From d9e8bb61cf380264511a4524281af2ca57498bce Mon Sep 17 00:00:00 2001
From: Ron Yorston <rmy@pobox.com>
Date: Sun, 19 Mar 2023 10:26:24 +0000
Subject: drop: add cdrop and pdrop aliases

Add cdrop and pdrop applets as aliases for drop.  If a command
isn't specified these use cmd.exe and PowerShell instead of the
BusyBox shell.

This makes it possible to choose the default shell used for SSH
connections even in older versions of OpenSSH that don't support
the DefaultShellArguments registry key.

Note that to get cmd.exe to run a command rather than an interactive
shell it's necessary to set the DefaultShellCommandOption registry
key to '/c'.

Costs 248-272 bytes.
---
 configs/mingw32_defconfig |  2 ++
 configs/mingw64_defconfig |  2 ++
 miscutils/drop.c          | 51 ++++++++++++++++++++++++++++++++++++++++++++---
 win32/mingw.c             |  2 +-
 4 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/configs/mingw32_defconfig b/configs/mingw32_defconfig
index 31f72a450..4918b2f4f 100644
--- a/configs/mingw32_defconfig
+++ b/configs/mingw32_defconfig
@@ -708,6 +708,8 @@ CONFIG_XXD=y
 CONFIG_REV=y
 # CONFIG_RTCWAKE is not set
 CONFIG_DROP=y
+CONFIG_CDROP=y
+CONFIG_PDROP=y
 # CONFIG_SCRIPT is not set
 # CONFIG_SCRIPTREPLAY is not set
 # CONFIG_SETARCH is not set
diff --git a/configs/mingw64_defconfig b/configs/mingw64_defconfig
index b5b02ba63..96e407644 100644
--- a/configs/mingw64_defconfig
+++ b/configs/mingw64_defconfig
@@ -708,6 +708,8 @@ CONFIG_XXD=y
 CONFIG_REV=y
 # CONFIG_RTCWAKE is not set
 CONFIG_DROP=y
+CONFIG_CDROP=y
+CONFIG_PDROP=y
 # CONFIG_SCRIPT is not set
 # CONFIG_SCRIPTREPLAY is not set
 # CONFIG_SETARCH is not set
diff --git a/miscutils/drop.c b/miscutils/drop.c
index 3e71f6180..f73125e1b 100644
--- a/miscutils/drop.c
+++ b/miscutils/drop.c
@@ -13,9 +13,27 @@
 //config:	help
 //config:	Run a command without elevated privileges
 
+//config:config CDROP
+//config:	bool "cdrop"
+//config:	default y
+//config:	depends on PLATFORM_MINGW32 && SH_IS_ASH
+//config:	help
+//config:	Run a command without elevated privileges using cmd.exe
+
+//config:config PDROP
+//config:	bool "pdrop"
+//config:	default y
+//config:	depends on PLATFORM_MINGW32 && SH_IS_ASH
+//config:	help
+//config:	Run a command without elevated privileges using PowerShell
+
 //applet:IF_DROP(APPLET(drop, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CDROP(APPLET_ODDNAME(cdrop, drop, BB_DIR_USR_BIN, BB_SUID_DROP, cdrop))
+//applet:IF_PDROP(APPLET_ODDNAME(pdrop, drop, BB_DIR_USR_BIN, BB_SUID_DROP, pdrop))
 
 //kbuild:lib-$(CONFIG_DROP) += drop.o
+//kbuild:lib-$(CONFIG_CDROP) += drop.o
+//kbuild:lib-$(CONFIG_PDROP) += drop.o
 
 //usage:#define drop_trivial_usage
 //usage:	"[COMMAND | -c [ARG...]]"
@@ -23,6 +41,18 @@
 //usage:	"Drop elevated privileges and run a command. If no COMMAND\n"
 //usage:	"is provided run the BusyBox shell.\n"
 
+//usage:#define cdrop_trivial_usage
+//usage:	"[COMMAND | /c [ARG...]]"
+//usage:#define cdrop_full_usage "\n\n"
+//usage:	"Drop elevated privileges and run a command. If no COMMAND\n"
+//usage:	"is provided run cmd.exe.\n"
+
+//usage:#define pdrop_trivial_usage
+//usage:	"[COMMAND | -c [ARG...]]"
+//usage:#define pdrop_full_usage "\n\n"
+//usage:	"Drop elevated privileges and run a command. If no COMMAND\n"
+//usage:	"is provided run PowerShell.\n"
+
 #include "libbb.h"
 #include <winsafer.h>
 #include <lazyload.h>
@@ -69,9 +99,24 @@ int drop_main(int argc, char **argv)
 						sizeof(TOKEN_MANDATORY_LABEL))) {
 			int skip = 1;
 
-			if (argc == 1 || strcmp(argv[1], "-c") == 0) {
-				exe = bb_busybox_exec_path;
-				cmd = xstrdup("sh");
+			if (argc == 1 || strcmp(argv[1], "-c") == 0
+						IF_CDROP(|| strcmp(argv[1], "/c") == 0)) {
+#if ENABLE_PDROP
+				if (*applet_name == 'p') {
+					exe = "C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe";
+					cmd = xstrdup("powershell");
+				} else
+#endif
+#if ENABLE_CDROP
+				if (*applet_name == 'c') {
+					exe = "C:/Windows/System32/cmd.exe";
+					cmd = xstrdup("cmd");
+				} else
+#endif
+				{
+					exe = bb_busybox_exec_path;
+					cmd = xstrdup("sh");
+				}
 				skip = 0;
 			} else {
 				char *file;
diff --git a/win32/mingw.c b/win32/mingw.c
index 1fdb8cad9..011bc5ffb 100644
--- a/win32/mingw.c
+++ b/win32/mingw.c
@@ -1136,7 +1136,7 @@ char *get_user_name(void)
 	return user_name;
 }
 
-#if ENABLE_DROP
+#if ENABLE_DROP || ENABLE_CDROP || ENABLE_PDROP
 /*
  * When runuser drops privileges TokenIsElevated still returns TRUE.
  * Use other means to determine if we're actually unprivileged.
-- 
cgit v1.2.3-55-g6feb