diff options
| author | Tim Smith <tsmith@chef.io> | 2018-03-19 15:30:33 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-19 15:30:33 -0700 |
| commit | c94d5f060be63ea0e1a77fb301aba66a2b78fdec (patch) | |
| tree | 14c2d0941c0d908a4922188b9914f2ea94e92c3a | |
| parent | 71caa3a65668132ea0e2c9e142529df89de211f8 (diff) | |
| parent | c91ec119e8c818af72624a52ffa8b450c9af6207 (diff) | |
| download | chef-c94d5f060be63ea0e1a77fb301aba66a2b78fdec.tar.gz | |
Merge pull request #7010 from chef/btm/13-fix-lsa-heap-corruption
Fix regression in #6980, add functional tests
| -rw-r--r-- | lib/chef/win32/security.rb | 2 | ||||
| -rw-r--r-- | spec/functional/win32/security_spec.rb | 35 |
2 files changed, 36 insertions, 1 deletions
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index a58fa48399..feefdfc19a 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -646,7 +646,7 @@ class Chef Token.new(Handle.new(token.read_pointer)) end - def test_and_raise_lsa_nt_status(result) + def self.test_and_raise_lsa_nt_status(result) win32_error = LsaNtStatusToWinError(result) if win32_error != 0 Chef::ReservedNames::Win32::Error.raise!(nil, win32_error) diff --git a/spec/functional/win32/security_spec.rb b/spec/functional/win32/security_spec.rb index 40ae99bfa4..bd30bf805f 100644 --- a/spec/functional/win32/security_spec.rb +++ b/spec/functional/win32/security_spec.rb @@ -97,4 +97,39 @@ describe "Chef::Win32::Security", :windows_only do end end end + + describe ".get_account_right" do + let(:username) { ENV["USERNAME"] } + + context "when given a valid username" do + it "returns an array of account right constants" do + Chef::ReservedNames::Win32::Security.add_account_right(username, "SeBatchLogonRight") + expect(Chef::ReservedNames::Win32::Security.get_account_right(username)).to include("SeBatchLogonRight") + end + + it "passes an FFI::Pointer to LsaFreeMemory" do + Chef::ReservedNames::Win32::Security.add_account_right(username, "SeBatchLogonRight") # otherwise we return an empty array before LsaFreeMemory + expect(Chef::ReservedNames::Win32::Security).to receive(:LsaFreeMemory).with(instance_of(FFI::Pointer)).and_return(0) # not FFI::MemoryPointer + Chef::ReservedNames::Win32::Security.get_account_right(username) + end + end + + context "when given an invalid username" do + let(:username) { "noooooooooope" } + + it "raises an exception" do + expect { Chef::ReservedNames::Win32::Security.get_account_right(username) }.to raise_error(Chef::Exceptions::Win32APIError) + end + end + end + + describe ".test_and_raise_lsa_nt_status" do + # NTSTATUS code: 0xC0000001 / STATUS_UNSUCCESSFUL + # Windows Error: ERROR_GEN_FAILURE / 31 / 0x1F / A device attached to the system is not functioning. + let(:status_unsuccessful) { 0xC0000001 } + + it "raises an exception with the Win Error if the win32 result is not 0" do + expect { Chef::ReservedNames::Win32::Security.test_and_raise_lsa_nt_status(status_unsuccessful) }.to raise_error(Chef::Exceptions::Win32APIError) + end + end end |