Fix runas become SYSTEM logic (#84280)

Fixes the logic when attempting to become the SYSTEM user using the runas plugin. It was incorrectly assumed that calling LogonUser with the SYSTEM username would produce a new token with all the privileges but instead it creates a copy of the existing token. This reverts the logic back to the original process and adds in new logic to avoid any tokens that are restricted from creating new processes.
author: Jordan Borean <jborean93@gmail.com> 2024-11-12 00:16:22 +0100
committer: GitHub <noreply@github.com> 2024-11-12 00:16:22 +0100
commit: 3befdd3d151e66a7b17cbe49e31d158903191a76 (patch)
tree: c8a00cafd1d216f7480986431997eded3df5f13d /changelogs/fragments
parent: ansible-test - align 2025 connection defaults to CI matrix (#84291) (diff)
download: ansible-3befdd3d151e66a7b17cbe49e31d158903191a76.tar.xz
ansible-3befdd3d151e66a7b17cbe49e31d158903191a76.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/changelogs/fragments/become-runas-system-deux.yml b/changelogs/fragments/become-runas-system-deux.yml
new file mode 100644
index 0000000000..e8b17f92a4
--- /dev/null
+++ b/changelogs/fragments/become-runas-system-deux.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - >-
+    runas become - Fix up become logic to still get the SYSTEM token with the most privileges when running as SYSTEM.
author	Jordan Borean <jborean93@gmail.com>	2024-11-12 00:16:22 +0100
committer	GitHub <noreply@github.com>	2024-11-12 00:16:22 +0100
commit	3befdd3d151e66a7b17cbe49e31d158903191a76 (patch)
tree	c8a00cafd1d216f7480986431997eded3df5f13d /changelogs/fragments
parent	ansible-test - align 2025 connection defaults to CI matrix (#84291) (diff)
download	ansible-3befdd3d151e66a7b17cbe49e31d158903191a76.tar.xz ansible-3befdd3d151e66a7b17cbe49e31d158903191a76.zip