Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
PUP 7.5.0
-
None
-
Night's Watch
-
1
-
NW - 2021-06-30
-
Needs Assessment
-
Bug Fix
-
Puppet no longer prints an unnecessary error message when resolving account names to SIDs on Windows
-
Needs Assessment
Description
Puppet on Windows shows the following errors when running with debugging:
C:\> puppet agent -t --debug
|
...
|
Debug: Processing report from xxx with processor Puppet::Reports::Store
|
Debug: Could not retrieve raw SID bytes from 'Administrator': Failed to convert string SID: Administrator: The security ID structure is invalid.
|
Debug: Could not retrieve raw SID bytes from 'Administrator': Failed to convert string SID: Administrator: The security ID structure is invalid.
|
This debugging was added in https://github.com/puppetlabs/puppet/commit/bea9ff75d5946dbb92c90ef068cf6c2d4cb0db85. However, the name_to_principal method is sometimes called with valid account names like Administrator, so the call to string_to_sid_ptr fails with (ERROR_INVALID_SID 0x539 and the debug message is printed.
I think it'd be better to check if name starts with something like S-\d+-\d+ or only log the error if e.code != 0x539. For example, if the SID string refers to an account that doesn't exist, you'll get 0x534 ERROR_NONE_MAPPED.