diff options
| author | Bryan McLellan <btm@loftninjas.org> | 2018-03-28 18:15:46 -0400 |
|---|---|---|
| committer | Bryan McLellan <btm@loftninjas.org> | 2018-03-29 15:36:12 -0400 |
| commit | 0698ccebd1f40a2ad21230813cbafb0330b0d107 (patch) | |
| tree | 379d0c2b00706219cdcf2e5bc388a094c26ead7b /spec/unit/provider/service | |
| parent | 2151d6d435f6169ca41dc1f96324a3585ff22e06 (diff) | |
| download | chef-0698ccebd1f40a2ad21230813cbafb0330b0d107.tar.gz | |
Avoid lookups for rights of 'LocalSystem' in windows service
LocalSystem is a special account for the service subsystem, and the security
subsystem doesn't know about it. It inherits rights from BUILTIN\Administrators
so we don't need to check it for SeServiceLogonRight. Even if we look up System
it wouldn't show up as it gets that right from hidden membership in
BUILTIN\Administrators.
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
Diffstat (limited to 'spec/unit/provider/service')
| -rw-r--r-- | spec/unit/provider/service/windows_spec.rb | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/spec/unit/provider/service/windows_spec.rb b/spec/unit/provider/service/windows_spec.rb index 7cfc645b32..24c3e07f39 100644 --- a/spec/unit/provider/service/windows_spec.rb +++ b/spec/unit/provider/service/windows_spec.rb @@ -85,6 +85,7 @@ describe Chef::Provider::Service::Windows, "load_current_resource", :windows_onl prvdr.current_resource = Chef::Resource::WindowsService.new("current-chef") prvdr end + let(:service_right) { Chef::Provider::Service::Windows::SERVICE_RIGHT } before(:all) do @@ -564,19 +565,11 @@ describe Chef::Provider::Service::Windows, "load_current_resource", :windows_onl end describe "running as a different account" do - let(:old_run_as_user) { new_resource.run_as_user } - let(:old_run_as_password) { new_resource.run_as_password } - before do new_resource.run_as_user(".\\wallace") new_resource.run_as_password("Wensleydale") end - after do - new_resource.run_as_user(old_run_as_user) - new_resource.run_as_password(old_run_as_password) - end - it "calls #grant_service_logon if the :run_as_user and :run_as_password attributes are present" do expect(Win32::Service).to receive(:start) expect(provider).to receive(:grant_service_logon).and_return(true) @@ -589,6 +582,14 @@ describe Chef::Provider::Service::Windows, "load_current_resource", :windows_onl expect(Chef::ReservedNames::Win32::Security).not_to receive(:add_account_right).with("wallace", service_right) provider.start_service end + + it "skips the rights check for LocalSystem" do + new_resource.run_as_user("LocalSystem") + expect(Win32::Service).to receive(:start) + expect(Chef::ReservedNames::Win32::Security).not_to receive(:get_account_right) + expect(Chef::ReservedNames::Win32::Security).not_to receive(:add_account_right) + provider.start_service + end end end |