Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] 3007.1 Windows Minion file.directory causes No mapping between account names and security IDs was done when off domain #66637

Open
darkpixel opened this issue Jun 13, 2024 · 3 comments
Open

[BUG] 3007.1 Windows Minion file.directory causes No mapping between account names and security IDs was done when off domain #66637

darkpixel opened this issue Jun 13, 2024 · 3 comments
Labels
Bug broken, incorrect, or confusing behavior needs-triage

Comments

@darkpixel
Copy link
Contributor

Description
I think this is related to an old bug--either the file.directory code wasn't updated as file.managed or reg.present was in bug #51868 , or maybe something got missed in merging.

To reproduce:
Join a Windows machine (i.e. a laptop) to a domain.
Move the machine off the network (i.e. work from home for a day) or make it so it can no longer talk to the domain controller.
Apply a state using file.directory:

my_folder:
  file.directory:
    - name: 'c:\my_folder'

Get a traceback:

          ID: my_folder
    Function: file.directory
        Name: c:\my_folder
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\utils\win_dacl.py", line 1238, in get_name
                  name = win32security.LookupAccountSid(None, sid_obj)[0]
              pywintypes.error: (1332, 'LookupAccountSid', 'No mapping between account names and security IDs was done.')
              
              During handling of the above exception, another exception occurred:
              
              Traceback (most recent call last):
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\state.py", line 2428, in call
                  ret = self.states[cdata["full"]](
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\loader\lazy.py", line 160, in __call__
                  ret = self.loader.run(run_func, *args, **kwargs)
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\loader\lazy.py", line 1269, in run
                  return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\loader\lazy.py", line 1284, in _run_as
                  return _func_or_method(*args, **kwargs)
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\loader\lazy.py", line 1317, in wrapper
                  return f(*args, **kwargs)
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\states\file.py", line 4112, in directory
                  tresult, tcomment, tchanges = _check_directory_win(
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\states\file.py", line 849, in _check_directory_win
                  changes = salt.utils.win_dacl.check_perms(
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\utils\win_dacl.py", line 2432, in check_perms
                  current_owner = get_owner(obj_name=obj_name, obj_type=obj_type)
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\utils\win_dacl.py", line 1348, in get_owner
                  return get_name(owner_sid)
                File "C:\Program Files\Salt Project\Salt\Lib\site-packages\salt\utils\win_dacl.py", line 1263, in get_name
                  raise CommandExecutionError(message, exc)
. Additional info follows:ons.CommandExecutionError: Error resolving "PySID:S-1-5-21-2137417848-1058129246-2041171366-1002": No mapping between account names and security IDs was done.
     Started: 13:17:25.880015
    Duration: 1.793 ms
     Changes:

Windows Minion is 3007.1, and I believe this was probably occurring with older versions, I just wasn't calling file.directory on Windows in older versions.
@darkpixel darkpixel added Bug broken, incorrect, or confusing behavior needs-triage labels Jun 13, 2024
@darkpixel
Copy link
Contributor Author

It looks like it's hitting the issue when trying to calculate changes to the file object here: https://github.com/saltstack/salt/blob/master/salt/states/file.py#L849

@darkpixel
Copy link
Contributor Author

I'm wondering if https://github.com/saltstack/salt/blob/master/salt/states/file.py#L846 is an inverted if.

The only places _check_directory_win are called from (in the file.py state) are file.directory, file.append, and file.prepend.

I guess I'll have to check if file.append and file.prepend are turning correctly or if they are spitting out changes:

{name: {"directory": "new"}}

@darkpixel
Copy link
Contributor Author

I see what's going on. It's not inverted.
If the directory doesn't exist, it just lets you know it's a new directory.
If it already exists, it calculates the changes between the existing directory and the state and that's where it fails to find ownership information because the domain is unavailable.

Probably need to wrap it in a try/except for cases when the domain is unavailable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@darkpixel