Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
PUP 6.14.0
-
None
-
Night's Watch
-
2
-
NW - 2021-03-03
-
42708,47445
-
2
-
Bug Fix
-
Retrieving the current user name SID on Windows was causing Puppet to fail in certain scenarios where the user was from a secondary domain controller. A fallback mechanism was implemented to use the fully qualified domain name for lookup.
-
Needs Assessment
Description
In some cases, looking up non fully qualified user names (just 'name' instead of 'DOMAIN name') on Windows does not work. In this case, Puppet Agent fails with Error: Failed to apply catalog: undefined method `bytesize' for nil:NilClass.
The issue was narrowed down to https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/windows/principal.rb#L47 which silently fails with Failed to get user name: No mapping between account names and security IDs was done.
Using https://docs.microsoft.com/en-us/windows/win32/api/secext/nf-secext-getusernameexw instead of https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getusernamew in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/windows/adsi.rb#L489 or https://github.com/puppetlabs/puppet/blob/6.x/lib/puppet/file_system/windows.rb#L130 with the correct format should sove the issue.