chef 15.11.3-universal-mingw32 → 16.1.16-universal-mingw32

data/lib/chef/resources.rb

@@ -16,6 +16,7 @@
 # limitations under the License.
 #
 
+require_relative "resource/alternatives"
 require_relative "resource/apt_package"
 require_relative "resource/apt_preference"
 require_relative "resource/apt_repository"
@@ -26,9 +27,13 @@ require_relative "resource/batch"
 require_relative "resource/breakpoint"
 require_relative "resource/build_essential"
 require_relative "resource/cookbook_file"
+require_relative "resource/chef_client_cron"
+require_relative "resource/chef_client_scheduled_task"
+require_relative "resource/chef_client_systemd_timer"
 require_relative "resource/chef_gem"
 require_relative "resource/chef_handler"
 require_relative "resource/chef_sleep"
+require_relative "resource/chef_vault_secret"
 require_relative "resource/chocolatey_config"
 require_relative "resource/chocolatey_feature"
 require_relative "resource/chocolatey_package"
@@ -48,7 +53,7 @@ require_relative "resource/file"
 require_relative "resource/freebsd_package"
 require_relative "resource/ips_package"
 require_relative "resource/gem_package"
-require_relative "resource/git"
+require_relative "resource/scm/git"
 require_relative "resource/group"
 require_relative "resource/http_request"
 require_relative "resource/hostname"
@@ -82,6 +87,7 @@ require_relative "resource/package"
 require_relative "resource/pacman_package"
 require_relative "resource/paludis_package"
 require_relative "resource/perl"
+require_relative "resource/plist"
 require_relative "resource/portage_package"
 require_relative "resource/powershell_package_source"
 require_relative "resource/powershell_script"
@@ -102,7 +108,6 @@ require_relative "resource/solaris_package"
 require_relative "resource/route"
 require_relative "resource/ruby"
 require_relative "resource/ruby_block"
-require_relative "resource/scm"
 require_relative "resource/script"
 require_relative "resource/service"
 require_relative "resource/sudo"
@@ -111,7 +116,7 @@ require_relative "resource/swap_file"
 require_relative "resource/systemd_unit"
 require_relative "resource/ssh_known_hosts_entry"
 require_relative "resource/windows_service"
-require_relative "resource/subversion"
+require_relative "resource/scm/subversion"
 require_relative "resource/smartos_package"
 require_relative "resource/template"
 require_relative "resource/user"
@@ -122,6 +127,7 @@ require_relative "resource/user/mac_user"
 require_relative "resource/user/pw_user"
 require_relative "resource/user/solaris_user"
 require_relative "resource/user/windows_user"
+require_relative "resource/user_ulimit"
 require_relative "resource/whyrun_safe_ruby_block"
 require_relative "resource/windows_env"
 require_relative "resource/windows_package"
@@ -157,3 +163,5 @@ require_relative "resource/windows_task"
 require_relative "resource/windows_uac"
 require_relative "resource/windows_workgroup"
 require_relative "resource/timezone"
+require_relative "resource/windows_user_privilege"
+require_relative "resource/windows_security_policy"

data/lib/chef/run_context/cookbook_compiler.rb

@@ -100,7 +100,15 @@ class Chef
       def compile_libraries
         @events.library_load_start(count_files_by_segment(:libraries))
         cookbook_order.each do |cookbook|
-          load_libraries_from_cookbook(cookbook)
+          eager_load_libraries = cookbook_collection[cookbook].metadata.eager_load_libraries
+          if eager_load_libraries == true # actually true, not truthy
+            load_libraries_from_cookbook(cookbook)
+          else
+            $LOAD_PATH.unshift File.expand_path("libraries", cookbook_collection[cookbook].root_dir)
+            if eager_load_libraries # we have a String or Array<String> and not false
+              load_libraries_from_cookbook(cookbook, eager_load_libraries)
+            end
+          end
         end
         @events.library_load_complete
       end
@@ -221,10 +229,8 @@ class Chef
         raise
       end
 
-      def load_libraries_from_cookbook(cookbook_name)
-        files_in_cookbook_by_segment(cookbook_name, :libraries).each do |filename|
-          next unless File.extname(filename) == ".rb"
-
+      def load_libraries_from_cookbook(cookbook_name, globs = "**/*.rb")
+        each_file_in_cookbook_by_segment(cookbook_name, :libraries, globs) do |filename|
           begin
             logger.trace("Loading cookbook #{cookbook_name}'s library file: #{filename}")
             Kernel.require(filename)
@@ -239,11 +245,13 @@ class Chef
       def load_lwrps_from_cookbook(cookbook_name)
         files_in_cookbook_by_segment(cookbook_name, :providers).each do |filename|
           next unless File.extname(filename) == ".rb"
+          next if File.basename(filename).match?(/^_/)
 
           load_lwrp_provider(cookbook_name, filename)
         end
         files_in_cookbook_by_segment(cookbook_name, :resources).each do |filename|
           next unless File.extname(filename) == ".rb"
+          next if File.basename(filename).match?(/^_/)
 
           load_lwrp_resource(cookbook_name, filename)
         end
@@ -327,6 +335,22 @@ class Chef
         cookbook_collection[cookbook].files_for(segment).map { |record| record[:full_path] }.sort
       end
 
+      # Iterates through all files in given cookbook segment, yielding the full path to the file
+      # if it matches one of the given globs.  Returns matching files in lexical sort order.  Supports
+      # extended globbing.  The segment should not be included in the glob.
+      #
+      def each_file_in_cookbook_by_segment(cookbook, segment, globs)
+        cookbook_collection[cookbook].files_for(segment).sort_by { |record| record[:path] }.each do |record|
+          Array(globs).each do |glob|
+            target = record[:path].delete_prefix("#{segment}/")
+            if File.fnmatch(glob, target, File::FNM_PATHNAME | File::FNM_EXTGLOB | File::FNM_DOTMATCH)
+              yield record[:full_path]
+              break
+            end
+          end
+        end
+      end
+
       # Yields the name, as a symbol, of each cookbook depended on by
       # +cookbook_name+ in lexical sort order.
       def each_cookbook_dep(cookbook_name, &block)

data/lib/chef/scan_access_control.rb

@@ -33,7 +33,7 @@ class Chef
   # Not yet sure if this is the optimal way to solve the problem. But it's
   # progress towards the end goal.
   #
-  # TODO: figure out if all this works with OS X's negative uids
+  # TODO: figure out if all this works with macOS' negative uids
   # TODO: windows
   class ScanAccessControl
 

data/lib/chef/shell.rb

@@ -61,6 +61,11 @@ module Shell
     # to get access to the main object before irb starts.
     ::IRB.setup(nil)
 
+    irb_conf[:USE_COLORIZE] = options.config[:use_colorize]
+    irb_conf[:USE_SINGLELINE] = options.config[:use_singleline]
+    irb_conf[:USE_MULTILINE] = options.config[:use_multiline]
+    pp irb_conf[:USE_MULTILINE]
+
     irb = IRB::Irb.new
 
     if solo_mode?
@@ -127,6 +132,8 @@ module Shell
       conf.prompt_n       = "#{Chef::Dist::EXEC}#{leader(m)} ?> "
       conf.prompt_s       = "#{Chef::Dist::EXEC}#{leader(m)}%l> "
       conf.use_tracer     = false
+      conf.instance_variable_set(:@use_multiline, false)
+      conf.instance_variable_set(:@use_singleline, false)
     end
   end
 
@@ -218,6 +225,21 @@ module Shell
             #{Chef::Dist::USER_CONF_DIR}/knife.rb      if -s option is given.
     FOOTER
 
+    option :use_multiline,
+      long: "--[no-]multiline",
+      default: true,
+      description: "[Do not] use multiline editor module"
+
+    option :use_singleline,
+      long: "--[no-]singleline",
+      default: true,
+      description: "[Do not] use singleline editor module"
+
+    option :use_colorize,
+      long: "--[no-]colorize",
+      default: true,
+      description: "[Do not] use colorization"
+
     option :config_file,
       short: "-c CONFIG",
       long: "--config CONFIG",

data/lib/chef/shell/ext.rb

@@ -37,7 +37,7 @@ module Shell
     module ObjectCoreExtensions
 
       def ensure_session_select_defined
-        # irb breaks if you prematurely define IRB::JobMangager
+        # irb breaks if you prematurely define IRB::JobManager
         # so these methods need to be defined at the latest possible time.
         unless jobs.respond_to?(:select_session_by_context)
           def jobs.select_session_by_context(&block) # rubocop:disable Lint/NestedMethodDefinition

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = Chef::VersionString.new("15.11.3")
+  VERSION = Chef::VersionString.new("16.1.16")
 end
 
 #

data/lib/chef/win32/api.rb

@@ -94,7 +94,7 @@ class Chef
         host.typedef :ulong,   :HMENU # (L) Handle to a menu. http://msdn.microsoft.com/en-us/library/ms646977%28VS.85%29.aspx
         host.typedef :ulong,   :HMETAFILE # (L) Handle to a metafile. http://msdn.microsoft.com/en-us/library/dd145051%28VS.85%29.aspx
         host.typedef :ulong,   :HMODULE # (L) Handle to an instance. Same as HINSTANCE today, but was different in 16-bit Windows.
-        host.typedef :ulong,   :HMONITOR # (L) Рandle to a display monitor. WinDef.h: if(WINVER >= 0x0500) host.typedef HANDLE HMONITOR;
+        host.typedef :ulong,   :HMONITOR # (L) Handle to a display monitor. WinDef.h: if(WINVER >= 0x0500) host.typedef HANDLE HMONITOR;
         host.typedef :ulong,   :HPALETTE # (L) Handle to a palette.
         host.typedef :ulong,   :HPEN # (L) Handle to a pen. http://msdn.microsoft.com/en-us/library/dd162786%28VS.85%29.aspx
         host.typedef :long,    :HRESULT # Return code used by COM interfaces. For more info, Structure of the COM Error Codes.
@@ -115,7 +115,7 @@ class Chef
         host.typedef :uint32,  :LCID # Locale identifier. For more information, see Locales.
         host.typedef :uint32,  :LCTYPE # Locale information type. For a list, see Locale Information Constants.
         host.typedef :uint32,  :LGRPID # Language group identifier. For a list, see EnumLanguageGroupLocales.
-        host.typedef :pointer, :LMSTR # Pointer to null termiated string of unicode characters
+        host.typedef :pointer, :LMSTR # Pointer to null terminated string of unicode characters
         host.typedef :long,    :LONG # 32-bit signed integer. The range is -2,147,483,648 through +...647 decimal.
         host.typedef :int32,   :LONG32 # 32-bit signed integer. The range is -2,147,483,648 through +...647 decimal.
         host.typedef :int64,   :LONG64 # 64-bit signed integer. The range is –9,223,372,036,854,775,808 through +...807

data/lib/chef/win32/api/error.rb

@@ -64,7 +64,7 @@ class Chef
         ERROR_SHARING_VIOLATION   = 32
         ERROR_LOCK_VIOLATION      = 33
         ERROR_WRONG_DISK          = 34
-        ERROR_FCB_UNAVAILABLE     = 35  # gets returned for some unsuccessful DeviceIoControl calls
+        ERROR_FCB_UNAVAILABLE     = 35 # gets returned for some unsuccessful DeviceIoControl calls
         ERROR_SHARING_BUFFER_EXCEEDED = 36
         ERROR_HANDLE_EOF          = 38
         ERROR_HANDLE_DISK_FULL    = 39
@@ -90,6 +90,7 @@ class Chef
         ERROR_TOO_MANY_NAMES      = 68
         ERROR_TOO_MANY_SESS       = 69
         ERROR_SHARING_PAUSED      = 70
+        # cspell:disable-next-line
         ERROR_REQ_NOT_ACCEP       = 71
         ERROR_REDIR_PAUSED        = 72
 
@@ -876,6 +877,7 @@ class Chef
 
         # Flags for LoadLibraryEx
 
+        # cspell:disable-next-line
         DONT_RESOLVE_DLL_REFERENCES = 0x00000001
         LOAD_IGNORE_CODE_AUTHZ_LEVEL = 0x00000010
         LOAD_LIBRARY_AS_DATAFILE = 0x00000002

data/lib/chef/win32/api/file.rb

@@ -540,7 +540,7 @@ BOOL WINAPI VerQueryValue(
         def file_search_handle(path)
           # Workaround for CHEF-4419:
           # Make sure paths starting with "/" has a drive letter
-          # assigned from the current working diretory.
+          # assigned from the current working directory.
           # Note: With CHEF-4427 this issue will be fixed with a
           # broader fix to map all the paths starting with "/" to
           # SYSTEM_DRIVE on windows.

data/lib/chef/win32/api/net.rb

@@ -39,6 +39,7 @@ class Chef
         UF_ACCOUNTDISABLE      = 0x000002
         UF_PASSWD_CANT_CHANGE  = 0x000040
         UF_NORMAL_ACCOUNT      = 0x000200
+        # cspell:disable-next-line
         UF_DONT_EXPIRE_PASSWD  = 0x010000
 
         USE_NOFORCE = 0

data/lib/chef/win32/api/security.rb

@@ -413,6 +413,11 @@ class Chef
             :Buffer, :PWSTR
         end
 
+        # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-lsa_enumeration_information
+        class LSA_ENUMERATION_INFORMATION < FFI::Struct
+          layout :Sid, :PSID
+        end
+
         ffi_lib "advapi32"
 
         safe_attach_function :AccessCheck, %i{pointer HANDLE DWORD pointer pointer pointer pointer pointer}, :BOOL
@@ -448,6 +453,7 @@ class Chef
         safe_attach_function :LookupPrivilegeDisplayNameW, %i{LPCWSTR LPCWSTR LPWSTR LPDWORD LPDWORD}, :BOOL
         safe_attach_function :LookupPrivilegeValueW, %i{LPCWSTR LPCWSTR PLUID}, :BOOL
         safe_attach_function :LsaAddAccountRights, %i{pointer pointer pointer ULONG}, :NTSTATUS
+        safe_attach_function :LsaEnumerateAccountsWithUserRight, %i{LSA_HANDLE PLSA_UNICODE_STRING PVOID PULONG}, :NTSTATUS
         safe_attach_function :LsaRemoveAccountRights, %i{pointer pointer BOOL pointer ULONG}, :NTSTATUS
         safe_attach_function :LsaClose, [ :LSA_HANDLE ], :NTSTATUS
         safe_attach_function :LsaEnumerateAccountRights, %i{LSA_HANDLE PSID PLSA_UNICODE_STRING PULONG}, :NTSTATUS

data/lib/chef/win32/file.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Chisamore (<schisamo@chef.io>)
-# Author:: Mark Mzyk (<mmzyk@ospcode.com>)
+# Author:: Mark Mzyk (<mmzyk@chef.io>)
 # Copyright:: Copyright (c) Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
@@ -166,14 +166,6 @@ class Chef
         VersionInfo.new(file_name)
       end
 
-      def self.verify_links_supported!
-        CreateSymbolicLinkW(nil)
-      rescue Chef::Exceptions::Win32APIFunctionNotImplemented => e
-        raise e
-      rescue Exception
-        # things are ok.
-      end
-
       def self.file_access_check(path, desired_access)
         security_descriptor = Chef::ReservedNames::Win32::Security.get_file_security(path)
         token_rights = Chef::ReservedNames::Win32::Security::TOKEN_IMPERSONATE |

data/lib/chef/win32/mutex.rb

@@ -95,7 +95,7 @@ if other threads attempt to acquire the mutex.")
         @handle = OpenMutexW(SYNCHRONIZE, true, name.to_wstring)
 
         if @handle == 0
-          # Mutext doesn't exist so create one.
+          # Mutex doesn't exist so create one.
           # In the initial creation of the mutex initial_owner is set to
           # false so that mutex will not be acquired until someone calls
           # acquire.

data/lib/chef/win32/net.rb

@@ -40,6 +40,7 @@ class Chef
             usri3_priv: 0,
             usri3_home_dir: nil,
             usri3_comment: nil,
+            # cspell:disable-next-line
             usri3_flags: UF_SCRIPT | UF_DONT_EXPIRE_PASSWD | UF_NORMAL_ACCOUNT,
             usri3_script_path: nil,
             usri3_auth_flags: 0,

data/lib/chef/win32/security.rb

@@ -214,6 +214,41 @@ class Chef
         privileges
       end
 
+      def self.get_account_with_user_rights(privilege)
+        privilege_pointer = FFI::MemoryPointer.new LSA_UNICODE_STRING, 1
+        privilege_lsa_string = LSA_UNICODE_STRING.new(privilege_pointer)
+        privilege_lsa_string[:Buffer] = FFI::MemoryPointer.from_string(privilege.to_wstring)
+        privilege_lsa_string[:Length] = privilege.length * 2
+        privilege_lsa_string[:MaximumLength] = (privilege.length + 1) * 2
+
+        buffer = FFI::MemoryPointer.new(:pointer)
+        count = FFI::MemoryPointer.new(:ulong)
+
+        accounts = []
+        with_lsa_policy(nil) do |policy_handle, sid|
+          result = LsaEnumerateAccountsWithUserRight(policy_handle.read_pointer, privilege_pointer, buffer, count)
+          if result == 0
+            win32_error = LsaNtStatusToWinError(result)
+            return [] if win32_error == 1313 # NO_SUCH_PRIVILEGE - https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--1300-1699-
+
+            test_and_raise_lsa_nt_status(result)
+
+            count.read_ulong.times do |i|
+              sid = LSA_ENUMERATION_INFORMATION.new(buffer.read_pointer + i * LSA_ENUMERATION_INFORMATION.size)
+              sid_name = lookup_account_sid(sid[:Sid])
+              domain, name, use = sid_name
+              account_name = (!domain.nil? && domain.length > 0) ? "#{domain}\\#{name}" : name
+              accounts << account_name
+            end
+          end
+
+          result = LsaFreeMemory(buffer.read_pointer)
+          test_and_raise_lsa_nt_status(result)
+        end
+
+        accounts
+      end
+
       def self.get_ace(acl, index)
         acl = acl.pointer if acl.respond_to?(:pointer)
         ace = FFI::Buffer.new :pointer
@@ -616,18 +651,21 @@ class Chef
       end
 
       def self.with_lsa_policy(username)
-        sid = lookup_account_name(username)[1]
+        sid = lookup_account_name(username)[1] if username
 
         access = 0
         access |= POLICY_CREATE_ACCOUNT
         access |= POLICY_LOOKUP_NAMES
+        access |= POLICY_VIEW_LOCAL_INFORMATION if username.nil?
 
         policy_handle = FFI::MemoryPointer.new(:pointer)
         result = LsaOpenPolicy(nil, LSA_OBJECT_ATTRIBUTES.new, access, policy_handle)
         test_and_raise_lsa_nt_status(result)
 
+        sid_pointer = username.nil? ? nil : sid.pointer
+
         begin
-          yield policy_handle, sid.pointer
+          yield policy_handle, sid_pointer
         ensure
           result = LsaClose(policy_handle.read_pointer)
           test_and_raise_lsa_nt_status(result)

data/lib/chef/win32/security/sid.rb

@@ -261,7 +261,7 @@ class Chef
 
         SYSTEM_USER = SERVICE_ACCOUNT_USERS + BUILT_IN_GROUPS
 
-        # Сheck if the user belongs to service accounts category
+        # Check if the user belongs to service accounts category
         #
         # @return [Boolean] True or False
         #
@@ -269,7 +269,7 @@ class Chef
           SERVICE_ACCOUNT_USERS.include?(user.to_s.upcase)
         end
 
-        # Сheck if the user is in builtin system group
+        # Check if the user is in builtin system group
         #
         # @return [Boolean] True or False
         #
@@ -277,7 +277,7 @@ class Chef
           BUILT_IN_GROUPS.include?(user.to_s.upcase)
         end
 
-        # Сheck if the user belongs to system users category
+        # Check if the user belongs to system users category
         #
         # @return [Boolean] True or False
         #
@@ -325,7 +325,7 @@ class Chef
                 Array.new(entriesread.read_long) do |i|
                   user_info = USER_INFO_3.new(bufptr.read_pointer + i * USER_INFO_3.size)
                   # Check if the account is the Administrator account
-                  # RID for the Administrator account is always 500 and it's privilage is set to USER_PRIV_ADMIN
+                  # RID for the Administrator account is always 500 and it's privilege is set to USER_PRIV_ADMIN
                   if user_info[:usri3_user_id] == 500 && user_info[:usri3_priv] == 2 # USER_PRIV_ADMIN (2) - Administrator
                     admin_account_name = user_info[:usri3_name].read_wstring
                     break

data/spec/functional/assets/inittest

@@ -2,16 +2,17 @@
 
 TMPDIR="${TMPDIR:-/tmp}"
 
-function create_chef_txt {
-        touch $TMPDIR/inittest.txt
+create_chef_txt() {
+        touch "$TMPDIR"/inittest.txt
 }
 
-function delete_chef_txt {
-        rm $TMPDIR/inittest.txt
+
+delete_chef_txt() {
+        rm "$TMPDIR"/inittest.txt
 }
 
-function rename_chef_txt {
-        mv $TMPDIR/inittest.txt $TMPDIR/$1
+rename_chef_txt() {
+        mv "$TMPDIR"/inittest.txt "$TMPDIR"/"$1"
 }
 
 case "$1" in
@@ -22,7 +23,7 @@ stop )
         delete_chef_txt
         ;;
 status )
-        [ -f $TMPDIR/inittest.txt ] || [ -f $TMPDIR/inittest_reload.txt ] || [ -f $TMPDIR/inittest_restart.txt ]
+        [ -f "$TMPDIR"/inittest.txt ] || [ -f "$TMPDIR"/inittest_reload.txt ] || [ -f "$TMPDIR"/inittest_restart.txt ]
         ;;
 reload )
         rename_chef_txt "inittest_reload.txt"