1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
#! /usr/bin/env ruby
require 'spec_helper'
describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows? do
describe "2003 without UAC" do
before :each do
Facter.stubs(:value).with(:kernelmajversion).returns("5.2")
end
it "should be an admin if user's token contains the Administrators SID" do
Puppet::Util::Windows::User.expects(:check_token_membership).returns(true)
Puppet::Util::Windows::Process.expects(:elevated_security?).never
Puppet::Util::Windows::User.should be_admin
end
it "should not be an admin if user's token doesn't contain the Administrators SID" do
Puppet::Util::Windows::User.expects(:check_token_membership).returns(false)
Puppet::Util::Windows::Process.expects(:elevated_security?).never
Puppet::Util::Windows::User.should_not be_admin
end
it "should raise an exception if we can't check token membership" do
Puppet::Util::Windows::User.expects(:check_token_membership).raises(Puppet::Util::Windows::Error, "Access denied.")
Puppet::Util::Windows::Process.expects(:elevated_security?).never
lambda { Puppet::Util::Windows::User.admin? }.should raise_error(Puppet::Util::Windows::Error, /Access denied./)
end
end
describe "2008 with UAC" do
before :each do
Facter.stubs(:value).with(:kernelmajversion).returns("6.0")
end
it "should be an admin if user is running with elevated privileges" do
Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(true)
Puppet::Util::Windows::User.expects(:check_token_membership).never
Puppet::Util::Windows::User.should be_admin
end
it "should not be an admin if user is not running with elevated privileges" do
Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(false)
Puppet::Util::Windows::User.expects(:check_token_membership).never
Puppet::Util::Windows::User.should_not be_admin
end
it "should raise an exception if the process fails to open the process token" do
Puppet::Util::Windows::Process.stubs(:elevated_security?).raises(Puppet::Util::Windows::Error, "Access denied.")
Puppet::Util::Windows::User.expects(:check_token_membership).never
lambda { Puppet::Util::Windows::User.admin? }.should raise_error(Puppet::Util::Windows::Error, /Access denied./)
end
end
describe "module function" do
let(:username) { 'fabio' }
let(:bad_password) { 'goldilocks' }
let(:logon_fail_msg) { /Failed to logon user "fabio": Logon failure: unknown user name or bad password./ }
def expect_logon_failure_error(&block)
expect {
yield
}.to raise_error { |error|
expect(error).to be_a(Puppet::Util::Windows::Error)
# http://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
# ERROR_LOGON_FAILURE 1326
expect(error.code).to eq(1326)
}
end
describe "load_profile" do
it "should raise an error when provided with an incorrect username and password" do
expect_logon_failure_error {
Puppet::Util::Windows::User.load_profile(username, bad_password)
}
end
it "should raise an error when provided with an incorrect username and nil password" do
expect_logon_failure_error {
Puppet::Util::Windows::User.load_profile(username, nil)
}
end
end
describe "logon_user" do
it "should raise an error when provided with an incorrect username and password" do
expect_logon_failure_error {
Puppet::Util::Windows::User.logon_user(username, bad_password)
}
end
it "should raise an error when provided with an incorrect username and nil password" do
expect_logon_failure_error {
Puppet::Util::Windows::User.logon_user(username, nil)
}
end
end
describe "password_is?" do
it "should return false given an incorrect username and password" do
Puppet::Util::Windows::User.password_is?(username, bad_password).should be_false
end
it "should return false given an incorrect username and nil password" do
Puppet::Util::Windows::User.password_is?(username, nil).should be_false
end
it "should return false given a nil username and an incorrect password" do
Puppet::Util::Windows::User.password_is?(nil, bad_password).should be_false
end
end
describe "check_token_membership" do
it "should not raise an error" do
# added just to call an FFI code path on all platforms
lambda { Puppet::Util::Windows::User.check_token_membership }.should_not raise_error
end
end
end
end
|
