From e3dbe294f28fb48e3850d049f8da404ae7bfc3f4 Mon Sep 17 00:00:00 2001 From: Lea Anthony Date: Thu, 12 Jun 2025 22:03:07 +1000 Subject: [PATCH] fix: Add Windows UAC execution level support to manifest template MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #4349: Windows admin permissions not persisting between machines This change adds configurable UAC (User Account Control) execution level support to the Windows manifest template, allowing developers to specify admin requirements that persist when executables are distributed. ## Changes Made ### Enhanced Windows Manifest Template - Added conditional UAC `trustInfo` section to manifest template - Uses template variable `{{.ExecutionLevel}}` for dynamic configuration - Backward compatible: no UAC section when execution level not specified ### Project Configuration Support - Added `WindowsInfo` struct to project configuration - Added `executionLevel` field for specifying UAC requirements - Integrated execution level into template data processing ### Template Data Enhancement - Extended `assetData` struct to include execution level - Updated template resolution to extract Windows-specific configuration - Maintained backward compatibility with existing projects ### Documentation Updates - Added comprehensive Windows UAC guide with examples - Updated project configuration reference with Windows options - Included usage examples and supported execution levels ## Usage Developers can now specify execution level in wails.json: ```json { "info": { "windows": { "executionLevel": "requireAdministrator" } } } ``` Supported values: - `requireAdministrator`: Requires admin privileges - `asInvoker`: Runs with invoker's privileges - `highestAvailable`: Runs with highest available privileges ## Testing Verified that: - UAC trustInfo section is properly embedded in Windows executables - Admin privileges persist when executables are copied between machines - Backward compatibility maintained for existing projects - Template processing works correctly during build 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .gitignore | 3 + v2/internal/project/project.go | 5 ++ .../build/windows/wails.exe.manifest | 9 +++ v2/pkg/buildassets/buildassets.go | 8 +++ website/docs/guides/windows.mdx | 56 +++++++++++++++++++ website/docs/reference/project-config.mdx | 7 ++- 6 files changed, 87 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index e7888b44a..24809971e 100644 --- a/.gitignore +++ b/.gitignore @@ -38,4 +38,7 @@ v2/cmd/wails/internal/commands/initialise/templates/testtemplates/ /v3/examples/plugins/bin/testapp # Temporary called mkdocs, should be renamed to more standard -website or similar +/docs/site +.aider* +/.claude/ /mkdocs-website/site diff --git a/v2/internal/project/project.go b/v2/internal/project/project.go index a1de1b943..08fc545cc 100644 --- a/v2/internal/project/project.go +++ b/v2/internal/project/project.go @@ -221,6 +221,11 @@ type Info struct { Comments *string `json:"comments"` FileAssociations []FileAssociation `json:"fileAssociations"` Protocols []Protocol `json:"protocols"` + Windows *WindowsInfo `json:"windows,omitempty"` +} + +type WindowsInfo struct { + ExecutionLevel string `json:"executionLevel,omitempty"` } type FileAssociation struct { diff --git a/v2/pkg/buildassets/build/windows/wails.exe.manifest b/v2/pkg/buildassets/build/windows/wails.exe.manifest index 17e1a2387..61785730d 100644 --- a/v2/pkg/buildassets/build/windows/wails.exe.manifest +++ b/v2/pkg/buildassets/build/windows/wails.exe.manifest @@ -12,4 +12,13 @@ permonitorv2,permonitor + {{- if .ExecutionLevel}} + + + + + + + + {{- end}} \ No newline at end of file diff --git a/v2/pkg/buildassets/buildassets.go b/v2/pkg/buildassets/buildassets.go index 6934b98bd..16ca70d73 100644 --- a/v2/pkg/buildassets/buildassets.go +++ b/v2/pkg/buildassets/buildassets.go @@ -105,6 +105,7 @@ type assetData struct { Name string Info project.Info OutputFilename string + ExecutionLevel string } func resolveProjectData(content []byte, projectData *project.Project) ([]byte, error) { @@ -113,10 +114,17 @@ func resolveProjectData(content []byte, projectData *project.Project) ([]byte, e return nil, err } + // Extract Windows execution level if specified + executionLevel := "" + if projectData.Info.Windows != nil && projectData.Info.Windows.ExecutionLevel != "" { + executionLevel = projectData.Info.Windows.ExecutionLevel + } + data := &assetData{ Name: projectData.Name, Info: projectData.Info, OutputFilename: projectData.OutputFilename, + ExecutionLevel: executionLevel, } var out bytes.Buffer diff --git a/website/docs/guides/windows.mdx b/website/docs/guides/windows.mdx index 56c05ccbb..5356c1f41 100644 --- a/website/docs/guides/windows.mdx +++ b/website/docs/guides/windows.mdx @@ -75,3 +75,59 @@ cmd.Start() Solution provided by [sithembiso](https://github.com/sithembiso) on the [discussions board](https://github.com/wailsapp/wails/discussions/1734#discussioncomment-3386172). + +## UAC Execution Level + +Windows applications can request specific User Account Control (UAC) execution levels through the application manifest. Wails supports configuring UAC execution levels that will persist when your application is distributed to other machines. + +### Configuring Execution Level + +You can configure the UAC execution level in your `wails.json` project configuration: + +```json +{ + "info": { + "companyName": "My Company", + "productName": "My App", + "productVersion": "1.0.0", + "windows": { + "executionLevel": "requireAdministrator" + } + } +} +``` + +### Supported Execution Levels + +| Level | Description | +|-------|-------------| +| `requireAdministrator` | The application requires administrator privileges and will prompt for elevation | +| `highestAvailable` | The application runs with the highest privileges available to the user | +| `asInvoker` | The application runs with the same privileges as the calling process (default behavior) | + +### Example: Admin-Required Application + +For applications that need administrator privileges (e.g., system utilities, installers): + +```json +{ + "name": "SystemTool", + "info": { + "companyName": "My Company", + "productName": "System Administration Tool", + "productVersion": "1.0.0", + "windows": { + "executionLevel": "requireAdministrator" + } + } +} +``` + +When built, this application will: +- Display a UAC prompt when launched on Windows +- Request administrator privileges before starting +- Persist this behavior when copied to other machines + +### Backward Compatibility + +If no `executionLevel` is specified, no UAC requirements are added to the manifest, maintaining the default Windows behavior where applications run with the same privileges as the launching process. diff --git a/website/docs/reference/project-config.mdx b/website/docs/reference/project-config.mdx index 3a6f09495..5c13505d6 100644 --- a/website/docs/reference/project-config.mdx +++ b/website/docs/reference/project-config.mdx @@ -99,7 +99,12 @@ The project config resides in the `wails.json` file in the project directory. Th // macOS-only. The app’s role with respect to the type. Corresponds to CFBundleTypeRole. "role": "Editor" } - ] + ], + // Windows-specific configuration + "windows": { + // UAC execution level for Windows applications. Valid values: "requireAdministrator", "highestAvailable", "asInvoker" + "executionLevel": "" + } }, // 'multiple': One installer per architecture. 'single': Single universal installer for all architectures being built. Default: 'multiple' "nsisType": "",