openvox 8.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1104) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +19 -0
  3. data/CODEOWNERS +11 -0
  4. data/CODE_OF_CONDUCT.md +70 -0
  5. data/Gemfile +87 -0
  6. data/Guardfile.example +76 -0
  7. data/LICENSE +202 -0
  8. data/README.md +63 -0
  9. data/Rakefile +170 -0
  10. data/bin/puppet +10 -0
  11. data/conf/environment.conf +18 -0
  12. data/conf/fileserver.conf +32 -0
  13. data/conf/hiera.yaml +11 -0
  14. data/conf/puppet.conf +6 -0
  15. data/examples/enc/regexp_nodes/classes/databases +2 -0
  16. data/examples/enc/regexp_nodes/classes/webservers +2 -0
  17. data/examples/enc/regexp_nodes/environment/development +2 -0
  18. data/examples/enc/regexp_nodes/parameters/service/prod +1 -0
  19. data/examples/enc/regexp_nodes/parameters/service/qa +3 -0
  20. data/examples/enc/regexp_nodes/parameters/service/sandbox +1 -0
  21. data/examples/enc/regexp_nodes/regexp_nodes.rb +270 -0
  22. data/examples/hiera/README.md +102 -0
  23. data/examples/hiera/data/common.yaml +12 -0
  24. data/examples/hiera/data/dc1.yaml +6 -0
  25. data/examples/hiera/hiera.yaml +15 -0
  26. data/examples/hiera/modules/ntp/data/common.yaml +4 -0
  27. data/examples/hiera/modules/ntp/hiera.yaml +9 -0
  28. data/examples/hiera/modules/ntp/manifests/config.pp +18 -0
  29. data/examples/hiera/modules/ntp/templates/ntp.conf.epp +3 -0
  30. data/examples/hiera/modules/users/manifests/common.pp +9 -0
  31. data/examples/hiera/modules/users/manifests/dc1.pp +9 -0
  32. data/examples/hiera/site.pp +3 -0
  33. data/examples/nagios/check_puppet.rb +123 -0
  34. data/ext/README.md +13 -0
  35. data/ext/build_defaults.yaml +18 -0
  36. data/ext/debian/puppet.default +4 -0
  37. data/ext/debian/puppet.init +113 -0
  38. data/ext/hiera/hiera.yaml +15 -0
  39. data/ext/osx/puppet.plist +32 -0
  40. data/ext/project_data.yaml +20 -0
  41. data/ext/redhat/client.init +169 -0
  42. data/ext/redhat/client.sysconfig +2 -0
  43. data/ext/solaris/smf/puppet +44 -0
  44. data/ext/solaris/smf/puppet.xml +46 -0
  45. data/ext/suse/client.init +141 -0
  46. data/ext/systemd/puppet.service +26 -0
  47. data/ext/windows/puppet_interactive.bat +6 -0
  48. data/ext/windows/puppet_shell.bat +9 -0
  49. data/ext/windows/run_puppet_interactive.bat +9 -0
  50. data/ext/windows/service/daemon.bat +6 -0
  51. data/ext/windows/service/daemon.rb +219 -0
  52. data/install.rb +428 -0
  53. data/lib/hiera/puppet_function.rb +86 -0
  54. data/lib/hiera/scope.rb +92 -0
  55. data/lib/hiera_puppet.rb +78 -0
  56. data/lib/puppet/agent/disabler.rb +55 -0
  57. data/lib/puppet/agent/locker.rb +46 -0
  58. data/lib/puppet/agent.rb +178 -0
  59. data/lib/puppet/application/agent.rb +527 -0
  60. data/lib/puppet/application/apply.rb +435 -0
  61. data/lib/puppet/application/catalog.rb +6 -0
  62. data/lib/puppet/application/config.rb +7 -0
  63. data/lib/puppet/application/describe.rb +255 -0
  64. data/lib/puppet/application/device.rb +440 -0
  65. data/lib/puppet/application/doc.rb +232 -0
  66. data/lib/puppet/application/epp.rb +7 -0
  67. data/lib/puppet/application/face_base.rb +277 -0
  68. data/lib/puppet/application/facts.rb +11 -0
  69. data/lib/puppet/application/filebucket.rb +324 -0
  70. data/lib/puppet/application/generate.rb +7 -0
  71. data/lib/puppet/application/help.rb +7 -0
  72. data/lib/puppet/application/indirection_base.rb +6 -0
  73. data/lib/puppet/application/lookup.rb +433 -0
  74. data/lib/puppet/application/module.rb +6 -0
  75. data/lib/puppet/application/node.rb +6 -0
  76. data/lib/puppet/application/parser.rb +7 -0
  77. data/lib/puppet/application/plugin.rb +6 -0
  78. data/lib/puppet/application/report.rb +6 -0
  79. data/lib/puppet/application/resource.rb +264 -0
  80. data/lib/puppet/application/script.rb +266 -0
  81. data/lib/puppet/application/ssl.rb +331 -0
  82. data/lib/puppet/application.rb +596 -0
  83. data/lib/puppet/application_support.rb +69 -0
  84. data/lib/puppet/coercion.rb +42 -0
  85. data/lib/puppet/compilable_resource_type.rb +17 -0
  86. data/lib/puppet/concurrent/lock.rb +15 -0
  87. data/lib/puppet/concurrent/synchronized.rb +15 -0
  88. data/lib/puppet/concurrent/thread_local_singleton.rb +18 -0
  89. data/lib/puppet/concurrent.rb +4 -0
  90. data/lib/puppet/configurer/downloader.rb +91 -0
  91. data/lib/puppet/configurer/fact_handler.rb +51 -0
  92. data/lib/puppet/configurer/plugin_handler.rb +61 -0
  93. data/lib/puppet/configurer.rb +759 -0
  94. data/lib/puppet/confine/any.rb +28 -0
  95. data/lib/puppet/confine/boolean.rb +47 -0
  96. data/lib/puppet/confine/exists.rb +21 -0
  97. data/lib/puppet/confine/false.rb +27 -0
  98. data/lib/puppet/confine/feature.rb +18 -0
  99. data/lib/puppet/confine/true.rb +28 -0
  100. data/lib/puppet/confine/variable.rb +61 -0
  101. data/lib/puppet/confine.rb +86 -0
  102. data/lib/puppet/confine_collection.rb +54 -0
  103. data/lib/puppet/confiner.rb +48 -0
  104. data/lib/puppet/context/trusted_information.rb +122 -0
  105. data/lib/puppet/context.rb +190 -0
  106. data/lib/puppet/daemon.rb +198 -0
  107. data/lib/puppet/data_binding.rb +16 -0
  108. data/lib/puppet/datatypes/error.rb +23 -0
  109. data/lib/puppet/datatypes/impl/error.rb +42 -0
  110. data/lib/puppet/datatypes.rb +218 -0
  111. data/lib/puppet/defaults.rb +2316 -0
  112. data/lib/puppet/environments.rb +599 -0
  113. data/lib/puppet/error.rb +142 -0
  114. data/lib/puppet/etc.rb +185 -0
  115. data/lib/puppet/external/dot.rb +315 -0
  116. data/lib/puppet/face/catalog/select.rb +51 -0
  117. data/lib/puppet/face/catalog.rb +167 -0
  118. data/lib/puppet/face/config.rb +266 -0
  119. data/lib/puppet/face/epp.rb +565 -0
  120. data/lib/puppet/face/facts.rb +176 -0
  121. data/lib/puppet/face/generate.rb +69 -0
  122. data/lib/puppet/face/help/action.erb +89 -0
  123. data/lib/puppet/face/help/face.erb +114 -0
  124. data/lib/puppet/face/help/global.erb +16 -0
  125. data/lib/puppet/face/help/man.erb +152 -0
  126. data/lib/puppet/face/help.rb +260 -0
  127. data/lib/puppet/face/module/changes.rb +44 -0
  128. data/lib/puppet/face/module/install.rb +149 -0
  129. data/lib/puppet/face/module/list.rb +271 -0
  130. data/lib/puppet/face/module/uninstall.rb +91 -0
  131. data/lib/puppet/face/module/upgrade.rb +89 -0
  132. data/lib/puppet/face/module.rb +21 -0
  133. data/lib/puppet/face/node/clean.rb +109 -0
  134. data/lib/puppet/face/node.rb +45 -0
  135. data/lib/puppet/face/parser.rb +226 -0
  136. data/lib/puppet/face/plugin.rb +62 -0
  137. data/lib/puppet/face/report.rb +54 -0
  138. data/lib/puppet/face/resource.rb +55 -0
  139. data/lib/puppet/face.rb +14 -0
  140. data/lib/puppet/facter_impl.rb +96 -0
  141. data/lib/puppet/feature/base.rb +76 -0
  142. data/lib/puppet/feature/bolt.rb +5 -0
  143. data/lib/puppet/feature/cfpropertylist.rb +5 -0
  144. data/lib/puppet/feature/eventlog.rb +7 -0
  145. data/lib/puppet/feature/hiera_eyaml.rb +5 -0
  146. data/lib/puppet/feature/hocon.rb +5 -0
  147. data/lib/puppet/feature/libuser.rb +10 -0
  148. data/lib/puppet/feature/msgpack.rb +5 -0
  149. data/lib/puppet/feature/pe_license.rb +6 -0
  150. data/lib/puppet/feature/pson.rb +6 -0
  151. data/lib/puppet/feature/selinux.rb +5 -0
  152. data/lib/puppet/feature/ssh.rb +5 -0
  153. data/lib/puppet/feature/telnet.rb +5 -0
  154. data/lib/puppet/feature/zlib.rb +7 -0
  155. data/lib/puppet/ffi/posix/constants.rb +16 -0
  156. data/lib/puppet/ffi/posix/functions.rb +25 -0
  157. data/lib/puppet/ffi/posix.rb +12 -0
  158. data/lib/puppet/ffi/windows/api_types.rb +313 -0
  159. data/lib/puppet/ffi/windows/constants.rb +406 -0
  160. data/lib/puppet/ffi/windows/functions.rb +629 -0
  161. data/lib/puppet/ffi/windows/structs.rb +339 -0
  162. data/lib/puppet/ffi/windows.rb +14 -0
  163. data/lib/puppet/file_bucket/dipper.rb +183 -0
  164. data/lib/puppet/file_bucket/file.rb +131 -0
  165. data/lib/puppet/file_bucket.rb +6 -0
  166. data/lib/puppet/file_serving/base.rb +94 -0
  167. data/lib/puppet/file_serving/configuration/parser.rb +116 -0
  168. data/lib/puppet/file_serving/configuration.rb +116 -0
  169. data/lib/puppet/file_serving/content.rb +45 -0
  170. data/lib/puppet/file_serving/fileset.rb +190 -0
  171. data/lib/puppet/file_serving/http_metadata.rb +61 -0
  172. data/lib/puppet/file_serving/metadata.rb +174 -0
  173. data/lib/puppet/file_serving/mount/file.rb +126 -0
  174. data/lib/puppet/file_serving/mount/locales.rb +35 -0
  175. data/lib/puppet/file_serving/mount/modules.rb +29 -0
  176. data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
  177. data/lib/puppet/file_serving/mount/plugins.rb +35 -0
  178. data/lib/puppet/file_serving/mount/scripts.rb +27 -0
  179. data/lib/puppet/file_serving/mount/tasks.rb +26 -0
  180. data/lib/puppet/file_serving/mount.rb +41 -0
  181. data/lib/puppet/file_serving/terminus_helper.rb +33 -0
  182. data/lib/puppet/file_serving/terminus_selector.rb +33 -0
  183. data/lib/puppet/file_serving.rb +5 -0
  184. data/lib/puppet/file_system/file_impl.rb +189 -0
  185. data/lib/puppet/file_system/jruby.rb +25 -0
  186. data/lib/puppet/file_system/memory_file.rb +82 -0
  187. data/lib/puppet/file_system/memory_impl.rb +103 -0
  188. data/lib/puppet/file_system/path_pattern.rb +95 -0
  189. data/lib/puppet/file_system/posix.rb +52 -0
  190. data/lib/puppet/file_system/uniquefile.rb +190 -0
  191. data/lib/puppet/file_system/windows.rb +224 -0
  192. data/lib/puppet/file_system.rb +421 -0
  193. data/lib/puppet/forge/cache.rb +61 -0
  194. data/lib/puppet/forge/errors.rb +113 -0
  195. data/lib/puppet/forge/repository.rb +98 -0
  196. data/lib/puppet/forge.rb +257 -0
  197. data/lib/puppet/functions/abs.rb +64 -0
  198. data/lib/puppet/functions/alert.rb +16 -0
  199. data/lib/puppet/functions/all.rb +106 -0
  200. data/lib/puppet/functions/annotate.rb +110 -0
  201. data/lib/puppet/functions/any.rb +111 -0
  202. data/lib/puppet/functions/assert_type.rb +96 -0
  203. data/lib/puppet/functions/binary_file.rb +35 -0
  204. data/lib/puppet/functions/break.rb +49 -0
  205. data/lib/puppet/functions/call.rb +81 -0
  206. data/lib/puppet/functions/camelcase.rb +63 -0
  207. data/lib/puppet/functions/capitalize.rb +62 -0
  208. data/lib/puppet/functions/ceiling.rb +38 -0
  209. data/lib/puppet/functions/chomp.rb +58 -0
  210. data/lib/puppet/functions/chop.rb +68 -0
  211. data/lib/puppet/functions/compare.rb +127 -0
  212. data/lib/puppet/functions/contain.rb +58 -0
  213. data/lib/puppet/functions/convert_to.rb +36 -0
  214. data/lib/puppet/functions/crit.rb +16 -0
  215. data/lib/puppet/functions/debug.rb +16 -0
  216. data/lib/puppet/functions/defined.rb +163 -0
  217. data/lib/puppet/functions/dig.rb +70 -0
  218. data/lib/puppet/functions/downcase.rb +91 -0
  219. data/lib/puppet/functions/each.rb +169 -0
  220. data/lib/puppet/functions/emerg.rb +16 -0
  221. data/lib/puppet/functions/empty.rb +87 -0
  222. data/lib/puppet/functions/epp.rb +50 -0
  223. data/lib/puppet/functions/err.rb +16 -0
  224. data/lib/puppet/functions/eyaml_lookup_key.rb +103 -0
  225. data/lib/puppet/functions/filter.rb +138 -0
  226. data/lib/puppet/functions/find_file.rb +50 -0
  227. data/lib/puppet/functions/find_template.rb +65 -0
  228. data/lib/puppet/functions/flatten.rb +66 -0
  229. data/lib/puppet/functions/floor.rb +38 -0
  230. data/lib/puppet/functions/get.rb +152 -0
  231. data/lib/puppet/functions/getvar.rb +89 -0
  232. data/lib/puppet/functions/group_by.rb +62 -0
  233. data/lib/puppet/functions/hiera.rb +91 -0
  234. data/lib/puppet/functions/hiera_array.rb +83 -0
  235. data/lib/puppet/functions/hiera_hash.rb +94 -0
  236. data/lib/puppet/functions/hiera_include.rb +107 -0
  237. data/lib/puppet/functions/hocon_data.rb +41 -0
  238. data/lib/puppet/functions/import.rb +9 -0
  239. data/lib/puppet/functions/include.rb +56 -0
  240. data/lib/puppet/functions/index.rb +168 -0
  241. data/lib/puppet/functions/info.rb +16 -0
  242. data/lib/puppet/functions/inline_epp.rb +61 -0
  243. data/lib/puppet/functions/join.rb +58 -0
  244. data/lib/puppet/functions/json_data.rb +33 -0
  245. data/lib/puppet/functions/keys.rb +27 -0
  246. data/lib/puppet/functions/length.rb +45 -0
  247. data/lib/puppet/functions/lest.rb +57 -0
  248. data/lib/puppet/functions/lookup.rb +224 -0
  249. data/lib/puppet/functions/lstrip.rb +59 -0
  250. data/lib/puppet/functions/map.rb +137 -0
  251. data/lib/puppet/functions/match.rb +133 -0
  252. data/lib/puppet/functions/max.rb +250 -0
  253. data/lib/puppet/functions/min.rb +249 -0
  254. data/lib/puppet/functions/module_directory.rb +43 -0
  255. data/lib/puppet/functions/new.rb +1013 -0
  256. data/lib/puppet/functions/next.rb +35 -0
  257. data/lib/puppet/functions/notice.rb +16 -0
  258. data/lib/puppet/functions/partition.rb +62 -0
  259. data/lib/puppet/functions/reduce.rb +159 -0
  260. data/lib/puppet/functions/regsubst.rb +100 -0
  261. data/lib/puppet/functions/require.rb +81 -0
  262. data/lib/puppet/functions/return.rb +17 -0
  263. data/lib/puppet/functions/reverse_each.rb +96 -0
  264. data/lib/puppet/functions/round.rb +26 -0
  265. data/lib/puppet/functions/rstrip.rb +59 -0
  266. data/lib/puppet/functions/scanf.rb +46 -0
  267. data/lib/puppet/functions/size.rb +15 -0
  268. data/lib/puppet/functions/slice.rb +127 -0
  269. data/lib/puppet/functions/sort.rb +76 -0
  270. data/lib/puppet/functions/split.rb +78 -0
  271. data/lib/puppet/functions/step.rb +100 -0
  272. data/lib/puppet/functions/strftime.rb +214 -0
  273. data/lib/puppet/functions/strip.rb +59 -0
  274. data/lib/puppet/functions/then.rb +80 -0
  275. data/lib/puppet/functions/tree_each.rb +198 -0
  276. data/lib/puppet/functions/type.rb +74 -0
  277. data/lib/puppet/functions/unique.rb +135 -0
  278. data/lib/puppet/functions/unwrap.rb +61 -0
  279. data/lib/puppet/functions/upcase.rb +91 -0
  280. data/lib/puppet/functions/values.rb +27 -0
  281. data/lib/puppet/functions/versioncmp.rb +41 -0
  282. data/lib/puppet/functions/warning.rb +16 -0
  283. data/lib/puppet/functions/with.rb +34 -0
  284. data/lib/puppet/functions/yaml_data.rb +45 -0
  285. data/lib/puppet/functions.rb +858 -0
  286. data/lib/puppet/generate/models/type/property.rb +73 -0
  287. data/lib/puppet/generate/models/type/type.rb +68 -0
  288. data/lib/puppet/generate/templates/type/pcore.erb +42 -0
  289. data/lib/puppet/generate/type.rb +255 -0
  290. data/lib/puppet/gettext/config.rb +282 -0
  291. data/lib/puppet/gettext/module_translations.rb +43 -0
  292. data/lib/puppet/gettext/stubs.rb +13 -0
  293. data/lib/puppet/graph/key.rb +28 -0
  294. data/lib/puppet/graph/prioritizer.rb +31 -0
  295. data/lib/puppet/graph/rb_tree_map.rb +407 -0
  296. data/lib/puppet/graph/relationship_graph.rb +286 -0
  297. data/lib/puppet/graph/sequential_prioritizer.rb +33 -0
  298. data/lib/puppet/graph/simple_graph.rb +552 -0
  299. data/lib/puppet/graph.rb +11 -0
  300. data/lib/puppet/http/client.rb +529 -0
  301. data/lib/puppet/http/dns.rb +159 -0
  302. data/lib/puppet/http/errors.rb +50 -0
  303. data/lib/puppet/http/external_client.rb +89 -0
  304. data/lib/puppet/http/factory.rb +53 -0
  305. data/lib/puppet/http/pool.rb +174 -0
  306. data/lib/puppet/http/pool_entry.rb +19 -0
  307. data/lib/puppet/http/proxy.rb +139 -0
  308. data/lib/puppet/http/redirector.rb +87 -0
  309. data/lib/puppet/http/resolver/server_list.rb +88 -0
  310. data/lib/puppet/http/resolver/settings.rb +24 -0
  311. data/lib/puppet/http/resolver/srv.rb +42 -0
  312. data/lib/puppet/http/resolver.rb +50 -0
  313. data/lib/puppet/http/response.rb +104 -0
  314. data/lib/puppet/http/response_converter.rb +25 -0
  315. data/lib/puppet/http/response_net_http.rb +43 -0
  316. data/lib/puppet/http/retry_after_handler.rb +78 -0
  317. data/lib/puppet/http/service/ca.rb +133 -0
  318. data/lib/puppet/http/service/compiler.rb +356 -0
  319. data/lib/puppet/http/service/file_server.rb +200 -0
  320. data/lib/puppet/http/service/puppetserver.rb +54 -0
  321. data/lib/puppet/http/service/report.rb +62 -0
  322. data/lib/puppet/http/service.rb +177 -0
  323. data/lib/puppet/http/session.rb +124 -0
  324. data/lib/puppet/http/site.rb +44 -0
  325. data/lib/puppet/http.rb +48 -0
  326. data/lib/puppet/indirector/catalog/compiler.rb +432 -0
  327. data/lib/puppet/indirector/catalog/json.rb +42 -0
  328. data/lib/puppet/indirector/catalog/msgpack.rb +8 -0
  329. data/lib/puppet/indirector/catalog/rest.rb +51 -0
  330. data/lib/puppet/indirector/catalog/store_configs.rb +8 -0
  331. data/lib/puppet/indirector/catalog/yaml.rb +8 -0
  332. data/lib/puppet/indirector/code.rb +8 -0
  333. data/lib/puppet/indirector/data_binding/hiera.rb +8 -0
  334. data/lib/puppet/indirector/data_binding/none.rb +10 -0
  335. data/lib/puppet/indirector/direct_file_server.rb +20 -0
  336. data/lib/puppet/indirector/envelope.rb +13 -0
  337. data/lib/puppet/indirector/errors.rb +7 -0
  338. data/lib/puppet/indirector/exec.rb +40 -0
  339. data/lib/puppet/indirector/face.rb +142 -0
  340. data/lib/puppet/indirector/fact_search.rb +62 -0
  341. data/lib/puppet/indirector/facts/facter.rb +120 -0
  342. data/lib/puppet/indirector/facts/json.rb +29 -0
  343. data/lib/puppet/indirector/facts/memory.rb +11 -0
  344. data/lib/puppet/indirector/facts/network_device.rb +29 -0
  345. data/lib/puppet/indirector/facts/rest.rb +46 -0
  346. data/lib/puppet/indirector/facts/store_configs.rb +12 -0
  347. data/lib/puppet/indirector/facts/yaml.rb +31 -0
  348. data/lib/puppet/indirector/file_bucket_file/file.rb +268 -0
  349. data/lib/puppet/indirector/file_bucket_file/rest.rb +53 -0
  350. data/lib/puppet/indirector/file_bucket_file/selector.rb +54 -0
  351. data/lib/puppet/indirector/file_content/file.rb +9 -0
  352. data/lib/puppet/indirector/file_content/file_server.rb +9 -0
  353. data/lib/puppet/indirector/file_content/rest.rb +37 -0
  354. data/lib/puppet/indirector/file_content/selector.rb +32 -0
  355. data/lib/puppet/indirector/file_content.rb +7 -0
  356. data/lib/puppet/indirector/file_metadata/file.rb +9 -0
  357. data/lib/puppet/indirector/file_metadata/file_server.rb +9 -0
  358. data/lib/puppet/indirector/file_metadata/http.rb +49 -0
  359. data/lib/puppet/indirector/file_metadata/rest.rb +58 -0
  360. data/lib/puppet/indirector/file_metadata/selector.rb +32 -0
  361. data/lib/puppet/indirector/file_metadata.rb +7 -0
  362. data/lib/puppet/indirector/file_server.rb +57 -0
  363. data/lib/puppet/indirector/generic_http.rb +7 -0
  364. data/lib/puppet/indirector/hiera.rb +101 -0
  365. data/lib/puppet/indirector/indirection.rb +381 -0
  366. data/lib/puppet/indirector/json.rb +82 -0
  367. data/lib/puppet/indirector/memory.rb +37 -0
  368. data/lib/puppet/indirector/msgpack.rb +87 -0
  369. data/lib/puppet/indirector/node/exec.rb +70 -0
  370. data/lib/puppet/indirector/node/json.rb +9 -0
  371. data/lib/puppet/indirector/node/memory.rb +12 -0
  372. data/lib/puppet/indirector/node/msgpack.rb +9 -0
  373. data/lib/puppet/indirector/node/plain.rb +23 -0
  374. data/lib/puppet/indirector/node/rest.rb +31 -0
  375. data/lib/puppet/indirector/node/store_configs.rb +8 -0
  376. data/lib/puppet/indirector/node/yaml.rb +9 -0
  377. data/lib/puppet/indirector/none.rb +10 -0
  378. data/lib/puppet/indirector/plain.rb +11 -0
  379. data/lib/puppet/indirector/report/json.rb +36 -0
  380. data/lib/puppet/indirector/report/msgpack.rb +13 -0
  381. data/lib/puppet/indirector/report/processor.rb +63 -0
  382. data/lib/puppet/indirector/report/rest.rb +31 -0
  383. data/lib/puppet/indirector/report/yaml.rb +36 -0
  384. data/lib/puppet/indirector/request.rb +197 -0
  385. data/lib/puppet/indirector/resource/ral.rb +66 -0
  386. data/lib/puppet/indirector/resource/store_configs.rb +14 -0
  387. data/lib/puppet/indirector/resource/validator.rb +10 -0
  388. data/lib/puppet/indirector/rest.rb +66 -0
  389. data/lib/puppet/indirector/store_configs.rb +32 -0
  390. data/lib/puppet/indirector/terminus.rb +180 -0
  391. data/lib/puppet/indirector/yaml.rb +65 -0
  392. data/lib/puppet/indirector.rb +64 -0
  393. data/lib/puppet/info_service/class_information_service.rb +108 -0
  394. data/lib/puppet/info_service/plan_information_service.rb +38 -0
  395. data/lib/puppet/info_service/task_information_service.rb +45 -0
  396. data/lib/puppet/info_service.rb +27 -0
  397. data/lib/puppet/interface/action.rb +410 -0
  398. data/lib/puppet/interface/action_builder.rb +167 -0
  399. data/lib/puppet/interface/action_manager.rb +101 -0
  400. data/lib/puppet/interface/documentation.rb +363 -0
  401. data/lib/puppet/interface/face_collection.rb +141 -0
  402. data/lib/puppet/interface/option.rb +184 -0
  403. data/lib/puppet/interface/option_builder.rb +110 -0
  404. data/lib/puppet/interface/option_manager.rb +108 -0
  405. data/lib/puppet/interface.rb +240 -0
  406. data/lib/puppet/loaders.rb +31 -0
  407. data/lib/puppet/metatype/manager.rb +198 -0
  408. data/lib/puppet/module/plan.rb +166 -0
  409. data/lib/puppet/module/task.rb +288 -0
  410. data/lib/puppet/module.rb +487 -0
  411. data/lib/puppet/module_tool/applications/application.rb +96 -0
  412. data/lib/puppet/module_tool/applications/checksummer.rb +62 -0
  413. data/lib/puppet/module_tool/applications/installer.rb +402 -0
  414. data/lib/puppet/module_tool/applications/uninstaller.rb +121 -0
  415. data/lib/puppet/module_tool/applications/unpacker.rb +102 -0
  416. data/lib/puppet/module_tool/applications/upgrader.rb +288 -0
  417. data/lib/puppet/module_tool/applications.rb +14 -0
  418. data/lib/puppet/module_tool/checksums.rb +50 -0
  419. data/lib/puppet/module_tool/dependency.rb +42 -0
  420. data/lib/puppet/module_tool/errors/base.rb +17 -0
  421. data/lib/puppet/module_tool/errors/installer.rb +94 -0
  422. data/lib/puppet/module_tool/errors/shared.rb +228 -0
  423. data/lib/puppet/module_tool/errors/uninstaller.rb +51 -0
  424. data/lib/puppet/module_tool/errors/upgrader.rb +64 -0
  425. data/lib/puppet/module_tool/errors.rb +13 -0
  426. data/lib/puppet/module_tool/install_directory.rb +48 -0
  427. data/lib/puppet/module_tool/installed_modules.rb +99 -0
  428. data/lib/puppet/module_tool/local_tarball.rb +92 -0
  429. data/lib/puppet/module_tool/metadata.rb +227 -0
  430. data/lib/puppet/module_tool/shared_behaviors.rb +199 -0
  431. data/lib/puppet/module_tool/tar/gnu.rb +23 -0
  432. data/lib/puppet/module_tool/tar/mini.rb +118 -0
  433. data/lib/puppet/module_tool/tar.rb +20 -0
  434. data/lib/puppet/module_tool.rb +194 -0
  435. data/lib/puppet/network/authconfig.rb +9 -0
  436. data/lib/puppet/network/authorization.rb +21 -0
  437. data/lib/puppet/network/client_request.rb +32 -0
  438. data/lib/puppet/network/format.rb +116 -0
  439. data/lib/puppet/network/format_handler.rb +110 -0
  440. data/lib/puppet/network/format_support.rb +140 -0
  441. data/lib/puppet/network/formats.rb +338 -0
  442. data/lib/puppet/network/http/api/indirected_routes.rb +270 -0
  443. data/lib/puppet/network/http/api/indirection_type.rb +33 -0
  444. data/lib/puppet/network/http/api/master/v3/environments.rb +4 -0
  445. data/lib/puppet/network/http/api/master/v3.rb +4 -0
  446. data/lib/puppet/network/http/api/master.rb +5 -0
  447. data/lib/puppet/network/http/api/server/v3/environments.rb +54 -0
  448. data/lib/puppet/network/http/api/server/v3.rb +40 -0
  449. data/lib/puppet/network/http/api/server.rb +12 -0
  450. data/lib/puppet/network/http/api.rb +41 -0
  451. data/lib/puppet/network/http/connection.rb +288 -0
  452. data/lib/puppet/network/http/error.rb +75 -0
  453. data/lib/puppet/network/http/handler.rb +213 -0
  454. data/lib/puppet/network/http/issues.rb +14 -0
  455. data/lib/puppet/network/http/memory_response.rb +15 -0
  456. data/lib/puppet/network/http/request.rb +83 -0
  457. data/lib/puppet/network/http/response.rb +25 -0
  458. data/lib/puppet/network/http/route.rb +104 -0
  459. data/lib/puppet/network/http.rb +30 -0
  460. data/lib/puppet/network/http_pool.rb +78 -0
  461. data/lib/puppet/network/uri.rb +20 -0
  462. data/lib/puppet/network.rb +5 -0
  463. data/lib/puppet/node/environment.rb +638 -0
  464. data/lib/puppet/node/facts.rb +165 -0
  465. data/lib/puppet/node/server_facts.rb +46 -0
  466. data/lib/puppet/node.rb +256 -0
  467. data/lib/puppet/pal/catalog_compiler.rb +107 -0
  468. data/lib/puppet/pal/compiler.rb +227 -0
  469. data/lib/puppet/pal/function_signature.rb +54 -0
  470. data/lib/puppet/pal/json_catalog_encoder.rb +76 -0
  471. data/lib/puppet/pal/pal_api.rb +17 -0
  472. data/lib/puppet/pal/pal_impl.rb +585 -0
  473. data/lib/puppet/pal/plan_signature.rb +73 -0
  474. data/lib/puppet/pal/script_compiler.rb +75 -0
  475. data/lib/puppet/pal/task_signature.rb +64 -0
  476. data/lib/puppet/parameter/boolean.rb +17 -0
  477. data/lib/puppet/parameter/package_options.rb +33 -0
  478. data/lib/puppet/parameter/path.rb +61 -0
  479. data/lib/puppet/parameter/value.rb +93 -0
  480. data/lib/puppet/parameter/value_collection.rb +213 -0
  481. data/lib/puppet/parameter.rb +590 -0
  482. data/lib/puppet/parser/abstract_compiler.rb +35 -0
  483. data/lib/puppet/parser/ast/block_expression.rb +17 -0
  484. data/lib/puppet/parser/ast/branch.rb +21 -0
  485. data/lib/puppet/parser/ast/hostclass.rb +29 -0
  486. data/lib/puppet/parser/ast/leaf.rb +84 -0
  487. data/lib/puppet/parser/ast/node.rb +19 -0
  488. data/lib/puppet/parser/ast/pops_bridge.rb +245 -0
  489. data/lib/puppet/parser/ast/resource.rb +66 -0
  490. data/lib/puppet/parser/ast/resource_instance.rb +13 -0
  491. data/lib/puppet/parser/ast/resourceparam.rb +33 -0
  492. data/lib/puppet/parser/ast/top_level_construct.rb +6 -0
  493. data/lib/puppet/parser/ast.rb +62 -0
  494. data/lib/puppet/parser/catalog_compiler.rb +56 -0
  495. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +41 -0
  496. data/lib/puppet/parser/compiler/catalog_validator.rb +35 -0
  497. data/lib/puppet/parser/compiler.rb +616 -0
  498. data/lib/puppet/parser/e4_parser_adapter.rb +61 -0
  499. data/lib/puppet/parser/files.rb +95 -0
  500. data/lib/puppet/parser/functions/assert_type.rb +62 -0
  501. data/lib/puppet/parser/functions/binary_file.rb +26 -0
  502. data/lib/puppet/parser/functions/break.rb +41 -0
  503. data/lib/puppet/parser/functions/contain.rb +32 -0
  504. data/lib/puppet/parser/functions/create_resources.rb +114 -0
  505. data/lib/puppet/parser/functions/defined.rb +109 -0
  506. data/lib/puppet/parser/functions/dig.rb +40 -0
  507. data/lib/puppet/parser/functions/digest.rb +7 -0
  508. data/lib/puppet/parser/functions/each.rb +106 -0
  509. data/lib/puppet/parser/functions/epp.rb +40 -0
  510. data/lib/puppet/parser/functions/fail.rb +13 -0
  511. data/lib/puppet/parser/functions/file.rb +35 -0
  512. data/lib/puppet/parser/functions/filter.rb +81 -0
  513. data/lib/puppet/parser/functions/find_file.rb +29 -0
  514. data/lib/puppet/parser/functions/fqdn_rand.rb +46 -0
  515. data/lib/puppet/parser/functions/generate.rb +39 -0
  516. data/lib/puppet/parser/functions/hiera.rb +105 -0
  517. data/lib/puppet/parser/functions/hiera_array.rb +93 -0
  518. data/lib/puppet/parser/functions/hiera_hash.rb +103 -0
  519. data/lib/puppet/parser/functions/hiera_include.rb +102 -0
  520. data/lib/puppet/parser/functions/include.rb +36 -0
  521. data/lib/puppet/parser/functions/inline_epp.rb +52 -0
  522. data/lib/puppet/parser/functions/inline_template.rb +28 -0
  523. data/lib/puppet/parser/functions/lest.rb +51 -0
  524. data/lib/puppet/parser/functions/lookup.rb +134 -0
  525. data/lib/puppet/parser/functions/map.rb +78 -0
  526. data/lib/puppet/parser/functions/match.rb +45 -0
  527. data/lib/puppet/parser/functions/md5.rb +7 -0
  528. data/lib/puppet/parser/functions/new.rb +992 -0
  529. data/lib/puppet/parser/functions/next.rb +40 -0
  530. data/lib/puppet/parser/functions/realize.rb +22 -0
  531. data/lib/puppet/parser/functions/reduce.rb +139 -0
  532. data/lib/puppet/parser/functions/regsubst.rb +65 -0
  533. data/lib/puppet/parser/functions/require.rb +43 -0
  534. data/lib/puppet/parser/functions/return.rb +94 -0
  535. data/lib/puppet/parser/functions/reverse_each.rb +85 -0
  536. data/lib/puppet/parser/functions/scanf.rb +40 -0
  537. data/lib/puppet/parser/functions/sha1.rb +7 -0
  538. data/lib/puppet/parser/functions/sha256.rb +7 -0
  539. data/lib/puppet/parser/functions/shellquote.rb +63 -0
  540. data/lib/puppet/parser/functions/slice.rb +41 -0
  541. data/lib/puppet/parser/functions/split.rb +29 -0
  542. data/lib/puppet/parser/functions/sprintf.rb +62 -0
  543. data/lib/puppet/parser/functions/step.rb +86 -0
  544. data/lib/puppet/parser/functions/strftime.rb +187 -0
  545. data/lib/puppet/parser/functions/tag.rb +15 -0
  546. data/lib/puppet/parser/functions/tagged.rb +24 -0
  547. data/lib/puppet/parser/functions/template.rb +42 -0
  548. data/lib/puppet/parser/functions/then.rb +75 -0
  549. data/lib/puppet/parser/functions/type.rb +55 -0
  550. data/lib/puppet/parser/functions/versioncmp.rb +31 -0
  551. data/lib/puppet/parser/functions/with.rb +30 -0
  552. data/lib/puppet/parser/functions.rb +324 -0
  553. data/lib/puppet/parser/parser_factory.rb +32 -0
  554. data/lib/puppet/parser/relationship.rb +90 -0
  555. data/lib/puppet/parser/resource/param.rb +37 -0
  556. data/lib/puppet/parser/resource.rb +353 -0
  557. data/lib/puppet/parser/scope.rb +1141 -0
  558. data/lib/puppet/parser/script_compiler.rb +123 -0
  559. data/lib/puppet/parser/templatewrapper.rb +105 -0
  560. data/lib/puppet/parser/type_loader.rb +151 -0
  561. data/lib/puppet/parser.rb +22 -0
  562. data/lib/puppet/plugins/configuration.rb +31 -0
  563. data/lib/puppet/plugins/syntax_checkers.rb +99 -0
  564. data/lib/puppet/plugins.rb +11 -0
  565. data/lib/puppet/pops/adaptable.rb +199 -0
  566. data/lib/puppet/pops/adapters.rb +159 -0
  567. data/lib/puppet/pops/evaluator/access_operator.rb +732 -0
  568. data/lib/puppet/pops/evaluator/callable_signature.rb +108 -0
  569. data/lib/puppet/pops/evaluator/closure.rb +370 -0
  570. data/lib/puppet/pops/evaluator/collector_transformer.rb +237 -0
  571. data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +88 -0
  572. data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +30 -0
  573. data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +71 -0
  574. data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +38 -0
  575. data/lib/puppet/pops/evaluator/compare_operator.rb +269 -0
  576. data/lib/puppet/pops/evaluator/deferred_resolver.rb +227 -0
  577. data/lib/puppet/pops/evaluator/epp_evaluator.rb +121 -0
  578. data/lib/puppet/pops/evaluator/evaluator_impl.rb +1317 -0
  579. data/lib/puppet/pops/evaluator/external_syntax_support.rb +47 -0
  580. data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +83 -0
  581. data/lib/puppet/pops/evaluator/literal_evaluator.rb +100 -0
  582. data/lib/puppet/pops/evaluator/puppet_proc.rb +72 -0
  583. data/lib/puppet/pops/evaluator/relationship_operator.rb +188 -0
  584. data/lib/puppet/pops/evaluator/runtime3_converter.rb +225 -0
  585. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
  586. data/lib/puppet/pops/evaluator/runtime3_support.rb +528 -0
  587. data/lib/puppet/pops/functions/dispatch.rb +107 -0
  588. data/lib/puppet/pops/functions/dispatcher.rb +76 -0
  589. data/lib/puppet/pops/functions/function.rb +137 -0
  590. data/lib/puppet/pops/issue_reporter.rb +140 -0
  591. data/lib/puppet/pops/issues.rb +933 -0
  592. data/lib/puppet/pops/label_provider.rb +92 -0
  593. data/lib/puppet/pops/loader/base_loader.rb +178 -0
  594. data/lib/puppet/pops/loader/dependency_loader.rb +95 -0
  595. data/lib/puppet/pops/loader/gem_support.rb +54 -0
  596. data/lib/puppet/pops/loader/generic_plan_instantiator.rb +30 -0
  597. data/lib/puppet/pops/loader/loader.rb +221 -0
  598. data/lib/puppet/pops/loader/loader_paths.rb +413 -0
  599. data/lib/puppet/pops/loader/module_loaders.rb +552 -0
  600. data/lib/puppet/pops/loader/predefined_loader.rb +28 -0
  601. data/lib/puppet/pops/loader/puppet_function_instantiator.rb +88 -0
  602. data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +97 -0
  603. data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +80 -0
  604. data/lib/puppet/pops/loader/ruby_data_type_instantiator.rb +43 -0
  605. data/lib/puppet/pops/loader/ruby_function_instantiator.rb +49 -0
  606. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +130 -0
  607. data/lib/puppet/pops/loader/runtime3_type_loader.rb +104 -0
  608. data/lib/puppet/pops/loader/simple_environment_loader.rb +20 -0
  609. data/lib/puppet/pops/loader/static_loader.rb +133 -0
  610. data/lib/puppet/pops/loader/task_instantiator.rb +46 -0
  611. data/lib/puppet/pops/loader/type_definition_instantiator.rb +104 -0
  612. data/lib/puppet/pops/loader/typed_name.rb +56 -0
  613. data/lib/puppet/pops/loader/uri_helper.rb +24 -0
  614. data/lib/puppet/pops/loaders.rb +550 -0
  615. data/lib/puppet/pops/lookup/configured_data_provider.rb +95 -0
  616. data/lib/puppet/pops/lookup/context.rb +208 -0
  617. data/lib/puppet/pops/lookup/data_adapter.rb +29 -0
  618. data/lib/puppet/pops/lookup/data_dig_function_provider.rb +146 -0
  619. data/lib/puppet/pops/lookup/data_hash_function_provider.rb +128 -0
  620. data/lib/puppet/pops/lookup/data_provider.rb +94 -0
  621. data/lib/puppet/pops/lookup/environment_data_provider.rb +37 -0
  622. data/lib/puppet/pops/lookup/explainer.rb +597 -0
  623. data/lib/puppet/pops/lookup/function_provider.rb +112 -0
  624. data/lib/puppet/pops/lookup/global_data_provider.rb +76 -0
  625. data/lib/puppet/pops/lookup/hiera_config.rb +823 -0
  626. data/lib/puppet/pops/lookup/interpolation.rb +166 -0
  627. data/lib/puppet/pops/lookup/invocation.rb +272 -0
  628. data/lib/puppet/pops/lookup/key_recorder.rb +21 -0
  629. data/lib/puppet/pops/lookup/location_resolver.rb +101 -0
  630. data/lib/puppet/pops/lookup/lookup_adapter.rb +533 -0
  631. data/lib/puppet/pops/lookup/lookup_key.rb +101 -0
  632. data/lib/puppet/pops/lookup/lookup_key_function_provider.rb +94 -0
  633. data/lib/puppet/pops/lookup/module_data_provider.rb +92 -0
  634. data/lib/puppet/pops/lookup/sub_lookup.rb +96 -0
  635. data/lib/puppet/pops/lookup.rb +102 -0
  636. data/lib/puppet/pops/merge_strategy.rb +447 -0
  637. data/lib/puppet/pops/migration/migration_checker.rb +61 -0
  638. data/lib/puppet/pops/model/ast.pp +669 -0
  639. data/lib/puppet/pops/model/ast.rb +4776 -0
  640. data/lib/puppet/pops/model/ast_transformer.rb +131 -0
  641. data/lib/puppet/pops/model/factory.rb +1157 -0
  642. data/lib/puppet/pops/model/model_label_provider.rb +137 -0
  643. data/lib/puppet/pops/model/model_tree_dumper.rb +447 -0
  644. data/lib/puppet/pops/model/pn_transformer.rb +384 -0
  645. data/lib/puppet/pops/model/tree_dumper.rb +62 -0
  646. data/lib/puppet/pops/parser/code_merger.rb +29 -0
  647. data/lib/puppet/pops/parser/egrammar.ra +889 -0
  648. data/lib/puppet/pops/parser/eparser.rb +3184 -0
  649. data/lib/puppet/pops/parser/epp_parser.rb +52 -0
  650. data/lib/puppet/pops/parser/epp_support.rb +266 -0
  651. data/lib/puppet/pops/parser/evaluating_parser.rb +166 -0
  652. data/lib/puppet/pops/parser/heredoc_support.rb +153 -0
  653. data/lib/puppet/pops/parser/interpolation_support.rb +249 -0
  654. data/lib/puppet/pops/parser/lexer2.rb +789 -0
  655. data/lib/puppet/pops/parser/lexer_support.rb +221 -0
  656. data/lib/puppet/pops/parser/locatable.rb +23 -0
  657. data/lib/puppet/pops/parser/locator.rb +361 -0
  658. data/lib/puppet/pops/parser/parser_support.rb +252 -0
  659. data/lib/puppet/pops/parser/pn_parser.rb +318 -0
  660. data/lib/puppet/pops/parser/slurp_support.rb +119 -0
  661. data/lib/puppet/pops/patterns.rb +60 -0
  662. data/lib/puppet/pops/pcore.rb +136 -0
  663. data/lib/puppet/pops/pn.rb +239 -0
  664. data/lib/puppet/pops/puppet_stack.rb +63 -0
  665. data/lib/puppet/pops/resource/param.rb +56 -0
  666. data/lib/puppet/pops/resource/resource_type_impl.rb +296 -0
  667. data/lib/puppet/pops/resource/resource_type_set.pcore +22 -0
  668. data/lib/puppet/pops/semantic_error.rb +31 -0
  669. data/lib/puppet/pops/serialization/abstract_reader.rb +182 -0
  670. data/lib/puppet/pops/serialization/abstract_writer.rb +224 -0
  671. data/lib/puppet/pops/serialization/deserializer.rb +83 -0
  672. data/lib/puppet/pops/serialization/extension.rb +166 -0
  673. data/lib/puppet/pops/serialization/from_data_converter.rb +231 -0
  674. data/lib/puppet/pops/serialization/instance_reader.rb +21 -0
  675. data/lib/puppet/pops/serialization/instance_writer.rb +16 -0
  676. data/lib/puppet/pops/serialization/json.rb +301 -0
  677. data/lib/puppet/pops/serialization/json_path.rb +129 -0
  678. data/lib/puppet/pops/serialization/object.rb +73 -0
  679. data/lib/puppet/pops/serialization/serializer.rb +144 -0
  680. data/lib/puppet/pops/serialization/time_factory.rb +68 -0
  681. data/lib/puppet/pops/serialization/to_data_converter.rb +316 -0
  682. data/lib/puppet/pops/serialization/to_stringified_converter.rb +227 -0
  683. data/lib/puppet/pops/serialization.rb +45 -0
  684. data/lib/puppet/pops/time/timespan.rb +728 -0
  685. data/lib/puppet/pops/time/timestamp.rb +167 -0
  686. data/lib/puppet/pops/types/annotatable.rb +37 -0
  687. data/lib/puppet/pops/types/annotation.rb +73 -0
  688. data/lib/puppet/pops/types/class_loader.rb +134 -0
  689. data/lib/puppet/pops/types/implementation_registry.rb +137 -0
  690. data/lib/puppet/pops/types/iterable.rb +375 -0
  691. data/lib/puppet/pops/types/p_binary_type.rb +232 -0
  692. data/lib/puppet/pops/types/p_init_type.rb +241 -0
  693. data/lib/puppet/pops/types/p_meta_type.rb +95 -0
  694. data/lib/puppet/pops/types/p_object_type.rb +1142 -0
  695. data/lib/puppet/pops/types/p_object_type_extension.rb +229 -0
  696. data/lib/puppet/pops/types/p_runtime_type.rb +117 -0
  697. data/lib/puppet/pops/types/p_sem_ver_range_type.rb +191 -0
  698. data/lib/puppet/pops/types/p_sem_ver_type.rb +155 -0
  699. data/lib/puppet/pops/types/p_sensitive_type.rb +81 -0
  700. data/lib/puppet/pops/types/p_timespan_type.rb +194 -0
  701. data/lib/puppet/pops/types/p_timestamp_type.rb +74 -0
  702. data/lib/puppet/pops/types/p_type_set_type.rb +394 -0
  703. data/lib/puppet/pops/types/p_uri_type.rb +198 -0
  704. data/lib/puppet/pops/types/puppet_object.rb +41 -0
  705. data/lib/puppet/pops/types/recursion_guard.rb +142 -0
  706. data/lib/puppet/pops/types/ruby_generator.rb +477 -0
  707. data/lib/puppet/pops/types/ruby_method.rb +32 -0
  708. data/lib/puppet/pops/types/string_converter.rb +1144 -0
  709. data/lib/puppet/pops/types/tree_iterators.rb +250 -0
  710. data/lib/puppet/pops/types/type_acceptor.rb +27 -0
  711. data/lib/puppet/pops/types/type_asserter.rb +49 -0
  712. data/lib/puppet/pops/types/type_assertion_error.rb +27 -0
  713. data/lib/puppet/pops/types/type_calculator.rb +829 -0
  714. data/lib/puppet/pops/types/type_conversion_error.rb +7 -0
  715. data/lib/puppet/pops/types/type_factory.rb +640 -0
  716. data/lib/puppet/pops/types/type_formatter.rb +796 -0
  717. data/lib/puppet/pops/types/type_mismatch_describer.rb +1105 -0
  718. data/lib/puppet/pops/types/type_parser.rb +690 -0
  719. data/lib/puppet/pops/types/type_set_reference.rb +62 -0
  720. data/lib/puppet/pops/types/type_with_members.rb +43 -0
  721. data/lib/puppet/pops/types/types.rb +3651 -0
  722. data/lib/puppet/pops/utils.rb +117 -0
  723. data/lib/puppet/pops/validation/checker4_0.rb +1155 -0
  724. data/lib/puppet/pops/validation/tasks_checker.rb +95 -0
  725. data/lib/puppet/pops/validation/validator_factory_4_0.rb +45 -0
  726. data/lib/puppet/pops/validation.rb +462 -0
  727. data/lib/puppet/pops/visitable.rb +8 -0
  728. data/lib/puppet/pops/visitor.rb +136 -0
  729. data/lib/puppet/pops.rb +124 -0
  730. data/lib/puppet/property/boolean.rb +9 -0
  731. data/lib/puppet/property/ensure.rb +107 -0
  732. data/lib/puppet/property/keyvalue.rb +159 -0
  733. data/lib/puppet/property/list.rb +71 -0
  734. data/lib/puppet/property/ordered_list.rb +30 -0
  735. data/lib/puppet/property.rb +610 -0
  736. data/lib/puppet/provider/aix_object.rb +491 -0
  737. data/lib/puppet/provider/command.rb +27 -0
  738. data/lib/puppet/provider/confine.rb +8 -0
  739. data/lib/puppet/provider/exec/posix.rb +63 -0
  740. data/lib/puppet/provider/exec/shell.rb +27 -0
  741. data/lib/puppet/provider/exec/windows.rb +57 -0
  742. data/lib/puppet/provider/exec.rb +107 -0
  743. data/lib/puppet/provider/file/posix.rb +162 -0
  744. data/lib/puppet/provider/file/windows.rb +151 -0
  745. data/lib/puppet/provider/group/aix.rb +101 -0
  746. data/lib/puppet/provider/group/directoryservice.rb +24 -0
  747. data/lib/puppet/provider/group/groupadd.rb +180 -0
  748. data/lib/puppet/provider/group/ldap.rb +51 -0
  749. data/lib/puppet/provider/group/pw.rb +52 -0
  750. data/lib/puppet/provider/group/windows_adsi.rb +116 -0
  751. data/lib/puppet/provider/ldap.rb +143 -0
  752. data/lib/puppet/provider/nameservice/directoryservice.rb +522 -0
  753. data/lib/puppet/provider/nameservice/objectadd.rb +22 -0
  754. data/lib/puppet/provider/nameservice/pw.rb +21 -0
  755. data/lib/puppet/provider/nameservice.rb +297 -0
  756. data/lib/puppet/provider/network_device.rb +74 -0
  757. data/lib/puppet/provider/package/aix.rb +171 -0
  758. data/lib/puppet/provider/package/appdmg.rb +113 -0
  759. data/lib/puppet/provider/package/apple.rb +49 -0
  760. data/lib/puppet/provider/package/apt.rb +265 -0
  761. data/lib/puppet/provider/package/aptitude.rb +35 -0
  762. data/lib/puppet/provider/package/aptrpm.rb +87 -0
  763. data/lib/puppet/provider/package/blastwave.rb +109 -0
  764. data/lib/puppet/provider/package/dnf.rb +57 -0
  765. data/lib/puppet/provider/package/dnfmodule.rb +143 -0
  766. data/lib/puppet/provider/package/dpkg.rb +191 -0
  767. data/lib/puppet/provider/package/fink.rb +99 -0
  768. data/lib/puppet/provider/package/freebsd.rb +49 -0
  769. data/lib/puppet/provider/package/gem.rb +296 -0
  770. data/lib/puppet/provider/package/hpux.rb +46 -0
  771. data/lib/puppet/provider/package/macports.rb +112 -0
  772. data/lib/puppet/provider/package/nim.rb +290 -0
  773. data/lib/puppet/provider/package/openbsd.rb +263 -0
  774. data/lib/puppet/provider/package/opkg.rb +85 -0
  775. data/lib/puppet/provider/package/pacman.rb +270 -0
  776. data/lib/puppet/provider/package/pip.rb +347 -0
  777. data/lib/puppet/provider/package/pip2.rb +18 -0
  778. data/lib/puppet/provider/package/pip3.rb +18 -0
  779. data/lib/puppet/provider/package/pkg.rb +300 -0
  780. data/lib/puppet/provider/package/pkgdmg.rb +159 -0
  781. data/lib/puppet/provider/package/pkgin.rb +88 -0
  782. data/lib/puppet/provider/package/pkgng.rb +178 -0
  783. data/lib/puppet/provider/package/pkgutil.rb +186 -0
  784. data/lib/puppet/provider/package/portage.rb +314 -0
  785. data/lib/puppet/provider/package/ports.rb +94 -0
  786. data/lib/puppet/provider/package/portupgrade.rb +233 -0
  787. data/lib/puppet/provider/package/puppet_gem.rb +25 -0
  788. data/lib/puppet/provider/package/puppetserver_gem.rb +174 -0
  789. data/lib/puppet/provider/package/rpm.rb +255 -0
  790. data/lib/puppet/provider/package/rug.rb +51 -0
  791. data/lib/puppet/provider/package/sun.rb +137 -0
  792. data/lib/puppet/provider/package/sunfreeware.rb +11 -0
  793. data/lib/puppet/provider/package/tdnf.rb +35 -0
  794. data/lib/puppet/provider/package/up2date.rb +40 -0
  795. data/lib/puppet/provider/package/urpmi.rb +57 -0
  796. data/lib/puppet/provider/package/windows/exe_package.rb +108 -0
  797. data/lib/puppet/provider/package/windows/msi_package.rb +72 -0
  798. data/lib/puppet/provider/package/windows/package.rb +113 -0
  799. data/lib/puppet/provider/package/windows.rb +131 -0
  800. data/lib/puppet/provider/package/xbps.rb +127 -0
  801. data/lib/puppet/provider/package/yum.rb +390 -0
  802. data/lib/puppet/provider/package/zypper.rb +206 -0
  803. data/lib/puppet/provider/package.rb +61 -0
  804. data/lib/puppet/provider/package_targetable.rb +71 -0
  805. data/lib/puppet/provider/parsedfile.rb +494 -0
  806. data/lib/puppet/provider/service/base.rb +135 -0
  807. data/lib/puppet/provider/service/bsd.rb +53 -0
  808. data/lib/puppet/provider/service/daemontools.rb +196 -0
  809. data/lib/puppet/provider/service/debian.rb +77 -0
  810. data/lib/puppet/provider/service/freebsd.rb +141 -0
  811. data/lib/puppet/provider/service/gentoo.rb +47 -0
  812. data/lib/puppet/provider/service/init.rb +194 -0
  813. data/lib/puppet/provider/service/launchd.rb +391 -0
  814. data/lib/puppet/provider/service/openbsd.rb +101 -0
  815. data/lib/puppet/provider/service/openrc.rb +72 -0
  816. data/lib/puppet/provider/service/openwrt.rb +37 -0
  817. data/lib/puppet/provider/service/rcng.rb +53 -0
  818. data/lib/puppet/provider/service/redhat.rb +75 -0
  819. data/lib/puppet/provider/service/runit.rb +107 -0
  820. data/lib/puppet/provider/service/service.rb +67 -0
  821. data/lib/puppet/provider/service/smf.rb +322 -0
  822. data/lib/puppet/provider/service/src.rb +147 -0
  823. data/lib/puppet/provider/service/systemd.rb +232 -0
  824. data/lib/puppet/provider/service/upstart.rb +385 -0
  825. data/lib/puppet/provider/service/windows.rb +179 -0
  826. data/lib/puppet/provider/user/aix.rb +365 -0
  827. data/lib/puppet/provider/user/directoryservice.rb +687 -0
  828. data/lib/puppet/provider/user/hpux.rb +93 -0
  829. data/lib/puppet/provider/user/ldap.rb +135 -0
  830. data/lib/puppet/provider/user/openbsd.rb +79 -0
  831. data/lib/puppet/provider/user/pw.rb +109 -0
  832. data/lib/puppet/provider/user/user_role_add.rb +243 -0
  833. data/lib/puppet/provider/user/useradd.rb +417 -0
  834. data/lib/puppet/provider/user/windows_adsi.rb +176 -0
  835. data/lib/puppet/provider.rb +613 -0
  836. data/lib/puppet/reference/configuration.rb +105 -0
  837. data/lib/puppet/reference/function.rb +19 -0
  838. data/lib/puppet/reference/indirection.rb +76 -0
  839. data/lib/puppet/reference/metaparameter.rb +35 -0
  840. data/lib/puppet/reference/providers.rb +119 -0
  841. data/lib/puppet/reference/report.rb +22 -0
  842. data/lib/puppet/reference/type.rb +111 -0
  843. data/lib/puppet/relationship.rb +85 -0
  844. data/lib/puppet/reports/http.rb +45 -0
  845. data/lib/puppet/reports/log.rb +15 -0
  846. data/lib/puppet/reports/store.rb +71 -0
  847. data/lib/puppet/reports.rb +95 -0
  848. data/lib/puppet/resource/catalog.rb +655 -0
  849. data/lib/puppet/resource/status.rb +231 -0
  850. data/lib/puppet/resource/type.rb +449 -0
  851. data/lib/puppet/resource/type_collection.rb +235 -0
  852. data/lib/puppet/resource.rb +673 -0
  853. data/lib/puppet/runtime.rb +67 -0
  854. data/lib/puppet/scheduler/job.rb +55 -0
  855. data/lib/puppet/scheduler/scheduler.rb +46 -0
  856. data/lib/puppet/scheduler/splay_job.rb +45 -0
  857. data/lib/puppet/scheduler/timer.rb +15 -0
  858. data/lib/puppet/scheduler.rb +18 -0
  859. data/lib/puppet/settings/alias_setting.rb +37 -0
  860. data/lib/puppet/settings/array_setting.rb +18 -0
  861. data/lib/puppet/settings/autosign_setting.rb +23 -0
  862. data/lib/puppet/settings/base_setting.rb +228 -0
  863. data/lib/puppet/settings/boolean_setting.rb +34 -0
  864. data/lib/puppet/settings/certificate_revocation_setting.rb +22 -0
  865. data/lib/puppet/settings/config_file.rb +148 -0
  866. data/lib/puppet/settings/directory_setting.rb +20 -0
  867. data/lib/puppet/settings/duration_setting.rb +33 -0
  868. data/lib/puppet/settings/enum_setting.rb +18 -0
  869. data/lib/puppet/settings/environment_conf.rb +228 -0
  870. data/lib/puppet/settings/errors.rb +14 -0
  871. data/lib/puppet/settings/file_or_directory_setting.rb +37 -0
  872. data/lib/puppet/settings/file_setting.rb +232 -0
  873. data/lib/puppet/settings/http_extra_headers_setting.rb +26 -0
  874. data/lib/puppet/settings/ini_file.rb +228 -0
  875. data/lib/puppet/settings/integer_setting.rb +19 -0
  876. data/lib/puppet/settings/path_setting.rb +10 -0
  877. data/lib/puppet/settings/port_setting.rb +17 -0
  878. data/lib/puppet/settings/priority_setting.rb +44 -0
  879. data/lib/puppet/settings/server_list_setting.rb +30 -0
  880. data/lib/puppet/settings/string_setting.rb +11 -0
  881. data/lib/puppet/settings/symbolic_enum_setting.rb +19 -0
  882. data/lib/puppet/settings/terminus_setting.rb +16 -0
  883. data/lib/puppet/settings/ttl_setting.rb +53 -0
  884. data/lib/puppet/settings/value_translator.rb +16 -0
  885. data/lib/puppet/settings.rb +1650 -0
  886. data/lib/puppet/ssl/base.rb +152 -0
  887. data/lib/puppet/ssl/certificate.rb +98 -0
  888. data/lib/puppet/ssl/certificate_request.rb +320 -0
  889. data/lib/puppet/ssl/certificate_request_attributes.rb +40 -0
  890. data/lib/puppet/ssl/certificate_signer.rb +39 -0
  891. data/lib/puppet/ssl/digest.rb +22 -0
  892. data/lib/puppet/ssl/error.rb +29 -0
  893. data/lib/puppet/ssl/oids.rb +199 -0
  894. data/lib/puppet/ssl/openssl_loader.rb +26 -0
  895. data/lib/puppet/ssl/ssl_context.rb +27 -0
  896. data/lib/puppet/ssl/ssl_provider.rb +354 -0
  897. data/lib/puppet/ssl/state_machine.rb +605 -0
  898. data/lib/puppet/ssl/verifier.rb +143 -0
  899. data/lib/puppet/ssl.rb +25 -0
  900. data/lib/puppet/syntax_checkers/base64.rb +42 -0
  901. data/lib/puppet/syntax_checkers/epp.rb +35 -0
  902. data/lib/puppet/syntax_checkers/json.rb +35 -0
  903. data/lib/puppet/syntax_checkers/pp.rb +35 -0
  904. data/lib/puppet/syntax_checkers.rb +5 -0
  905. data/lib/puppet/test/test_helper.rb +251 -0
  906. data/lib/puppet/thread_local.rb +6 -0
  907. data/lib/puppet/transaction/additional_resource_generator.rb +225 -0
  908. data/lib/puppet/transaction/event.rb +171 -0
  909. data/lib/puppet/transaction/event_manager.rb +180 -0
  910. data/lib/puppet/transaction/persistence.rb +119 -0
  911. data/lib/puppet/transaction/report.rb +511 -0
  912. data/lib/puppet/transaction/resource_harness.rb +331 -0
  913. data/lib/puppet/transaction.rb +493 -0
  914. data/lib/puppet/trusted_external.rb +46 -0
  915. data/lib/puppet/type/component.rb +96 -0
  916. data/lib/puppet/type/exec.rb +730 -0
  917. data/lib/puppet/type/file/checksum.rb +54 -0
  918. data/lib/puppet/type/file/checksum_value.rb +56 -0
  919. data/lib/puppet/type/file/content.rb +180 -0
  920. data/lib/puppet/type/file/ctime.rb +22 -0
  921. data/lib/puppet/type/file/data_sync.rb +101 -0
  922. data/lib/puppet/type/file/ensure.rb +194 -0
  923. data/lib/puppet/type/file/group.rb +50 -0
  924. data/lib/puppet/type/file/mode.rb +192 -0
  925. data/lib/puppet/type/file/mtime.rb +21 -0
  926. data/lib/puppet/type/file/owner.rb +52 -0
  927. data/lib/puppet/type/file/selcontext.rb +143 -0
  928. data/lib/puppet/type/file/source.rb +380 -0
  929. data/lib/puppet/type/file/target.rb +86 -0
  930. data/lib/puppet/type/file/type.rb +21 -0
  931. data/lib/puppet/type/file.rb +1139 -0
  932. data/lib/puppet/type/filebucket.rb +123 -0
  933. data/lib/puppet/type/group.rb +238 -0
  934. data/lib/puppet/type/notify.rb +48 -0
  935. data/lib/puppet/type/package.rb +715 -0
  936. data/lib/puppet/type/resources.rb +192 -0
  937. data/lib/puppet/type/schedule.rb +441 -0
  938. data/lib/puppet/type/service.rb +310 -0
  939. data/lib/puppet/type/stage.rb +29 -0
  940. data/lib/puppet/type/tidy.rb +382 -0
  941. data/lib/puppet/type/user.rb +865 -0
  942. data/lib/puppet/type/whit.rb +35 -0
  943. data/lib/puppet/type.rb +2629 -0
  944. data/lib/puppet/util/at_fork/noop.rb +20 -0
  945. data/lib/puppet/util/at_fork/solaris.rb +158 -0
  946. data/lib/puppet/util/at_fork.rb +37 -0
  947. data/lib/puppet/util/autoload.rb +221 -0
  948. data/lib/puppet/util/backups.rb +88 -0
  949. data/lib/puppet/util/character_encoding.rb +83 -0
  950. data/lib/puppet/util/checksums.rb +380 -0
  951. data/lib/puppet/util/classgen.rb +223 -0
  952. data/lib/puppet/util/colors.rb +102 -0
  953. data/lib/puppet/util/command_line/puppet_option_parser.rb +89 -0
  954. data/lib/puppet/util/command_line/trollop.rb +847 -0
  955. data/lib/puppet/util/command_line.rb +198 -0
  956. data/lib/puppet/util/constant_inflector.rb +25 -0
  957. data/lib/puppet/util/diff.rb +80 -0
  958. data/lib/puppet/util/docs.rb +132 -0
  959. data/lib/puppet/util/errors.rb +161 -0
  960. data/lib/puppet/util/execution.rb +446 -0
  961. data/lib/puppet/util/execution_stub.rb +28 -0
  962. data/lib/puppet/util/feature.rb +129 -0
  963. data/lib/puppet/util/file_watcher.rb +31 -0
  964. data/lib/puppet/util/fileparsing.rb +404 -0
  965. data/lib/puppet/util/filetype.rb +358 -0
  966. data/lib/puppet/util/http_proxy.rb +6 -0
  967. data/lib/puppet/util/inifile.rb +335 -0
  968. data/lib/puppet/util/instance_loader.rb +69 -0
  969. data/lib/puppet/util/json.rb +94 -0
  970. data/lib/puppet/util/json_lockfile.rb +47 -0
  971. data/lib/puppet/util/ldap/connection.rb +75 -0
  972. data/lib/puppet/util/ldap/generator.rb +44 -0
  973. data/lib/puppet/util/ldap/manager.rb +283 -0
  974. data/lib/puppet/util/ldap.rb +4 -0
  975. data/lib/puppet/util/libuser.conf +15 -0
  976. data/lib/puppet/util/libuser.rb +13 -0
  977. data/lib/puppet/util/limits.rb +14 -0
  978. data/lib/puppet/util/lockfile.rb +66 -0
  979. data/lib/puppet/util/log/destination.rb +50 -0
  980. data/lib/puppet/util/log/destinations.rb +253 -0
  981. data/lib/puppet/util/log.rb +436 -0
  982. data/lib/puppet/util/logging.rb +304 -0
  983. data/lib/puppet/util/metaid.rb +22 -0
  984. data/lib/puppet/util/metric.rb +68 -0
  985. data/lib/puppet/util/monkey_patches.rb +114 -0
  986. data/lib/puppet/util/multi_match.rb +55 -0
  987. data/lib/puppet/util/network_device/base.rb +24 -0
  988. data/lib/puppet/util/network_device/config.rb +105 -0
  989. data/lib/puppet/util/network_device/transport/base.rb +26 -0
  990. data/lib/puppet/util/network_device/transport.rb +7 -0
  991. data/lib/puppet/util/network_device.rb +19 -0
  992. data/lib/puppet/util/package/version/debian.rb +177 -0
  993. data/lib/puppet/util/package/version/gem.rb +18 -0
  994. data/lib/puppet/util/package/version/pip.rb +173 -0
  995. data/lib/puppet/util/package/version/range/eq.rb +17 -0
  996. data/lib/puppet/util/package/version/range/gt.rb +17 -0
  997. data/lib/puppet/util/package/version/range/gt_eq.rb +17 -0
  998. data/lib/puppet/util/package/version/range/lt.rb +17 -0
  999. data/lib/puppet/util/package/version/range/lt_eq.rb +17 -0
  1000. data/lib/puppet/util/package/version/range/min_max.rb +26 -0
  1001. data/lib/puppet/util/package/version/range/simple.rb +13 -0
  1002. data/lib/puppet/util/package/version/range.rb +57 -0
  1003. data/lib/puppet/util/package/version/rpm.rb +75 -0
  1004. data/lib/puppet/util/package.rb +43 -0
  1005. data/lib/puppet/util/pidlock.rb +103 -0
  1006. data/lib/puppet/util/platform.rb +72 -0
  1007. data/lib/puppet/util/plist.rb +161 -0
  1008. data/lib/puppet/util/posix.rb +206 -0
  1009. data/lib/puppet/util/profiler/aggregate.rb +82 -0
  1010. data/lib/puppet/util/profiler/around_profiler.rb +68 -0
  1011. data/lib/puppet/util/profiler/logging.rb +50 -0
  1012. data/lib/puppet/util/profiler/object_counts.rb +19 -0
  1013. data/lib/puppet/util/profiler/wall_clock.rb +36 -0
  1014. data/lib/puppet/util/profiler.rb +55 -0
  1015. data/lib/puppet/util/provider_features.rb +183 -0
  1016. data/lib/puppet/util/psych_support.rb +32 -0
  1017. data/lib/puppet/util/rdoc/code_objects.rb +293 -0
  1018. data/lib/puppet/util/rdoc/generators/puppet_generator.rb +902 -0
  1019. data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +1068 -0
  1020. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +262 -0
  1021. data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +16 -0
  1022. data/lib/puppet/util/rdoc/parser.rb +14 -0
  1023. data/lib/puppet/util/rdoc.rb +54 -0
  1024. data/lib/puppet/util/reference.rb +94 -0
  1025. data/lib/puppet/util/resource_template.rb +63 -0
  1026. data/lib/puppet/util/retry_action.rb +47 -0
  1027. data/lib/puppet/util/rpm_compare.rb +196 -0
  1028. data/lib/puppet/util/rubygems.rb +67 -0
  1029. data/lib/puppet/util/run_mode.rb +164 -0
  1030. data/lib/puppet/util/selinux.rb +331 -0
  1031. data/lib/puppet/util/skip_tags.rb +15 -0
  1032. data/lib/puppet/util/splayer.rb +20 -0
  1033. data/lib/puppet/util/storage.rb +100 -0
  1034. data/lib/puppet/util/suidmanager.rb +167 -0
  1035. data/lib/puppet/util/symbolic_file_mode.rb +156 -0
  1036. data/lib/puppet/util/tag_set.rb +29 -0
  1037. data/lib/puppet/util/tagging.rb +131 -0
  1038. data/lib/puppet/util/terminal.rb +18 -0
  1039. data/lib/puppet/util/user_attr.rb +23 -0
  1040. data/lib/puppet/util/warnings.rb +35 -0
  1041. data/lib/puppet/util/watched_file.rb +40 -0
  1042. data/lib/puppet/util/watcher/change_watcher.rb +35 -0
  1043. data/lib/puppet/util/watcher/periodic_watcher.rb +38 -0
  1044. data/lib/puppet/util/watcher/timer.rb +21 -0
  1045. data/lib/puppet/util/watcher.rb +17 -0
  1046. data/lib/puppet/util/windows/access_control_entry.rb +86 -0
  1047. data/lib/puppet/util/windows/access_control_list.rb +116 -0
  1048. data/lib/puppet/util/windows/adsi.rb +662 -0
  1049. data/lib/puppet/util/windows/com.rb +228 -0
  1050. data/lib/puppet/util/windows/daemon.rb +340 -0
  1051. data/lib/puppet/util/windows/error.rb +86 -0
  1052. data/lib/puppet/util/windows/eventlog.rb +191 -0
  1053. data/lib/puppet/util/windows/file.rb +359 -0
  1054. data/lib/puppet/util/windows/monkey_patches/process.rb +413 -0
  1055. data/lib/puppet/util/windows/principal.rb +204 -0
  1056. data/lib/puppet/util/windows/process.rb +360 -0
  1057. data/lib/puppet/util/windows/registry.rb +443 -0
  1058. data/lib/puppet/util/windows/root_certs.rb +110 -0
  1059. data/lib/puppet/util/windows/security.rb +909 -0
  1060. data/lib/puppet/util/windows/security_descriptor.rb +64 -0
  1061. data/lib/puppet/util/windows/service.rb +708 -0
  1062. data/lib/puppet/util/windows/sid.rb +291 -0
  1063. data/lib/puppet/util/windows/string.rb +17 -0
  1064. data/lib/puppet/util/windows/user.rb +551 -0
  1065. data/lib/puppet/util/windows.rb +58 -0
  1066. data/lib/puppet/util/yaml.rb +67 -0
  1067. data/lib/puppet/util.rb +759 -0
  1068. data/lib/puppet/vendor/require_vendored.rb +4 -0
  1069. data/lib/puppet/vendor.rb +59 -0
  1070. data/lib/puppet/version.rb +98 -0
  1071. data/lib/puppet/x509/cert_provider.rb +405 -0
  1072. data/lib/puppet/x509/pem_store.rb +57 -0
  1073. data/lib/puppet/x509.rb +13 -0
  1074. data/lib/puppet.rb +348 -0
  1075. data/lib/puppet_pal.rb +10 -0
  1076. data/lib/puppet_x.rb +16 -0
  1077. data/locales/config.yaml +29 -0
  1078. data/locales/en/puppet.po +19 -0
  1079. data/locales/puppet.pot +9738 -0
  1080. data/man/man5/puppet.conf.5 +1407 -0
  1081. data/man/man8/puppet-agent.8 +135 -0
  1082. data/man/man8/puppet-apply.8 +67 -0
  1083. data/man/man8/puppet-catalog.8 +194 -0
  1084. data/man/man8/puppet-config.8 +103 -0
  1085. data/man/man8/puppet-describe.8 +35 -0
  1086. data/man/man8/puppet-device.8 +83 -0
  1087. data/man/man8/puppet-doc.8 +30 -0
  1088. data/man/man8/puppet-epp.8 +232 -0
  1089. data/man/man8/puppet-facts.8 +156 -0
  1090. data/man/man8/puppet-filebucket.8 +134 -0
  1091. data/man/man8/puppet-generate.8 +54 -0
  1092. data/man/man8/puppet-help.8 +46 -0
  1093. data/man/man8/puppet-lookup.8 +71 -0
  1094. data/man/man8/puppet-module.8 +220 -0
  1095. data/man/man8/puppet-node.8 +142 -0
  1096. data/man/man8/puppet-parser.8 +87 -0
  1097. data/man/man8/puppet-plugin.8 +50 -0
  1098. data/man/man8/puppet-report.8 +84 -0
  1099. data/man/man8/puppet-resource.8 +63 -0
  1100. data/man/man8/puppet-script.8 +48 -0
  1101. data/man/man8/puppet-ssl.8 +45 -0
  1102. data/man/man8/puppet.8 +98 -0
  1103. data/tasks/tag.rake +34 -0
  1104. metadata +1336 -0
@@ -0,0 +1,909 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This class maps POSIX owner, group, and modes to the Windows
4
+ # security model, and back.
5
+ #
6
+ # The primary goal of this mapping is to ensure that owner, group, and
7
+ # modes can be round-tripped in a consistent and deterministic
8
+ # way. Otherwise, Puppet might think file resources are out-of-sync
9
+ # every time it runs. A secondary goal is to provide equivalent
10
+ # permissions for common use-cases. For example, setting the owner to
11
+ # "Administrators", group to "Users", and mode to 750 (which also
12
+ # denies access to everyone else.
13
+ #
14
+ # There are some well-known problems mapping windows and POSIX
15
+ # permissions due to differences between the two security
16
+ # models. Search for "POSIX permission mapping leak". In POSIX, access
17
+ # to a file is determined solely based on the most specific class
18
+ # (user, group, other). So a mode of 460 would deny write access to
19
+ # the owner even if they are a member of the group. But in Windows,
20
+ # the entire access control list is walked until the user is
21
+ # explicitly denied or allowed (denied take precedence, and if neither
22
+ # occurs they are denied). As a result, a user could be allowed access
23
+ # based on their group membership. To solve this problem, other people
24
+ # have used deny access control entries to more closely model POSIX,
25
+ # but this introduces a lot of complexity.
26
+ #
27
+ # In general, this implementation only supports "typical" permissions,
28
+ # where group permissions are a subset of user, and other permissions
29
+ # are a subset of group, e.g. 754, but not 467. However, there are
30
+ # some Windows quirks to be aware of.
31
+ #
32
+ # * The owner can be either a user or group SID, and most system files
33
+ # are owned by the Administrators group.
34
+ # * The group can be either a user or group SID.
35
+ # * Unexpected results can occur if the owner and group are the
36
+ # same, but the user and group classes are different, e.g. 750. In
37
+ # this case, it is not possible to allow write access to the owner,
38
+ # but not the group. As a result, the actual permissions set on the
39
+ # file would be 770.
40
+ # * In general, only privileged users can set the owner, group, or
41
+ # change the mode for files they do not own. In 2003, the user must
42
+ # be a member of the Administrators group. In Vista/2008, the user
43
+ # must be running with elevated privileges.
44
+ # * A file/dir can be deleted by anyone with the DELETE access right
45
+ # OR by anyone that has the FILE_DELETE_CHILD access right for the
46
+ # parent. See https://support.microsoft.com/kb/238018. But on Unix,
47
+ # the user must have write access to the file/dir AND execute access
48
+ # to all of the parent path components.
49
+ # * Many access control entries are inherited from parent directories,
50
+ # and it is common for file/dirs to have more than 3 entries,
51
+ # e.g. Users, Power Users, Administrators, SYSTEM, etc, which cannot
52
+ # be mapped into the 3 class POSIX model. The get_mode method will
53
+ # set the S_IEXTRA bit flag indicating that an access control entry
54
+ # was found whose SID is neither the owner, group, or other. This
55
+ # enables Puppet to detect when file/dirs are out-of-sync,
56
+ # especially those that Puppet did not create, but is attempting
57
+ # to manage.
58
+ # * A special case of this is S_ISYSTEM_MISSING, which is set when the
59
+ # SYSTEM permissions are *not* present on the DACL.
60
+ # * On Unix, the owner and group can be modified without changing the
61
+ # mode. But on Windows, an access control entry specifies which SID
62
+ # it applies to. As a result, the set_owner and set_group methods
63
+ # automatically rebuild the access control list based on the new
64
+ # (and different) owner or group.
65
+
66
+ require_relative '../../../puppet/util/windows'
67
+ require 'pathname'
68
+ require 'ffi'
69
+
70
+ module Puppet::Util::Windows::Security
71
+ include Puppet::Util::Windows::String
72
+
73
+ extend Puppet::Util::Windows::Security
74
+ extend FFI::Library
75
+
76
+ # file modes
77
+ S_IRUSR = 0o000400
78
+ S_IRGRP = 0o000040
79
+ S_IROTH = 0o000004
80
+ S_IWUSR = 0o000200
81
+ S_IWGRP = 0o000020
82
+ S_IWOTH = 0o000002
83
+ S_IXUSR = 0o000100
84
+ S_IXGRP = 0o000010
85
+ S_IXOTH = 0o000001
86
+ S_IRWXU = 0o000700
87
+ S_IRWXG = 0o000070
88
+ S_IRWXO = 0o000007
89
+ S_ISVTX = 0o001000
90
+ S_IEXTRA = 0o2000000 # represents an extra ace
91
+ S_ISYSTEM_MISSING = 0o4000000
92
+
93
+ # constants that are missing from Windows::Security
94
+ PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000
95
+ UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
96
+ NO_INHERITANCE = 0x0
97
+ SE_DACL_PROTECTED = 0x1000
98
+
99
+ FILE = Puppet::Util::Windows::File
100
+
101
+ SE_BACKUP_NAME = 'SeBackupPrivilege'
102
+ SE_DEBUG_NAME = 'SeDebugPrivilege'
103
+ SE_RESTORE_NAME = 'SeRestorePrivilege'
104
+
105
+ DELETE = 0x00010000
106
+ READ_CONTROL = 0x20000
107
+ WRITE_DAC = 0x40000
108
+ WRITE_OWNER = 0x80000
109
+
110
+ OWNER_SECURITY_INFORMATION = 1
111
+ GROUP_SECURITY_INFORMATION = 2
112
+ DACL_SECURITY_INFORMATION = 4
113
+
114
+ # Set the owner of the object referenced by +path+ to the specified
115
+ # +owner_sid+. The owner sid should be of the form "S-1-5-32-544"
116
+ # and can either be a user or group. Only a user with the
117
+ # SE_RESTORE_NAME privilege in their process token can overwrite the
118
+ # object's owner to something other than the current user.
119
+ def set_owner(owner_sid, path)
120
+ sd = get_security_descriptor(path)
121
+
122
+ if owner_sid != sd.owner
123
+ sd.owner = owner_sid
124
+ set_security_descriptor(path, sd)
125
+ end
126
+ end
127
+
128
+ # Get the owner of the object referenced by +path+. The returned
129
+ # value is a SID string, e.g. "S-1-5-32-544". Any user with read
130
+ # access to an object can get the owner. Only a user with the
131
+ # SE_BACKUP_NAME privilege in their process token can get the owner
132
+ # for objects they do not have read access to.
133
+ def get_owner(path)
134
+ return unless supports_acl?(path)
135
+
136
+ get_security_descriptor(path).owner
137
+ end
138
+
139
+ # Set the owner of the object referenced by +path+ to the specified
140
+ # +group_sid+. The group sid should be of the form "S-1-5-32-544"
141
+ # and can either be a user or group. Any user with WRITE_OWNER
142
+ # access to the object can change the group (regardless of whether
143
+ # the current user belongs to that group or not).
144
+ def set_group(group_sid, path)
145
+ sd = get_security_descriptor(path)
146
+
147
+ if group_sid != sd.group
148
+ sd.group = group_sid
149
+ set_security_descriptor(path, sd)
150
+ end
151
+ end
152
+
153
+ # Get the group of the object referenced by +path+. The returned
154
+ # value is a SID string, e.g. "S-1-5-32-544". Any user with read
155
+ # access to an object can get the group. Only a user with the
156
+ # SE_BACKUP_NAME privilege in their process token can get the group
157
+ # for objects they do not have read access to.
158
+ def get_group(path)
159
+ return unless supports_acl?(path)
160
+
161
+ get_security_descriptor(path).group
162
+ end
163
+
164
+ FILE_PERSISTENT_ACLS = 0x00000008
165
+
166
+ def supports_acl?(path)
167
+ supported = false
168
+ root = Pathname.new(path).enum_for(:ascend).to_a.last.to_s
169
+ # 'A trailing backslash is required'
170
+ root = "#{root}\\" unless root =~ %r{[/\\]$}
171
+
172
+ FFI::MemoryPointer.new(:pointer, 1) do |flags_ptr|
173
+ if GetVolumeInformationW(wide_string(root), FFI::Pointer::NULL, 0,
174
+ FFI::Pointer::NULL, FFI::Pointer::NULL,
175
+ flags_ptr, FFI::Pointer::NULL, 0) == FFI::WIN32_FALSE
176
+ raise Puppet::Util::Windows::Error, _("Failed to get volume information")
177
+ end
178
+
179
+ supported = flags_ptr.read_dword & FILE_PERSISTENT_ACLS == FILE_PERSISTENT_ACLS
180
+ end
181
+
182
+ supported
183
+ end
184
+
185
+ MASK_TO_MODE = {
186
+ FILE::FILE_GENERIC_READ => S_IROTH,
187
+ FILE::FILE_GENERIC_WRITE => S_IWOTH,
188
+ (FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES) => S_IXOTH
189
+ }
190
+
191
+ def get_aces_for_path_by_sid(path, sid)
192
+ get_security_descriptor(path).dacl.select { |ace| ace.sid == sid }
193
+ end
194
+
195
+ # Get the mode of the object referenced by +path+. The returned
196
+ # integer value represents the POSIX-style read, write, and execute
197
+ # modes for the user, group, and other classes, e.g. 0640. Any user
198
+ # with read access to an object can get the mode. Only a user with
199
+ # the SE_BACKUP_NAME privilege in their process token can get the
200
+ # mode for objects they do not have read access to.
201
+ def get_mode(path)
202
+ return unless supports_acl?(path)
203
+
204
+ well_known_world_sid = Puppet::Util::Windows::SID::Everyone
205
+ well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
206
+ well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
207
+ well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
208
+
209
+ mode = S_ISYSTEM_MISSING
210
+
211
+ sd = get_security_descriptor(path)
212
+ sd.dacl.each do |ace|
213
+ next if ace.inherit_only?
214
+
215
+ case ace.sid
216
+ when sd.owner
217
+ MASK_TO_MODE.each_pair do |k, v|
218
+ if (ace.mask & k) == k
219
+ mode |= (v << 6)
220
+ end
221
+ end
222
+ when sd.group
223
+ MASK_TO_MODE.each_pair do |k, v|
224
+ if (ace.mask & k) == k
225
+ mode |= (v << 3)
226
+ end
227
+ end
228
+ when well_known_world_sid
229
+ MASK_TO_MODE.each_pair do |k, v|
230
+ if (ace.mask & k) == k
231
+ mode |= (v << 6) | (v << 3) | v
232
+ end
233
+ end
234
+ if File.directory?(path) &&
235
+ (ace.mask & (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE | FILE::FILE_DELETE_CHILD)) == (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE)
236
+ mode |= S_ISVTX;
237
+ end
238
+ when well_known_nobody_sid
239
+ if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
240
+ mode |= S_ISVTX
241
+ end
242
+ when well_known_app_packages_sid, well_known_system_sid
243
+ # do nothing
244
+ else
245
+ # puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"
246
+ mode |= S_IEXTRA
247
+ end
248
+
249
+ if ace.sid == well_known_system_sid
250
+ mode &= ~S_ISYSTEM_MISSING
251
+ end
252
+
253
+ # if owner and group the same, then user and group modes are the OR of both
254
+ if sd.owner == sd.group
255
+ mode |= ((mode & S_IRWXG) << 3) | ((mode & S_IRWXU) >> 3)
256
+ # puts "owner: #{sd.group}, 0x#{ace.mask.to_s(16)}, #{mode.to_s(8)}"
257
+ end
258
+ end
259
+
260
+ # puts "get_mode: #{mode.to_s(8)}"
261
+ mode
262
+ end
263
+
264
+ MODE_TO_MASK = {
265
+ S_IROTH => FILE::FILE_GENERIC_READ,
266
+ S_IWOTH => FILE::FILE_GENERIC_WRITE,
267
+ S_IXOTH => (FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES),
268
+ }
269
+
270
+ # Set the mode of the object referenced by +path+ to the specified
271
+ # +mode+. The mode should be specified as POSIX-style read, write,
272
+ # and execute modes for the user, group, and other classes,
273
+ # e.g. 0640. The sticky bit, S_ISVTX, is supported, but is only
274
+ # meaningful for directories. If set, group and others are not
275
+ # allowed to delete child objects for which they are not the owner.
276
+ # By default, the DACL is set to protected, meaning it does not
277
+ # inherit access control entries from parent objects. This can be
278
+ # changed by setting +protected+ to false. The owner of the object
279
+ # (with READ_CONTROL and WRITE_DACL access) can always change the
280
+ # mode. Only a user with the SE_BACKUP_NAME and SE_RESTORE_NAME
281
+ # privileges in their process token can change the mode for objects
282
+ # that they do not have read and write access to.
283
+ def set_mode(mode, path, protected = true, managing_owner = false, managing_group = false)
284
+ sd = get_security_descriptor(path)
285
+ well_known_world_sid = Puppet::Util::Windows::SID::Everyone
286
+ well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
287
+ well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
288
+
289
+ owner_allow = FILE::STANDARD_RIGHTS_ALL |
290
+ FILE::FILE_READ_ATTRIBUTES |
291
+ FILE::FILE_WRITE_ATTRIBUTES
292
+ # this prevents a mode that is not 7 from taking ownership of a file based
293
+ # on group membership and rewriting it / making it executable
294
+ group_allow = FILE::STANDARD_RIGHTS_READ |
295
+ FILE::FILE_READ_ATTRIBUTES |
296
+ FILE::SYNCHRONIZE
297
+ other_allow = FILE::STANDARD_RIGHTS_READ |
298
+ FILE::FILE_READ_ATTRIBUTES |
299
+ FILE::SYNCHRONIZE
300
+ nobody_allow = 0
301
+ system_allow = 0
302
+
303
+ MODE_TO_MASK.each do |k, v|
304
+ if ((mode >> 6) & k) == k
305
+ owner_allow |= v
306
+ end
307
+ if ((mode >> 3) & k) == k
308
+ group_allow |= v
309
+ end
310
+ if (mode & k) == k
311
+ other_allow |= v
312
+ end
313
+ end
314
+
315
+ # With a mode value of '7' for group / other, the value must then include
316
+ # additional perms beyond STANDARD_RIGHTS_READ to allow DACL modification
317
+ if (mode & S_IRWXG) == S_IRWXG
318
+ group_allow |= FILE::DELETE | FILE::WRITE_DAC | FILE::WRITE_OWNER
319
+ end
320
+ if (mode & S_IRWXO) == S_IRWXO
321
+ other_allow |= FILE::DELETE | FILE::WRITE_DAC | FILE::WRITE_OWNER
322
+ end
323
+
324
+ if (mode & S_ISVTX).nonzero?
325
+ nobody_allow |= FILE::FILE_APPEND_DATA;
326
+ end
327
+
328
+ isownergroup = sd.owner == sd.group
329
+
330
+ # caller is NOT managing SYSTEM by using group or owner, so set to FULL
331
+ if ![sd.owner, sd.group].include? well_known_system_sid
332
+ # we don't check S_ISYSTEM_MISSING bit, but automatically carry over existing SYSTEM perms
333
+ # by default set SYSTEM perms to full
334
+ system_allow = FILE::FILE_ALL_ACCESS
335
+ else
336
+ # It is possible to set SYSTEM with a mode other than Full Control (7) however this makes no sense and in practical terms
337
+ # should not be done. We can trap these instances and correct them before being applied.
338
+ if (sd.owner == well_known_system_sid) && (owner_allow != FILE::FILE_ALL_ACCESS)
339
+ # If owner and group are both SYSTEM but group is unmanaged the control rights of system will be set to FullControl by
340
+ # the unmanaged group, so there is no need for the warning
341
+ if managing_owner && (!isownergroup || managing_group)
342
+ # TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
343
+ Puppet.warning _("Setting control rights for %{path} owner SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
344
+ elsif managing_owner && isownergroup
345
+ # TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
346
+ Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but group is not managed directly: SYSTEM user rights will be set to FullControl by group") % { path: path } }
347
+ else
348
+ # TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
349
+ Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the owner, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
350
+ owner_allow = FILE::FILE_ALL_ACCESS
351
+ end
352
+ end
353
+
354
+ if (sd.group == well_known_system_sid) && (group_allow != FILE::FILE_ALL_ACCESS)
355
+ # If owner and group are both SYSTEM but owner is unmanaged the control rights of system will be set to FullControl by
356
+ # the unmanaged owner, so there is no need for the warning.
357
+ if managing_group && (!isownergroup || managing_owner)
358
+ # TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
359
+ Puppet.warning _("Setting control rights for %{path} group SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
360
+ elsif managing_group && isownergroup
361
+ # TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
362
+ Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but owner is not managed directly: SYSTEM user rights will be set to FullControl by owner") % { path: path } }
363
+ else
364
+ # TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
365
+ Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the group, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
366
+ group_allow = FILE::FILE_ALL_ACCESS
367
+ end
368
+ end
369
+ end
370
+
371
+ # even though FILE_DELETE_CHILD only applies to directories, it can be set on files
372
+ # this is necessary to do to ensure a file ends up with (F) FullControl
373
+ if (mode & (S_IWUSR | S_IXUSR)) == (S_IWUSR | S_IXUSR)
374
+ owner_allow |= FILE::FILE_DELETE_CHILD
375
+ end
376
+ if (mode & (S_IWGRP | S_IXGRP)) == (S_IWGRP | S_IXGRP) && (mode & S_ISVTX) == 0
377
+ group_allow |= FILE::FILE_DELETE_CHILD
378
+ end
379
+ if (mode & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH) && (mode & S_ISVTX) == 0
380
+ other_allow |= FILE::FILE_DELETE_CHILD
381
+ end
382
+
383
+ # if owner and group the same, then map group permissions to the one owner ACE
384
+ if isownergroup
385
+ owner_allow |= group_allow
386
+ end
387
+
388
+ # if any ACE allows write, then clear readonly bit, but do this before we overwrite
389
+ # the DACl and lose our ability to set the attribute
390
+ if ((owner_allow | group_allow | other_allow) & FILE::FILE_WRITE_DATA) == FILE::FILE_WRITE_DATA
391
+ FILE.remove_attributes(path, FILE::FILE_ATTRIBUTE_READONLY)
392
+ end
393
+
394
+ isdir = File.directory?(path)
395
+ dacl = Puppet::Util::Windows::AccessControlList.new
396
+ dacl.allow(sd.owner, owner_allow)
397
+ unless isownergroup
398
+ dacl.allow(sd.group, group_allow)
399
+ end
400
+ dacl.allow(well_known_world_sid, other_allow)
401
+ dacl.allow(well_known_nobody_sid, nobody_allow)
402
+
403
+ # TODO: system should be first?
404
+ flags = !isdir ? 0 :
405
+ Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE |
406
+ Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
407
+ dacl.allow(well_known_system_sid, system_allow, flags)
408
+
409
+ # add inherit-only aces for child dirs and files that are created within the dir
410
+ inherit_only = Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
411
+ if isdir
412
+ inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE
413
+ dacl.allow(Puppet::Util::Windows::SID::CreatorOwner, owner_allow, inherit)
414
+ dacl.allow(Puppet::Util::Windows::SID::CreatorGroup, group_allow, inherit)
415
+
416
+ inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
417
+ # allow any previously set bits *except* for these
418
+ perms_to_strip = ~(FILE::FILE_EXECUTE + FILE::WRITE_OWNER + FILE::WRITE_DAC)
419
+ dacl.allow(Puppet::Util::Windows::SID::CreatorOwner, owner_allow & perms_to_strip, inherit)
420
+ dacl.allow(Puppet::Util::Windows::SID::CreatorGroup, group_allow & perms_to_strip, inherit)
421
+ end
422
+
423
+ new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, dacl, protected)
424
+ set_security_descriptor(path, new_sd)
425
+
426
+ nil
427
+ end
428
+
429
+ ACL_REVISION = 2
430
+
431
+ def add_access_allowed_ace(acl, mask, sid, inherit = nil)
432
+ inherit ||= NO_INHERITANCE
433
+
434
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
435
+ if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
436
+ raise Puppet::Util::Windows::Error, _("Invalid SID")
437
+ end
438
+
439
+ if AddAccessAllowedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
440
+ raise Puppet::Util::Windows::Error, _("Failed to add access control entry")
441
+ end
442
+ end
443
+
444
+ # ensure this method is void if it doesn't raise
445
+ nil
446
+ end
447
+
448
+ def add_access_denied_ace(acl, mask, sid, inherit = nil)
449
+ inherit ||= NO_INHERITANCE
450
+
451
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
452
+ if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
453
+ raise Puppet::Util::Windows::Error, _("Invalid SID")
454
+ end
455
+
456
+ if AddAccessDeniedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
457
+ raise Puppet::Util::Windows::Error, _("Failed to add access control entry")
458
+ end
459
+ end
460
+
461
+ # ensure this method is void if it doesn't raise
462
+ nil
463
+ end
464
+
465
+ def parse_dacl(dacl_ptr)
466
+ # REMIND: need to handle NULL DACL
467
+ if IsValidAcl(dacl_ptr) == FFI::WIN32_FALSE
468
+ raise Puppet::Util::Windows::Error, _("Invalid DACL")
469
+ end
470
+
471
+ dacl_struct = ACL.new(dacl_ptr)
472
+ ace_count = dacl_struct[:AceCount]
473
+
474
+ dacl = Puppet::Util::Windows::AccessControlList.new
475
+
476
+ # deny all
477
+ return dacl if ace_count == 0
478
+
479
+ 0.upto(ace_count - 1) do |i|
480
+ FFI::MemoryPointer.new(:pointer, 1) do |ace_ptr|
481
+ next if GetAce(dacl_ptr, i, ace_ptr) == FFI::WIN32_FALSE
482
+
483
+ # ACE structures vary depending on the type. We are only concerned with
484
+ # ACCESS_ALLOWED_ACE and ACCESS_DENIED_ACEs, which have the same layout
485
+ ace = GENERIC_ACCESS_ACE.new(ace_ptr.get_pointer(0)) # deref LPVOID *
486
+
487
+ ace_type = ace[:Header][:AceType]
488
+ if ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE &&
489
+ ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
490
+ Puppet.warning _("Unsupported access control entry type: 0x%{type}") % { type: ace_type.to_s(16) }
491
+ next
492
+ end
493
+
494
+ # using pointer addition gives the FFI::Pointer a size, but that's OK here
495
+ sid = Puppet::Util::Windows::SID.sid_ptr_to_string(ace.pointer + GENERIC_ACCESS_ACE.offset_of(:SidStart))
496
+ mask = ace[:Mask]
497
+ ace_flags = ace[:Header][:AceFlags]
498
+
499
+ case ace_type
500
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
501
+ dacl.allow(sid, mask, ace_flags)
502
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
503
+ dacl.deny(sid, mask, ace_flags)
504
+ end
505
+ end
506
+ end
507
+
508
+ dacl
509
+ end
510
+
511
+ # Open an existing file with the specified access mode, and execute a
512
+ # block with the opened file HANDLE.
513
+ def open_file(path, access, &block)
514
+ handle = CreateFileW(
515
+ wide_string(path),
516
+ access,
517
+ FILE::FILE_SHARE_READ | FILE::FILE_SHARE_WRITE,
518
+ FFI::Pointer::NULL, # security_attributes
519
+ FILE::OPEN_EXISTING,
520
+ FILE::FILE_FLAG_OPEN_REPARSE_POINT | FILE::FILE_FLAG_BACKUP_SEMANTICS,
521
+ FFI::Pointer::NULL_HANDLE
522
+ ) # template
523
+
524
+ if handle == Puppet::Util::Windows::File::INVALID_HANDLE_VALUE
525
+ raise Puppet::Util::Windows::Error, _("Failed to open '%{path}'") % { path: path }
526
+ end
527
+
528
+ begin
529
+ yield handle
530
+ ensure
531
+ FFI::WIN32.CloseHandle(handle) if handle
532
+ end
533
+
534
+ # handle has already had CloseHandle called against it, nothing to return
535
+ nil
536
+ end
537
+
538
+ # Execute a block with the specified privilege enabled
539
+ def with_privilege(privilege, &block)
540
+ set_privilege(privilege, true)
541
+ yield
542
+ ensure
543
+ set_privilege(privilege, false)
544
+ end
545
+
546
+ SE_PRIVILEGE_ENABLED = 0x00000002
547
+ TOKEN_ADJUST_PRIVILEGES = 0x0020
548
+
549
+ # Enable or disable a privilege. Note this doesn't add any privileges the
550
+ # user doesn't already has, it just enables privileges that are disabled.
551
+ def set_privilege(privilege, enable)
552
+ return unless Puppet.features.root?
553
+
554
+ Puppet::Util::Windows::Process.with_process_token(TOKEN_ADJUST_PRIVILEGES) do |token|
555
+ Puppet::Util::Windows::Process.lookup_privilege_value(privilege) do |luid|
556
+ FFI::MemoryPointer.new(Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.size) do |luid_and_attributes_ptr|
557
+ # allocate unmanaged memory for structs that we clean up afterwards
558
+ luid_and_attributes = Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.new(luid_and_attributes_ptr)
559
+ luid_and_attributes[:Luid] = luid
560
+ luid_and_attributes[:Attributes] = enable ? SE_PRIVILEGE_ENABLED : 0
561
+
562
+ FFI::MemoryPointer.new(Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.size) do |token_privileges_ptr|
563
+ token_privileges = Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.new(token_privileges_ptr)
564
+ token_privileges[:PrivilegeCount] = 1
565
+ token_privileges[:Privileges][0] = luid_and_attributes
566
+
567
+ # size is correct given we only have 1 LUID, otherwise would be:
568
+ # [:PrivilegeCount].size + [:PrivilegeCount] * LUID_AND_ATTRIBUTES.size
569
+ if AdjustTokenPrivileges(token, FFI::WIN32_FALSE,
570
+ token_privileges, token_privileges.size,
571
+ FFI::MemoryPointer::NULL, FFI::MemoryPointer::NULL) == FFI::WIN32_FALSE
572
+ raise Puppet::Util::Windows::Error, _("Failed to adjust process privileges")
573
+ end
574
+ end
575
+ end
576
+ end
577
+ end
578
+
579
+ # token / luid structs freed by this point, so return true as nothing raised
580
+ true
581
+ end
582
+
583
+ def get_security_descriptor(path)
584
+ sd = nil
585
+
586
+ with_privilege(SE_BACKUP_NAME) do
587
+ open_file(path, READ_CONTROL) do |handle|
588
+ FFI::MemoryPointer.new(:pointer, 1) do |owner_sid_ptr_ptr|
589
+ FFI::MemoryPointer.new(:pointer, 1) do |group_sid_ptr_ptr|
590
+ FFI::MemoryPointer.new(:pointer, 1) do |dacl_ptr_ptr|
591
+ FFI::MemoryPointer.new(:pointer, 1) do |sd_ptr_ptr|
592
+ rv = GetSecurityInfo(
593
+ handle,
594
+ :SE_FILE_OBJECT,
595
+ OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
596
+ owner_sid_ptr_ptr,
597
+ group_sid_ptr_ptr,
598
+ dacl_ptr_ptr,
599
+ FFI::Pointer::NULL, # sacl
600
+ sd_ptr_ptr
601
+ ) # sec desc
602
+ raise Puppet::Util::Windows::Error, _("Failed to get security information") if rv != FFI::ERROR_SUCCESS
603
+
604
+ # these 2 convenience params are not freed since they point inside sd_ptr
605
+ owner = Puppet::Util::Windows::SID.sid_ptr_to_string(owner_sid_ptr_ptr.get_pointer(0))
606
+ group = Puppet::Util::Windows::SID.sid_ptr_to_string(group_sid_ptr_ptr.get_pointer(0))
607
+
608
+ FFI::MemoryPointer.new(:word, 1) do |control|
609
+ FFI::MemoryPointer.new(:dword, 1) do |revision|
610
+ sd_ptr_ptr.read_win32_local_pointer do |sd_ptr|
611
+ if GetSecurityDescriptorControl(sd_ptr, control, revision) == FFI::WIN32_FALSE
612
+ raise Puppet::Util::Windows::Error, _("Failed to get security descriptor control")
613
+ end
614
+
615
+ protect = (control.read_word & SE_DACL_PROTECTED) == SE_DACL_PROTECTED
616
+ dacl = parse_dacl(dacl_ptr_ptr.get_pointer(0))
617
+ sd = Puppet::Util::Windows::SecurityDescriptor.new(owner, group, dacl, protect)
618
+ end
619
+ end
620
+ end
621
+ end
622
+ end
623
+ end
624
+ end
625
+ end
626
+ end
627
+
628
+ sd
629
+ end
630
+
631
+ def get_max_generic_acl_size(ace_count)
632
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
633
+ # To calculate the initial size of an ACL, add the following together, and then align the result to the nearest DWORD:
634
+ # * Size of the ACL structure.
635
+ # * Size of each ACE structure that the ACL is to contain minus the SidStart member (DWORD) of the ACE.
636
+ # * Length of the SID that each ACE is to contain.
637
+ ACL.size + ace_count * MAXIMUM_GENERIC_ACE_SIZE
638
+ end
639
+
640
+ # setting DACL requires both READ_CONTROL and WRITE_DACL access rights,
641
+ # and their respective privileges, SE_BACKUP_NAME and SE_RESTORE_NAME.
642
+ def set_security_descriptor(path, sd)
643
+ FFI::MemoryPointer.new(:byte, get_max_generic_acl_size(sd.dacl.count)) do |acl_ptr|
644
+ if InitializeAcl(acl_ptr, acl_ptr.size, ACL_REVISION) == FFI::WIN32_FALSE
645
+ raise Puppet::Util::Windows::Error, _("Failed to initialize ACL")
646
+ end
647
+
648
+ if IsValidAcl(acl_ptr) == FFI::WIN32_FALSE
649
+ raise Puppet::Util::Windows::Error, _("Invalid DACL")
650
+ end
651
+
652
+ with_privilege(SE_BACKUP_NAME) do
653
+ with_privilege(SE_RESTORE_NAME) do
654
+ open_file(path, READ_CONTROL | WRITE_DAC | WRITE_OWNER) do |handle|
655
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sd.owner) do |owner_sid_ptr|
656
+ Puppet::Util::Windows::SID.string_to_sid_ptr(sd.group) do |group_sid_ptr|
657
+ sd.dacl.each do |ace|
658
+ case ace.type
659
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
660
+ # puts "ace: allow, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
661
+ add_access_allowed_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
662
+ when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
663
+ # puts "ace: deny, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
664
+ add_access_denied_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
665
+ else
666
+ raise "We should never get here"
667
+ # TODO: this should have been a warning in an earlier commit
668
+ end
669
+ end
670
+
671
+ # protected means the object does not inherit aces from its parent
672
+ flags = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION
673
+ flags |= sd.protect ? PROTECTED_DACL_SECURITY_INFORMATION : UNPROTECTED_DACL_SECURITY_INFORMATION
674
+
675
+ rv = SetSecurityInfo(handle,
676
+ :SE_FILE_OBJECT,
677
+ flags,
678
+ owner_sid_ptr,
679
+ group_sid_ptr,
680
+ acl_ptr,
681
+ FFI::MemoryPointer::NULL)
682
+
683
+ if rv != FFI::ERROR_SUCCESS
684
+ raise Puppet::Util::Windows::Error, _("Failed to set security information")
685
+ end
686
+ end
687
+ end
688
+ end
689
+ end
690
+ end
691
+ end
692
+ end
693
+
694
+ ffi_convention :stdcall
695
+
696
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
697
+ # HANDLE WINAPI CreateFile(
698
+ # _In_ LPCTSTR lpFileName,
699
+ # _In_ DWORD dwDesiredAccess,
700
+ # _In_ DWORD dwShareMode,
701
+ # _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
702
+ # _In_ DWORD dwCreationDisposition,
703
+ # _In_ DWORD dwFlagsAndAttributes,
704
+ # _In_opt_ HANDLE hTemplateFile
705
+ # );
706
+ ffi_lib :kernel32
707
+ attach_function_private :CreateFileW,
708
+ [:lpcwstr, :dword, :dword, :pointer, :dword, :dword, :handle], :handle
709
+
710
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa364993(v=vs.85).aspx
711
+ # BOOL WINAPI GetVolumeInformation(
712
+ # _In_opt_ LPCTSTR lpRootPathName,
713
+ # _Out_opt_ LPTSTR lpVolumeNameBuffer,
714
+ # _In_ DWORD nVolumeNameSize,
715
+ # _Out_opt_ LPDWORD lpVolumeSerialNumber,
716
+ # _Out_opt_ LPDWORD lpMaximumComponentLength,
717
+ # _Out_opt_ LPDWORD lpFileSystemFlags,
718
+ # _Out_opt_ LPTSTR lpFileSystemNameBuffer,
719
+ # _In_ DWORD nFileSystemNameSize
720
+ # );
721
+ ffi_lib :kernel32
722
+ attach_function_private :GetVolumeInformationW,
723
+ [:lpcwstr, :lpwstr, :dword, :lpdword, :lpdword, :lpdword, :lpwstr, :dword], :win32_bool
724
+
725
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374951(v=vs.85).aspx
726
+ # BOOL WINAPI AddAccessAllowedAceEx(
727
+ # _Inout_ PACL pAcl,
728
+ # _In_ DWORD dwAceRevision,
729
+ # _In_ DWORD AceFlags,
730
+ # _In_ DWORD AccessMask,
731
+ # _In_ PSID pSid
732
+ # );
733
+ ffi_lib :advapi32
734
+ attach_function_private :AddAccessAllowedAceEx,
735
+ [:pointer, :dword, :dword, :dword, :pointer], :win32_bool
736
+
737
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374964(v=vs.85).aspx
738
+ # BOOL WINAPI AddAccessDeniedAceEx(
739
+ # _Inout_ PACL pAcl,
740
+ # _In_ DWORD dwAceRevision,
741
+ # _In_ DWORD AceFlags,
742
+ # _In_ DWORD AccessMask,
743
+ # _In_ PSID pSid
744
+ # );
745
+ ffi_lib :advapi32
746
+ attach_function_private :AddAccessDeniedAceEx,
747
+ [:pointer, :dword, :dword, :dword, :pointer], :win32_bool
748
+
749
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374931(v=vs.85).aspx
750
+ # typedef struct _ACL {
751
+ # BYTE AclRevision;
752
+ # BYTE Sbz1;
753
+ # WORD AclSize;
754
+ # WORD AceCount;
755
+ # WORD Sbz2;
756
+ # } ACL, *PACL;
757
+ class ACL < FFI::Struct
758
+ layout :AclRevision, :byte,
759
+ :Sbz1, :byte,
760
+ :AclSize, :word,
761
+ :AceCount, :word,
762
+ :Sbz2, :word
763
+ end
764
+
765
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374912(v=vs.85).aspx
766
+ # ACE types
767
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374919(v=vs.85).aspx
768
+ # typedef struct _ACE_HEADER {
769
+ # BYTE AceType;
770
+ # BYTE AceFlags;
771
+ # WORD AceSize;
772
+ # } ACE_HEADER, *PACE_HEADER;
773
+ class ACE_HEADER < FFI::Struct
774
+ layout :AceType, :byte,
775
+ :AceFlags, :byte,
776
+ :AceSize, :word
777
+ end
778
+
779
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374892(v=vs.85).aspx
780
+ # ACCESS_MASK
781
+
782
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374847(v=vs.85).aspx
783
+ # typedef struct _ACCESS_ALLOWED_ACE {
784
+ # ACE_HEADER Header;
785
+ # ACCESS_MASK Mask;
786
+ # DWORD SidStart;
787
+ # } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
788
+ #
789
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374879(v=vs.85).aspx
790
+ # typedef struct _ACCESS_DENIED_ACE {
791
+ # ACE_HEADER Header;
792
+ # ACCESS_MASK Mask;
793
+ # DWORD SidStart;
794
+ # } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
795
+ class GENERIC_ACCESS_ACE < FFI::Struct
796
+ # ACE structures must be aligned on DWORD boundaries. All Windows
797
+ # memory-management functions return DWORD-aligned handles to memory
798
+ pack 4
799
+ layout :Header, ACE_HEADER,
800
+ :Mask, :dword,
801
+ :SidStart, :dword
802
+ end
803
+
804
+ # https://stackoverflow.com/a/1792930
805
+ MAXIMUM_SID_BYTES_LENGTH = 68
806
+ MAXIMUM_GENERIC_ACE_SIZE = GENERIC_ACCESS_ACE.offset_of(:SidStart) +
807
+ MAXIMUM_SID_BYTES_LENGTH
808
+
809
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446634(v=vs.85).aspx
810
+ # BOOL WINAPI GetAce(
811
+ # _In_ PACL pAcl,
812
+ # _In_ DWORD dwAceIndex,
813
+ # _Out_ LPVOID *pAce
814
+ # );
815
+ ffi_lib :advapi32
816
+ attach_function_private :GetAce,
817
+ [:pointer, :dword, :pointer], :win32_bool
818
+
819
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa375202(v=vs.85).aspx
820
+ # BOOL WINAPI AdjustTokenPrivileges(
821
+ # _In_ HANDLE TokenHandle,
822
+ # _In_ BOOL DisableAllPrivileges,
823
+ # _In_opt_ PTOKEN_PRIVILEGES NewState,
824
+ # _In_ DWORD BufferLength,
825
+ # _Out_opt_ PTOKEN_PRIVILEGES PreviousState,
826
+ # _Out_opt_ PDWORD ReturnLength
827
+ # );
828
+ ffi_lib :advapi32
829
+ attach_function_private :AdjustTokenPrivileges,
830
+ [:handle, :win32_bool, :pointer, :dword, :pointer, :pdword], :win32_bool
831
+
832
+ # https://msdn.microsoft.com/en-us/library/windows/hardware/ff556610(v=vs.85).aspx
833
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
834
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446647(v=vs.85).aspx
835
+ # typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
836
+ # BOOL WINAPI GetSecurityDescriptorControl(
837
+ # _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
838
+ # _Out_ PSECURITY_DESCRIPTOR_CONTROL pControl,
839
+ # _Out_ LPDWORD lpdwRevision
840
+ # );
841
+ ffi_lib :advapi32
842
+ attach_function_private :GetSecurityDescriptorControl,
843
+ [:pointer, :lpword, :lpdword], :win32_bool
844
+
845
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
846
+ # BOOL WINAPI InitializeAcl(
847
+ # _Out_ PACL pAcl,
848
+ # _In_ DWORD nAclLength,
849
+ # _In_ DWORD dwAclRevision
850
+ # );
851
+ ffi_lib :advapi32
852
+ attach_function_private :InitializeAcl,
853
+ [:pointer, :dword, :dword], :win32_bool
854
+
855
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379142(v=vs.85).aspx
856
+ # BOOL WINAPI IsValidAcl(
857
+ # _In_ PACL pAcl
858
+ # );
859
+ ffi_lib :advapi32
860
+ attach_function_private :IsValidAcl,
861
+ [:pointer], :win32_bool
862
+
863
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx
864
+ SE_OBJECT_TYPE = enum(
865
+ :SE_UNKNOWN_OBJECT_TYPE, 0,
866
+ :SE_FILE_OBJECT,
867
+ :SE_SERVICE,
868
+ :SE_PRINTER,
869
+ :SE_REGISTRY_KEY,
870
+ :SE_LMSHARE,
871
+ :SE_KERNEL_OBJECT,
872
+ :SE_WINDOW_OBJECT,
873
+ :SE_DS_OBJECT,
874
+ :SE_DS_OBJECT_ALL,
875
+ :SE_PROVIDER_DEFINED_OBJECT,
876
+ :SE_WMIGUID_OBJECT,
877
+ :SE_REGISTRY_WOW64_32KEY
878
+ )
879
+
880
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446654(v=vs.85).aspx
881
+ # DWORD WINAPI GetSecurityInfo(
882
+ # _In_ HANDLE handle,
883
+ # _In_ SE_OBJECT_TYPE ObjectType,
884
+ # _In_ SECURITY_INFORMATION SecurityInfo,
885
+ # _Out_opt_ PSID *ppsidOwner,
886
+ # _Out_opt_ PSID *ppsidGroup,
887
+ # _Out_opt_ PACL *ppDacl,
888
+ # _Out_opt_ PACL *ppSacl,
889
+ # _Out_opt_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor
890
+ # );
891
+ ffi_lib :advapi32
892
+ attach_function_private :GetSecurityInfo,
893
+ [:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer, :pointer], :dword
894
+
895
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379588(v=vs.85).aspx
896
+ # DWORD WINAPI SetSecurityInfo(
897
+ # _In_ HANDLE handle,
898
+ # _In_ SE_OBJECT_TYPE ObjectType,
899
+ # _In_ SECURITY_INFORMATION SecurityInfo,
900
+ # _In_opt_ PSID psidOwner,
901
+ # _In_opt_ PSID psidGroup,
902
+ # _In_opt_ PACL pDacl,
903
+ # _In_opt_ PACL pSacl
904
+ # );
905
+ ffi_lib :advapi32
906
+ # TODO: SECURITY_INFORMATION is actually a bitmask the size of a DWORD
907
+ attach_function_private :SetSecurityInfo,
908
+ [:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer], :dword
909
+ end