Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5923

Administration token detection doesn't work in legacy Windows OS (2003/XP)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.4.0
    • Component/s: None
    • Labels:
    • Template:
    • Story Points:
      1
    • Sprint:
      Windows 2016-02-24 (Burn FF)
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Administrative token detection for Windows 2003 and earlier, used internally to guard code paths requiring administrative privileges, was flawed and always thought the current user has administrative privileges. This could lead to Puppet attempting to execute code that the operating system will not allow it to (such as creating symlinks).
      Show
      Administrative token detection for Windows 2003 and earlier, used internally to guard code paths requiring administrative privileges, was flawed and always thought the current user has administrative privileges. This could lead to Puppet attempting to execute code that the operating system will not allow it to (such as creating symlinks).

      Description

      As part of PUP-5735 it was found that the administrative token detection for legacy operating systems always evaluated as true. This was due to a simple typo at https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/windows/user.rb#L46

      The helper function returns a bool type however the check is against an integer. Therefore is_admin is always returns because bool <> int32 is always true.

      Changing the line to

      is_admin = ismember_pointer.read_win32_bool
      

      fixes the problem

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              glenn.sarti Glenn Sarti
              QA Contact:
              Ryan Gard Ryan Gard
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support