valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 00:55:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Verify username early in win_runas

Browse Source
This commit is contained in:
twangboy 2019-06-12 17:41:57 -06:00
parent ff7370ef86
commit 54be0a69b1
No known key found for this signature in database
GPG Key ID: 93FF3BDEB278C9EB
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
salt/utils/win_runas.py
View File

@ -67,6 +67,13 @@ def runas(cmdLine, username, password=None, cwd=None):
Commands are run in with the highest level privileges possible for the Commands are run in with the highest level privileges possible for the
account provided. account provided.
''' '''
# Validate the domain and sid exist for the username
username, domain = split_username(username)
try:
_, domain, _ = win32security.LookupAccountName(domain, username)
except pywintypes.error as exc:
message = win32api.FormatMessage(exc.winerror).rstrip('\n')
raise CommandExecutionError(message)
# Elevate the token from the current process # Elevate the token from the current process
access = ( access = (
@ -95,14 +102,6 @@ def runas(cmdLine, username, password=None, cwd=None):
log.debug("No impersonation token, using unprivileged runas") log.debug("No impersonation token, using unprivileged runas")
return runas_unpriv(cmdLine, username, password, cwd) return runas_unpriv(cmdLine, username, password, cwd)
username, domain = split_username(username)
# Validate the domain and sid exist for the username
try:
_, domain, _ = win32security.LookupAccountName(domain, username)
except pywintypes.error as exc:
message = win32api.FormatMessage(exc.winerror).rstrip('\n')
raise CommandExecutionError(message)
if domain == 'NT AUTHORITY': if domain == 'NT AUTHORITY':
# Logon as a system level account, SYSTEM, LOCAL SERVICE, or NETWORK # Logon as a system level account, SYSTEM, LOCAL SERVICE, or NETWORK
# SERVICE. # SERVICE.
@ -228,6 +227,14 @@ def runas_unpriv(cmd, username, password, cwd=None):
''' '''
Runas that works for non-priviledged users Runas that works for non-priviledged users
''' '''
# Validate the domain and sid exist for the username
username, domain = split_username(username)
try:
_, domain, _ = win32security.LookupAccountName(domain, username)
except pywintypes.error as exc:
message = win32api.FormatMessage(exc.winerror).rstrip('\n')
raise CommandExecutionError(message)
# Create a pipe to set as stdout in the child. The write handle needs to be # Create a pipe to set as stdout in the child. The write handle needs to be
# inheritable. # inheritable.
c2pread, c2pwrite = salt.platform.win.CreatePipe( c2pread, c2pwrite = salt.platform.win.CreatePipe(
@ -251,8 +258,6 @@ def runas_unpriv(cmd, username, password, cwd=None):
hStdError=errwrite, hStdError=errwrite,
) )
username, domain = split_username(username)
# Run command and return process info structure # Run command and return process info structure
process_info = salt.platform.win.CreateProcessWithLogonW( process_info = salt.platform.win.CreateProcessWithLogonW(
username=username, username=username,