Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Running cmd.run with "runas" from salt-call.bat gives OSError: [WinError 6] The handle is invalid. #59978

Open
RogueOverride opened this issue Apr 6, 2021 · 4 comments
Open

[BUG] Running cmd.run with "runas" from salt-call.bat gives OSError: [WinError 6] The handle is invalid. #59978

RogueOverride opened this issue Apr 6, 2021 · 4 comments
Assignees
@twangboy
Labels
Bug broken, incorrect, or confusing behavior
Milestone
Argon v3008.0

Comments

@RogueOverride
Copy link

RogueOverride commented Apr 6, 2021
edited

Description
When applying a state using salt-call.bat that has a cmd.run that runs as a certain user, we get a OSError: [WinError 6] The handle is invalid. Note this happens for any cmd.run ran with runas.

Setup

# example/init.sls
Test Command:
  cmd.run:
    - name: echo "Test"
    - runas: "<REDACTED USERNAME>"

Steps to Reproduce the behavior

salt-call.bat state.apply salt-issue saltenv=feature/<REDACTED>/salt-investigation

OR

salt-call.bat cmd.run 'aws --version' runas="<REDACTED USERNAME>"

C:\salt>salt-call.bat state.apply salt-issue saltenv=feature/<REDACTED>/salt-investigation -l debug
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Including configuration from 'c:\salt\conf\minion.d\_schedule.conf'
[DEBUG   ] Reading configuration from c:\salt\conf\minion.d\_schedule.conf
[DEBUG   ] Using cached minion ID from c:\salt\conf\minion_id: <REDACTED MINION ID>
[DEBUG   ] Configuration file path: c:\salt\conf\minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG   ] Grains refresh requested. Refreshing grains.
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Including configuration from 'c:\salt\conf\minion.d\_schedule.conf'
[DEBUG   ] Reading configuration from c:\salt\conf\minion.d\_schedule.conf
[DEBUG   ] Loading static grains from c:\salt\conf\grains
[DEBUG   ] Connecting to master. Attempt 1 (infinite attempts)
[DEBUG   ] "salt.mydomain.com" Not an IP address? Assuming it is a hostname.
[DEBUG   ] Master URI: tcp://<REDACTED IP>:4506
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Generated random reconnect delay between '1000ms' and '11000ms' (3204)
[DEBUG   ] Setting zmq_reconnect_ivl to '3204ms'
[DEBUG   ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'clear')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] salt.crypt.get_rsa_pub_key: Loading public key
[DEBUG   ] Decrypting the current master AES key
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] salt.crypt._get_key_with_evict: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] salt.crypt.get_rsa_pub_key: Loading public key
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] Connecting the Minion to the Master publish port, using the URI: tcp://<REDACTED IP>:4505
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Determining pillar cache
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] LazyLoaded jinja.render
[DEBUG   ] LazyLoaded yaml.render
[DEBUG   ] LazyLoaded state.apply
[DEBUG   ] LazyLoaded direct_call.execute
[DEBUG   ] LazyLoaded saltutil.is_running
[DEBUG   ] LazyLoaded grains.get
[DEBUG   ] LazyLoaded config.get
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] Gathering pillar data for state run
[DEBUG   ] Determining pillar cache
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] Finished gathering pillar data for state run
[INFO    ] Loading fresh modules for state activity
[DEBUG   ] LazyLoaded jinja.render
[DEBUG   ] LazyLoaded yaml.render
[DEBUG   ] Could not find file 'salt://salt-issue.sls' in saltenv 'feature/<REDACTED>/salt-investigation'
[DEBUG   ] In saltenv 'feature/<REDACTED>/salt-investigation', looking at rel_path 'salt-issue/init.sls' to resolve 'salt://salt-issue/init.sls'
[DEBUG   ] In saltenv 'feature/<REDACTED>/salt-investigation', ** considering ** path 'c:\salt\var\cache\salt\minion\files\feature\<REDACTED>\salt-investigation\salt-issue\init.sls' to resolve 'salt://salt-issue/init.sls'
[DEBUG   ] Fetching file from saltenv 'feature/<REDACTED>/salt-investigation', ** attempting ** 'salt://salt-issue/init.sls'
[DEBUG   ] No dest file found
[INFO    ] Fetching file from saltenv 'feature/<REDACTED>/salt-investigation', ** done ** 'salt-issue/init.sls'
[DEBUG   ] compile template: c:\salt\var\cache\salt\minion\files\feature\<REDACTED>\salt-investigation\salt-issue\init.sls
[DEBUG   ] Jinja search path: ['c:\\salt\\var\\cache\\salt\\minion\\files\\feature/<REDACTED>/salt-investigation']
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[PROFILE ] Time (in seconds) to render 'c:\salt\var\cache\salt\minion\files\feature\<REDACTED>\salt-investigation\salt-issue\init.sls' using 'jinja' renderer: 0.05566096305847168
[DEBUG   ] Rendered data from file: c:\salt\var\cache\salt\minion\files\feature\<REDACTED>\salt-investigation\salt-issue\init.sls:
Test Command:
  cmd.run:
    - name: aws --version
    - runas: "<REDACTED USERNAME>"
[DEBUG   ] Results of YAML rendering:
OrderedDict([('Test Command', OrderedDict([('cmd.run', [OrderedDict([('name', 'aws --version')]), OrderedDict([('runas', '<REDACTED USERNAME>')])])]))])
[PROFILE ] Time (in seconds) to render 'c:\salt\var\cache\salt\minion\files\feature\<REDACTED>\salt-investigation\salt-issue\init.sls' using 'yaml' renderer: 0.0009779930114746094
[DEBUG   ] LazyLoaded config.option
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Running state [aws --version] at time 23:23:27.472677
[INFO    ] Executing state cmd.run for [aws --version]
[DEBUG   ] LazyLoaded cmd.run_all
[INFO    ] Executing command 'aws' as user '<REDACTED USERNAME>' in directory 'C:\Users\<REDACTED USERNAME>'
[DEBUG   ] Unable to OpenProcess pid=4 name=System
[DEBUG   ] OpenProcessToken failed pid=104 name=svchost.exe userNT AUTHORITY\LOCAL SERVICE
[DEBUG   ] Unable to OpenProcess pid=368 name=smss.exe
[DEBUG   ] OpenProcessToken failed pid=428 name=svchost.exe userNT AUTHORITY\SYSTEM
[DEBUG   ] Unable to OpenProcess pid=476 name=csrss.exe
[DEBUG   ] Unable to OpenProcess pid=564 name=wininit.exe
[DEBUG   ] Unable to OpenProcess pid=572 name=csrss.exe
Exception ignored in: <function HANDLE.Close at 0x000001D74C1BE708>
Traceback (most recent call last):
  File "C:\salt\bin\lib\site-packages\salt-3002.6-py3.7.egg\salt\platform\win.py", line 188, in Close
    CloseHandle(self.Detach())
  File "C:\salt\bin\lib\site-packages\salt-3002.6-py3.7.egg\salt\platform\win.py", line 633, in errcheck_bool
    raise ctypes.WinError(ctypes.get_last_error())
OSError: [WinError 6] The handle is invalid.
[INFO    ] {'pid': 3076, 'retcode': 0, 'stdout': 'aws-cli/2.1.34 Python/3.8.8 Windows/10 exe/AMD64 prompt/off\n', 'stderr': ''}
[INFO    ] Completed state [aws --version] at time 23:23:28.243185 (duration_in_ms=770.508)
[DEBUG   ] LazyLoaded event.fire_master
[DEBUG   ] Initializing new SAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] File c:\salt\var\cache\salt\minion\accumulator\2024205676872 does not exist, no need to cleanup
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Executing command attrib in directory 'C:\Users\<REDACTED USERNAME>'
[DEBUG   ] output:
[DEBUG   ] LazyLoaded state.check_result
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] LazyLoaded highstate.output
[DEBUG   ] LazyLoaded nested.output
local:
----------
          ID: Test Command
    Function: cmd.run
        Name: aws --version
      Result: True
     Comment: Command "aws --version" run
     Started: 23:23:27.472677
    Duration: 770.508 ms
     Changes:
              ----------
              pid:
                  3076
              retcode:
                  0
              stderr:
              stdout:
                  aws-cli/2.1.34 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 770.508 ms
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] Closing AsyncZeroMQReqChannel instance

C:\salt>salt-call.bat cmd.run "aws --version" runas=<REDACTED USERNAME> -l debug
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Including configuration from 'c:\salt\conf\minion.d\_schedule.conf'
[DEBUG   ] Reading configuration from c:\salt\conf\minion.d\_schedule.conf
[DEBUG   ] Using cached minion ID from c:\salt\conf\minion_id: <REDACTED MINION ID>
[DEBUG   ] Configuration file path: c:\salt\conf\minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG   ] Grains refresh requested. Refreshing grains.
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Including configuration from 'c:\salt\conf\minion.d\_schedule.conf'
[DEBUG   ] Reading configuration from c:\salt\conf\minion.d\_schedule.conf
[DEBUG   ] Loading static grains from c:\salt\conf\grains
[DEBUG   ] Connecting to master. Attempt 1 (infinite attempts)
[DEBUG   ] "<REDACTED HOSTNAME>" Not an IP address? Assuming it is a hostname.
[DEBUG   ] Master URI: tcp://<REDACTED IP>:4506
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Generated random reconnect delay between '1000ms' and '11000ms' (1036)
[DEBUG   ] Setting zmq_reconnect_ivl to '1036ms'
[DEBUG   ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'clear')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] salt.crypt.get_rsa_pub_key: Loading public key
[DEBUG   ] Decrypting the current master AES key
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] salt.crypt._get_key_with_evict: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] salt.crypt.get_rsa_pub_key: Loading public key
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] Connecting the Minion to the Master publish port, using the URI: tcp://<REDACTED IP>:4505
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Determining pillar cache
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] salt.crypt.get_rsa_key: Loading private key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] LazyLoaded jinja.render
[DEBUG   ] LazyLoaded yaml.render
[DEBUG   ] LazyLoaded cmd.run
[DEBUG   ] LazyLoaded direct_call.execute
[DEBUG   ] LazyLoaded config.get
[INFO    ] Executing command 'aws' as user '<REDACTED USERNAME>' in directory 'C:\Users\<REDACTED USERNAME>'
[DEBUG   ] Unable to OpenProcess pid=4 name=System
[DEBUG   ] OpenProcessToken failed pid=104 name=svchost.exe userNT AUTHORITY\LOCAL SERVICE
[DEBUG   ] Unable to OpenProcess pid=368 name=smss.exe
[DEBUG   ] OpenProcessToken failed pid=428 name=svchost.exe userNT AUTHORITY\SYSTEM
[DEBUG   ] Unable to OpenProcess pid=476 name=csrss.exe
[DEBUG   ] Unable to OpenProcess pid=564 name=wininit.exe
[DEBUG   ] Unable to OpenProcess pid=572 name=csrss.exe
Exception ignored in: <function HANDLE.Close at 0x00000192424EE708>
Traceback (most recent call last):
  File "C:\salt\bin\lib\site-packages\salt-3002.6-py3.7.egg\salt\platform\win.py", line 188, in Close
    CloseHandle(self.Detach())
  File "C:\salt\bin\lib\site-packages\salt-3002.6-py3.7.egg\salt\platform\win.py", line 633, in errcheck_bool
    raise ctypes.WinError(ctypes.get_last_error())
OSError: [WinError 6] The handle is invalid.
[DEBUG   ] output: aws-cli/2.1.34 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', '<REDACTED MINION ID>', 'tcp://<REDACTED IP>:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp://<REDACTED IP>:4506
[DEBUG   ] Trying to connect to: tcp://<REDACTED IP>:4506
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] LazyLoaded nested.output
local:
    aws-cli/2.1.34 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

Expected behavior
Expecting it to not print out odd error regarding an invalid handle.

C:\salt>salt-call.bat state.apply salt-issue saltenv=feature/<REDACTED>/salt-investigation
local:
----------
          ID: Test Command
    Function: cmd.run
        Name: aws --version
      Result: True
     Comment: Command "aws --version" run
     Started: 23:33:35.828587
    Duration: 700.177 ms
     Changes:
              ----------
              pid:
                  4416
              retcode:
                  0
              stderr:
              stdout:
                  aws-cli/2.1.34 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 700.177 ms

C:\salt>salt-call.bat cmd.run "aws --version" runas=<REDACTED USERNAME>
local:
    aws-cli/2.1.34 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

Screenshots
Not required.

Versions Report

salt --versions-report Master and Minion are of same version. 
Salt Version:
          Salt: 3002.6

Dependency Versions:
          cffi: 1.12.2
      cherrypy: 17.4.1
      dateutil: 2.8.0
     docker-py: Not Installed
         gitdb: 2.0.5
     gitpython: 2.1.10
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: 1.0.7
       msgpack: 1.0.0
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.19
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.7.4 (tags/v3.7.4:e09359112e, Jul  8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)]
  python-gnupg: 0.4.4
        PyYAML: 5.3.1
         PyZMQ: 18.0.1
         smmap: 2.0.5
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.1

System Versions:
          dist:
        locale: cp1252
       machine: AMD64
       release: 2016Server
        system: Windows
       version: 2016Server 10.0.14393 SP0

Additional context
Not required.
@RogueOverride RogueOverride added Bug broken, incorrect, or confusing behavior needs-triage labels Apr 6, 2021
@welcome
Copy link

welcome bot commented Apr 6, 2021

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at core@saltstack.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@RogueOverride
Copy link
Author

I have resolved my own issue. Found out that I wasn't passing the password in for Windows to authenticate it.

@OrangeDog OrangeDog mentioned this issue Feb 16, 2022
Open
@twangboy
Copy link
Contributor

twangboy commented May 9, 2022

The documentation states that the password is required on Windows. However, the command still runs successfully, it just throws a stacktrace. I believe the intent was to allow the command to run on Windows without a password if salt is running under an account with the SeImpersonatePrivilege. So, we need to either update the docs... or remove the ugly stacktrace.

Without password:

(venv_3.8.10) C:\src\salt>salt-call --local cmd.run "whoami" runas=test_admin
Exception ignored in: <function HANDLE.Close at 0x000002967A9D8CA0>
Traceback (most recent call last):
  File "c:\src\salt\salt\platform\win.py", line 185, in Close
    CloseHandle(self.Detach())
  File "c:\src\salt\salt\platform\win.py", line 630, in errcheck_bool
    raise ctypes.WinError(ctypes.get_last_error())
OSError: [WinError 6] The handle is invalid.
local:
    leesh-z01\test_admin

With password:

(venv_3.8.10) C:\src\salt>salt-call --local cmd.run "whoami" runas=test_admin password=<redacted_pwd>
local:
    leesh-z01\test_admin

@twangboy twangboy reopened this May 9, 2022
@garethgreenaway garethgreenaway added this to the Sulphur v3006.0 milestone May 24, 2022
@MKLeb MKLeb removed their assignment May 23, 2023
@dwoz
Copy link
Contributor

dwoz commented Dec 29, 2023

The documentation states that the password is required on Windows. However, the command still runs successfully, it just throws a stacktrace. I believe the intent was to allow the command to run on Windows without a password if salt is running under an account with the SeImpersonatePrivilege. So, we need to either update the docs... or remove the ugly stacktrace.

Without password:

(venv_3.8.10) C:\src\salt>salt-call --local cmd.run "whoami" runas=test_admin
Exception ignored in: <function HANDLE.Close at 0x000002967A9D8CA0>
Traceback (most recent call last):
  File "c:\src\salt\salt\platform\win.py", line 185, in Close
    CloseHandle(self.Detach())
  File "c:\src\salt\salt\platform\win.py", line 630, in errcheck_bool
    raise ctypes.WinError(ctypes.get_last_error())
OSError: [WinError 6] The handle is invalid.
local:
    leesh-z01\test_admin

With password:

(venv_3.8.10) C:\src\salt>salt-call --local cmd.run "whoami" runas=test_admin password=<redacted_pwd>
local:
    leesh-z01\test_admin

Remove the stack trace.

@dwoz dwoz modified the milestones: Chlorine v3007.0, Argon v3008.0 Dec 29, 2023
@dwoz dwoz removed their assignment Dec 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twangboy twangboy

Labels
Bug broken, incorrect, or confusing behavior
Projects
None yet
Milestone
Argon v3008.0
Development

No branches or pull requests
6 participants
@waynew @garethgreenaway @dwoz @twangboy @RogueOverride @MKLeb