Skip Capability SIDs, don't stack trace

2025-04-17 10:10:20 +00:00 · 2020-03-10 16:26:13 -06:00 · 2020-03-10 16:26:13 -06:00 · c3ce07355f
commit c3ce07355f
parent e4c3777faf
3 changed files with 24 additions and 9 deletions
--- a/salt/states/win_wua.py
+++ b/salt/states/win_wua.py
@ -183,7 +183,7 @@ def installed(name, updates=None):
    wua.install(install)

    # Refresh windows update info
-    wua.refresh()
+    wua.load_search()
    post_info = wua.updates().list()

    # Verify the installation
@ -307,7 +307,7 @@ def removed(name, updates=None):
    wua.uninstall(uninstall)

    # Refresh windows update info
-    wua.refresh()
+    wua.load_search()
    post_info = wua.updates().list()

    # Verify the installation
@ -482,7 +482,7 @@ def uptodate(
    wua.install(install)

    # Refresh windows update info
-    wua.refresh()
+    wua.load_search()

    post_info = wua.updates().list()

--- a/salt/utils/win_dacl.py
+++ b/salt/utils/win_dacl.py
@ -1181,12 +1181,21 @@ def get_name(principal):
    try:
        return win32security.LookupAccountSid(None, sid_obj)[0]
    except (pywintypes.error, TypeError) as exc:
-        message = 'Error resolving "{0}"'.format(principal)
-        if type(exc) == pywintypes.error:
-            win_error = win32api.FormatMessage(exc.winerror).rstrip("\n")
-            message = "{0}: {1}".format(message, win_error)
-        log.exception(message)
-        raise CommandExecutionError(message, exc)
+        # Microsoft introduced the concept of Capability SIDs in Windows 8
+        # https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers#capability-sids
+        # https://support.microsoft.com/en-us/help/4502539/some-sids-do-not-resolve-into-friendly-names
+        # https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
+        # These types of SIDs do not resolve, so we'll just ignore them for this
+        # All capability SIDs begin with `S-1-15-3`, so we'll only throw an
+        # error when the sid does not begin with `S-1-15-3`
+        str_sid = get_sid_string(sid_obj)
+        if not str_sid.startswith('S-1-15-3'):
+            message = 'Error resolving "{0}"'.format(principal)
+            if type(exc) == pywintypes.error:
+                win_error = win32api.FormatMessage(exc.winerror).rstrip('\n')
+                message = '{0}: {1}'.format(message, win_error)
+            log.exception(message)
+            raise CommandExecutionError(message, exc)


 def get_owner(obj_name, obj_type="file"):
--- a/salt/utils/win_update.py
+++ b/salt/utils/win_update.py
@ -983,7 +983,11 @@ class WindowsUpdateAgent(object):
                log.debug("NeedsReboot: %s", ret["NeedsReboot"])

                # Refresh the Updates Table
+<<<<<<< HEAD
                self.refresh(online=False)
+=======
+                self.load_search()
+>>>>>>> Skip Capability SIDs, don't stack trace

                reboot = {0: "Never Reboot", 1: "Always Reboot", 2: "Poss Reboot"}

@ -1092,3 +1096,5 @@ def needs_reboot():
        # Create an AutoUpdate object
        obj_sys = win32com.client.Dispatch("Microsoft.Update.SystemInfo")
    return salt.utils.data.is_true(obj_sys.RebootRequired)
+
+