RubyGems - chef - Versions diffs - 0.10.8 → 0.10.10.beta.1 - Mend

chef 0.10.8 → 0.10.10.beta.1

Files changed (197) hide show

data/distro/arch/etc/rc.d/chef-client +15 -1
data/distro/common/html/chef-client.8.html +4 -4
data/distro/common/html/chef-expander.8.html +4 -4
data/distro/common/html/chef-expanderctl.8.html +4 -4
data/distro/common/html/chef-server-webui.8.html +4 -4
data/distro/common/html/chef-server.8.html +4 -4
data/distro/common/html/chef-solo.8.html +4 -4
data/distro/common/html/chef-solr.8.html +4 -4
data/distro/common/html/knife-bootstrap.1.html +6 -10
data/distro/common/html/knife-client.1.html +4 -4
data/distro/common/html/knife-configure.1.html +4 -4
data/distro/common/html/knife-cookbook-site.1.html +6 -6
data/distro/common/html/knife-cookbook.1.html +4 -4
data/distro/common/html/knife-data-bag.1.html +4 -4
data/distro/common/html/knife-environment.1.html +4 -4
data/distro/common/html/knife-exec.1.html +4 -4
data/distro/common/html/knife-index.1.html +4 -4
data/distro/common/html/knife-node.1.html +5 -5
data/distro/common/html/knife-role.1.html +4 -4
data/distro/common/html/knife-search.1.html +4 -4
data/distro/common/html/knife-ssh.1.html +5 -6
data/distro/common/html/knife-status.1.html +4 -4
data/distro/common/html/knife-tag.1.html +4 -4
data/distro/common/html/knife.1.html +7 -8
data/distro/common/html/shef.1.html +4 -4
data/distro/common/man/man1/knife-bootstrap.1 +4 -4
data/distro/common/man/man1/knife-client.1 +1 -1
data/distro/common/man/man1/knife-configure.1 +1 -1
data/distro/common/man/man1/knife-cookbook-site.1 +4 -4
data/distro/common/man/man1/knife-cookbook.1 +1 -1
data/distro/common/man/man1/knife-data-bag.1 +1 -1
data/distro/common/man/man1/knife-environment.1 +1 -1
data/distro/common/man/man1/knife-exec.1 +1 -1
data/distro/common/man/man1/knife-index.1 +1 -1
data/distro/common/man/man1/knife-node.1 +2 -2
data/distro/common/man/man1/knife-role.1 +1 -1
data/distro/common/man/man1/knife-search.1 +1 -1
data/distro/common/man/man1/knife-ssh.1 +3 -7
data/distro/common/man/man1/knife-status.1 +1 -1
data/distro/common/man/man1/knife-tag.1 +1 -1
data/distro/common/man/man1/knife.1 +5 -9
data/distro/common/man/man1/shef.1 +1 -1
data/distro/common/man/man8/chef-client.8 +1 -1
data/distro/common/man/man8/chef-expander.8 +1 -1
data/distro/common/man/man8/chef-expanderctl.8 +1 -1
data/distro/common/man/man8/chef-server-webui.8 +1 -1
data/distro/common/man/man8/chef-server.8 +1 -1
data/distro/common/man/man8/chef-solo.8 +1 -1
data/distro/common/man/man8/chef-solr.8 +1 -1
data/distro/common/markdown/man1/knife-bootstrap.mkd +3 -7
data/distro/common/markdown/man1/knife-cookbook-site.mkd +3 -3
data/distro/common/markdown/man1/knife-node.mkd +2 -2
data/distro/common/markdown/man1/knife-ssh.mkd +2 -5
data/distro/common/markdown/man1/knife.mkd +7 -9
data/distro/debian/etc/init.d/chef-client +22 -1
data/distro/redhat/etc/init.d/chef-client +12 -1
data/distro/windows/service_manager.rb +164 -0
data/lib/chef/application.rb +12 -6
data/lib/chef/application/client.rb +4 -3
data/lib/chef/application/knife.rb +7 -12
data/lib/chef/application/solo.rb +2 -1
data/lib/chef/application/windows_service.rb +224 -0
data/lib/chef/checksum_cache.rb +1 -0
data/lib/chef/client.rb +3 -16
data/lib/chef/config.rb +42 -13
data/lib/chef/cookbook/metadata.rb +1 -1
data/lib/chef/cookbook/syntax_check.rb +2 -2
data/lib/chef/cookbook_version.rb +5 -0
data/lib/chef/daemon.rb +1 -1
data/lib/chef/exceptions.rb +7 -1
data/lib/chef/file_access_control.rb +13 -87
data/lib/chef/file_access_control/unix.rb +119 -0
data/lib/chef/file_access_control/windows.rb +257 -0
data/lib/chef/handler/json_file.rb +7 -1
data/lib/chef/knife.rb +10 -16
data/lib/chef/knife/bootstrap.rb +15 -8
data/lib/chef/knife/bootstrap/centos5-gems.erb +1 -1
data/lib/chef/knife/bootstrap/chef-full.erb +59 -0
data/lib/chef/knife/bootstrap/ubuntu10.04-apt.erb +1 -0
data/lib/chef/knife/configure.rb +2 -2
data/lib/chef/knife/cookbook_site_download.rb +60 -21
data/lib/chef/knife/cookbook_site_install.rb +16 -21
data/lib/chef/knife/cookbook_upload.rb +77 -48
data/lib/chef/knife/core/bootstrap_context.rb +3 -1
data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
data/lib/chef/knife/core/node_editor.rb +1 -1
data/lib/chef/knife/core/subcommand_loader.rb +1 -1
data/lib/chef/knife/core/ui.rb +3 -2
data/lib/chef/knife/help_topics.rb +1 -1
data/lib/chef/knife/node_run_list_add.rb +14 -6
data/lib/chef/knife/node_run_list_remove.rb +3 -3
data/lib/chef/knife/ssh.rb +32 -13
data/lib/chef/mash.rb +14 -0
data/lib/chef/mixin/command.rb +1 -0
data/lib/chef/mixin/command/unix.rb +5 -0
data/lib/chef/mixin/convert_to_class_name.rb +2 -0
data/lib/chef/mixin/deep_merge.rb +40 -18
data/lib/chef/mixin/enforce_ownership_and_permissions.rb +39 -0
data/lib/chef/mixin/language.rb +89 -3
data/lib/chef/mixin/language_include_recipe.rb +8 -4
data/lib/chef/mixin/path_sanity.rb +67 -0
data/lib/chef/mixin/recipe_definition_dsl_core.rb +19 -11
data/lib/chef/mixin/securable.rb +152 -0
data/lib/chef/mixin/shell_out.rb +1 -1
data/lib/chef/mixin/template.rb +8 -3
data/lib/chef/mixins.rb +3 -0
data/lib/chef/monkey_patches/moneta.rb +50 -0
data/lib/chef/monkey_patches/string.rb +1 -1
data/lib/chef/node.rb +2 -1
data/lib/chef/platform.rb +34 -0
data/lib/chef/provider.rb +23 -21
data/lib/chef/provider/cron.rb +17 -12
data/lib/chef/provider/cron/solaris.rb +6 -18
data/lib/chef/provider/deploy.rb +14 -15
data/lib/chef/provider/deploy/timestamped.rb +0 -1
data/lib/chef/provider/directory.rb +1 -3
data/lib/chef/provider/execute.rb +2 -2
data/lib/chef/provider/file.rb +1 -75
data/lib/chef/provider/git.rb +11 -9
data/lib/chef/provider/group/gpasswd.rb +14 -9
data/lib/chef/provider/link.rb +28 -59
data/lib/chef/provider/mdadm.rb +2 -2
data/lib/chef/provider/mount/mount.rb +1 -1
data/lib/chef/provider/package.rb +10 -6
data/lib/chef/provider/package/apt.rb +3 -1
data/lib/chef/provider/package/dpkg.rb +1 -1
data/lib/chef/provider/package/portage.rb +6 -3
data/lib/chef/provider/package/rubygems.rb +75 -6
data/lib/chef/provider/package/smartos.rb +84 -0
data/lib/chef/provider/package/yum-dump.py +3 -2
data/lib/chef/provider/package/yum.rb +51 -10
data/lib/chef/provider/remote_directory.rb +24 -3
data/lib/chef/provider/remote_file.rb +0 -6
data/lib/chef/provider/route.rb +3 -3
data/lib/chef/provider/service/debian.rb +2 -2
data/lib/chef/provider/service/freebsd.rb +1 -1
data/lib/chef/provider/service/macosx.rb +125 -0
data/lib/chef/provider/service/windows.rb +5 -1
data/lib/chef/provider/subversion.rb +10 -7
data/lib/chef/providers.rb +3 -0
data/lib/chef/resource.rb +181 -87
data/lib/chef/resource/apt_package.rb +10 -1
data/lib/chef/resource/chef_gem.rb +53 -0
data/lib/chef/resource/conditional.rb +3 -0
data/lib/chef/resource/cookbook_file.rb +12 -6
data/lib/chef/resource/cron.rb +9 -0
data/lib/chef/resource/directory.rb +14 -31
data/lib/chef/resource/execute.rb +11 -9
data/lib/chef/resource/file.rb +9 -33
data/lib/chef/resource/link.rb +13 -8
data/lib/chef/resource/mdadm.rb +10 -1
data/lib/chef/resource/remote_directory.rb +13 -2
data/lib/chef/resource/remote_file.rb +14 -7
data/lib/chef/resource/smartos_package.rb +36 -0
data/lib/chef/resource/template.rb +12 -5
data/lib/chef/resource_platform_map.rb +153 -0
data/lib/chef/resources.rb +2 -0
data/lib/chef/rest.rb +55 -10
data/lib/chef/rest/auth_credentials.rb +1 -0
data/lib/chef/rest/rest_request.rb +24 -8
data/lib/chef/role.rb +8 -2
data/lib/chef/run_list.rb +1 -1
data/lib/chef/run_list/run_list_expansion.rb +2 -2
data/lib/chef/run_list/run_list_item.rb +7 -0
data/lib/chef/runner.rb +4 -0
data/lib/chef/shef.rb +2 -2
data/lib/chef/shef/shef_session.rb +4 -5
data/lib/chef/shell_out.rb +2 -245
data/lib/chef/util/file_edit.rb +99 -89
data/lib/chef/version.rb +1 -1
data/lib/chef/win32/api.rb +349 -0
data/lib/chef/win32/api/error.rb +921 -0
data/lib/chef/win32/api/file.rb +289 -0
data/lib/chef/win32/api/memory.rb +105 -0
data/lib/chef/win32/api/process.rb +40 -0
data/lib/chef/win32/api/psapi.rb +51 -0
data/lib/chef/win32/api/security.rb +341 -0
data/lib/chef/win32/api/system.rb +192 -0
data/lib/chef/win32/api/unicode.rb +178 -0
data/lib/chef/win32/error.rb +73 -0
data/lib/chef/win32/file.rb +117 -0
data/lib/chef/win32/file/info.rb +100 -0
data/lib/chef/win32/handle.rb +48 -0
data/lib/chef/win32/memory.rb +101 -0
data/lib/chef/win32/process.rb +84 -0
data/lib/chef/win32/security.rb +489 -0
data/lib/chef/win32/security/ace.rb +125 -0
data/lib/chef/win32/security/acl.rb +101 -0
data/lib/chef/win32/security/securable_object.rb +109 -0
data/lib/chef/win32/security/security_descriptor.rb +93 -0
data/lib/chef/win32/security/sid.rb +199 -0
data/lib/chef/win32/security/token.rb +64 -0
data/lib/chef/win32/unicode.rb +43 -0
data/lib/chef/win32/version.rb +119 -0
metadata +104 -158
data/lib/chef/shell_out/unix.rb +0 -223
data/lib/chef/shell_out/windows.rb +0 -588

data/lib/chef/win32/api/security.rb ADDED

@@ -0,0 +1,341 @@
+#
+# Author:: John Keiser (<jkeiser@opscode.com>)
+# Copyright:: Copyright 2011 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'chef/win32/api'
+class Chef
+  module Win32
+    module API
+      module Security
+        extend Chef::Win32::API
+        ###############################################
+        # Win32 API Constants
+        ###############################################
+        # ACE_HEADER AceType
+        ACCESS_MIN_MS_ACE_TYPE                   = 0x0
+        ACCESS_ALLOWED_ACE_TYPE                  = 0x0
+        ACCESS_DENIED_ACE_TYPE                   = 0x1
+        SYSTEM_AUDIT_ACE_TYPE                    = 0x2
+        SYSTEM_ALARM_ACE_TYPE                    = 0x3
+        ACCESS_MAX_MS_V2_ACE_TYPE                = 0x3
+        ACCESS_ALLOWED_COMPOUND_ACE_TYPE         = 0x4
+        ACCESS_MAX_MS_V3_ACE_TYPE                = 0x4
+        ACCESS_MIN_MS_OBJECT_ACE_TYPE            = 0x5
+        ACCESS_ALLOWED_OBJECT_ACE_TYPE           = 0x5
+        ACCESS_DENIED_OBJECT_ACE_TYPE            = 0x6
+        SYSTEM_AUDIT_OBJECT_ACE_TYPE             = 0x7
+        SYSTEM_ALARM_OBJECT_ACE_TYPE             = 0x8
+        ACCESS_MAX_MS_OBJECT_ACE_TYPE            = 0x8
+        ACCESS_MAX_MS_V4_ACE_TYPE                = 0x8
+        ACCESS_MAX_MS_ACE_TYPE                   = 0x8
+        ACCESS_ALLOWED_CALLBACK_ACE_TYPE         = 0x9
+        ACCESS_DENIED_CALLBACK_ACE_TYPE          = 0xA
+        ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE  = 0xB
+        ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE   = 0xC
+        SYSTEM_AUDIT_CALLBACK_ACE_TYPE           = 0xD
+        SYSTEM_ALARM_CALLBACK_ACE_TYPE           = 0xE
+        SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE    = 0xF
+        SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE    = 0x10
+        SYSTEM_MANDATORY_LABEL_ACE_TYPE          = 0x11
+        ACCESS_MAX_MS_V5_ACE_TYPE                = 0x11
+        # ACE_HEADER AceFlags
+        OBJECT_INHERIT_ACE                 = 0x1
+        CONTAINER_INHERIT_ACE              = 0x2
+        NO_PROPAGATE_INHERIT_ACE           = 0x4
+        INHERIT_ONLY_ACE                   = 0x8
+        INHERITED_ACE                      = 0x10
+        VALID_INHERIT_FLAGS                = 0x1F
+        SUCCESSFUL_ACCESS_ACE_FLAG         = 0x40
+        FAILED_ACCESS_ACE_FLAG             = 0x80
+        # SECURITY_INFORMATION flags (DWORD)
+        OWNER_SECURITY_INFORMATION = 0x01
+        GROUP_SECURITY_INFORMATION = 0x02
+        DACL_SECURITY_INFORMATION = 0x04
+        SACL_SECURITY_INFORMATION = 0x08
+        LABEL_SECURITY_INFORMATION = 0x10
+        UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000
+        UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
+        PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000
+        PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000
+        # SECURITY_DESCRIPTOR_REVISION
+        SECURITY_DESCRIPTOR_REVISION = 1
+        SECURITY_DESCRIPTOR_REVISION1 = 1
+        # SECURITY_DESCRIPTOR_CONTROL
+        SE_OWNER_DEFAULTED                = 0x0001
+        SE_GROUP_DEFAULTED                = 0x0002
+        SE_DACL_PRESENT                   = 0x0004
+        SE_DACL_DEFAULTED                 = 0x0008
+        SE_SACL_PRESENT                   = 0x0010
+        SE_SACL_DEFAULTED                 = 0x0020
+        SE_DACL_AUTO_INHERIT_REQ          = 0x0100
+        SE_SACL_AUTO_INHERIT_REQ          = 0x0200
+        SE_DACL_AUTO_INHERITED            = 0x0400
+        SE_SACL_AUTO_INHERITED            = 0x0800
+        SE_DACL_PROTECTED                 = 0x1000
+        SE_SACL_PROTECTED                 = 0x2000
+        SE_RM_CONTROL_VALID               = 0x4000
+        SE_SELF_RELATIVE                  = 0x8000
+        # ACCESS_RIGHTS_MASK
+        # Generic Access Rights
+        GENERIC_READ                      = 0x80000000
+        GENERIC_WRITE                     = 0x40000000
+        GENERIC_EXECUTE                   = 0x20000000
+        GENERIC_ALL                       = 0x10000000
+        # Standard Access Rights
+        DELETE                            = 0x00010000
+        READ_CONTROL                      = 0x00020000
+        WRITE_DAC                         = 0x00040000
+        WRITE_OWNER                       = 0x00080000
+        SYNCHRONIZE                       = 0x00100000
+        STANDARD_RIGHTS_REQUIRED          = 0x000F0000
+        STANDARD_RIGHTS_READ              = READ_CONTROL
+        STANDARD_RIGHTS_WRITE             = READ_CONTROL
+        STANDARD_RIGHTS_EXECUTE           = READ_CONTROL
+        STANDARD_RIGHTS_ALL               = 0x001F0000
+        SPECIFIC_RIGHTS_ALL               = 0x0000FFFF
+        # Access System Security Right
+        ACCESS_SYSTEM_SECURITY            = 0x01000000
+        # File/Directory Specific Rights
+        FILE_READ_DATA             =  0x0001
+        FILE_LIST_DIRECTORY        =  0x0001
+        FILE_WRITE_DATA            =  0x0002
+        FILE_ADD_FILE              =  0x0002
+        FILE_APPEND_DATA           =  0x0004
+        FILE_ADD_SUBDIRECTORY      =  0x0004
+        FILE_CREATE_PIPE_INSTANCE  =  0x0004
+        FILE_READ_EA               =  0x0008
+        FILE_WRITE_EA              =  0x0010
+        FILE_EXECUTE               =  0x0020
+        FILE_TRAVERSE              =  0x0020
+        FILE_DELETE_CHILD          =  0x0040
+        FILE_READ_ATTRIBUTES       =  0x0080
+        FILE_WRITE_ATTRIBUTES      =  0x0100
+        FILE_ALL_ACCESS            = STANDARD_RIGHTS_REQUIRED |
+                                     SYNCHRONIZE |
+                                     0x1FF
+        FILE_GENERIC_READ          = STANDARD_RIGHTS_READ |
+                                     FILE_READ_DATA       |
+                                     FILE_READ_ATTRIBUTES |
+                                     FILE_READ_EA         |
+                                     SYNCHRONIZE
+        FILE_GENERIC_WRITE         = STANDARD_RIGHTS_WRITE    |
+                                     FILE_WRITE_DATA          |
+                                     FILE_WRITE_ATTRIBUTES    |
+                                     FILE_WRITE_EA            |
+                                     FILE_APPEND_DATA         |
+                                     SYNCHRONIZE
+        FILE_GENERIC_EXECUTE       = STANDARD_RIGHTS_EXECUTE  |
+                                     FILE_READ_ATTRIBUTES     |
+                                     FILE_EXECUTE             |
+                                     SYNCHRONIZE
+        # Access Token Rights (for OpenProcessToken)
+        # Access Rights for Access-Token Objects (used in OpenProcessToken)
+        TOKEN_ASSIGN_PRIMARY = 0x0001
+        TOKEN_DUPLICATE = 0x0002
+        TOKEN_IMPERSONATE = 0x0004
+        TOKEN_QUERY = 0x0008
+        TOKEN_QUERY_SOURCE = 0x0010
+        TOKEN_ADJUST_PRIVILEGES = 0x0020
+        TOKEN_ADJUST_GROUPS = 0x0040
+        TOKEN_ADJUST_DEFAULT = 0x0080
+        TOKEN_ADJUST_SESSIONID = 0x0100
+        TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY)
+        TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
+            TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
+            TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
+            TOKEN_ADJUST_SESSIONID)
+        # AdjustTokenPrivileges
+        SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001
+        SE_PRIVILEGE_ENABLED = 0x00000002
+        SE_PRIVILEGE_REMOVED = 0X00000004
+        SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000
+        SE_PRIVILEGE_VALID_ATTRIBUTES = SE_PRIVILEGE_ENABLED_BY_DEFAULT |
+                                         SE_PRIVILEGE_ENABLED            |
+                                         SE_PRIVILEGE_REMOVED            |
+                                         SE_PRIVILEGE_USED_FOR_ACCESS
+        # Minimum size of a SECURITY_DESCRIPTOR.  TODO: this is probably platform dependent.
+        # Make it work on 64 bit.
+        SECURITY_DESCRIPTOR_MIN_LENGTH = 20
+        # ACL revisions
+        ACL_REVISION     = 2
+        ACL_REVISION_DS  = 4
+        ACL_REVISION1   = 1
+        ACL_REVISION2   = 2
+        ACL_REVISION3   = 3
+        ACL_REVISION4   = 4
+        MIN_ACL_REVISION = ACL_REVISION2
+        MAX_ACL_REVISION = ACL_REVISION4
+        MAXDWORD = 0xffffffff
+        ###############################################
+        # Win32 API Bindings
+        ###############################################
+        SE_OBJECT_TYPE = enum :SE_OBJECT_TYPE, [
+             :SE_UNKNOWN_OBJECT_TYPE,
+             :SE_FILE_OBJECT,
+             :SE_SERVICE,
+             :SE_PRINTER,
+             :SE_REGISTRY_KEY,
+             :SE_LMSHARE,
+             :SE_KERNEL_OBJECT,
+             :SE_WINDOW_OBJECT,
+             :SE_DS_OBJECT,
+             :SE_DS_OBJECT_ALL,
+             :SE_PROVIDER_DEFINED_OBJECT,
+             :SE_WMIGUID_OBJECT,
+             :SE_REGISTRY_WOW64_32KEY
+        ]
+        SID_NAME_USE = enum :SID_NAME_USE, [
+             :SidTypeUser, 1,
+             :SidTypeGroup,
+             :SidTypeDomain,
+             :SidTypeAlias,
+             :SidTypeWellKnownGroup,
+             :SidTypeDeletedAccount,
+             :SidTypeInvalid,
+             :SidTypeUnknown,
+             :SidTypeComputer,
+             :SidTypeLabel
+        ]
+        # SECURITY_DESCRIPTOR is an opaque structure whose contents can vary.  Pass the
+        # pointer around and free it with LocalFree.
+        # http://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
+        # SID is an opaque structure.  Pass the pointer around.
+        # ACL type is a header with some information, followed by an array of ACEs
+        # http://msdn.microsoft.com/en-us/library/windows/desktop/aa374931(v=VS.85).aspx
+        class ACLStruct < FFI::Struct
+          layout :AclRevision, :uchar,
+                 :Sbzl, :uchar,
+                 :AclSize, :ushort,
+                 :AceCount, :ushort,
+                 :Sbz2, :ushort
+        end
+        class ACE_HEADER < FFI::Struct
+          layout :AceType, :uchar,
+                 :AceFlags, :uchar,
+                 :AceSize, :ushort
+        end
+        class ACE_WITH_MASK_AND_SID < FFI::Struct
+          layout :AceType, :uchar,
+                 :AceFlags, :uchar,
+                 :AceSize, :ushort,
+                 :Mask, :uint32,
+                 :SidStart, :uint32
+          # The AceTypes this structure supports
+          def self.supports?(ace_type)
+            [
+              ACCESS_ALLOWED_ACE_TYPE,
+              ACCESS_DENIED_ACE_TYPE,
+              SYSTEM_AUDIT_ACE_TYPE,
+              SYSTEM_ALARM_ACE_TYPE
+            ].include?(ace_type)
+          end
+        end
+        class LUID < FFI::Struct
+          layout :LowPart, :DWORD,
+                 :HighPart, :LONG
+        end
+        class LUID_AND_ATTRIBUTES < FFI::Struct
+          layout :Luid, LUID,
+                 :Attributes, :DWORD
+        end
+        class TOKEN_PRIVILEGES < FFI::Struct
+          layout :PrivilegeCount, :DWORD,
+                 :Privileges, LUID_AND_ATTRIBUTES
+          def self.size_with_privileges(num_privileges)
+            offset_of(:Privileges) + LUID_AND_ATTRIBUTES.size*num_privileges
+          end
+          def size_with_privileges
+            TOKEN_PRIVILEGES.size_with_privileges(self[:PrivilegeCount])
+          end
+          def privilege(index)
+            LUID_AND_ATTRIBUTES.new(pointer + offset_of(:Privileges) + (index * LUID_AND_ATTRIBUTES.size))
+          end
+        end
+        ffi_lib "advapi32"
+        attach_function :AddAce, [ :pointer, :DWORD, :DWORD, :LPVOID, :DWORD ], :BOOL
+        attach_function :AddAccessAllowedAce, [ :pointer, :DWORD, :DWORD, :pointer ], :BOOL
+        attach_function :AddAccessAllowedAceEx, [ :pointer, :DWORD, :DWORD, :DWORD, :pointer ], :BOOL
+        attach_function :AddAccessDeniedAce, [ :pointer, :DWORD, :DWORD, :pointer ], :BOOL
+        attach_function :AddAccessDeniedAceEx, [ :pointer, :DWORD, :DWORD, :DWORD, :pointer ], :BOOL
+        attach_function :AdjustTokenPrivileges, [ :HANDLE, :BOOL, :pointer, :DWORD, :pointer, :PDWORD ], :BOOL
+        attach_function :ConvertSidToStringSidA, [ :pointer, :pointer ], :BOOL
+        attach_function :ConvertStringSidToSidW, [ :pointer, :pointer ], :BOOL
+        attach_function :DeleteAce, [ :pointer, :DWORD ], :BOOL
+        attach_function :EqualSid, [ :pointer, :pointer ], :BOOL
+        attach_function :FreeSid, [ :pointer ], :pointer
+        attach_function :GetAce, [ :pointer, :DWORD, :pointer ], :BOOL
+        attach_function :GetLengthSid, [ :pointer ], :DWORD
+        attach_function :GetNamedSecurityInfoW,  [ :LPWSTR, :SE_OBJECT_TYPE, :DWORD, :pointer, :pointer, :pointer, :pointer, :pointer ], :DWORD
+        attach_function :GetSecurityDescriptorControl, [ :pointer, :PWORD, :LPDWORD], :BOOL
+        attach_function :GetSecurityDescriptorDacl, [ :pointer, :LPBOOL, :pointer, :LPBOOL ], :BOOL
+        attach_function :GetSecurityDescriptorGroup, [ :pointer, :pointer, :LPBOOL], :BOOL
+        attach_function :GetSecurityDescriptorOwner, [ :pointer, :pointer, :LPBOOL], :BOOL
+        attach_function :GetSecurityDescriptorSacl, [ :pointer, :LPBOOL, :pointer, :LPBOOL ], :BOOL
+        attach_function :InitializeAcl, [ :pointer, :DWORD, :DWORD ], :BOOL
+        attach_function :InitializeSecurityDescriptor, [ :pointer, :DWORD ], :BOOL
+        attach_function :IsValidAcl, [ :pointer ], :BOOL
+        attach_function :IsValidSecurityDescriptor, [ :pointer ], :BOOL
+        attach_function :IsValidSid, [ :pointer ], :BOOL
+        attach_function :LookupAccountNameW, [ :LPCWSTR, :LPCWSTR, :pointer, :LPDWORD, :LPWSTR, :LPDWORD, :pointer ], :BOOL
+        attach_function :LookupAccountSidW, [ :LPCWSTR, :pointer, :LPWSTR, :LPDWORD, :LPWSTR, :LPDWORD, :pointer ], :BOOL
+        attach_function :LookupPrivilegeNameW, [ :LPCWSTR, :PLUID, :LPWSTR, :LPDWORD ], :BOOL
+        attach_function :LookupPrivilegeDisplayNameW, [ :LPCWSTR, :LPCWSTR, :LPWSTR, :LPDWORD, :LPDWORD ], :BOOL
+        attach_function :LookupPrivilegeValueW, [ :LPCWSTR, :LPCWSTR, :PLUID ], :BOOL
+        attach_function :MakeAbsoluteSD, [ :pointer, :pointer, :LPDWORD, :pointer, :LPDWORD, :pointer, :LPDWORD, :pointer, :LPDWORD, :pointer, :LPDWORD], :BOOL
+        attach_function :OpenProcessToken, [ :HANDLE, :DWORD, :PHANDLE ], :BOOL
+        attach_function :QuerySecurityAccessMask, [ :DWORD, :LPDWORD ], :void
+        attach_function :SetFileSecurityW, [ :LPWSTR, :DWORD, :pointer ], :BOOL
+        attach_function :SetNamedSecurityInfoW, [ :LPWSTR, :SE_OBJECT_TYPE, :DWORD, :pointer, :pointer, :pointer, :pointer ], :DWORD
+        attach_function :SetSecurityAccessMask, [ :DWORD, :LPDWORD ], :void
+        attach_function :SetSecurityDescriptorDacl, [ :pointer, :BOOL, :pointer, :BOOL ], :BOOL
+        attach_function :SetSecurityDescriptorGroup, [ :pointer, :pointer, :BOOL ], :BOOL
+        attach_function :SetSecurityDescriptorOwner, [ :pointer, :pointer, :BOOL ], :BOOL
+        attach_function :SetSecurityDescriptorSacl, [ :pointer, :BOOL, :pointer, :BOOL ], :BOOL
+      end
+    end
+  end
+end

data/lib/chef/win32/api/system.rb ADDED

@@ -0,0 +1,192 @@
+#
+# Author:: Seth Chisamore (<schisamo@opscode.com>)
+# Copyright:: Copyright 2011 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'chef/win32/api'
+class Chef
+  module Win32
+    module API
+      module System
+        extend Chef::Win32::API
+        ###############################################
+        # Win32 API Constants
+        ###############################################
+        # http://msdn.microsoft.com/en-us/library/ms724833(v=vs.85).aspx
+        # Suite Masks
+        # Microsoft BackOffice components are installed.
+        VER_SUITE_BACKOFFICE = 0x00000004
+        # Windows Server 2003, Web Edition is installed.
+        VER_SUITE_BLADE = 0x00000400
+        # Windows Server 2003, Compute Cluster Edition is installed.
+        VER_SUITE_COMPUTE_SERVER = 0x00004000
+        # Windows Server 2008 Datacenter, Windows Server 2003, Datacenter Edition, or Windows 2000 Datacenter Server is installed.
+        VER_SUITE_DATACENTER = 0x00000080
+        # Windows Server 2008 Enterprise, Windows Server 2003, Enterprise Edition, or Windows 2000 Advanced Server is installed. Refer to the Remarks section for more information about this bit flag.
+        VER_SUITE_ENTERPRISE = 0x00000002
+        # Windows XP Embedded is installed.
+        VER_SUITE_EMBEDDEDNT = 0x00000040
+        # Windows Vista Home Premium, Windows Vista Home Basic, or Windows XP Home Edition is installed.
+        VER_SUITE_PERSONAL = 0x00000200
+        # Remote Desktop is supported, but only one interactive session is supported. This value is set unless the system is running in application server mode.
+        VER_SUITE_SINGLEUSERTS = 0x00000100
+        # Microsoft Small Business Server was once installed on the system, but may have been upgraded to another version of Windows. Refer to the Remarks section for more information about this bit flag.
+        VER_SUITE_SMALLBUSINESS = 0x00000001
+        # Microsoft Small Business Server is installed with the restrictive client license in force. Refer to the Remarks section for more information about this bit flag.
+        VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020
+        # Windows Storage Server 2003 R2 or Windows Storage Server 2003is installed.
+        VER_SUITE_STORAGE_SERVER = 0x00002000
+        # Terminal Services is installed. This value is always set.
+        # If VER_SUITE_TERMINAL is set but VER_SUITE_SINGLEUSERTS is not set, the system is running in application server mode.
+        VER_SUITE_TERMINAL = 0x00000010
+        # Windows Home Server is installed.
+        VER_SUITE_WH_SERVER = 0x00008000
+        # Product Type
+        # The system is a domain controller and the operating system is Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server.
+        VER_NT_DOMAIN_CONTROLLER = 0x0000002
+        # The operating system is Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server.
+        # Note that a server that is also a domain controller is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER.
+        VER_NT_SERVER = 0x0000003
+        # The operating system is Windows 7, Windows Vista, Windows XP Professional, Windows XP Home Edition, or Windows 2000 Professional.
+        VER_NT_WORKSTATION = 0x0000001
+        # Product Info
+        # http://msdn.microsoft.com/en-us/library/ms724358(v=vs.85).aspx
+        PRODUCT_BUSINESS = 0x00000006 # Business
+        PRODUCT_BUSINESS_N = 0x00000010 # Business N
+        PRODUCT_CLUSTER_SERVER = 0x00000012 # HPC Edition
+        PRODUCT_DATACENTER_SERVER = 0x00000008 # Server Datacenter (full installation)
+        PRODUCT_DATACENTER_SERVER_CORE = 0x0000000C # Server Datacenter (core installation)
+        PRODUCT_DATACENTER_SERVER_CORE_V = 0x00000027 # Server Datacenter without Hyper-V (core installation)
+        PRODUCT_DATACENTER_SERVER_V = 0x00000025 # Server Datacenter without Hyper-V (full installation)
+        PRODUCT_ENTERPRISE = 0x00000004 # Enterprise
+        PRODUCT_ENTERPRISE_E = 0x00000046 # Not supported
+        PRODUCT_ENTERPRISE_N = 0x0000001B # Enterprise N
+        PRODUCT_ENTERPRISE_SERVER = 0x0000000A # Server Enterprise (full installation)
+        PRODUCT_ENTERPRISE_SERVER_CORE = 0x0000000E # Server Enterprise (core installation)
+        PRODUCT_ENTERPRISE_SERVER_CORE_V = 0x00000029 # Server Enterprise without Hyper-V (core installation)
+        PRODUCT_ENTERPRISE_SERVER_IA64 = 0x0000000F # Server Enterprise for Itanium-based Systems
+        PRODUCT_ENTERPRISE_SERVER_V = 0x00000026 # Server Enterprise without Hyper-V (full installation)
+        PRODUCT_HOME_BASIC = 0x00000002 # Home Basic
+        PRODUCT_HOME_BASIC_E = 0x00000043 # Not supported
+        PRODUCT_HOME_BASIC_N = 0x00000005 # Home Basic N
+        PRODUCT_HOME_PREMIUM = 0x00000003 # Home Premium
+        PRODUCT_HOME_PREMIUM_E = 0x00000044 # Not supported
+        PRODUCT_HOME_PREMIUM_N = 0x0000001A # Home Premium N
+        PRODUCT_HYPERV = 0x0000002A # Microsoft Hyper-V Server
+        PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT = 0x0000001E # Windows Essential Business Server Management Server
+        PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING = 0x00000020 # Windows Essential Business Server Messaging Server
+        PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY = 0x0000001F # Windows Essential Business Server Security Server
+        PRODUCT_PROFESSIONAL = 0x00000030 # Professional
+        PRODUCT_PROFESSIONAL_E = 0x00000045 # Not supported
+        PRODUCT_PROFESSIONAL_N = 0x00000031 # Professional N
+        PRODUCT_SERVER_FOR_SMALLBUSINESS = 0x00000018 # Windows Server 2008 for Windows Essential Server Solutions
+        PRODUCT_SERVER_FOR_SMALLBUSINESS_V = 0x00000023 # Windows Server 2008 without Hyper-V for Windows Essential Server Solutions
+        PRODUCT_SERVER_FOUNDATION = 0x00000021 # Server Foundation
+        PRODUCT_HOME_PREMIUM_SERVER = 0x00000022 # Windows Home Server 2011
+        PRODUCT_SB_SOLUTION_SERVER = 0x00000032 # Windows Small Business Server 2011 Essentials
+        PRODUCT_HOME_SERVER = 0x00000013 # Windows Storage Server 2008 R2 Essentials
+        PRODUCT_SMALLBUSINESS_SERVER = 0x00000009 # Windows Small Business Server
+        PRODUCT_SOLUTION_EMBEDDEDSERVER = 0x00000038 # Windows MultiPoint Server
+        PRODUCT_STANDARD_SERVER = 0x00000007 # Server Standard (full installation)
+        PRODUCT_STANDARD_SERVER_CORE = 0x0000000D # Server Standard (core installation)
+        PRODUCT_STANDARD_SERVER_CORE_V = 0x00000028 # Server Standard without Hyper-V (core installation)
+        PRODUCT_STANDARD_SERVER_V = 0x00000024 # Server Standard without Hyper-V (full installation)
+        PRODUCT_STARTER = 0x0000000B # Starter
+        PRODUCT_STARTER_E = 0x00000042 # Not supported
+        PRODUCT_STARTER_N = 0x0000002F # Starter N
+        PRODUCT_STORAGE_ENTERPRISE_SERVER = 0x00000017 # Storage Server Enterprise
+        PRODUCT_STORAGE_EXPRESS_SERVER = 0x00000014 # Storage Server Express
+        PRODUCT_STORAGE_STANDARD_SERVER = 0x00000015 # Storage Server Standard
+        PRODUCT_STORAGE_WORKGROUP_SERVER = 0x00000016 # Storage Server Workgroup
+        PRODUCT_UNDEFINED = 0x00000000 # An unknown product
+        PRODUCT_ULTIMATE = 0x00000001 # Ultimate
+        PRODUCT_ULTIMATE_E = 0x00000047 # Not supported
+        PRODUCT_ULTIMATE_N = 0x0000001C # Ultimate N
+        PRODUCT_WEB_SERVER = 0x00000011 # Web Server (full installation)
+        PRODUCT_WEB_SERVER_CORE = 0x0000001D # Web Server (core installation)
+        # GetSystemMetrics
+        # The build number if the system is Windows Server 2003 R2; otherwise, 0.
+        SM_SERVERR2 = 89
+        ###############################################
+        # Win32 API Bindings
+        ###############################################
+        ffi_lib 'kernel32', 'user32'
+        class OSVERSIONINFOEX < FFI::Struct
+          layout :dw_os_version_info_size, :DWORD,
+            :dw_major_version, :DWORD,
+            :dw_minor_version, :DWORD,
+            :dw_build_number, :DWORD,
+            :dw_platform_id, :DWORD,
+            :sz_csd_version, [:BYTE, 256],
+            :w_service_pack_major, :WORD,
+            :w_service_pack_minor, :WORD,
+            :w_suite_mask, :WORD,
+            :w_product_type, :BYTE,
+            :w_reserved, :BYTE
+        end
+=begin
+BOOL WINAPI CloseHandle(
+  __in  HANDLE hObject
+);
+=end
+        attach_function :CloseHandle, [ :HANDLE ], :BOOL
+=begin
+DWORD WINAPI GetVersion(void);
+=end
+        attach_function :GetVersion, [], :DWORD
+=begin
+BOOL WINAPI GetVersionEx(
+  __inout  LPOSVERSIONINFO lpVersionInfo
+);
+=end
+        attach_function :GetVersionExW, [:pointer], :BOOL
+        attach_function :GetVersionExA, [:pointer], :BOOL
+=begin
+BOOL WINAPI GetProductInfo(
+  __in   DWORD dwOSMajorVersion,
+  __in   DWORD dwOSMinorVersion,
+  __in   DWORD dwSpMajorVersion,
+  __in   DWORD dwSpMinorVersion,
+  __out  PDWORD pdwReturnedProductType
+);
+=end
+        attach_function :GetProductInfo, [:DWORD, :DWORD, :DWORD, :DWORD, :PDWORD], :BOOL
+=begin
+int WINAPI GetSystemMetrics(
+  __in  int nIndex
+);
+=end
+        attach_function :GetSystemMetrics, [:int], :int
+      end
+    end
+  end
+end