From 20e2c6baf06a3d75a230c4cefb22969844ea7807 Mon Sep 17 00:00:00 2001
From: Oleksii Shevchuk <alxchk@gmail.com>
Date: Sun, 10 Nov 2019 09:17:35 +0200
Subject: [PATCH] ConPTY: handle passed impersonation token pair correctly

---
 pupy/packages/windows/all/conpty.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pupy/packages/windows/all/conpty.py b/pupy/packages/windows/all/conpty.py
index 4375e301..481add37 100644
--- a/pupy/packages/windows/all/conpty.py
+++ b/pupy/packages/windows/all/conpty.py
@@ -18,6 +18,7 @@ from pupwinutils.security import (
     ReadFile, WriteFile,
     start_proc_with_token, kernel32,
     StartupInfoAttribute, GetExitCodeProcess,
+    impersonate_token,
     PROC_THREAD_ATTRIBUTE_PSEUDOCONSOLE, S_OK,
     INVALID_HANDLE_VALUE, WAIT_OBJECT_0, WAIT_TIMEOUT,
     STILL_ACTIVE, INVALID_HANDLE
@@ -129,8 +130,13 @@ class ConPTY(object):
         self._lpInfo = None
         self._create_pty(pty_size)
 
+        if htoken:
+            caller_thread_htoken, requested_htoken = htoken
+            impersonate_token(caller_thread_htoken)
+            CloseHandle(caller_thread_htoken)
+
         self._lpInfo = start_proc_with_token(
-            cmdline, htoken,
+            cmdline, requested_htoken,
             lpInfo=True,
             # Important - will not work otherwise
             hidden=False,