[PUP-5923] Administration token detection doesn't work in legacy Windows OS (2003/XP) - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 4.4.0
Component/s: None
Labels:
- windows

Story Points:
1
Sprint:
Windows 2016-02-24 (Burn FF)

Release Notes:
Bug Fix
Release Notes Summary:

Hide
Administrative token detection for Windows 2003 and earlier, used internally to guard code paths requiring administrative privileges, was flawed and always thought the current user has administrative privileges. This could lead to Puppet attempting to execute code that the operating system will not allow it to (such as creating symlinks).

Show
Administrative token detection for Windows 2003 and earlier, used internally to guard code paths requiring administrative privileges, was flawed and always thought the current user has administrative privileges. This could lead to Puppet attempting to execute code that the operating system will not allow it to (such as creating symlinks).

Description

As part of ~~PUP-5735~~ it was found that the administrative token detection for legacy operating systems always evaluated as true. This was due to a simple typo at https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/windows/user.rb#L46

The helper function returns a bool type however the check is against an integer. Therefore is_admin is always returns because bool <> int32 is always true.

Changing the line to

is_admin = ismember_pointer.read_win32_bool

fixes the problem

Attachments

Issue Links

relates to

PUP-5735 Remove usage of win32-security gem

Closed

links to

GH PR #4685

Activity

People

Assignee:: Unassigned

Reporter:: Glenn Sarti

QA Contact:: Ryan Gard

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016/02/18 10:40 AM

Updated:: 2016/03/17 10:53 AM

Resolved:: 2016/02/22 8:10 AM