izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix merging user environment variables during process launch

Browse Source
This commit is contained in:
Cameron Gutman
2023-04-29 17:24:06 -05:00
parent 292ef7eca3
commit 65b7f2373c
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/platform/windows/misc.cpp
View File

@@ -582,7 +582,6 @@ namespace platf {
BOOL ret; BOOL ret;
// Convert cmd, env, and working_dir to the appropriate character sets for Win32 APIs // Convert cmd, env, and working_dir to the appropriate character sets for Win32 APIs
std::wstring wcmd = utf8_to_wide_string(cmd); std::wstring wcmd = utf8_to_wide_string(cmd);
std::wstring env_block = create_environment_block(env);
std::wstring start_dir = utf8_to_wide_string(working_dir.string()); std::wstring start_dir = utf8_to_wide_string(working_dir.string());
STARTUPINFOEXW startup_info = create_startup_info(file, ec); STARTUPINFOEXW startup_info = create_startup_info(file, ec);
@@ -608,7 +607,7 @@ namespace platf {
HANDLE user_token = retrieve_users_token(elevated); HANDLE user_token = retrieve_users_token(elevated);
if (!user_token) { if (!user_token) {
// Fail the launch rather than risking launching with Sunshine's permissions unmodified. // Fail the launch rather than risking launching with Sunshine's permissions unmodified.
ec = std::make_error_code(std::errc::no_such_process); ec = std::make_error_code(std::errc::permission_denied);
return bp::child(); return bp::child();
} }
@@ -625,6 +624,7 @@ namespace platf {
// Open the process as the current user account, elevation is handled in the token itself. // Open the process as the current user account, elevation is handled in the token itself.
ec = impersonate_current_user(user_token, [&]() { ec = impersonate_current_user(user_token, [&]() {
std::wstring env_block = create_environment_block(env);
ret = CreateProcessAsUserW(user_token, ret = CreateProcessAsUserW(user_token,
NULL, NULL,
(LPWSTR) wcmd.c_str(), (LPWSTR) wcmd.c_str(),
@@ -641,6 +641,23 @@ namespace platf {
// Otherwise, launch the process using CreateProcessW() // Otherwise, launch the process using CreateProcessW()
// This will inherit the elevation of whatever the user launched Sunshine with. // This will inherit the elevation of whatever the user launched Sunshine with.
else { else {
// Open our current token to resolve environment variables
HANDLE process_token;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &process_token)) {
ec = std::make_error_code(std::errc::permission_denied);
return bp::child();
}
auto token_close = util::fail_guard([process_token]() {
CloseHandle(process_token);
});
// Populate env with user-specific environment variables
if (!merge_user_environment_block(env, process_token)) {
ec = std::make_error_code(std::errc::not_enough_memory);
return bp::child();
}
std::wstring env_block = create_environment_block(env);
ret = CreateProcessW(NULL, ret = CreateProcessW(NULL,
(LPWSTR) wcmd.c_str(), (LPWSTR) wcmd.c_str(),
NULL, NULL,