openvox 7.37.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1120) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +15 -0
  3. data/CODEOWNERS +11 -0
  4. data/CODE_OF_CONDUCT.md +70 -0
  5. data/CONTRIBUTING.md +161 -0
  6. data/Gemfile +82 -0
  7. data/Guardfile.example +76 -0
  8. data/LICENSE +202 -0
  9. data/README.md +68 -0
  10. data/Rakefile +160 -0
  11. data/bin/puppet +9 -0
  12. data/conf/environment.conf +18 -0
  13. data/conf/fileserver.conf +32 -0
  14. data/conf/hiera.yaml +11 -0
  15. data/conf/puppet.conf +6 -0
  16. data/examples/enc/regexp_nodes/classes/databases +2 -0
  17. data/examples/enc/regexp_nodes/classes/webservers +2 -0
  18. data/examples/enc/regexp_nodes/environment/development +2 -0
  19. data/examples/enc/regexp_nodes/parameters/service/prod +1 -0
  20. data/examples/enc/regexp_nodes/parameters/service/qa +3 -0
  21. data/examples/enc/regexp_nodes/parameters/service/sandbox +1 -0
  22. data/examples/enc/regexp_nodes/regexp_nodes.rb +270 -0
  23. data/examples/hiera/README.md +91 -0
  24. data/examples/hiera/etc/hiera.yaml +15 -0
  25. data/examples/hiera/etc/hieradb/common.yaml +3 -0
  26. data/examples/hiera/etc/hieradb/dc1.yaml +6 -0
  27. data/examples/hiera/etc/hieradb/development.yaml +2 -0
  28. data/examples/hiera/etc/puppet.conf +3 -0
  29. data/examples/hiera/modules/data/manifests/common.pp +4 -0
  30. data/examples/hiera/modules/ntp/manifests/config.pp +6 -0
  31. data/examples/hiera/modules/ntp/manifests/data.pp +4 -0
  32. data/examples/hiera/modules/ntp/templates/ntp.conf.erb +3 -0
  33. data/examples/hiera/modules/users/manifests/common.pp +4 -0
  34. data/examples/hiera/modules/users/manifests/dc1.pp +4 -0
  35. data/examples/hiera/modules/users/manifests/development.pp +4 -0
  36. data/examples/hiera/site.pp +3 -0
  37. data/examples/nagios/check_puppet.rb +123 -0
  38. data/ext/README.md +13 -0
  39. data/ext/build_defaults.yaml +18 -0
  40. data/ext/debian/puppet.default +4 -0
  41. data/ext/debian/puppet.init +113 -0
  42. data/ext/hiera/hiera.yaml +15 -0
  43. data/ext/osx/puppet.plist +32 -0
  44. data/ext/project_data.yaml +20 -0
  45. data/ext/redhat/client.init +169 -0
  46. data/ext/redhat/client.sysconfig +2 -0
  47. data/ext/solaris/smf/puppet +44 -0
  48. data/ext/solaris/smf/puppet.xml +46 -0
  49. data/ext/suse/client.init +141 -0
  50. data/ext/systemd/puppet.service +26 -0
  51. data/ext/windows/puppet_interactive.bat +6 -0
  52. data/ext/windows/puppet_shell.bat +9 -0
  53. data/ext/windows/run_puppet_interactive.bat +9 -0
  54. data/ext/windows/service/daemon.bat +6 -0
  55. data/ext/windows/service/daemon.rb +225 -0
  56. data/install.rb +499 -0
  57. data/lib/hiera/puppet_function.rb +84 -0
  58. data/lib/hiera/scope.rb +90 -0
  59. data/lib/hiera_puppet.rb +80 -0
  60. data/lib/puppet/agent/disabler.rb +53 -0
  61. data/lib/puppet/agent/locker.rb +46 -0
  62. data/lib/puppet/agent.rb +176 -0
  63. data/lib/puppet/application/agent.rb +523 -0
  64. data/lib/puppet/application/apply.rb +428 -0
  65. data/lib/puppet/application/catalog.rb +4 -0
  66. data/lib/puppet/application/config.rb +5 -0
  67. data/lib/puppet/application/describe.rb +253 -0
  68. data/lib/puppet/application/device.rb +439 -0
  69. data/lib/puppet/application/doc.rb +233 -0
  70. data/lib/puppet/application/epp.rb +5 -0
  71. data/lib/puppet/application/face_base.rb +276 -0
  72. data/lib/puppet/application/facts.rb +9 -0
  73. data/lib/puppet/application/filebucket.rb +318 -0
  74. data/lib/puppet/application/generate.rb +5 -0
  75. data/lib/puppet/application/help.rb +5 -0
  76. data/lib/puppet/application/indirection_base.rb +4 -0
  77. data/lib/puppet/application/lookup.rb +433 -0
  78. data/lib/puppet/application/module.rb +4 -0
  79. data/lib/puppet/application/node.rb +4 -0
  80. data/lib/puppet/application/parser.rb +5 -0
  81. data/lib/puppet/application/plugin.rb +4 -0
  82. data/lib/puppet/application/report.rb +4 -0
  83. data/lib/puppet/application/resource.rb +254 -0
  84. data/lib/puppet/application/script.rb +264 -0
  85. data/lib/puppet/application/ssl.rb +323 -0
  86. data/lib/puppet/application.rb +596 -0
  87. data/lib/puppet/application_support.rb +68 -0
  88. data/lib/puppet/coercion.rb +40 -0
  89. data/lib/puppet/compilable_resource_type.rb +15 -0
  90. data/lib/puppet/concurrent/lock.rb +16 -0
  91. data/lib/puppet/concurrent/synchronized.rb +15 -0
  92. data/lib/puppet/concurrent/thread_local_singleton.rb +17 -0
  93. data/lib/puppet/concurrent.rb +2 -0
  94. data/lib/puppet/configurer/downloader.rb +85 -0
  95. data/lib/puppet/configurer/fact_handler.rb +50 -0
  96. data/lib/puppet/configurer/plugin_handler.rb +59 -0
  97. data/lib/puppet/configurer.rb +755 -0
  98. data/lib/puppet/confine/any.rb +26 -0
  99. data/lib/puppet/confine/boolean.rb +45 -0
  100. data/lib/puppet/confine/exists.rb +19 -0
  101. data/lib/puppet/confine/false.rb +25 -0
  102. data/lib/puppet/confine/feature.rb +17 -0
  103. data/lib/puppet/confine/true.rb +26 -0
  104. data/lib/puppet/confine/variable.rb +59 -0
  105. data/lib/puppet/confine.rb +83 -0
  106. data/lib/puppet/confine_collection.rb +51 -0
  107. data/lib/puppet/confiner.rb +46 -0
  108. data/lib/puppet/context/trusted_information.rb +120 -0
  109. data/lib/puppet/context.rb +188 -0
  110. data/lib/puppet/daemon.rb +182 -0
  111. data/lib/puppet/data_binding.rb +14 -0
  112. data/lib/puppet/datatypes/error.rb +21 -0
  113. data/lib/puppet/datatypes/impl/error.rb +40 -0
  114. data/lib/puppet/datatypes.rb +213 -0
  115. data/lib/puppet/defaults.rb +2277 -0
  116. data/lib/puppet/environments.rb +601 -0
  117. data/lib/puppet/error.rb +138 -0
  118. data/lib/puppet/etc.rb +180 -0
  119. data/lib/puppet/external/dot.rb +325 -0
  120. data/lib/puppet/external/pson/common.rb +374 -0
  121. data/lib/puppet/external/pson/pure/generator.rb +395 -0
  122. data/lib/puppet/external/pson/pure/parser.rb +308 -0
  123. data/lib/puppet/external/pson/pure.rb +15 -0
  124. data/lib/puppet/external/pson/version.rb +8 -0
  125. data/lib/puppet/face/catalog/select.rb +49 -0
  126. data/lib/puppet/face/catalog.rb +165 -0
  127. data/lib/puppet/face/config.rb +267 -0
  128. data/lib/puppet/face/epp.rb +566 -0
  129. data/lib/puppet/face/facts.rb +174 -0
  130. data/lib/puppet/face/generate.rb +66 -0
  131. data/lib/puppet/face/help/action.erb +90 -0
  132. data/lib/puppet/face/help/face.erb +115 -0
  133. data/lib/puppet/face/help/global.erb +16 -0
  134. data/lib/puppet/face/help/man.erb +152 -0
  135. data/lib/puppet/face/help.rb +242 -0
  136. data/lib/puppet/face/module/changes.rb +43 -0
  137. data/lib/puppet/face/module/install.rb +146 -0
  138. data/lib/puppet/face/module/list.rb +272 -0
  139. data/lib/puppet/face/module/uninstall.rb +89 -0
  140. data/lib/puppet/face/module/upgrade.rb +87 -0
  141. data/lib/puppet/face/module.rb +19 -0
  142. data/lib/puppet/face/node/clean.rb +107 -0
  143. data/lib/puppet/face/node.rb +43 -0
  144. data/lib/puppet/face/parser.rb +227 -0
  145. data/lib/puppet/face/plugin.rb +60 -0
  146. data/lib/puppet/face/report.rb +54 -0
  147. data/lib/puppet/face/resource.rb +53 -0
  148. data/lib/puppet/face.rb +12 -0
  149. data/lib/puppet/facter_impl.rb +96 -0
  150. data/lib/puppet/feature/base.rb +76 -0
  151. data/lib/puppet/feature/bolt.rb +3 -0
  152. data/lib/puppet/feature/cfpropertylist.rb +3 -0
  153. data/lib/puppet/feature/eventlog.rb +5 -0
  154. data/lib/puppet/feature/hiera_eyaml.rb +3 -0
  155. data/lib/puppet/feature/hocon.rb +3 -0
  156. data/lib/puppet/feature/libuser.rb +8 -0
  157. data/lib/puppet/feature/msgpack.rb +3 -0
  158. data/lib/puppet/feature/pe_license.rb +4 -0
  159. data/lib/puppet/feature/selinux.rb +3 -0
  160. data/lib/puppet/feature/ssh.rb +3 -0
  161. data/lib/puppet/feature/telnet.rb +9 -0
  162. data/lib/puppet/feature/zlib.rb +5 -0
  163. data/lib/puppet/ffi/posix/constants.rb +14 -0
  164. data/lib/puppet/ffi/posix/functions.rb +24 -0
  165. data/lib/puppet/ffi/posix.rb +10 -0
  166. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  167. data/lib/puppet/ffi/windows/constants.rb +404 -0
  168. data/lib/puppet/ffi/windows/functions.rb +628 -0
  169. data/lib/puppet/ffi/windows/structs.rb +338 -0
  170. data/lib/puppet/ffi/windows.rb +12 -0
  171. data/lib/puppet/file_bucket/dipper.rb +174 -0
  172. data/lib/puppet/file_bucket/file.rb +129 -0
  173. data/lib/puppet/file_bucket.rb +4 -0
  174. data/lib/puppet/file_serving/base.rb +86 -0
  175. data/lib/puppet/file_serving/configuration/parser.rb +113 -0
  176. data/lib/puppet/file_serving/configuration.rb +113 -0
  177. data/lib/puppet/file_serving/content.rb +43 -0
  178. data/lib/puppet/file_serving/fileset.rb +186 -0
  179. data/lib/puppet/file_serving/http_metadata.rb +62 -0
  180. data/lib/puppet/file_serving/metadata.rb +171 -0
  181. data/lib/puppet/file_serving/mount/file.rb +122 -0
  182. data/lib/puppet/file_serving/mount/locales.rb +35 -0
  183. data/lib/puppet/file_serving/mount/modules.rb +26 -0
  184. data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
  185. data/lib/puppet/file_serving/mount/plugins.rb +35 -0
  186. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  187. data/lib/puppet/file_serving/mount/tasks.rb +23 -0
  188. data/lib/puppet/file_serving/mount.rb +38 -0
  189. data/lib/puppet/file_serving/terminus_helper.rb +31 -0
  190. data/lib/puppet/file_serving/terminus_selector.rb +31 -0
  191. data/lib/puppet/file_serving.rb +3 -0
  192. data/lib/puppet/file_system/file_impl.rb +188 -0
  193. data/lib/puppet/file_system/jruby.rb +23 -0
  194. data/lib/puppet/file_system/memory_file.rb +79 -0
  195. data/lib/puppet/file_system/memory_impl.rb +99 -0
  196. data/lib/puppet/file_system/path_pattern.rb +93 -0
  197. data/lib/puppet/file_system/posix.rb +47 -0
  198. data/lib/puppet/file_system/uniquefile.rb +188 -0
  199. data/lib/puppet/file_system/windows.rb +213 -0
  200. data/lib/puppet/file_system.rb +419 -0
  201. data/lib/puppet/forge/cache.rb +60 -0
  202. data/lib/puppet/forge/errors.rb +114 -0
  203. data/lib/puppet/forge/repository.rb +95 -0
  204. data/lib/puppet/forge.rb +259 -0
  205. data/lib/puppet/functions/abs.rb +61 -0
  206. data/lib/puppet/functions/alert.rb +14 -0
  207. data/lib/puppet/functions/all.rb +104 -0
  208. data/lib/puppet/functions/annotate.rb +108 -0
  209. data/lib/puppet/functions/any.rb +109 -0
  210. data/lib/puppet/functions/assert_type.rb +93 -0
  211. data/lib/puppet/functions/binary_file.rb +32 -0
  212. data/lib/puppet/functions/break.rb +47 -0
  213. data/lib/puppet/functions/call.rb +80 -0
  214. data/lib/puppet/functions/camelcase.rb +62 -0
  215. data/lib/puppet/functions/capitalize.rb +61 -0
  216. data/lib/puppet/functions/ceiling.rb +37 -0
  217. data/lib/puppet/functions/chomp.rb +57 -0
  218. data/lib/puppet/functions/chop.rb +67 -0
  219. data/lib/puppet/functions/compare.rb +125 -0
  220. data/lib/puppet/functions/contain.rb +55 -0
  221. data/lib/puppet/functions/convert_to.rb +34 -0
  222. data/lib/puppet/functions/crit.rb +14 -0
  223. data/lib/puppet/functions/debug.rb +14 -0
  224. data/lib/puppet/functions/defined.rb +159 -0
  225. data/lib/puppet/functions/dig.rb +67 -0
  226. data/lib/puppet/functions/downcase.rb +89 -0
  227. data/lib/puppet/functions/each.rb +167 -0
  228. data/lib/puppet/functions/emerg.rb +14 -0
  229. data/lib/puppet/functions/empty.rb +85 -0
  230. data/lib/puppet/functions/epp.rb +49 -0
  231. data/lib/puppet/functions/err.rb +14 -0
  232. data/lib/puppet/functions/eyaml_lookup_key.rb +102 -0
  233. data/lib/puppet/functions/filter.rb +137 -0
  234. data/lib/puppet/functions/find_file.rb +44 -0
  235. data/lib/puppet/functions/find_template.rb +63 -0
  236. data/lib/puppet/functions/flatten.rb +64 -0
  237. data/lib/puppet/functions/floor.rb +37 -0
  238. data/lib/puppet/functions/get.rb +150 -0
  239. data/lib/puppet/functions/getvar.rb +87 -0
  240. data/lib/puppet/functions/group_by.rb +62 -0
  241. data/lib/puppet/functions/hiera.rb +89 -0
  242. data/lib/puppet/functions/hiera_array.rb +81 -0
  243. data/lib/puppet/functions/hiera_hash.rb +92 -0
  244. data/lib/puppet/functions/hiera_include.rb +104 -0
  245. data/lib/puppet/functions/hocon_data.rb +41 -0
  246. data/lib/puppet/functions/import.rb +7 -0
  247. data/lib/puppet/functions/include.rb +53 -0
  248. data/lib/puppet/functions/index.rb +167 -0
  249. data/lib/puppet/functions/info.rb +14 -0
  250. data/lib/puppet/functions/inline_epp.rb +60 -0
  251. data/lib/puppet/functions/join.rb +56 -0
  252. data/lib/puppet/functions/json_data.rb +33 -0
  253. data/lib/puppet/functions/keys.rb +25 -0
  254. data/lib/puppet/functions/length.rb +44 -0
  255. data/lib/puppet/functions/lest.rb +55 -0
  256. data/lib/puppet/functions/lookup.rb +224 -0
  257. data/lib/puppet/functions/lstrip.rb +58 -0
  258. data/lib/puppet/functions/map.rb +135 -0
  259. data/lib/puppet/functions/match.rb +130 -0
  260. data/lib/puppet/functions/max.rb +183 -0
  261. data/lib/puppet/functions/min.rb +182 -0
  262. data/lib/puppet/functions/module_directory.rb +41 -0
  263. data/lib/puppet/functions/new.rb +1011 -0
  264. data/lib/puppet/functions/next.rb +33 -0
  265. data/lib/puppet/functions/notice.rb +14 -0
  266. data/lib/puppet/functions/partition.rb +62 -0
  267. data/lib/puppet/functions/reduce.rb +162 -0
  268. data/lib/puppet/functions/regsubst.rb +101 -0
  269. data/lib/puppet/functions/require.rb +77 -0
  270. data/lib/puppet/functions/return.rb +15 -0
  271. data/lib/puppet/functions/reverse_each.rb +94 -0
  272. data/lib/puppet/functions/round.rb +24 -0
  273. data/lib/puppet/functions/rstrip.rb +58 -0
  274. data/lib/puppet/functions/scanf.rb +44 -0
  275. data/lib/puppet/functions/size.rb +15 -0
  276. data/lib/puppet/functions/slice.rb +124 -0
  277. data/lib/puppet/functions/sort.rb +74 -0
  278. data/lib/puppet/functions/split.rb +76 -0
  279. data/lib/puppet/functions/step.rb +98 -0
  280. data/lib/puppet/functions/strftime.rb +212 -0
  281. data/lib/puppet/functions/strip.rb +58 -0
  282. data/lib/puppet/functions/then.rb +77 -0
  283. data/lib/puppet/functions/tree_each.rb +197 -0
  284. data/lib/puppet/functions/type.rb +72 -0
  285. data/lib/puppet/functions/unique.rb +132 -0
  286. data/lib/puppet/functions/unwrap.rb +59 -0
  287. data/lib/puppet/functions/upcase.rb +89 -0
  288. data/lib/puppet/functions/values.rb +25 -0
  289. data/lib/puppet/functions/versioncmp.rb +40 -0
  290. data/lib/puppet/functions/warning.rb +14 -0
  291. data/lib/puppet/functions/with.rb +32 -0
  292. data/lib/puppet/functions/yaml_data.rb +45 -0
  293. data/lib/puppet/functions.rb +862 -0
  294. data/lib/puppet/generate/models/type/property.rb +70 -0
  295. data/lib/puppet/generate/models/type/type.rb +65 -0
  296. data/lib/puppet/generate/templates/type/pcore.erb +42 -0
  297. data/lib/puppet/generate/type.rb +249 -0
  298. data/lib/puppet/gettext/config.rb +275 -0
  299. data/lib/puppet/gettext/module_translations.rb +42 -0
  300. data/lib/puppet/gettext/stubs.rb +11 -0
  301. data/lib/puppet/graph/key.rb +26 -0
  302. data/lib/puppet/graph/prioritizer.rb +29 -0
  303. data/lib/puppet/graph/rb_tree_map.rb +388 -0
  304. data/lib/puppet/graph/relationship_graph.rb +284 -0
  305. data/lib/puppet/graph/sequential_prioritizer.rb +31 -0
  306. data/lib/puppet/graph/simple_graph.rb +546 -0
  307. data/lib/puppet/graph.rb +9 -0
  308. data/lib/puppet/http/client.rb +525 -0
  309. data/lib/puppet/http/dns.rb +159 -0
  310. data/lib/puppet/http/errors.rb +48 -0
  311. data/lib/puppet/http/external_client.rb +88 -0
  312. data/lib/puppet/http/factory.rb +51 -0
  313. data/lib/puppet/http/pool.rb +172 -0
  314. data/lib/puppet/http/pool_entry.rb +17 -0
  315. data/lib/puppet/http/proxy.rb +137 -0
  316. data/lib/puppet/http/redirector.rb +85 -0
  317. data/lib/puppet/http/resolver/server_list.rb +87 -0
  318. data/lib/puppet/http/resolver/settings.rb +23 -0
  319. data/lib/puppet/http/resolver/srv.rb +41 -0
  320. data/lib/puppet/http/resolver.rb +48 -0
  321. data/lib/puppet/http/response.rb +102 -0
  322. data/lib/puppet/http/response_converter.rb +24 -0
  323. data/lib/puppet/http/response_net_http.rb +42 -0
  324. data/lib/puppet/http/retry_after_handler.rb +77 -0
  325. data/lib/puppet/http/service/ca.rb +101 -0
  326. data/lib/puppet/http/service/compiler.rb +353 -0
  327. data/lib/puppet/http/service/file_server.rb +198 -0
  328. data/lib/puppet/http/service/puppetserver.rb +53 -0
  329. data/lib/puppet/http/service/report.rb +64 -0
  330. data/lib/puppet/http/service.rb +182 -0
  331. data/lib/puppet/http/session.rb +122 -0
  332. data/lib/puppet/http/site.rb +42 -0
  333. data/lib/puppet/http.rb +46 -0
  334. data/lib/puppet/indirector/catalog/compiler.rb +431 -0
  335. data/lib/puppet/indirector/catalog/json.rb +40 -0
  336. data/lib/puppet/indirector/catalog/msgpack.rb +6 -0
  337. data/lib/puppet/indirector/catalog/rest.rb +49 -0
  338. data/lib/puppet/indirector/catalog/store_configs.rb +8 -0
  339. data/lib/puppet/indirector/catalog/yaml.rb +6 -0
  340. data/lib/puppet/indirector/code.rb +6 -0
  341. data/lib/puppet/indirector/data_binding/hiera.rb +7 -0
  342. data/lib/puppet/indirector/data_binding/none.rb +8 -0
  343. data/lib/puppet/indirector/direct_file_server.rb +17 -0
  344. data/lib/puppet/indirector/envelope.rb +11 -0
  345. data/lib/puppet/indirector/errors.rb +5 -0
  346. data/lib/puppet/indirector/exec.rb +38 -0
  347. data/lib/puppet/indirector/face.rb +153 -0
  348. data/lib/puppet/indirector/fact_search.rb +60 -0
  349. data/lib/puppet/indirector/facts/facter.rb +117 -0
  350. data/lib/puppet/indirector/facts/json.rb +27 -0
  351. data/lib/puppet/indirector/facts/memory.rb +9 -0
  352. data/lib/puppet/indirector/facts/network_device.rb +27 -0
  353. data/lib/puppet/indirector/facts/rest.rb +44 -0
  354. data/lib/puppet/indirector/facts/store_configs.rb +11 -0
  355. data/lib/puppet/indirector/facts/yaml.rb +29 -0
  356. data/lib/puppet/indirector/file_bucket_file/file.rb +262 -0
  357. data/lib/puppet/indirector/file_bucket_file/rest.rb +50 -0
  358. data/lib/puppet/indirector/file_bucket_file/selector.rb +53 -0
  359. data/lib/puppet/indirector/file_content/file.rb +7 -0
  360. data/lib/puppet/indirector/file_content/file_server.rb +7 -0
  361. data/lib/puppet/indirector/file_content/rest.rb +35 -0
  362. data/lib/puppet/indirector/file_content/selector.rb +30 -0
  363. data/lib/puppet/indirector/file_content.rb +5 -0
  364. data/lib/puppet/indirector/file_metadata/file.rb +7 -0
  365. data/lib/puppet/indirector/file_metadata/file_server.rb +7 -0
  366. data/lib/puppet/indirector/file_metadata/http.rb +47 -0
  367. data/lib/puppet/indirector/file_metadata/rest.rb +56 -0
  368. data/lib/puppet/indirector/file_metadata/selector.rb +30 -0
  369. data/lib/puppet/indirector/file_metadata.rb +5 -0
  370. data/lib/puppet/indirector/file_server.rb +54 -0
  371. data/lib/puppet/indirector/generic_http.rb +5 -0
  372. data/lib/puppet/indirector/hiera.rb +100 -0
  373. data/lib/puppet/indirector/indirection.rb +372 -0
  374. data/lib/puppet/indirector/json.rb +79 -0
  375. data/lib/puppet/indirector/memory.rb +34 -0
  376. data/lib/puppet/indirector/msgpack.rb +83 -0
  377. data/lib/puppet/indirector/node/exec.rb +70 -0
  378. data/lib/puppet/indirector/node/json.rb +8 -0
  379. data/lib/puppet/indirector/node/memory.rb +10 -0
  380. data/lib/puppet/indirector/node/msgpack.rb +7 -0
  381. data/lib/puppet/indirector/node/plain.rb +21 -0
  382. data/lib/puppet/indirector/node/rest.rb +29 -0
  383. data/lib/puppet/indirector/node/store_configs.rb +8 -0
  384. data/lib/puppet/indirector/node/yaml.rb +7 -0
  385. data/lib/puppet/indirector/none.rb +9 -0
  386. data/lib/puppet/indirector/plain.rb +9 -0
  387. data/lib/puppet/indirector/report/json.rb +34 -0
  388. data/lib/puppet/indirector/report/msgpack.rb +11 -0
  389. data/lib/puppet/indirector/report/processor.rb +60 -0
  390. data/lib/puppet/indirector/report/rest.rb +42 -0
  391. data/lib/puppet/indirector/report/yaml.rb +34 -0
  392. data/lib/puppet/indirector/request.rb +194 -0
  393. data/lib/puppet/indirector/resource/ral.rb +66 -0
  394. data/lib/puppet/indirector/resource/store_configs.rb +12 -0
  395. data/lib/puppet/indirector/resource/validator.rb +8 -0
  396. data/lib/puppet/indirector/rest.rb +64 -0
  397. data/lib/puppet/indirector/store_configs.rb +30 -0
  398. data/lib/puppet/indirector/terminus.rb +176 -0
  399. data/lib/puppet/indirector/yaml.rb +63 -0
  400. data/lib/puppet/indirector.rb +61 -0
  401. data/lib/puppet/info_service/class_information_service.rb +109 -0
  402. data/lib/puppet/info_service/plan_information_service.rb +36 -0
  403. data/lib/puppet/info_service/task_information_service.rb +44 -0
  404. data/lib/puppet/info_service.rb +26 -0
  405. data/lib/puppet/interface/action.rb +406 -0
  406. data/lib/puppet/interface/action_builder.rb +161 -0
  407. data/lib/puppet/interface/action_manager.rb +98 -0
  408. data/lib/puppet/interface/documentation.rb +357 -0
  409. data/lib/puppet/interface/face_collection.rb +137 -0
  410. data/lib/puppet/interface/option.rb +172 -0
  411. data/lib/puppet/interface/option_builder.rb +105 -0
  412. data/lib/puppet/interface/option_manager.rb +106 -0
  413. data/lib/puppet/interface.rb +239 -0
  414. data/lib/puppet/loaders.rb +30 -0
  415. data/lib/puppet/metatype/manager.rb +197 -0
  416. data/lib/puppet/module/plan.rb +159 -0
  417. data/lib/puppet/module/task.rb +283 -0
  418. data/lib/puppet/module.rb +475 -0
  419. data/lib/puppet/module_tool/applications/application.rb +91 -0
  420. data/lib/puppet/module_tool/applications/checksummer.rb +62 -0
  421. data/lib/puppet/module_tool/applications/installer.rb +411 -0
  422. data/lib/puppet/module_tool/applications/uninstaller.rb +119 -0
  423. data/lib/puppet/module_tool/applications/unpacker.rb +100 -0
  424. data/lib/puppet/module_tool/applications/upgrader.rb +282 -0
  425. data/lib/puppet/module_tool/applications.rb +12 -0
  426. data/lib/puppet/module_tool/checksums.rb +49 -0
  427. data/lib/puppet/module_tool/contents_description.rb +89 -0
  428. data/lib/puppet/module_tool/dependency.rb +41 -0
  429. data/lib/puppet/module_tool/errors/base.rb +15 -0
  430. data/lib/puppet/module_tool/errors/installer.rb +93 -0
  431. data/lib/puppet/module_tool/errors/shared.rb +227 -0
  432. data/lib/puppet/module_tool/errors/uninstaller.rb +50 -0
  433. data/lib/puppet/module_tool/errors/upgrader.rb +63 -0
  434. data/lib/puppet/module_tool/errors.rb +11 -0
  435. data/lib/puppet/module_tool/install_directory.rb +45 -0
  436. data/lib/puppet/module_tool/installed_modules.rb +96 -0
  437. data/lib/puppet/module_tool/local_tarball.rb +90 -0
  438. data/lib/puppet/module_tool/metadata.rb +221 -0
  439. data/lib/puppet/module_tool/shared_behaviors.rb +181 -0
  440. data/lib/puppet/module_tool/tar/gnu.rb +19 -0
  441. data/lib/puppet/module_tool/tar/mini.rb +116 -0
  442. data/lib/puppet/module_tool/tar.rb +18 -0
  443. data/lib/puppet/module_tool.rb +194 -0
  444. data/lib/puppet/network/authconfig.rb +7 -0
  445. data/lib/puppet/network/authorization.rb +19 -0
  446. data/lib/puppet/network/client_request.rb +29 -0
  447. data/lib/puppet/network/format.rb +110 -0
  448. data/lib/puppet/network/format_handler.rb +108 -0
  449. data/lib/puppet/network/format_support.rb +139 -0
  450. data/lib/puppet/network/formats.rb +329 -0
  451. data/lib/puppet/network/http/api/indirected_routes.rb +277 -0
  452. data/lib/puppet/network/http/api/indirection_type.rb +32 -0
  453. data/lib/puppet/network/http/api/master/v3/environments.rb +3 -0
  454. data/lib/puppet/network/http/api/master/v3.rb +3 -0
  455. data/lib/puppet/network/http/api/master.rb +3 -0
  456. data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
  457. data/lib/puppet/network/http/api/server/v3.rb +39 -0
  458. data/lib/puppet/network/http/api/server.rb +10 -0
  459. data/lib/puppet/network/http/api.rb +39 -0
  460. data/lib/puppet/network/http/connection.rb +286 -0
  461. data/lib/puppet/network/http/error.rb +73 -0
  462. data/lib/puppet/network/http/handler.rb +215 -0
  463. data/lib/puppet/network/http/issues.rb +12 -0
  464. data/lib/puppet/network/http/memory_response.rb +13 -0
  465. data/lib/puppet/network/http/request.rb +71 -0
  466. data/lib/puppet/network/http/response.rb +23 -0
  467. data/lib/puppet/network/http/route.rb +101 -0
  468. data/lib/puppet/network/http.rb +28 -0
  469. data/lib/puppet/network/http_pool.rb +77 -0
  470. data/lib/puppet/network/uri.rb +18 -0
  471. data/lib/puppet/network.rb +3 -0
  472. data/lib/puppet/node/environment.rb +635 -0
  473. data/lib/puppet/node/facts.rb +165 -0
  474. data/lib/puppet/node/server_facts.rb +46 -0
  475. data/lib/puppet/node.rb +256 -0
  476. data/lib/puppet/pal/catalog_compiler.rb +108 -0
  477. data/lib/puppet/pal/compiler.rb +222 -0
  478. data/lib/puppet/pal/function_signature.rb +52 -0
  479. data/lib/puppet/pal/json_catalog_encoder.rb +71 -0
  480. data/lib/puppet/pal/pal_api.rb +15 -0
  481. data/lib/puppet/pal/pal_impl.rb +590 -0
  482. data/lib/puppet/pal/plan_signature.rb +71 -0
  483. data/lib/puppet/pal/script_compiler.rb +73 -0
  484. data/lib/puppet/pal/task_signature.rb +58 -0
  485. data/lib/puppet/parameter/boolean.rb +15 -0
  486. data/lib/puppet/parameter/package_options.rb +31 -0
  487. data/lib/puppet/parameter/path.rb +57 -0
  488. data/lib/puppet/parameter/value.rb +91 -0
  489. data/lib/puppet/parameter/value_collection.rb +212 -0
  490. data/lib/puppet/parameter.rb +589 -0
  491. data/lib/puppet/parser/abstract_compiler.rb +36 -0
  492. data/lib/puppet/parser/ast/block_expression.rb +15 -0
  493. data/lib/puppet/parser/ast/branch.rb +19 -0
  494. data/lib/puppet/parser/ast/hostclass.rb +27 -0
  495. data/lib/puppet/parser/ast/leaf.rb +81 -0
  496. data/lib/puppet/parser/ast/node.rb +17 -0
  497. data/lib/puppet/parser/ast/pops_bridge.rb +245 -0
  498. data/lib/puppet/parser/ast/resource.rb +66 -0
  499. data/lib/puppet/parser/ast/resource_instance.rb +10 -0
  500. data/lib/puppet/parser/ast/resourceparam.rb +31 -0
  501. data/lib/puppet/parser/ast/top_level_construct.rb +4 -0
  502. data/lib/puppet/parser/ast.rb +61 -0
  503. data/lib/puppet/parser/catalog_compiler.rb +56 -0
  504. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +39 -0
  505. data/lib/puppet/parser/compiler/catalog_validator.rb +33 -0
  506. data/lib/puppet/parser/compiler.rb +615 -0
  507. data/lib/puppet/parser/e4_parser_adapter.rb +60 -0
  508. data/lib/puppet/parser/files.rb +93 -0
  509. data/lib/puppet/parser/functions/assert_type.rb +60 -0
  510. data/lib/puppet/parser/functions/binary_file.rb +24 -0
  511. data/lib/puppet/parser/functions/break.rb +39 -0
  512. data/lib/puppet/parser/functions/contain.rb +30 -0
  513. data/lib/puppet/parser/functions/create_resources.rb +110 -0
  514. data/lib/puppet/parser/functions/defined.rb +107 -0
  515. data/lib/puppet/parser/functions/dig.rb +38 -0
  516. data/lib/puppet/parser/functions/digest.rb +5 -0
  517. data/lib/puppet/parser/functions/each.rb +104 -0
  518. data/lib/puppet/parser/functions/epp.rb +39 -0
  519. data/lib/puppet/parser/functions/fail.rb +11 -0
  520. data/lib/puppet/parser/functions/file.rb +33 -0
  521. data/lib/puppet/parser/functions/filter.rb +79 -0
  522. data/lib/puppet/parser/functions/find_file.rb +28 -0
  523. data/lib/puppet/parser/functions/fqdn_rand.rb +44 -0
  524. data/lib/puppet/parser/functions/generate.rb +37 -0
  525. data/lib/puppet/parser/functions/hiera.rb +103 -0
  526. data/lib/puppet/parser/functions/hiera_array.rb +92 -0
  527. data/lib/puppet/parser/functions/hiera_hash.rb +102 -0
  528. data/lib/puppet/parser/functions/hiera_include.rb +101 -0
  529. data/lib/puppet/parser/functions/include.rb +34 -0
  530. data/lib/puppet/parser/functions/inline_epp.rb +51 -0
  531. data/lib/puppet/parser/functions/inline_template.rb +26 -0
  532. data/lib/puppet/parser/functions/lest.rb +49 -0
  533. data/lib/puppet/parser/functions/lookup.rb +132 -0
  534. data/lib/puppet/parser/functions/map.rb +76 -0
  535. data/lib/puppet/parser/functions/match.rb +43 -0
  536. data/lib/puppet/parser/functions/md5.rb +5 -0
  537. data/lib/puppet/parser/functions/new.rb +991 -0
  538. data/lib/puppet/parser/functions/next.rb +38 -0
  539. data/lib/puppet/parser/functions/realize.rb +20 -0
  540. data/lib/puppet/parser/functions/reduce.rb +137 -0
  541. data/lib/puppet/parser/functions/regsubst.rb +62 -0
  542. data/lib/puppet/parser/functions/require.rb +40 -0
  543. data/lib/puppet/parser/functions/return.rb +92 -0
  544. data/lib/puppet/parser/functions/reverse_each.rb +83 -0
  545. data/lib/puppet/parser/functions/scanf.rb +38 -0
  546. data/lib/puppet/parser/functions/sha1.rb +5 -0
  547. data/lib/puppet/parser/functions/sha256.rb +5 -0
  548. data/lib/puppet/parser/functions/shellquote.rb +61 -0
  549. data/lib/puppet/parser/functions/slice.rb +39 -0
  550. data/lib/puppet/parser/functions/split.rb +28 -0
  551. data/lib/puppet/parser/functions/sprintf.rb +61 -0
  552. data/lib/puppet/parser/functions/step.rb +84 -0
  553. data/lib/puppet/parser/functions/strftime.rb +185 -0
  554. data/lib/puppet/parser/functions/tag.rb +12 -0
  555. data/lib/puppet/parser/functions/tagged.rb +21 -0
  556. data/lib/puppet/parser/functions/template.rb +39 -0
  557. data/lib/puppet/parser/functions/then.rb +73 -0
  558. data/lib/puppet/parser/functions/type.rb +53 -0
  559. data/lib/puppet/parser/functions/versioncmp.rb +30 -0
  560. data/lib/puppet/parser/functions/with.rb +28 -0
  561. data/lib/puppet/parser/functions.rb +321 -0
  562. data/lib/puppet/parser/parser_factory.rb +30 -0
  563. data/lib/puppet/parser/relationship.rb +84 -0
  564. data/lib/puppet/parser/resource/param.rb +35 -0
  565. data/lib/puppet/parser/resource.rb +351 -0
  566. data/lib/puppet/parser/scope.rb +1127 -0
  567. data/lib/puppet/parser/script_compiler.rb +123 -0
  568. data/lib/puppet/parser/templatewrapper.rb +104 -0
  569. data/lib/puppet/parser/type_loader.rb +150 -0
  570. data/lib/puppet/parser.rb +20 -0
  571. data/lib/puppet/plugins/configuration.rb +29 -0
  572. data/lib/puppet/plugins/syntax_checkers.rb +98 -0
  573. data/lib/puppet/plugins.rb +9 -0
  574. data/lib/puppet/pops/adaptable.rb +197 -0
  575. data/lib/puppet/pops/adapters.rb +156 -0
  576. data/lib/puppet/pops/evaluator/access_operator.rb +719 -0
  577. data/lib/puppet/pops/evaluator/callable_signature.rb +107 -0
  578. data/lib/puppet/pops/evaluator/closure.rb +375 -0
  579. data/lib/puppet/pops/evaluator/collector_transformer.rb +234 -0
  580. data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +86 -0
  581. data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +29 -0
  582. data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +70 -0
  583. data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +38 -0
  584. data/lib/puppet/pops/evaluator/compare_operator.rb +254 -0
  585. data/lib/puppet/pops/evaluator/deferred_resolver.rb +225 -0
  586. data/lib/puppet/pops/evaluator/epp_evaluator.rb +120 -0
  587. data/lib/puppet/pops/evaluator/evaluator_impl.rb +1317 -0
  588. data/lib/puppet/pops/evaluator/external_syntax_support.rb +46 -0
  589. data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +82 -0
  590. data/lib/puppet/pops/evaluator/literal_evaluator.rb +100 -0
  591. data/lib/puppet/pops/evaluator/puppet_proc.rb +69 -0
  592. data/lib/puppet/pops/evaluator/relationship_operator.rb +185 -0
  593. data/lib/puppet/pops/evaluator/runtime3_converter.rb +221 -0
  594. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
  595. data/lib/puppet/pops/evaluator/runtime3_support.rb +535 -0
  596. data/lib/puppet/pops/functions/dispatch.rb +107 -0
  597. data/lib/puppet/pops/functions/dispatcher.rb +75 -0
  598. data/lib/puppet/pops/functions/function.rb +139 -0
  599. data/lib/puppet/pops/issue_reporter.rb +137 -0
  600. data/lib/puppet/pops/issues.rb +928 -0
  601. data/lib/puppet/pops/label_provider.rb +90 -0
  602. data/lib/puppet/pops/loader/base_loader.rb +178 -0
  603. data/lib/puppet/pops/loader/dependency_loader.rb +91 -0
  604. data/lib/puppet/pops/loader/gem_support.rb +51 -0
  605. data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
  606. data/lib/puppet/pops/loader/loader.rb +221 -0
  607. data/lib/puppet/pops/loader/loader_paths.rb +412 -0
  608. data/lib/puppet/pops/loader/module_loaders.rb +556 -0
  609. data/lib/puppet/pops/loader/predefined_loader.rb +28 -0
  610. data/lib/puppet/pops/loader/puppet_function_instantiator.rb +84 -0
  611. data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +93 -0
  612. data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +79 -0
  613. data/lib/puppet/pops/loader/ruby_data_type_instantiator.rb +39 -0
  614. data/lib/puppet/pops/loader/ruby_function_instantiator.rb +45 -0
  615. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +120 -0
  616. data/lib/puppet/pops/loader/runtime3_type_loader.rb +103 -0
  617. data/lib/puppet/pops/loader/simple_environment_loader.rb +20 -0
  618. data/lib/puppet/pops/loader/static_loader.rb +131 -0
  619. data/lib/puppet/pops/loader/task_instantiator.rb +44 -0
  620. data/lib/puppet/pops/loader/type_definition_instantiator.rb +100 -0
  621. data/lib/puppet/pops/loader/typed_name.rb +54 -0
  622. data/lib/puppet/pops/loader/uri_helper.rb +22 -0
  623. data/lib/puppet/pops/loaders.rb +546 -0
  624. data/lib/puppet/pops/lookup/configured_data_provider.rb +93 -0
  625. data/lib/puppet/pops/lookup/context.rb +199 -0
  626. data/lib/puppet/pops/lookup/data_adapter.rb +27 -0
  627. data/lib/puppet/pops/lookup/data_dig_function_provider.rb +145 -0
  628. data/lib/puppet/pops/lookup/data_hash_function_provider.rb +126 -0
  629. data/lib/puppet/pops/lookup/data_provider.rb +92 -0
  630. data/lib/puppet/pops/lookup/environment_data_provider.rb +35 -0
  631. data/lib/puppet/pops/lookup/explainer.rb +595 -0
  632. data/lib/puppet/pops/lookup/function_provider.rb +110 -0
  633. data/lib/puppet/pops/lookup/global_data_provider.rb +75 -0
  634. data/lib/puppet/pops/lookup/hiera_config.rb +775 -0
  635. data/lib/puppet/pops/lookup/interpolation.rb +155 -0
  636. data/lib/puppet/pops/lookup/invocation.rb +268 -0
  637. data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
  638. data/lib/puppet/pops/lookup/location_resolver.rb +99 -0
  639. data/lib/puppet/pops/lookup/lookup_adapter.rb +528 -0
  640. data/lib/puppet/pops/lookup/lookup_key.rb +99 -0
  641. data/lib/puppet/pops/lookup/lookup_key_function_provider.rb +92 -0
  642. data/lib/puppet/pops/lookup/module_data_provider.rb +89 -0
  643. data/lib/puppet/pops/lookup/sub_lookup.rb +92 -0
  644. data/lib/puppet/pops/lookup.rb +97 -0
  645. data/lib/puppet/pops/merge_strategy.rb +441 -0
  646. data/lib/puppet/pops/migration/migration_checker.rb +58 -0
  647. data/lib/puppet/pops/model/ast.pp +669 -0
  648. data/lib/puppet/pops/model/ast.rb +4675 -0
  649. data/lib/puppet/pops/model/ast_transformer.rb +131 -0
  650. data/lib/puppet/pops/model/factory.rb +1155 -0
  651. data/lib/puppet/pops/model/model_label_provider.rb +134 -0
  652. data/lib/puppet/pops/model/model_tree_dumper.rb +445 -0
  653. data/lib/puppet/pops/model/pn_transformer.rb +385 -0
  654. data/lib/puppet/pops/model/tree_dumper.rb +59 -0
  655. data/lib/puppet/pops/parser/code_merger.rb +29 -0
  656. data/lib/puppet/pops/parser/egrammar.ra +889 -0
  657. data/lib/puppet/pops/parser/eparser.rb +3184 -0
  658. data/lib/puppet/pops/parser/epp_parser.rb +51 -0
  659. data/lib/puppet/pops/parser/epp_support.rb +265 -0
  660. data/lib/puppet/pops/parser/evaluating_parser.rb +162 -0
  661. data/lib/puppet/pops/parser/heredoc_support.rb +153 -0
  662. data/lib/puppet/pops/parser/interpolation_support.rb +249 -0
  663. data/lib/puppet/pops/parser/lexer2.rb +777 -0
  664. data/lib/puppet/pops/parser/lexer_support.rb +221 -0
  665. data/lib/puppet/pops/parser/locatable.rb +23 -0
  666. data/lib/puppet/pops/parser/locator.rb +357 -0
  667. data/lib/puppet/pops/parser/parser_support.rb +251 -0
  668. data/lib/puppet/pops/parser/pn_parser.rb +317 -0
  669. data/lib/puppet/pops/parser/slurp_support.rb +118 -0
  670. data/lib/puppet/pops/patterns.rb +60 -0
  671. data/lib/puppet/pops/pcore.rb +135 -0
  672. data/lib/puppet/pops/pn.rb +236 -0
  673. data/lib/puppet/pops/puppet_stack.rb +61 -0
  674. data/lib/puppet/pops/resource/param.rb +55 -0
  675. data/lib/puppet/pops/resource/resource_type_impl.rb +294 -0
  676. data/lib/puppet/pops/resource/resource_type_set.pcore +22 -0
  677. data/lib/puppet/pops/semantic_error.rb +29 -0
  678. data/lib/puppet/pops/serialization/abstract_reader.rb +180 -0
  679. data/lib/puppet/pops/serialization/abstract_writer.rb +222 -0
  680. data/lib/puppet/pops/serialization/deserializer.rb +80 -0
  681. data/lib/puppet/pops/serialization/extension.rb +158 -0
  682. data/lib/puppet/pops/serialization/from_data_converter.rb +224 -0
  683. data/lib/puppet/pops/serialization/instance_reader.rb +19 -0
  684. data/lib/puppet/pops/serialization/instance_writer.rb +14 -0
  685. data/lib/puppet/pops/serialization/json.rb +297 -0
  686. data/lib/puppet/pops/serialization/json_path.rb +127 -0
  687. data/lib/puppet/pops/serialization/object.rb +70 -0
  688. data/lib/puppet/pops/serialization/serializer.rb +140 -0
  689. data/lib/puppet/pops/serialization/time_factory.rb +67 -0
  690. data/lib/puppet/pops/serialization/to_data_converter.rb +313 -0
  691. data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
  692. data/lib/puppet/pops/serialization.rb +43 -0
  693. data/lib/puppet/pops/time/timespan.rb +716 -0
  694. data/lib/puppet/pops/time/timestamp.rb +160 -0
  695. data/lib/puppet/pops/types/annotatable.rb +36 -0
  696. data/lib/puppet/pops/types/annotation.rb +71 -0
  697. data/lib/puppet/pops/types/class_loader.rb +132 -0
  698. data/lib/puppet/pops/types/implementation_registry.rb +134 -0
  699. data/lib/puppet/pops/types/iterable.rb +365 -0
  700. data/lib/puppet/pops/types/p_binary_type.rb +232 -0
  701. data/lib/puppet/pops/types/p_init_type.rb +238 -0
  702. data/lib/puppet/pops/types/p_meta_type.rb +94 -0
  703. data/lib/puppet/pops/types/p_object_type.rb +1117 -0
  704. data/lib/puppet/pops/types/p_object_type_extension.rb +228 -0
  705. data/lib/puppet/pops/types/p_runtime_type.rb +115 -0
  706. data/lib/puppet/pops/types/p_sem_ver_range_type.rb +190 -0
  707. data/lib/puppet/pops/types/p_sem_ver_type.rb +155 -0
  708. data/lib/puppet/pops/types/p_sensitive_type.rb +83 -0
  709. data/lib/puppet/pops/types/p_timespan_type.rb +192 -0
  710. data/lib/puppet/pops/types/p_timestamp_type.rb +73 -0
  711. data/lib/puppet/pops/types/p_type_set_type.rb +387 -0
  712. data/lib/puppet/pops/types/p_uri_type.rb +190 -0
  713. data/lib/puppet/pops/types/puppet_object.rb +40 -0
  714. data/lib/puppet/pops/types/recursion_guard.rb +136 -0
  715. data/lib/puppet/pops/types/ruby_generator.rb +472 -0
  716. data/lib/puppet/pops/types/ruby_method.rb +31 -0
  717. data/lib/puppet/pops/types/string_converter.rb +1134 -0
  718. data/lib/puppet/pops/types/tree_iterators.rb +254 -0
  719. data/lib/puppet/pops/types/type_acceptor.rb +25 -0
  720. data/lib/puppet/pops/types/type_asserter.rb +47 -0
  721. data/lib/puppet/pops/types/type_assertion_error.rb +27 -0
  722. data/lib/puppet/pops/types/type_calculator.rb +822 -0
  723. data/lib/puppet/pops/types/type_conversion_error.rb +15 -0
  724. data/lib/puppet/pops/types/type_factory.rb +631 -0
  725. data/lib/puppet/pops/types/type_formatter.rb +801 -0
  726. data/lib/puppet/pops/types/type_mismatch_describer.rb +1096 -0
  727. data/lib/puppet/pops/types/type_parser.rb +683 -0
  728. data/lib/puppet/pops/types/type_set_reference.rb +59 -0
  729. data/lib/puppet/pops/types/type_with_members.rb +43 -0
  730. data/lib/puppet/pops/types/types.rb +3633 -0
  731. data/lib/puppet/pops/utils.rb +119 -0
  732. data/lib/puppet/pops/validation/checker4_0.rb +1148 -0
  733. data/lib/puppet/pops/validation/tasks_checker.rb +93 -0
  734. data/lib/puppet/pops/validation/validator_factory_4_0.rb +45 -0
  735. data/lib/puppet/pops/validation.rb +459 -0
  736. data/lib/puppet/pops/visitable.rb +6 -0
  737. data/lib/puppet/pops/visitor.rb +122 -0
  738. data/lib/puppet/pops.rb +121 -0
  739. data/lib/puppet/property/boolean.rb +7 -0
  740. data/lib/puppet/property/ensure.rb +106 -0
  741. data/lib/puppet/property/keyvalue.rb +158 -0
  742. data/lib/puppet/property/list.rb +70 -0
  743. data/lib/puppet/property/ordered_list.rb +29 -0
  744. data/lib/puppet/property.rb +611 -0
  745. data/lib/puppet/provider/aix_object.rb +485 -0
  746. data/lib/puppet/provider/command.rb +25 -0
  747. data/lib/puppet/provider/confine.rb +6 -0
  748. data/lib/puppet/provider/exec/posix.rb +60 -0
  749. data/lib/puppet/provider/exec/shell.rb +25 -0
  750. data/lib/puppet/provider/exec/windows.rb +55 -0
  751. data/lib/puppet/provider/exec.rb +105 -0
  752. data/lib/puppet/provider/file/posix.rb +144 -0
  753. data/lib/puppet/provider/file/windows.rb +152 -0
  754. data/lib/puppet/provider/group/aix.rb +99 -0
  755. data/lib/puppet/provider/group/directoryservice.rb +22 -0
  756. data/lib/puppet/provider/group/groupadd.rb +174 -0
  757. data/lib/puppet/provider/group/ldap.rb +48 -0
  758. data/lib/puppet/provider/group/pw.rb +51 -0
  759. data/lib/puppet/provider/group/windows_adsi.rb +113 -0
  760. data/lib/puppet/provider/ldap.rb +141 -0
  761. data/lib/puppet/provider/nameservice/directoryservice.rb +512 -0
  762. data/lib/puppet/provider/nameservice/objectadd.rb +22 -0
  763. data/lib/puppet/provider/nameservice/pw.rb +21 -0
  764. data/lib/puppet/provider/nameservice.rb +293 -0
  765. data/lib/puppet/provider/network_device.rb +74 -0
  766. data/lib/puppet/provider/package/aix.rb +169 -0
  767. data/lib/puppet/provider/package/appdmg.rb +111 -0
  768. data/lib/puppet/provider/package/apple.rb +47 -0
  769. data/lib/puppet/provider/package/apt.rb +262 -0
  770. data/lib/puppet/provider/package/aptitude.rb +35 -0
  771. data/lib/puppet/provider/package/aptrpm.rb +83 -0
  772. data/lib/puppet/provider/package/blastwave.rb +112 -0
  773. data/lib/puppet/provider/package/dnf.rb +50 -0
  774. data/lib/puppet/provider/package/dnfmodule.rb +141 -0
  775. data/lib/puppet/provider/package/dpkg.rb +192 -0
  776. data/lib/puppet/provider/package/fink.rb +97 -0
  777. data/lib/puppet/provider/package/freebsd.rb +47 -0
  778. data/lib/puppet/provider/package/gem.rb +293 -0
  779. data/lib/puppet/provider/package/hpux.rb +44 -0
  780. data/lib/puppet/provider/package/macports.rb +110 -0
  781. data/lib/puppet/provider/package/nim.rb +291 -0
  782. data/lib/puppet/provider/package/openbsd.rb +260 -0
  783. data/lib/puppet/provider/package/opkg.rb +82 -0
  784. data/lib/puppet/provider/package/pacman.rb +273 -0
  785. data/lib/puppet/provider/package/pip.rb +346 -0
  786. data/lib/puppet/provider/package/pip2.rb +17 -0
  787. data/lib/puppet/provider/package/pip3.rb +17 -0
  788. data/lib/puppet/provider/package/pkg.rb +295 -0
  789. data/lib/puppet/provider/package/pkgdmg.rb +153 -0
  790. data/lib/puppet/provider/package/pkgin.rb +87 -0
  791. data/lib/puppet/provider/package/pkgng.rb +173 -0
  792. data/lib/puppet/provider/package/pkgutil.rb +187 -0
  793. data/lib/puppet/provider/package/portage.rb +310 -0
  794. data/lib/puppet/provider/package/ports.rb +91 -0
  795. data/lib/puppet/provider/package/portupgrade.rb +240 -0
  796. data/lib/puppet/provider/package/puppet_gem.rb +34 -0
  797. data/lib/puppet/provider/package/puppetserver_gem.rb +171 -0
  798. data/lib/puppet/provider/package/rpm.rb +250 -0
  799. data/lib/puppet/provider/package/rug.rb +51 -0
  800. data/lib/puppet/provider/package/sun.rb +133 -0
  801. data/lib/puppet/provider/package/sunfreeware.rb +9 -0
  802. data/lib/puppet/provider/package/tdnf.rb +28 -0
  803. data/lib/puppet/provider/package/up2date.rb +40 -0
  804. data/lib/puppet/provider/package/urpmi.rb +55 -0
  805. data/lib/puppet/provider/package/windows/exe_package.rb +106 -0
  806. data/lib/puppet/provider/package/windows/msi_package.rb +70 -0
  807. data/lib/puppet/provider/package/windows/package.rb +110 -0
  808. data/lib/puppet/provider/package/windows.rb +130 -0
  809. data/lib/puppet/provider/package/yum.rb +387 -0
  810. data/lib/puppet/provider/package/zypper.rb +206 -0
  811. data/lib/puppet/provider/package.rb +59 -0
  812. data/lib/puppet/provider/package_targetable.rb +69 -0
  813. data/lib/puppet/provider/parsedfile.rb +490 -0
  814. data/lib/puppet/provider/service/base.rb +139 -0
  815. data/lib/puppet/provider/service/bsd.rb +51 -0
  816. data/lib/puppet/provider/service/daemontools.rb +193 -0
  817. data/lib/puppet/provider/service/debian.rb +75 -0
  818. data/lib/puppet/provider/service/freebsd.rb +143 -0
  819. data/lib/puppet/provider/service/gentoo.rb +45 -0
  820. data/lib/puppet/provider/service/init.rb +192 -0
  821. data/lib/puppet/provider/service/launchd.rb +384 -0
  822. data/lib/puppet/provider/service/openbsd.rb +100 -0
  823. data/lib/puppet/provider/service/openrc.rb +71 -0
  824. data/lib/puppet/provider/service/openwrt.rb +36 -0
  825. data/lib/puppet/provider/service/rcng.rb +51 -0
  826. data/lib/puppet/provider/service/redhat.rb +72 -0
  827. data/lib/puppet/provider/service/runit.rb +106 -0
  828. data/lib/puppet/provider/service/service.rb +68 -0
  829. data/lib/puppet/provider/service/smf.rb +317 -0
  830. data/lib/puppet/provider/service/src.rb +147 -0
  831. data/lib/puppet/provider/service/systemd.rb +232 -0
  832. data/lib/puppet/provider/service/upstart.rb +385 -0
  833. data/lib/puppet/provider/service/windows.rb +182 -0
  834. data/lib/puppet/provider/user/aix.rb +361 -0
  835. data/lib/puppet/provider/user/directoryservice.rb +680 -0
  836. data/lib/puppet/provider/user/hpux.rb +95 -0
  837. data/lib/puppet/provider/user/ldap.rb +132 -0
  838. data/lib/puppet/provider/user/openbsd.rb +77 -0
  839. data/lib/puppet/provider/user/pw.rb +108 -0
  840. data/lib/puppet/provider/user/user_role_add.rb +239 -0
  841. data/lib/puppet/provider/user/useradd.rb +406 -0
  842. data/lib/puppet/provider/user/windows_adsi.rb +172 -0
  843. data/lib/puppet/provider.rb +612 -0
  844. data/lib/puppet/reference/configuration.rb +97 -0
  845. data/lib/puppet/reference/function.rb +17 -0
  846. data/lib/puppet/reference/indirection.rb +71 -0
  847. data/lib/puppet/reference/metaparameter.rb +33 -0
  848. data/lib/puppet/reference/providers.rb +117 -0
  849. data/lib/puppet/reference/report.rb +20 -0
  850. data/lib/puppet/reference/type.rb +109 -0
  851. data/lib/puppet/relationship.rb +84 -0
  852. data/lib/puppet/reports/http.rb +44 -0
  853. data/lib/puppet/reports/log.rb +14 -0
  854. data/lib/puppet/reports/store.rb +68 -0
  855. data/lib/puppet/reports.rb +93 -0
  856. data/lib/puppet/resource/catalog.rb +654 -0
  857. data/lib/puppet/resource/status.rb +229 -0
  858. data/lib/puppet/resource/type.rb +425 -0
  859. data/lib/puppet/resource/type_collection.rb +231 -0
  860. data/lib/puppet/resource.rb +663 -0
  861. data/lib/puppet/runtime.rb +65 -0
  862. data/lib/puppet/scheduler/job.rb +53 -0
  863. data/lib/puppet/scheduler/scheduler.rb +44 -0
  864. data/lib/puppet/scheduler/splay_job.rb +32 -0
  865. data/lib/puppet/scheduler/timer.rb +13 -0
  866. data/lib/puppet/scheduler.rb +16 -0
  867. data/lib/puppet/settings/alias_setting.rb +37 -0
  868. data/lib/puppet/settings/array_setting.rb +17 -0
  869. data/lib/puppet/settings/autosign_setting.rb +22 -0
  870. data/lib/puppet/settings/base_setting.rb +223 -0
  871. data/lib/puppet/settings/boolean_setting.rb +32 -0
  872. data/lib/puppet/settings/certificate_revocation_setting.rb +21 -0
  873. data/lib/puppet/settings/config_file.rb +146 -0
  874. data/lib/puppet/settings/directory_setting.rb +18 -0
  875. data/lib/puppet/settings/duration_setting.rb +32 -0
  876. data/lib/puppet/settings/enum_setting.rb +16 -0
  877. data/lib/puppet/settings/environment_conf.rb +224 -0
  878. data/lib/puppet/settings/errors.rb +11 -0
  879. data/lib/puppet/settings/file_or_directory_setting.rb +40 -0
  880. data/lib/puppet/settings/file_setting.rb +241 -0
  881. data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
  882. data/lib/puppet/settings/ini_file.rb +226 -0
  883. data/lib/puppet/settings/integer_setting.rb +17 -0
  884. data/lib/puppet/settings/path_setting.rb +8 -0
  885. data/lib/puppet/settings/port_setting.rb +15 -0
  886. data/lib/puppet/settings/priority_setting.rb +43 -0
  887. data/lib/puppet/settings/server_list_setting.rb +29 -0
  888. data/lib/puppet/settings/string_setting.rb +9 -0
  889. data/lib/puppet/settings/symbolic_enum_setting.rb +17 -0
  890. data/lib/puppet/settings/terminus_setting.rb +14 -0
  891. data/lib/puppet/settings/ttl_setting.rb +51 -0
  892. data/lib/puppet/settings/value_translator.rb +14 -0
  893. data/lib/puppet/settings.rb +1642 -0
  894. data/lib/puppet/ssl/base.rb +149 -0
  895. data/lib/puppet/ssl/certificate.rb +96 -0
  896. data/lib/puppet/ssl/certificate_request.rb +324 -0
  897. data/lib/puppet/ssl/certificate_request_attributes.rb +37 -0
  898. data/lib/puppet/ssl/certificate_signer.rb +39 -0
  899. data/lib/puppet/ssl/digest.rb +20 -0
  900. data/lib/puppet/ssl/error.rb +26 -0
  901. data/lib/puppet/ssl/oids.rb +197 -0
  902. data/lib/puppet/ssl/openssl_loader.rb +24 -0
  903. data/lib/puppet/ssl/ssl_context.rb +25 -0
  904. data/lib/puppet/ssl/ssl_provider.rb +350 -0
  905. data/lib/puppet/ssl/state_machine.rb +474 -0
  906. data/lib/puppet/ssl/verifier.rb +142 -0
  907. data/lib/puppet/ssl.rb +23 -0
  908. data/lib/puppet/syntax_checkers/base64.rb +40 -0
  909. data/lib/puppet/syntax_checkers/epp.rb +34 -0
  910. data/lib/puppet/syntax_checkers/json.rb +35 -0
  911. data/lib/puppet/syntax_checkers/pp.rb +34 -0
  912. data/lib/puppet/syntax_checkers.rb +3 -0
  913. data/lib/puppet/test/test_helper.rb +265 -0
  914. data/lib/puppet/thread_local.rb +4 -0
  915. data/lib/puppet/transaction/additional_resource_generator.rb +220 -0
  916. data/lib/puppet/transaction/event.rb +168 -0
  917. data/lib/puppet/transaction/event_manager.rb +179 -0
  918. data/lib/puppet/transaction/persistence.rb +119 -0
  919. data/lib/puppet/transaction/report.rb +504 -0
  920. data/lib/puppet/transaction/resource_harness.rb +323 -0
  921. data/lib/puppet/transaction.rb +491 -0
  922. data/lib/puppet/trusted_external.rb +41 -0
  923. data/lib/puppet/type/component.rb +89 -0
  924. data/lib/puppet/type/exec.rb +720 -0
  925. data/lib/puppet/type/file/checksum.rb +50 -0
  926. data/lib/puppet/type/file/checksum_value.rb +54 -0
  927. data/lib/puppet/type/file/content.rb +176 -0
  928. data/lib/puppet/type/file/ctime.rb +21 -0
  929. data/lib/puppet/type/file/data_sync.rb +98 -0
  930. data/lib/puppet/type/file/ensure.rb +195 -0
  931. data/lib/puppet/type/file/group.rb +48 -0
  932. data/lib/puppet/type/file/mode.rb +189 -0
  933. data/lib/puppet/type/file/mtime.rb +19 -0
  934. data/lib/puppet/type/file/owner.rb +51 -0
  935. data/lib/puppet/type/file/selcontext.rb +142 -0
  936. data/lib/puppet/type/file/source.rb +379 -0
  937. data/lib/puppet/type/file/target.rb +88 -0
  938. data/lib/puppet/type/file/type.rb +20 -0
  939. data/lib/puppet/type/file.rb +1133 -0
  940. data/lib/puppet/type/filebucket.rb +121 -0
  941. data/lib/puppet/type/group.rb +237 -0
  942. data/lib/puppet/type/notify.rb +47 -0
  943. data/lib/puppet/type/package.rb +713 -0
  944. data/lib/puppet/type/resources.rb +187 -0
  945. data/lib/puppet/type/schedule.rb +441 -0
  946. data/lib/puppet/type/service.rb +309 -0
  947. data/lib/puppet/type/stage.rb +27 -0
  948. data/lib/puppet/type/tidy.rb +376 -0
  949. data/lib/puppet/type/user.rb +859 -0
  950. data/lib/puppet/type/whit.rb +34 -0
  951. data/lib/puppet/type.rb +2676 -0
  952. data/lib/puppet/util/at_fork/noop.rb +18 -0
  953. data/lib/puppet/util/at_fork/solaris.rb +160 -0
  954. data/lib/puppet/util/at_fork.rb +35 -0
  955. data/lib/puppet/util/autoload.rb +215 -0
  956. data/lib/puppet/util/backups.rb +86 -0
  957. data/lib/puppet/util/character_encoding.rb +80 -0
  958. data/lib/puppet/util/checksums.rb +376 -0
  959. data/lib/puppet/util/classgen.rb +228 -0
  960. data/lib/puppet/util/colors.rb +100 -0
  961. data/lib/puppet/util/command_line/puppet_option_parser.rb +87 -0
  962. data/lib/puppet/util/command_line/trollop.rb +825 -0
  963. data/lib/puppet/util/command_line.rb +196 -0
  964. data/lib/puppet/util/constant_inflector.rb +24 -0
  965. data/lib/puppet/util/diff.rb +81 -0
  966. data/lib/puppet/util/docs.rb +128 -0
  967. data/lib/puppet/util/errors.rb +159 -0
  968. data/lib/puppet/util/execution.rb +424 -0
  969. data/lib/puppet/util/execution_stub.rb +26 -0
  970. data/lib/puppet/util/feature.rb +129 -0
  971. data/lib/puppet/util/file_watcher.rb +28 -0
  972. data/lib/puppet/util/fileparsing.rb +408 -0
  973. data/lib/puppet/util/filetype.rb +358 -0
  974. data/lib/puppet/util/http_proxy.rb +4 -0
  975. data/lib/puppet/util/inifile.rb +340 -0
  976. data/lib/puppet/util/instance_loader.rb +66 -0
  977. data/lib/puppet/util/json.rb +92 -0
  978. data/lib/puppet/util/json_lockfile.rb +44 -0
  979. data/lib/puppet/util/ldap/connection.rb +73 -0
  980. data/lib/puppet/util/ldap/generator.rb +42 -0
  981. data/lib/puppet/util/ldap/manager.rb +284 -0
  982. data/lib/puppet/util/ldap.rb +2 -0
  983. data/lib/puppet/util/libuser.conf +15 -0
  984. data/lib/puppet/util/libuser.rb +12 -0
  985. data/lib/puppet/util/limits.rb +12 -0
  986. data/lib/puppet/util/lockfile.rb +66 -0
  987. data/lib/puppet/util/log/destination.rb +49 -0
  988. data/lib/puppet/util/log/destinations.rb +253 -0
  989. data/lib/puppet/util/log.rb +427 -0
  990. data/lib/puppet/util/logging.rb +300 -0
  991. data/lib/puppet/util/metaid.rb +21 -0
  992. data/lib/puppet/util/metric.rb +65 -0
  993. data/lib/puppet/util/monkey_patches.rb +122 -0
  994. data/lib/puppet/util/multi_match.rb +51 -0
  995. data/lib/puppet/util/network_device/base.rb +23 -0
  996. data/lib/puppet/util/network_device/config.rb +105 -0
  997. data/lib/puppet/util/network_device/transport/base.rb +26 -0
  998. data/lib/puppet/util/network_device/transport.rb +5 -0
  999. data/lib/puppet/util/network_device.rb +17 -0
  1000. data/lib/puppet/util/package/version/debian.rb +175 -0
  1001. data/lib/puppet/util/package/version/gem.rb +15 -0
  1002. data/lib/puppet/util/package/version/pip.rb +167 -0
  1003. data/lib/puppet/util/package/version/range/eq.rb +14 -0
  1004. data/lib/puppet/util/package/version/range/gt.rb +14 -0
  1005. data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
  1006. data/lib/puppet/util/package/version/range/lt.rb +14 -0
  1007. data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
  1008. data/lib/puppet/util/package/version/range/min_max.rb +21 -0
  1009. data/lib/puppet/util/package/version/range/simple.rb +11 -0
  1010. data/lib/puppet/util/package/version/range.rb +53 -0
  1011. data/lib/puppet/util/package/version/rpm.rb +73 -0
  1012. data/lib/puppet/util/package.rb +40 -0
  1013. data/lib/puppet/util/pidlock.rb +102 -0
  1014. data/lib/puppet/util/platform.rb +70 -0
  1015. data/lib/puppet/util/plist.rb +161 -0
  1016. data/lib/puppet/util/posix.rb +203 -0
  1017. data/lib/puppet/util/profiler/aggregate.rb +85 -0
  1018. data/lib/puppet/util/profiler/around_profiler.rb +67 -0
  1019. data/lib/puppet/util/profiler/logging.rb +48 -0
  1020. data/lib/puppet/util/profiler/object_counts.rb +17 -0
  1021. data/lib/puppet/util/profiler/wall_clock.rb +35 -0
  1022. data/lib/puppet/util/profiler.rb +53 -0
  1023. data/lib/puppet/util/provider_features.rb +179 -0
  1024. data/lib/puppet/util/psych_support.rb +30 -0
  1025. data/lib/puppet/util/rdoc/code_objects.rb +295 -0
  1026. data/lib/puppet/util/rdoc/generators/puppet_generator.rb +912 -0
  1027. data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +1085 -0
  1028. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +259 -0
  1029. data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
  1030. data/lib/puppet/util/rdoc/parser.rb +12 -0
  1031. data/lib/puppet/util/rdoc.rb +53 -0
  1032. data/lib/puppet/util/reference.rb +119 -0
  1033. data/lib/puppet/util/resource_template.rb +61 -0
  1034. data/lib/puppet/util/retry_action.rb +46 -0
  1035. data/lib/puppet/util/rpm_compare.rb +193 -0
  1036. data/lib/puppet/util/rubygems.rb +67 -0
  1037. data/lib/puppet/util/run_mode.rb +122 -0
  1038. data/lib/puppet/util/selinux.rb +297 -0
  1039. data/lib/puppet/util/skip_tags.rb +13 -0
  1040. data/lib/puppet/util/splayer.rb +18 -0
  1041. data/lib/puppet/util/storage.rb +100 -0
  1042. data/lib/puppet/util/suidmanager.rb +166 -0
  1043. data/lib/puppet/util/symbolic_file_mode.rb +156 -0
  1044. data/lib/puppet/util/tag_set.rb +27 -0
  1045. data/lib/puppet/util/tagging.rb +132 -0
  1046. data/lib/puppet/util/terminal.rb +16 -0
  1047. data/lib/puppet/util/user_attr.rb +21 -0
  1048. data/lib/puppet/util/warnings.rb +31 -0
  1049. data/lib/puppet/util/watched_file.rb +37 -0
  1050. data/lib/puppet/util/watcher/change_watcher.rb +33 -0
  1051. data/lib/puppet/util/watcher/periodic_watcher.rb +37 -0
  1052. data/lib/puppet/util/watcher/timer.rb +19 -0
  1053. data/lib/puppet/util/watcher.rb +17 -0
  1054. data/lib/puppet/util/windows/access_control_entry.rb +84 -0
  1055. data/lib/puppet/util/windows/access_control_list.rb +113 -0
  1056. data/lib/puppet/util/windows/adsi.rb +654 -0
  1057. data/lib/puppet/util/windows/com.rb +225 -0
  1058. data/lib/puppet/util/windows/daemon.rb +343 -0
  1059. data/lib/puppet/util/windows/error.rb +84 -0
  1060. data/lib/puppet/util/windows/eventlog.rb +187 -0
  1061. data/lib/puppet/util/windows/file.rb +355 -0
  1062. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  1063. data/lib/puppet/util/windows/principal.rb +201 -0
  1064. data/lib/puppet/util/windows/process.rb +364 -0
  1065. data/lib/puppet/util/windows/registry.rb +441 -0
  1066. data/lib/puppet/util/windows/root_certs.rb +108 -0
  1067. data/lib/puppet/util/windows/security.rb +907 -0
  1068. data/lib/puppet/util/windows/security_descriptor.rb +62 -0
  1069. data/lib/puppet/util/windows/service.rb +696 -0
  1070. data/lib/puppet/util/windows/sid.rb +289 -0
  1071. data/lib/puppet/util/windows/string.rb +15 -0
  1072. data/lib/puppet/util/windows/user.rb +550 -0
  1073. data/lib/puppet/util/windows.rb +51 -0
  1074. data/lib/puppet/util/yaml.rb +65 -0
  1075. data/lib/puppet/util.rb +808 -0
  1076. data/lib/puppet/vendor/require_vendored.rb +4 -0
  1077. data/lib/puppet/vendor.rb +57 -0
  1078. data/lib/puppet/version.rb +95 -0
  1079. data/lib/puppet/x509/cert_provider.rb +369 -0
  1080. data/lib/puppet/x509/pem_store.rb +55 -0
  1081. data/lib/puppet/x509.rb +11 -0
  1082. data/lib/puppet.rb +345 -0
  1083. data/lib/puppet_pal.rb +8 -0
  1084. data/lib/puppet_x.rb +14 -0
  1085. data/locales/config.yaml +29 -0
  1086. data/locales/en/puppet.po +19 -0
  1087. data/locales/puppet.pot +20 -0
  1088. data/man/man5/puppet.conf.5 +2198 -0
  1089. data/man/man8/puppet-agent.8 +203 -0
  1090. data/man/man8/puppet-apply.8 +100 -0
  1091. data/man/man8/puppet-catalog.8 +291 -0
  1092. data/man/man8/puppet-config.8 +151 -0
  1093. data/man/man8/puppet-describe.8 +51 -0
  1094. data/man/man8/puppet-device.8 +119 -0
  1095. data/man/man8/puppet-doc.8 +46 -0
  1096. data/man/man8/puppet-epp.8 +377 -0
  1097. data/man/man8/puppet-facts.8 +234 -0
  1098. data/man/man8/puppet-filebucket.8 +166 -0
  1099. data/man/man8/puppet-generate.8 +84 -0
  1100. data/man/man8/puppet-help.8 +67 -0
  1101. data/man/man8/puppet-lookup.8 +107 -0
  1102. data/man/man8/puppet-module.8 +325 -0
  1103. data/man/man8/puppet-node.8 +163 -0
  1104. data/man/man8/puppet-parser.8 +130 -0
  1105. data/man/man8/puppet-plugin.8 +73 -0
  1106. data/man/man8/puppet-report.8 +127 -0
  1107. data/man/man8/puppet-resource.8 +88 -0
  1108. data/man/man8/puppet-script.8 +70 -0
  1109. data/man/man8/puppet-ssl.8 +63 -0
  1110. data/man/man8/puppet.8 +28 -0
  1111. data/tasks/benchmark.rake +180 -0
  1112. data/tasks/ci.rake +24 -0
  1113. data/tasks/generate_ast_model.rake +90 -0
  1114. data/tasks/generate_cert_fixtures.rake +194 -0
  1115. data/tasks/manpages.rake +67 -0
  1116. data/tasks/memwalk.rake +195 -0
  1117. data/tasks/parallel.rake +410 -0
  1118. data/tasks/parser.rake +22 -0
  1119. data/tasks/yard.rake +59 -0
  1120. metadata +1324 -0
@@ -0,0 +1,907 @@
1
+ # This class maps POSIX owner, group, and modes to the Windows
2
+ # security model, and back.
3
+ #
4
+ # The primary goal of this mapping is to ensure that owner, group, and
5
+ # modes can be round-tripped in a consistent and deterministic
6
+ # way. Otherwise, Puppet might think file resources are out-of-sync
7
+ # every time it runs. A secondary goal is to provide equivalent
8
+ # permissions for common use-cases. For example, setting the owner to
9
+ # "Administrators", group to "Users", and mode to 750 (which also
10
+ # denies access to everyone else.
11
+ #
12
+ # There are some well-known problems mapping windows and POSIX
13
+ # permissions due to differences between the two security
14
+ # models. Search for "POSIX permission mapping leak". In POSIX, access
15
+ # to a file is determined solely based on the most specific class
16
+ # (user, group, other). So a mode of 460 would deny write access to
17
+ # the owner even if they are a member of the group. But in Windows,
18
+ # the entire access control list is walked until the user is
19
+ # explicitly denied or allowed (denied take precedence, and if neither
20
+ # occurs they are denied). As a result, a user could be allowed access
21
+ # based on their group membership. To solve this problem, other people
22
+ # have used deny access control entries to more closely model POSIX,
23
+ # but this introduces a lot of complexity.
24
+ #
25
+ # In general, this implementation only supports "typical" permissions,
26
+ # where group permissions are a subset of user, and other permissions
27
+ # are a subset of group, e.g. 754, but not 467. However, there are
28
+ # some Windows quirks to be aware of.
29
+ #
30
+ # * The owner can be either a user or group SID, and most system files
31
+ # are owned by the Administrators group.
32
+ # * The group can be either a user or group SID.
33
+ # * Unexpected results can occur if the owner and group are the
34
+ # same, but the user and group classes are different, e.g. 750. In
35
+ # this case, it is not possible to allow write access to the owner,
36
+ # but not the group. As a result, the actual permissions set on the
37
+ # file would be 770.
38
+ # * In general, only privileged users can set the owner, group, or
39
+ # change the mode for files they do not own. In 2003, the user must
40
+ # be a member of the Administrators group. In Vista/2008, the user
41
+ # must be running with elevated privileges.
42
+ # * A file/dir can be deleted by anyone with the DELETE access right
43
+ # OR by anyone that has the FILE_DELETE_CHILD access right for the
44
+ # parent. See https://support.microsoft.com/kb/238018. But on Unix,
45
+ # the user must have write access to the file/dir AND execute access
46
+ # to all of the parent path components.
47
+ # * Many access control entries are inherited from parent directories,
48
+ # and it is common for file/dirs to have more than 3 entries,
49
+ # e.g. Users, Power Users, Administrators, SYSTEM, etc, which cannot
50
+ # be mapped into the 3 class POSIX model. The get_mode method will
51
+ # set the S_IEXTRA bit flag indicating that an access control entry
52
+ # was found whose SID is neither the owner, group, or other. This
53
+ # enables Puppet to detect when file/dirs are out-of-sync,
54
+ # especially those that Puppet did not create, but is attempting
55
+ # to manage.
56
+ # * A special case of this is S_ISYSTEM_MISSING, which is set when the
57
+ # SYSTEM permissions are *not* present on the DACL.
58
+ # * On Unix, the owner and group can be modified without changing the
59
+ # mode. But on Windows, an access control entry specifies which SID
60
+ # it applies to. As a result, the set_owner and set_group methods
61
+ # automatically rebuild the access control list based on the new
62
+ # (and different) owner or group.
63
+
64
+ require_relative '../../../puppet/util/windows'
65
+ require 'pathname'
66
+ require 'ffi'
67
+
68
+ module Puppet::Util::Windows::Security
69
+ include Puppet::Util::Windows::String
70
+
71
+ extend Puppet::Util::Windows::Security
72
+ extend FFI::Library
73
+
74
+ # file modes
75
+ S_IRUSR = 0000400
76
+ S_IRGRP = 0000040
77
+ S_IROTH = 0000004
78
+ S_IWUSR = 0000200
79
+ S_IWGRP = 0000020
80
+ S_IWOTH = 0000002
81
+ S_IXUSR = 0000100
82
+ S_IXGRP = 0000010
83
+ S_IXOTH = 0000001
84
+ S_IRWXU = 0000700
85
+ S_IRWXG = 0000070
86
+ S_IRWXO = 0000007
87
+ S_ISVTX = 0001000
88
+ S_IEXTRA = 02000000 # represents an extra ace
89
+ S_ISYSTEM_MISSING = 04000000
90
+
91
+ # constants that are missing from Windows::Security
92
+ PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000
93
+ UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
94
+ NO_INHERITANCE = 0x0
95
+ SE_DACL_PROTECTED = 0x1000
96
+
97
+ FILE = Puppet::Util::Windows::File
98
+
99
+ SE_BACKUP_NAME = 'SeBackupPrivilege'
100
+ SE_DEBUG_NAME = 'SeDebugPrivilege'
101
+ SE_RESTORE_NAME = 'SeRestorePrivilege'
102
+
103
+ DELETE = 0x00010000
104
+ READ_CONTROL = 0x20000
105
+ WRITE_DAC = 0x40000
106
+ WRITE_OWNER = 0x80000
107
+
108
+ OWNER_SECURITY_INFORMATION = 1
109
+ GROUP_SECURITY_INFORMATION = 2
110
+ DACL_SECURITY_INFORMATION = 4
111
+
112
+ # Set the owner of the object referenced by +path+ to the specified
113
+ # +owner_sid+. The owner sid should be of the form "S-1-5-32-544"
114
+ # and can either be a user or group. Only a user with the
115
+ # SE_RESTORE_NAME privilege in their process token can overwrite the
116
+ # object's owner to something other than the current user.
117
+ def set_owner(owner_sid, path)
118
+ sd = get_security_descriptor(path)
119
+
120
+ if owner_sid != sd.owner
121
+ sd.owner = owner_sid
122
+ set_security_descriptor(path, sd)
123
+ end
124
+ end
125
+
126
+ # Get the owner of the object referenced by +path+. The returned
127
+ # value is a SID string, e.g. "S-1-5-32-544". Any user with read
128
+ # access to an object can get the owner. Only a user with the
129
+ # SE_BACKUP_NAME privilege in their process token can get the owner
130
+ # for objects they do not have read access to.
131
+ def get_owner(path)
132
+ return unless supports_acl?(path)
133
+
134
+ get_security_descriptor(path).owner
135
+ end
136
+
137
+ # Set the owner of the object referenced by +path+ to the specified
138
+ # +group_sid+. The group sid should be of the form "S-1-5-32-544"
139
+ # and can either be a user or group. Any user with WRITE_OWNER
140
+ # access to the object can change the group (regardless of whether
141
+ # the current user belongs to that group or not).
142
+ def set_group(group_sid, path)
143
+ sd = get_security_descriptor(path)
144
+
145
+ if group_sid != sd.group
146
+ sd.group = group_sid
147
+ set_security_descriptor(path, sd)
148
+ end
149
+ end
150
+
151
+ # Get the group of the object referenced by +path+. The returned
152
+ # value is a SID string, e.g. "S-1-5-32-544". Any user with read
153
+ # access to an object can get the group. Only a user with the
154
+ # SE_BACKUP_NAME privilege in their process token can get the group
155
+ # for objects they do not have read access to.
156
+ def get_group(path)
157
+ return unless supports_acl?(path)
158
+
159
+ get_security_descriptor(path).group
160
+ end
161
+
162
+ FILE_PERSISTENT_ACLS = 0x00000008
163
+
164
+ def supports_acl?(path)
165
+ supported = false
166
+ root = Pathname.new(path).enum_for(:ascend).to_a.last.to_s
167
+ # 'A trailing backslash is required'
168
+ root = "#{root}\\" unless root =~ /[\/\\]$/
169
+
170
+ FFI::MemoryPointer.new(:pointer, 1) do |flags_ptr|
171
+ if GetVolumeInformationW(wide_string(root), FFI::Pointer::NULL, 0,
172
+ FFI::Pointer::NULL, FFI::Pointer::NULL,
173
+ flags_ptr, FFI::Pointer::NULL, 0) == FFI::WIN32_FALSE
174
+ raise Puppet::Util::Windows::Error.new(_("Failed to get volume information"))
175
+ end
176
+ supported = flags_ptr.read_dword & FILE_PERSISTENT_ACLS == FILE_PERSISTENT_ACLS
177
+ end
178
+
179
+ supported
180
+ end
181
+
182
+ MASK_TO_MODE = {
183
+ FILE::FILE_GENERIC_READ => S_IROTH,
184
+ FILE::FILE_GENERIC_WRITE => S_IWOTH,
185
+ (FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES) => S_IXOTH
186
+ }
187
+
188
+ def get_aces_for_path_by_sid(path, sid)
189
+ get_security_descriptor(path).dacl.select { |ace| ace.sid == sid }
190
+ end
191
+
192
+ # Get the mode of the object referenced by +path+. The returned
193
+ # integer value represents the POSIX-style read, write, and execute
194
+ # modes for the user, group, and other classes, e.g. 0640. Any user
195
+ # with read access to an object can get the mode. Only a user with
196
+ # the SE_BACKUP_NAME privilege in their process token can get the
197
+ # mode for objects they do not have read access to.
198
+ def get_mode(path)
199
+ return unless supports_acl?(path)
200
+
201
+ well_known_world_sid = Puppet::Util::Windows::SID::Everyone
202
+ well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
203
+ well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
204
+ well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
205
+
206
+ mode = S_ISYSTEM_MISSING
207
+
208
+ sd = get_security_descriptor(path)
209
+ sd.dacl.each do |ace|
210
+ next if ace.inherit_only?
211
+
212
+ case ace.sid
213
+ when sd.owner
214
+ MASK_TO_MODE.each_pair do |k,v|
215
+ if (ace.mask & k) == k
216
+ mode |= (v << 6)
217
+ end
218
+ end
219
+ when sd.group
220
+ MASK_TO_MODE.each_pair do |k,v|
221
+ if (ace.mask & k) == k
222
+ mode |= (v << 3)
223
+ end
224
+ end
225
+ when well_known_world_sid
226
+ MASK_TO_MODE.each_pair do |k,v|
227
+ if (ace.mask & k) == k
228
+ mode |= (v << 6) | (v << 3) | v
229
+ end
230
+ end
231
+ if File.directory?(path) &&
232
+ (ace.mask & (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE | FILE::FILE_DELETE_CHILD)) == (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE)
233
+ mode |= S_ISVTX;
234
+ end
235
+ when well_known_nobody_sid
236
+ if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
237
+ mode |= S_ISVTX
238
+ end
239
+ when well_known_app_packages_sid
240
+ when well_known_system_sid
241
+ else
242
+ #puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"
243
+ mode |= S_IEXTRA
244
+ end
245
+
246
+ if ace.sid == well_known_system_sid
247
+ mode &= ~S_ISYSTEM_MISSING
248
+ end
249
+
250
+ # if owner and group the same, then user and group modes are the OR of both
251
+ if sd.owner == sd.group
252
+ mode |= ((mode & S_IRWXG) << 3) | ((mode & S_IRWXU) >> 3)
253
+ #puts "owner: #{sd.group}, 0x#{ace.mask.to_s(16)}, #{mode.to_s(8)}"
254
+ end
255
+ end
256
+
257
+ #puts "get_mode: #{mode.to_s(8)}"
258
+ mode
259
+ end
260
+
261
+ MODE_TO_MASK = {
262
+ S_IROTH => FILE::FILE_GENERIC_READ,
263
+ S_IWOTH => FILE::FILE_GENERIC_WRITE,
264
+ S_IXOTH => (FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES),
265
+ }
266
+
267
+ # Set the mode of the object referenced by +path+ to the specified
268
+ # +mode+. The mode should be specified as POSIX-style read, write,
269
+ # and execute modes for the user, group, and other classes,
270
+ # e.g. 0640. The sticky bit, S_ISVTX, is supported, but is only
271
+ # meaningful for directories. If set, group and others are not
272
+ # allowed to delete child objects for which they are not the owner.
273
+ # By default, the DACL is set to protected, meaning it does not
274
+ # inherit access control entries from parent objects. This can be
275
+ # changed by setting +protected+ to false. The owner of the object
276
+ # (with READ_CONTROL and WRITE_DACL access) can always change the
277
+ # mode. Only a user with the SE_BACKUP_NAME and SE_RESTORE_NAME
278
+ # privileges in their process token can change the mode for objects
279
+ # that they do not have read and write access to.
280
+ def set_mode(mode, path, protected = true, managing_owner = false, managing_group = false)
281
+ sd = get_security_descriptor(path)
282
+ well_known_world_sid = Puppet::Util::Windows::SID::Everyone
283
+ well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
284
+ well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
285
+
286
+ owner_allow = FILE::STANDARD_RIGHTS_ALL |
287
+ FILE::FILE_READ_ATTRIBUTES |
288
+ FILE::FILE_WRITE_ATTRIBUTES
289
+ # this prevents a mode that is not 7 from taking ownership of a file based
290
+ # on group membership and rewriting it / making it executable
291
+ group_allow = FILE::STANDARD_RIGHTS_READ |
292
+ FILE::FILE_READ_ATTRIBUTES |
293
+ FILE::SYNCHRONIZE
294
+ other_allow = FILE::STANDARD_RIGHTS_READ |
295
+ FILE::FILE_READ_ATTRIBUTES |
296
+ FILE::SYNCHRONIZE
297
+ nobody_allow = 0
298
+ system_allow = 0
299
+
300
+ MODE_TO_MASK.each do |k,v|
301
+ if ((mode >> 6) & k) == k
302
+ owner_allow |= v
303
+ end
304
+ if ((mode >> 3) & k) == k
305
+ group_allow |= v
306
+ end
307
+ if (mode & k) == k
308
+ other_allow |= v
309
+ end
310
+ end
311
+
312
+ # With a mode value of '7' for group / other, the value must then include
313
+ # additional perms beyond STANDARD_RIGHTS_READ to allow DACL modification
314
+ if ((mode & S_IRWXG) == S_IRWXG)
315
+ group_allow |= FILE::DELETE | FILE::WRITE_DAC | FILE::WRITE_OWNER
316
+ end
317
+ if ((mode & S_IRWXO) == S_IRWXO)
318
+ other_allow |= FILE::DELETE | FILE::WRITE_DAC | FILE::WRITE_OWNER
319
+ end
320
+
321
+ if (mode & S_ISVTX).nonzero?
322
+ nobody_allow |= FILE::FILE_APPEND_DATA;
323
+ end
324
+
325
+ isownergroup = sd.owner == sd.group
326
+
327
+ # caller is NOT managing SYSTEM by using group or owner, so set to FULL
328
+ if ! [sd.owner, sd.group].include? well_known_system_sid
329
+ # we don't check S_ISYSTEM_MISSING bit, but automatically carry over existing SYSTEM perms
330
+ # by default set SYSTEM perms to full
331
+ system_allow = FILE::FILE_ALL_ACCESS
332
+ else
333
+ # It is possible to set SYSTEM with a mode other than Full Control (7) however this makes no sense and in practical terms
334
+ # should not be done. We can trap these instances and correct them before being applied.
335
+ if (sd.owner == well_known_system_sid) && (owner_allow != FILE::FILE_ALL_ACCESS)
336
+ # If owner and group are both SYSTEM but group is unmanaged the control rights of system will be set to FullControl by
337
+ # the unmanaged group, so there is no need for the warning
338
+ if managing_owner && (!isownergroup || managing_group)
339
+ #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
340
+ Puppet.warning _("Setting control rights for %{path} owner SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
341
+ elsif managing_owner && isownergroup
342
+ #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
343
+ Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but group is not managed directly: SYSTEM user rights will be set to FullControl by group") % { path: path } }
344
+ else
345
+ #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
346
+ Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the owner, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
347
+ owner_allow = FILE::FILE_ALL_ACCESS
348
+ end
349
+ end
350
+
351
+ if (sd.group == well_known_system_sid) && (group_allow != FILE::FILE_ALL_ACCESS)
352
+ # If owner and group are both SYSTEM but owner is unmanaged the control rights of system will be set to FullControl by
353
+ # the unmanaged owner, so there is no need for the warning.
354
+ if managing_group && (!isownergroup || managing_owner)
355
+ #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
356
+ Puppet.warning _("Setting control rights for %{path} group SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
357
+ elsif managing_group && isownergroup
358
+ #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
359
+ Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but owner is not managed directly: SYSTEM user rights will be set to FullControl by owner") % { path: path } }
360
+ else
361
+ #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
362
+ Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the group, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
363
+ group_allow = FILE::FILE_ALL_ACCESS
364
+ end
365
+ end
366
+ end
367
+
368
+ # even though FILE_DELETE_CHILD only applies to directories, it can be set on files
369
+ # this is necessary to do to ensure a file ends up with (F) FullControl
370
+ if (mode & (S_IWUSR | S_IXUSR)) == (S_IWUSR | S_IXUSR)
371
+ owner_allow |= FILE::FILE_DELETE_CHILD
372
+ end
373
+ if (mode & (S_IWGRP | S_IXGRP)) == (S_IWGRP | S_IXGRP) && (mode & S_ISVTX) == 0
374
+ group_allow |= FILE::FILE_DELETE_CHILD
375
+ end
376
+ if (mode & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH) && (mode & S_ISVTX) == 0
377
+ other_allow |= FILE::FILE_DELETE_CHILD
378
+ end
379
+
380
+ # if owner and group the same, then map group permissions to the one owner ACE
381
+ if isownergroup
382
+ owner_allow |= group_allow
383
+ end
384
+
385
+ # if any ACE allows write, then clear readonly bit, but do this before we overwrite
386
+ # the DACl and lose our ability to set the attribute
387
+ if ((owner_allow | group_allow | other_allow ) & FILE::FILE_WRITE_DATA) == FILE::FILE_WRITE_DATA
388
+ FILE.remove_attributes(path, FILE::FILE_ATTRIBUTE_READONLY)
389
+ end
390
+
391
+ isdir = File.directory?(path)
392
+ dacl = Puppet::Util::Windows::AccessControlList.new
393
+ dacl.allow(sd.owner, owner_allow)
394
+ unless isownergroup
395
+ dacl.allow(sd.group, group_allow)
396
+ end
397
+ dacl.allow(well_known_world_sid, other_allow)
398
+ dacl.allow(well_known_nobody_sid, nobody_allow)
399
+
400
+ # TODO: system should be first?
401
+ flags = !isdir ? 0 :
402
+ Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE |
403
+ Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
404
+ dacl.allow(well_known_system_sid, system_allow, flags)
405
+
406
+ # add inherit-only aces for child dirs and files that are created within the dir
407
+ inherit_only = Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
408
+ if isdir
409
+ inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE
410
+ dacl.allow(Puppet::Util::Windows::SID::CreatorOwner, owner_allow, inherit)
411
+ dacl.allow(Puppet::Util::Windows::SID::CreatorGroup, group_allow, inherit)
412
+
413
+ inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
414
+ # allow any previously set bits *except* for these
415
+ perms_to_strip = ~(FILE::FILE_EXECUTE + FILE::WRITE_OWNER + FILE::WRITE_DAC)
416
+ dacl.allow(Puppet::Util::Windows::SID::CreatorOwner, owner_allow & perms_to_strip, inherit)
417
+ dacl.allow(Puppet::Util::Windows::SID::CreatorGroup, group_allow & perms_to_strip, inherit)
418
+ end
419
+
420
+ new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, dacl, protected)
421
+ set_security_descriptor(path, new_sd)
422
+
423
+ nil
424
+ end
425
+
426
+ ACL_REVISION = 2
427
+
428
+ def add_access_allowed_ace(acl, mask, sid, inherit = nil)
429
+ inherit ||= NO_INHERITANCE
430
+
431
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
432
+ if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
433
+ raise Puppet::Util::Windows::Error.new(_("Invalid SID"))
434
+ end
435
+
436
+ if AddAccessAllowedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
437
+ raise Puppet::Util::Windows::Error.new(_("Failed to add access control entry"))
438
+ end
439
+ end
440
+
441
+ # ensure this method is void if it doesn't raise
442
+ nil
443
+ end
444
+
445
+ def add_access_denied_ace(acl, mask, sid, inherit = nil)
446
+ inherit ||= NO_INHERITANCE
447
+
448
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
449
+ if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
450
+ raise Puppet::Util::Windows::Error.new(_("Invalid SID"))
451
+ end
452
+
453
+ if AddAccessDeniedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
454
+ raise Puppet::Util::Windows::Error.new(_("Failed to add access control entry"))
455
+ end
456
+ end
457
+
458
+ # ensure this method is void if it doesn't raise
459
+ nil
460
+ end
461
+
462
+ def parse_dacl(dacl_ptr)
463
+ # REMIND: need to handle NULL DACL
464
+ if IsValidAcl(dacl_ptr) == FFI::WIN32_FALSE
465
+ raise Puppet::Util::Windows::Error.new(_("Invalid DACL"))
466
+ end
467
+
468
+ dacl_struct = ACL.new(dacl_ptr)
469
+ ace_count = dacl_struct[:AceCount]
470
+
471
+ dacl = Puppet::Util::Windows::AccessControlList.new
472
+
473
+ # deny all
474
+ return dacl if ace_count == 0
475
+
476
+ 0.upto(ace_count - 1) do |i|
477
+ FFI::MemoryPointer.new(:pointer, 1) do |ace_ptr|
478
+
479
+ next if GetAce(dacl_ptr, i, ace_ptr) == FFI::WIN32_FALSE
480
+
481
+ # ACE structures vary depending on the type. We are only concerned with
482
+ # ACCESS_ALLOWED_ACE and ACCESS_DENIED_ACEs, which have the same layout
483
+ ace = GENERIC_ACCESS_ACE.new(ace_ptr.get_pointer(0)) #deref LPVOID *
484
+
485
+ ace_type = ace[:Header][:AceType]
486
+ if ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE &&
487
+ ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
488
+ Puppet.warning _("Unsupported access control entry type: 0x%{type}") % { type: ace_type.to_s(16) }
489
+ next
490
+ end
491
+
492
+ # using pointer addition gives the FFI::Pointer a size, but that's OK here
493
+ sid = Puppet::Util::Windows::SID.sid_ptr_to_string(ace.pointer + GENERIC_ACCESS_ACE.offset_of(:SidStart))
494
+ mask = ace[:Mask]
495
+ ace_flags = ace[:Header][:AceFlags]
496
+
497
+ case ace_type
498
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
499
+ dacl.allow(sid, mask, ace_flags)
500
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
501
+ dacl.deny(sid, mask, ace_flags)
502
+ end
503
+ end
504
+ end
505
+
506
+ dacl
507
+ end
508
+
509
+ # Open an existing file with the specified access mode, and execute a
510
+ # block with the opened file HANDLE.
511
+ def open_file(path, access, &block)
512
+ handle = CreateFileW(
513
+ wide_string(path),
514
+ access,
515
+ FILE::FILE_SHARE_READ | FILE::FILE_SHARE_WRITE,
516
+ FFI::Pointer::NULL, # security_attributes
517
+ FILE::OPEN_EXISTING,
518
+ FILE::FILE_FLAG_OPEN_REPARSE_POINT | FILE::FILE_FLAG_BACKUP_SEMANTICS,
519
+ FFI::Pointer::NULL_HANDLE) # template
520
+
521
+ if handle == Puppet::Util::Windows::File::INVALID_HANDLE_VALUE
522
+ raise Puppet::Util::Windows::Error.new(_("Failed to open '%{path}'") % { path: path })
523
+ end
524
+
525
+ begin
526
+ yield handle
527
+ ensure
528
+ FFI::WIN32.CloseHandle(handle) if handle
529
+ end
530
+
531
+ # handle has already had CloseHandle called against it, nothing to return
532
+ nil
533
+ end
534
+
535
+ # Execute a block with the specified privilege enabled
536
+ def with_privilege(privilege, &block)
537
+ set_privilege(privilege, true)
538
+ yield
539
+ ensure
540
+ set_privilege(privilege, false)
541
+ end
542
+
543
+ SE_PRIVILEGE_ENABLED = 0x00000002
544
+ TOKEN_ADJUST_PRIVILEGES = 0x0020
545
+
546
+ # Enable or disable a privilege. Note this doesn't add any privileges the
547
+ # user doesn't already has, it just enables privileges that are disabled.
548
+ def set_privilege(privilege, enable)
549
+ return unless Puppet.features.root?
550
+
551
+ Puppet::Util::Windows::Process.with_process_token(TOKEN_ADJUST_PRIVILEGES) do |token|
552
+ Puppet::Util::Windows::Process.lookup_privilege_value(privilege) do |luid|
553
+ FFI::MemoryPointer.new(Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.size) do |luid_and_attributes_ptr|
554
+ # allocate unmanaged memory for structs that we clean up afterwards
555
+ luid_and_attributes = Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.new(luid_and_attributes_ptr)
556
+ luid_and_attributes[:Luid] = luid
557
+ luid_and_attributes[:Attributes] = enable ? SE_PRIVILEGE_ENABLED : 0
558
+
559
+ FFI::MemoryPointer.new(Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.size) do |token_privileges_ptr|
560
+ token_privileges = Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.new(token_privileges_ptr)
561
+ token_privileges[:PrivilegeCount] = 1
562
+ token_privileges[:Privileges][0] = luid_and_attributes
563
+
564
+ # size is correct given we only have 1 LUID, otherwise would be:
565
+ # [:PrivilegeCount].size + [:PrivilegeCount] * LUID_AND_ATTRIBUTES.size
566
+ if AdjustTokenPrivileges(token, FFI::WIN32_FALSE,
567
+ token_privileges, token_privileges.size,
568
+ FFI::MemoryPointer::NULL, FFI::MemoryPointer::NULL) == FFI::WIN32_FALSE
569
+ raise Puppet::Util::Windows::Error.new(_("Failed to adjust process privileges"))
570
+ end
571
+ end
572
+ end
573
+ end
574
+ end
575
+
576
+ # token / luid structs freed by this point, so return true as nothing raised
577
+ true
578
+ end
579
+
580
+ def get_security_descriptor(path)
581
+ sd = nil
582
+
583
+ with_privilege(SE_BACKUP_NAME) do
584
+ open_file(path, READ_CONTROL) do |handle|
585
+ FFI::MemoryPointer.new(:pointer, 1) do |owner_sid_ptr_ptr|
586
+ FFI::MemoryPointer.new(:pointer, 1) do |group_sid_ptr_ptr|
587
+ FFI::MemoryPointer.new(:pointer, 1) do |dacl_ptr_ptr|
588
+ FFI::MemoryPointer.new(:pointer, 1) do |sd_ptr_ptr|
589
+
590
+ rv = GetSecurityInfo(
591
+ handle,
592
+ :SE_FILE_OBJECT,
593
+ OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
594
+ owner_sid_ptr_ptr,
595
+ group_sid_ptr_ptr,
596
+ dacl_ptr_ptr,
597
+ FFI::Pointer::NULL, #sacl
598
+ sd_ptr_ptr) #sec desc
599
+ raise Puppet::Util::Windows::Error.new(_("Failed to get security information")) if rv != FFI::ERROR_SUCCESS
600
+
601
+ # these 2 convenience params are not freed since they point inside sd_ptr
602
+ owner = Puppet::Util::Windows::SID.sid_ptr_to_string(owner_sid_ptr_ptr.get_pointer(0))
603
+ group = Puppet::Util::Windows::SID.sid_ptr_to_string(group_sid_ptr_ptr.get_pointer(0))
604
+
605
+ FFI::MemoryPointer.new(:word, 1) do |control|
606
+ FFI::MemoryPointer.new(:dword, 1) do |revision|
607
+ sd_ptr_ptr.read_win32_local_pointer do |sd_ptr|
608
+
609
+ if GetSecurityDescriptorControl(sd_ptr, control, revision) == FFI::WIN32_FALSE
610
+ raise Puppet::Util::Windows::Error.new(_("Failed to get security descriptor control"))
611
+ end
612
+
613
+ protect = (control.read_word & SE_DACL_PROTECTED) == SE_DACL_PROTECTED
614
+ dacl = parse_dacl(dacl_ptr_ptr.get_pointer(0))
615
+ sd = Puppet::Util::Windows::SecurityDescriptor.new(owner, group, dacl, protect)
616
+ end
617
+ end
618
+ end
619
+ end
620
+ end
621
+ end
622
+ end
623
+ end
624
+ end
625
+
626
+ sd
627
+ end
628
+
629
+ def get_max_generic_acl_size(ace_count)
630
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
631
+ # To calculate the initial size of an ACL, add the following together, and then align the result to the nearest DWORD:
632
+ # * Size of the ACL structure.
633
+ # * Size of each ACE structure that the ACL is to contain minus the SidStart member (DWORD) of the ACE.
634
+ # * Length of the SID that each ACE is to contain.
635
+ ACL.size + ace_count * MAXIMUM_GENERIC_ACE_SIZE
636
+ end
637
+
638
+ # setting DACL requires both READ_CONTROL and WRITE_DACL access rights,
639
+ # and their respective privileges, SE_BACKUP_NAME and SE_RESTORE_NAME.
640
+ def set_security_descriptor(path, sd)
641
+ FFI::MemoryPointer.new(:byte, get_max_generic_acl_size(sd.dacl.count)) do |acl_ptr|
642
+ if InitializeAcl(acl_ptr, acl_ptr.size, ACL_REVISION) == FFI::WIN32_FALSE
643
+ raise Puppet::Util::Windows::Error.new(_("Failed to initialize ACL"))
644
+ end
645
+
646
+ if IsValidAcl(acl_ptr) == FFI::WIN32_FALSE
647
+ raise Puppet::Util::Windows::Error.new(_("Invalid DACL"))
648
+ end
649
+
650
+ with_privilege(SE_BACKUP_NAME) do
651
+ with_privilege(SE_RESTORE_NAME) do
652
+ open_file(path, READ_CONTROL | WRITE_DAC | WRITE_OWNER) do |handle|
653
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sd.owner) do |owner_sid_ptr|
654
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sd.group) do |group_sid_ptr|
655
+ sd.dacl.each do |ace|
656
+ case ace.type
657
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
658
+ #puts "ace: allow, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
659
+ add_access_allowed_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
660
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
661
+ #puts "ace: deny, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
662
+ add_access_denied_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
663
+ else
664
+ raise "We should never get here"
665
+ # TODO: this should have been a warning in an earlier commit
666
+ end
667
+ end
668
+
669
+ # protected means the object does not inherit aces from its parent
670
+ flags = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION
671
+ flags |= sd.protect ? PROTECTED_DACL_SECURITY_INFORMATION : UNPROTECTED_DACL_SECURITY_INFORMATION
672
+
673
+ rv = SetSecurityInfo(handle,
674
+ :SE_FILE_OBJECT,
675
+ flags,
676
+ owner_sid_ptr,
677
+ group_sid_ptr,
678
+ acl_ptr,
679
+ FFI::MemoryPointer::NULL)
680
+
681
+ if rv != FFI::ERROR_SUCCESS
682
+ raise Puppet::Util::Windows::Error.new(_("Failed to set security information"))
683
+ end
684
+ end
685
+ end
686
+ end
687
+ end
688
+ end
689
+ end
690
+ end
691
+
692
+ ffi_convention :stdcall
693
+
694
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
695
+ # HANDLE WINAPI CreateFile(
696
+ # _In_ LPCTSTR lpFileName,
697
+ # _In_ DWORD dwDesiredAccess,
698
+ # _In_ DWORD dwShareMode,
699
+ # _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
700
+ # _In_ DWORD dwCreationDisposition,
701
+ # _In_ DWORD dwFlagsAndAttributes,
702
+ # _In_opt_ HANDLE hTemplateFile
703
+ # );
704
+ ffi_lib :kernel32
705
+ attach_function_private :CreateFileW,
706
+ [:lpcwstr, :dword, :dword, :pointer, :dword, :dword, :handle], :handle
707
+
708
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa364993(v=vs.85).aspx
709
+ # BOOL WINAPI GetVolumeInformation(
710
+ # _In_opt_ LPCTSTR lpRootPathName,
711
+ # _Out_opt_ LPTSTR lpVolumeNameBuffer,
712
+ # _In_ DWORD nVolumeNameSize,
713
+ # _Out_opt_ LPDWORD lpVolumeSerialNumber,
714
+ # _Out_opt_ LPDWORD lpMaximumComponentLength,
715
+ # _Out_opt_ LPDWORD lpFileSystemFlags,
716
+ # _Out_opt_ LPTSTR lpFileSystemNameBuffer,
717
+ # _In_ DWORD nFileSystemNameSize
718
+ # );
719
+ ffi_lib :kernel32
720
+ attach_function_private :GetVolumeInformationW,
721
+ [:lpcwstr, :lpwstr, :dword, :lpdword, :lpdword, :lpdword, :lpwstr, :dword], :win32_bool
722
+
723
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374951(v=vs.85).aspx
724
+ # BOOL WINAPI AddAccessAllowedAceEx(
725
+ # _Inout_ PACL pAcl,
726
+ # _In_ DWORD dwAceRevision,
727
+ # _In_ DWORD AceFlags,
728
+ # _In_ DWORD AccessMask,
729
+ # _In_ PSID pSid
730
+ # );
731
+ ffi_lib :advapi32
732
+ attach_function_private :AddAccessAllowedAceEx,
733
+ [:pointer, :dword, :dword, :dword, :pointer], :win32_bool
734
+
735
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374964(v=vs.85).aspx
736
+ # BOOL WINAPI AddAccessDeniedAceEx(
737
+ # _Inout_ PACL pAcl,
738
+ # _In_ DWORD dwAceRevision,
739
+ # _In_ DWORD AceFlags,
740
+ # _In_ DWORD AccessMask,
741
+ # _In_ PSID pSid
742
+ # );
743
+ ffi_lib :advapi32
744
+ attach_function_private :AddAccessDeniedAceEx,
745
+ [:pointer, :dword, :dword, :dword, :pointer], :win32_bool
746
+
747
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374931(v=vs.85).aspx
748
+ # typedef struct _ACL {
749
+ # BYTE AclRevision;
750
+ # BYTE Sbz1;
751
+ # WORD AclSize;
752
+ # WORD AceCount;
753
+ # WORD Sbz2;
754
+ # } ACL, *PACL;
755
+ class ACL < FFI::Struct
756
+ layout :AclRevision, :byte,
757
+ :Sbz1, :byte,
758
+ :AclSize, :word,
759
+ :AceCount, :word,
760
+ :Sbz2, :word
761
+ end
762
+
763
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374912(v=vs.85).aspx
764
+ # ACE types
765
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374919(v=vs.85).aspx
766
+ # typedef struct _ACE_HEADER {
767
+ # BYTE AceType;
768
+ # BYTE AceFlags;
769
+ # WORD AceSize;
770
+ # } ACE_HEADER, *PACE_HEADER;
771
+ class ACE_HEADER < FFI::Struct
772
+ layout :AceType, :byte,
773
+ :AceFlags, :byte,
774
+ :AceSize, :word
775
+ end
776
+
777
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374892(v=vs.85).aspx
778
+ # ACCESS_MASK
779
+
780
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374847(v=vs.85).aspx
781
+ # typedef struct _ACCESS_ALLOWED_ACE {
782
+ # ACE_HEADER Header;
783
+ # ACCESS_MASK Mask;
784
+ # DWORD SidStart;
785
+ # } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
786
+ #
787
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374879(v=vs.85).aspx
788
+ # typedef struct _ACCESS_DENIED_ACE {
789
+ # ACE_HEADER Header;
790
+ # ACCESS_MASK Mask;
791
+ # DWORD SidStart;
792
+ # } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
793
+ class GENERIC_ACCESS_ACE < FFI::Struct
794
+ # ACE structures must be aligned on DWORD boundaries. All Windows
795
+ # memory-management functions return DWORD-aligned handles to memory
796
+ pack 4
797
+ layout :Header, ACE_HEADER,
798
+ :Mask, :dword,
799
+ :SidStart, :dword
800
+ end
801
+
802
+ # https://stackoverflow.com/a/1792930
803
+ MAXIMUM_SID_BYTES_LENGTH = 68
804
+ MAXIMUM_GENERIC_ACE_SIZE = GENERIC_ACCESS_ACE.offset_of(:SidStart) +
805
+ MAXIMUM_SID_BYTES_LENGTH
806
+
807
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446634(v=vs.85).aspx
808
+ # BOOL WINAPI GetAce(
809
+ # _In_ PACL pAcl,
810
+ # _In_ DWORD dwAceIndex,
811
+ # _Out_ LPVOID *pAce
812
+ # );
813
+ ffi_lib :advapi32
814
+ attach_function_private :GetAce,
815
+ [:pointer, :dword, :pointer], :win32_bool
816
+
817
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa375202(v=vs.85).aspx
818
+ # BOOL WINAPI AdjustTokenPrivileges(
819
+ # _In_ HANDLE TokenHandle,
820
+ # _In_ BOOL DisableAllPrivileges,
821
+ # _In_opt_ PTOKEN_PRIVILEGES NewState,
822
+ # _In_ DWORD BufferLength,
823
+ # _Out_opt_ PTOKEN_PRIVILEGES PreviousState,
824
+ # _Out_opt_ PDWORD ReturnLength
825
+ # );
826
+ ffi_lib :advapi32
827
+ attach_function_private :AdjustTokenPrivileges,
828
+ [:handle, :win32_bool, :pointer, :dword, :pointer, :pdword], :win32_bool
829
+
830
+ # https://msdn.microsoft.com/en-us/library/windows/hardware/ff556610(v=vs.85).aspx
831
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
832
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446647(v=vs.85).aspx
833
+ # typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
834
+ # BOOL WINAPI GetSecurityDescriptorControl(
835
+ # _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
836
+ # _Out_ PSECURITY_DESCRIPTOR_CONTROL pControl,
837
+ # _Out_ LPDWORD lpdwRevision
838
+ # );
839
+ ffi_lib :advapi32
840
+ attach_function_private :GetSecurityDescriptorControl,
841
+ [:pointer, :lpword, :lpdword], :win32_bool
842
+
843
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
844
+ # BOOL WINAPI InitializeAcl(
845
+ # _Out_ PACL pAcl,
846
+ # _In_ DWORD nAclLength,
847
+ # _In_ DWORD dwAclRevision
848
+ # );
849
+ ffi_lib :advapi32
850
+ attach_function_private :InitializeAcl,
851
+ [:pointer, :dword, :dword], :win32_bool
852
+
853
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379142(v=vs.85).aspx
854
+ # BOOL WINAPI IsValidAcl(
855
+ # _In_ PACL pAcl
856
+ # );
857
+ ffi_lib :advapi32
858
+ attach_function_private :IsValidAcl,
859
+ [:pointer], :win32_bool
860
+
861
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx
862
+ SE_OBJECT_TYPE = enum(
863
+ :SE_UNKNOWN_OBJECT_TYPE, 0,
864
+ :SE_FILE_OBJECT,
865
+ :SE_SERVICE,
866
+ :SE_PRINTER,
867
+ :SE_REGISTRY_KEY,
868
+ :SE_LMSHARE,
869
+ :SE_KERNEL_OBJECT,
870
+ :SE_WINDOW_OBJECT,
871
+ :SE_DS_OBJECT,
872
+ :SE_DS_OBJECT_ALL,
873
+ :SE_PROVIDER_DEFINED_OBJECT,
874
+ :SE_WMIGUID_OBJECT,
875
+ :SE_REGISTRY_WOW64_32KEY
876
+ )
877
+
878
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446654(v=vs.85).aspx
879
+ # DWORD WINAPI GetSecurityInfo(
880
+ # _In_ HANDLE handle,
881
+ # _In_ SE_OBJECT_TYPE ObjectType,
882
+ # _In_ SECURITY_INFORMATION SecurityInfo,
883
+ # _Out_opt_ PSID *ppsidOwner,
884
+ # _Out_opt_ PSID *ppsidGroup,
885
+ # _Out_opt_ PACL *ppDacl,
886
+ # _Out_opt_ PACL *ppSacl,
887
+ # _Out_opt_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor
888
+ # );
889
+ ffi_lib :advapi32
890
+ attach_function_private :GetSecurityInfo,
891
+ [:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer, :pointer], :dword
892
+
893
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379588(v=vs.85).aspx
894
+ # DWORD WINAPI SetSecurityInfo(
895
+ # _In_ HANDLE handle,
896
+ # _In_ SE_OBJECT_TYPE ObjectType,
897
+ # _In_ SECURITY_INFORMATION SecurityInfo,
898
+ # _In_opt_ PSID psidOwner,
899
+ # _In_opt_ PSID psidGroup,
900
+ # _In_opt_ PACL pDacl,
901
+ # _In_opt_ PACL pSacl
902
+ # );
903
+ ffi_lib :advapi32
904
+ # TODO: SECURITY_INFORMATION is actually a bitmask the size of a DWORD
905
+ attach_function_private :SetSecurityInfo,
906
+ [:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer], :dword
907
+ end