From 1162606a8d5f7be3a7af9526732fe8cb61f9c96b Mon Sep 17 00:00:00 2001
From: Jay Mundrawala <jdmundrawala@gmail.com>
Date: Mon, 1 Jun 2015 16:40:47 -0700
Subject: Allow creation of secure strings over remoting/services

The issue here is the user profile does not get loaded when
running over winrm / as a service. This user profile is needed
to use the DPAPI to encrypt the data for the current user.

Should fix #3246
---
 lib/chef/win32/crypto.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/chef/win32')

diff --git a/lib/chef/win32/crypto.rb b/lib/chef/win32/crypto.rb
index 79cf51b002..a047071b79 100644
--- a/lib/chef/win32/crypto.rb
+++ b/lib/chef/win32/crypto.rb
@@ -29,7 +29,7 @@ class Chef
 
       def self.encrypt(str, &block)
         data_blob = CRYPT_INTEGER_BLOB.new
-        unless CryptProtectData(CRYPT_INTEGER_BLOB.new(str.to_wstring), nil, nil, nil, nil, 0, data_blob)
+        unless CryptProtectData(CRYPT_INTEGER_BLOB.new(str.to_wstring), nil, nil, nil, nil, CRYPTPROTECT_LOCAL_MACHINE, data_blob)
           Chef::ReservedNames::Win32::Error.raise!
         end
         bytes = data_blob[:pbData].get_bytes(0, data_blob[:cbData])
-- 
cgit v1.2.1