Merge pull request #67800 from twangboy/fix_59344

Handle integer usernames in RunAs on Windows
2025-04-16 09:40:20 +00:00 · 2025-03-10 13:52:50 -07:00 · 2025-03-10 13:52:50 -07:00 · 0b17433478
commit 0b17433478
parent 3194208a7f b6d532ce44
4 changed files with 51 additions and 1 deletions
--- a/changelog/59344.fixed.md
+++ b/changelog/59344.fixed.md
@ -0,0 +1,2 @@
+Fix issue with RunAs on Windows so that usernames of all numeric characters
+are handled as strings
--- a/salt/modules/win_groupadd.py
+++ b/salt/modules/win_groupadd.py
@ -65,7 +65,7 @@ def _get_group_object(name):
    """
    with salt.utils.winapi.Com():
        nt = win32com.client.Dispatch("AdsNameSpaces")
-        return nt.GetObject("", "WinNT://./" + name + ",group")
+        return nt.GetObject("", f"WinNT://./{name},group")


 def _get_all_groups():
--- a/salt/utils/win_runas.py
+++ b/salt/utils/win_runas.py
@ -96,6 +96,10 @@ def runas(cmdLine, username, password=None, cwd=None):
    Commands are run in with the highest level privileges possible for the
    account provided.
    """
+    # Sometimes this comes in as an int. LookupAccountName can't handle an int
+    # Let's make it a string if it's anything other than a string
+    if not isinstance(username, str):
+        username = str(username)
    # Validate the domain and sid exist for the username
    try:
        _, domain, _ = win32security.LookupAccountName(None, username)
@ -265,6 +269,10 @@ def runas_unpriv(cmd, username, password, cwd=None):
    """
    Runas that works for non-privileged users
    """
+    # Sometimes this comes in as an int. LookupAccountName can't handle an int
+    # Let's make it a string if it's anything other than a string
+    if not isinstance(username, str):
+        username = str(username)
    # Validate the domain and sid exist for the username
    try:
        _, domain, _ = win32security.LookupAccountName(None, username)
--- a/tests/pytests/functional/utils/test_win_runas.py
+++ b/tests/pytests/functional/utils/test_win_runas.py
@ -2,8 +2,11 @@
 Test the win_runas util
 """

+from random import randint
+
 import pytest

+import salt.modules.win_useradd as win_useradd
 import salt.utils.win_runas as win_runas

 pytestmark = [
@ -18,6 +21,15 @@ def user():
        yield account


+@pytest.fixture
+def int_user():
+    with pytest.helpers.create_account() as account:
+        int_name = randint(10000, 99999)
+        win_useradd.rename(account.username, int_name)
+        account.username = int_name
+        yield account
+
+
@pytest.mark.parametrize(
    "cmd, expected",
    [
@ -54,3 +66,31 @@ def test_compound_runas_unpriv(user, cmd, expected):
        password=user.password,
    )
    assert expected in result["stdout"]
+
+
+def test_runas_str_user(user):
+    result = win_runas.runas(
+        cmdLine="whoami", username=user.username, password=user.password
+    )
+    assert user.username in result["stdout"]
+
+
+def test_runas_int_user(int_user):
+    result = win_runas.runas(
+        cmdLine="whoami", username=int(int_user.username), password=int_user.password
+    )
+    assert str(int_user.username) in result["stdout"]
+
+
+def test_runas_unpriv_str_user(user):
+    result = win_runas.runas_unpriv(
+        cmd="whoami", username=user.username, password=user.password
+    )
+    assert user.username in result["stdout"]
+
+
+def test_runas_unpriv_int_user(int_user):
+    result = win_runas.runas_unpriv(
+        cmd="whoami", username=int(int_user.username), password=int_user.password
+    )
+    assert str(int_user.username) in result["stdout"]