Greetings!
Please review the pull request #115: Ticket/2.7.x/9186 win 2008 failures opened by (joshcooper)
Some more information about the pull request:
- Opened: Wed Sep 14 22:19:46 UTC 2011
- Based on: puppetlabs:2.7.x (d54410446efc8cf1d436886b161083a534f705b2)
- Requested merge: joshcooper:ticket/2.7.x/9186-win-2008-failures (c0edb76086d5f6d0d0eefe5f30a93bb4e6ce9d65)
Description:
The tests were failing on Jenkins because the SYSTEM account's temp
directory is C:\windows\temp, which on 2008 only has 2 access control
entries (one for Administrators and one for SYSTEM). One test assumed
that newly created file/directories had extra entries, e.g. Users. The
other test assumed that unprotecting the DACL for a newly created
file/directory would cause it to inherit extra access control entries
from its parent. But on 2008, the sids for the parent aces
corresponded to the owner and group, so the sids were not "extra".
I fixed both of these tests to not make assumptions about the access
control entries present for newly created files.
Thanks!
The Pull Request Bot
Diff follows:
diff --git a/spec/integration/util/windows/security_spec.rb b/spec/integration/util/windows/security_spec.rb
index f7e93cd..fcc1477 100755
--- a/spec/integration/util/windows/security_spec.rb
+++ b/spec/integration/util/windows/security_spec.rb
@@ -152,6 +152,11 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
describe "getting the mode" do
it "should report when extra aces are encounted" do
+ winsec.set_acl(path, true) do |acl|
+ [ 544, 545, 546, 547 ].each do |rid|
+ winsec.add_access_allowed_ace(acl, WindowsSecurityTester::STANDARD_RIGHTS_ALL, "S-1-5-32-#{rid}")
+ end
+ end
mode = winsec.get_mode(path)
(mode & WindowsSecurityTester::S_IEXTRA).should_not == 0
end
@@ -188,8 +193,27 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
end
it "should be present when the access control list is unprotected" do
- winsec.set_mode(WindowsSecurityTester::S_IRWXU, path, false)
- (winsec.get_mode(path) & WindowsSecurityTester::S_IEXTRA).should == WindowsSecurityTester::S_IEXTRA
+ dir = tmpdir('win_sec_parent')
+
+ # add a bunch of aces, make sure we can add to the directory
+ allow = WindowsSecurityTester::STANDARD_RIGHTS_ALL | WindowsSecurityTester::SPECIFIC_RIGHTS_ALL
+ inherit = WindowsSecurityTester::OBJECT_INHERIT_ACE | WindowsSecurityTester::CONTAINER_INHERIT_ACE
+
+ winsec.set_acl(dir, true) do |acl|
+ winsec.add_access_allowed_ace(acl, allow, "S-1-1-0", inherit) # everyone
+
+ [ 544, 545, 546, 547 ].each do |rid|
+ winsec.add_access_allowed_ace(acl, WindowsSecurityTester::STANDARD_RIGHTS_ALL, "S-1-5-32-#{rid}", inherit)
+ end
+ end
+
+ # add a file
+ child = File.join(dir, "child")
+ File.new(child, "w").close
+
+ # unprotect child, it should inherit from parent
+ winsec.set_mode(WindowsSecurityTester::S_IRWXU, child, false)
+ (winsec.get_mode(child) & WindowsSecurityTester::S_IEXTRA).should == WindowsSecurityTester::S_IEXTRA
end
end
end
-- You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
