diff options
| author | Bryan McLellan <btm@loftninjas.org> | 2018-03-19 13:38:18 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-19 13:38:18 -0400 |
| commit | 7e11a4192df63ecc0166a947109878cc0070434a (patch) | |
| tree | 59399e55c3698f177aabff42415f47f8acf3594b | |
| parent | eefbd0168f02a3707f1403dc6311bb02d18e1e00 (diff) | |
| parent | baa3ba5c1ebb0276f009c9128f9b1a6b02f96777 (diff) | |
| download | chef-7e11a4192df63ecc0166a947109878cc0070434a.tar.gz | |
Merge pull request #6995 from chef/btm/fix-lsa-heap-corruption
Fix regression in #6980, add functional tests
| -rw-r--r-- | lib/chef/win32/security.rb | 2 | ||||
| -rw-r--r-- | spec/functional/win32/security_spec.rb | 36 |
2 files changed, 37 insertions, 1 deletions
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index f175511354..374d31e8a3 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -668,7 +668,7 @@ class Chef Token.new(Handle.new(token.read_pointer)) end - def test_and_raise_lsa_nt_status(result) + def self.test_and_raise_lsa_nt_status(result) win32_error = LsaNtStatusToWinError(result) if win32_error != 0 Chef::ReservedNames::Win32::Error.raise!(nil, win32_error) diff --git a/spec/functional/win32/security_spec.rb b/spec/functional/win32/security_spec.rb index 22c749b609..f88cde0204 100644 --- a/spec/functional/win32/security_spec.rb +++ b/spec/functional/win32/security_spec.rb @@ -52,6 +52,7 @@ describe "Chef::Win32::Security", :windows_only do delete_user.run_command delete_user.error! end + it "has_admin_privileges? returns false" do has_admin_privileges = with_user_context(user, password, domain, :local) do Chef::ReservedNames::Win32::Security.has_admin_privileges? @@ -149,4 +150,39 @@ describe "Chef::Win32::Security", :windows_only do end end end + + describe ".get_account_right" do + let(:username) { ENV["USERNAME"] } + + context "when given a valid username" do + it "returns an array of account right constants" do + Chef::ReservedNames::Win32::Security.add_account_right(username, "SeBatchLogonRight") + expect(Chef::ReservedNames::Win32::Security.get_account_right(username)).to include("SeBatchLogonRight") + end + + it "passes an FFI::Pointer to LsaFreeMemory" do + Chef::ReservedNames::Win32::Security.add_account_right(username, "SeBatchLogonRight") # otherwise we return an empty array before LsaFreeMemory + expect(Chef::ReservedNames::Win32::Security).to receive(:LsaFreeMemory).with(instance_of(FFI::Pointer)).and_return(0) # not FFI::MemoryPointer + Chef::ReservedNames::Win32::Security.get_account_right(username) + end + end + + context "when given an invalid username" do + let(:username) { "noooooooooope" } + + it "raises an exception" do + expect { Chef::ReservedNames::Win32::Security.get_account_right(username) }.to raise_error(Chef::Exceptions::Win32APIError) + end + end + end + + describe ".test_and_raise_lsa_nt_status" do + # NTSTATUS code: 0xC0000001 / STATUS_UNSUCCESSFUL + # Windows Error: ERROR_GEN_FAILURE / 31 / 0x1F / A device attached to the system is not functioning. + let(:status_unsuccessful) { 0xC0000001 } + + it "raises an exception with the Win Error if the win32 result is not 0" do + expect { Chef::ReservedNames::Win32::Security.test_and_raise_lsa_nt_status(status_unsuccessful) }.to raise_error(Chef::Exceptions::Win32APIError) + end + end end |