gh-114096: Restore privileges in _winapi.CreateJunction after creating the junction (GH-114089)

miss-islington · zooba · web-flow · commit 10f00294a083 · 2024-01-16T17:39:59.000Z
This avoids impact on later parts of the application which may be able to do things they otherwise shouldn't. (cherry picked from commit de4ced5) Co-authored-by: Steve Dower <steve.dower@python.org>
diff --git a/Misc/NEWS.d/next/Windows/2024-01-15-23-53-25.gh-issue-114096.G-Myja.rst b/Misc/NEWS.d/next/Windows/2024-01-15-23-53-25.gh-issue-114096.G-Myja.rst
@@ -0,0 +1,3 @@
+Process privileges that are activated for creating directory junctions are
+now restored afterwards, avoiding behaviour changes in other parts of the
+program.
diff --git a/Modules/_winapi.c b/Modules/_winapi.c
@@ -530,7 +530,12 @@ _winapi_CreateJunction_impl(PyObject *module, LPCWSTR src_path,
 {
     /* Privilege adjustment */
     HANDLE token = NULL;
-    TOKEN_PRIVILEGES tp;
+    struct {
+        TOKEN_PRIVILEGES base;
+        /* overallocate by a few array elements */
+        LUID_AND_ATTRIBUTES privs[4];
+    } tp, previousTp;
+    int previousTpSize = 0;
 
     /* Reparse data buffer */
     const USHORT prefix_len = 4;
@@ -554,17 +559,21 @@ _winapi_CreateJunction_impl(PyObject *module, LPCWSTR src_path,
 
     /* Adjust privileges to allow rewriting directory entry as a
        junction point. */
-    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
+    if (!OpenProcessToken(GetCurrentProcess(),
+                          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token)) {
         goto cleanup;
+    }
 
-    if (!LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &tp.Privileges[0].Luid))
+    if (!LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &tp.base.Privileges[0].Luid)) {
         goto cleanup;
+    }
 
-    tp.PrivilegeCount = 1;
-    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-    if (!AdjustTokenPrivileges(token, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
-                               NULL, NULL))
+    tp.base.PrivilegeCount = 1;
+    tp.base.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+    if (!AdjustTokenPrivileges(token, FALSE, &tp.base, sizeof(previousTp),
+                               &previousTp.base, &previousTpSize)) {
         goto cleanup;
+    }
 
     if (GetFileAttributesW(src_path) == INVALID_FILE_ATTRIBUTES)
         goto cleanup;
@@ -645,6 +654,11 @@ _winapi_CreateJunction_impl(PyObject *module, LPCWSTR src_path,
 cleanup:
     ret = GetLastError();
 
+    if (previousTpSize) {
+        AdjustTokenPrivileges(token, FALSE, &previousTp.base, previousTpSize,
+                              NULL, NULL);
+    }
+
     if (token != NULL)
         CloseHandle(token);
     if (junction != NULL)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Process privileges that are activated for creating directory junctions are`
	`2`	`+now restored afterwards, avoiding behaviour changes in other parts of the`
	`3`	`+program.`