mixlib-shellout 2.4.4 → 3.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a77caa01ee050dc884322465862b5eaa2b197b78ebe07f3ac6a4e3526924ce8
-  data.tar.gz: d09b463bd4e2ce05d35a34df03684c4e033af823f54ab510804c648d018391d0
+  metadata.gz: 3e6f0d990000b229cfa3d812040828440973f528374790b2eb261c28db29bc13
+  data.tar.gz: 23ff6a2702bcb423b56daa92a23938299f541f1724dfb5599059dd65aa4e957c
 SHA512:
-  metadata.gz: 3f531586506e3461104c21931b216203e8e884549c5f069753bf6633882632b3a0330384d33a1c1b7fb1f628c9b4fefa0ec620ecd6929fec0630bbadc54f0c2c
-  data.tar.gz: ae952774568dc2d26bd382ed40056bc7544353eb70538161449cb7f704811ef09462b992a8cc83b4a8ff72131f6e4d9925f93a90326ed7f3ededa045f5439ca4
+  metadata.gz: 6c76cc403ee32e7dae114f34e7684b3aa530eacfde72eb160ab0c007de6dbf3d8497f651d2894c873b6f3e734918de922ad57632965ada3fb1ef67418efb6d31
+  data.tar.gz: cad33035223cdd99827846282a9e9a201e63a6f99611f25430caaa6ddf72fd3da21f18e97840d77c70d1af9abd2da65bfeb732a20aa41b1f039ae494c8968b44

data/lib/mixlib/shellout.rb

@@ -19,7 +19,7 @@
 require "etc"
 require "tmpdir"
 require "fcntl"
-require "mixlib/shellout/exceptions"
+require_relative "shellout/exceptions"
 
 module Mixlib
 
@@ -29,10 +29,10 @@ module Mixlib
     DEFAULT_READ_TIMEOUT = 600
 
     if RUBY_PLATFORM =~ /mswin|mingw32|windows/
-      require "mixlib/shellout/windows"
+      require_relative "shellout/windows"
       include ShellOut::Windows
     else
-      require "mixlib/shellout/unix"
+      require_relative "shellout/unix"
       include ShellOut::Unix
     end
 
@@ -65,7 +65,7 @@ module Mixlib
     # as the subprocess is running.
     attr_accessor :live_stderr
 
-    # ShellOut will push data from :input down the stdin of the subprocss.
+    # ShellOut will push data from :input down the stdin of the subprocess.
     # Normally set via options passed to new.
     # Default: nil
     attr_accessor :input
@@ -210,15 +210,17 @@ module Mixlib
     # TODO migrate to shellout/unix.rb
     def uid
       return nil unless user
-      user.kind_of?(Integer) ? user : Etc.getpwnam(user.to_s).uid
+
+      user.is_a?(Integer) ? user : Etc.getpwnam(user.to_s).uid
     end
 
     # The gid that the subprocess will switch to. If the group attribute is
     # given as a group name, it is converted to a gid by Etc.getgrnam
     # TODO migrate to shellout/unix.rb
     def gid
-      return group.kind_of?(Integer) ? group : Etc.getgrnam(group.to_s).gid if group
+      return group.is_a?(Integer) ? group : Etc.getgrnam(group.to_s).gid if group
       return Etc.getpwuid(uid).gid if using_login?
+
       nil
     end
 
@@ -231,6 +233,7 @@ module Mixlib
     # results when the command exited with an unexpected status.
     def format_for_exception
       return "Command execution failed. STDOUT/STDERR suppressed for sensitive resource" if sensitive
+
       msg = ""
       msg << "#{@terminate_reason}\n" if @terminate_reason
       msg << "---- Begin output of #{command} ----\n"
@@ -363,6 +366,7 @@ module Mixlib
       if login && !user
         raise InvalidCommandOption, "cannot set login without specifying a user"
       end
+
       super
     end
   end

data/lib/mixlib/shellout/helper.rb

@@ -0,0 +1,209 @@
+#--
+# Author:: Daniel DeLeo (<dan@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative "../shellout"
+require "chef-utils"
+require "chef-utils/dsl/path_sanity"
+require "chef-utils/internal"
+
+module Mixlib
+  class ShellOut
+    module Helper
+      include ChefUtils::Internal
+      include ChefUtils::DSL::PathSanity
+
+      # PREFERRED APIS:
+      #
+      # all consumers should now call shell_out!/shell_out.
+      #
+      # the shell_out_compacted/shell_out_compacted! APIs are private but are intended for use
+      # in rspec tests, and should ideally always be used to make code refactoring that do not
+      # change behavior easier:
+      #
+      # allow(provider).to receive(:shell_out_compacted!).with("foo", "bar", "baz")
+      # provider.shell_out!("foo", [ "bar", nil, "baz"])
+      # provider.shell_out!(["foo", nil, "bar" ], ["baz"])
+      #
+      # note that shell_out_compacted also includes adding the magical timeout option to force
+      # people to setup expectations on that value explicitly.  it does not include the default_env
+      # mangling in order to avoid users having to setup an expectation on anything other than
+      # setting `default_env: false` and allow us to make tweak to the default_env without breaking
+      # a thousand unit tests.
+      #
+
+      def shell_out(*args, **options)
+        options = options.dup
+        options = __maybe_add_timeout(self, options)
+        if options.empty?
+          shell_out_compacted(*__clean_array(*args))
+        else
+          shell_out_compacted(*__clean_array(*args), **options)
+        end
+      end
+
+      def shell_out!(*args, **options)
+        options = options.dup
+        options = __maybe_add_timeout(self, options)
+        if options.empty?
+          shell_out_compacted!(*__clean_array(*args))
+        else
+          shell_out_compacted!(*__clean_array(*args), **options)
+        end
+      end
+
+      private
+
+      # helper sugar for resources that support passing timeouts to shell_out
+      #
+      # module method to not pollute namespaces, but that means we need self injected as an arg
+      # @api private
+      def __maybe_add_timeout(obj, options)
+        options = options.dup
+        # historically resources have not properly declared defaults on their timeouts, so a default default of 900s was enforced here
+        default_val = 900
+        return options if options.key?(:timeout)
+
+        # FIXME: need to nuke descendent tracker out of Chef::Provider so we can just define that class here without requiring the
+        # world, and then just use symbol lookup
+        if obj.class.ancestors.map(&:name).include?("Chef::Provider") && obj.respond_to?(:new_resource) && obj.new_resource.respond_to?(:timeout) && !options.key?(:timeout)
+          options[:timeout] = obj.new_resource.timeout ? obj.new_resource.timeout.to_f : default_val
+        end
+        options
+      end
+
+      # helper function to mangle options when `default_env` is true
+      #
+      # @api private
+      def __apply_default_env(options)
+        options = options.dup
+        default_env = options.delete(:default_env)
+        default_env = true if default_env.nil?
+        if default_env
+          env_key = options.key?(:env) ? :env : :environment
+          options[env_key] = {
+            "LC_ALL" => __config[:internal_locale],
+            "LANGUAGE" => __config[:internal_locale],
+            "LANG" => __config[:internal_locale],
+            __env_path_name => sanitized_path,
+          }.update(options[env_key] || {})
+        end
+        options
+      end
+
+      # this SHOULD be used for setting up expectations in rspec, see banner comment at top.
+      #
+      # the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
+      #
+      def shell_out_compacted(*args, **options)
+        options = __apply_default_env(options)
+        if options.empty?
+          __shell_out_command(*args)
+        else
+          __shell_out_command(*args, **options)
+        end
+      end
+
+      # this SHOULD be used for setting up expectations in rspec, see banner comment at top.
+      #
+      # the private constraint is meant to avoid code calling this directly, rspec expectations are fine.
+      #
+      def shell_out_compacted!(*args, **options)
+        options = __apply_default_env(options)
+        cmd = if options.empty?
+                __shell_out_command(*args)
+              else
+                __shell_out_command(*args, **options)
+              end
+        cmd.error!
+        cmd
+      end
+
+      # Helper for subclasses to reject nil out of an array.  It allows
+      # using the array form of shell_out (which avoids the need to surround arguments with
+      # quote marks to deal with shells).
+      #
+      # Usage:
+      #   shell_out!(*clean_array("useradd", universal_options, useradd_options, new_resource.username))
+      #
+      # universal_options and useradd_options can be nil, empty array, empty string, strings or arrays
+      # and the result makes sense.
+      #
+      # keeping this separate from shell_out!() makes it a bit easier to write expectations against the
+      # shell_out args and be able to omit nils and such in the tests (and to test that the nils are
+      # being rejected correctly).
+      #
+      # @param args [String] variable number of string arguments
+      # @return [Array] array of strings with nil and null string rejection
+
+      def __clean_array(*args)
+        args.flatten.compact.map(&:to_s)
+      end
+
+      def __shell_out_command(*args, **options)
+        if __transport_connection
+          FakeShellOut.new(args, options, __transport_connection.run_command(args.join(" "))) # FIXME: train should accept run_command(*args)
+        else
+          cmd = if options.empty?
+                  Mixlib::ShellOut.new(*args)
+                else
+                  Mixlib::ShellOut.new(*args, **options)
+                end
+          cmd.live_stream ||= __io_for_live_stream
+          cmd.run_command
+          cmd
+        end
+      end
+
+      def __io_for_live_stream
+        if STDOUT.tty? && !__config[:daemon] && __log.debug?
+          STDOUT
+        else
+          nil
+        end
+      end
+
+      def __env_path_name
+        if ChefUtils.windows?
+          "Path"
+        else
+          "PATH"
+        end
+      end
+
+      class FakeShellOut
+        attr_reader :stdout, :stderr, :exitstatus, :status
+
+        def initialize(args, options, result)
+          @args = args
+          @options = options
+          @stdout = result.stdout
+          @stderr = result.stderr
+          @exitstatus = result.exit_status
+          @status = OpenStruct.new(success?: ( exitstatus == 0 ))
+        end
+
+        def error?
+          exitstatus != 0
+        end
+
+        def error!
+          raise Mixlib::ShellOut::ShellCommandFailed, "Unexpected exit status of #{exitstatus} running #{@args}" if error?
+        end
+      end
+    end
+  end
+end

data/lib/mixlib/shellout/unix.rb

@@ -53,14 +53,16 @@ module Mixlib
       # to the user's secondary groups
       def sgids
         return nil unless using_login?
+
         user_name = Etc.getpwuid(uid).name
-        all_seconderies.select { |g| g.mem.include?(user_name) }.map { |g| g.gid }
+        all_seconderies.select { |g| g.mem.include?(user_name) }.map(&:gid)
       end
 
       # The environment variables that are deduced from simulating logon
       # Only valid if login is used
       def logon_environment
         return {} unless using_login?
+
         entry = Etc.getpwuid(uid)
         # According to `man su`, the set fields are:
         #  $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS
@@ -269,6 +271,7 @@ module Mixlib
       # Keep this unbuffered for now
       def write_to_child_stdin
         return unless input
+
         child_stdin << input
         child_stdin.close # Kick things off
       end
@@ -337,7 +340,7 @@ module Mixlib
           set_cwd
 
           begin
-            command.kind_of?(Array) ? exec(*command, close_others: true) : exec(command, close_others: true)
+            command.is_a?(Array) ? exec(*command, close_others: true) : exec(command, close_others: true)
 
             raise "forty-two" # Should never get here
           rescue Exception => e
@@ -365,6 +368,7 @@ module Mixlib
 
       def reap_errant_child
         return if attempt_reap
+
         @terminate_reason = "Command exceeded allowed execution time, process terminated"
         logger.error("Command exceeded allowed execution time, sending TERM") if logger
         Process.kill(:TERM, child_pgid)

data/lib/mixlib/shellout/version.rb

@@ -1,5 +1,5 @@
 module Mixlib
   class ShellOut
-    VERSION = "2.4.4".freeze
+    VERSION = "3.1.1".freeze
   end
 end

data/lib/mixlib/shellout/windows.rb

@@ -2,7 +2,7 @@
 # Author:: Daniel DeLeo (<dan@chef.io>)
 # Author:: John Keiser (<jkeiser@chef.io>)
 # Author:: Ho-Sheng Hsiao (<hosh@chef.io>)
-# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
+# Copyright:: Copyright (c) 2011-2019, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,7 +19,7 @@
 #
 
 require "win32/process"
-require "mixlib/shellout/windows/core_ext"
+require_relative "windows/core_ext"
 
 module Mixlib
   class ShellOut
@@ -66,7 +66,7 @@ module Mixlib
           #
           # Set cwd, environment, appname, etc.
           #
-          app_name, command_line = command_to_run(command)
+          app_name, command_line = command_to_run(combine_args(*command))
           create_process_args = {
             app_name: app_name,
             command_line: command_line,
@@ -88,7 +88,7 @@ module Mixlib
           #
           # Start the process
           #
-          process = Process.create(create_process_args)
+          process, profile, token = Process.create3(create_process_args)
           logger.debug(format_process(process, app_name, command_line, timeout)) if logger
           begin
             # Start pushing data into input
@@ -110,6 +110,7 @@ module Mixlib
                 unless GetExitCodeProcess(process.process_handle, exit_code)
                   raise get_last_error
                 end
+
                 @status = ThingThatLooksSortOfLikeAProcessStatus.new
                 @status.exitstatus = exit_code.unpack("l").first
 
@@ -143,6 +144,8 @@ module Mixlib
           ensure
             CloseHandle(process.thread_handle) if process.thread_handle
             CloseHandle(process.process_handle) if process.process_handle
+            Process.unload_user_profile(token, profile) if profile
+            CloseHandle(token) if token
           end
 
         ensure
@@ -168,8 +171,9 @@ module Mixlib
 
       def consume_output(open_streams, stdout_read, stderr_read)
         return false if open_streams.length == 0
+
         ready = IO.select(open_streams, nil, nil, READ_WAIT_TIME)
-        return true if ! ready
+        return true unless ready
 
         if ready.first.include?(stdout_read)
           begin
@@ -196,6 +200,47 @@ module Mixlib
         true
       end
 
+      # Use to support array passing semantics on windows
+      #
+      # 1.  strings with whitespace or quotes in them need quotes around them.
+      # 2.  interior quotes need to get backslash escaped (parser needs to know when it really ends).
+      # 3.  random backlsashes in paths themselves remain untouched.
+      # 4.  if the argument must be quoted by #1 and terminates in a sequence of backslashes then all the backlashes must themselves
+      #     be backslash excaped (double the backslashes).
+      # 5.  if an interior quote that must be escaped by #2 has a sequence of backslashes before it then all the backslashes must
+      #     themselves be backslash excaped along with the backslash ecape of the interior quote (double plus one backslashes).
+      #
+      # And to restate.  We are constructing a string which will be parsed by the windows parser into arguments, and we want those
+      # arguments to match the *args array we are passed here.  So call the windows parser operation A then we need to apply A^-1 to
+      # our args to construct the string so that applying A gives windows back our *args.
+      #
+      # And when the windows parser sees a series of backslashes followed by a double quote, it has to determine if that double quote
+      # is terminating or not, and how many backslashes to insert in the args.  So what it does is divide it by two (rounding down) to
+      # get the number of backslashes to insert.  Then if it is even the double quotes terminate the argument.  If it is even the
+      # double quotes are interior double quotes (the extra backslash quotes the double quote).
+      #
+      # We construct the inverse operation so interior double quotes preceeded by N backslashes get 2N+1 backslashes in front of the quote,
+      # while trailing N backslashes get 2N backslashes in front of the quote that terminates the argument.
+      #
+      # see: https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/
+      #
+      # @api private
+      # @param args [Array<String>] array of command arguments
+      # @return String
+      def combine_args(*args)
+        return args[0] if args.length == 1
+
+        args.map do |arg|
+          if arg =~ /[ \t\n\v"]/
+            arg = arg.gsub(/(\\*)"/, '\1\1\"') # interior quotes with N preceeding backslashes need 2N+1 backslashes
+            arg = arg.sub(/(\\+)$/, '\1\1') # trailing N backslashes need to become 2N backslashes
+            "\"#{arg}\""
+          else
+            arg
+          end
+        end.join(" ")
+      end
+
       def command_to_run(command)
         return run_under_cmd(command) if should_run_under_cmd?(command)
 
@@ -279,10 +324,12 @@ module Mixlib
             return true unless quote
           when "%"
             return true if env
+
             env = env_first_char = true
             next
           else
             next unless env
+
             if env_first_char
               env_first_char = false
               (env = false) && next if c !~ /[A-Za-z_]/
@@ -328,6 +375,7 @@ module Mixlib
 
       def unsafe_process?(name, logger)
         return false unless system_required_processes.include? name
+
         logger.debug(
           "A request to kill a critical system process - #{name} - was received and skipped."
         )
@@ -341,6 +389,7 @@ module Mixlib
       def kill_process_tree(pid, wmi, logger)
         wmi.query("select * from Win32_Process where ParentProcessID=#{pid}").each do |instance|
           next if unsafe_process?(instance.wmi_ole_object.name, logger)
+
           child_pid = instance.wmi_ole_object.processid
           kill_process_tree(child_pid, wmi, logger)
           kill_process(instance, logger)

data/lib/mixlib/shellout/windows/core_ext.rb

@@ -36,18 +36,56 @@ module Process::Constants
 
   ERROR_PRIVILEGE_NOT_HELD = 1314
   ERROR_LOGON_TYPE_NOT_GRANTED = 0x569
+
+  # Only documented in Userenv.h ???
+  # - ZERO (type Local) is assumed, no docs found
+  WIN32_PROFILETYPE_LOCAL                  = 0x00
+  WIN32_PROFILETYPE_PT_TEMPORARY           = 0x01
+  WIN32_PROFILETYPE_PT_ROAMING             = 0x02
+  WIN32_PROFILETYPE_PT_MANDATORY           = 0x04
+  WIN32_PROFILETYPE_PT_ROAMING_PREEXISTING = 0x08
+
+end
+
+# Structs required for data handling
+module Process::Structs
+
+  class PROFILEINFO < FFI::Struct
+    layout(
+      :dwSize,        :dword,
+      :dwFlags,       :dword,
+      :lpUserName,    :pointer,
+      :lpProfilePath, :pointer,
+      :lpDefaultPath, :pointer,
+      :lpServerName,  :pointer,
+      :lpPolicyPath,  :pointer,
+      :hProfile,      :handle
+    )
+  end
+
 end
 
 # Define the functions needed to check with Service windows station
 module Process::Functions
+  ffi_lib :userenv
+
+  attach_pfunc :GetProfileType,
+    [:pointer], :bool
+
+  attach_pfunc :LoadUserProfileW,
+    %i{handle pointer}, :bool
+
+  attach_pfunc :UnloadUserProfile,
+    %i{handle handle}, :bool
+
   ffi_lib :advapi32
 
   attach_pfunc :LogonUserW,
-    [:buffer_in, :buffer_in, :buffer_in, :ulong, :ulong, :pointer], :bool
+    %i{buffer_in buffer_in buffer_in ulong ulong pointer}, :bool
 
   attach_pfunc :CreateProcessAsUserW,
-    [:ulong, :buffer_in, :buffer_inout, :pointer, :pointer, :int,
-      :ulong, :buffer_in, :buffer_in, :pointer, :pointer], :bool
+    %i{ulong buffer_in buffer_inout pointer pointer int
+      ulong buffer_in buffer_in pointer pointer}, :bool
 
   ffi_lib :user32
 
@@ -55,7 +93,7 @@ module Process::Functions
     [], :ulong
 
   attach_pfunc :GetUserObjectInformationA,
-    [:ulong, :uint, :buffer_out, :ulong, :pointer], :bool
+    %i{ulong uint buffer_out ulong pointer}, :bool
 end
 
 # Override Process.create to check for running in the Service window station and doing
@@ -64,11 +102,18 @@ end
 # as of 2015-10-15 from commit cc066e5df25048f9806a610f54bf5f7f253e86f7
 module Process
 
+  class UnsupportedFeature < StandardError; end
+
   # Explicitly reopen singleton class so that class/constant declarations from
   # extensions are visible in Modules.nesting.
   class << self
+
     def create(args)
-      unless args.kind_of?(Hash)
+      create3(args).first
+    end
+
+    def create3(args)
+      unless args.is_a?(Hash)
         raise TypeError, "hash keyword arguments expected"
       end
 
@@ -85,9 +130,9 @@ module Process
 
       # Set default values
       hash = {
-        "app_name"       => nil,
+        "app_name" => nil,
         "creation_flags" => 0,
-        "close_handles"  => true,
+        "close_handles" => true,
       }
 
       # Validate the keys, and convert symbols and case to lowercase strings.
@@ -96,6 +141,7 @@ module Process
         unless valid_keys.include?(key)
           raise ArgumentError, "invalid key '#{key}'"
         end
+
         hash[key] = val
       end
 
@@ -108,6 +154,7 @@ module Process
           unless valid_si_keys.include?(key)
             raise ArgumentError, "invalid startup_info key '#{key}'"
           end
+
           si_hash[key] = val
         end
       end
@@ -238,6 +285,7 @@ module Process
       inherit = hash["inherit"] ? 1 : 0
 
       if hash["with_logon"]
+
         logon, passwd, domain = format_creds_from_hash(hash)
 
         hash["creation_flags"] |= CREATE_UNICODE_ENVIRONMENT
@@ -255,51 +303,42 @@ module Process
         # can simulate running a command 'elevated' by running it under a separate
         # logon as a batch process.
         if hash["elevated"] || winsta_name =~ /^Service-0x0-.*$/i
-          logon_type = if hash["elevated"]
-                         LOGON32_LOGON_BATCH
-                       else
-                         LOGON32_LOGON_INTERACTIVE
-                       end
 
-          token = logon_user(logon, domain, passwd, logon_type)
+          logon_type = hash["elevated"] ? LOGON32_LOGON_BATCH : LOGON32_LOGON_INTERACTIVE
+          token      = logon_user(logon, domain, passwd, logon_type)
+          logon_ptr  = FFI::MemoryPointer.from_string(logon)
+          profile    = PROFILEINFO.new.tap do |dat|
+            dat[:dwSize]     = dat.size
+            dat[:dwFlags]    = 1
+            dat[:lpUserName] = logon_ptr
+          end
+
+          if logon_has_roaming_profile?
+            msg = %w{
+              Mixlib does not currently support executing commands as users
+              configured with Roaming Profiles. [%s]
+            }.join(" ") % logon.encode("UTF-8").unpack("A*")
+            raise UnsupportedFeature.new(msg)
+          end
+
+          load_user_profile(token, profile.pointer)
+
+          create_process_as_user(token, app, cmd, process_security,
+            thread_security, inherit, hash["creation_flags"], env,
+            cwd, startinfo, procinfo)
 
-          create_process_as_user(token, app, cmd, process_security, thread_security, inherit, hash["creation_flags"], env, cwd, startinfo, procinfo)
         else
-          bool = CreateProcessWithLogonW(
-            logon,                  # User
-            domain,                 # Domain
-            passwd,                 # Password
-            LOGON_WITH_PROFILE,     # Logon flags
-            app,                    # App name
-            cmd,                    # Command line
-            hash["creation_flags"], # Creation flags
-            env,                    # Environment
-            cwd,                    # Working directory
-            startinfo,              # Startup Info
-            procinfo                # Process Info
-          )
 
-          unless bool
-            raise SystemCallError.new("CreateProcessWithLogonW", FFI.errno)
-          end
+          create_process_with_logon(logon, domain, passwd, LOGON_WITH_PROFILE,
+            app, cmd, hash["creation_flags"], env, cwd, startinfo, procinfo)
+
         end
+
       else
-        bool = CreateProcessW(
-          app,                    # App name
-          cmd,                    # Command line
-          process_security,       # Process attributes
-          thread_security,        # Thread attributes
-          inherit,                # Inherit handles?
-          hash["creation_flags"], # Creation flags
-          env,                    # Environment
-          cwd,                    # Working directory
-          startinfo,              # Startup Info
-          procinfo                # Process Info
-        )
-
-        unless bool
-          raise SystemCallError.new("CreateProcessW", FFI.errno)
-        end
+
+        create_process(app, cmd, process_security, thread_security, inherit,
+          hash["creation_flags"], env, cwd, startinfo, procinfo)
+
       end
 
       # Automatically close the process and thread handles in the
@@ -314,12 +353,122 @@ module Process
         procinfo[:hThread] = 0
       end
 
-      ProcessInfo.new(
+      process = ProcessInfo.new(
         procinfo[:hProcess],
         procinfo[:hThread],
         procinfo[:dwProcessId],
         procinfo[:dwThreadId]
       )
+
+      [ process, profile, token ]
+    end
+
+    # See Process::Constants::WIN32_PROFILETYPE
+    def logon_has_roaming_profile?
+      get_profile_type >= 2
+    end
+
+    def get_profile_type
+      ptr = FFI::MemoryPointer.new(:uint)
+      unless GetProfileType(ptr)
+        raise SystemCallError.new("GetProfileType", FFI.errno)
+      end
+
+      ptr.read_uint
+    end
+
+    def load_user_profile(token, profile_ptr)
+      unless LoadUserProfileW(token, profile_ptr)
+        raise SystemCallError.new("LoadUserProfileW", FFI.errno)
+      end
+
+      true
+    end
+
+    def unload_user_profile(token, profile)
+      if profile[:hProfile] == 0
+        warn "\n\nWARNING: Profile not loaded\n"
+      else
+        unless UnloadUserProfile(token, profile[:hProfile])
+          raise SystemCallError.new("UnloadUserProfile", FFI.errno)
+        end
+      end
+      true
+    end
+
+    def create_process_as_user(token, app, cmd, process_security,
+      thread_security, inherit, creation_flags, env, cwd, startinfo, procinfo)
+
+      bool = CreateProcessAsUserW(
+        token,            # User token handle
+        app,              # App name
+        cmd,              # Command line
+        process_security, # Process attributes
+        thread_security,  # Thread attributes
+        inherit,          # Inherit handles
+        creation_flags,   # Creation Flags
+        env,              # Environment
+        cwd,              # Working directory
+        startinfo,        # Startup Info
+        procinfo          # Process Info
+      )
+
+      unless bool
+        msg = case FFI.errno
+              when ERROR_PRIVILEGE_NOT_HELD
+                [
+                  %{CreateProcessAsUserW (User '%s' must hold the 'Replace a process},
+                  %{level token' and 'Adjust Memory Quotas for a process' permissions.},
+                  %{Logoff the user after adding this right to make it effective.)},
+                ].join(" ") % ::ENV["USERNAME"]
+              else
+                "CreateProcessAsUserW failed."
+              end
+        raise SystemCallError.new(msg, FFI.errno)
+      end
+    end
+
+    def create_process_with_logon(logon, domain, passwd, logon_flags, app, cmd,
+      creation_flags, env, cwd, startinfo, procinfo)
+
+      bool = CreateProcessWithLogonW(
+        logon,           # User
+        domain,          # Domain
+        passwd,          # Password
+        logon_flags,     # Logon flags
+        app,             # App name
+        cmd,             # Command line
+        creation_flags,  # Creation flags
+        env,             # Environment
+        cwd,             # Working directory
+        startinfo,       # Startup Info
+        procinfo         # Process Info
+      )
+
+      unless bool
+        raise SystemCallError.new("CreateProcessWithLogonW", FFI.errno)
+      end
+    end
+
+    def create_process(app, cmd, process_security, thread_security, inherit,
+      creation_flags, env, cwd, startinfo, procinfo)
+
+      bool = CreateProcessW(
+        app,               # App name
+        cmd,               # Command line
+        process_security,  # Process attributes
+        thread_security,   # Thread attributes
+        inherit,           # Inherit handles?
+        creation_flags,    # Creation flags
+        env,               # Environment
+        cwd,               # Working directory
+        startinfo,         # Startup Info
+        procinfo           # Process Info
+      )
+
+      unless bool
+        raise SystemCallError.new("CreateProcessW", FFI.errno)
+      end
     end
 
     def logon_user(user, domain, passwd, type, provider = LOGON32_PROVIDER_DEFAULT)
@@ -346,32 +495,6 @@ module Process
       token.read_ulong
     end
 
-    def create_process_as_user(token, app, cmd, process_security, thread_security, inherit, creation_flags, env, cwd, startinfo, procinfo)
-      bool = CreateProcessAsUserW(
-        token,                  # User token handle
-        app,                    # App name
-        cmd,                    # Command line
-        process_security,       # Process attributes
-        thread_security,        # Thread attributes
-        inherit,                # Inherit handles
-        creation_flags,         # Creation Flags
-        env,                    # Environment
-        cwd,                    # Working directory
-        startinfo,              # Startup Info
-        procinfo                # Process Info
-      )
-
-      unless bool
-        if FFI.errno == ERROR_PRIVILEGE_NOT_HELD
-          raise SystemCallError.new("CreateProcessAsUserW (User '#{::ENV['USERNAME']}' must hold the 'Replace a process level token' and 'Adjust Memory Quotas for a process' permissions. Logoff the user after adding this right to make it effective.)", FFI.errno)
-        else
-          raise SystemCallError.new("CreateProcessAsUserW failed.", FFI.errno)
-        end
-      end
-    ensure
-      CloseHandle(token)
-    end
-
     def get_windows_station_name
       winsta_name = FFI::MemoryPointer.new(:char, 256)
       return_size = FFI::MemoryPointer.new(:ulong)
@@ -406,5 +529,6 @@ module Process
 
       [ logon, passwd, domain ]
     end
+
   end
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: mixlib-shellout
 version: !ruby/object:Gem::Version
-  version: 2.4.4
+  version: 3.1.1
 platform: ruby
 authors:
 - Chef Software Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-12 00:00:00.000000000 Z
-dependencies: []
+date: 2020-07-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef-utils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Run external commands on Unix or Windows
 email: info@chef.io
 executables: []
@@ -19,6 +33,7 @@ files:
 - LICENSE
 - lib/mixlib/shellout.rb
 - lib/mixlib/shellout/exceptions.rb
+- lib/mixlib/shellout/helper.rb
 - lib/mixlib/shellout/unix.rb
 - lib/mixlib/shellout/version.rb
 - lib/mixlib/shellout/windows.rb
@@ -34,15 +49,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Run external commands on Unix or Windows