Add changelog, fix some issues

twangboy · twangboy · commit 341bd60c3b3c · 2026-04-13T16:01:50.000-06:00
diff --git a/.gitignore b/.gitignore
@@ -57,6 +57,8 @@ htmlcov/
 /*.iml
 *.sublime-project
 *.sublime-workspace
+.cursor
+.cursorrules
 
 # ignore ctags file
 tags
diff --git a/changelog/68448.fixed.md b/changelog/68448.fixed.md
@@ -0,0 +1 @@
+Quote cmd.exe /c payloads on Windows so compound commands (e.g. cd ... & dir) work with runas
diff --git a/salt/platform/win.py b/salt/platform/win.py
@@ -1339,19 +1339,29 @@ def CreateProcessWithLogonW(
     return process_info
 
 
+def _cmd_exe_cswitch_quoted_argument(payload: str) -> str:
+    """
+    Wrap ``payload`` for use as the argument to ``cmd.exe``'s ``/c`` switch.
+
+    Doubles embedded double quotes per ``cmd.exe`` parsing rules so the entire
+    payload is one argument when passed through ``CreateProcess`` /
+    ``CreateProcessWithTokenW`` command lines (so ``&``, ``|``, etc. are not
+    parsed at the outer process level).
+    """
+    return '"' + payload.replace('"', '""') + '"'
+
+
 def prepend_cmd(win_shell, cmd):
     """
     Prep cmd when shell is cmd.exe. Always use a command string instead of a
     list to satisfy both CreateProcess and CreateProcessWithToken.
 
-    cmd must be double-quoted to ensure proper handling of space characters.
-    The first opening quote and the closing quote are stripped automatically by
-    the Win32 API.
+    The user payload is wrapped in double quotes after ``/c`` so compound
+    commands (e.g. ``cd /d ... & dir``) and paths with spaces behave correctly
+    under ``CreateProcessWithTokenW``.
     """
     if isinstance(cmd, (list, tuple)):
         args = subprocess.list2cmdline(cmd)
     else:
         args = cmd
-    new_cmd = f"{win_shell} /c {args}"
-
-    return new_cmd
+    return f"{win_shell} /c {_cmd_exe_cswitch_quoted_argument(args)}"
diff --git a/tests/pytests/functional/utils/test_win_runas.py b/tests/pytests/functional/utils/test_win_runas.py
@@ -2,6 +2,8 @@
 Test the win_runas util
 """
 
+import os
+import tempfile
 from random import randint
 
 import pytest
@@ -42,8 +44,8 @@ def int_user():
     "cmd, expected",
     [
         ("hostname && whoami", "username"),
-        ("hostname && echo foo", "foo"),
-        ("hostname && python --version", "Python"),
+        ("hostname & echo foo", "foo"),
+        ("hostname & python --version", "Python"),
     ],
 )
 def test_compound_runas(user, cmd, expected):
@@ -61,8 +63,8 @@ def test_compound_runas(user, cmd, expected):
     "cmd, expected",
     [
         ("hostname && whoami", "username"),
-        ("hostname && echo foo", "foo"),
-        ("hostname && python --version", "Python"),
+        ("hostname & echo foo", "foo"),
+        ("hostname & python --version", "Python"),
     ],
 )
 def test_compound_runas_unpriv(user, cmd, expected):
@@ -76,6 +78,44 @@ def test_compound_runas_unpriv(user, cmd, expected):
     assert expected in result["stdout"]
 
 
+def test_runas_cd_ampersand_dir(user):
+    """
+    ``cd /d ... & dir`` must run both parts in the same cmd /c line under runas
+    (regression for CreateProcessWithTokenW command-line parsing).
+    """
+    with tempfile.TemporaryDirectory() as tmpdir:
+        marker = "salt_runas_cd_dir_marker.txt"
+        marker_path = os.path.join(tmpdir, marker)
+        with open(marker_path, "w", encoding="utf-8") as f:
+            f.write("x")
+        inner = f'cd /d "{tmpdir}" & dir /b'
+        result = win_runas.runas(
+            cmd=salt.platform.win.prepend_cmd("cmd", inner),
+            username=user.username,
+            password=user.password,
+        )
+        assert result["retcode"] == 0, result
+        lines = [line.strip() for line in result["stdout"].splitlines() if line.strip()]
+        assert marker in lines, (result["stdout"], lines)
+
+
+def test_runas_unpriv_cd_ampersand_dir(user):
+    with tempfile.TemporaryDirectory() as tmpdir:
+        marker = "salt_runas_cd_dir_marker_unpriv.txt"
+        marker_path = os.path.join(tmpdir, marker)
+        with open(marker_path, "w", encoding="utf-8") as f:
+            f.write("x")
+        inner = f'cd /d "{tmpdir}" & dir /b'
+        result = win_runas.runas_unpriv(
+            cmd=salt.platform.win.prepend_cmd("cmd", inner),
+            username=user.username,
+            password=user.password,
+        )
+        assert result["retcode"] == 0, result
+        lines = [line.strip() for line in result["stdout"].splitlines() if line.strip()]
+        assert marker in lines, (result["stdout"], lines)
+
+
 def test_runas_str_user(user):
     result = win_runas.runas(
         cmd="whoami", username=user.username, password=user.password
diff --git a/tests/pytests/unit/platform/test_win.py b/tests/pytests/unit/platform/test_win.py
@@ -14,32 +14,33 @@
 @pytest.mark.parametrize(
     "command, expected",
     [
-        ("whoami", "cmd.exe /c whoami"),
-        ("cmd /c hostname", "cmd.exe /c cmd /c hostname"),
-        ("echo foo", "cmd.exe /c echo foo"),
-        ('cmd /c "echo foo"', 'cmd.exe /c cmd /c "echo foo"'),
-        ("icacls 'C:\\Program Files'", "cmd.exe /c icacls 'C:\\Program Files'"),
+        ("whoami", 'cmd.exe /c "whoami"'),
+        ("cmd /c hostname", 'cmd.exe /c "cmd /c hostname"'),
+        ("echo foo", 'cmd.exe /c "echo foo"'),
+        ('cmd /c "echo foo"', 'cmd.exe /c "cmd /c ""echo foo"""'),
+        ("icacls 'C:\\Program Files'", 'cmd.exe /c "icacls \'C:\\Program Files\'"'),
         (
             "icacls 'C:\\Program Files' && echo 1",
-            "cmd.exe /c icacls 'C:\\Program Files' && echo 1",
+            'cmd.exe /c "icacls \'C:\\Program Files\' && echo 1"',
         ),
         (
             ["secedit", "/export", "/cfg", "C:\\A Path\\with\\a\\space"],
-            'cmd.exe /c secedit /export /cfg "C:\\A Path\\with\\a\\space"',
+            'cmd.exe /c "secedit /export /cfg ""C:\\A Path\\with\\a\\space"""',
         ),
         (
             ["C:\\a space\\a space.bat", "foo foo", "bar bar"],
-            'cmd.exe /c "C:\\a space\\a space.bat" "foo foo" "bar bar"',
+            'cmd.exe /c """C:\\a space\\a space.bat"" ""foo foo"" ""bar bar"""',
         ),
         (
             '''echo "&<>[]|{}^=;!'+,`~ "''',
-            '''cmd.exe /c echo "&<>[]|{}^=;!'+,`~ "''',
+            'cmd.exe /c "echo ""&<>[]|{}^=;!\'+,`~ """',
         ),
     ],
 )
 def test_prepend_cmd(command, expected):
     """
-    Test that the command is prepended with "cmd /c" and quoted
+    Test that the command is prepended with ``cmd /c`` and the payload is quoted
+    for ``CreateProcess`` command-line parsing.
     """
     win_shell = "cmd.exe"
     result = win.prepend_cmd(win_shell, command)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Quote cmd.exe /c payloads on Windows so compound commands (e.g. cd ... & dir) work with runas`