win become - fix token elevation issues

This is an implementation of https://github.com/ansible/ansible/pull/48082/commits/8bffcf8e50e6493c332bfcaec9e1abe61b92a416 that was done in the PR https://github.com/ansible/ansible/pull/48082 to devel. The changes have been manually brought across to the the stable-2.7 branch as it cannot be cleanly cherry picked due to the substantial differences in become between these versions. Currently we impersonate the `SYSTEM` token in order to elevate our become process with the highest privileges it has available but there are some edge cases where the first `SYSTEM` token we come across doesn't have the `SeTcbPrivilege` which is required for the above. This PR adds a further check in the search for a `SYSTEM` token to make sure it has the `SeTcbPrivilege` before continuing.
author: Jordan Borean <jborean93@gmail.com> 2019-02-12 11:12:39 +1000
committer: Toshio Kuratomi <a.badger@gmail.com> 2019-02-11 18:21:23 -0800
commit: cc5088c9e197996f95d2b7cc04cd767157d76ded (patch)
tree: 88c5700c2f15d8ba175f296c5b4581431cfefc76 /changelogs/fragments/win-become-elevation.yaml
parent: 7f33c7def5c3cf308b02435270cec6e52560b6a9 (diff)
download: ansible-cc5088c9e197996f95d2b7cc04cd767157d76ded.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/changelogs/fragments/win-become-elevation.yaml b/changelogs/fragments/win-become-elevation.yaml
new file mode 100644
index 0000000000..4c5d10f778
--- /dev/null
+++ b/changelogs/fragments/win-become-elevation.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+- win become - Fix some scenarios where become failed to create an elevated process
author	Jordan Borean <jborean93@gmail.com>	2019-02-12 11:12:39 +1000
committer	Toshio Kuratomi <a.badger@gmail.com>	2019-02-11 18:21:23 -0800
commit	cc5088c9e197996f95d2b7cc04cd767157d76ded (patch)
tree	88c5700c2f15d8ba175f296c5b4581431cfefc76 /changelogs/fragments/win-become-elevation.yaml
parent	7f33c7def5c3cf308b02435270cec6e52560b6a9 (diff)
download	ansible-cc5088c9e197996f95d2b7cc04cd767157d76ded.tar.gz