Elevate token before creating symlink

2024-11-07 08:58:59 +00:00 · 2019-05-21 12:00:40 -06:00 · 2019-05-21 12:00:40 -06:00 · 334c93bbb9
commit 334c93bbb9
parent 85e9b2f067
2 changed files with 14 additions and 4 deletions
--- a/salt/modules/win_file.py
+++ b/salt/modules/win_file.py
@ -69,9 +69,10 @@ HAS_WINDOWS_MODULES = False
 try:
    if salt.utils.platform.is_windows():
        import win32api
-        import win32file
        import win32con
-        from pywintypes import error as pywinerror
+        import win32file
+        import win32security
+        import salt.platform.win
        HAS_WINDOWS_MODULES = True
 except ImportError:
    HAS_WINDOWS_MODULES = False
@ -1147,10 +1148,19 @@ def symlink(src, link):

    is_dir = os.path.isdir(src)

+    # Elevate the token from the current process
+    desired_access = (
+        win32security.TOKEN_QUERY |
+        win32security.TOKEN_ADJUST_PRIVILEGES
+    )
+    th = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
+                                        desired_access)
+    salt.platform.win.elevate_token(th)
+
    try:
        win32file.CreateSymbolicLink(link, src, int(is_dir))
        return True
-    except pywinerror as exc:
+    except win32file.error as exc:
        raise CommandExecutionError(
            'Could not create \'{0}\' - [{1}] {2}'.format(
                link,
--- a/salt/platform/win.py
+++ b/salt/platform/win.py
@ -1146,7 +1146,7 @@ def dup_token(th):

 def elevate_token(th):
    '''
-    Set all token priviledges to enabled
+    Set all token privileges to enabled
    '''
    # Get list of privileges this token contains
    privileges = win32security.GetTokenInformation(