puppet 0.25.1 → 0.25.2

data/lib/puppet/util/methodhelper.rb

@@ -12,11 +12,10 @@ module Puppet::Util::MethodHelper
     def set_options(options)
         options.each do |param,value|
             method = param.to_s + "="
-            begin
+            if respond_to? method
                 self.send(method, value)
-            rescue NoMethodError
-                raise ArgumentError, "Invalid parameter %s to object class %s" %
-                        [param,self.class.to_s]
+            else
+                raise ArgumentError, "Invalid parameter #{param} to object class #{self.class}"
             end
         end
     end

data/lib/puppet/util/monkey_patches.rb

@@ -0,0 +1,8 @@
+module RDoc 
+    def self.caller(skip=nil)
+        in_gem_wrapper = false
+        Kernel.caller.reject { |call|
+            in_gem_wrapper ||= call =~ /#{Regexp.escape $0}:\d+:in `load'/
+        }
+    end
+end

data/lib/puppet/util/rdoc/generators/puppet_generator.rb

@@ -1,5 +1,7 @@
 require 'rdoc/generators/html_generator'
 require 'puppet/util/rdoc/code_objects'
+require 'digest/md5'
+
 module Generators
 
     # This module holds all the classes needed to generate the HTML documentation
@@ -335,7 +337,7 @@ module Generators
             resources.each do |r|
                 res << {
                   "name" => CGI.escapeHTML(r.name),
-                  "aref" => "#{path_prefix}\##{r.aref}"
+                  "aref" => CGI.escape(path_prefix)+"\#"+CGI.escape(r.aref)
                 }
             end
             res
@@ -414,7 +416,7 @@ module Generators
             if path['<<']
                 path.gsub!(/<<\s*(\w*)/) { "from-#$1" }
             end
-            File.join(prefix, path.split("::")) + ".html"
+            File.join(prefix, path.split("::").collect { |p| Digest::MD5.hexdigest(p) }) + ".html"
         end
 
         def parent_name
@@ -508,7 +510,7 @@ module Generators
             h_name = CGI.escapeHTML(name)
 
             @values["classmod"]  = "Node"
-            @values["title"]     = "#{@values['classmod']}: #{h_name}"
+            @values["title"]     = CGI.escapeHTML("#{@values['classmod']}: #{h_name}")
 
             c = @context
             c = c.parent while c and !c.diagram

data/lib/puppet/util/rdoc/parser.rb

@@ -148,6 +148,7 @@ class Parser
     # create documentation for include statements we can find in +code+
     # and associate it with +container+
     def scan_for_include(container, code)
+        code = [code] unless code.is_a?(Array)
         code.each do |stmt|
             scan_for_include(container,stmt.children) if stmt.is_a?(Puppet::Parser::AST::ASTArray)
 
@@ -163,6 +164,7 @@ class Parser
     # create documentation for global variables assignements we can find in +code+
     # and associate it with +container+
     def scan_for_vardef(container, code)
+        code = [code] unless code.is_a?(Array)
         code.each do |stmt|
             scan_for_vardef(container,stmt.children) if stmt.is_a?(Puppet::Parser::AST::ASTArray)
 
@@ -176,24 +178,29 @@ class Parser
     # create documentation for resources we can find in +code+
     # and associate it with +container+
     def scan_for_resource(container, code)
+        code = [code] unless code.is_a?(Array)
         code.each do |stmt|
             scan_for_resource(container,stmt.children) if stmt.is_a?(Puppet::Parser::AST::ASTArray)
 
             if stmt.is_a?(Puppet::Parser::AST::Resource) and !stmt.type.nil?
-                type = stmt.type.split("::").collect { |s| s.capitalize }.join("::")
-                title = stmt.title.is_a?(Puppet::Parser::AST::ASTArray) ? stmt.title.to_s.gsub(/\[(.*)\]/,'\1') : stmt.title.to_s
-                Puppet.debug "rdoc: found resource: %s[%s]" % [type,title]
-
-                param = []
-                stmt.params.children.each do |p|
-                    res = {}
-                    res["name"] = p.param
-                    res["value"] = "#{p.value.to_s}" unless p.value.nil?
-
-                    param << res
+                begin
+                    type = stmt.type.split("::").collect { |s| s.capitalize }.join("::")
+                    title = stmt.title.is_a?(Puppet::Parser::AST::ASTArray) ? stmt.title.to_s.gsub(/\[(.*)\]/,'\1') : stmt.title.to_s
+                    Puppet.debug "rdoc: found resource: %s[%s]" % [type,title]
+
+                    param = []
+                    stmt.params.children.each do |p|
+                        res = {}
+                        res["name"] = p.param
+                        res["value"] = "#{p.value.to_s}" unless p.value.nil?
+
+                        param << res
+                    end
+
+                    container.add_resource(PuppetResource.new(type, title, stmt.doc, param))
+                rescue => detail
+                    raise Puppet::ParseError, "impossible to parse resource in #{stmt.file} at line #{stmt.line}: #{detail}"
                 end
-
-                container.add_resource(PuppetResource.new(type, title, stmt.doc, param))
             end
         end
     end
@@ -225,6 +232,8 @@ class Parser
         end
 
         cls.comment = comment
+    rescue => detail
+        raise Puppet::ParseError, "impossible to parse class '#{name}' in #{klass.file} at line #{klass.line}: #{detail}"
     end
 
     # create documentation for a node
@@ -247,6 +256,8 @@ class Parser
         end
 
         n.comment = comment
+    rescue => detail
+        raise Puppet::ParseError, "impossible to parse node '#{name}' in #{node.file} at line #{node.line}: #{detail}"
     end
 
     # create documentation for a define
@@ -263,12 +274,15 @@ class Parser
         declaration = ""
         define.arguments.each do |arg,value|
             declaration << "\$#{arg}"
-            if !value.nil?
+            unless value.nil?
                 declaration << " => "
-                if !value.is_a?(Puppet::Parser::AST::ASTArray)
+                case value
+                when Puppet::Parser::AST::Leaf
                     declaration << "'#{value.value}'"
-                else
+                when Puppet::Parser::AST::ASTArray
                     declaration << "[%s]" % value.children.collect { |v| "'#{v}'" }.join(", ")
+                else
+                    declaration << "#{value.to_s}"
                 end
             end
             declaration << ", "
@@ -284,6 +298,8 @@ class Parser
         meth.visibility = :public
         meth.document_self = true
         meth.singleton = false
+    rescue => detail
+        raise Puppet::ParseError, "impossible to parse definition '#{name}' in #{define.file} at line #{define.line}: #{detail}"
     end
 
     # Traverse the AST tree and produce code-objects node

data/lib/puppet/util/reference.rb

@@ -36,7 +36,7 @@ class Puppet::Util::Reference
 
     def self.pdf(text)
         puts "creating pdf"
-        File.open("/tmp/puppetdoc.txt", "w") do |f|
+        Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f|
             f.puts text
         end
         rst2latex = %x{which rst2latex}
@@ -48,6 +48,9 @@ class Puppet::Util::Reference
         end
         rst2latex.chomp!
         cmd = %{#{rst2latex} /tmp/puppetdoc.txt > /tmp/puppetdoc.tex}
+        Puppet::Util.secure_open("/tmp/puppetdoc.tex","w") do |f|
+            # If we get here without an error, /tmp/puppetdoc.tex isn't a tricky cracker's symlink
+        end
         output = %x{#{cmd}}
         unless $? == 0
             $stderr.puts "rst2latex failed"
@@ -67,7 +70,7 @@ class Puppet::Util::Reference
         puts "Creating markdown for #{name} reference."
         dir = "/tmp/" + Puppet::PUPPETVERSION
         FileUtils.mkdir(dir) unless File.directory?(dir) 
-        File.open(dir + "/" + "#{name}.rst", "w") do |f|
+        Puppet::Util.secure_open(dir + "/" + "#{name}.rst", "w") do |f|
             f.puts text
         end
         pandoc = %x{which pandoc}
@@ -190,7 +193,7 @@ class Puppet::Util::Reference
     end
 
     def trac
-        File.open("/tmp/puppetdoc.txt", "w") do |f|
+        Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f|
             f.puts self.to_trac
         end
 

data/lib/puppet/util/selinux.rb

@@ -7,11 +7,9 @@
 # was abysmal.  At this time (2008-11-02) the only distribution providing
 # these Ruby SELinux bindings which I am aware of is Fedora (in libselinux-ruby).
 
-begin
-    require 'selinux'
-rescue LoadError
-    # Nothing
-end
+Puppet.features.selinux? # check, but continue even if it's not
+
+require 'pathname'
 
 module Puppet::Util::SELinux
 
@@ -71,7 +69,7 @@ module Puppet::Util::SELinux
         if context.nil? or context == "unlabeled"
             return nil
         end
-        unless context =~ /^([a-z0-9_]+):([a-z0-9_]+):([a-z0-9_]+)(?::([a-zA-Z0-9:,._-]+))?/
+        unless context =~ /^([a-z0-9_]+):([a-z0-9_]+):([a-zA-Z0-9_]+)(?::([a-zA-Z0-9:,._-]+))?/
             raise Puppet::Error, "Invalid context to parse: #{context}"
         end
         ret = {
@@ -91,7 +89,7 @@ module Puppet::Util::SELinux
     # I believe that the OS should always provide at least a fall-through context
     # though on any well-running system.
     def set_selinux_context(file, value, component = false)
-        unless selinux_support?
+        unless selinux_support? && selinux_label_support?(file) 
             return nil
         end
 
@@ -168,8 +166,8 @@ module Puppet::Util::SELinux
             # that's expected
         rescue
             return nil
-        ensure        
-            mountfh.close
+        ensure
+            mountfh.close if mountfh
         end
 
         mntpoint = {}
@@ -185,9 +183,19 @@ module Puppet::Util::SELinux
         return mntpoint
     end
 
+    def realpath(path)
+        path, rest = Pathname.new(path), []
+        path, rest = path.dirname, [path.basename] + rest while ! path.exist?
+        File.join( path.realpath, *rest )
+    end
+
+    def parent_directory(path)
+        Pathname.new(path).dirname.to_s
+    end
+
     # Internal helper function to return which type of filesystem a
     # given file path resides on
-    def find_fs(file)
+    def find_fs(path)
         unless mnts = read_mounts()
             return nil
         end
@@ -198,13 +206,12 @@ module Puppet::Util::SELinux
         # Just in case: return something if you're down to "/" or ""
         # Remove the last slash and everything after it,
         #   and repeat with that as the file for the next loop through.
-        ary = file.split('/')
-        while not ary.empty? do
-            path = ary.join('/')
+        path = realpath(path)
+        while not path.empty? do
             if mnts.has_key?(path)
                 return mnts[path]
             end
-            ary.pop
+            path = parent_directory(path)
         end
         return mnts['/']
     end

data/lib/puppet/util/settings.rb

@@ -64,20 +64,25 @@ class Puppet::Util::Settings
     # Remove all set values, potentially skipping cli values.
     def clear(exceptcli = false)
         @sync.synchronize do
-            @values.each do |name, values|
-                @values.delete(name) unless exceptcli and name == :cli
-            end
+            unsafe_clear(exceptcli)
+        end
+    end
+    
+    # Remove all set values, potentially skipping cli values.
+    def unsafe_clear(exceptcli = false)
+        @values.each do |name, values|
+            @values.delete(name) unless exceptcli and name == :cli
+        end
 
-            # Don't clear the 'used' in this case, since it's a config file reparse,
-            # and we want to retain this info.
-            unless exceptcli
-                @used = []
-            end
+        # Don't clear the 'used' in this case, since it's a config file reparse,
+        # and we want to retain this info.
+        unless exceptcli
+            @used = []
+        end
 
-            @cache.clear
+        @cache.clear
 
-            @name = nil
-        end
+        @name = nil
     end
 
     # This is mostly just used for testing.
@@ -317,23 +322,25 @@ class Puppet::Util::Settings
         # and reparsed if necessary.
         set_filetimeout_timer()
 
-        # Retrieve the value now, so that we don't lose it in the 'clear' call.
-        file = self[:config]
-
-        return unless FileTest.exist?(file)
-
-        # We have to clear outside of the sync, because it's
-        # also using synchronize().
-        clear(true)
-
         @sync.synchronize do
-            unsafe_parse(file)
+            unsafe_parse(self[:config])
         end
     end
 
     # Unsafely parse the file -- this isn't thread-safe and causes plenty of problems if used directly.
     def unsafe_parse(file)
-        parse_file(file).each do |area, values|
+        return unless FileTest.exist?(file)
+        begin
+            data = parse_file(file)
+        rescue => details
+            puts details.backtrace if Puppet[:trace]
+            Puppet.err "Could not parse #{file}: #{details}"
+            return
+        end
+
+        unsafe_clear(true)
+
+        data.each do |area, values|
             @values[area] = values
         end
 
@@ -425,9 +432,7 @@ class Puppet::Util::Settings
     def reparse
         if file and file.changed?
             Puppet.notice "Reparsing %s" % file.file
-            @sync.synchronize do
-                parse
-            end
+            parse
             reuse()
         end
     end

data/lib/puppet/util/settings/file_setting.rb

@@ -89,11 +89,14 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting
         return nil if path =~ /^\/dev/
 
         resource = Puppet::Resource.new(:file, path)
-        resource[:mode] = self.mode if self.mode
 
-        if Puppet.features.root?
-            resource[:owner] = self.owner if self.owner
-            resource[:group] = self.group if self.group
+        if Puppet[:manage_internal_file_permissions]
+            resource[:mode] = self.mode if self.mode
+
+            if Puppet.features.root?
+                resource[:owner] = self.owner if self.owner
+                resource[:group] = self.group if self.group
+            end
         end
 
         resource[:ensure] = type

data/lib/puppet/util/subclass_loader.rb

@@ -72,7 +72,7 @@ module Puppet::Util::SubclassLoader
     end
 
     # Retrieve or calculate a name.
-    def name
+    def name(dummy_argument=:work_arround_for_ruby_GC_bug)
         unless defined? @name
             @name = self.to_s.sub(/.+::/, '').intern
         end

data/lib/puppet/util/suidmanager.rb

@@ -7,7 +7,7 @@ module Puppet::Util::SUIDManager
     extend Forwardable
 
     to_delegate_to_process = [ :euid=, :euid, :egid=, :egid,
-                               :uid=, :uid, :gid=, :gid ]
+                               :uid=, :uid, :gid=, :gid, :groups=, :groups ]
 
     to_delegate_to_process.each do |method|
         def_delegator Process, method
@@ -26,13 +26,16 @@ module Puppet::Util::SUIDManager
         # We set both because some programs like to drop privs, i.e. bash.
         old_uid, old_gid = self.uid, self.gid
         old_euid, old_egid = self.euid, self.egid
+        old_groups = self.groups
         begin
             self.egid = convert_xid :gid, new_gid if new_gid
+            self.initgroups(convert_xid(:uid, new_uid)) if new_uid
             self.euid = convert_xid :uid, new_uid if new_uid
 
             yield
         ensure
             self.euid, self.egid = old_euid, old_egid
+            self.groups = old_groups
         end
     end
     module_function :asuser
@@ -49,6 +52,13 @@ module Puppet::Util::SUIDManager
     end
     module_function :convert_xid
 
+    # Initialize supplementary groups
+    def initgroups(user)
+        require 'etc'
+        Process.initgroups(Etc.getpwuid(user).name, Process.gid)
+    end
+
+    module_function :initgroups
 
     def run_and_capture(command, new_uid=nil, new_gid=nil)
         output = Puppet::Util.execute(command, :failonfail => false, :uid => new_uid, :gid => new_gid)

data/lib/puppet/util/tagging.rb

@@ -16,13 +16,12 @@ module Puppet::Util::Tagging
             @tags << tag unless @tags.include?(tag)
         end
 
-        # LAK:NOTE See http://snurl.com/21zf8  [groups_google_com]
-        qualified.collect { |name| x = name.split("::") }.flatten.each { |tag| @tags << tag unless @tags.include?(tag) }
+        handle_qualified_tags( qualified )
     end
 
     # Are we tagged with the provided tag?
-    def tagged?(tag)
-        defined?(@tags) and @tags.include?(tag.to_s)
+    def tagged?(*tags)
+        not ( self.tags & tags.flatten.collect { |t| t.to_s } ).empty?
     end
 
     # Return a copy of the tag list, so someone can't ask for our tags
@@ -32,8 +31,27 @@ module Puppet::Util::Tagging
         @tags.dup
     end
 
+    def tags=(tags)
+        @tags = []
+
+        return if tags.nil? or tags == ""
+
+        if tags.is_a?(String)
+            tags = tags.strip.split(/\s*,\s*/)
+        end
+
+        tags.each do |t|
+            tag(t)
+        end
+    end
+
     private
 
+    def handle_qualified_tags( qualified )
+        # LAK:NOTE See http://snurl.com/21zf8  [groups_google_com]
+        qualified.collect { |name| x = name.split("::") }.flatten.each { |tag| @tags << tag unless @tags.include?(tag) }
+    end
+
     def valid_tag?(tag)
         tag =~ /^\w[-\w:.]*$/
     end