openvox 8.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +19 -0
- data/CODEOWNERS +11 -0
- data/CODE_OF_CONDUCT.md +70 -0
- data/Gemfile +87 -0
- data/Guardfile.example +76 -0
- data/LICENSE +202 -0
- data/README.md +63 -0
- data/Rakefile +170 -0
- data/bin/puppet +10 -0
- data/conf/environment.conf +18 -0
- data/conf/fileserver.conf +32 -0
- data/conf/hiera.yaml +11 -0
- data/conf/puppet.conf +6 -0
- data/examples/enc/regexp_nodes/classes/databases +2 -0
- data/examples/enc/regexp_nodes/classes/webservers +2 -0
- data/examples/enc/regexp_nodes/environment/development +2 -0
- data/examples/enc/regexp_nodes/parameters/service/prod +1 -0
- data/examples/enc/regexp_nodes/parameters/service/qa +3 -0
- data/examples/enc/regexp_nodes/parameters/service/sandbox +1 -0
- data/examples/enc/regexp_nodes/regexp_nodes.rb +270 -0
- data/examples/hiera/README.md +102 -0
- data/examples/hiera/data/common.yaml +12 -0
- data/examples/hiera/data/dc1.yaml +6 -0
- data/examples/hiera/hiera.yaml +15 -0
- data/examples/hiera/modules/ntp/data/common.yaml +4 -0
- data/examples/hiera/modules/ntp/hiera.yaml +9 -0
- data/examples/hiera/modules/ntp/manifests/config.pp +18 -0
- data/examples/hiera/modules/ntp/templates/ntp.conf.epp +3 -0
- data/examples/hiera/modules/users/manifests/common.pp +9 -0
- data/examples/hiera/modules/users/manifests/dc1.pp +9 -0
- data/examples/hiera/site.pp +3 -0
- data/examples/nagios/check_puppet.rb +123 -0
- data/ext/README.md +13 -0
- data/ext/build_defaults.yaml +18 -0
- data/ext/debian/puppet.default +4 -0
- data/ext/debian/puppet.init +113 -0
- data/ext/hiera/hiera.yaml +15 -0
- data/ext/osx/puppet.plist +32 -0
- data/ext/project_data.yaml +20 -0
- data/ext/redhat/client.init +169 -0
- data/ext/redhat/client.sysconfig +2 -0
- data/ext/solaris/smf/puppet +44 -0
- data/ext/solaris/smf/puppet.xml +46 -0
- data/ext/suse/client.init +141 -0
- data/ext/systemd/puppet.service +26 -0
- data/ext/windows/puppet_interactive.bat +6 -0
- data/ext/windows/puppet_shell.bat +9 -0
- data/ext/windows/run_puppet_interactive.bat +9 -0
- data/ext/windows/service/daemon.bat +6 -0
- data/ext/windows/service/daemon.rb +219 -0
- data/install.rb +428 -0
- data/lib/hiera/puppet_function.rb +86 -0
- data/lib/hiera/scope.rb +92 -0
- data/lib/hiera_puppet.rb +78 -0
- data/lib/puppet/agent/disabler.rb +55 -0
- data/lib/puppet/agent/locker.rb +46 -0
- data/lib/puppet/agent.rb +178 -0
- data/lib/puppet/application/agent.rb +527 -0
- data/lib/puppet/application/apply.rb +435 -0
- data/lib/puppet/application/catalog.rb +6 -0
- data/lib/puppet/application/config.rb +7 -0
- data/lib/puppet/application/describe.rb +255 -0
- data/lib/puppet/application/device.rb +440 -0
- data/lib/puppet/application/doc.rb +232 -0
- data/lib/puppet/application/epp.rb +7 -0
- data/lib/puppet/application/face_base.rb +277 -0
- data/lib/puppet/application/facts.rb +11 -0
- data/lib/puppet/application/filebucket.rb +324 -0
- data/lib/puppet/application/generate.rb +7 -0
- data/lib/puppet/application/help.rb +7 -0
- data/lib/puppet/application/indirection_base.rb +6 -0
- data/lib/puppet/application/lookup.rb +433 -0
- data/lib/puppet/application/module.rb +6 -0
- data/lib/puppet/application/node.rb +6 -0
- data/lib/puppet/application/parser.rb +7 -0
- data/lib/puppet/application/plugin.rb +6 -0
- data/lib/puppet/application/report.rb +6 -0
- data/lib/puppet/application/resource.rb +264 -0
- data/lib/puppet/application/script.rb +266 -0
- data/lib/puppet/application/ssl.rb +331 -0
- data/lib/puppet/application.rb +596 -0
- data/lib/puppet/application_support.rb +69 -0
- data/lib/puppet/coercion.rb +42 -0
- data/lib/puppet/compilable_resource_type.rb +17 -0
- data/lib/puppet/concurrent/lock.rb +15 -0
- data/lib/puppet/concurrent/synchronized.rb +15 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +18 -0
- data/lib/puppet/concurrent.rb +4 -0
- data/lib/puppet/configurer/downloader.rb +91 -0
- data/lib/puppet/configurer/fact_handler.rb +51 -0
- data/lib/puppet/configurer/plugin_handler.rb +61 -0
- data/lib/puppet/configurer.rb +759 -0
- data/lib/puppet/confine/any.rb +28 -0
- data/lib/puppet/confine/boolean.rb +47 -0
- data/lib/puppet/confine/exists.rb +21 -0
- data/lib/puppet/confine/false.rb +27 -0
- data/lib/puppet/confine/feature.rb +18 -0
- data/lib/puppet/confine/true.rb +28 -0
- data/lib/puppet/confine/variable.rb +61 -0
- data/lib/puppet/confine.rb +86 -0
- data/lib/puppet/confine_collection.rb +54 -0
- data/lib/puppet/confiner.rb +48 -0
- data/lib/puppet/context/trusted_information.rb +122 -0
- data/lib/puppet/context.rb +190 -0
- data/lib/puppet/daemon.rb +198 -0
- data/lib/puppet/data_binding.rb +16 -0
- data/lib/puppet/datatypes/error.rb +23 -0
- data/lib/puppet/datatypes/impl/error.rb +42 -0
- data/lib/puppet/datatypes.rb +218 -0
- data/lib/puppet/defaults.rb +2316 -0
- data/lib/puppet/environments.rb +599 -0
- data/lib/puppet/error.rb +142 -0
- data/lib/puppet/etc.rb +185 -0
- data/lib/puppet/external/dot.rb +315 -0
- data/lib/puppet/face/catalog/select.rb +51 -0
- data/lib/puppet/face/catalog.rb +167 -0
- data/lib/puppet/face/config.rb +266 -0
- data/lib/puppet/face/epp.rb +565 -0
- data/lib/puppet/face/facts.rb +176 -0
- data/lib/puppet/face/generate.rb +69 -0
- data/lib/puppet/face/help/action.erb +89 -0
- data/lib/puppet/face/help/face.erb +114 -0
- data/lib/puppet/face/help/global.erb +16 -0
- data/lib/puppet/face/help/man.erb +152 -0
- data/lib/puppet/face/help.rb +260 -0
- data/lib/puppet/face/module/changes.rb +44 -0
- data/lib/puppet/face/module/install.rb +149 -0
- data/lib/puppet/face/module/list.rb +271 -0
- data/lib/puppet/face/module/uninstall.rb +91 -0
- data/lib/puppet/face/module/upgrade.rb +89 -0
- data/lib/puppet/face/module.rb +21 -0
- data/lib/puppet/face/node/clean.rb +109 -0
- data/lib/puppet/face/node.rb +45 -0
- data/lib/puppet/face/parser.rb +226 -0
- data/lib/puppet/face/plugin.rb +62 -0
- data/lib/puppet/face/report.rb +54 -0
- data/lib/puppet/face/resource.rb +55 -0
- data/lib/puppet/face.rb +14 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/feature/base.rb +76 -0
- data/lib/puppet/feature/bolt.rb +5 -0
- data/lib/puppet/feature/cfpropertylist.rb +5 -0
- data/lib/puppet/feature/eventlog.rb +7 -0
- data/lib/puppet/feature/hiera_eyaml.rb +5 -0
- data/lib/puppet/feature/hocon.rb +5 -0
- data/lib/puppet/feature/libuser.rb +10 -0
- data/lib/puppet/feature/msgpack.rb +5 -0
- data/lib/puppet/feature/pe_license.rb +6 -0
- data/lib/puppet/feature/pson.rb +6 -0
- data/lib/puppet/feature/selinux.rb +5 -0
- data/lib/puppet/feature/ssh.rb +5 -0
- data/lib/puppet/feature/telnet.rb +5 -0
- data/lib/puppet/feature/zlib.rb +7 -0
- data/lib/puppet/ffi/posix/constants.rb +16 -0
- data/lib/puppet/ffi/posix/functions.rb +25 -0
- data/lib/puppet/ffi/posix.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +313 -0
- data/lib/puppet/ffi/windows/constants.rb +406 -0
- data/lib/puppet/ffi/windows/functions.rb +629 -0
- data/lib/puppet/ffi/windows/structs.rb +339 -0
- data/lib/puppet/ffi/windows.rb +14 -0
- data/lib/puppet/file_bucket/dipper.rb +183 -0
- data/lib/puppet/file_bucket/file.rb +131 -0
- data/lib/puppet/file_bucket.rb +6 -0
- data/lib/puppet/file_serving/base.rb +94 -0
- data/lib/puppet/file_serving/configuration/parser.rb +116 -0
- data/lib/puppet/file_serving/configuration.rb +116 -0
- data/lib/puppet/file_serving/content.rb +45 -0
- data/lib/puppet/file_serving/fileset.rb +190 -0
- data/lib/puppet/file_serving/http_metadata.rb +61 -0
- data/lib/puppet/file_serving/metadata.rb +174 -0
- data/lib/puppet/file_serving/mount/file.rb +126 -0
- data/lib/puppet/file_serving/mount/locales.rb +35 -0
- data/lib/puppet/file_serving/mount/modules.rb +29 -0
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_serving/mount/plugins.rb +35 -0
- data/lib/puppet/file_serving/mount/scripts.rb +27 -0
- data/lib/puppet/file_serving/mount/tasks.rb +26 -0
- data/lib/puppet/file_serving/mount.rb +41 -0
- data/lib/puppet/file_serving/terminus_helper.rb +33 -0
- data/lib/puppet/file_serving/terminus_selector.rb +33 -0
- data/lib/puppet/file_serving.rb +5 -0
- data/lib/puppet/file_system/file_impl.rb +189 -0
- data/lib/puppet/file_system/jruby.rb +25 -0
- data/lib/puppet/file_system/memory_file.rb +82 -0
- data/lib/puppet/file_system/memory_impl.rb +103 -0
- data/lib/puppet/file_system/path_pattern.rb +95 -0
- data/lib/puppet/file_system/posix.rb +52 -0
- data/lib/puppet/file_system/uniquefile.rb +190 -0
- data/lib/puppet/file_system/windows.rb +224 -0
- data/lib/puppet/file_system.rb +421 -0
- data/lib/puppet/forge/cache.rb +61 -0
- data/lib/puppet/forge/errors.rb +113 -0
- data/lib/puppet/forge/repository.rb +98 -0
- data/lib/puppet/forge.rb +257 -0
- data/lib/puppet/functions/abs.rb +64 -0
- data/lib/puppet/functions/alert.rb +16 -0
- data/lib/puppet/functions/all.rb +106 -0
- data/lib/puppet/functions/annotate.rb +110 -0
- data/lib/puppet/functions/any.rb +111 -0
- data/lib/puppet/functions/assert_type.rb +96 -0
- data/lib/puppet/functions/binary_file.rb +35 -0
- data/lib/puppet/functions/break.rb +49 -0
- data/lib/puppet/functions/call.rb +81 -0
- data/lib/puppet/functions/camelcase.rb +63 -0
- data/lib/puppet/functions/capitalize.rb +62 -0
- data/lib/puppet/functions/ceiling.rb +38 -0
- data/lib/puppet/functions/chomp.rb +58 -0
- data/lib/puppet/functions/chop.rb +68 -0
- data/lib/puppet/functions/compare.rb +127 -0
- data/lib/puppet/functions/contain.rb +58 -0
- data/lib/puppet/functions/convert_to.rb +36 -0
- data/lib/puppet/functions/crit.rb +16 -0
- data/lib/puppet/functions/debug.rb +16 -0
- data/lib/puppet/functions/defined.rb +163 -0
- data/lib/puppet/functions/dig.rb +70 -0
- data/lib/puppet/functions/downcase.rb +91 -0
- data/lib/puppet/functions/each.rb +169 -0
- data/lib/puppet/functions/emerg.rb +16 -0
- data/lib/puppet/functions/empty.rb +87 -0
- data/lib/puppet/functions/epp.rb +50 -0
- data/lib/puppet/functions/err.rb +16 -0
- data/lib/puppet/functions/eyaml_lookup_key.rb +103 -0
- data/lib/puppet/functions/filter.rb +138 -0
- data/lib/puppet/functions/find_file.rb +50 -0
- data/lib/puppet/functions/find_template.rb +65 -0
- data/lib/puppet/functions/flatten.rb +66 -0
- data/lib/puppet/functions/floor.rb +38 -0
- data/lib/puppet/functions/get.rb +152 -0
- data/lib/puppet/functions/getvar.rb +89 -0
- data/lib/puppet/functions/group_by.rb +62 -0
- data/lib/puppet/functions/hiera.rb +91 -0
- data/lib/puppet/functions/hiera_array.rb +83 -0
- data/lib/puppet/functions/hiera_hash.rb +94 -0
- data/lib/puppet/functions/hiera_include.rb +107 -0
- data/lib/puppet/functions/hocon_data.rb +41 -0
- data/lib/puppet/functions/import.rb +9 -0
- data/lib/puppet/functions/include.rb +56 -0
- data/lib/puppet/functions/index.rb +168 -0
- data/lib/puppet/functions/info.rb +16 -0
- data/lib/puppet/functions/inline_epp.rb +61 -0
- data/lib/puppet/functions/join.rb +58 -0
- data/lib/puppet/functions/json_data.rb +33 -0
- data/lib/puppet/functions/keys.rb +27 -0
- data/lib/puppet/functions/length.rb +45 -0
- data/lib/puppet/functions/lest.rb +57 -0
- data/lib/puppet/functions/lookup.rb +224 -0
- data/lib/puppet/functions/lstrip.rb +59 -0
- data/lib/puppet/functions/map.rb +137 -0
- data/lib/puppet/functions/match.rb +133 -0
- data/lib/puppet/functions/max.rb +250 -0
- data/lib/puppet/functions/min.rb +249 -0
- data/lib/puppet/functions/module_directory.rb +43 -0
- data/lib/puppet/functions/new.rb +1013 -0
- data/lib/puppet/functions/next.rb +35 -0
- data/lib/puppet/functions/notice.rb +16 -0
- data/lib/puppet/functions/partition.rb +62 -0
- data/lib/puppet/functions/reduce.rb +159 -0
- data/lib/puppet/functions/regsubst.rb +100 -0
- data/lib/puppet/functions/require.rb +81 -0
- data/lib/puppet/functions/return.rb +17 -0
- data/lib/puppet/functions/reverse_each.rb +96 -0
- data/lib/puppet/functions/round.rb +26 -0
- data/lib/puppet/functions/rstrip.rb +59 -0
- data/lib/puppet/functions/scanf.rb +46 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/slice.rb +127 -0
- data/lib/puppet/functions/sort.rb +76 -0
- data/lib/puppet/functions/split.rb +78 -0
- data/lib/puppet/functions/step.rb +100 -0
- data/lib/puppet/functions/strftime.rb +214 -0
- data/lib/puppet/functions/strip.rb +59 -0
- data/lib/puppet/functions/then.rb +80 -0
- data/lib/puppet/functions/tree_each.rb +198 -0
- data/lib/puppet/functions/type.rb +74 -0
- data/lib/puppet/functions/unique.rb +135 -0
- data/lib/puppet/functions/unwrap.rb +61 -0
- data/lib/puppet/functions/upcase.rb +91 -0
- data/lib/puppet/functions/values.rb +27 -0
- data/lib/puppet/functions/versioncmp.rb +41 -0
- data/lib/puppet/functions/warning.rb +16 -0
- data/lib/puppet/functions/with.rb +34 -0
- data/lib/puppet/functions/yaml_data.rb +45 -0
- data/lib/puppet/functions.rb +858 -0
- data/lib/puppet/generate/models/type/property.rb +73 -0
- data/lib/puppet/generate/models/type/type.rb +68 -0
- data/lib/puppet/generate/templates/type/pcore.erb +42 -0
- data/lib/puppet/generate/type.rb +255 -0
- data/lib/puppet/gettext/config.rb +282 -0
- data/lib/puppet/gettext/module_translations.rb +43 -0
- data/lib/puppet/gettext/stubs.rb +13 -0
- data/lib/puppet/graph/key.rb +28 -0
- data/lib/puppet/graph/prioritizer.rb +31 -0
- data/lib/puppet/graph/rb_tree_map.rb +407 -0
- data/lib/puppet/graph/relationship_graph.rb +286 -0
- data/lib/puppet/graph/sequential_prioritizer.rb +33 -0
- data/lib/puppet/graph/simple_graph.rb +552 -0
- data/lib/puppet/graph.rb +11 -0
- data/lib/puppet/http/client.rb +529 -0
- data/lib/puppet/http/dns.rb +159 -0
- data/lib/puppet/http/errors.rb +50 -0
- data/lib/puppet/http/external_client.rb +89 -0
- data/lib/puppet/http/factory.rb +53 -0
- data/lib/puppet/http/pool.rb +174 -0
- data/lib/puppet/http/pool_entry.rb +19 -0
- data/lib/puppet/http/proxy.rb +139 -0
- data/lib/puppet/http/redirector.rb +87 -0
- data/lib/puppet/http/resolver/server_list.rb +88 -0
- data/lib/puppet/http/resolver/settings.rb +24 -0
- data/lib/puppet/http/resolver/srv.rb +42 -0
- data/lib/puppet/http/resolver.rb +50 -0
- data/lib/puppet/http/response.rb +104 -0
- data/lib/puppet/http/response_converter.rb +25 -0
- data/lib/puppet/http/response_net_http.rb +43 -0
- data/lib/puppet/http/retry_after_handler.rb +78 -0
- data/lib/puppet/http/service/ca.rb +133 -0
- data/lib/puppet/http/service/compiler.rb +356 -0
- data/lib/puppet/http/service/file_server.rb +200 -0
- data/lib/puppet/http/service/puppetserver.rb +54 -0
- data/lib/puppet/http/service/report.rb +62 -0
- data/lib/puppet/http/service.rb +177 -0
- data/lib/puppet/http/session.rb +124 -0
- data/lib/puppet/http/site.rb +44 -0
- data/lib/puppet/http.rb +48 -0
- data/lib/puppet/indirector/catalog/compiler.rb +432 -0
- data/lib/puppet/indirector/catalog/json.rb +42 -0
- data/lib/puppet/indirector/catalog/msgpack.rb +8 -0
- data/lib/puppet/indirector/catalog/rest.rb +51 -0
- data/lib/puppet/indirector/catalog/store_configs.rb +8 -0
- data/lib/puppet/indirector/catalog/yaml.rb +8 -0
- data/lib/puppet/indirector/code.rb +8 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +8 -0
- data/lib/puppet/indirector/data_binding/none.rb +10 -0
- data/lib/puppet/indirector/direct_file_server.rb +20 -0
- data/lib/puppet/indirector/envelope.rb +13 -0
- data/lib/puppet/indirector/errors.rb +7 -0
- data/lib/puppet/indirector/exec.rb +40 -0
- data/lib/puppet/indirector/face.rb +142 -0
- data/lib/puppet/indirector/fact_search.rb +62 -0
- data/lib/puppet/indirector/facts/facter.rb +120 -0
- data/lib/puppet/indirector/facts/json.rb +29 -0
- data/lib/puppet/indirector/facts/memory.rb +11 -0
- data/lib/puppet/indirector/facts/network_device.rb +29 -0
- data/lib/puppet/indirector/facts/rest.rb +46 -0
- data/lib/puppet/indirector/facts/store_configs.rb +12 -0
- data/lib/puppet/indirector/facts/yaml.rb +31 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +268 -0
- data/lib/puppet/indirector/file_bucket_file/rest.rb +53 -0
- data/lib/puppet/indirector/file_bucket_file/selector.rb +54 -0
- data/lib/puppet/indirector/file_content/file.rb +9 -0
- data/lib/puppet/indirector/file_content/file_server.rb +9 -0
- data/lib/puppet/indirector/file_content/rest.rb +37 -0
- data/lib/puppet/indirector/file_content/selector.rb +32 -0
- data/lib/puppet/indirector/file_content.rb +7 -0
- data/lib/puppet/indirector/file_metadata/file.rb +9 -0
- data/lib/puppet/indirector/file_metadata/file_server.rb +9 -0
- data/lib/puppet/indirector/file_metadata/http.rb +49 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +58 -0
- data/lib/puppet/indirector/file_metadata/selector.rb +32 -0
- data/lib/puppet/indirector/file_metadata.rb +7 -0
- data/lib/puppet/indirector/file_server.rb +57 -0
- data/lib/puppet/indirector/generic_http.rb +7 -0
- data/lib/puppet/indirector/hiera.rb +101 -0
- data/lib/puppet/indirector/indirection.rb +381 -0
- data/lib/puppet/indirector/json.rb +82 -0
- data/lib/puppet/indirector/memory.rb +37 -0
- data/lib/puppet/indirector/msgpack.rb +87 -0
- data/lib/puppet/indirector/node/exec.rb +70 -0
- data/lib/puppet/indirector/node/json.rb +9 -0
- data/lib/puppet/indirector/node/memory.rb +12 -0
- data/lib/puppet/indirector/node/msgpack.rb +9 -0
- data/lib/puppet/indirector/node/plain.rb +23 -0
- data/lib/puppet/indirector/node/rest.rb +31 -0
- data/lib/puppet/indirector/node/store_configs.rb +8 -0
- data/lib/puppet/indirector/node/yaml.rb +9 -0
- data/lib/puppet/indirector/none.rb +10 -0
- data/lib/puppet/indirector/plain.rb +11 -0
- data/lib/puppet/indirector/report/json.rb +36 -0
- data/lib/puppet/indirector/report/msgpack.rb +13 -0
- data/lib/puppet/indirector/report/processor.rb +63 -0
- data/lib/puppet/indirector/report/rest.rb +31 -0
- data/lib/puppet/indirector/report/yaml.rb +36 -0
- data/lib/puppet/indirector/request.rb +197 -0
- data/lib/puppet/indirector/resource/ral.rb +66 -0
- data/lib/puppet/indirector/resource/store_configs.rb +14 -0
- data/lib/puppet/indirector/resource/validator.rb +10 -0
- data/lib/puppet/indirector/rest.rb +66 -0
- data/lib/puppet/indirector/store_configs.rb +32 -0
- data/lib/puppet/indirector/terminus.rb +180 -0
- data/lib/puppet/indirector/yaml.rb +65 -0
- data/lib/puppet/indirector.rb +64 -0
- data/lib/puppet/info_service/class_information_service.rb +108 -0
- data/lib/puppet/info_service/plan_information_service.rb +38 -0
- data/lib/puppet/info_service/task_information_service.rb +45 -0
- data/lib/puppet/info_service.rb +27 -0
- data/lib/puppet/interface/action.rb +410 -0
- data/lib/puppet/interface/action_builder.rb +167 -0
- data/lib/puppet/interface/action_manager.rb +101 -0
- data/lib/puppet/interface/documentation.rb +363 -0
- data/lib/puppet/interface/face_collection.rb +141 -0
- data/lib/puppet/interface/option.rb +184 -0
- data/lib/puppet/interface/option_builder.rb +110 -0
- data/lib/puppet/interface/option_manager.rb +108 -0
- data/lib/puppet/interface.rb +240 -0
- data/lib/puppet/loaders.rb +31 -0
- data/lib/puppet/metatype/manager.rb +198 -0
- data/lib/puppet/module/plan.rb +166 -0
- data/lib/puppet/module/task.rb +288 -0
- data/lib/puppet/module.rb +487 -0
- data/lib/puppet/module_tool/applications/application.rb +96 -0
- data/lib/puppet/module_tool/applications/checksummer.rb +62 -0
- data/lib/puppet/module_tool/applications/installer.rb +402 -0
- data/lib/puppet/module_tool/applications/uninstaller.rb +121 -0
- data/lib/puppet/module_tool/applications/unpacker.rb +102 -0
- data/lib/puppet/module_tool/applications/upgrader.rb +288 -0
- data/lib/puppet/module_tool/applications.rb +14 -0
- data/lib/puppet/module_tool/checksums.rb +50 -0
- data/lib/puppet/module_tool/dependency.rb +42 -0
- data/lib/puppet/module_tool/errors/base.rb +17 -0
- data/lib/puppet/module_tool/errors/installer.rb +94 -0
- data/lib/puppet/module_tool/errors/shared.rb +228 -0
- data/lib/puppet/module_tool/errors/uninstaller.rb +51 -0
- data/lib/puppet/module_tool/errors/upgrader.rb +64 -0
- data/lib/puppet/module_tool/errors.rb +13 -0
- data/lib/puppet/module_tool/install_directory.rb +48 -0
- data/lib/puppet/module_tool/installed_modules.rb +99 -0
- data/lib/puppet/module_tool/local_tarball.rb +92 -0
- data/lib/puppet/module_tool/metadata.rb +227 -0
- data/lib/puppet/module_tool/shared_behaviors.rb +199 -0
- data/lib/puppet/module_tool/tar/gnu.rb +23 -0
- data/lib/puppet/module_tool/tar/mini.rb +118 -0
- data/lib/puppet/module_tool/tar.rb +20 -0
- data/lib/puppet/module_tool.rb +194 -0
- data/lib/puppet/network/authconfig.rb +9 -0
- data/lib/puppet/network/authorization.rb +21 -0
- data/lib/puppet/network/client_request.rb +32 -0
- data/lib/puppet/network/format.rb +116 -0
- data/lib/puppet/network/format_handler.rb +110 -0
- data/lib/puppet/network/format_support.rb +140 -0
- data/lib/puppet/network/formats.rb +338 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +270 -0
- data/lib/puppet/network/http/api/indirection_type.rb +33 -0
- data/lib/puppet/network/http/api/master/v3/environments.rb +4 -0
- data/lib/puppet/network/http/api/master/v3.rb +4 -0
- data/lib/puppet/network/http/api/master.rb +5 -0
- data/lib/puppet/network/http/api/server/v3/environments.rb +54 -0
- data/lib/puppet/network/http/api/server/v3.rb +40 -0
- data/lib/puppet/network/http/api/server.rb +12 -0
- data/lib/puppet/network/http/api.rb +41 -0
- data/lib/puppet/network/http/connection.rb +288 -0
- data/lib/puppet/network/http/error.rb +75 -0
- data/lib/puppet/network/http/handler.rb +213 -0
- data/lib/puppet/network/http/issues.rb +14 -0
- data/lib/puppet/network/http/memory_response.rb +15 -0
- data/lib/puppet/network/http/request.rb +83 -0
- data/lib/puppet/network/http/response.rb +25 -0
- data/lib/puppet/network/http/route.rb +104 -0
- data/lib/puppet/network/http.rb +30 -0
- data/lib/puppet/network/http_pool.rb +78 -0
- data/lib/puppet/network/uri.rb +20 -0
- data/lib/puppet/network.rb +5 -0
- data/lib/puppet/node/environment.rb +638 -0
- data/lib/puppet/node/facts.rb +165 -0
- data/lib/puppet/node/server_facts.rb +46 -0
- data/lib/puppet/node.rb +256 -0
- data/lib/puppet/pal/catalog_compiler.rb +107 -0
- data/lib/puppet/pal/compiler.rb +227 -0
- data/lib/puppet/pal/function_signature.rb +54 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +76 -0
- data/lib/puppet/pal/pal_api.rb +17 -0
- data/lib/puppet/pal/pal_impl.rb +585 -0
- data/lib/puppet/pal/plan_signature.rb +73 -0
- data/lib/puppet/pal/script_compiler.rb +75 -0
- data/lib/puppet/pal/task_signature.rb +64 -0
- data/lib/puppet/parameter/boolean.rb +17 -0
- data/lib/puppet/parameter/package_options.rb +33 -0
- data/lib/puppet/parameter/path.rb +61 -0
- data/lib/puppet/parameter/value.rb +93 -0
- data/lib/puppet/parameter/value_collection.rb +213 -0
- data/lib/puppet/parameter.rb +590 -0
- data/lib/puppet/parser/abstract_compiler.rb +35 -0
- data/lib/puppet/parser/ast/block_expression.rb +17 -0
- data/lib/puppet/parser/ast/branch.rb +21 -0
- data/lib/puppet/parser/ast/hostclass.rb +29 -0
- data/lib/puppet/parser/ast/leaf.rb +84 -0
- data/lib/puppet/parser/ast/node.rb +19 -0
- data/lib/puppet/parser/ast/pops_bridge.rb +245 -0
- data/lib/puppet/parser/ast/resource.rb +66 -0
- data/lib/puppet/parser/ast/resource_instance.rb +13 -0
- data/lib/puppet/parser/ast/resourceparam.rb +33 -0
- data/lib/puppet/parser/ast/top_level_construct.rb +6 -0
- data/lib/puppet/parser/ast.rb +62 -0
- data/lib/puppet/parser/catalog_compiler.rb +56 -0
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +41 -0
- data/lib/puppet/parser/compiler/catalog_validator.rb +35 -0
- data/lib/puppet/parser/compiler.rb +616 -0
- data/lib/puppet/parser/e4_parser_adapter.rb +61 -0
- data/lib/puppet/parser/files.rb +95 -0
- data/lib/puppet/parser/functions/assert_type.rb +62 -0
- data/lib/puppet/parser/functions/binary_file.rb +26 -0
- data/lib/puppet/parser/functions/break.rb +41 -0
- data/lib/puppet/parser/functions/contain.rb +32 -0
- data/lib/puppet/parser/functions/create_resources.rb +114 -0
- data/lib/puppet/parser/functions/defined.rb +109 -0
- data/lib/puppet/parser/functions/dig.rb +40 -0
- data/lib/puppet/parser/functions/digest.rb +7 -0
- data/lib/puppet/parser/functions/each.rb +106 -0
- data/lib/puppet/parser/functions/epp.rb +40 -0
- data/lib/puppet/parser/functions/fail.rb +13 -0
- data/lib/puppet/parser/functions/file.rb +35 -0
- data/lib/puppet/parser/functions/filter.rb +81 -0
- data/lib/puppet/parser/functions/find_file.rb +29 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +46 -0
- data/lib/puppet/parser/functions/generate.rb +39 -0
- data/lib/puppet/parser/functions/hiera.rb +105 -0
- data/lib/puppet/parser/functions/hiera_array.rb +93 -0
- data/lib/puppet/parser/functions/hiera_hash.rb +103 -0
- data/lib/puppet/parser/functions/hiera_include.rb +102 -0
- data/lib/puppet/parser/functions/include.rb +36 -0
- data/lib/puppet/parser/functions/inline_epp.rb +52 -0
- data/lib/puppet/parser/functions/inline_template.rb +28 -0
- data/lib/puppet/parser/functions/lest.rb +51 -0
- data/lib/puppet/parser/functions/lookup.rb +134 -0
- data/lib/puppet/parser/functions/map.rb +78 -0
- data/lib/puppet/parser/functions/match.rb +45 -0
- data/lib/puppet/parser/functions/md5.rb +7 -0
- data/lib/puppet/parser/functions/new.rb +992 -0
- data/lib/puppet/parser/functions/next.rb +40 -0
- data/lib/puppet/parser/functions/realize.rb +22 -0
- data/lib/puppet/parser/functions/reduce.rb +139 -0
- data/lib/puppet/parser/functions/regsubst.rb +65 -0
- data/lib/puppet/parser/functions/require.rb +43 -0
- data/lib/puppet/parser/functions/return.rb +94 -0
- data/lib/puppet/parser/functions/reverse_each.rb +85 -0
- data/lib/puppet/parser/functions/scanf.rb +40 -0
- data/lib/puppet/parser/functions/sha1.rb +7 -0
- data/lib/puppet/parser/functions/sha256.rb +7 -0
- data/lib/puppet/parser/functions/shellquote.rb +63 -0
- data/lib/puppet/parser/functions/slice.rb +41 -0
- data/lib/puppet/parser/functions/split.rb +29 -0
- data/lib/puppet/parser/functions/sprintf.rb +62 -0
- data/lib/puppet/parser/functions/step.rb +86 -0
- data/lib/puppet/parser/functions/strftime.rb +187 -0
- data/lib/puppet/parser/functions/tag.rb +15 -0
- data/lib/puppet/parser/functions/tagged.rb +24 -0
- data/lib/puppet/parser/functions/template.rb +42 -0
- data/lib/puppet/parser/functions/then.rb +75 -0
- data/lib/puppet/parser/functions/type.rb +55 -0
- data/lib/puppet/parser/functions/versioncmp.rb +31 -0
- data/lib/puppet/parser/functions/with.rb +30 -0
- data/lib/puppet/parser/functions.rb +324 -0
- data/lib/puppet/parser/parser_factory.rb +32 -0
- data/lib/puppet/parser/relationship.rb +90 -0
- data/lib/puppet/parser/resource/param.rb +37 -0
- data/lib/puppet/parser/resource.rb +353 -0
- data/lib/puppet/parser/scope.rb +1141 -0
- data/lib/puppet/parser/script_compiler.rb +123 -0
- data/lib/puppet/parser/templatewrapper.rb +105 -0
- data/lib/puppet/parser/type_loader.rb +151 -0
- data/lib/puppet/parser.rb +22 -0
- data/lib/puppet/plugins/configuration.rb +31 -0
- data/lib/puppet/plugins/syntax_checkers.rb +99 -0
- data/lib/puppet/plugins.rb +11 -0
- data/lib/puppet/pops/adaptable.rb +199 -0
- data/lib/puppet/pops/adapters.rb +159 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +732 -0
- data/lib/puppet/pops/evaluator/callable_signature.rb +108 -0
- data/lib/puppet/pops/evaluator/closure.rb +370 -0
- data/lib/puppet/pops/evaluator/collector_transformer.rb +237 -0
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +88 -0
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +30 -0
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +71 -0
- data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +38 -0
- data/lib/puppet/pops/evaluator/compare_operator.rb +269 -0
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +227 -0
- data/lib/puppet/pops/evaluator/epp_evaluator.rb +121 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +1317 -0
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +47 -0
- data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +83 -0
- data/lib/puppet/pops/evaluator/literal_evaluator.rb +100 -0
- data/lib/puppet/pops/evaluator/puppet_proc.rb +72 -0
- data/lib/puppet/pops/evaluator/relationship_operator.rb +188 -0
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +225 -0
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +528 -0
- data/lib/puppet/pops/functions/dispatch.rb +107 -0
- data/lib/puppet/pops/functions/dispatcher.rb +76 -0
- data/lib/puppet/pops/functions/function.rb +137 -0
- data/lib/puppet/pops/issue_reporter.rb +140 -0
- data/lib/puppet/pops/issues.rb +933 -0
- data/lib/puppet/pops/label_provider.rb +92 -0
- data/lib/puppet/pops/loader/base_loader.rb +178 -0
- data/lib/puppet/pops/loader/dependency_loader.rb +95 -0
- data/lib/puppet/pops/loader/gem_support.rb +54 -0
- data/lib/puppet/pops/loader/generic_plan_instantiator.rb +30 -0
- data/lib/puppet/pops/loader/loader.rb +221 -0
- data/lib/puppet/pops/loader/loader_paths.rb +413 -0
- data/lib/puppet/pops/loader/module_loaders.rb +552 -0
- data/lib/puppet/pops/loader/predefined_loader.rb +28 -0
- data/lib/puppet/pops/loader/puppet_function_instantiator.rb +88 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +97 -0
- data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +80 -0
- data/lib/puppet/pops/loader/ruby_data_type_instantiator.rb +43 -0
- data/lib/puppet/pops/loader/ruby_function_instantiator.rb +49 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +130 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +104 -0
- data/lib/puppet/pops/loader/simple_environment_loader.rb +20 -0
- data/lib/puppet/pops/loader/static_loader.rb +133 -0
- data/lib/puppet/pops/loader/task_instantiator.rb +46 -0
- data/lib/puppet/pops/loader/type_definition_instantiator.rb +104 -0
- data/lib/puppet/pops/loader/typed_name.rb +56 -0
- data/lib/puppet/pops/loader/uri_helper.rb +24 -0
- data/lib/puppet/pops/loaders.rb +550 -0
- data/lib/puppet/pops/lookup/configured_data_provider.rb +95 -0
- data/lib/puppet/pops/lookup/context.rb +208 -0
- data/lib/puppet/pops/lookup/data_adapter.rb +29 -0
- data/lib/puppet/pops/lookup/data_dig_function_provider.rb +146 -0
- data/lib/puppet/pops/lookup/data_hash_function_provider.rb +128 -0
- data/lib/puppet/pops/lookup/data_provider.rb +94 -0
- data/lib/puppet/pops/lookup/environment_data_provider.rb +37 -0
- data/lib/puppet/pops/lookup/explainer.rb +597 -0
- data/lib/puppet/pops/lookup/function_provider.rb +112 -0
- data/lib/puppet/pops/lookup/global_data_provider.rb +76 -0
- data/lib/puppet/pops/lookup/hiera_config.rb +823 -0
- data/lib/puppet/pops/lookup/interpolation.rb +166 -0
- data/lib/puppet/pops/lookup/invocation.rb +272 -0
- data/lib/puppet/pops/lookup/key_recorder.rb +21 -0
- data/lib/puppet/pops/lookup/location_resolver.rb +101 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +533 -0
- data/lib/puppet/pops/lookup/lookup_key.rb +101 -0
- data/lib/puppet/pops/lookup/lookup_key_function_provider.rb +94 -0
- data/lib/puppet/pops/lookup/module_data_provider.rb +92 -0
- data/lib/puppet/pops/lookup/sub_lookup.rb +96 -0
- data/lib/puppet/pops/lookup.rb +102 -0
- data/lib/puppet/pops/merge_strategy.rb +447 -0
- data/lib/puppet/pops/migration/migration_checker.rb +61 -0
- data/lib/puppet/pops/model/ast.pp +669 -0
- data/lib/puppet/pops/model/ast.rb +4776 -0
- data/lib/puppet/pops/model/ast_transformer.rb +131 -0
- data/lib/puppet/pops/model/factory.rb +1157 -0
- data/lib/puppet/pops/model/model_label_provider.rb +137 -0
- data/lib/puppet/pops/model/model_tree_dumper.rb +447 -0
- data/lib/puppet/pops/model/pn_transformer.rb +384 -0
- data/lib/puppet/pops/model/tree_dumper.rb +62 -0
- data/lib/puppet/pops/parser/code_merger.rb +29 -0
- data/lib/puppet/pops/parser/egrammar.ra +889 -0
- data/lib/puppet/pops/parser/eparser.rb +3184 -0
- data/lib/puppet/pops/parser/epp_parser.rb +52 -0
- data/lib/puppet/pops/parser/epp_support.rb +266 -0
- data/lib/puppet/pops/parser/evaluating_parser.rb +166 -0
- data/lib/puppet/pops/parser/heredoc_support.rb +153 -0
- data/lib/puppet/pops/parser/interpolation_support.rb +249 -0
- data/lib/puppet/pops/parser/lexer2.rb +789 -0
- data/lib/puppet/pops/parser/lexer_support.rb +221 -0
- data/lib/puppet/pops/parser/locatable.rb +23 -0
- data/lib/puppet/pops/parser/locator.rb +361 -0
- data/lib/puppet/pops/parser/parser_support.rb +252 -0
- data/lib/puppet/pops/parser/pn_parser.rb +318 -0
- data/lib/puppet/pops/parser/slurp_support.rb +119 -0
- data/lib/puppet/pops/patterns.rb +60 -0
- data/lib/puppet/pops/pcore.rb +136 -0
- data/lib/puppet/pops/pn.rb +239 -0
- data/lib/puppet/pops/puppet_stack.rb +63 -0
- data/lib/puppet/pops/resource/param.rb +56 -0
- data/lib/puppet/pops/resource/resource_type_impl.rb +296 -0
- data/lib/puppet/pops/resource/resource_type_set.pcore +22 -0
- data/lib/puppet/pops/semantic_error.rb +31 -0
- data/lib/puppet/pops/serialization/abstract_reader.rb +182 -0
- data/lib/puppet/pops/serialization/abstract_writer.rb +224 -0
- data/lib/puppet/pops/serialization/deserializer.rb +83 -0
- data/lib/puppet/pops/serialization/extension.rb +166 -0
- data/lib/puppet/pops/serialization/from_data_converter.rb +231 -0
- data/lib/puppet/pops/serialization/instance_reader.rb +21 -0
- data/lib/puppet/pops/serialization/instance_writer.rb +16 -0
- data/lib/puppet/pops/serialization/json.rb +301 -0
- data/lib/puppet/pops/serialization/json_path.rb +129 -0
- data/lib/puppet/pops/serialization/object.rb +73 -0
- data/lib/puppet/pops/serialization/serializer.rb +144 -0
- data/lib/puppet/pops/serialization/time_factory.rb +68 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +316 -0
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +227 -0
- data/lib/puppet/pops/serialization.rb +45 -0
- data/lib/puppet/pops/time/timespan.rb +728 -0
- data/lib/puppet/pops/time/timestamp.rb +167 -0
- data/lib/puppet/pops/types/annotatable.rb +37 -0
- data/lib/puppet/pops/types/annotation.rb +73 -0
- data/lib/puppet/pops/types/class_loader.rb +134 -0
- data/lib/puppet/pops/types/implementation_registry.rb +137 -0
- data/lib/puppet/pops/types/iterable.rb +375 -0
- data/lib/puppet/pops/types/p_binary_type.rb +232 -0
- data/lib/puppet/pops/types/p_init_type.rb +241 -0
- data/lib/puppet/pops/types/p_meta_type.rb +95 -0
- data/lib/puppet/pops/types/p_object_type.rb +1142 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +229 -0
- data/lib/puppet/pops/types/p_runtime_type.rb +117 -0
- data/lib/puppet/pops/types/p_sem_ver_range_type.rb +191 -0
- data/lib/puppet/pops/types/p_sem_ver_type.rb +155 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +81 -0
- data/lib/puppet/pops/types/p_timespan_type.rb +194 -0
- data/lib/puppet/pops/types/p_timestamp_type.rb +74 -0
- data/lib/puppet/pops/types/p_type_set_type.rb +394 -0
- data/lib/puppet/pops/types/p_uri_type.rb +198 -0
- data/lib/puppet/pops/types/puppet_object.rb +41 -0
- data/lib/puppet/pops/types/recursion_guard.rb +142 -0
- data/lib/puppet/pops/types/ruby_generator.rb +477 -0
- data/lib/puppet/pops/types/ruby_method.rb +32 -0
- data/lib/puppet/pops/types/string_converter.rb +1144 -0
- data/lib/puppet/pops/types/tree_iterators.rb +250 -0
- data/lib/puppet/pops/types/type_acceptor.rb +27 -0
- data/lib/puppet/pops/types/type_asserter.rb +49 -0
- data/lib/puppet/pops/types/type_assertion_error.rb +27 -0
- data/lib/puppet/pops/types/type_calculator.rb +829 -0
- data/lib/puppet/pops/types/type_conversion_error.rb +7 -0
- data/lib/puppet/pops/types/type_factory.rb +640 -0
- data/lib/puppet/pops/types/type_formatter.rb +796 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1105 -0
- data/lib/puppet/pops/types/type_parser.rb +690 -0
- data/lib/puppet/pops/types/type_set_reference.rb +62 -0
- data/lib/puppet/pops/types/type_with_members.rb +43 -0
- data/lib/puppet/pops/types/types.rb +3651 -0
- data/lib/puppet/pops/utils.rb +117 -0
- data/lib/puppet/pops/validation/checker4_0.rb +1155 -0
- data/lib/puppet/pops/validation/tasks_checker.rb +95 -0
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +45 -0
- data/lib/puppet/pops/validation.rb +462 -0
- data/lib/puppet/pops/visitable.rb +8 -0
- data/lib/puppet/pops/visitor.rb +136 -0
- data/lib/puppet/pops.rb +124 -0
- data/lib/puppet/property/boolean.rb +9 -0
- data/lib/puppet/property/ensure.rb +107 -0
- data/lib/puppet/property/keyvalue.rb +159 -0
- data/lib/puppet/property/list.rb +71 -0
- data/lib/puppet/property/ordered_list.rb +30 -0
- data/lib/puppet/property.rb +610 -0
- data/lib/puppet/provider/aix_object.rb +491 -0
- data/lib/puppet/provider/command.rb +27 -0
- data/lib/puppet/provider/confine.rb +8 -0
- data/lib/puppet/provider/exec/posix.rb +63 -0
- data/lib/puppet/provider/exec/shell.rb +27 -0
- data/lib/puppet/provider/exec/windows.rb +57 -0
- data/lib/puppet/provider/exec.rb +107 -0
- data/lib/puppet/provider/file/posix.rb +162 -0
- data/lib/puppet/provider/file/windows.rb +151 -0
- data/lib/puppet/provider/group/aix.rb +101 -0
- data/lib/puppet/provider/group/directoryservice.rb +24 -0
- data/lib/puppet/provider/group/groupadd.rb +180 -0
- data/lib/puppet/provider/group/ldap.rb +51 -0
- data/lib/puppet/provider/group/pw.rb +52 -0
- data/lib/puppet/provider/group/windows_adsi.rb +116 -0
- data/lib/puppet/provider/ldap.rb +143 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +522 -0
- data/lib/puppet/provider/nameservice/objectadd.rb +22 -0
- data/lib/puppet/provider/nameservice/pw.rb +21 -0
- data/lib/puppet/provider/nameservice.rb +297 -0
- data/lib/puppet/provider/network_device.rb +74 -0
- data/lib/puppet/provider/package/aix.rb +171 -0
- data/lib/puppet/provider/package/appdmg.rb +113 -0
- data/lib/puppet/provider/package/apple.rb +49 -0
- data/lib/puppet/provider/package/apt.rb +265 -0
- data/lib/puppet/provider/package/aptitude.rb +35 -0
- data/lib/puppet/provider/package/aptrpm.rb +87 -0
- data/lib/puppet/provider/package/blastwave.rb +109 -0
- data/lib/puppet/provider/package/dnf.rb +57 -0
- data/lib/puppet/provider/package/dnfmodule.rb +143 -0
- data/lib/puppet/provider/package/dpkg.rb +191 -0
- data/lib/puppet/provider/package/fink.rb +99 -0
- data/lib/puppet/provider/package/freebsd.rb +49 -0
- data/lib/puppet/provider/package/gem.rb +296 -0
- data/lib/puppet/provider/package/hpux.rb +46 -0
- data/lib/puppet/provider/package/macports.rb +112 -0
- data/lib/puppet/provider/package/nim.rb +290 -0
- data/lib/puppet/provider/package/openbsd.rb +263 -0
- data/lib/puppet/provider/package/opkg.rb +85 -0
- data/lib/puppet/provider/package/pacman.rb +270 -0
- data/lib/puppet/provider/package/pip.rb +347 -0
- data/lib/puppet/provider/package/pip2.rb +18 -0
- data/lib/puppet/provider/package/pip3.rb +18 -0
- data/lib/puppet/provider/package/pkg.rb +300 -0
- data/lib/puppet/provider/package/pkgdmg.rb +159 -0
- data/lib/puppet/provider/package/pkgin.rb +88 -0
- data/lib/puppet/provider/package/pkgng.rb +178 -0
- data/lib/puppet/provider/package/pkgutil.rb +186 -0
- data/lib/puppet/provider/package/portage.rb +314 -0
- data/lib/puppet/provider/package/ports.rb +94 -0
- data/lib/puppet/provider/package/portupgrade.rb +233 -0
- data/lib/puppet/provider/package/puppet_gem.rb +25 -0
- data/lib/puppet/provider/package/puppetserver_gem.rb +174 -0
- data/lib/puppet/provider/package/rpm.rb +255 -0
- data/lib/puppet/provider/package/rug.rb +51 -0
- data/lib/puppet/provider/package/sun.rb +137 -0
- data/lib/puppet/provider/package/sunfreeware.rb +11 -0
- data/lib/puppet/provider/package/tdnf.rb +35 -0
- data/lib/puppet/provider/package/up2date.rb +40 -0
- data/lib/puppet/provider/package/urpmi.rb +57 -0
- data/lib/puppet/provider/package/windows/exe_package.rb +108 -0
- data/lib/puppet/provider/package/windows/msi_package.rb +72 -0
- data/lib/puppet/provider/package/windows/package.rb +113 -0
- data/lib/puppet/provider/package/windows.rb +131 -0
- data/lib/puppet/provider/package/xbps.rb +127 -0
- data/lib/puppet/provider/package/yum.rb +390 -0
- data/lib/puppet/provider/package/zypper.rb +206 -0
- data/lib/puppet/provider/package.rb +61 -0
- data/lib/puppet/provider/package_targetable.rb +71 -0
- data/lib/puppet/provider/parsedfile.rb +494 -0
- data/lib/puppet/provider/service/base.rb +135 -0
- data/lib/puppet/provider/service/bsd.rb +53 -0
- data/lib/puppet/provider/service/daemontools.rb +196 -0
- data/lib/puppet/provider/service/debian.rb +77 -0
- data/lib/puppet/provider/service/freebsd.rb +141 -0
- data/lib/puppet/provider/service/gentoo.rb +47 -0
- data/lib/puppet/provider/service/init.rb +194 -0
- data/lib/puppet/provider/service/launchd.rb +391 -0
- data/lib/puppet/provider/service/openbsd.rb +101 -0
- data/lib/puppet/provider/service/openrc.rb +72 -0
- data/lib/puppet/provider/service/openwrt.rb +37 -0
- data/lib/puppet/provider/service/rcng.rb +53 -0
- data/lib/puppet/provider/service/redhat.rb +75 -0
- data/lib/puppet/provider/service/runit.rb +107 -0
- data/lib/puppet/provider/service/service.rb +67 -0
- data/lib/puppet/provider/service/smf.rb +322 -0
- data/lib/puppet/provider/service/src.rb +147 -0
- data/lib/puppet/provider/service/systemd.rb +232 -0
- data/lib/puppet/provider/service/upstart.rb +385 -0
- data/lib/puppet/provider/service/windows.rb +179 -0
- data/lib/puppet/provider/user/aix.rb +365 -0
- data/lib/puppet/provider/user/directoryservice.rb +687 -0
- data/lib/puppet/provider/user/hpux.rb +93 -0
- data/lib/puppet/provider/user/ldap.rb +135 -0
- data/lib/puppet/provider/user/openbsd.rb +79 -0
- data/lib/puppet/provider/user/pw.rb +109 -0
- data/lib/puppet/provider/user/user_role_add.rb +243 -0
- data/lib/puppet/provider/user/useradd.rb +417 -0
- data/lib/puppet/provider/user/windows_adsi.rb +176 -0
- data/lib/puppet/provider.rb +613 -0
- data/lib/puppet/reference/configuration.rb +105 -0
- data/lib/puppet/reference/function.rb +19 -0
- data/lib/puppet/reference/indirection.rb +76 -0
- data/lib/puppet/reference/metaparameter.rb +35 -0
- data/lib/puppet/reference/providers.rb +119 -0
- data/lib/puppet/reference/report.rb +22 -0
- data/lib/puppet/reference/type.rb +111 -0
- data/lib/puppet/relationship.rb +85 -0
- data/lib/puppet/reports/http.rb +45 -0
- data/lib/puppet/reports/log.rb +15 -0
- data/lib/puppet/reports/store.rb +71 -0
- data/lib/puppet/reports.rb +95 -0
- data/lib/puppet/resource/catalog.rb +655 -0
- data/lib/puppet/resource/status.rb +231 -0
- data/lib/puppet/resource/type.rb +449 -0
- data/lib/puppet/resource/type_collection.rb +235 -0
- data/lib/puppet/resource.rb +673 -0
- data/lib/puppet/runtime.rb +67 -0
- data/lib/puppet/scheduler/job.rb +55 -0
- data/lib/puppet/scheduler/scheduler.rb +46 -0
- data/lib/puppet/scheduler/splay_job.rb +45 -0
- data/lib/puppet/scheduler/timer.rb +15 -0
- data/lib/puppet/scheduler.rb +18 -0
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings/array_setting.rb +18 -0
- data/lib/puppet/settings/autosign_setting.rb +23 -0
- data/lib/puppet/settings/base_setting.rb +228 -0
- data/lib/puppet/settings/boolean_setting.rb +34 -0
- data/lib/puppet/settings/certificate_revocation_setting.rb +22 -0
- data/lib/puppet/settings/config_file.rb +148 -0
- data/lib/puppet/settings/directory_setting.rb +20 -0
- data/lib/puppet/settings/duration_setting.rb +33 -0
- data/lib/puppet/settings/enum_setting.rb +18 -0
- data/lib/puppet/settings/environment_conf.rb +228 -0
- data/lib/puppet/settings/errors.rb +14 -0
- data/lib/puppet/settings/file_or_directory_setting.rb +37 -0
- data/lib/puppet/settings/file_setting.rb +232 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +26 -0
- data/lib/puppet/settings/ini_file.rb +228 -0
- data/lib/puppet/settings/integer_setting.rb +19 -0
- data/lib/puppet/settings/path_setting.rb +10 -0
- data/lib/puppet/settings/port_setting.rb +17 -0
- data/lib/puppet/settings/priority_setting.rb +44 -0
- data/lib/puppet/settings/server_list_setting.rb +30 -0
- data/lib/puppet/settings/string_setting.rb +11 -0
- data/lib/puppet/settings/symbolic_enum_setting.rb +19 -0
- data/lib/puppet/settings/terminus_setting.rb +16 -0
- data/lib/puppet/settings/ttl_setting.rb +53 -0
- data/lib/puppet/settings/value_translator.rb +16 -0
- data/lib/puppet/settings.rb +1650 -0
- data/lib/puppet/ssl/base.rb +152 -0
- data/lib/puppet/ssl/certificate.rb +98 -0
- data/lib/puppet/ssl/certificate_request.rb +320 -0
- data/lib/puppet/ssl/certificate_request_attributes.rb +40 -0
- data/lib/puppet/ssl/certificate_signer.rb +39 -0
- data/lib/puppet/ssl/digest.rb +22 -0
- data/lib/puppet/ssl/error.rb +29 -0
- data/lib/puppet/ssl/oids.rb +199 -0
- data/lib/puppet/ssl/openssl_loader.rb +26 -0
- data/lib/puppet/ssl/ssl_context.rb +27 -0
- data/lib/puppet/ssl/ssl_provider.rb +354 -0
- data/lib/puppet/ssl/state_machine.rb +605 -0
- data/lib/puppet/ssl/verifier.rb +143 -0
- data/lib/puppet/ssl.rb +25 -0
- data/lib/puppet/syntax_checkers/base64.rb +42 -0
- data/lib/puppet/syntax_checkers/epp.rb +35 -0
- data/lib/puppet/syntax_checkers/json.rb +35 -0
- data/lib/puppet/syntax_checkers/pp.rb +35 -0
- data/lib/puppet/syntax_checkers.rb +5 -0
- data/lib/puppet/test/test_helper.rb +251 -0
- data/lib/puppet/thread_local.rb +6 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +225 -0
- data/lib/puppet/transaction/event.rb +171 -0
- data/lib/puppet/transaction/event_manager.rb +180 -0
- data/lib/puppet/transaction/persistence.rb +119 -0
- data/lib/puppet/transaction/report.rb +511 -0
- data/lib/puppet/transaction/resource_harness.rb +331 -0
- data/lib/puppet/transaction.rb +493 -0
- data/lib/puppet/trusted_external.rb +46 -0
- data/lib/puppet/type/component.rb +96 -0
- data/lib/puppet/type/exec.rb +730 -0
- data/lib/puppet/type/file/checksum.rb +54 -0
- data/lib/puppet/type/file/checksum_value.rb +56 -0
- data/lib/puppet/type/file/content.rb +180 -0
- data/lib/puppet/type/file/ctime.rb +22 -0
- data/lib/puppet/type/file/data_sync.rb +101 -0
- data/lib/puppet/type/file/ensure.rb +194 -0
- data/lib/puppet/type/file/group.rb +50 -0
- data/lib/puppet/type/file/mode.rb +192 -0
- data/lib/puppet/type/file/mtime.rb +21 -0
- data/lib/puppet/type/file/owner.rb +52 -0
- data/lib/puppet/type/file/selcontext.rb +143 -0
- data/lib/puppet/type/file/source.rb +380 -0
- data/lib/puppet/type/file/target.rb +86 -0
- data/lib/puppet/type/file/type.rb +21 -0
- data/lib/puppet/type/file.rb +1139 -0
- data/lib/puppet/type/filebucket.rb +123 -0
- data/lib/puppet/type/group.rb +238 -0
- data/lib/puppet/type/notify.rb +48 -0
- data/lib/puppet/type/package.rb +715 -0
- data/lib/puppet/type/resources.rb +192 -0
- data/lib/puppet/type/schedule.rb +441 -0
- data/lib/puppet/type/service.rb +310 -0
- data/lib/puppet/type/stage.rb +29 -0
- data/lib/puppet/type/tidy.rb +382 -0
- data/lib/puppet/type/user.rb +865 -0
- data/lib/puppet/type/whit.rb +35 -0
- data/lib/puppet/type.rb +2629 -0
- data/lib/puppet/util/at_fork/noop.rb +20 -0
- data/lib/puppet/util/at_fork/solaris.rb +158 -0
- data/lib/puppet/util/at_fork.rb +37 -0
- data/lib/puppet/util/autoload.rb +221 -0
- data/lib/puppet/util/backups.rb +88 -0
- data/lib/puppet/util/character_encoding.rb +83 -0
- data/lib/puppet/util/checksums.rb +380 -0
- data/lib/puppet/util/classgen.rb +223 -0
- data/lib/puppet/util/colors.rb +102 -0
- data/lib/puppet/util/command_line/puppet_option_parser.rb +89 -0
- data/lib/puppet/util/command_line/trollop.rb +847 -0
- data/lib/puppet/util/command_line.rb +198 -0
- data/lib/puppet/util/constant_inflector.rb +25 -0
- data/lib/puppet/util/diff.rb +80 -0
- data/lib/puppet/util/docs.rb +132 -0
- data/lib/puppet/util/errors.rb +161 -0
- data/lib/puppet/util/execution.rb +446 -0
- data/lib/puppet/util/execution_stub.rb +28 -0
- data/lib/puppet/util/feature.rb +129 -0
- data/lib/puppet/util/file_watcher.rb +31 -0
- data/lib/puppet/util/fileparsing.rb +404 -0
- data/lib/puppet/util/filetype.rb +358 -0
- data/lib/puppet/util/http_proxy.rb +6 -0
- data/lib/puppet/util/inifile.rb +335 -0
- data/lib/puppet/util/instance_loader.rb +69 -0
- data/lib/puppet/util/json.rb +94 -0
- data/lib/puppet/util/json_lockfile.rb +47 -0
- data/lib/puppet/util/ldap/connection.rb +75 -0
- data/lib/puppet/util/ldap/generator.rb +44 -0
- data/lib/puppet/util/ldap/manager.rb +283 -0
- data/lib/puppet/util/ldap.rb +4 -0
- data/lib/puppet/util/libuser.conf +15 -0
- data/lib/puppet/util/libuser.rb +13 -0
- data/lib/puppet/util/limits.rb +14 -0
- data/lib/puppet/util/lockfile.rb +66 -0
- data/lib/puppet/util/log/destination.rb +50 -0
- data/lib/puppet/util/log/destinations.rb +253 -0
- data/lib/puppet/util/log.rb +436 -0
- data/lib/puppet/util/logging.rb +304 -0
- data/lib/puppet/util/metaid.rb +22 -0
- data/lib/puppet/util/metric.rb +68 -0
- data/lib/puppet/util/monkey_patches.rb +114 -0
- data/lib/puppet/util/multi_match.rb +55 -0
- data/lib/puppet/util/network_device/base.rb +24 -0
- data/lib/puppet/util/network_device/config.rb +105 -0
- data/lib/puppet/util/network_device/transport/base.rb +26 -0
- data/lib/puppet/util/network_device/transport.rb +7 -0
- data/lib/puppet/util/network_device.rb +19 -0
- data/lib/puppet/util/package/version/debian.rb +177 -0
- data/lib/puppet/util/package/version/gem.rb +18 -0
- data/lib/puppet/util/package/version/pip.rb +173 -0
- data/lib/puppet/util/package/version/range/eq.rb +17 -0
- data/lib/puppet/util/package/version/range/gt.rb +17 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +17 -0
- data/lib/puppet/util/package/version/range/lt.rb +17 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +17 -0
- data/lib/puppet/util/package/version/range/min_max.rb +26 -0
- data/lib/puppet/util/package/version/range/simple.rb +13 -0
- data/lib/puppet/util/package/version/range.rb +57 -0
- data/lib/puppet/util/package/version/rpm.rb +75 -0
- data/lib/puppet/util/package.rb +43 -0
- data/lib/puppet/util/pidlock.rb +103 -0
- data/lib/puppet/util/platform.rb +72 -0
- data/lib/puppet/util/plist.rb +161 -0
- data/lib/puppet/util/posix.rb +206 -0
- data/lib/puppet/util/profiler/aggregate.rb +82 -0
- data/lib/puppet/util/profiler/around_profiler.rb +68 -0
- data/lib/puppet/util/profiler/logging.rb +50 -0
- data/lib/puppet/util/profiler/object_counts.rb +19 -0
- data/lib/puppet/util/profiler/wall_clock.rb +36 -0
- data/lib/puppet/util/profiler.rb +55 -0
- data/lib/puppet/util/provider_features.rb +183 -0
- data/lib/puppet/util/psych_support.rb +32 -0
- data/lib/puppet/util/rdoc/code_objects.rb +293 -0
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +902 -0
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +1068 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +262 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +16 -0
- data/lib/puppet/util/rdoc/parser.rb +14 -0
- data/lib/puppet/util/rdoc.rb +54 -0
- data/lib/puppet/util/reference.rb +94 -0
- data/lib/puppet/util/resource_template.rb +63 -0
- data/lib/puppet/util/retry_action.rb +47 -0
- data/lib/puppet/util/rpm_compare.rb +196 -0
- data/lib/puppet/util/rubygems.rb +67 -0
- data/lib/puppet/util/run_mode.rb +164 -0
- data/lib/puppet/util/selinux.rb +331 -0
- data/lib/puppet/util/skip_tags.rb +15 -0
- data/lib/puppet/util/splayer.rb +20 -0
- data/lib/puppet/util/storage.rb +100 -0
- data/lib/puppet/util/suidmanager.rb +167 -0
- data/lib/puppet/util/symbolic_file_mode.rb +156 -0
- data/lib/puppet/util/tag_set.rb +29 -0
- data/lib/puppet/util/tagging.rb +131 -0
- data/lib/puppet/util/terminal.rb +18 -0
- data/lib/puppet/util/user_attr.rb +23 -0
- data/lib/puppet/util/warnings.rb +35 -0
- data/lib/puppet/util/watched_file.rb +40 -0
- data/lib/puppet/util/watcher/change_watcher.rb +35 -0
- data/lib/puppet/util/watcher/periodic_watcher.rb +38 -0
- data/lib/puppet/util/watcher/timer.rb +21 -0
- data/lib/puppet/util/watcher.rb +17 -0
- data/lib/puppet/util/windows/access_control_entry.rb +86 -0
- data/lib/puppet/util/windows/access_control_list.rb +116 -0
- data/lib/puppet/util/windows/adsi.rb +662 -0
- data/lib/puppet/util/windows/com.rb +228 -0
- data/lib/puppet/util/windows/daemon.rb +340 -0
- data/lib/puppet/util/windows/error.rb +86 -0
- data/lib/puppet/util/windows/eventlog.rb +191 -0
- data/lib/puppet/util/windows/file.rb +359 -0
- data/lib/puppet/util/windows/monkey_patches/process.rb +413 -0
- data/lib/puppet/util/windows/principal.rb +204 -0
- data/lib/puppet/util/windows/process.rb +360 -0
- data/lib/puppet/util/windows/registry.rb +443 -0
- data/lib/puppet/util/windows/root_certs.rb +110 -0
- data/lib/puppet/util/windows/security.rb +909 -0
- data/lib/puppet/util/windows/security_descriptor.rb +64 -0
- data/lib/puppet/util/windows/service.rb +708 -0
- data/lib/puppet/util/windows/sid.rb +291 -0
- data/lib/puppet/util/windows/string.rb +17 -0
- data/lib/puppet/util/windows/user.rb +551 -0
- data/lib/puppet/util/windows.rb +58 -0
- data/lib/puppet/util/yaml.rb +67 -0
- data/lib/puppet/util.rb +759 -0
- data/lib/puppet/vendor/require_vendored.rb +4 -0
- data/lib/puppet/vendor.rb +59 -0
- data/lib/puppet/version.rb +98 -0
- data/lib/puppet/x509/cert_provider.rb +405 -0
- data/lib/puppet/x509/pem_store.rb +57 -0
- data/lib/puppet/x509.rb +13 -0
- data/lib/puppet.rb +348 -0
- data/lib/puppet_pal.rb +10 -0
- data/lib/puppet_x.rb +16 -0
- data/locales/config.yaml +29 -0
- data/locales/en/puppet.po +19 -0
- data/locales/puppet.pot +9738 -0
- data/man/man5/puppet.conf.5 +1407 -0
- data/man/man8/puppet-agent.8 +135 -0
- data/man/man8/puppet-apply.8 +67 -0
- data/man/man8/puppet-catalog.8 +194 -0
- data/man/man8/puppet-config.8 +103 -0
- data/man/man8/puppet-describe.8 +35 -0
- data/man/man8/puppet-device.8 +83 -0
- data/man/man8/puppet-doc.8 +30 -0
- data/man/man8/puppet-epp.8 +232 -0
- data/man/man8/puppet-facts.8 +156 -0
- data/man/man8/puppet-filebucket.8 +134 -0
- data/man/man8/puppet-generate.8 +54 -0
- data/man/man8/puppet-help.8 +46 -0
- data/man/man8/puppet-lookup.8 +71 -0
- data/man/man8/puppet-module.8 +220 -0
- data/man/man8/puppet-node.8 +142 -0
- data/man/man8/puppet-parser.8 +87 -0
- data/man/man8/puppet-plugin.8 +50 -0
- data/man/man8/puppet-report.8 +84 -0
- data/man/man8/puppet-resource.8 +63 -0
- data/man/man8/puppet-script.8 +48 -0
- data/man/man8/puppet-ssl.8 +45 -0
- data/man/man8/puppet.8 +98 -0
- data/tasks/tag.rake +34 -0
- metadata +1336 -0
|
@@ -0,0 +1,909 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# This class maps POSIX owner, group, and modes to the Windows
|
|
4
|
+
# security model, and back.
|
|
5
|
+
#
|
|
6
|
+
# The primary goal of this mapping is to ensure that owner, group, and
|
|
7
|
+
# modes can be round-tripped in a consistent and deterministic
|
|
8
|
+
# way. Otherwise, Puppet might think file resources are out-of-sync
|
|
9
|
+
# every time it runs. A secondary goal is to provide equivalent
|
|
10
|
+
# permissions for common use-cases. For example, setting the owner to
|
|
11
|
+
# "Administrators", group to "Users", and mode to 750 (which also
|
|
12
|
+
# denies access to everyone else.
|
|
13
|
+
#
|
|
14
|
+
# There are some well-known problems mapping windows and POSIX
|
|
15
|
+
# permissions due to differences between the two security
|
|
16
|
+
# models. Search for "POSIX permission mapping leak". In POSIX, access
|
|
17
|
+
# to a file is determined solely based on the most specific class
|
|
18
|
+
# (user, group, other). So a mode of 460 would deny write access to
|
|
19
|
+
# the owner even if they are a member of the group. But in Windows,
|
|
20
|
+
# the entire access control list is walked until the user is
|
|
21
|
+
# explicitly denied or allowed (denied take precedence, and if neither
|
|
22
|
+
# occurs they are denied). As a result, a user could be allowed access
|
|
23
|
+
# based on their group membership. To solve this problem, other people
|
|
24
|
+
# have used deny access control entries to more closely model POSIX,
|
|
25
|
+
# but this introduces a lot of complexity.
|
|
26
|
+
#
|
|
27
|
+
# In general, this implementation only supports "typical" permissions,
|
|
28
|
+
# where group permissions are a subset of user, and other permissions
|
|
29
|
+
# are a subset of group, e.g. 754, but not 467. However, there are
|
|
30
|
+
# some Windows quirks to be aware of.
|
|
31
|
+
#
|
|
32
|
+
# * The owner can be either a user or group SID, and most system files
|
|
33
|
+
# are owned by the Administrators group.
|
|
34
|
+
# * The group can be either a user or group SID.
|
|
35
|
+
# * Unexpected results can occur if the owner and group are the
|
|
36
|
+
# same, but the user and group classes are different, e.g. 750. In
|
|
37
|
+
# this case, it is not possible to allow write access to the owner,
|
|
38
|
+
# but not the group. As a result, the actual permissions set on the
|
|
39
|
+
# file would be 770.
|
|
40
|
+
# * In general, only privileged users can set the owner, group, or
|
|
41
|
+
# change the mode for files they do not own. In 2003, the user must
|
|
42
|
+
# be a member of the Administrators group. In Vista/2008, the user
|
|
43
|
+
# must be running with elevated privileges.
|
|
44
|
+
# * A file/dir can be deleted by anyone with the DELETE access right
|
|
45
|
+
# OR by anyone that has the FILE_DELETE_CHILD access right for the
|
|
46
|
+
# parent. See https://support.microsoft.com/kb/238018. But on Unix,
|
|
47
|
+
# the user must have write access to the file/dir AND execute access
|
|
48
|
+
# to all of the parent path components.
|
|
49
|
+
# * Many access control entries are inherited from parent directories,
|
|
50
|
+
# and it is common for file/dirs to have more than 3 entries,
|
|
51
|
+
# e.g. Users, Power Users, Administrators, SYSTEM, etc, which cannot
|
|
52
|
+
# be mapped into the 3 class POSIX model. The get_mode method will
|
|
53
|
+
# set the S_IEXTRA bit flag indicating that an access control entry
|
|
54
|
+
# was found whose SID is neither the owner, group, or other. This
|
|
55
|
+
# enables Puppet to detect when file/dirs are out-of-sync,
|
|
56
|
+
# especially those that Puppet did not create, but is attempting
|
|
57
|
+
# to manage.
|
|
58
|
+
# * A special case of this is S_ISYSTEM_MISSING, which is set when the
|
|
59
|
+
# SYSTEM permissions are *not* present on the DACL.
|
|
60
|
+
# * On Unix, the owner and group can be modified without changing the
|
|
61
|
+
# mode. But on Windows, an access control entry specifies which SID
|
|
62
|
+
# it applies to. As a result, the set_owner and set_group methods
|
|
63
|
+
# automatically rebuild the access control list based on the new
|
|
64
|
+
# (and different) owner or group.
|
|
65
|
+
|
|
66
|
+
require_relative '../../../puppet/util/windows'
|
|
67
|
+
require 'pathname'
|
|
68
|
+
require 'ffi'
|
|
69
|
+
|
|
70
|
+
module Puppet::Util::Windows::Security
|
|
71
|
+
include Puppet::Util::Windows::String
|
|
72
|
+
|
|
73
|
+
extend Puppet::Util::Windows::Security
|
|
74
|
+
extend FFI::Library
|
|
75
|
+
|
|
76
|
+
# file modes
|
|
77
|
+
S_IRUSR = 0o000400
|
|
78
|
+
S_IRGRP = 0o000040
|
|
79
|
+
S_IROTH = 0o000004
|
|
80
|
+
S_IWUSR = 0o000200
|
|
81
|
+
S_IWGRP = 0o000020
|
|
82
|
+
S_IWOTH = 0o000002
|
|
83
|
+
S_IXUSR = 0o000100
|
|
84
|
+
S_IXGRP = 0o000010
|
|
85
|
+
S_IXOTH = 0o000001
|
|
86
|
+
S_IRWXU = 0o000700
|
|
87
|
+
S_IRWXG = 0o000070
|
|
88
|
+
S_IRWXO = 0o000007
|
|
89
|
+
S_ISVTX = 0o001000
|
|
90
|
+
S_IEXTRA = 0o2000000 # represents an extra ace
|
|
91
|
+
S_ISYSTEM_MISSING = 0o4000000
|
|
92
|
+
|
|
93
|
+
# constants that are missing from Windows::Security
|
|
94
|
+
PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000
|
|
95
|
+
UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
|
|
96
|
+
NO_INHERITANCE = 0x0
|
|
97
|
+
SE_DACL_PROTECTED = 0x1000
|
|
98
|
+
|
|
99
|
+
FILE = Puppet::Util::Windows::File
|
|
100
|
+
|
|
101
|
+
SE_BACKUP_NAME = 'SeBackupPrivilege'
|
|
102
|
+
SE_DEBUG_NAME = 'SeDebugPrivilege'
|
|
103
|
+
SE_RESTORE_NAME = 'SeRestorePrivilege'
|
|
104
|
+
|
|
105
|
+
DELETE = 0x00010000
|
|
106
|
+
READ_CONTROL = 0x20000
|
|
107
|
+
WRITE_DAC = 0x40000
|
|
108
|
+
WRITE_OWNER = 0x80000
|
|
109
|
+
|
|
110
|
+
OWNER_SECURITY_INFORMATION = 1
|
|
111
|
+
GROUP_SECURITY_INFORMATION = 2
|
|
112
|
+
DACL_SECURITY_INFORMATION = 4
|
|
113
|
+
|
|
114
|
+
# Set the owner of the object referenced by +path+ to the specified
|
|
115
|
+
# +owner_sid+. The owner sid should be of the form "S-1-5-32-544"
|
|
116
|
+
# and can either be a user or group. Only a user with the
|
|
117
|
+
# SE_RESTORE_NAME privilege in their process token can overwrite the
|
|
118
|
+
# object's owner to something other than the current user.
|
|
119
|
+
def set_owner(owner_sid, path)
|
|
120
|
+
sd = get_security_descriptor(path)
|
|
121
|
+
|
|
122
|
+
if owner_sid != sd.owner
|
|
123
|
+
sd.owner = owner_sid
|
|
124
|
+
set_security_descriptor(path, sd)
|
|
125
|
+
end
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
# Get the owner of the object referenced by +path+. The returned
|
|
129
|
+
# value is a SID string, e.g. "S-1-5-32-544". Any user with read
|
|
130
|
+
# access to an object can get the owner. Only a user with the
|
|
131
|
+
# SE_BACKUP_NAME privilege in their process token can get the owner
|
|
132
|
+
# for objects they do not have read access to.
|
|
133
|
+
def get_owner(path)
|
|
134
|
+
return unless supports_acl?(path)
|
|
135
|
+
|
|
136
|
+
get_security_descriptor(path).owner
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
# Set the owner of the object referenced by +path+ to the specified
|
|
140
|
+
# +group_sid+. The group sid should be of the form "S-1-5-32-544"
|
|
141
|
+
# and can either be a user or group. Any user with WRITE_OWNER
|
|
142
|
+
# access to the object can change the group (regardless of whether
|
|
143
|
+
# the current user belongs to that group or not).
|
|
144
|
+
def set_group(group_sid, path)
|
|
145
|
+
sd = get_security_descriptor(path)
|
|
146
|
+
|
|
147
|
+
if group_sid != sd.group
|
|
148
|
+
sd.group = group_sid
|
|
149
|
+
set_security_descriptor(path, sd)
|
|
150
|
+
end
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
# Get the group of the object referenced by +path+. The returned
|
|
154
|
+
# value is a SID string, e.g. "S-1-5-32-544". Any user with read
|
|
155
|
+
# access to an object can get the group. Only a user with the
|
|
156
|
+
# SE_BACKUP_NAME privilege in their process token can get the group
|
|
157
|
+
# for objects they do not have read access to.
|
|
158
|
+
def get_group(path)
|
|
159
|
+
return unless supports_acl?(path)
|
|
160
|
+
|
|
161
|
+
get_security_descriptor(path).group
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
FILE_PERSISTENT_ACLS = 0x00000008
|
|
165
|
+
|
|
166
|
+
def supports_acl?(path)
|
|
167
|
+
supported = false
|
|
168
|
+
root = Pathname.new(path).enum_for(:ascend).to_a.last.to_s
|
|
169
|
+
# 'A trailing backslash is required'
|
|
170
|
+
root = "#{root}\\" unless root =~ %r{[/\\]$}
|
|
171
|
+
|
|
172
|
+
FFI::MemoryPointer.new(:pointer, 1) do |flags_ptr|
|
|
173
|
+
if GetVolumeInformationW(wide_string(root), FFI::Pointer::NULL, 0,
|
|
174
|
+
FFI::Pointer::NULL, FFI::Pointer::NULL,
|
|
175
|
+
flags_ptr, FFI::Pointer::NULL, 0) == FFI::WIN32_FALSE
|
|
176
|
+
raise Puppet::Util::Windows::Error, _("Failed to get volume information")
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
supported = flags_ptr.read_dword & FILE_PERSISTENT_ACLS == FILE_PERSISTENT_ACLS
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
supported
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
MASK_TO_MODE = {
|
|
186
|
+
FILE::FILE_GENERIC_READ => S_IROTH,
|
|
187
|
+
FILE::FILE_GENERIC_WRITE => S_IWOTH,
|
|
188
|
+
(FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES) => S_IXOTH
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
def get_aces_for_path_by_sid(path, sid)
|
|
192
|
+
get_security_descriptor(path).dacl.select { |ace| ace.sid == sid }
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
# Get the mode of the object referenced by +path+. The returned
|
|
196
|
+
# integer value represents the POSIX-style read, write, and execute
|
|
197
|
+
# modes for the user, group, and other classes, e.g. 0640. Any user
|
|
198
|
+
# with read access to an object can get the mode. Only a user with
|
|
199
|
+
# the SE_BACKUP_NAME privilege in their process token can get the
|
|
200
|
+
# mode for objects they do not have read access to.
|
|
201
|
+
def get_mode(path)
|
|
202
|
+
return unless supports_acl?(path)
|
|
203
|
+
|
|
204
|
+
well_known_world_sid = Puppet::Util::Windows::SID::Everyone
|
|
205
|
+
well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
|
|
206
|
+
well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
|
|
207
|
+
well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
|
|
208
|
+
|
|
209
|
+
mode = S_ISYSTEM_MISSING
|
|
210
|
+
|
|
211
|
+
sd = get_security_descriptor(path)
|
|
212
|
+
sd.dacl.each do |ace|
|
|
213
|
+
next if ace.inherit_only?
|
|
214
|
+
|
|
215
|
+
case ace.sid
|
|
216
|
+
when sd.owner
|
|
217
|
+
MASK_TO_MODE.each_pair do |k, v|
|
|
218
|
+
if (ace.mask & k) == k
|
|
219
|
+
mode |= (v << 6)
|
|
220
|
+
end
|
|
221
|
+
end
|
|
222
|
+
when sd.group
|
|
223
|
+
MASK_TO_MODE.each_pair do |k, v|
|
|
224
|
+
if (ace.mask & k) == k
|
|
225
|
+
mode |= (v << 3)
|
|
226
|
+
end
|
|
227
|
+
end
|
|
228
|
+
when well_known_world_sid
|
|
229
|
+
MASK_TO_MODE.each_pair do |k, v|
|
|
230
|
+
if (ace.mask & k) == k
|
|
231
|
+
mode |= (v << 6) | (v << 3) | v
|
|
232
|
+
end
|
|
233
|
+
end
|
|
234
|
+
if File.directory?(path) &&
|
|
235
|
+
(ace.mask & (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE | FILE::FILE_DELETE_CHILD)) == (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE)
|
|
236
|
+
mode |= S_ISVTX;
|
|
237
|
+
end
|
|
238
|
+
when well_known_nobody_sid
|
|
239
|
+
if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
|
|
240
|
+
mode |= S_ISVTX
|
|
241
|
+
end
|
|
242
|
+
when well_known_app_packages_sid, well_known_system_sid
|
|
243
|
+
# do nothing
|
|
244
|
+
else
|
|
245
|
+
# puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"
|
|
246
|
+
mode |= S_IEXTRA
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
if ace.sid == well_known_system_sid
|
|
250
|
+
mode &= ~S_ISYSTEM_MISSING
|
|
251
|
+
end
|
|
252
|
+
|
|
253
|
+
# if owner and group the same, then user and group modes are the OR of both
|
|
254
|
+
if sd.owner == sd.group
|
|
255
|
+
mode |= ((mode & S_IRWXG) << 3) | ((mode & S_IRWXU) >> 3)
|
|
256
|
+
# puts "owner: #{sd.group}, 0x#{ace.mask.to_s(16)}, #{mode.to_s(8)}"
|
|
257
|
+
end
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
# puts "get_mode: #{mode.to_s(8)}"
|
|
261
|
+
mode
|
|
262
|
+
end
|
|
263
|
+
|
|
264
|
+
MODE_TO_MASK = {
|
|
265
|
+
S_IROTH => FILE::FILE_GENERIC_READ,
|
|
266
|
+
S_IWOTH => FILE::FILE_GENERIC_WRITE,
|
|
267
|
+
S_IXOTH => (FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES),
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
# Set the mode of the object referenced by +path+ to the specified
|
|
271
|
+
# +mode+. The mode should be specified as POSIX-style read, write,
|
|
272
|
+
# and execute modes for the user, group, and other classes,
|
|
273
|
+
# e.g. 0640. The sticky bit, S_ISVTX, is supported, but is only
|
|
274
|
+
# meaningful for directories. If set, group and others are not
|
|
275
|
+
# allowed to delete child objects for which they are not the owner.
|
|
276
|
+
# By default, the DACL is set to protected, meaning it does not
|
|
277
|
+
# inherit access control entries from parent objects. This can be
|
|
278
|
+
# changed by setting +protected+ to false. The owner of the object
|
|
279
|
+
# (with READ_CONTROL and WRITE_DACL access) can always change the
|
|
280
|
+
# mode. Only a user with the SE_BACKUP_NAME and SE_RESTORE_NAME
|
|
281
|
+
# privileges in their process token can change the mode for objects
|
|
282
|
+
# that they do not have read and write access to.
|
|
283
|
+
def set_mode(mode, path, protected = true, managing_owner = false, managing_group = false)
|
|
284
|
+
sd = get_security_descriptor(path)
|
|
285
|
+
well_known_world_sid = Puppet::Util::Windows::SID::Everyone
|
|
286
|
+
well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
|
|
287
|
+
well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
|
|
288
|
+
|
|
289
|
+
owner_allow = FILE::STANDARD_RIGHTS_ALL |
|
|
290
|
+
FILE::FILE_READ_ATTRIBUTES |
|
|
291
|
+
FILE::FILE_WRITE_ATTRIBUTES
|
|
292
|
+
# this prevents a mode that is not 7 from taking ownership of a file based
|
|
293
|
+
# on group membership and rewriting it / making it executable
|
|
294
|
+
group_allow = FILE::STANDARD_RIGHTS_READ |
|
|
295
|
+
FILE::FILE_READ_ATTRIBUTES |
|
|
296
|
+
FILE::SYNCHRONIZE
|
|
297
|
+
other_allow = FILE::STANDARD_RIGHTS_READ |
|
|
298
|
+
FILE::FILE_READ_ATTRIBUTES |
|
|
299
|
+
FILE::SYNCHRONIZE
|
|
300
|
+
nobody_allow = 0
|
|
301
|
+
system_allow = 0
|
|
302
|
+
|
|
303
|
+
MODE_TO_MASK.each do |k, v|
|
|
304
|
+
if ((mode >> 6) & k) == k
|
|
305
|
+
owner_allow |= v
|
|
306
|
+
end
|
|
307
|
+
if ((mode >> 3) & k) == k
|
|
308
|
+
group_allow |= v
|
|
309
|
+
end
|
|
310
|
+
if (mode & k) == k
|
|
311
|
+
other_allow |= v
|
|
312
|
+
end
|
|
313
|
+
end
|
|
314
|
+
|
|
315
|
+
# With a mode value of '7' for group / other, the value must then include
|
|
316
|
+
# additional perms beyond STANDARD_RIGHTS_READ to allow DACL modification
|
|
317
|
+
if (mode & S_IRWXG) == S_IRWXG
|
|
318
|
+
group_allow |= FILE::DELETE | FILE::WRITE_DAC | FILE::WRITE_OWNER
|
|
319
|
+
end
|
|
320
|
+
if (mode & S_IRWXO) == S_IRWXO
|
|
321
|
+
other_allow |= FILE::DELETE | FILE::WRITE_DAC | FILE::WRITE_OWNER
|
|
322
|
+
end
|
|
323
|
+
|
|
324
|
+
if (mode & S_ISVTX).nonzero?
|
|
325
|
+
nobody_allow |= FILE::FILE_APPEND_DATA;
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
isownergroup = sd.owner == sd.group
|
|
329
|
+
|
|
330
|
+
# caller is NOT managing SYSTEM by using group or owner, so set to FULL
|
|
331
|
+
if ![sd.owner, sd.group].include? well_known_system_sid
|
|
332
|
+
# we don't check S_ISYSTEM_MISSING bit, but automatically carry over existing SYSTEM perms
|
|
333
|
+
# by default set SYSTEM perms to full
|
|
334
|
+
system_allow = FILE::FILE_ALL_ACCESS
|
|
335
|
+
else
|
|
336
|
+
# It is possible to set SYSTEM with a mode other than Full Control (7) however this makes no sense and in practical terms
|
|
337
|
+
# should not be done. We can trap these instances and correct them before being applied.
|
|
338
|
+
if (sd.owner == well_known_system_sid) && (owner_allow != FILE::FILE_ALL_ACCESS)
|
|
339
|
+
# If owner and group are both SYSTEM but group is unmanaged the control rights of system will be set to FullControl by
|
|
340
|
+
# the unmanaged group, so there is no need for the warning
|
|
341
|
+
if managing_owner && (!isownergroup || managing_group)
|
|
342
|
+
# TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
|
|
343
|
+
Puppet.warning _("Setting control rights for %{path} owner SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
|
|
344
|
+
elsif managing_owner && isownergroup
|
|
345
|
+
# TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
|
|
346
|
+
Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but group is not managed directly: SYSTEM user rights will be set to FullControl by group") % { path: path } }
|
|
347
|
+
else
|
|
348
|
+
# TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
|
|
349
|
+
Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the owner, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
|
|
350
|
+
owner_allow = FILE::FILE_ALL_ACCESS
|
|
351
|
+
end
|
|
352
|
+
end
|
|
353
|
+
|
|
354
|
+
if (sd.group == well_known_system_sid) && (group_allow != FILE::FILE_ALL_ACCESS)
|
|
355
|
+
# If owner and group are both SYSTEM but owner is unmanaged the control rights of system will be set to FullControl by
|
|
356
|
+
# the unmanaged owner, so there is no need for the warning.
|
|
357
|
+
if managing_group && (!isownergroup || managing_owner)
|
|
358
|
+
# TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
|
|
359
|
+
Puppet.warning _("Setting control rights for %{path} group SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
|
|
360
|
+
elsif managing_group && isownergroup
|
|
361
|
+
# TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
|
|
362
|
+
Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but owner is not managed directly: SYSTEM user rights will be set to FullControl by owner") % { path: path } }
|
|
363
|
+
else
|
|
364
|
+
# TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
|
|
365
|
+
Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the group, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
|
|
366
|
+
group_allow = FILE::FILE_ALL_ACCESS
|
|
367
|
+
end
|
|
368
|
+
end
|
|
369
|
+
end
|
|
370
|
+
|
|
371
|
+
# even though FILE_DELETE_CHILD only applies to directories, it can be set on files
|
|
372
|
+
# this is necessary to do to ensure a file ends up with (F) FullControl
|
|
373
|
+
if (mode & (S_IWUSR | S_IXUSR)) == (S_IWUSR | S_IXUSR)
|
|
374
|
+
owner_allow |= FILE::FILE_DELETE_CHILD
|
|
375
|
+
end
|
|
376
|
+
if (mode & (S_IWGRP | S_IXGRP)) == (S_IWGRP | S_IXGRP) && (mode & S_ISVTX) == 0
|
|
377
|
+
group_allow |= FILE::FILE_DELETE_CHILD
|
|
378
|
+
end
|
|
379
|
+
if (mode & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH) && (mode & S_ISVTX) == 0
|
|
380
|
+
other_allow |= FILE::FILE_DELETE_CHILD
|
|
381
|
+
end
|
|
382
|
+
|
|
383
|
+
# if owner and group the same, then map group permissions to the one owner ACE
|
|
384
|
+
if isownergroup
|
|
385
|
+
owner_allow |= group_allow
|
|
386
|
+
end
|
|
387
|
+
|
|
388
|
+
# if any ACE allows write, then clear readonly bit, but do this before we overwrite
|
|
389
|
+
# the DACl and lose our ability to set the attribute
|
|
390
|
+
if ((owner_allow | group_allow | other_allow) & FILE::FILE_WRITE_DATA) == FILE::FILE_WRITE_DATA
|
|
391
|
+
FILE.remove_attributes(path, FILE::FILE_ATTRIBUTE_READONLY)
|
|
392
|
+
end
|
|
393
|
+
|
|
394
|
+
isdir = File.directory?(path)
|
|
395
|
+
dacl = Puppet::Util::Windows::AccessControlList.new
|
|
396
|
+
dacl.allow(sd.owner, owner_allow)
|
|
397
|
+
unless isownergroup
|
|
398
|
+
dacl.allow(sd.group, group_allow)
|
|
399
|
+
end
|
|
400
|
+
dacl.allow(well_known_world_sid, other_allow)
|
|
401
|
+
dacl.allow(well_known_nobody_sid, nobody_allow)
|
|
402
|
+
|
|
403
|
+
# TODO: system should be first?
|
|
404
|
+
flags = !isdir ? 0 :
|
|
405
|
+
Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE |
|
|
406
|
+
Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
|
|
407
|
+
dacl.allow(well_known_system_sid, system_allow, flags)
|
|
408
|
+
|
|
409
|
+
# add inherit-only aces for child dirs and files that are created within the dir
|
|
410
|
+
inherit_only = Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
|
|
411
|
+
if isdir
|
|
412
|
+
inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE
|
|
413
|
+
dacl.allow(Puppet::Util::Windows::SID::CreatorOwner, owner_allow, inherit)
|
|
414
|
+
dacl.allow(Puppet::Util::Windows::SID::CreatorGroup, group_allow, inherit)
|
|
415
|
+
|
|
416
|
+
inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
|
|
417
|
+
# allow any previously set bits *except* for these
|
|
418
|
+
perms_to_strip = ~(FILE::FILE_EXECUTE + FILE::WRITE_OWNER + FILE::WRITE_DAC)
|
|
419
|
+
dacl.allow(Puppet::Util::Windows::SID::CreatorOwner, owner_allow & perms_to_strip, inherit)
|
|
420
|
+
dacl.allow(Puppet::Util::Windows::SID::CreatorGroup, group_allow & perms_to_strip, inherit)
|
|
421
|
+
end
|
|
422
|
+
|
|
423
|
+
new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, dacl, protected)
|
|
424
|
+
set_security_descriptor(path, new_sd)
|
|
425
|
+
|
|
426
|
+
nil
|
|
427
|
+
end
|
|
428
|
+
|
|
429
|
+
ACL_REVISION = 2
|
|
430
|
+
|
|
431
|
+
def add_access_allowed_ace(acl, mask, sid, inherit = nil)
|
|
432
|
+
inherit ||= NO_INHERITANCE
|
|
433
|
+
|
|
434
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
|
|
435
|
+
if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
|
|
436
|
+
raise Puppet::Util::Windows::Error, _("Invalid SID")
|
|
437
|
+
end
|
|
438
|
+
|
|
439
|
+
if AddAccessAllowedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
|
|
440
|
+
raise Puppet::Util::Windows::Error, _("Failed to add access control entry")
|
|
441
|
+
end
|
|
442
|
+
end
|
|
443
|
+
|
|
444
|
+
# ensure this method is void if it doesn't raise
|
|
445
|
+
nil
|
|
446
|
+
end
|
|
447
|
+
|
|
448
|
+
def add_access_denied_ace(acl, mask, sid, inherit = nil)
|
|
449
|
+
inherit ||= NO_INHERITANCE
|
|
450
|
+
|
|
451
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
|
|
452
|
+
if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
|
|
453
|
+
raise Puppet::Util::Windows::Error, _("Invalid SID")
|
|
454
|
+
end
|
|
455
|
+
|
|
456
|
+
if AddAccessDeniedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
|
|
457
|
+
raise Puppet::Util::Windows::Error, _("Failed to add access control entry")
|
|
458
|
+
end
|
|
459
|
+
end
|
|
460
|
+
|
|
461
|
+
# ensure this method is void if it doesn't raise
|
|
462
|
+
nil
|
|
463
|
+
end
|
|
464
|
+
|
|
465
|
+
def parse_dacl(dacl_ptr)
|
|
466
|
+
# REMIND: need to handle NULL DACL
|
|
467
|
+
if IsValidAcl(dacl_ptr) == FFI::WIN32_FALSE
|
|
468
|
+
raise Puppet::Util::Windows::Error, _("Invalid DACL")
|
|
469
|
+
end
|
|
470
|
+
|
|
471
|
+
dacl_struct = ACL.new(dacl_ptr)
|
|
472
|
+
ace_count = dacl_struct[:AceCount]
|
|
473
|
+
|
|
474
|
+
dacl = Puppet::Util::Windows::AccessControlList.new
|
|
475
|
+
|
|
476
|
+
# deny all
|
|
477
|
+
return dacl if ace_count == 0
|
|
478
|
+
|
|
479
|
+
0.upto(ace_count - 1) do |i|
|
|
480
|
+
FFI::MemoryPointer.new(:pointer, 1) do |ace_ptr|
|
|
481
|
+
next if GetAce(dacl_ptr, i, ace_ptr) == FFI::WIN32_FALSE
|
|
482
|
+
|
|
483
|
+
# ACE structures vary depending on the type. We are only concerned with
|
|
484
|
+
# ACCESS_ALLOWED_ACE and ACCESS_DENIED_ACEs, which have the same layout
|
|
485
|
+
ace = GENERIC_ACCESS_ACE.new(ace_ptr.get_pointer(0)) # deref LPVOID *
|
|
486
|
+
|
|
487
|
+
ace_type = ace[:Header][:AceType]
|
|
488
|
+
if ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE &&
|
|
489
|
+
ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
|
|
490
|
+
Puppet.warning _("Unsupported access control entry type: 0x%{type}") % { type: ace_type.to_s(16) }
|
|
491
|
+
next
|
|
492
|
+
end
|
|
493
|
+
|
|
494
|
+
# using pointer addition gives the FFI::Pointer a size, but that's OK here
|
|
495
|
+
sid = Puppet::Util::Windows::SID.sid_ptr_to_string(ace.pointer + GENERIC_ACCESS_ACE.offset_of(:SidStart))
|
|
496
|
+
mask = ace[:Mask]
|
|
497
|
+
ace_flags = ace[:Header][:AceFlags]
|
|
498
|
+
|
|
499
|
+
case ace_type
|
|
500
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
|
|
501
|
+
dacl.allow(sid, mask, ace_flags)
|
|
502
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
|
|
503
|
+
dacl.deny(sid, mask, ace_flags)
|
|
504
|
+
end
|
|
505
|
+
end
|
|
506
|
+
end
|
|
507
|
+
|
|
508
|
+
dacl
|
|
509
|
+
end
|
|
510
|
+
|
|
511
|
+
# Open an existing file with the specified access mode, and execute a
|
|
512
|
+
# block with the opened file HANDLE.
|
|
513
|
+
def open_file(path, access, &block)
|
|
514
|
+
handle = CreateFileW(
|
|
515
|
+
wide_string(path),
|
|
516
|
+
access,
|
|
517
|
+
FILE::FILE_SHARE_READ | FILE::FILE_SHARE_WRITE,
|
|
518
|
+
FFI::Pointer::NULL, # security_attributes
|
|
519
|
+
FILE::OPEN_EXISTING,
|
|
520
|
+
FILE::FILE_FLAG_OPEN_REPARSE_POINT | FILE::FILE_FLAG_BACKUP_SEMANTICS,
|
|
521
|
+
FFI::Pointer::NULL_HANDLE
|
|
522
|
+
) # template
|
|
523
|
+
|
|
524
|
+
if handle == Puppet::Util::Windows::File::INVALID_HANDLE_VALUE
|
|
525
|
+
raise Puppet::Util::Windows::Error, _("Failed to open '%{path}'") % { path: path }
|
|
526
|
+
end
|
|
527
|
+
|
|
528
|
+
begin
|
|
529
|
+
yield handle
|
|
530
|
+
ensure
|
|
531
|
+
FFI::WIN32.CloseHandle(handle) if handle
|
|
532
|
+
end
|
|
533
|
+
|
|
534
|
+
# handle has already had CloseHandle called against it, nothing to return
|
|
535
|
+
nil
|
|
536
|
+
end
|
|
537
|
+
|
|
538
|
+
# Execute a block with the specified privilege enabled
|
|
539
|
+
def with_privilege(privilege, &block)
|
|
540
|
+
set_privilege(privilege, true)
|
|
541
|
+
yield
|
|
542
|
+
ensure
|
|
543
|
+
set_privilege(privilege, false)
|
|
544
|
+
end
|
|
545
|
+
|
|
546
|
+
SE_PRIVILEGE_ENABLED = 0x00000002
|
|
547
|
+
TOKEN_ADJUST_PRIVILEGES = 0x0020
|
|
548
|
+
|
|
549
|
+
# Enable or disable a privilege. Note this doesn't add any privileges the
|
|
550
|
+
# user doesn't already has, it just enables privileges that are disabled.
|
|
551
|
+
def set_privilege(privilege, enable)
|
|
552
|
+
return unless Puppet.features.root?
|
|
553
|
+
|
|
554
|
+
Puppet::Util::Windows::Process.with_process_token(TOKEN_ADJUST_PRIVILEGES) do |token|
|
|
555
|
+
Puppet::Util::Windows::Process.lookup_privilege_value(privilege) do |luid|
|
|
556
|
+
FFI::MemoryPointer.new(Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.size) do |luid_and_attributes_ptr|
|
|
557
|
+
# allocate unmanaged memory for structs that we clean up afterwards
|
|
558
|
+
luid_and_attributes = Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.new(luid_and_attributes_ptr)
|
|
559
|
+
luid_and_attributes[:Luid] = luid
|
|
560
|
+
luid_and_attributes[:Attributes] = enable ? SE_PRIVILEGE_ENABLED : 0
|
|
561
|
+
|
|
562
|
+
FFI::MemoryPointer.new(Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.size) do |token_privileges_ptr|
|
|
563
|
+
token_privileges = Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.new(token_privileges_ptr)
|
|
564
|
+
token_privileges[:PrivilegeCount] = 1
|
|
565
|
+
token_privileges[:Privileges][0] = luid_and_attributes
|
|
566
|
+
|
|
567
|
+
# size is correct given we only have 1 LUID, otherwise would be:
|
|
568
|
+
# [:PrivilegeCount].size + [:PrivilegeCount] * LUID_AND_ATTRIBUTES.size
|
|
569
|
+
if AdjustTokenPrivileges(token, FFI::WIN32_FALSE,
|
|
570
|
+
token_privileges, token_privileges.size,
|
|
571
|
+
FFI::MemoryPointer::NULL, FFI::MemoryPointer::NULL) == FFI::WIN32_FALSE
|
|
572
|
+
raise Puppet::Util::Windows::Error, _("Failed to adjust process privileges")
|
|
573
|
+
end
|
|
574
|
+
end
|
|
575
|
+
end
|
|
576
|
+
end
|
|
577
|
+
end
|
|
578
|
+
|
|
579
|
+
# token / luid structs freed by this point, so return true as nothing raised
|
|
580
|
+
true
|
|
581
|
+
end
|
|
582
|
+
|
|
583
|
+
def get_security_descriptor(path)
|
|
584
|
+
sd = nil
|
|
585
|
+
|
|
586
|
+
with_privilege(SE_BACKUP_NAME) do
|
|
587
|
+
open_file(path, READ_CONTROL) do |handle|
|
|
588
|
+
FFI::MemoryPointer.new(:pointer, 1) do |owner_sid_ptr_ptr|
|
|
589
|
+
FFI::MemoryPointer.new(:pointer, 1) do |group_sid_ptr_ptr|
|
|
590
|
+
FFI::MemoryPointer.new(:pointer, 1) do |dacl_ptr_ptr|
|
|
591
|
+
FFI::MemoryPointer.new(:pointer, 1) do |sd_ptr_ptr|
|
|
592
|
+
rv = GetSecurityInfo(
|
|
593
|
+
handle,
|
|
594
|
+
:SE_FILE_OBJECT,
|
|
595
|
+
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
|
596
|
+
owner_sid_ptr_ptr,
|
|
597
|
+
group_sid_ptr_ptr,
|
|
598
|
+
dacl_ptr_ptr,
|
|
599
|
+
FFI::Pointer::NULL, # sacl
|
|
600
|
+
sd_ptr_ptr
|
|
601
|
+
) # sec desc
|
|
602
|
+
raise Puppet::Util::Windows::Error, _("Failed to get security information") if rv != FFI::ERROR_SUCCESS
|
|
603
|
+
|
|
604
|
+
# these 2 convenience params are not freed since they point inside sd_ptr
|
|
605
|
+
owner = Puppet::Util::Windows::SID.sid_ptr_to_string(owner_sid_ptr_ptr.get_pointer(0))
|
|
606
|
+
group = Puppet::Util::Windows::SID.sid_ptr_to_string(group_sid_ptr_ptr.get_pointer(0))
|
|
607
|
+
|
|
608
|
+
FFI::MemoryPointer.new(:word, 1) do |control|
|
|
609
|
+
FFI::MemoryPointer.new(:dword, 1) do |revision|
|
|
610
|
+
sd_ptr_ptr.read_win32_local_pointer do |sd_ptr|
|
|
611
|
+
if GetSecurityDescriptorControl(sd_ptr, control, revision) == FFI::WIN32_FALSE
|
|
612
|
+
raise Puppet::Util::Windows::Error, _("Failed to get security descriptor control")
|
|
613
|
+
end
|
|
614
|
+
|
|
615
|
+
protect = (control.read_word & SE_DACL_PROTECTED) == SE_DACL_PROTECTED
|
|
616
|
+
dacl = parse_dacl(dacl_ptr_ptr.get_pointer(0))
|
|
617
|
+
sd = Puppet::Util::Windows::SecurityDescriptor.new(owner, group, dacl, protect)
|
|
618
|
+
end
|
|
619
|
+
end
|
|
620
|
+
end
|
|
621
|
+
end
|
|
622
|
+
end
|
|
623
|
+
end
|
|
624
|
+
end
|
|
625
|
+
end
|
|
626
|
+
end
|
|
627
|
+
|
|
628
|
+
sd
|
|
629
|
+
end
|
|
630
|
+
|
|
631
|
+
def get_max_generic_acl_size(ace_count)
|
|
632
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
|
|
633
|
+
# To calculate the initial size of an ACL, add the following together, and then align the result to the nearest DWORD:
|
|
634
|
+
# * Size of the ACL structure.
|
|
635
|
+
# * Size of each ACE structure that the ACL is to contain minus the SidStart member (DWORD) of the ACE.
|
|
636
|
+
# * Length of the SID that each ACE is to contain.
|
|
637
|
+
ACL.size + ace_count * MAXIMUM_GENERIC_ACE_SIZE
|
|
638
|
+
end
|
|
639
|
+
|
|
640
|
+
# setting DACL requires both READ_CONTROL and WRITE_DACL access rights,
|
|
641
|
+
# and their respective privileges, SE_BACKUP_NAME and SE_RESTORE_NAME.
|
|
642
|
+
def set_security_descriptor(path, sd)
|
|
643
|
+
FFI::MemoryPointer.new(:byte, get_max_generic_acl_size(sd.dacl.count)) do |acl_ptr|
|
|
644
|
+
if InitializeAcl(acl_ptr, acl_ptr.size, ACL_REVISION) == FFI::WIN32_FALSE
|
|
645
|
+
raise Puppet::Util::Windows::Error, _("Failed to initialize ACL")
|
|
646
|
+
end
|
|
647
|
+
|
|
648
|
+
if IsValidAcl(acl_ptr) == FFI::WIN32_FALSE
|
|
649
|
+
raise Puppet::Util::Windows::Error, _("Invalid DACL")
|
|
650
|
+
end
|
|
651
|
+
|
|
652
|
+
with_privilege(SE_BACKUP_NAME) do
|
|
653
|
+
with_privilege(SE_RESTORE_NAME) do
|
|
654
|
+
open_file(path, READ_CONTROL | WRITE_DAC | WRITE_OWNER) do |handle|
|
|
655
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sd.owner) do |owner_sid_ptr|
|
|
656
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sd.group) do |group_sid_ptr|
|
|
657
|
+
sd.dacl.each do |ace|
|
|
658
|
+
case ace.type
|
|
659
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
|
|
660
|
+
# puts "ace: allow, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
|
|
661
|
+
add_access_allowed_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
|
|
662
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
|
|
663
|
+
# puts "ace: deny, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
|
|
664
|
+
add_access_denied_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
|
|
665
|
+
else
|
|
666
|
+
raise "We should never get here"
|
|
667
|
+
# TODO: this should have been a warning in an earlier commit
|
|
668
|
+
end
|
|
669
|
+
end
|
|
670
|
+
|
|
671
|
+
# protected means the object does not inherit aces from its parent
|
|
672
|
+
flags = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION
|
|
673
|
+
flags |= sd.protect ? PROTECTED_DACL_SECURITY_INFORMATION : UNPROTECTED_DACL_SECURITY_INFORMATION
|
|
674
|
+
|
|
675
|
+
rv = SetSecurityInfo(handle,
|
|
676
|
+
:SE_FILE_OBJECT,
|
|
677
|
+
flags,
|
|
678
|
+
owner_sid_ptr,
|
|
679
|
+
group_sid_ptr,
|
|
680
|
+
acl_ptr,
|
|
681
|
+
FFI::MemoryPointer::NULL)
|
|
682
|
+
|
|
683
|
+
if rv != FFI::ERROR_SUCCESS
|
|
684
|
+
raise Puppet::Util::Windows::Error, _("Failed to set security information")
|
|
685
|
+
end
|
|
686
|
+
end
|
|
687
|
+
end
|
|
688
|
+
end
|
|
689
|
+
end
|
|
690
|
+
end
|
|
691
|
+
end
|
|
692
|
+
end
|
|
693
|
+
|
|
694
|
+
ffi_convention :stdcall
|
|
695
|
+
|
|
696
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
|
|
697
|
+
# HANDLE WINAPI CreateFile(
|
|
698
|
+
# _In_ LPCTSTR lpFileName,
|
|
699
|
+
# _In_ DWORD dwDesiredAccess,
|
|
700
|
+
# _In_ DWORD dwShareMode,
|
|
701
|
+
# _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
|
|
702
|
+
# _In_ DWORD dwCreationDisposition,
|
|
703
|
+
# _In_ DWORD dwFlagsAndAttributes,
|
|
704
|
+
# _In_opt_ HANDLE hTemplateFile
|
|
705
|
+
# );
|
|
706
|
+
ffi_lib :kernel32
|
|
707
|
+
attach_function_private :CreateFileW,
|
|
708
|
+
[:lpcwstr, :dword, :dword, :pointer, :dword, :dword, :handle], :handle
|
|
709
|
+
|
|
710
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa364993(v=vs.85).aspx
|
|
711
|
+
# BOOL WINAPI GetVolumeInformation(
|
|
712
|
+
# _In_opt_ LPCTSTR lpRootPathName,
|
|
713
|
+
# _Out_opt_ LPTSTR lpVolumeNameBuffer,
|
|
714
|
+
# _In_ DWORD nVolumeNameSize,
|
|
715
|
+
# _Out_opt_ LPDWORD lpVolumeSerialNumber,
|
|
716
|
+
# _Out_opt_ LPDWORD lpMaximumComponentLength,
|
|
717
|
+
# _Out_opt_ LPDWORD lpFileSystemFlags,
|
|
718
|
+
# _Out_opt_ LPTSTR lpFileSystemNameBuffer,
|
|
719
|
+
# _In_ DWORD nFileSystemNameSize
|
|
720
|
+
# );
|
|
721
|
+
ffi_lib :kernel32
|
|
722
|
+
attach_function_private :GetVolumeInformationW,
|
|
723
|
+
[:lpcwstr, :lpwstr, :dword, :lpdword, :lpdword, :lpdword, :lpwstr, :dword], :win32_bool
|
|
724
|
+
|
|
725
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374951(v=vs.85).aspx
|
|
726
|
+
# BOOL WINAPI AddAccessAllowedAceEx(
|
|
727
|
+
# _Inout_ PACL pAcl,
|
|
728
|
+
# _In_ DWORD dwAceRevision,
|
|
729
|
+
# _In_ DWORD AceFlags,
|
|
730
|
+
# _In_ DWORD AccessMask,
|
|
731
|
+
# _In_ PSID pSid
|
|
732
|
+
# );
|
|
733
|
+
ffi_lib :advapi32
|
|
734
|
+
attach_function_private :AddAccessAllowedAceEx,
|
|
735
|
+
[:pointer, :dword, :dword, :dword, :pointer], :win32_bool
|
|
736
|
+
|
|
737
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374964(v=vs.85).aspx
|
|
738
|
+
# BOOL WINAPI AddAccessDeniedAceEx(
|
|
739
|
+
# _Inout_ PACL pAcl,
|
|
740
|
+
# _In_ DWORD dwAceRevision,
|
|
741
|
+
# _In_ DWORD AceFlags,
|
|
742
|
+
# _In_ DWORD AccessMask,
|
|
743
|
+
# _In_ PSID pSid
|
|
744
|
+
# );
|
|
745
|
+
ffi_lib :advapi32
|
|
746
|
+
attach_function_private :AddAccessDeniedAceEx,
|
|
747
|
+
[:pointer, :dword, :dword, :dword, :pointer], :win32_bool
|
|
748
|
+
|
|
749
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374931(v=vs.85).aspx
|
|
750
|
+
# typedef struct _ACL {
|
|
751
|
+
# BYTE AclRevision;
|
|
752
|
+
# BYTE Sbz1;
|
|
753
|
+
# WORD AclSize;
|
|
754
|
+
# WORD AceCount;
|
|
755
|
+
# WORD Sbz2;
|
|
756
|
+
# } ACL, *PACL;
|
|
757
|
+
class ACL < FFI::Struct
|
|
758
|
+
layout :AclRevision, :byte,
|
|
759
|
+
:Sbz1, :byte,
|
|
760
|
+
:AclSize, :word,
|
|
761
|
+
:AceCount, :word,
|
|
762
|
+
:Sbz2, :word
|
|
763
|
+
end
|
|
764
|
+
|
|
765
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374912(v=vs.85).aspx
|
|
766
|
+
# ACE types
|
|
767
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374919(v=vs.85).aspx
|
|
768
|
+
# typedef struct _ACE_HEADER {
|
|
769
|
+
# BYTE AceType;
|
|
770
|
+
# BYTE AceFlags;
|
|
771
|
+
# WORD AceSize;
|
|
772
|
+
# } ACE_HEADER, *PACE_HEADER;
|
|
773
|
+
class ACE_HEADER < FFI::Struct
|
|
774
|
+
layout :AceType, :byte,
|
|
775
|
+
:AceFlags, :byte,
|
|
776
|
+
:AceSize, :word
|
|
777
|
+
end
|
|
778
|
+
|
|
779
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374892(v=vs.85).aspx
|
|
780
|
+
# ACCESS_MASK
|
|
781
|
+
|
|
782
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374847(v=vs.85).aspx
|
|
783
|
+
# typedef struct _ACCESS_ALLOWED_ACE {
|
|
784
|
+
# ACE_HEADER Header;
|
|
785
|
+
# ACCESS_MASK Mask;
|
|
786
|
+
# DWORD SidStart;
|
|
787
|
+
# } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
|
|
788
|
+
#
|
|
789
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa374879(v=vs.85).aspx
|
|
790
|
+
# typedef struct _ACCESS_DENIED_ACE {
|
|
791
|
+
# ACE_HEADER Header;
|
|
792
|
+
# ACCESS_MASK Mask;
|
|
793
|
+
# DWORD SidStart;
|
|
794
|
+
# } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
|
|
795
|
+
class GENERIC_ACCESS_ACE < FFI::Struct
|
|
796
|
+
# ACE structures must be aligned on DWORD boundaries. All Windows
|
|
797
|
+
# memory-management functions return DWORD-aligned handles to memory
|
|
798
|
+
pack 4
|
|
799
|
+
layout :Header, ACE_HEADER,
|
|
800
|
+
:Mask, :dword,
|
|
801
|
+
:SidStart, :dword
|
|
802
|
+
end
|
|
803
|
+
|
|
804
|
+
# https://stackoverflow.com/a/1792930
|
|
805
|
+
MAXIMUM_SID_BYTES_LENGTH = 68
|
|
806
|
+
MAXIMUM_GENERIC_ACE_SIZE = GENERIC_ACCESS_ACE.offset_of(:SidStart) +
|
|
807
|
+
MAXIMUM_SID_BYTES_LENGTH
|
|
808
|
+
|
|
809
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa446634(v=vs.85).aspx
|
|
810
|
+
# BOOL WINAPI GetAce(
|
|
811
|
+
# _In_ PACL pAcl,
|
|
812
|
+
# _In_ DWORD dwAceIndex,
|
|
813
|
+
# _Out_ LPVOID *pAce
|
|
814
|
+
# );
|
|
815
|
+
ffi_lib :advapi32
|
|
816
|
+
attach_function_private :GetAce,
|
|
817
|
+
[:pointer, :dword, :pointer], :win32_bool
|
|
818
|
+
|
|
819
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa375202(v=vs.85).aspx
|
|
820
|
+
# BOOL WINAPI AdjustTokenPrivileges(
|
|
821
|
+
# _In_ HANDLE TokenHandle,
|
|
822
|
+
# _In_ BOOL DisableAllPrivileges,
|
|
823
|
+
# _In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
824
|
+
# _In_ DWORD BufferLength,
|
|
825
|
+
# _Out_opt_ PTOKEN_PRIVILEGES PreviousState,
|
|
826
|
+
# _Out_opt_ PDWORD ReturnLength
|
|
827
|
+
# );
|
|
828
|
+
ffi_lib :advapi32
|
|
829
|
+
attach_function_private :AdjustTokenPrivileges,
|
|
830
|
+
[:handle, :win32_bool, :pointer, :dword, :pointer, :pdword], :win32_bool
|
|
831
|
+
|
|
832
|
+
# https://msdn.microsoft.com/en-us/library/windows/hardware/ff556610(v=vs.85).aspx
|
|
833
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
|
|
834
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa446647(v=vs.85).aspx
|
|
835
|
+
# typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
|
|
836
|
+
# BOOL WINAPI GetSecurityDescriptorControl(
|
|
837
|
+
# _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
838
|
+
# _Out_ PSECURITY_DESCRIPTOR_CONTROL pControl,
|
|
839
|
+
# _Out_ LPDWORD lpdwRevision
|
|
840
|
+
# );
|
|
841
|
+
ffi_lib :advapi32
|
|
842
|
+
attach_function_private :GetSecurityDescriptorControl,
|
|
843
|
+
[:pointer, :lpword, :lpdword], :win32_bool
|
|
844
|
+
|
|
845
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
|
|
846
|
+
# BOOL WINAPI InitializeAcl(
|
|
847
|
+
# _Out_ PACL pAcl,
|
|
848
|
+
# _In_ DWORD nAclLength,
|
|
849
|
+
# _In_ DWORD dwAclRevision
|
|
850
|
+
# );
|
|
851
|
+
ffi_lib :advapi32
|
|
852
|
+
attach_function_private :InitializeAcl,
|
|
853
|
+
[:pointer, :dword, :dword], :win32_bool
|
|
854
|
+
|
|
855
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379142(v=vs.85).aspx
|
|
856
|
+
# BOOL WINAPI IsValidAcl(
|
|
857
|
+
# _In_ PACL pAcl
|
|
858
|
+
# );
|
|
859
|
+
ffi_lib :advapi32
|
|
860
|
+
attach_function_private :IsValidAcl,
|
|
861
|
+
[:pointer], :win32_bool
|
|
862
|
+
|
|
863
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx
|
|
864
|
+
SE_OBJECT_TYPE = enum(
|
|
865
|
+
:SE_UNKNOWN_OBJECT_TYPE, 0,
|
|
866
|
+
:SE_FILE_OBJECT,
|
|
867
|
+
:SE_SERVICE,
|
|
868
|
+
:SE_PRINTER,
|
|
869
|
+
:SE_REGISTRY_KEY,
|
|
870
|
+
:SE_LMSHARE,
|
|
871
|
+
:SE_KERNEL_OBJECT,
|
|
872
|
+
:SE_WINDOW_OBJECT,
|
|
873
|
+
:SE_DS_OBJECT,
|
|
874
|
+
:SE_DS_OBJECT_ALL,
|
|
875
|
+
:SE_PROVIDER_DEFINED_OBJECT,
|
|
876
|
+
:SE_WMIGUID_OBJECT,
|
|
877
|
+
:SE_REGISTRY_WOW64_32KEY
|
|
878
|
+
)
|
|
879
|
+
|
|
880
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa446654(v=vs.85).aspx
|
|
881
|
+
# DWORD WINAPI GetSecurityInfo(
|
|
882
|
+
# _In_ HANDLE handle,
|
|
883
|
+
# _In_ SE_OBJECT_TYPE ObjectType,
|
|
884
|
+
# _In_ SECURITY_INFORMATION SecurityInfo,
|
|
885
|
+
# _Out_opt_ PSID *ppsidOwner,
|
|
886
|
+
# _Out_opt_ PSID *ppsidGroup,
|
|
887
|
+
# _Out_opt_ PACL *ppDacl,
|
|
888
|
+
# _Out_opt_ PACL *ppSacl,
|
|
889
|
+
# _Out_opt_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor
|
|
890
|
+
# );
|
|
891
|
+
ffi_lib :advapi32
|
|
892
|
+
attach_function_private :GetSecurityInfo,
|
|
893
|
+
[:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer, :pointer], :dword
|
|
894
|
+
|
|
895
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379588(v=vs.85).aspx
|
|
896
|
+
# DWORD WINAPI SetSecurityInfo(
|
|
897
|
+
# _In_ HANDLE handle,
|
|
898
|
+
# _In_ SE_OBJECT_TYPE ObjectType,
|
|
899
|
+
# _In_ SECURITY_INFORMATION SecurityInfo,
|
|
900
|
+
# _In_opt_ PSID psidOwner,
|
|
901
|
+
# _In_opt_ PSID psidGroup,
|
|
902
|
+
# _In_opt_ PACL pDacl,
|
|
903
|
+
# _In_opt_ PACL pSacl
|
|
904
|
+
# );
|
|
905
|
+
ffi_lib :advapi32
|
|
906
|
+
# TODO: SECURITY_INFORMATION is actually a bitmask the size of a DWORD
|
|
907
|
+
attach_function_private :SetSecurityInfo,
|
|
908
|
+
[:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer], :dword
|
|
909
|
+
end
|