Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1991

Usernames > 13 characters may not resolve properly from their SID on Windows

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 3.4.3
    • Fix Version/s: PUP 3.5.1
    • Component/s: None
    • Labels:
      None
    • Template:
    • Story Points:
      1
    • Sprint:
      Week 2014-4-09 to 2014-4-16

      Description

      Due to a bug in an old version of the win32-security gem that we use (0.1.4), an issue cropped up on a customer site when managing groups. For that particular issue, some domain users were being added to a group managed by Puppet, and because the names were greater than 13 characters, an exception was being thrown because the buffer allocated for LookupAccountSid was set to 28 bytes (13 wide characters + a double NULL terminator).

      https://github.com/djberg96/win32-security/blob/win32-security-0.1.4/lib/win32/security/sid.rb#L233-L234

      Some additional investigative work needs to be done on this particular issue to see if the buffer size should be increased beyond the 80 suggested in the PR. I believe in modern versions of Windows, the max length here could be 256 (as defined in lmcons.h as UNLEN) – which would necessitate a buffer of 512 + 2 – i.e. 514 characters.

      http://msdn.microsoft.com/en-us/library/cc761107.aspx

      Future versions of the win32-security gem allocate the buffer appropriately, but for now this is our quick fix without being too disruptive.

        Attachments

          Activity

            People

            • Assignee:
              rob Rob Reynolds
              Reporter:
              ethan Ethan Brown
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support