From 527ce2fc2965422c8060239e677028d73187de54 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 5 Aug 2019 16:01:51 +0200
Subject: elevate: require builtin admins group and proper reg key

---
 elevate/shellexecute.go | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 'elevate/shellexecute.go')

diff --git a/elevate/shellexecute.go b/elevate/shellexecute.go
index d784a2ed..6e71e576 100644
--- a/elevate/shellexecute.go
+++ b/elevate/shellexecute.go
@@ -13,6 +13,8 @@ import (
 
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/registry"
+
+	"golang.zx2c4.com/wireguard/windows/services"
 )
 
 const (
@@ -77,8 +79,29 @@ func ShellExecute(program string, arguments string, directory string, show int32
 		err = windows.ERROR_SUCCESS
 		return
 	}
+	if !services.TokenIsMemberOfBuiltInAdministrator(processToken) {
+		err = windows.ERROR_ACCESS_DENIED
+		return
+	}
+	key, err := registry.OpenKey(registry.LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", registry.QUERY_VALUE)
+	if err != nil {
+		return
+	}
+	promptBehavior, _, err := key.GetIntegerValue("ConsentPromptBehaviorAdmin")
+	key.Close()
+	if err != nil {
+		return
+	}
+	if uint32(promptBehavior) == 0 {
+		err = windows.ERROR_SUCCESS
+		return
+	}
+	if uint32(promptBehavior) != 5 {
+		err = windows.ERROR_ACCESS_DENIED
+		return
+	}
 
-	key, err := registry.OpenKey(registry.LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UAC\\COMAutoApprovalList", registry.QUERY_VALUE)
+	key, err = registry.OpenKey(registry.LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\UAC\\COMAutoApprovalList", registry.QUERY_VALUE)
 	if err == nil {
 		var autoApproved uint64
 		autoApproved, _, err = key.GetIntegerValue("{3E5FC7F9-9A51-4367-9063-A120244FBEC7}")
-- 
cgit v1.2.3-59-g8ed1b