Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-114096: Restore privileges in _winapi.CreateJunction after creating the junction (GH-114089) 

This avoids impact on later parts of the application which may be able to do things they otherwise shouldn't.
This commit is contained in:
Steve Dower 2024-01-16 16:40:02 +00:00 committed by GitHub
parent 31a2543c80
commit de4ced54eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Misc/NEWS.d/next/Windows/2024-01-15-23-53-25.gh-issue-114096.G-Myja.rst Normal file
View File

@ -0,0 +1,3 @@
Process privileges that are activated for creating directory junctions are
now restored afterwards, avoiding behaviour changes in other parts of the
program.

28
Modules/_winapi.c
View File

@ -532,7 +532,12 @@ _winapi_CreateJunction_impl(PyObject *module, LPCWSTR src_path,
{ {
/* Privilege adjustment */ /* Privilege adjustment */
HANDLE token = NULL; HANDLE token = NULL;
TOKEN_PRIVILEGES tp; struct {
TOKEN_PRIVILEGES base;
/* overallocate by a few array elements */
LUID_AND_ATTRIBUTES privs[4];
} tp, previousTp;
int previousTpSize = 0;
/* Reparse data buffer */ /* Reparse data buffer */
const USHORT prefix_len = 4; const USHORT prefix_len = 4;
@ -556,17 +561,21 @@ _winapi_CreateJunction_impl(PyObject *module, LPCWSTR src_path,
/* Adjust privileges to allow rewriting directory entry as a /* Adjust privileges to allow rewriting directory entry as a
junction point. */ junction point. */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)) if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token)) {
goto cleanup; goto cleanup;
}
if (!LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &tp.Privileges[0].Luid)) if (!LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &tp.base.Privileges[0].Luid)) {
goto cleanup; goto cleanup;
}
tp.PrivilegeCount = 1; tp.base.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; tp.base.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(token, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), if (!AdjustTokenPrivileges(token, FALSE, &tp.base, sizeof(previousTp),
NULL, NULL)) &previousTp.base, &previousTpSize)) {
goto cleanup; goto cleanup;
}
if (GetFileAttributesW(src_path) == INVALID_FILE_ATTRIBUTES) if (GetFileAttributesW(src_path) == INVALID_FILE_ATTRIBUTES)
goto cleanup; goto cleanup;
@ -647,6 +656,11 @@ _winapi_CreateJunction_impl(PyObject *module, LPCWSTR src_path,
cleanup: cleanup:
ret = GetLastError(); ret = GetLastError();
if (previousTpSize) {
AdjustTokenPrivileges(token, FALSE, &previousTp.base, previousTpSize,
NULL, NULL);
}
if (token != NULL) if (token != NULL)
CloseHandle(token); CloseHandle(token);
if (junction != NULL) if (junction != NULL)