From 334c93bbb9ee1b63ed41c0965a4f4e45b0aa9839 Mon Sep 17 00:00:00 2001 From: twangboy Date: Tue, 21 May 2019 12:00:40 -0600 Subject: [PATCH] Elevate token before creating symlink --- salt/modules/win_file.py | 16 +++++++++++++--- salt/platform/win.py | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/salt/modules/win_file.py b/salt/modules/win_file.py index 5eea2200fa..f9d2e06632 100644 --- a/salt/modules/win_file.py +++ b/salt/modules/win_file.py @@ -69,9 +69,10 @@ HAS_WINDOWS_MODULES = False try: if salt.utils.platform.is_windows(): import win32api - import win32file import win32con - from pywintypes import error as pywinerror + import win32file + import win32security + import salt.platform.win HAS_WINDOWS_MODULES = True except ImportError: HAS_WINDOWS_MODULES = False @@ -1147,10 +1148,19 @@ def symlink(src, link): is_dir = os.path.isdir(src) + # Elevate the token from the current process + desired_access = ( + win32security.TOKEN_QUERY | + win32security.TOKEN_ADJUST_PRIVILEGES + ) + th = win32security.OpenProcessToken(win32api.GetCurrentProcess(), + desired_access) + salt.platform.win.elevate_token(th) + try: win32file.CreateSymbolicLink(link, src, int(is_dir)) return True - except pywinerror as exc: + except win32file.error as exc: raise CommandExecutionError( 'Could not create \'{0}\' - [{1}] {2}'.format( link, diff --git a/salt/platform/win.py b/salt/platform/win.py index 1fe2903d6c..25a9bac095 100644 --- a/salt/platform/win.py +++ b/salt/platform/win.py @@ -1146,7 +1146,7 @@ def dup_token(th): def elevate_token(th): ''' - Set all token priviledges to enabled + Set all token privileges to enabled ''' # Get list of privileges this token contains privileges = win32security.GetTokenInformation(