runuser: new applet

Add a cut down, Windows-specific implementation of `runuser` from
util-linux.

This allows elevated privileges to be dropped when running in an
SSH session.  It also works when using `su` or starting busybox-w32
'as administrator'.

There are complications:

- The method used to drop privileges leaves the access token in the
  TokenIsElevated state.  Detecting this is likely to be fragile.

- The unprivileged shell is started by CreateProcessAsUserA().  In
  older versions of Windows this has to be loaded dynamically.

Adds about 900 bytes.

(GitHub issue #240)

1 files changed, 31 insertions, 12 deletions

diff --git a/win32/mingw.c b/win32/mingw.c
index 712728bd6..c7eeea088 100644
--- a/win32/mingw.c
+++ b/win32/mingw.c
@@ -1109,7 +1109,7 @@ static char *getsysdir(void)
 }
 
 #define NAME_LEN 100
-static char *get_user_name(void)
+char *get_user_name(void)
 {
         static char *user_name = NULL;
         char *s;
@@ -1136,18 +1136,42 @@ static char *get_user_name(void)
         return user_name;
 }
 
+#if ENABLE_RUNUSER
+/*
+ * When runuser drops privileges TokenIsElevated still returns TRUE.
+ * Use other means to determine if we're actually unprivileged.
+ * This is likely to be fragile.
+ */
+static int
+actually_unprivileged(HANDLE h)
+{
+        DWORD restricted = 0;
+        DWORD size;
+
+        if (GetTokenInformation(h, TokenHasRestrictions, &restricted,
+                                        sizeof(restricted), &size)) {
+                // The token generated by runuser seems to 'have restrictions'.
+                return restricted != 0;
+        }
+
+        return FALSE;
+}
+#else
+# define actually_unprivileged(h) (FALSE)
+#endif
+
 int getuid(void)
 {
         int ret = DEFAULT_UID;
         HANDLE h;
 
         if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &h)) {
-                TOKEN_ELEVATION elevation;
-                DWORD size = sizeof(TOKEN_ELEVATION);
+                TOKEN_ELEVATION elevation = { 0 };
+                DWORD size;
 
                 if (GetTokenInformation(h, TokenElevation, &elevation,
                                         sizeof(elevation), &size)) {
-                        if (elevation.TokenIsElevated)
+                        if (elevation.TokenIsElevated && !actually_unprivileged(h))
                                 ret = 0;
                 }
                 CloseHandle(h);
@@ -1174,17 +1198,12 @@ struct passwd *getpwuid(uid_t uid)
 {
         static struct passwd p;
 
-        if (uid == 0) {
+        if (uid == 0)
                 p.pw_name = (char *)"root";
-                p.pw_dir = getsysdir();
-        }
-        else if (uid == DEFAULT_UID && (p.pw_name=get_user_name()) != NULL) {
-                p.pw_dir = gethomedir();
-        }
-        else {
+        else if (uid != DEFAULT_UID || (p.pw_name=get_user_name()) == NULL)
                 return NULL;
-        }
 
+        p.pw_dir = gethomedir();
         p.pw_passwd = (char *)"";
         p.pw_gecos = p.pw_name;
         p.pw_shell = NULL;