diff options
| author | Bryan McLellan <btm@loftninjas.org> | 2018-03-16 15:41:50 -0400 |
|---|---|---|
| committer | Bryan McLellan <btm@loftninjas.org> | 2018-03-16 16:23:51 -0400 |
| commit | 06b5ec33aaab969bec12f26b80ba8487b44c0e6e (patch) | |
| tree | ab8a418ad754e52d698a3685c14d728d3521fa11 | |
| parent | 7ed08da937734d168fbe4742f3617ab90b614da4 (diff) | |
| download | chef-btm/fix-lsa-heap-corruption.tar.gz | |
Fix regression in #6980, add functional testsbtm/fix-lsa-heap-corruption
The logging refactor in #6980 should have been a class variable. This fixes that.
Also adds functional tests that would catch that and the original #6980 bug.
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
| -rw-r--r-- | lib/chef/win32/security.rb | 2 | ||||
| -rw-r--r-- | spec/functional/win32/security_spec.rb | 34 |
2 files changed, 35 insertions, 1 deletions
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index f175511354..374d31e8a3 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -668,7 +668,7 @@ class Chef Token.new(Handle.new(token.read_pointer)) end - def test_and_raise_lsa_nt_status(result) + def self.test_and_raise_lsa_nt_status(result) win32_error = LsaNtStatusToWinError(result) if win32_error != 0 Chef::ReservedNames::Win32::Error.raise!(nil, win32_error) diff --git a/spec/functional/win32/security_spec.rb b/spec/functional/win32/security_spec.rb index 22c749b609..7ea2370cf8 100644 --- a/spec/functional/win32/security_spec.rb +++ b/spec/functional/win32/security_spec.rb @@ -52,6 +52,7 @@ describe "Chef::Win32::Security", :windows_only do delete_user.run_command delete_user.error! end + it "has_admin_privileges? returns false" do has_admin_privileges = with_user_context(user, password, domain, :local) do Chef::ReservedNames::Win32::Security.has_admin_privileges? @@ -149,4 +150,37 @@ describe "Chef::Win32::Security", :windows_only do end end end + + describe ".get_account_right" do + context "when given a valid username" do + let(:username) { ENV["USERNAME"] } + + it "returns an array of account right constants" do + expect(Chef::ReservedNames::Win32::Security.get_account_right(username)).to be_an(Array) + end + + it "passes an FFI::Pointer to LsaFreeMemory" do + expect(Chef::ReservedNames::Win32::Security).to receive(:LsaFreeMemory).with(instance_of(FFI::Pointer)).and_return(0) # not FFI::MemoryPointer + Chef::ReservedNames::Win32::Security.get_account_right(username) + end + end + + context "when given an invalid username" do + let(:username) { "noooooooooope" } + + it "raises an exception" do + expect { Chef::ReservedNames::Win32::Security.get_account_right(username) }.to raise_error(Chef::Exceptions::Win32APIError) + end + end + end + + describe ".test_and_raise_lsa_nt_status" do + # NTSTATUS code: 0xC0000001 / STATUS_UNSUCCESSFUL + # Windows Error: ERROR_GEN_FAILURE / 31 / 0x1F / A device attached to the system is not functioning. + let(:status_unsuccessful) { 0xC0000001 } + + it "raises an exception with the Win Error if the win32 result is not 0" do + expect { Chef::ReservedNames::Win32::Security.test_and_raise_lsa_nt_status(status_unsuccessful) }.to raise_error(Chef::Exceptions::Win32APIError) + end + end end |