diff options
| author | Tim Smith <tsmith@chef.io> | 2018-03-29 14:02:51 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-29 14:02:51 -0700 |
| commit | 5522c964dbb7d2e06be74f4aaf6b26dd126f4875 (patch) | |
| tree | 27c6fe9edaa7682858f555a5753aafad7b59aa8c | |
| parent | 781ae80b17883382d35bf0acd374aec766f37f9c (diff) | |
| parent | 0698ccebd1f40a2ad21230813cbafb0330b0d107 (diff) | |
| download | chef-5522c964dbb7d2e06be74f4aaf6b26dd126f4875.tar.gz | |
Merge pull request #7083 from chef/btm/fix-windows-service
Avoid lookups for rights of 'LocalSystem' in windows service
| -rw-r--r-- | lib/chef/provider/service/windows.rb | 3 | ||||
| -rw-r--r-- | spec/unit/provider/service/windows_spec.rb | 17 |
2 files changed, 11 insertions, 9 deletions
diff --git a/lib/chef/provider/service/windows.rb b/lib/chef/provider/service/windows.rb index cba626145a..417ec03ef4 100644 --- a/lib/chef/provider/service/windows.rb +++ b/lib/chef/provider/service/windows.rb @@ -93,7 +93,8 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service Win32::Service.configure(new_config) logger.info "#{@new_resource} configured with #{new_config.inspect}" - if new_config.has_key?(:service_start_name) + # LocalSystem is the default runas user, which is a special service account that should ultimately have the rights of BUILTIN\Administrators, but we wouldn't see that from get_account_right + if new_config.has_key?(:service_start_name) && new_config[:service_start_name].casecmp("localsystem") != 0 unless Chef::ReservedNames::Win32::Security.get_account_right(canonicalize_username(new_config[:service_start_name])).include?(SERVICE_RIGHT) grant_service_logon(new_config[:service_start_name]) end diff --git a/spec/unit/provider/service/windows_spec.rb b/spec/unit/provider/service/windows_spec.rb index 7cfc645b32..24c3e07f39 100644 --- a/spec/unit/provider/service/windows_spec.rb +++ b/spec/unit/provider/service/windows_spec.rb @@ -85,6 +85,7 @@ describe Chef::Provider::Service::Windows, "load_current_resource", :windows_onl prvdr.current_resource = Chef::Resource::WindowsService.new("current-chef") prvdr end + let(:service_right) { Chef::Provider::Service::Windows::SERVICE_RIGHT } before(:all) do @@ -564,19 +565,11 @@ describe Chef::Provider::Service::Windows, "load_current_resource", :windows_onl end describe "running as a different account" do - let(:old_run_as_user) { new_resource.run_as_user } - let(:old_run_as_password) { new_resource.run_as_password } - before do new_resource.run_as_user(".\\wallace") new_resource.run_as_password("Wensleydale") end - after do - new_resource.run_as_user(old_run_as_user) - new_resource.run_as_password(old_run_as_password) - end - it "calls #grant_service_logon if the :run_as_user and :run_as_password attributes are present" do expect(Win32::Service).to receive(:start) expect(provider).to receive(:grant_service_logon).and_return(true) @@ -589,6 +582,14 @@ describe Chef::Provider::Service::Windows, "load_current_resource", :windows_onl expect(Chef::ReservedNames::Win32::Security).not_to receive(:add_account_right).with("wallace", service_right) provider.start_service end + + it "skips the rights check for LocalSystem" do + new_resource.run_as_user("LocalSystem") + expect(Win32::Service).to receive(:start) + expect(Chef::ReservedNames::Win32::Security).not_to receive(:get_account_right) + expect(Chef::ReservedNames::Win32::Security).not_to receive(:add_account_right) + provider.start_service + end end end |