chef 12.3.0 → 12.4.0.rc.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +86 -7
- data/distro/common/markdown/man1/chef-shell.mkd +4 -4
- data/distro/common/markdown/man1/knife-bootstrap.mkd +1 -1
- data/distro/common/markdown/man1/knife-client.mkd +1 -1
- data/distro/common/markdown/man1/knife-configure.mkd +1 -1
- data/distro/common/markdown/man1/knife-cookbook-site.mkd +1 -1
- data/distro/common/markdown/man1/knife-cookbook.mkd +4 -4
- data/distro/common/markdown/man1/knife-data-bag.mkd +1 -1
- data/distro/common/markdown/man1/knife-environment.mkd +3 -3
- data/distro/common/markdown/man1/knife-exec.mkd +1 -1
- data/distro/common/markdown/man1/knife-index.mkd +1 -1
- data/distro/common/markdown/man1/knife-node.mkd +1 -1
- data/distro/common/markdown/man1/knife-role.mkd +3 -3
- data/distro/common/markdown/man1/knife-search.mkd +2 -2
- data/distro/common/markdown/man1/knife-ssh.mkd +1 -1
- data/distro/common/markdown/man1/knife-status.mkd +1 -1
- data/distro/common/markdown/man1/knife-tag.mkd +1 -1
- data/distro/common/markdown/man1/knife.mkd +2 -2
- data/distro/common/markdown/man8/chef-client.mkd +1 -2
- data/distro/common/markdown/man8/chef-expander.mkd +1 -2
- data/distro/common/markdown/man8/chef-expanderctl.mkd +1 -2
- data/distro/common/markdown/man8/chef-server-webui.mkd +1 -1
- data/distro/common/markdown/man8/chef-server.mkd +1 -2
- data/distro/common/markdown/man8/chef-solo.mkd +2 -2
- data/distro/common/markdown/man8/chef-solr.mkd +1 -1
- data/lib/chef/client.rb +2 -2
- data/lib/chef/config.rb +17 -709
- data/lib/chef/cookbook/metadata.rb +9 -5
- data/lib/chef/cookbook_loader.rb +1 -1
- data/lib/chef/cookbook_site_streaming_uploader.rb +2 -18
- data/lib/chef/dsl/definitions.rb +44 -0
- data/lib/chef/dsl/recipe.rb +50 -35
- data/lib/chef/dsl/resources.rb +28 -0
- data/lib/chef/event_dispatch/dispatcher.rb +2 -0
- data/lib/chef/event_loggers/windows_eventlog.rb +1 -11
- data/lib/chef/exceptions.rb +4 -0
- data/lib/chef/file_access_control/unix.rb +5 -0
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +17 -0
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +21 -9
- data/lib/chef/formatters/error_inspectors/cookbook_resolve_error_inspector.rb +2 -0
- data/lib/chef/formatters/error_inspectors/cookbook_sync_error_inspector.rb +2 -0
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +2 -0
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +4 -0
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +11 -1
- data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +2 -0
- data/lib/chef/http/authenticator.rb +3 -0
- data/lib/chef/http/basic_client.rb +10 -6
- data/lib/chef/http/json_input.rb +6 -1
- data/lib/chef/key.rb +271 -0
- data/lib/chef/knife.rb +11 -1
- data/lib/chef/knife/bootstrap.rb +6 -0
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +166 -23
- data/lib/chef/knife/client_key_create.rb +67 -0
- data/lib/chef/knife/client_key_delete.rb +76 -0
- data/lib/chef/knife/client_key_edit.rb +80 -0
- data/lib/chef/knife/client_key_list.rb +69 -0
- data/lib/chef/knife/client_key_show.rb +76 -0
- data/lib/chef/knife/key_create.rb +108 -0
- data/lib/chef/knife/key_create_base.rb +50 -0
- data/lib/chef/knife/key_delete.rb +55 -0
- data/lib/chef/knife/key_edit.rb +114 -0
- data/lib/chef/knife/key_edit_base.rb +55 -0
- data/lib/chef/knife/key_list.rb +88 -0
- data/lib/chef/knife/key_list_base.rb +45 -0
- data/lib/chef/knife/key_show.rb +53 -0
- data/lib/chef/knife/ssh.rb +26 -28
- data/lib/chef/knife/user_key_create.rb +69 -0
- data/lib/chef/knife/user_key_delete.rb +76 -0
- data/lib/chef/knife/user_key_edit.rb +80 -0
- data/lib/chef/knife/user_key_list.rb +69 -0
- data/lib/chef/knife/user_key_show.rb +76 -0
- data/lib/chef/log.rb +2 -0
- data/lib/chef/log/syslog.rb +46 -0
- data/lib/chef/log/winevt.rb +99 -0
- data/lib/chef/mixin/provides.rb +8 -1
- data/lib/chef/mixin/unformatter.rb +32 -0
- data/lib/chef/mixin/uris.rb +33 -0
- data/lib/chef/mixin/wstring.rb +31 -0
- data/lib/chef/node.rb +21 -2
- data/lib/chef/platform/provider_mapping.rb +8 -4
- data/lib/chef/platform/query_helpers.rb +1 -5
- data/lib/chef/platform/service_helpers.rb +21 -21
- data/lib/chef/provider.rb +33 -0
- data/lib/chef/provider/cron/unix.rb +1 -0
- data/lib/chef/provider/file.rb +5 -3
- data/lib/chef/provider/lwrp_base.rb +76 -58
- data/lib/chef/provider/ohai.rb +1 -0
- data/lib/chef/provider/package.rb +7 -4
- data/lib/chef/provider/package/aix.rb +1 -0
- data/lib/chef/provider/package/smartos.rb +5 -5
- data/lib/chef/provider/package/windows.rb +90 -6
- data/lib/chef/provider/package/yum.rb +102 -32
- data/lib/chef/provider/reboot.rb +1 -0
- data/lib/chef/provider/registry_key.rb +2 -0
- data/lib/chef/provider/remote_file.rb +1 -0
- data/lib/chef/provider/remote_file/content.rb +5 -1
- data/lib/chef/provider/remote_file/fetcher.rb +22 -8
- data/lib/chef/provider/remote_file/network_file.rb +48 -0
- data/lib/chef/provider/service/aix.rb +13 -12
- data/lib/chef/provider_resolver.rb +87 -0
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource.rb +67 -8
- data/lib/chef/resource/bash.rb +1 -0
- data/lib/chef/resource/bff_package.rb +1 -2
- data/lib/chef/resource/breakpoint.rb +1 -0
- data/lib/chef/resource/csh.rb +1 -0
- data/lib/chef/resource/deploy.rb +1 -0
- data/lib/chef/resource/erl_call.rb +1 -0
- data/lib/chef/resource/execute.rb +1 -0
- data/lib/chef/resource/file.rb +18 -0
- data/lib/chef/resource/http_request.rb +1 -0
- data/lib/chef/resource/ifconfig.rb +1 -2
- data/lib/chef/resource/log.rb +1 -2
- data/lib/chef/resource/lwrp_base.rb +106 -87
- data/lib/chef/resource/ohai.rb +1 -0
- data/lib/chef/resource/package.rb +1 -0
- data/lib/chef/resource/perl.rb +1 -0
- data/lib/chef/resource/portage_package.rb +1 -0
- data/lib/chef/resource/python.rb +1 -0
- data/lib/chef/resource/reboot.rb +2 -0
- data/lib/chef/resource/registry_key.rb +1 -0
- data/lib/chef/resource/remote_file.rb +1 -1
- data/lib/chef/resource/route.rb +1 -2
- data/lib/chef/resource/ruby.rb +1 -0
- data/lib/chef/resource/ruby_block.rb +1 -0
- data/lib/chef/resource/scm.rb +1 -0
- data/lib/chef/resource/script.rb +1 -0
- data/lib/chef/resource/service.rb +1 -0
- data/lib/chef/resource/subversion.rb +1 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +1 -0
- data/lib/chef/resource/windows_package.rb +24 -2
- data/lib/chef/resource/windows_script.rb +1 -0
- data/lib/chef/resource/yum_package.rb +1 -1
- data/lib/chef/resource_definition.rb +1 -0
- data/lib/chef/resource_reporter.rb +3 -10
- data/lib/chef/resource_resolver.rb +20 -10
- data/lib/chef/run_context.rb +1 -0
- data/lib/chef/run_list/versioned_recipe_list.rb +18 -0
- data/lib/chef/run_status.rb +2 -4
- data/lib/chef/shell.rb +1 -1
- data/lib/chef/util/path_helper.rb +3 -204
- data/lib/chef/util/windows/net_user.rb +73 -118
- data/lib/chef/version.rb +8 -4
- data/lib/chef/win32/api.rb +2 -1
- data/lib/chef/win32/api/installer.rb +1 -1
- data/lib/chef/win32/api/net.rb +115 -2
- data/lib/chef/win32/api/security.rb +24 -0
- data/lib/chef/win32/api/unicode.rb +1 -1
- data/lib/chef/win32/eventlog.rb +31 -0
- data/lib/chef/win32/net.rb +190 -0
- data/lib/chef/win32/security.rb +51 -2
- data/lib/chef/win32/security/sid.rb +17 -0
- data/spec/data/lwrp/providers/buck_passer.rb +18 -2
- data/spec/data/lwrp/providers/buck_passer_2.rb +18 -2
- data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +14 -2
- data/spec/data/lwrp_override/resources/foo.rb +5 -0
- data/spec/functional/knife/ssh_spec.rb +2 -2
- data/spec/functional/rebooter_spec.rb +1 -1
- data/spec/functional/resource/aixinit_service_spec.rb +1 -1
- data/spec/functional/resource/user/windows_spec.rb +125 -0
- data/spec/functional/shell_spec.rb +25 -10
- data/spec/functional/win32/sid_spec.rb +55 -0
- data/spec/integration/client/client_spec.rb +53 -29
- data/spec/integration/knife/deps_spec.rb +8 -14
- data/spec/integration/knife/upload_spec.rb +18 -0
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/provider_choice.rb +41 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +259 -0
- data/spec/spec_helper.rb +6 -1
- data/spec/support/key_helpers.rb +104 -0
- data/spec/support/lib/chef/resource/cat.rb +1 -0
- data/spec/support/lib/chef/resource/one_two_three_four.rb +2 -0
- data/spec/support/lib/chef/resource/zen_follower.rb +1 -0
- data/spec/support/lib/chef/resource/zen_master.rb +2 -0
- data/spec/support/mock/platform.rb +1 -1
- data/spec/support/pedant/Gemfile.lock +67 -0
- data/spec/support/shared/functional/securable_resource.rb +34 -12
- data/spec/support/shared/integration/integration_helper.rb +6 -5
- data/spec/support/shared/unit/provider/file.rb +31 -8
- data/spec/unit/application/client_spec.rb +2 -2
- data/spec/unit/client_spec.rb +21 -4
- data/spec/unit/cookbook/cookbook_version_loader_spec.rb +1 -1
- data/spec/unit/cookbook/metadata_spec.rb +15 -0
- data/spec/unit/cookbook/syntax_check_spec.rb +1 -1
- data/spec/unit/cookbook_loader_spec.rb +1 -1
- data/spec/unit/cookbook_site_streaming_uploader_spec.rb +0 -21
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/event_dispatch/dispatcher_spec.rb +61 -0
- data/spec/unit/formatters/error_inspectors/api_error_formatting_spec.rb +75 -0
- data/spec/unit/formatters/error_inspectors/compile_error_inspector_spec.rb +149 -112
- data/spec/unit/formatters/error_inspectors/resource_failure_inspector_spec.rb +7 -0
- data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +1 -1
- data/spec/unit/http/authenticator_spec.rb +69 -0
- data/spec/unit/http/basic_client_spec.rb +16 -0
- data/spec/unit/key_spec.rb +634 -0
- data/spec/unit/knife/bootstrap_spec.rb +14 -1
- data/spec/unit/knife/core/subcommand_loader_spec.rb +1 -1
- data/spec/unit/knife/core/ui_spec.rb +1 -1
- data/spec/unit/knife/data_bag_from_file_spec.rb +1 -1
- data/spec/unit/knife/environment_from_file_spec.rb +1 -1
- data/spec/unit/knife/key_create_spec.rb +224 -0
- data/spec/unit/knife/key_delete_spec.rb +135 -0
- data/spec/unit/knife/key_edit_spec.rb +267 -0
- data/spec/unit/knife/key_helper.rb +74 -0
- data/spec/unit/knife/key_list_spec.rb +216 -0
- data/spec/unit/knife/key_show_spec.rb +126 -0
- data/spec/unit/knife/ssh_spec.rb +23 -26
- data/spec/unit/knife_spec.rb +33 -1
- data/spec/unit/log/syslog_spec.rb +53 -0
- data/spec/unit/log/winevt_spec.rb +55 -0
- data/spec/unit/lwrp_spec.rb +105 -51
- data/spec/unit/mixin/path_sanity_spec.rb +2 -2
- data/spec/unit/mixin/template_spec.rb +2 -2
- data/spec/unit/mixin/unformatter_spec.rb +61 -0
- data/spec/unit/mixin/uris_spec.rb +45 -0
- data/spec/unit/platform/query_helpers_spec.rb +1 -1
- data/spec/unit/policy_builder/policyfile_spec.rb +7 -3
- data/spec/unit/provider/deploy/revision_spec.rb +1 -1
- data/spec/unit/provider/deploy_spec.rb +1 -1
- data/spec/unit/provider/directory_spec.rb +1 -1
- data/spec/unit/provider/execute_spec.rb +1 -1
- data/spec/unit/provider/package/aix_spec.rb +20 -8
- data/spec/unit/provider/package/smartos_spec.rb +50 -40
- data/spec/unit/provider/package/windows_spec.rb +104 -25
- data/spec/unit/provider/package/yum_spec.rb +111 -1
- data/spec/unit/provider/package_spec.rb +6 -0
- data/spec/unit/provider/remote_file/fetcher_spec.rb +20 -1
- data/spec/unit/provider/remote_file/network_file_spec.rb +45 -0
- data/spec/unit/provider/service/aix_service_spec.rb +26 -11
- data/spec/unit/provider/user/dscl_spec.rb +1 -1
- data/spec/unit/provider_spec.rb +20 -0
- data/spec/unit/recipe_spec.rb +1 -1
- data/spec/unit/resource/batch_spec.rb +1 -0
- data/spec/unit/resource/powershell_spec.rb +1 -0
- data/spec/unit/resource/remote_file_spec.rb +10 -0
- data/spec/unit/resource/windows_package_spec.rb +16 -2
- data/spec/unit/resource_spec.rb +40 -24
- data/spec/unit/rest_spec.rb +10 -20
- data/spec/unit/role_spec.rb +1 -1
- data/spec/unit/run_context_spec.rb +31 -0
- data/spec/unit/shell_spec.rb +4 -4
- data/tasks/external_tests.rb +29 -0
- data/tasks/rspec.rb +14 -1
- metadata +105 -28
- data/spec/unit/config_spec.rb +0 -544
- data/spec/unit/util/path_helper_spec.rb +0 -255
@@ -139,7 +139,7 @@ int WideCharToMultiByte(
|
|
139
139
|
ustring = (ustring + "").force_encoding('UTF-8') if ustring.respond_to?(:force_encoding) && ustring.encoding.name != "UTF-8"
|
140
140
|
|
141
141
|
# ensure we have the double-null termination Windows Wide likes
|
142
|
-
ustring = ustring + "\000\000" if ustring[-1].chr != "\000"
|
142
|
+
ustring = ustring + "\000\000" if ustring.length == 0 or ustring[-1].chr != "\000"
|
143
143
|
|
144
144
|
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
145
145
|
ustring = begin
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jay Mundrawala (<jdm@chef.io>)
|
3
|
+
#
|
4
|
+
# Copyright:: 2015, Chef Software, Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
if Chef::Platform::windows? and not Chef::Platform::windows_server_2003?
|
20
|
+
if !defined? Chef::Win32EventLogLoaded
|
21
|
+
if defined? Windows::Constants
|
22
|
+
[:INFINITE, :WAIT_FAILED, :FORMAT_MESSAGE_IGNORE_INSERTS, :ERROR_INSUFFICIENT_BUFFER].each do |c|
|
23
|
+
# These are redefined in 'win32/eventlog'
|
24
|
+
Windows::Constants.send(:remove_const, c) if Windows::Constants.const_defined? c
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
require 'win32/eventlog'
|
29
|
+
Chef::Win32EventLogLoaded = true
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,190 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Jay Mundrawala(<jdm@chef.io>)
|
3
|
+
# Copyright:: Copyright 2015 Chef Software
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/win32/api/net'
|
20
|
+
require 'chef/win32/error'
|
21
|
+
require 'chef/mixin/wstring'
|
22
|
+
|
23
|
+
class Chef
|
24
|
+
module ReservedNames::Win32
|
25
|
+
class NetUser
|
26
|
+
include Chef::ReservedNames::Win32::API::Error
|
27
|
+
extend Chef::ReservedNames::Win32::API::Error
|
28
|
+
|
29
|
+
include Chef::ReservedNames::Win32::API::Net
|
30
|
+
extend Chef::ReservedNames::Win32::API::Net
|
31
|
+
|
32
|
+
include Chef::Mixin::WideString
|
33
|
+
extend Chef::Mixin::WideString
|
34
|
+
|
35
|
+
def self.default_user_info_3
|
36
|
+
ui3 = USER_INFO_3.new.tap do |s|
|
37
|
+
{ usri3_name: nil,
|
38
|
+
usri3_password: nil,
|
39
|
+
usri3_password_age: 0,
|
40
|
+
usri3_priv: 0,
|
41
|
+
usri3_home_dir: nil,
|
42
|
+
usri3_comment: nil,
|
43
|
+
usri3_flags: UF_SCRIPT|UF_DONT_EXPIRE_PASSWD|UF_NORMAL_ACCOUNT,
|
44
|
+
usri3_script_path: nil,
|
45
|
+
usri3_auth_flags: 0,
|
46
|
+
usri3_full_name: nil,
|
47
|
+
usri3_usr_comment: nil,
|
48
|
+
usri3_parms: nil,
|
49
|
+
usri3_workstations: nil,
|
50
|
+
usri3_last_logon: 0,
|
51
|
+
usri3_last_logoff: 0,
|
52
|
+
usri3_acct_expires: -1,
|
53
|
+
usri3_max_storage: -1,
|
54
|
+
usri3_units_per_week: 0,
|
55
|
+
usri3_logon_hours: nil,
|
56
|
+
usri3_bad_pw_count: 0,
|
57
|
+
usri3_num_logons: 0,
|
58
|
+
usri3_logon_server: nil,
|
59
|
+
usri3_country_code: 0,
|
60
|
+
usri3_code_page: 0,
|
61
|
+
usri3_user_id: 0,
|
62
|
+
usri3_primary_group_id: DOMAIN_GROUP_RID_USERS,
|
63
|
+
usri3_profile: nil,
|
64
|
+
usri3_home_dir_drive: nil,
|
65
|
+
usri3_password_expired: 0
|
66
|
+
}.each do |(k,v)|
|
67
|
+
s.set(k, v)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.net_api_error!(code)
|
73
|
+
msg = case code
|
74
|
+
when NERR_InvalidComputer
|
75
|
+
"The user does not have access to the requested information."
|
76
|
+
when NERR_NotPrimary
|
77
|
+
"The operation is allowed only on the primary domain controller of the domain."
|
78
|
+
when NERR_SpeGroupOp
|
79
|
+
"This operation is not allowed on this special group."
|
80
|
+
when NERR_LastAdmin
|
81
|
+
"This operation is not allowed on the last administrative account."
|
82
|
+
when NERR_BadUsername
|
83
|
+
"The user name or group name parameter is invalid."
|
84
|
+
when NERR_BadPassword
|
85
|
+
"The password parameter is invalid."
|
86
|
+
when NERR_UserNotFound
|
87
|
+
raise Chef::Exceptions::UserIDNotFound, code
|
88
|
+
when NERR_PasswordTooShort
|
89
|
+
<<END
|
90
|
+
The password is shorter than required. (The password could also be too
|
91
|
+
long, be too recent in its change history, not have enough unique characters,
|
92
|
+
or not meet another password policy requirement.)
|
93
|
+
END
|
94
|
+
when ERROR_ACCESS_DENIED
|
95
|
+
"The user does not have access to the requested information."
|
96
|
+
else
|
97
|
+
"Received unknown error code (#{code})"
|
98
|
+
end
|
99
|
+
|
100
|
+
formatted_message = ""
|
101
|
+
formatted_message << "---- Begin Win32 API output ----\n"
|
102
|
+
formatted_message << "Net Api Error Code: #{code}\n"
|
103
|
+
formatted_message << "Net Api Error Message: #{msg}\n"
|
104
|
+
formatted_message << "---- End Win32 API output ----\n"
|
105
|
+
|
106
|
+
raise Chef::Exceptions::Win32APIError, msg + "\n" + formatted_message
|
107
|
+
end
|
108
|
+
|
109
|
+
def self.net_user_add_l3(server_name, args)
|
110
|
+
buf = default_user_info_3
|
111
|
+
|
112
|
+
args.each do |k, v|
|
113
|
+
buf.set(k, v)
|
114
|
+
end
|
115
|
+
|
116
|
+
server_name = wstring(server_name)
|
117
|
+
|
118
|
+
rc = NetUserAdd(server_name, 3, buf, nil)
|
119
|
+
if rc != NERR_Success
|
120
|
+
net_api_error!(rc)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
124
|
+
def self.net_user_get_info_l3(server_name, user_name)
|
125
|
+
server_name = wstring(server_name)
|
126
|
+
user_name = wstring(user_name)
|
127
|
+
|
128
|
+
ui3_p = FFI::MemoryPointer.new(:pointer)
|
129
|
+
|
130
|
+
rc = NetUserGetInfo(server_name, user_name, 3, ui3_p)
|
131
|
+
|
132
|
+
if rc != NERR_Success
|
133
|
+
net_api_error!(rc)
|
134
|
+
end
|
135
|
+
|
136
|
+
ui3 = USER_INFO_3.new(ui3_p.read_pointer).as_ruby
|
137
|
+
|
138
|
+
rc = NetApiBufferFree(ui3_p.read_pointer)
|
139
|
+
|
140
|
+
if rc != NERR_Success
|
141
|
+
net_api_error!(rc)
|
142
|
+
end
|
143
|
+
|
144
|
+
ui3
|
145
|
+
end
|
146
|
+
|
147
|
+
def self.net_user_set_info_l3(server_name, user_name, info)
|
148
|
+
buf = default_user_info_3
|
149
|
+
|
150
|
+
info.each do |k, v|
|
151
|
+
buf.set(k, v)
|
152
|
+
end
|
153
|
+
|
154
|
+
server_name = wstring(server_name)
|
155
|
+
user_name = wstring(user_name)
|
156
|
+
|
157
|
+
rc = NetUserSetInfo(server_name, user_name, 3, buf, nil)
|
158
|
+
if rc != NERR_Success
|
159
|
+
net_api_error!(rc)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
def self.net_user_del(server_name, user_name)
|
164
|
+
server_name = wstring(server_name)
|
165
|
+
user_name = wstring(user_name)
|
166
|
+
|
167
|
+
rc = NetUserDel(server_name, user_name)
|
168
|
+
if rc != NERR_Success
|
169
|
+
net_api_error!(rc)
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
173
|
+
def self.net_local_group_add_member(server_name, group_name, domain_user)
|
174
|
+
server_name = wstring(server_name)
|
175
|
+
group_name = wstring(group_name)
|
176
|
+
domain_user = wstring(domain_user)
|
177
|
+
|
178
|
+
buf = LOCALGROUP_MEMBERS_INFO_3.new
|
179
|
+
buf[:lgrmi3_domainandname] = FFI::MemoryPointer.from_string(domain_user)
|
180
|
+
|
181
|
+
rc = NetLocalGroupAddMembers(server_name, group_name, 3, buf, 1)
|
182
|
+
|
183
|
+
if rc != NERR_Success
|
184
|
+
net_api_error!(rc)
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
data/lib/chef/win32/security.rb
CHANGED
@@ -22,6 +22,7 @@ require 'chef/win32/memory'
|
|
22
22
|
require 'chef/win32/process'
|
23
23
|
require 'chef/win32/unicode'
|
24
24
|
require 'chef/win32/security/token'
|
25
|
+
require 'chef/mixin/wstring'
|
25
26
|
|
26
27
|
class Chef
|
27
28
|
module ReservedNames::Win32
|
@@ -31,6 +32,8 @@ class Chef
|
|
31
32
|
include Chef::ReservedNames::Win32::API::Security
|
32
33
|
extend Chef::ReservedNames::Win32::API::Security
|
33
34
|
extend Chef::ReservedNames::Win32::API::Macros
|
35
|
+
include Chef::Mixin::WideString
|
36
|
+
extend Chef::Mixin::WideString
|
34
37
|
|
35
38
|
def self.access_check(security_descriptor, token, desired_access, generic_mapping)
|
36
39
|
token_handle = token.handle.handle
|
@@ -270,6 +273,36 @@ class Chef
|
|
270
273
|
[ present.read_char != 0, acl.null? ? nil : ACL.new(acl, security_descriptor), defaulted.read_char != 0 ]
|
271
274
|
end
|
272
275
|
|
276
|
+
def self.get_token_information_owner(token)
|
277
|
+
owner_result_size = FFI::MemoryPointer.new(:ulong)
|
278
|
+
if GetTokenInformation(token.handle.handle, :TokenOwner, nil, 0, owner_result_size)
|
279
|
+
raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!"
|
280
|
+
elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
|
281
|
+
Chef::ReservedNames::Win32::Error.raise!
|
282
|
+
end
|
283
|
+
owner_result_storage = FFI::MemoryPointer.new owner_result_size.read_ulong
|
284
|
+
unless GetTokenInformation(token.handle.handle, :TokenOwner, owner_result_storage, owner_result_size.read_ulong, owner_result_size)
|
285
|
+
Chef::ReservedNames::Win32::Error.raise!
|
286
|
+
end
|
287
|
+
owner_result = TOKEN_OWNER.new owner_result_storage
|
288
|
+
SID.new(owner_result[:Owner], owner_result_storage)
|
289
|
+
end
|
290
|
+
|
291
|
+
def self.get_token_information_primary_group(token)
|
292
|
+
group_result_size = FFI::MemoryPointer.new(:ulong)
|
293
|
+
if GetTokenInformation(token.handle.handle, :TokenPrimaryGroup, nil, 0, group_result_size)
|
294
|
+
raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!"
|
295
|
+
elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
|
296
|
+
Chef::ReservedNames::Win32::Error.raise!
|
297
|
+
end
|
298
|
+
group_result_storage = FFI::MemoryPointer.new group_result_size.read_ulong
|
299
|
+
unless GetTokenInformation(token.handle.handle, :TokenPrimaryGroup, group_result_storage, group_result_size.read_ulong, group_result_size)
|
300
|
+
Chef::ReservedNames::Win32::Error.raise!
|
301
|
+
end
|
302
|
+
group_result = TOKEN_PRIMARY_GROUP.new group_result_storage
|
303
|
+
SID.new(group_result[:PrimaryGroup], group_result_storage)
|
304
|
+
end
|
305
|
+
|
273
306
|
def self.initialize_acl(acl_size)
|
274
307
|
acl = FFI::MemoryPointer.new acl_size
|
275
308
|
unless InitializeAcl(acl, acl_size, ACL_REVISION)
|
@@ -415,6 +448,10 @@ class Chef
|
|
415
448
|
[ SecurityDescriptor.new(absolute_sd), SID.new(owner), SID.new(group), ACL.new(dacl), ACL.new(sacl) ]
|
416
449
|
end
|
417
450
|
|
451
|
+
def self.open_current_process_token(desired_access = TOKEN_READ)
|
452
|
+
open_process_token(Chef::ReservedNames::Win32::Process.get_current_process, desired_access)
|
453
|
+
end
|
454
|
+
|
418
455
|
def self.open_process_token(process, desired_access)
|
419
456
|
process = process.handle if process.respond_to?(:handle)
|
420
457
|
process = process.handle if process.respond_to?(:handle)
|
@@ -513,7 +550,7 @@ class Chef
|
|
513
550
|
|
514
551
|
def self.with_privileges(*privilege_names)
|
515
552
|
# Set privileges
|
516
|
-
token =
|
553
|
+
token = open_current_process_token(TOKEN_READ | TOKEN_ADJUST_PRIVILEGES)
|
517
554
|
old_privileges = token.enable_privileges(*privilege_names)
|
518
555
|
|
519
556
|
# Let the caller do their privileged stuff
|
@@ -533,7 +570,7 @@ class Chef
|
|
533
570
|
|
534
571
|
true
|
535
572
|
else
|
536
|
-
process_token =
|
573
|
+
process_token = open_current_process_token(TOKEN_READ)
|
537
574
|
elevation_result = FFI::Buffer.new(:ulong)
|
538
575
|
elevation_result_size = FFI::MemoryPointer.new(:uint32)
|
539
576
|
success = GetTokenInformation(process_token.handle.handle, :TokenElevation, elevation_result, 4, elevation_result_size)
|
@@ -543,6 +580,18 @@ class Chef
|
|
543
580
|
success && (elevation_result.read_ulong != 0)
|
544
581
|
end
|
545
582
|
end
|
583
|
+
|
584
|
+
def self.logon_user(username, domain, password, logon_type, logon_provider)
|
585
|
+
username = wstring(username)
|
586
|
+
domain = wstring(domain)
|
587
|
+
password = wstring(password)
|
588
|
+
|
589
|
+
token = FFI::Buffer.new(:pointer)
|
590
|
+
unless LogonUserW(username, domain, password, logon_type, logon_provider, token)
|
591
|
+
Chef::ReservedNames::Win32::Error.raise!
|
592
|
+
end
|
593
|
+
Token.new(Handle.new(token.read_pointer))
|
594
|
+
end
|
546
595
|
end
|
547
596
|
end
|
548
597
|
end
|
@@ -203,6 +203,23 @@ class Chef
|
|
203
203
|
SID.from_account("#{::ENV['USERDOMAIN']}\\#{::ENV['USERNAME']}")
|
204
204
|
end
|
205
205
|
|
206
|
+
# See https://technet.microsoft.com/en-us/library/cc961992.aspx
|
207
|
+
# In practice, this is SID.Administrators if the current_user is an admin (even if not
|
208
|
+
# running elevated), and is current_user otherwise. On win2k3, it technically can be
|
209
|
+
# current_user in all cases if a certain group policy is set.
|
210
|
+
def self.default_security_object_owner
|
211
|
+
token = Chef::ReservedNames::Win32::Security.open_current_process_token
|
212
|
+
Chef::ReservedNames::Win32::Security.get_token_information_owner(token)
|
213
|
+
end
|
214
|
+
|
215
|
+
# See https://technet.microsoft.com/en-us/library/cc961996.aspx
|
216
|
+
# In practice, this seems to be SID.current_user for Microsoft Accounts, the current
|
217
|
+
# user's Domain Users group for domain accounts, and SID.None otherwise.
|
218
|
+
def self.default_security_object_group
|
219
|
+
token = Chef::ReservedNames::Win32::Security.open_current_process_token
|
220
|
+
Chef::ReservedNames::Win32::Security.get_token_information_primary_group(token)
|
221
|
+
end
|
222
|
+
|
206
223
|
def self.admin_account_name
|
207
224
|
@admin_account_name ||= begin
|
208
225
|
admin_account_name = nil
|
@@ -1,12 +1,28 @@
|
|
1
1
|
provides :buck_passer
|
2
2
|
|
3
|
+
def without_deprecation_warnings(&block)
|
4
|
+
old_treat_deprecation_warnings_as_errors = Chef::Config[:treat_deprecation_warnings_as_errors]
|
5
|
+
Chef::Config[:treat_deprecation_warnings_as_errors] = false
|
6
|
+
begin
|
7
|
+
block.call
|
8
|
+
ensure
|
9
|
+
Chef::Config[:treat_deprecation_warnings_as_errors] = old_treat_deprecation_warnings_as_errors
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
3
13
|
action :pass_buck do
|
4
14
|
lwrp_foo :prepared_thumbs do
|
5
15
|
action :prepare_thumbs
|
6
|
-
|
16
|
+
# We know there will be a deprecation error here; head it off
|
17
|
+
without_deprecation_warnings do
|
18
|
+
provider :lwrp_thumb_twiddler
|
19
|
+
end
|
7
20
|
end
|
8
21
|
lwrp_foo :twiddled_thumbs do
|
9
22
|
action :twiddle_thumbs
|
10
|
-
|
23
|
+
# We know there will be a deprecation error here; head it off
|
24
|
+
without_deprecation_warnings do
|
25
|
+
provider :lwrp_thumb_twiddler
|
26
|
+
end
|
11
27
|
end
|
12
28
|
end
|
@@ -1,10 +1,26 @@
|
|
1
|
+
def without_deprecation_warnings(&block)
|
2
|
+
old_treat_deprecation_warnings_as_errors = Chef::Config[:treat_deprecation_warnings_as_errors]
|
3
|
+
Chef::Config[:treat_deprecation_warnings_as_errors] = false
|
4
|
+
begin
|
5
|
+
block.call
|
6
|
+
ensure
|
7
|
+
Chef::Config[:treat_deprecation_warnings_as_errors] = old_treat_deprecation_warnings_as_errors
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
1
11
|
action :pass_buck do
|
2
12
|
lwrp_bar :prepared_eyes do
|
3
13
|
action :prepare_eyes
|
4
|
-
|
14
|
+
# We know there will be a deprecation error here; head it off
|
15
|
+
without_deprecation_warnings do
|
16
|
+
provider :lwrp_paint_drying_watcher
|
17
|
+
end
|
5
18
|
end
|
6
19
|
lwrp_bar :dried_paint_watched do
|
7
20
|
action :watch_paint_dry
|
8
|
-
|
21
|
+
# We know there will be a deprecation error here; head it off
|
22
|
+
without_deprecation_warnings do
|
23
|
+
provider :lwrp_paint_drying_watcher
|
24
|
+
end
|
9
25
|
end
|
10
26
|
end
|
@@ -3,11 +3,23 @@
|
|
3
3
|
# are passed properly (as demonstrated by the call to generate_new_name).
|
4
4
|
attr_reader :enclosed_resource
|
5
5
|
|
6
|
+
def without_deprecation_warnings(&block)
|
7
|
+
old_treat_deprecation_warnings_as_errors = Chef::Config[:treat_deprecation_warnings_as_errors]
|
8
|
+
Chef::Config[:treat_deprecation_warnings_as_errors] = false
|
9
|
+
begin
|
10
|
+
block.call
|
11
|
+
ensure
|
12
|
+
Chef::Config[:treat_deprecation_warnings_as_errors] = old_treat_deprecation_warnings_as_errors
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
6
16
|
action :twiddle_thumbs do
|
7
17
|
@enclosed_resource = lwrp_foo :foo do
|
8
18
|
monkey generate_new_name(new_resource.monkey){ 'the monkey' }
|
9
|
-
|
10
|
-
|
19
|
+
# We know there will be a deprecation error here; head it off
|
20
|
+
without_deprecation_warnings do
|
21
|
+
provider :lwrp_monkey_name_printer
|
22
|
+
end
|
11
23
|
end
|
12
24
|
end
|
13
25
|
|