -+ TRACE( "image requested run level %#x\n", run_level.RunLevel ); -+ if (run_level.RunLevel == ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE -+ || run_level.RunLevel == ACTCTX_RUN_LEVEL_REQUIRE_ADMIN) -+ ret = TRUE; -+ } -+ RtlReleaseActivationContext( handle ); -+ RtlFreeUnicodeString( &path0 ); -+ return ret; -+} -+ -+ -+static HANDLE get_elevated_token(void) -+{ -+ TOKEN_ELEVATION_TYPE type; -+ TOKEN_LINKED_TOKEN linked; -+ NTSTATUS status; -+ -+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(), -+ TokenElevationType, &type, sizeof(type), NULL ))) -+ return NULL; -+ -+ if (type == TokenElevationTypeFull) return NULL; -+ -+ -+ if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(), -+ TokenLinkedToken, &linked, sizeof(linked), NULL ))) -+ return NULL; -+ -+ return linked.LinkedToken; -+} -+ -+ - /********************************************************************** - * RtlWow64GetCurrentMachine (NTDLL.@) - */ -@@ -294,8 +354,15 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, - PS_CREATE_INFO create_info; - ULONG_PTR buffer[offsetof( PS_ATTRIBUTE_LIST, Attributes[6] ) / sizeof(ULONG_PTR)]; - PS_ATTRIBUTE_LIST *attr = (PS_ATTRIBUTE_LIST *)buffer; -+ HANDLE elevated_token = NULL; -+ NTSTATUS status; - UINT pos = 0; - -+ /* It's not clear whether we should use path or ¶ms->ImagePathName here, -+ * but Roblox Player tries to pass an empty string for the latter. */ -+ if (!token && image_needs_elevation( path )) -+ token = elevated_token = get_elevated_token(); -+ - RtlNormalizeProcessParams( params ); - - attr->Attributes[pos].Attribute = PS_ATTRIBUTE_IMAGE_NAME; -@@ -342,11 +409,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, - InitializeObjectAttributes( &process_attr, NULL, 0, NULL, process_descr ); - InitializeObjectAttributes( &thread_attr, NULL, 0, NULL, thread_descr ); - -- return NtCreateUserProcess( &info->Process, &info->Thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, -- &process_attr, &thread_attr, -- inherit ? PROCESS_CREATE_FLAGS_INHERIT_HANDLES : 0, -- THREAD_CREATE_FLAGS_CREATE_SUSPENDED, params, -- &create_info, attr ); -+ status = NtCreateUserProcess( &info->Process, &info->Thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, -+ &process_attr, &thread_attr, -+ inherit ? PROCESS_CREATE_FLAGS_INHERIT_HANDLES : 0, -+ THREAD_CREATE_FLAGS_CREATE_SUSPENDED, params, &create_info, attr ); -+ -+ if (elevated_token) NtClose( elevated_token ); -+ return status; - } - - /*********************************************************************** --- -2.32.0 - diff --git a/config/games/wine/server-default_integrity/definition b/config/games/wine/server-default_integrity/definition deleted file mode 100644 index 31f971ca..00000000 --- a/config/games/wine/server-default_integrity/definition +++ /dev/null @@ -1,2 +0,0 @@ -Fixes: [40613] Multiple applications require UAC implementation to run installer/app as a normal user instead of administrator (WhatsApp Desktop, Smartflix, Squirrel Installers, OneDrive) -Fixes: [39262] DiscordSetup.exe (.NET 4.5.2 app): Squirrell installer requires being run as unelevated process ('explorer.exe' should run unelevated by default with Vista+ setting)