puppet 3.6.2-x86-mingw32 → 3.7.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +2 -3
- data/Gemfile +14 -10
- data/README.md +1 -1
- data/ext/build_defaults.yaml +16 -1
- data/ext/debian/control +3 -2
- data/ext/debian/puppet-common.dirs +1 -0
- data/ext/debian/puppet-common.postinst +8 -8
- data/ext/debian/puppet-common.postrm +2 -1
- data/ext/project_data.yaml +16 -12
- data/ext/rack/example-passenger-vhost.conf +2 -2
- data/ext/redhat/puppet.spec.erb +6 -3
- data/ext/windows/service/daemon.rb +47 -41
- data/install.rb +1 -1
- data/lib/puppet.rb +34 -24
- data/lib/puppet/application.rb +34 -1
- data/lib/puppet/application/agent.rb +9 -8
- data/lib/puppet/application/apply.rb +14 -5
- data/lib/puppet/application/doc.rb +4 -11
- data/lib/puppet/application/master.rb +19 -17
- data/lib/puppet/application/queue.rb +1 -1
- data/lib/puppet/application/resource.rb +0 -1
- data/lib/puppet/configurer.rb +39 -2
- data/lib/puppet/configurer/downloader.rb +5 -10
- data/lib/puppet/configurer/downloader_factory.rb +34 -0
- data/lib/puppet/configurer/plugin_handler.rb +11 -17
- data/lib/puppet/defaults.rb +244 -119
- data/lib/puppet/environments.rb +8 -0
- data/lib/puppet/external/nagios/base.rb +1 -1
- data/lib/puppet/external/pson/pure/generator.rb +1 -8
- data/lib/puppet/face/ca.rb +7 -0
- data/lib/puppet/face/file/download.rb +5 -2
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/face/instrumentation_data.rb +2 -1
- data/lib/puppet/face/instrumentation_listener.rb +2 -1
- data/lib/puppet/face/instrumentation_probe.rb +2 -1
- data/lib/puppet/face/module/build.rb +2 -2
- data/lib/puppet/face/module/generate.rb +20 -12
- data/lib/puppet/face/module/install.rb +4 -3
- data/lib/puppet/face/module/uninstall.rb +7 -0
- data/lib/puppet/face/module/upgrade.rb +11 -3
- data/lib/puppet/face/node/clean.rb +1 -1
- data/lib/puppet/face/parser.rb +99 -7
- data/lib/puppet/feature/base.rb +18 -12
- data/lib/puppet/feature/cfacter.rb +14 -0
- data/lib/puppet/feature/pe_license.rb +4 -0
- data/lib/puppet/file_bucket/dipper.rb +19 -12
- data/lib/puppet/file_bucket/file.rb +73 -10
- data/lib/puppet/file_serving/configuration/parser.rb +3 -3
- data/lib/puppet/file_system.rb +1 -1
- data/lib/puppet/file_system/file19.rb +41 -0
- data/lib/puppet/file_system/file19windows.rb +0 -1
- data/lib/puppet/file_system/uniquefile.rb +190 -0
- data/lib/puppet/forge.rb +34 -7
- data/lib/puppet/forge/errors.rb +5 -6
- data/lib/puppet/forge/repository.rb +14 -2
- data/lib/puppet/functions.rb +19 -12
- data/lib/puppet/functions/assert_type.rb +27 -10
- data/lib/puppet/functions/each.rb +111 -0
- data/lib/puppet/functions/epp.rb +54 -0
- data/lib/puppet/functions/filter.rb +113 -0
- data/lib/puppet/functions/inline_epp.rb +88 -0
- data/lib/puppet/functions/map.rb +97 -0
- data/lib/puppet/functions/match.rb +102 -0
- data/lib/puppet/functions/reduce.rb +94 -0
- data/lib/puppet/functions/slice.rb +126 -0
- data/lib/puppet/functions/with.rb +23 -0
- data/lib/puppet/indirector/catalog/compiler.rb +4 -4
- data/lib/puppet/indirector/data_binding/hiera.rb +2 -45
- data/lib/puppet/indirector/facts/couch.rb +3 -1
- data/lib/puppet/indirector/facts/facter.rb +52 -65
- data/lib/puppet/indirector/file_bucket_file/file.rb +6 -3
- data/lib/puppet/indirector/hiera.rb +48 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/request.rb +9 -3
- data/lib/puppet/indirector/resource/ral.rb +1 -1
- data/lib/puppet/indirector/rest.rb +7 -3
- data/lib/puppet/loaders.rb +0 -1
- data/lib/puppet/module.rb +2 -1
- data/lib/puppet/module_tool.rb +2 -0
- data/lib/puppet/module_tool/applications/application.rb +4 -5
- data/lib/puppet/module_tool/applications/builder.rb +64 -5
- data/lib/puppet/module_tool/applications/uninstaller.rb +3 -2
- data/lib/puppet/module_tool/applications/unpacker.rb +14 -0
- data/lib/puppet/module_tool/applications/upgrader.rb +23 -13
- data/lib/puppet/module_tool/dependency.rb +12 -0
- data/lib/puppet/module_tool/errors/shared.rb +1 -1
- data/lib/puppet/module_tool/errors/upgrader.rb +20 -0
- data/lib/puppet/module_tool/installed_modules.rb +6 -1
- data/lib/puppet/module_tool/metadata.rb +53 -3
- data/lib/puppet/module_tool/modulefile.rb +1 -1
- data/lib/puppet/module_tool/skeleton/templates/generator/Gemfile +7 -0
- data/lib/puppet/module_tool/skeleton/templates/generator/manifests/init.pp.erb +1 -1
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb +1 -17
- data/lib/puppet/module_tool/tar/mini.rb +20 -2
- data/lib/puppet/network/http.rb +5 -0
- data/lib/puppet/network/http/api/v1.rb +2 -2
- data/lib/puppet/network/http/api/v2/environments.rb +15 -1
- data/lib/puppet/network/http/connection.rb +54 -68
- data/lib/puppet/network/http/factory.rb +44 -0
- data/lib/puppet/network/http/handler.rb +12 -6
- data/lib/puppet/network/http/nocache_pool.rb +21 -0
- data/lib/puppet/network/http/pool.rb +120 -0
- data/lib/puppet/network/http/rack/rest.rb +3 -1
- data/lib/puppet/network/http/session.rb +17 -0
- data/lib/puppet/network/http/site.rb +39 -0
- data/lib/puppet/network/http/webrick/rest.rb +3 -1
- data/lib/puppet/network/http_pool.rb +3 -4
- data/lib/puppet/node.rb +19 -6
- data/lib/puppet/node/environment.rb +34 -8
- data/lib/puppet/parser/ast/collection.rb +4 -0
- data/lib/puppet/parser/ast/collexpr.rb +1 -1
- data/lib/puppet/parser/ast/node.rb +5 -0
- data/lib/puppet/parser/ast/pops_bridge.rb +49 -6
- data/lib/puppet/parser/compiler.rb +66 -38
- data/lib/puppet/parser/e4_parser_adapter.rb +2 -2
- data/lib/puppet/parser/files.rb +76 -33
- data/lib/puppet/parser/functions.rb +1 -7
- data/lib/puppet/parser/functions/assert_type.rb +31 -0
- data/lib/puppet/parser/functions/contain.rb +15 -5
- data/lib/puppet/parser/functions/create_resources.rb +5 -1
- data/lib/puppet/parser/functions/digest.rb +5 -0
- data/lib/puppet/parser/functions/each.rb +46 -107
- data/lib/puppet/parser/functions/epp.rb +13 -9
- data/lib/puppet/parser/functions/file.rb +20 -12
- data/lib/puppet/parser/functions/filter.rb +32 -88
- data/lib/puppet/parser/functions/include.rb +12 -24
- data/lib/puppet/parser/functions/inline_epp.rb +9 -12
- data/lib/puppet/parser/functions/lookup.rb +1 -1
- data/lib/puppet/parser/functions/map.rb +30 -83
- data/lib/puppet/parser/functions/match.rb +28 -0
- data/lib/puppet/parser/functions/reduce.rb +69 -98
- data/lib/puppet/parser/functions/require.rb +13 -5
- data/lib/puppet/parser/functions/search.rb +6 -1
- data/lib/puppet/parser/functions/slice.rb +35 -103
- data/lib/puppet/parser/functions/template.rb +12 -5
- data/lib/puppet/parser/functions/with.rb +21 -0
- data/lib/puppet/parser/lexer.rb +1 -1
- data/lib/puppet/parser/parser_factory.rb +21 -33
- data/lib/puppet/parser/resource.rb +2 -3
- data/lib/puppet/parser/scope.rb +85 -15
- data/lib/puppet/pops.rb +9 -11
- data/lib/puppet/pops/adapters.rb +2 -1
- data/lib/puppet/pops/binder/bindings_checker.rb +4 -4
- data/lib/puppet/pops/binder/bindings_factory.rb +6 -6
- data/lib/puppet/pops/binder/bindings_label_provider.rb +1 -1
- data/lib/puppet/pops/binder/bindings_loader.rb +2 -2
- data/lib/puppet/pops/binder/bindings_model.rb +58 -191
- data/lib/puppet/pops/binder/bindings_model_dumper.rb +1 -1
- data/lib/puppet/pops/binder/bindings_model_meta.rb +215 -0
- data/lib/puppet/pops/binder/injector.rb +9 -9
- data/lib/puppet/pops/binder/key_factory.rb +2 -2
- data/lib/puppet/pops/binder/lookup.rb +14 -6
- data/lib/puppet/pops/binder/producers.rb +9 -12
- data/lib/puppet/pops/evaluator/access_operator.rb +35 -29
- data/lib/puppet/pops/evaluator/callable_mismatch_describer.rb +175 -0
- data/lib/puppet/pops/evaluator/callable_signature.rb +1 -2
- data/lib/puppet/pops/evaluator/closure.rb +151 -35
- data/lib/puppet/pops/evaluator/compare_operator.rb +26 -22
- data/lib/puppet/pops/evaluator/epp_evaluator.rb +16 -15
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +277 -229
- data/lib/puppet/pops/evaluator/relationship_operator.rb +3 -2
- data/lib/puppet/pops/evaluator/runtime3_support.rb +86 -53
- data/lib/puppet/pops/functions/dispatch.rb +9 -4
- data/lib/puppet/pops/functions/dispatcher.rb +2 -169
- data/lib/puppet/pops/issue_reporter.rb +14 -6
- data/lib/puppet/pops/issues.rb +96 -21
- data/lib/puppet/pops/loader/base_loader.rb +3 -3
- data/lib/puppet/pops/loader/loader.rb +1 -1
- data/lib/puppet/pops/loader/loader_paths.rb +2 -21
- data/lib/puppet/pops/loader/ruby_function_instantiator.rb +1 -1
- data/lib/puppet/pops/loader/static_loader.rb +12 -2
- data/lib/puppet/pops/model/ast_transformer.rb +4 -24
- data/lib/puppet/pops/model/factory.rb +72 -10
- data/lib/puppet/pops/model/model.rb +82 -574
- data/lib/puppet/pops/model/model_label_provider.rb +4 -2
- data/lib/puppet/pops/model/model_meta.rb +576 -0
- data/lib/puppet/pops/model/model_tree_dumper.rb +27 -5
- data/lib/puppet/pops/parser/egrammar.ra +209 -221
- data/lib/puppet/pops/parser/eparser.rb +1459 -1431
- data/lib/puppet/pops/parser/evaluating_parser.rb +15 -75
- data/lib/puppet/pops/parser/lexer2.rb +14 -10
- data/lib/puppet/pops/parser/lexer_support.rb +6 -0
- data/lib/puppet/pops/parser/locator.rb +1 -1
- data/lib/puppet/pops/parser/parser_support.rb +31 -49
- data/lib/puppet/pops/patterns.rb +10 -10
- data/lib/puppet/pops/semantic_error.rb +1 -1
- data/lib/puppet/pops/types/class_loader.rb +24 -13
- data/lib/puppet/pops/types/type_calculator.rb +188 -87
- data/lib/puppet/pops/types/type_factory.rb +79 -53
- data/lib/puppet/pops/types/type_parser.rb +22 -16
- data/lib/puppet/pops/types/types.rb +283 -392
- data/lib/puppet/pops/types/types_meta.rb +223 -0
- data/lib/puppet/pops/utils.rb +16 -14
- data/lib/puppet/pops/validation/checker4_0.rb +264 -18
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +0 -1
- data/lib/puppet/pops/visitor.rb +0 -103
- data/lib/puppet/provider/exec.rb +10 -1
- data/lib/puppet/provider/file/windows.rb +3 -4
- data/lib/puppet/provider/group/windows_adsi.rb +10 -10
- data/lib/puppet/provider/nameservice/directoryservice.rb +3 -4
- data/lib/puppet/provider/package/apt.rb +5 -1
- data/lib/puppet/provider/package/gem.rb +7 -3
- data/lib/puppet/provider/package/openbsd.rb +84 -7
- data/lib/puppet/provider/package/pacman.rb +29 -4
- data/lib/puppet/provider/package/rpm.rb +5 -7
- data/lib/puppet/provider/package/sun.rb +5 -1
- data/lib/puppet/provider/package/windows.rb +6 -1
- data/lib/puppet/provider/package/windows/exe_package.rb +1 -1
- data/lib/puppet/provider/package/windows/msi_package.rb +1 -1
- data/lib/puppet/provider/package/windows/package.rb +13 -1
- data/lib/puppet/provider/package/yum.rb +7 -3
- data/lib/puppet/provider/package/zypper.rb +5 -1
- data/lib/puppet/provider/parsedfile.rb +17 -1
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +6 -12
- data/lib/puppet/provider/service/freebsd.rb +12 -12
- data/lib/puppet/provider/service/init.rb +5 -0
- data/lib/puppet/provider/service/launchd.rb +0 -3
- data/lib/puppet/provider/service/openbsd.rb +8 -7
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
- data/lib/puppet/provider/sshkey/parsed.rb +5 -0
- data/lib/puppet/provider/user/user_role_add.rb +5 -4
- data/lib/puppet/provider/user/windows_adsi.rb +8 -8
- data/lib/puppet/provider/zone/solaris.rb +1 -1
- data/lib/puppet/reference/metaparameter.rb +8 -6
- data/lib/puppet/reports/store.rb +4 -9
- data/lib/puppet/resource.rb +75 -11
- data/lib/puppet/resource/catalog.rb +9 -7
- data/lib/puppet/resource/type.rb +27 -0
- data/lib/puppet/settings.rb +61 -41
- data/lib/puppet/settings/base_setting.rb +9 -3
- data/lib/puppet/settings/environment_conf.rb +32 -4
- data/lib/puppet/settings/file_setting.rb +9 -1
- data/lib/puppet/settings/priority_setting.rb +5 -5
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/certificate_authority.rb +15 -6
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +2 -1
- data/lib/puppet/ssl/host.rb +3 -2
- data/lib/puppet/ssl/inventory.rb +11 -6
- data/lib/puppet/ssl/validator/default_validator.rb +1 -0
- data/lib/puppet/ssl/validator/no_validator.rb +3 -0
- data/lib/puppet/transaction.rb +29 -0
- data/lib/puppet/transaction/resource_harness.rb +16 -3
- data/lib/puppet/type.rb +71 -49
- data/lib/puppet/type/exec.rb +36 -8
- data/lib/puppet/type/file.rb +56 -16
- data/lib/puppet/type/file/content.rb +3 -3
- data/lib/puppet/type/file/mode.rb +12 -3
- data/lib/puppet/type/file/source.rb +4 -1
- data/lib/puppet/type/group.rb +1 -1
- data/lib/puppet/type/mount.rb +1 -3
- data/lib/puppet/type/resources.rb +59 -35
- data/lib/puppet/type/ssh_authorized_key.rb +54 -16
- data/lib/puppet/type/sshkey.rb +1 -1
- data/lib/puppet/type/user.rb +17 -11
- data/lib/puppet/type/yumrepo.rb +59 -8
- data/lib/puppet/type/zone.rb +3 -6
- data/lib/puppet/util.rb +64 -55
- data/lib/puppet/util/autoload.rb +2 -2
- data/lib/puppet/util/colors.rb +61 -19
- data/lib/puppet/util/command_line.rb +21 -4
- data/lib/puppet/util/execution.rb +41 -29
- data/lib/puppet/util/feature.rb +15 -4
- data/lib/puppet/util/filetype.rb +6 -2
- data/lib/puppet/util/http_proxy.rb +29 -2
- data/lib/puppet/util/lockfile.rb +1 -1
- data/lib/puppet/util/log/destinations.rb +7 -3
- data/lib/puppet/util/logging.rb +44 -14
- data/lib/puppet/util/pidlock.rb +11 -5
- data/lib/puppet/util/posix.rb +21 -31
- data/lib/puppet/util/profiler.rb +17 -9
- data/lib/puppet/util/profiler/aggregate.rb +85 -0
- data/lib/puppet/util/profiler/around_profiler.rb +67 -0
- data/lib/puppet/util/profiler/logging.rb +12 -11
- data/lib/puppet/util/profiler/wall_clock.rb +7 -6
- data/lib/puppet/util/rdoc.rb +8 -1
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +1 -8
- data/lib/puppet/util/windows.rb +14 -3
- data/lib/puppet/util/windows/access_control_list.rb +4 -4
- data/lib/puppet/util/{adsi.rb → windows/adsi.rb} +99 -37
- data/lib/puppet/util/windows/api_types.rb +255 -0
- data/lib/puppet/util/windows/com.rb +224 -0
- data/lib/puppet/util/windows/error.rb +72 -5
- data/lib/puppet/util/windows/file.rb +254 -132
- data/lib/puppet/util/windows/process.rb +293 -177
- data/lib/puppet/util/windows/registry.rb +12 -2
- data/lib/puppet/util/windows/root_certs.rb +16 -9
- data/lib/puppet/util/windows/security.rb +501 -232
- data/lib/puppet/util/windows/sid.rb +80 -36
- data/lib/puppet/util/windows/string.rb +2 -0
- data/lib/puppet/util/windows/taskscheduler.rb +1241 -0
- data/lib/puppet/util/windows/user.rb +241 -57
- data/lib/puppet/vendor.rb +3 -1
- data/lib/puppet/vendor/load_pathspec.rb +1 -0
- data/lib/puppet/vendor/load_rgen.rb +1 -0
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +2 -0
- data/lib/puppet/vendor/pathspec/LICENSE +201 -0
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +6 -0
- data/lib/puppet/vendor/pathspec/README.md +53 -0
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +121 -0
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +275 -0
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +17 -0
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +14 -0
- data/lib/puppet/vendor/require_vendored.rb +2 -0
- data/lib/puppet/vendor/rgen/CHANGELOG +197 -0
- data/lib/puppet/vendor/rgen/MIT-LICENSE +20 -0
- data/lib/puppet/vendor/rgen/PUPPET_README.md +6 -0
- data/lib/puppet/vendor/rgen/README.rdoc +78 -0
- data/lib/puppet/vendor/rgen/Rakefile +41 -0
- data/lib/puppet/vendor/rgen/TODO +41 -0
- data/lib/puppet/vendor/rgen/anounce.txt +61 -0
- data/lib/puppet/vendor/rgen/design_rationale.txt +71 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/ea_support.rb +54 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/id_store.rb +32 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/uml13_ea_metamodel.rb +562 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/uml13_ea_metamodel_ext.rb +45 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/uml13_ea_metamodel_generator.rb +43 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/uml13_ea_to_uml13.rb +103 -0
- data/lib/puppet/vendor/rgen/lib/ea_support/uml13_to_uml13_ea.rb +89 -0
- data/lib/puppet/vendor/rgen/lib/metamodels/uml13_metamodel.rb +559 -0
- data/lib/puppet/vendor/rgen/lib/metamodels/uml13_metamodel_ext.rb +26 -0
- data/lib/puppet/vendor/rgen/lib/mmgen/metamodel_generator.rb +20 -0
- data/lib/puppet/vendor/rgen/lib/mmgen/mm_ext/ecore_mmgen_ext.rb +91 -0
- data/lib/puppet/vendor/rgen/lib/mmgen/mmgen.rb +28 -0
- data/lib/puppet/vendor/rgen/lib/mmgen/templates/annotations.tpl +37 -0
- data/lib/puppet/vendor/rgen/lib/mmgen/templates/metamodel_generator.tpl +172 -0
- data/lib/puppet/vendor/rgen/lib/rgen/array_extensions.rb +45 -0
- data/lib/puppet/vendor/rgen/lib/rgen/ecore/ecore.rb +218 -0
- data/lib/puppet/vendor/rgen/lib/rgen/ecore/ecore_builder_methods.rb +81 -0
- data/lib/puppet/vendor/rgen/lib/rgen/ecore/ecore_ext.rb +69 -0
- data/lib/puppet/vendor/rgen/lib/rgen/ecore/ecore_interface.rb +47 -0
- data/lib/puppet/vendor/rgen/lib/rgen/ecore/ecore_to_ruby.rb +167 -0
- data/lib/puppet/vendor/rgen/lib/rgen/ecore/ruby_to_ecore.rb +91 -0
- data/lib/puppet/vendor/rgen/lib/rgen/environment.rb +129 -0
- data/lib/puppet/vendor/rgen/lib/rgen/fragment/dump_file_cache.rb +63 -0
- data/lib/puppet/vendor/rgen/lib/rgen/fragment/fragmented_model.rb +140 -0
- data/lib/puppet/vendor/rgen/lib/rgen/fragment/model_fragment.rb +289 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/abstract_instantiator.rb +66 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/abstract_xml_instantiator.rb +66 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/default_xml_instantiator.rb +117 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/ecore_xml_instantiator.rb +169 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/json_instantiator.rb +126 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/json_parser.rb +331 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/json_parser.y +94 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/nodebased_xml_instantiator.rb +137 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/qualified_name_resolver.rb +97 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/reference_resolver.rb +128 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/resolution_helper.rb +47 -0
- data/lib/puppet/vendor/rgen/lib/rgen/instantiator/xmi11_instantiator.rb +168 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder.rb +224 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/builder_extensions.rb +556 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/builder_runtime.rb +174 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/constant_order_helper.rb +89 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/data_types.rb +77 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/intermediate/annotation.rb +30 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/intermediate/feature.rb +168 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/mm_multiple.rb +23 -0
- data/lib/puppet/vendor/rgen/lib/rgen/metamodel_builder/module_extension.rb +42 -0
- data/lib/puppet/vendor/rgen/lib/rgen/model_builder.rb +32 -0
- data/lib/puppet/vendor/rgen/lib/rgen/model_builder/builder_context.rb +334 -0
- data/lib/puppet/vendor/rgen/lib/rgen/model_builder/model_serializer.rb +225 -0
- data/lib/puppet/vendor/rgen/lib/rgen/model_builder/reference_resolver.rb +156 -0
- data/lib/puppet/vendor/rgen/lib/rgen/serializer/json_serializer.rb +121 -0
- data/lib/puppet/vendor/rgen/lib/rgen/serializer/opposite_reference_filter.rb +18 -0
- data/lib/puppet/vendor/rgen/lib/rgen/serializer/qualified_name_provider.rb +47 -0
- data/lib/puppet/vendor/rgen/lib/rgen/serializer/xmi11_serializer.rb +116 -0
- data/lib/puppet/vendor/rgen/lib/rgen/serializer/xmi20_serializer.rb +71 -0
- data/lib/puppet/vendor/rgen/lib/rgen/serializer/xml_serializer.rb +98 -0
- data/lib/puppet/vendor/rgen/lib/rgen/template_language.rb +297 -0
- data/lib/puppet/vendor/rgen/lib/rgen/template_language/directory_template_container.rb +83 -0
- data/lib/puppet/vendor/rgen/lib/rgen/template_language/output_handler.rb +87 -0
- data/lib/puppet/vendor/rgen/lib/rgen/template_language/template_container.rb +234 -0
- data/lib/puppet/vendor/rgen/lib/rgen/template_language/template_helper.rb +26 -0
- data/lib/puppet/vendor/rgen/lib/rgen/transformer.rb +475 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/auto_class_creator.rb +61 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/cached_glob.rb +67 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/file_cache_map.rb +124 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/file_change_detector.rb +84 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/method_delegation.rb +114 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/model_comparator.rb +68 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/model_comparator_base.rb +142 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/model_dumper.rb +29 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/name_helper.rb +42 -0
- data/lib/puppet/vendor/rgen/lib/rgen/util/pattern_matcher.rb +329 -0
- data/lib/puppet/vendor/rgen/lib/transformers/ecore_to_uml13.rb +79 -0
- data/lib/puppet/vendor/rgen/lib/transformers/uml13_to_ecore.rb +127 -0
- data/lib/puppet/vendor/rgen/test/array_extensions_test.rb +64 -0
- data/lib/puppet/vendor/rgen/test/ea_instantiator_test.rb +35 -0
- data/lib/puppet/vendor/rgen/test/ea_serializer_test.rb +23 -0
- data/lib/puppet/vendor/rgen/test/ecore_self_test.rb +54 -0
- data/lib/puppet/vendor/rgen/test/environment_test.rb +90 -0
- data/lib/puppet/vendor/rgen/test/json_test.rb +171 -0
- data/lib/puppet/vendor/rgen/test/metamodel_builder_test.rb +1482 -0
- data/lib/puppet/vendor/rgen/test/metamodel_from_ecore_test.rb +57 -0
- data/lib/puppet/vendor/rgen/test/metamodel_order_test.rb +131 -0
- data/lib/puppet/vendor/rgen/test/metamodel_roundtrip_test.rb +98 -0
- data/lib/puppet/vendor/rgen/test/metamodel_roundtrip_test/TestModel.rb +70 -0
- data/lib/puppet/vendor/rgen/test/metamodel_roundtrip_test/houseMetamodel.ecore +42 -0
- data/lib/puppet/vendor/rgen/test/metamodel_roundtrip_test/houseMetamodel_from_ecore.rb +44 -0
- data/lib/puppet/vendor/rgen/test/metamodel_roundtrip_test/using_builtin_types.ecore +9 -0
- data/lib/puppet/vendor/rgen/test/method_delegation_test.rb +178 -0
- data/lib/puppet/vendor/rgen/test/model_builder/builder_context_test.rb +59 -0
- data/lib/puppet/vendor/rgen/test/model_builder/builder_test.rb +242 -0
- data/lib/puppet/vendor/rgen/test/model_builder/ecore_original.rb +163 -0
- data/lib/puppet/vendor/rgen/test/model_builder/ecore_original_regenerated.rb +163 -0
- data/lib/puppet/vendor/rgen/test/model_builder/reference_resolver_test.rb +156 -0
- data/lib/puppet/vendor/rgen/test/model_builder/serializer_test.rb +94 -0
- data/lib/puppet/vendor/rgen/test/model_builder/statemachine_metamodel.rb +42 -0
- data/lib/puppet/vendor/rgen/test/model_builder/test_model/statemachine1.rb +23 -0
- data/lib/puppet/vendor/rgen/test/model_builder_test.rb +6 -0
- data/lib/puppet/vendor/rgen/test/model_fragment_test.rb +30 -0
- data/lib/puppet/vendor/rgen/test/output_handler_test.rb +58 -0
- data/lib/puppet/vendor/rgen/test/qualified_name_provider_test.rb +48 -0
- data/lib/puppet/vendor/rgen/test/qualified_name_resolver_test.rb +102 -0
- data/lib/puppet/vendor/rgen/test/reference_resolver_test.rb +117 -0
- data/lib/puppet/vendor/rgen/test/rgen_test.rb +26 -0
- data/lib/puppet/vendor/rgen/test/template_language_test.rb +163 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/expected_result1.txt +29 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/expected_result2.txt +9 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/expected_result3.txt +4 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/indentStringTestDefaultIndent.out +1 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/indentStringTestTabIndent.out +1 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/callback_indent_test/a.tpl +12 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/callback_indent_test/b.tpl +5 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/code/array.tpl +11 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/content/author.tpl +7 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/content/chapter.tpl +5 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/define_local_test/local.tpl +8 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/define_local_test/test.tpl +8 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/evaluate_test/test.tpl +7 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/indent_string_test.tpl +12 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/index/c/cmod.tpl +1 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/index/chapter.tpl +3 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/no_backslash_r_test.tpl +5 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/no_indent_test/no_indent.tpl +3 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/no_indent_test/sub1/no_indent.tpl +3 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/no_indent_test/test.tpl +24 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/no_indent_test/test2.tpl +13 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/no_indent_test/test3.tpl +10 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/null_context_test.tpl +17 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/root.tpl +31 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/template_resolution_test/sub1.tpl +9 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/template_resolution_test/sub1/sub1.tpl +3 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/templates/template_resolution_test/test.tpl +4 -0
- data/lib/puppet/vendor/rgen/test/template_language_test/testout.txt +29 -0
- data/lib/puppet/vendor/rgen/test/testmodel/class_model_checker.rb +119 -0
- data/lib/puppet/vendor/rgen/test/testmodel/ea_testmodel.eap +0 -0
- data/lib/puppet/vendor/rgen/test/testmodel/ea_testmodel.xml +1029 -0
- data/lib/puppet/vendor/rgen/test/testmodel/ea_testmodel_partial.xml +317 -0
- data/lib/puppet/vendor/rgen/test/testmodel/ecore_model_checker.rb +101 -0
- data/lib/puppet/vendor/rgen/test/testmodel/manual_testmodel.xml +22 -0
- data/lib/puppet/vendor/rgen/test/testmodel/object_model_checker.rb +67 -0
- data/lib/puppet/vendor/rgen/test/transformer_test.rb +254 -0
- data/lib/puppet/vendor/rgen/test/util/file_cache_map_test.rb +99 -0
- data/lib/puppet/vendor/rgen/test/util/pattern_matcher_test.rb +97 -0
- data/lib/puppet/vendor/rgen/test/util_test.rb +5 -0
- data/lib/puppet/vendor/rgen/test/xml_instantiator_test.rb +160 -0
- data/lib/puppet/vendor/rgen/test/xml_instantiator_test/simple_ecore_model_checker.rb +94 -0
- data/lib/puppet/vendor/rgen/test/xml_instantiator_test/simple_xmi_ecore_instantiator.rb +53 -0
- data/lib/puppet/vendor/rgen/test/xml_instantiator_test/simple_xmi_metamodel.rb +49 -0
- data/lib/puppet/vendor/rgen/test/xml_instantiator_test/simple_xmi_to_ecore.rb +75 -0
- data/lib/puppet/vendor/safe_yaml/PUPPET_README.md +6 -0
- data/lib/puppet/vendor/semantic/PUPPET_README.md +6 -0
- data/lib/puppet/version.rb +1 -1
- data/spec/fixtures/integration/node/environment/sitedir2/00_a.pp +2 -0
- data/spec/fixtures/integration/node/environment/sitedir2/02_folder/01_b.pp +6 -0
- data/spec/fixtures/integration/node/environment/sitedir2/03_c.pp +1 -0
- data/spec/fixtures/integration/node/environment/sitedir2/04_include.pp +2 -0
- data/spec/fixtures/releases/jamtur01-apache/manifests/vhost.pp +1 -1
- data/spec/fixtures/unit/indirector/hiera/global.yaml +10 -0
- data/spec/fixtures/unit/indirector/hiera/invalid.yaml +1 -0
- data/spec/fixtures/unit/parser/functions/create_resources/foo/manifests/init.pp +3 -0
- data/spec/fixtures/unit/parser/functions/create_resources/foo/manifests/wrongdefine.pp +3 -0
- data/spec/fixtures/unit/parser/lexer/argumentdefaults.pp +2 -2
- data/spec/fixtures/unit/parser/lexer/casestatement.pp +14 -14
- data/spec/fixtures/unit/parser/lexer/classheirarchy.pp +3 -3
- data/spec/fixtures/unit/parser/lexer/classincludes.pp +3 -3
- data/spec/fixtures/unit/parser/lexer/classpathtest.pp +1 -1
- data/spec/fixtures/unit/parser/lexer/collection_override.pp +1 -1
- data/spec/fixtures/unit/parser/lexer/componentrequire.pp +2 -2
- data/spec/fixtures/unit/parser/lexer/deepclassheirarchy.pp +5 -5
- data/spec/fixtures/unit/parser/lexer/defineoverrides.pp +2 -2
- data/spec/fixtures/unit/parser/lexer/filecreate.pp +2 -2
- data/spec/fixtures/unit/parser/lexer/ifexpression.pp +1 -1
- data/spec/fixtures/unit/parser/lexer/implicititeration.pp +4 -4
- data/spec/fixtures/unit/parser/lexer/multipleinstances.pp +3 -3
- data/spec/fixtures/unit/parser/lexer/multisubs.pp +2 -2
- data/spec/fixtures/unit/parser/lexer/namevartest.pp +2 -2
- data/spec/fixtures/unit/parser/lexer/simpledefaults.pp +1 -1
- data/spec/fixtures/unit/pops/parser/lexer/argumentdefaults.pp +1 -1
- data/spec/fixtures/unit/pops/parser/lexer/casestatement.pp +14 -14
- data/spec/fixtures/unit/pops/parser/lexer/classheirarchy.pp +3 -3
- data/spec/fixtures/unit/pops/parser/lexer/classincludes.pp +3 -3
- data/spec/fixtures/unit/pops/parser/lexer/classpathtest.pp +1 -1
- data/spec/fixtures/unit/pops/parser/lexer/collection_override.pp +1 -1
- data/spec/fixtures/unit/pops/parser/lexer/componentrequire.pp +2 -2
- data/spec/fixtures/unit/pops/parser/lexer/deepclassheirarchy.pp +5 -5
- data/spec/fixtures/unit/pops/parser/lexer/defineoverrides.pp +2 -2
- data/spec/fixtures/unit/pops/parser/lexer/filecreate.pp +2 -2
- data/spec/fixtures/unit/pops/parser/lexer/ifexpression.pp +1 -1
- data/spec/fixtures/unit/pops/parser/lexer/implicititeration.pp +4 -4
- data/spec/fixtures/unit/pops/parser/lexer/multipleinstances.pp +3 -3
- data/spec/fixtures/unit/pops/parser/lexer/multisubs.pp +2 -2
- data/spec/fixtures/unit/pops/parser/lexer/namevartest.pp +2 -2
- data/spec/fixtures/unit/pops/parser/lexer/simpledefaults.pp +1 -1
- data/spec/fixtures/unit/provider/package/gem/gem-list-single-package +4 -0
- data/spec/fixtures/unit/type/user/authorized_keys +1 -1
- data/spec/integration/agent/logging_spec.rb +4 -0
- data/spec/integration/application/doc_spec.rb +4 -3
- data/spec/integration/configurer_spec.rb +0 -14
- data/spec/integration/defaults_spec.rb +26 -0
- data/spec/integration/environments/default_manifest_spec.rb +274 -0
- data/spec/integration/faces/documentation_spec.rb +0 -4
- data/spec/integration/file_bucket/file_spec.rb +21 -0
- data/spec/integration/indirector/catalog/compiler_spec.rb +0 -2
- data/spec/integration/indirector/catalog/queue_spec.rb +0 -2
- data/spec/integration/indirector/facts/facter_spec.rb +1 -1
- data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
- data/spec/integration/node/environment_spec.rb +24 -8
- data/spec/integration/parser/catalog_spec.rb +10 -10
- data/spec/integration/parser/class_spec.rb +37 -0
- data/spec/integration/parser/collector_spec.rb +234 -75
- data/spec/integration/parser/compiler_spec.rb +385 -401
- data/spec/integration/parser/conditionals_spec.rb +117 -0
- data/spec/integration/parser/future_compiler_spec.rb +359 -8
- data/spec/integration/parser/node_spec.rb +185 -0
- data/spec/integration/parser/resource_expressions_spec.rb +286 -0
- data/spec/integration/parser/ruby_manifest_spec.rb +0 -4
- data/spec/integration/parser/scope_spec.rb +94 -151
- data/spec/integration/provider/cron/crontab_spec.rb +137 -148
- data/spec/integration/ssl/certificate_authority_spec.rb +26 -0
- data/spec/integration/ssl/certificate_request_spec.rb +0 -6
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +0 -2
- data/spec/integration/ssl/host_spec.rb +0 -2
- data/spec/integration/transaction_spec.rb +16 -0
- data/spec/integration/type/file_spec.rb +14 -13
- data/spec/integration/type/nagios_spec.rb +6 -15
- data/spec/integration/type/sshkey_spec.rb +22 -0
- data/spec/integration/type/tidy_spec.rb +3 -0
- data/spec/integration/type/user_spec.rb +8 -3
- data/spec/integration/util/autoload_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +7 -0
- data/spec/integration/util/windows/process_spec.rb +12 -0
- data/spec/integration/util/windows/security_spec.rb +36 -35
- data/spec/integration/util/windows/user_spec.rb +75 -9
- data/spec/integration/util_spec.rb +2 -2
- data/spec/lib/matchers/resource.rb +1 -0
- data/spec/lib/puppet_spec/compiler.rb +15 -2
- data/spec/lib/puppet_spec/files.rb +10 -0
- data/spec/lib/puppet_spec/language.rb +74 -0
- data/spec/lib/puppet_spec/matchers.rb +59 -32
- data/spec/lib/puppet_spec/module_tool/stub_source.rb +3 -0
- data/spec/shared_behaviours/hiera_indirections.rb +99 -0
- data/spec/shared_behaviours/iterative_functions.rb +69 -0
- data/spec/unit/application/apply_spec.rb +4 -2
- data/spec/unit/application/doc_spec.rb +17 -13
- data/spec/unit/application/master_spec.rb +35 -27
- data/spec/unit/application/resource_spec.rb +0 -5
- data/spec/unit/configurer/downloader_factory_spec.rb +96 -0
- data/spec/unit/configurer/downloader_spec.rb +3 -24
- data/spec/unit/configurer/plugin_handler_spec.rb +22 -22
- data/spec/unit/configurer_spec.rb +0 -4
- data/spec/unit/defaults_spec.rb +30 -0
- data/spec/unit/face/config_spec.rb +2 -1
- data/spec/unit/face/module/build_spec.rb +2 -2
- data/spec/unit/face/module/install_spec.rb +8 -8
- data/spec/unit/face/parser_spec.rb +71 -33
- data/spec/unit/file_bucket/file_spec.rb +2 -2
- data/spec/unit/file_system/uniquefile_spec.rb +184 -0
- data/spec/unit/forge/errors_spec.rb +4 -6
- data/spec/unit/forge/module_release_spec.rb +178 -89
- data/spec/unit/forge/repository_spec.rb +110 -2
- data/spec/unit/forge_spec.rb +39 -3
- data/spec/unit/functions/assert_type_spec.rb +22 -3
- data/spec/unit/{parser/methods → functions}/each_spec.rb +21 -1
- data/spec/unit/{parser/functions → functions}/epp_spec.rb +61 -9
- data/spec/unit/{parser/methods → functions}/filter_spec.rb +34 -38
- data/spec/unit/{parser/functions → functions}/inline_epp_spec.rb +18 -3
- data/spec/unit/functions/map_spec.rb +169 -0
- data/spec/unit/functions/match_spec.rb +57 -0
- data/spec/unit/{parser/methods → functions}/reduce_spec.rb +23 -5
- data/spec/unit/{parser/methods → functions}/slice_spec.rb +34 -21
- data/spec/unit/functions/with_spec.rb +35 -0
- data/spec/unit/functions4_spec.rb +7 -8
- data/spec/unit/indirector/catalog/compiler_spec.rb +0 -2
- data/spec/unit/indirector/catalog/static_compiler_spec.rb +11 -0
- data/spec/unit/indirector/data_binding/hiera_spec.rb +1 -96
- data/spec/unit/indirector/facts/facter_spec.rb +69 -102
- data/spec/unit/indirector/hiera_spec.rb +17 -0
- data/spec/unit/indirector/request_spec.rb +2 -4
- data/spec/unit/indirector/resource/ral_spec.rb +5 -0
- data/spec/unit/indirector/resource_type/parser_spec.rb +17 -12
- data/spec/unit/indirector/rest_spec.rb +36 -6
- data/spec/unit/interface/face_collection_spec.rb +2 -2
- data/spec/unit/module_tool/applications/builder_spec.rb +364 -14
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +22 -0
- data/spec/unit/module_tool/applications/unpacker_spec.rb +40 -0
- data/spec/unit/module_tool/applications/upgrader_spec.rb +22 -0
- data/spec/unit/module_tool/installed_modules_spec.rb +49 -0
- data/spec/unit/module_tool/metadata_spec.rb +72 -4
- data/spec/unit/module_tool/tar/mini_spec.rb +2 -1
- data/spec/unit/network/authentication_spec.rb +4 -0
- data/spec/unit/network/http/api/v2/environments_spec.rb +24 -3
- data/spec/unit/network/http/connection_spec.rb +127 -92
- data/spec/unit/network/http/factory_spec.rb +82 -0
- data/spec/unit/network/http/handler_spec.rb +23 -13
- data/spec/unit/network/http/nocache_pool_spec.rb +43 -0
- data/spec/unit/network/http/pool_spec.rb +269 -0
- data/spec/unit/network/http/rack/rest_spec.rb +1 -1
- data/spec/unit/network/http/session_spec.rb +43 -0
- data/spec/unit/network/http/site_spec.rb +90 -0
- data/spec/unit/network/http/webrick_spec.rb +1 -1
- data/spec/unit/network/http_pool_spec.rb +9 -6
- data/spec/unit/network/http_spec.rb +10 -0
- data/spec/unit/node/environment_spec.rb +54 -0
- data/spec/unit/node_spec.rb +3 -5
- data/spec/unit/parser/compiler_spec.rb +9 -2
- data/spec/unit/parser/files_spec.rb +19 -0
- data/spec/unit/parser/functions/contain_spec.rb +51 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +8 -1
- data/spec/unit/parser/functions/digest_spec.rb +31 -0
- data/spec/unit/parser/functions/file_spec.rb +48 -5
- data/spec/unit/parser/functions/include_spec.rb +15 -1
- data/spec/unit/parser/functions/realize_spec.rb +43 -35
- data/spec/unit/parser/functions/require_spec.rb +19 -5
- data/spec/unit/parser/functions/search_spec.rb +5 -0
- data/spec/unit/parser/functions/shared.rb +82 -0
- data/spec/unit/parser/functions_spec.rb +1 -1
- data/spec/unit/parser/lexer_spec.rb +10 -1
- data/spec/unit/parser/type_loader_spec.rb +0 -1
- data/spec/unit/pops/benchmark_spec.rb +1 -1
- data/spec/unit/pops/binder/bindings_composer_spec.rb +24 -22
- data/spec/unit/pops/binder/injector_spec.rb +8 -6
- data/spec/unit/pops/evaluator/access_ops_spec.rb +3 -3
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +7 -4
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +250 -30
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +2 -2
- data/spec/unit/pops/evaluator/variables_spec.rb +0 -105
- data/spec/unit/pops/issues_spec.rb +170 -0
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +17 -0
- data/spec/unit/pops/loaders/loader_paths_spec.rb +4 -15
- data/spec/unit/pops/loaders/loaders_spec.rb +31 -11
- data/spec/unit/pops/loaders/module_loaders_spec.rb +0 -29
- data/spec/unit/pops/loaders/static_loader_spec.rb +6 -0
- data/spec/unit/pops/parser/epp_parser_spec.rb +38 -9
- data/spec/unit/pops/parser/evaluating_parser_spec.rb +0 -1
- data/spec/unit/pops/parser/lexer2_spec.rb +21 -4
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +5 -0
- data/spec/unit/pops/parser/parse_calls_spec.rb +6 -3
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +12 -5
- data/spec/unit/pops/parser/parse_containers_spec.rb +62 -7
- data/spec/unit/pops/parser/parse_resource_spec.rb +155 -73
- data/spec/unit/pops/parser/parser_spec.rb +16 -0
- data/spec/unit/pops/parser/parsing_typed_parameters_spec.rb +72 -0
- data/spec/unit/pops/transformer/transform_calls_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +254 -57
- data/spec/unit/pops/types/type_factory_spec.rb +8 -3
- data/spec/unit/pops/types/type_parser_spec.rb +26 -5
- data/spec/unit/pops/validator/validator_spec.rb +143 -27
- data/spec/unit/provider/exec/posix_spec.rb +22 -14
- data/spec/unit/provider/exec/shell_spec.rb +2 -2
- data/spec/unit/provider/file/windows_spec.rb +7 -7
- data/spec/unit/provider/group/windows_adsi_spec.rb +17 -17
- data/spec/unit/provider/package/gem_spec.rb +10 -0
- data/spec/unit/provider/package/openbsd_spec.rb +66 -9
- data/spec/unit/provider/package/pacman_spec.rb +90 -71
- data/spec/unit/provider/package/windows/package_spec.rb +21 -6
- data/spec/unit/provider/package/yum_spec.rb +1 -0
- data/spec/unit/provider/parsedfile_spec.rb +1 -1
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +9 -9
- data/spec/unit/provider/service/openbsd_spec.rb +26 -2
- data/spec/unit/provider/service/upstart_spec.rb +12 -1
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +6 -0
- data/spec/unit/provider/user/user_role_add_spec.rb +23 -1
- data/spec/unit/provider/user/windows_adsi_spec.rb +17 -17
- data/spec/unit/reports/store_spec.rb +0 -16
- data/spec/unit/resource/catalog_spec.rb +0 -5
- data/spec/unit/resource_spec.rb +2 -2
- data/spec/unit/settings/autosign_setting_spec.rb +2 -2
- data/spec/unit/settings/environment_conf_spec.rb +77 -10
- data/spec/unit/settings/file_setting_spec.rb +5 -4
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +41 -3
- data/spec/unit/ssl/certificate_authority_spec.rb +25 -2
- data/spec/unit/ssl/inventory_spec.rb +13 -0
- data/spec/unit/ssl/validator_spec.rb +0 -1
- data/spec/unit/transaction/resource_harness_spec.rb +64 -0
- data/spec/unit/transaction_spec.rb +98 -47
- data/spec/unit/type/cron_spec.rb +3 -3
- data/spec/unit/type/exec_spec.rb +9 -0
- data/spec/unit/type/file/content_spec.rb +54 -71
- data/spec/unit/type/file/mode_spec.rb +26 -1
- data/spec/unit/type/file/source_spec.rb +26 -4
- data/spec/unit/type/file_spec.rb +3 -3
- data/spec/unit/type/nagios_spec.rb +12 -3
- data/spec/unit/type/resources_spec.rb +64 -30
- data/spec/unit/type/user_spec.rb +1 -1
- data/spec/unit/type/yumrepo_spec.rb +136 -0
- data/spec/unit/type/zone_spec.rb +44 -1
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/colors_spec.rb +14 -8
- data/spec/unit/util/command_line_spec.rb +11 -7
- data/spec/unit/util/execution_spec.rb +35 -42
- data/spec/unit/util/feature_spec.rb +12 -0
- data/spec/unit/util/http_proxy_spec.rb +43 -1
- data/spec/unit/util/log/destinations_spec.rb +45 -1
- data/spec/unit/util/logging_spec.rb +38 -0
- data/spec/unit/util/pidlock_spec.rb +37 -1
- data/spec/unit/util/profiler/aggregate_spec.rb +59 -0
- data/spec/unit/util/profiler/around_profiler_spec.rb +61 -0
- data/spec/unit/util/profiler/logging_spec.rb +18 -29
- data/spec/unit/util/profiler/wall_clock_spec.rb +1 -1
- data/spec/unit/util/profiler_spec.rb +55 -0
- data/spec/unit/util/queue_spec.rb +0 -1
- data/spec/unit/util/rdoc/parser_spec.rb +14 -6
- data/spec/unit/util/tagging_spec.rb +1 -1
- data/spec/unit/util/windows/access_control_entry_spec.rb +1 -1
- data/spec/unit/util/{adsi_spec.rb → windows/adsi_spec.rb} +111 -108
- data/spec/unit/util/windows/api_types_spec.rb +28 -0
- data/spec/unit/util/windows/registry_spec.rb +7 -6
- data/spec/unit/util/windows/sid_spec.rb +3 -6
- data/spec/unit/util/windows/string_spec.rb +4 -0
- data/spec/unit/util/zaml_spec.rb +5 -1
- data/tasks/benchmark.rake +40 -5
- data/tasks/parser.rake +16 -2
- data/tasks/yard.rake +1 -1
- metadata +308 -150
- data/lib/puppet/file_system/tempfile.rb +0 -20
- data/lib/puppet/parser/e_parser_adapter.rb +0 -119
- data/lib/puppet/parser/functions/collect.rb +0 -15
- data/lib/puppet/parser/functions/select.rb +0 -15
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +0 -109
- data/lib/puppet/pops/parser/lexer.rb +0 -753
- data/lib/puppet/pops/parser/makefile +0 -6
- data/lib/puppet/pops/validation/checker3_1.rb +0 -558
- data/lib/puppet/pops/validation/validator_factory_3_1.rb +0 -31
- data/lib/puppet/util/profiler/none.rb +0 -8
- data/spec/unit/face/certificate_request_spec.rb +0 -7
- data/spec/unit/face/certificate_revocation_list_spec.rb +0 -7
- data/spec/unit/face/key_spec.rb +0 -7
- data/spec/unit/face/report_spec.rb +0 -7
- data/spec/unit/face/resource_spec.rb +0 -7
- data/spec/unit/face/resource_type_spec.rb +0 -7
- data/spec/unit/file_system/tempfile_spec.rb +0 -48
- data/spec/unit/parser/eparser_adapter_spec.rb +0 -407
- data/spec/unit/parser/methods/map_spec.rb +0 -184
- data/spec/unit/parser/methods/shared.rb +0 -45
- data/spec/unit/pops/parser/lexer_spec.rb +0 -840
- data/spec/unit/pops/transformer/transform_resource_spec.rb +0 -185
- data/spec/unit/util/profiler/none_spec.rb +0 -12
|
@@ -2,6 +2,9 @@ require 'puppet/util/windows'
|
|
|
2
2
|
|
|
3
3
|
module Puppet::Util::Windows
|
|
4
4
|
module Registry
|
|
5
|
+
require 'ffi'
|
|
6
|
+
extend FFI::Library
|
|
7
|
+
|
|
5
8
|
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa384129(v=vs.85).aspx
|
|
6
9
|
KEY64 = 0x100
|
|
7
10
|
KEY32 = 0x200
|
|
@@ -50,9 +53,8 @@ module Puppet::Util::Windows
|
|
|
50
53
|
# code page. However, ruby incorrectly sets the string
|
|
51
54
|
# encoding to US-ASCII. So we must force the encoding to the
|
|
52
55
|
# correct value.
|
|
53
|
-
require 'windows/national'
|
|
54
56
|
begin
|
|
55
|
-
cp =
|
|
57
|
+
cp = GetACP()
|
|
56
58
|
@encoding = Encoding.const_get("CP#{cp}")
|
|
57
59
|
rescue
|
|
58
60
|
@encoding = Encoding.default_external
|
|
@@ -66,5 +68,13 @@ module Puppet::Util::Windows
|
|
|
66
68
|
end
|
|
67
69
|
end
|
|
68
70
|
private :force_encoding
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
ffi_convention :stdcall
|
|
74
|
+
|
|
75
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/dd318070(v=vs.85).aspx
|
|
76
|
+
# UINT GetACP(void);
|
|
77
|
+
ffi_lib :kernel32
|
|
78
|
+
attach_function_private :GetACP, [], :uint32
|
|
69
79
|
end
|
|
70
80
|
end
|
|
@@ -9,9 +9,6 @@ class Puppet::Util::Windows::RootCerts
|
|
|
9
9
|
include Enumerable
|
|
10
10
|
extend FFI::Library
|
|
11
11
|
|
|
12
|
-
typedef :ulong, :dword
|
|
13
|
-
typedef :uintptr_t, :handle
|
|
14
|
-
|
|
15
12
|
def initialize(roots)
|
|
16
13
|
@roots = roots
|
|
17
14
|
end
|
|
@@ -57,11 +54,17 @@ class Puppet::Util::Windows::RootCerts
|
|
|
57
54
|
certs
|
|
58
55
|
end
|
|
59
56
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
# typedef ULONG_PTR HCRYPTPROV_LEGACY;
|
|
57
|
+
ffi_convention :stdcall
|
|
63
58
|
# typedef void *HCERTSTORE;
|
|
64
59
|
|
|
60
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa377189(v=vs.85).aspx
|
|
61
|
+
# typedef struct _CERT_CONTEXT {
|
|
62
|
+
# DWORD dwCertEncodingType;
|
|
63
|
+
# BYTE *pbCertEncoded;
|
|
64
|
+
# DWORD cbCertEncoded;
|
|
65
|
+
# PCERT_INFO pCertInfo;
|
|
66
|
+
# HCERTSTORE hCertStore;
|
|
67
|
+
# } CERT_CONTEXT, *PCERT_CONTEXT;typedef const CERT_CONTEXT *PCCERT_CONTEXT;
|
|
65
68
|
class CERT_CONTEXT < FFI::Struct
|
|
66
69
|
layout(
|
|
67
70
|
:dwCertEncodingType, :dword,
|
|
@@ -72,15 +75,18 @@ class Puppet::Util::Windows::RootCerts
|
|
|
72
75
|
)
|
|
73
76
|
end
|
|
74
77
|
|
|
78
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa376560(v=vs.85).aspx
|
|
75
79
|
# HCERTSTORE
|
|
76
80
|
# WINAPI
|
|
77
81
|
# CertOpenSystemStoreA(
|
|
78
82
|
# __in_opt HCRYPTPROV_LEGACY hProv,
|
|
79
83
|
# __in LPCSTR szSubsystemProtocol
|
|
80
84
|
# );
|
|
85
|
+
# typedef ULONG_PTR HCRYPTPROV_LEGACY;
|
|
81
86
|
ffi_lib :crypt32
|
|
82
|
-
|
|
87
|
+
attach_function_private :CertOpenSystemStoreA, [:ulong_ptr, :lpcstr], :handle
|
|
83
88
|
|
|
89
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa376050(v=vs.85).aspx
|
|
84
90
|
# PCCERT_CONTEXT
|
|
85
91
|
# WINAPI
|
|
86
92
|
# CertEnumCertificatesInStore(
|
|
@@ -88,8 +94,9 @@ class Puppet::Util::Windows::RootCerts
|
|
|
88
94
|
# __in_opt PCCERT_CONTEXT pPrevCertContext
|
|
89
95
|
# );
|
|
90
96
|
ffi_lib :crypt32
|
|
91
|
-
|
|
97
|
+
attach_function_private :CertEnumCertificatesInStore, [:handle, :pointer], :pointer
|
|
92
98
|
|
|
99
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa376026(v=vs.85).aspx
|
|
93
100
|
# BOOL
|
|
94
101
|
# WINAPI
|
|
95
102
|
# CertCloseStore(
|
|
@@ -97,5 +104,5 @@ class Puppet::Util::Windows::RootCerts
|
|
|
97
104
|
# __in DWORD dwFlags
|
|
98
105
|
# );
|
|
99
106
|
ffi_lib :crypt32
|
|
100
|
-
|
|
107
|
+
attach_function_private :CertCloseStore, [:handle, :dword], :win32_bool
|
|
101
108
|
end
|
|
@@ -67,26 +67,11 @@ require 'ffi'
|
|
|
67
67
|
|
|
68
68
|
require 'win32/security'
|
|
69
69
|
|
|
70
|
-
require 'windows/file'
|
|
71
|
-
require 'windows/handle'
|
|
72
|
-
require 'windows/security'
|
|
73
|
-
require 'windows/process'
|
|
74
|
-
require 'windows/memory'
|
|
75
|
-
require 'windows/msvcrt/buffer'
|
|
76
|
-
require 'windows/volume'
|
|
77
|
-
|
|
78
70
|
module Puppet::Util::Windows::Security
|
|
79
|
-
include ::Windows::
|
|
80
|
-
include ::Windows::Handle
|
|
81
|
-
include ::Windows::Security
|
|
82
|
-
include ::Windows::Process
|
|
83
|
-
include ::Windows::Memory
|
|
84
|
-
include ::Windows::MSVCRT::Buffer
|
|
85
|
-
include ::Windows::Volume
|
|
86
|
-
|
|
87
|
-
include Puppet::Util::Windows::SID
|
|
71
|
+
include Puppet::Util::Windows::String
|
|
88
72
|
|
|
89
73
|
extend Puppet::Util::Windows::Security
|
|
74
|
+
extend FFI::Library
|
|
90
75
|
|
|
91
76
|
# file modes
|
|
92
77
|
S_IRUSR = 0000400
|
|
@@ -111,6 +96,20 @@ module Puppet::Util::Windows::Security
|
|
|
111
96
|
NO_INHERITANCE = 0x0
|
|
112
97
|
SE_DACL_PROTECTED = 0x1000
|
|
113
98
|
|
|
99
|
+
FILE = Puppet::Util::Windows::File
|
|
100
|
+
|
|
101
|
+
SE_BACKUP_NAME = 'SeBackupPrivilege'
|
|
102
|
+
SE_RESTORE_NAME = 'SeRestorePrivilege'
|
|
103
|
+
|
|
104
|
+
DELETE = 0x00010000
|
|
105
|
+
READ_CONTROL = 0x20000
|
|
106
|
+
WRITE_DAC = 0x40000
|
|
107
|
+
WRITE_OWNER = 0x80000
|
|
108
|
+
|
|
109
|
+
OWNER_SECURITY_INFORMATION = 1
|
|
110
|
+
GROUP_SECURITY_INFORMATION = 2
|
|
111
|
+
DACL_SECURITY_INFORMATION = 4
|
|
112
|
+
|
|
114
113
|
# Set the owner of the object referenced by +path+ to the specified
|
|
115
114
|
# +owner_sid+. The owner sid should be of the form "S-1-5-32-544"
|
|
116
115
|
# and can either be a user or group. Only a user with the
|
|
@@ -161,51 +160,50 @@ module Puppet::Util::Windows::Security
|
|
|
161
160
|
get_security_descriptor(path).group
|
|
162
161
|
end
|
|
163
162
|
|
|
164
|
-
|
|
165
|
-
flags = 0.chr * 4
|
|
163
|
+
FILE_PERSISTENT_ACLS = 0x00000008
|
|
166
164
|
|
|
165
|
+
def supports_acl?(path)
|
|
166
|
+
supported = false
|
|
167
167
|
root = Pathname.new(path).enum_for(:ascend).to_a.last.to_s
|
|
168
168
|
# 'A trailing backslash is required'
|
|
169
169
|
root = "#{root}\\" unless root =~ /[\/\\]$/
|
|
170
|
-
|
|
171
|
-
|
|
170
|
+
|
|
171
|
+
FFI::MemoryPointer.new(:pointer, 1) do |flags_ptr|
|
|
172
|
+
if GetVolumeInformationW(wide_string(root), FFI::Pointer::NULL, 0,
|
|
173
|
+
FFI::Pointer::NULL, FFI::Pointer::NULL,
|
|
174
|
+
flags_ptr, FFI::Pointer::NULL, 0) == FFI::WIN32_FALSE
|
|
175
|
+
raise Puppet::Util::Windows::Error.new("Failed to get volume information")
|
|
176
|
+
end
|
|
177
|
+
supported = flags_ptr.read_dword & FILE_PERSISTENT_ACLS == FILE_PERSISTENT_ACLS
|
|
172
178
|
end
|
|
173
179
|
|
|
174
|
-
|
|
180
|
+
supported
|
|
175
181
|
end
|
|
176
182
|
|
|
177
183
|
def get_attributes(path)
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
raise Puppet::Util::Windows::Error.new("Failed to get file attributes") if attributes == INVALID_FILE_ATTRIBUTES
|
|
181
|
-
|
|
182
|
-
attributes
|
|
184
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.get_attributes is deprecated; please use Puppet::Util::Windows::File.get_attributes')
|
|
185
|
+
FILE.get_attributes(file_name)
|
|
183
186
|
end
|
|
184
187
|
|
|
185
188
|
def add_attributes(path, flags)
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
if (oldattrs | flags) != oldattrs
|
|
189
|
-
set_attributes(path, oldattrs | flags)
|
|
190
|
-
end
|
|
189
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.add_attributes is deprecated; please use Puppet::Util::Windows::File.add_attributes')
|
|
190
|
+
FILE.add_attributes(path, flags)
|
|
191
191
|
end
|
|
192
192
|
|
|
193
193
|
def remove_attributes(path, flags)
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
if (oldattrs & ~flags) != oldattrs
|
|
197
|
-
set_attributes(path, oldattrs & ~flags)
|
|
198
|
-
end
|
|
194
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.remove_attributes is deprecated; please use Puppet::Util::Windows::File.remove_attributes')
|
|
195
|
+
FILE.remove_attributes(path, flags)
|
|
199
196
|
end
|
|
200
197
|
|
|
201
198
|
def set_attributes(path, flags)
|
|
202
|
-
|
|
199
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.set_attributes is deprecated; please use Puppet::Util::Windows::File.set_attributes')
|
|
200
|
+
FILE.set_attributes(path, flags)
|
|
203
201
|
end
|
|
204
202
|
|
|
205
203
|
MASK_TO_MODE = {
|
|
206
|
-
FILE_GENERIC_READ => S_IROTH,
|
|
207
|
-
FILE_GENERIC_WRITE => S_IWOTH,
|
|
208
|
-
(FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES) => S_IXOTH
|
|
204
|
+
FILE::FILE_GENERIC_READ => S_IROTH,
|
|
205
|
+
FILE::FILE_GENERIC_WRITE => S_IWOTH,
|
|
206
|
+
(FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES) => S_IXOTH
|
|
209
207
|
}
|
|
210
208
|
|
|
211
209
|
def get_aces_for_path_by_sid(path, sid)
|
|
@@ -250,11 +248,12 @@ module Puppet::Util::Windows::Security
|
|
|
250
248
|
mode |= (v << 6) | (v << 3) | v
|
|
251
249
|
end
|
|
252
250
|
end
|
|
253
|
-
if File.directory?(path) &&
|
|
251
|
+
if File.directory?(path) &&
|
|
252
|
+
(ace.mask & (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE | FILE::FILE_DELETE_CHILD)) == (FILE::FILE_WRITE_DATA | FILE::FILE_EXECUTE)
|
|
254
253
|
mode |= S_ISVTX;
|
|
255
254
|
end
|
|
256
255
|
when well_known_nobody_sid
|
|
257
|
-
if (ace.mask & FILE_APPEND_DATA).nonzero?
|
|
256
|
+
if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
|
|
258
257
|
mode |= S_ISVTX
|
|
259
258
|
end
|
|
260
259
|
when well_known_system_sid
|
|
@@ -279,9 +278,9 @@ module Puppet::Util::Windows::Security
|
|
|
279
278
|
end
|
|
280
279
|
|
|
281
280
|
MODE_TO_MASK = {
|
|
282
|
-
S_IROTH => FILE_GENERIC_READ,
|
|
283
|
-
S_IWOTH => FILE_GENERIC_WRITE,
|
|
284
|
-
S_IXOTH => (FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES),
|
|
281
|
+
S_IROTH => FILE::FILE_GENERIC_READ,
|
|
282
|
+
S_IWOTH => FILE::FILE_GENERIC_WRITE,
|
|
283
|
+
S_IXOTH => (FILE::FILE_GENERIC_EXECUTE & ~FILE::FILE_READ_ATTRIBUTES),
|
|
285
284
|
}
|
|
286
285
|
|
|
287
286
|
# Set the mode of the object referenced by +path+ to the specified
|
|
@@ -303,9 +302,15 @@ module Puppet::Util::Windows::Security
|
|
|
303
302
|
well_known_nobody_sid = Win32::Security::SID::Nobody
|
|
304
303
|
well_known_system_sid = Win32::Security::SID::LocalSystem
|
|
305
304
|
|
|
306
|
-
owner_allow = STANDARD_RIGHTS_ALL |
|
|
307
|
-
|
|
308
|
-
|
|
305
|
+
owner_allow = FILE::STANDARD_RIGHTS_ALL |
|
|
306
|
+
FILE::FILE_READ_ATTRIBUTES |
|
|
307
|
+
FILE::FILE_WRITE_ATTRIBUTES
|
|
308
|
+
group_allow = FILE::STANDARD_RIGHTS_READ |
|
|
309
|
+
FILE::FILE_READ_ATTRIBUTES |
|
|
310
|
+
FILE::SYNCHRONIZE
|
|
311
|
+
other_allow = FILE::STANDARD_RIGHTS_READ |
|
|
312
|
+
FILE::FILE_READ_ATTRIBUTES |
|
|
313
|
+
FILE::SYNCHRONIZE
|
|
309
314
|
nobody_allow = 0
|
|
310
315
|
system_allow = 0
|
|
311
316
|
|
|
@@ -322,27 +327,27 @@ module Puppet::Util::Windows::Security
|
|
|
322
327
|
end
|
|
323
328
|
|
|
324
329
|
if (mode & S_ISVTX).nonzero?
|
|
325
|
-
nobody_allow |= FILE_APPEND_DATA;
|
|
330
|
+
nobody_allow |= FILE::FILE_APPEND_DATA;
|
|
326
331
|
end
|
|
327
332
|
|
|
328
333
|
# caller is NOT managing SYSTEM by using group or owner, so set to FULL
|
|
329
334
|
if ! [sd.owner, sd.group].include? well_known_system_sid
|
|
330
335
|
# we don't check S_ISYSTEM_MISSING bit, but automatically carry over existing SYSTEM perms
|
|
331
336
|
# by default set SYSTEM perms to full
|
|
332
|
-
system_allow = FILE_ALL_ACCESS
|
|
337
|
+
system_allow = FILE::FILE_ALL_ACCESS
|
|
333
338
|
end
|
|
334
339
|
|
|
335
340
|
isdir = File.directory?(path)
|
|
336
341
|
|
|
337
342
|
if isdir
|
|
338
343
|
if (mode & (S_IWUSR | S_IXUSR)) == (S_IWUSR | S_IXUSR)
|
|
339
|
-
owner_allow |= FILE_DELETE_CHILD
|
|
344
|
+
owner_allow |= FILE::FILE_DELETE_CHILD
|
|
340
345
|
end
|
|
341
346
|
if (mode & (S_IWGRP | S_IXGRP)) == (S_IWGRP | S_IXGRP) && (mode & S_ISVTX) == 0
|
|
342
|
-
group_allow |= FILE_DELETE_CHILD
|
|
347
|
+
group_allow |= FILE::FILE_DELETE_CHILD
|
|
343
348
|
end
|
|
344
349
|
if (mode & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH) && (mode & S_ISVTX) == 0
|
|
345
|
-
other_allow |= FILE_DELETE_CHILD
|
|
350
|
+
other_allow |= FILE::FILE_DELETE_CHILD
|
|
346
351
|
end
|
|
347
352
|
end
|
|
348
353
|
|
|
@@ -354,8 +359,8 @@ module Puppet::Util::Windows::Security
|
|
|
354
359
|
|
|
355
360
|
# if any ACE allows write, then clear readonly bit, but do this before we overwrite
|
|
356
361
|
# the DACl and lose our ability to set the attribute
|
|
357
|
-
if ((owner_allow | group_allow | other_allow ) & FILE_WRITE_DATA) == FILE_WRITE_DATA
|
|
358
|
-
remove_attributes(path, FILE_ATTRIBUTE_READONLY)
|
|
362
|
+
if ((owner_allow | group_allow | other_allow ) & FILE::FILE_WRITE_DATA) == FILE::FILE_WRITE_DATA
|
|
363
|
+
FILE.remove_attributes(path, FILE::FILE_ATTRIBUTE_READONLY)
|
|
359
364
|
end
|
|
360
365
|
|
|
361
366
|
dacl = Puppet::Util::Windows::AccessControlList.new
|
|
@@ -370,14 +375,15 @@ module Puppet::Util::Windows::Security
|
|
|
370
375
|
dacl.allow(well_known_system_sid, system_allow)
|
|
371
376
|
|
|
372
377
|
# add inherit-only aces for child dirs and files that are created within the dir
|
|
378
|
+
inherit_only = Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
|
|
373
379
|
if isdir
|
|
374
|
-
inherit =
|
|
380
|
+
inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE
|
|
375
381
|
dacl.allow(Win32::Security::SID::CreatorOwner, owner_allow, inherit)
|
|
376
382
|
dacl.allow(Win32::Security::SID::CreatorGroup, group_allow, inherit)
|
|
377
383
|
|
|
378
|
-
inherit =
|
|
379
|
-
dacl.allow(Win32::Security::SID::CreatorOwner, owner_allow & ~FILE_EXECUTE, inherit)
|
|
380
|
-
dacl.allow(Win32::Security::SID::CreatorGroup, group_allow & ~FILE_EXECUTE, inherit)
|
|
384
|
+
inherit = inherit_only | Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
|
|
385
|
+
dacl.allow(Win32::Security::SID::CreatorOwner, owner_allow & ~FILE::FILE_EXECUTE, inherit)
|
|
386
|
+
dacl.allow(Win32::Security::SID::CreatorGroup, group_allow & ~FILE::FILE_EXECUTE, inherit)
|
|
381
387
|
end
|
|
382
388
|
|
|
383
389
|
new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, dacl, protected)
|
|
@@ -386,45 +392,50 @@ module Puppet::Util::Windows::Security
|
|
|
386
392
|
nil
|
|
387
393
|
end
|
|
388
394
|
|
|
395
|
+
ACL_REVISION = 2
|
|
396
|
+
|
|
389
397
|
def add_access_allowed_ace(acl, mask, sid, inherit = nil)
|
|
390
398
|
inherit ||= NO_INHERITANCE
|
|
391
399
|
|
|
392
|
-
string_to_sid_ptr(sid) do |sid_ptr|
|
|
393
|
-
|
|
400
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
|
|
401
|
+
if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
|
|
402
|
+
raise Puppet::Util::Windows::Error.new("Invalid SID")
|
|
403
|
+
end
|
|
394
404
|
|
|
395
|
-
|
|
405
|
+
if AddAccessAllowedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
|
|
396
406
|
raise Puppet::Util::Windows::Error.new("Failed to add access control entry")
|
|
397
407
|
end
|
|
398
408
|
end
|
|
409
|
+
|
|
410
|
+
# ensure this method is void if it doesn't raise
|
|
411
|
+
nil
|
|
399
412
|
end
|
|
400
413
|
|
|
401
414
|
def add_access_denied_ace(acl, mask, sid, inherit = nil)
|
|
402
415
|
inherit ||= NO_INHERITANCE
|
|
403
416
|
|
|
404
|
-
string_to_sid_ptr(sid) do |sid_ptr|
|
|
405
|
-
|
|
417
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sid) do |sid_ptr|
|
|
418
|
+
if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
|
|
419
|
+
raise Puppet::Util::Windows::Error.new("Invalid SID")
|
|
420
|
+
end
|
|
406
421
|
|
|
407
|
-
|
|
422
|
+
if AddAccessDeniedAceEx(acl, ACL_REVISION, inherit, mask, sid_ptr) == FFI::WIN32_FALSE
|
|
408
423
|
raise Puppet::Util::Windows::Error.new("Failed to add access control entry")
|
|
409
424
|
end
|
|
410
425
|
end
|
|
426
|
+
|
|
427
|
+
# ensure this method is void if it doesn't raise
|
|
428
|
+
nil
|
|
411
429
|
end
|
|
412
430
|
|
|
413
431
|
def parse_dacl(dacl_ptr)
|
|
414
432
|
# REMIND: need to handle NULL DACL
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
# BYTE Padding1
|
|
422
|
-
# WORD AclSize
|
|
423
|
-
# WORD AceCount
|
|
424
|
-
# WORD Padding2
|
|
425
|
-
acl_buf = 0.chr * 8
|
|
426
|
-
memcpy(acl_buf, dacl_ptr, acl_buf.size)
|
|
427
|
-
ace_count = acl_buf.unpack('CCSSS')[3]
|
|
433
|
+
if IsValidAcl(dacl_ptr) == FFI::WIN32_FALSE
|
|
434
|
+
raise Puppet::Util::Windows::Error.new("Invalid DACL")
|
|
435
|
+
end
|
|
436
|
+
|
|
437
|
+
dacl_struct = ACL.new(dacl_ptr)
|
|
438
|
+
ace_count = dacl_struct[:AceCount]
|
|
428
439
|
|
|
429
440
|
dacl = Puppet::Util::Windows::AccessControlList.new
|
|
430
441
|
|
|
@@ -432,42 +443,32 @@ module Puppet::Util::Windows::Security
|
|
|
432
443
|
return dacl if ace_count == 0
|
|
433
444
|
|
|
434
445
|
0.upto(ace_count - 1) do |i|
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
raise Puppet::Util::Windows::Error.new("Failed to read DACL, invalid SID") unless IsValidSid(sid_ptr)
|
|
462
|
-
sid = sid_ptr_to_string(sid_ptr)
|
|
463
|
-
dacl.allow(sid, mask, ace_flags)
|
|
464
|
-
when ACCESS_DENIED_ACE_TYPE
|
|
465
|
-
sid_ptr = ace_ptr.unpack('L')[0] + 8 # address of ace_ptr->SidStart
|
|
466
|
-
raise Puppet::Util::Windows::Error.new("Failed to read DACL, invalid SID") unless IsValidSid(sid_ptr)
|
|
467
|
-
sid = sid_ptr_to_string(sid_ptr)
|
|
468
|
-
dacl.deny(sid, mask, ace_flags)
|
|
469
|
-
else
|
|
470
|
-
Puppet.warning "Unsupported access control entry type: 0x#{ace_type.to_s(16)}"
|
|
446
|
+
FFI::MemoryPointer.new(:pointer, 1) do |ace_ptr|
|
|
447
|
+
|
|
448
|
+
next if GetAce(dacl_ptr, i, ace_ptr) == FFI::WIN32_FALSE
|
|
449
|
+
|
|
450
|
+
# ACE structures vary depending on the type. We are only concerned with
|
|
451
|
+
# ACCESS_ALLOWED_ACE and ACCESS_DENIED_ACEs, which have the same layout
|
|
452
|
+
ace = GENERIC_ACCESS_ACE.new(ace_ptr.get_pointer(0)) #deref LPVOID *
|
|
453
|
+
|
|
454
|
+
ace_type = ace[:Header][:AceType]
|
|
455
|
+
if ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE &&
|
|
456
|
+
ace_type != Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
|
|
457
|
+
Puppet.warning "Unsupported access control entry type: 0x#{ace_type.to_s(16)}"
|
|
458
|
+
next
|
|
459
|
+
end
|
|
460
|
+
|
|
461
|
+
# using pointer addition gives the FFI::Pointer a size, but that's OK here
|
|
462
|
+
sid = Puppet::Util::Windows::SID.sid_ptr_to_string(ace.pointer + GENERIC_ACCESS_ACE.offset_of(:SidStart))
|
|
463
|
+
mask = ace[:Mask]
|
|
464
|
+
ace_flags = ace[:Header][:AceFlags]
|
|
465
|
+
|
|
466
|
+
case ace_type
|
|
467
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
|
|
468
|
+
dacl.allow(sid, mask, ace_flags)
|
|
469
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
|
|
470
|
+
dacl.deny(sid, mask, ace_flags)
|
|
471
|
+
end
|
|
471
472
|
end
|
|
472
473
|
end
|
|
473
474
|
|
|
@@ -476,67 +477,82 @@ module Puppet::Util::Windows::Security
|
|
|
476
477
|
|
|
477
478
|
# Open an existing file with the specified access mode, and execute a
|
|
478
479
|
# block with the opened file HANDLE.
|
|
479
|
-
def open_file(path, access)
|
|
480
|
-
handle =
|
|
481
|
-
path,
|
|
480
|
+
def open_file(path, access, &block)
|
|
481
|
+
handle = CreateFileW(
|
|
482
|
+
wide_string(path),
|
|
482
483
|
access,
|
|
483
|
-
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
484
|
-
|
|
485
|
-
OPEN_EXISTING,
|
|
486
|
-
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
|
|
487
|
-
|
|
488
|
-
|
|
484
|
+
FILE::FILE_SHARE_READ | FILE::FILE_SHARE_WRITE,
|
|
485
|
+
FFI::Pointer::NULL, # security_attributes
|
|
486
|
+
FILE::OPEN_EXISTING,
|
|
487
|
+
FILE::FILE_FLAG_OPEN_REPARSE_POINT | FILE::FILE_FLAG_BACKUP_SEMANTICS,
|
|
488
|
+
FFI::Pointer::NULL_HANDLE) # template
|
|
489
|
+
|
|
490
|
+
if handle == Puppet::Util::Windows::File::INVALID_HANDLE_VALUE
|
|
491
|
+
raise Puppet::Util::Windows::Error.new("Failed to open '#{path}'")
|
|
492
|
+
end
|
|
493
|
+
|
|
489
494
|
begin
|
|
490
495
|
yield handle
|
|
491
496
|
ensure
|
|
492
|
-
CloseHandle(handle)
|
|
497
|
+
FFI::WIN32.CloseHandle(handle) if handle
|
|
493
498
|
end
|
|
499
|
+
|
|
500
|
+
# handle has already had CloseHandle called against it, nothing to return
|
|
501
|
+
nil
|
|
494
502
|
end
|
|
495
503
|
|
|
496
504
|
# Execute a block with the specified privilege enabled
|
|
497
|
-
def with_privilege(privilege)
|
|
505
|
+
def with_privilege(privilege, &block)
|
|
498
506
|
set_privilege(privilege, true)
|
|
499
507
|
yield
|
|
500
508
|
ensure
|
|
501
509
|
set_privilege(privilege, false)
|
|
502
510
|
end
|
|
503
511
|
|
|
512
|
+
SE_PRIVILEGE_ENABLED = 0x00000002
|
|
513
|
+
TOKEN_ADJUST_PRIVILEGES = 0x0020
|
|
514
|
+
|
|
504
515
|
# Enable or disable a privilege. Note this doesn't add any privileges the
|
|
505
516
|
# user doesn't already has, it just enables privileges that are disabled.
|
|
506
517
|
def set_privilege(privilege, enable)
|
|
507
518
|
return unless Puppet.features.root?
|
|
508
519
|
|
|
509
|
-
with_process_token(TOKEN_ADJUST_PRIVILEGES
|
|
510
|
-
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
520
|
+
Puppet::Util::Windows::Process.with_process_token(TOKEN_ADJUST_PRIVILEGES) do |token|
|
|
521
|
+
Puppet::Util::Windows::Process.lookup_privilege_value(privilege) do |luid|
|
|
522
|
+
FFI::MemoryPointer.new(Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.size) do |luid_and_attributes_ptr|
|
|
523
|
+
# allocate unmanaged memory for structs that we clean up afterwards
|
|
524
|
+
luid_and_attributes = Puppet::Util::Windows::Process::LUID_AND_ATTRIBUTES.new(luid_and_attributes_ptr)
|
|
525
|
+
luid_and_attributes[:Luid] = luid
|
|
526
|
+
luid_and_attributes[:Attributes] = enable ? SE_PRIVILEGE_ENABLED : 0
|
|
527
|
+
|
|
528
|
+
FFI::MemoryPointer.new(Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.size) do |token_privileges_ptr|
|
|
529
|
+
token_privileges = Puppet::Util::Windows::Process::TOKEN_PRIVILEGES.new(token_privileges_ptr)
|
|
530
|
+
token_privileges[:PrivilegeCount] = 1
|
|
531
|
+
token_privileges[:Privileges][0] = luid_and_attributes
|
|
532
|
+
|
|
533
|
+
# size is correct given we only have 1 LUID, otherwise would be:
|
|
534
|
+
# [:PrivilegeCount].size + [:PrivilegeCount] * LUID_AND_ATTRIBUTES.size
|
|
535
|
+
if AdjustTokenPrivileges(token, FFI::WIN32_FALSE,
|
|
536
|
+
token_privileges, token_privileges.size,
|
|
537
|
+
FFI::MemoryPointer::NULL, FFI::MemoryPointer::NULL) == FFI::WIN32_FALSE
|
|
538
|
+
raise Puppet::Util::Windows::Error.new("Failed to adjust process privileges")
|
|
539
|
+
end
|
|
540
|
+
end
|
|
541
|
+
end
|
|
522
542
|
end
|
|
523
543
|
end
|
|
524
|
-
end
|
|
525
|
-
|
|
526
|
-
# Execute a block with the current process token
|
|
527
|
-
def with_process_token(access)
|
|
528
|
-
token = 0.chr * 4
|
|
529
544
|
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
begin
|
|
534
|
-
token = token.unpack('L')[0]
|
|
545
|
+
# token / luid structs freed by this point, so return true as nothing raised
|
|
546
|
+
true
|
|
547
|
+
end
|
|
535
548
|
|
|
549
|
+
def with_process_token(access, &block)
|
|
550
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.with_process_token is deprecated; please use Puppet::Util::Windows::Process.with_process_token')
|
|
551
|
+
Puppet::Util::Windows::Process.with_process_token(access) do |token|
|
|
536
552
|
yield token
|
|
537
|
-
ensure
|
|
538
|
-
CloseHandle(token)
|
|
539
553
|
end
|
|
554
|
+
|
|
555
|
+
nil
|
|
540
556
|
end
|
|
541
557
|
|
|
542
558
|
def get_security_descriptor(path)
|
|
@@ -544,40 +560,43 @@ module Puppet::Util::Windows::Security
|
|
|
544
560
|
|
|
545
561
|
with_privilege(SE_BACKUP_NAME) do
|
|
546
562
|
open_file(path, READ_CONTROL) do |handle|
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
563
|
+
FFI::MemoryPointer.new(:pointer, 1) do |owner_sid_ptr_ptr|
|
|
564
|
+
FFI::MemoryPointer.new(:pointer, 1) do |group_sid_ptr_ptr|
|
|
565
|
+
FFI::MemoryPointer.new(:pointer, 1) do |dacl_ptr_ptr|
|
|
566
|
+
FFI::MemoryPointer.new(:pointer, 1) do |sd_ptr_ptr|
|
|
567
|
+
|
|
568
|
+
rv = GetSecurityInfo(
|
|
569
|
+
handle,
|
|
570
|
+
:SE_FILE_OBJECT,
|
|
571
|
+
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
|
572
|
+
owner_sid_ptr_ptr,
|
|
573
|
+
group_sid_ptr_ptr,
|
|
574
|
+
dacl_ptr_ptr,
|
|
575
|
+
FFI::Pointer::NULL, #sacl
|
|
576
|
+
sd_ptr_ptr) #sec desc
|
|
577
|
+
raise Puppet::Util::Windows::Error.new("Failed to get security information") if rv != FFI::ERROR_SUCCESS
|
|
578
|
+
|
|
579
|
+
# these 2 convenience params are not freed since they point inside sd_ptr
|
|
580
|
+
owner = Puppet::Util::Windows::SID.sid_ptr_to_string(owner_sid_ptr_ptr.get_pointer(0))
|
|
581
|
+
group = Puppet::Util::Windows::SID.sid_ptr_to_string(group_sid_ptr_ptr.get_pointer(0))
|
|
582
|
+
|
|
583
|
+
FFI::MemoryPointer.new(:word, 1) do |control|
|
|
584
|
+
FFI::MemoryPointer.new(:dword, 1) do |revision|
|
|
585
|
+
sd_ptr_ptr.read_win32_local_pointer do |sd_ptr|
|
|
586
|
+
|
|
587
|
+
if GetSecurityDescriptorControl(sd_ptr, control, revision) == FFI::WIN32_FALSE
|
|
588
|
+
raise Puppet::Util::Windows::Error.new("Failed to get security descriptor control")
|
|
589
|
+
end
|
|
590
|
+
|
|
591
|
+
protect = (control.read_word & SE_DACL_PROTECTED) == SE_DACL_PROTECTED
|
|
592
|
+
dacl = parse_dacl(dacl_ptr_ptr.get_pointer(0))
|
|
593
|
+
sd = Puppet::Util::Windows::SecurityDescriptor.new(owner, group, dacl, protect)
|
|
594
|
+
end
|
|
595
|
+
end
|
|
596
|
+
end
|
|
597
|
+
end
|
|
598
|
+
end
|
|
573
599
|
end
|
|
574
|
-
|
|
575
|
-
protect = (control.read_uint16 & SE_DACL_PROTECTED) == SE_DACL_PROTECTED
|
|
576
|
-
|
|
577
|
-
dacl = parse_dacl(dacl.unpack('L')[0])
|
|
578
|
-
sd = Puppet::Util::Windows::SecurityDescriptor.new(owner, group, dacl, protect)
|
|
579
|
-
ensure
|
|
580
|
-
LocalFree(ppsd.unpack('L')[0])
|
|
581
600
|
end
|
|
582
601
|
end
|
|
583
602
|
end
|
|
@@ -585,67 +604,317 @@ module Puppet::Util::Windows::Security
|
|
|
585
604
|
sd
|
|
586
605
|
end
|
|
587
606
|
|
|
607
|
+
def get_max_generic_acl_size(ace_count)
|
|
608
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
|
|
609
|
+
# To calculate the initial size of an ACL, add the following together, and then align the result to the nearest DWORD:
|
|
610
|
+
# * Size of the ACL structure.
|
|
611
|
+
# * Size of each ACE structure that the ACL is to contain minus the SidStart member (DWORD) of the ACE.
|
|
612
|
+
# * Length of the SID that each ACE is to contain.
|
|
613
|
+
ACL.size + ace_count * MAXIMUM_GENERIC_ACE_SIZE
|
|
614
|
+
end
|
|
615
|
+
|
|
588
616
|
# setting DACL requires both READ_CONTROL and WRITE_DACL access rights,
|
|
589
617
|
# and their respective privileges, SE_BACKUP_NAME and SE_RESTORE_NAME.
|
|
590
618
|
def set_security_descriptor(path, sd)
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
end
|
|
619
|
+
FFI::MemoryPointer.new(:byte, get_max_generic_acl_size(sd.dacl.count)) do |acl_ptr|
|
|
620
|
+
if InitializeAcl(acl_ptr, acl_ptr.size, ACL_REVISION) == FFI::WIN32_FALSE
|
|
621
|
+
raise Puppet::Util::Windows::Error.new("Failed to initialize ACL")
|
|
622
|
+
end
|
|
596
623
|
|
|
597
|
-
|
|
624
|
+
if IsValidAcl(acl_ptr) == FFI::WIN32_FALSE
|
|
625
|
+
raise Puppet::Util::Windows::Error.new("Invalid DACL")
|
|
626
|
+
end
|
|
598
627
|
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
628
|
+
with_privilege(SE_BACKUP_NAME) do
|
|
629
|
+
with_privilege(SE_RESTORE_NAME) do
|
|
630
|
+
open_file(path, READ_CONTROL | WRITE_DAC | WRITE_OWNER) do |handle|
|
|
631
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sd.owner) do |owner_sid_ptr|
|
|
632
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(sd.group) do |group_sid_ptr|
|
|
633
|
+
sd.dacl.each do |ace|
|
|
634
|
+
case ace.type
|
|
635
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_ALLOWED_ACE_TYPE
|
|
636
|
+
#puts "ace: allow, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
|
|
637
|
+
add_access_allowed_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
|
|
638
|
+
when Puppet::Util::Windows::AccessControlEntry::ACCESS_DENIED_ACE_TYPE
|
|
639
|
+
#puts "ace: deny, sid #{Puppet::Util::Windows::SID.sid_to_name(ace.sid)}, mask 0x#{ace.mask.to_s(16)}"
|
|
640
|
+
add_access_denied_ace(acl_ptr, ace.mask, ace.sid, ace.flags)
|
|
641
|
+
else
|
|
642
|
+
raise "We should never get here"
|
|
643
|
+
# TODO: this should have been a warning in an earlier commit
|
|
644
|
+
end
|
|
615
645
|
end
|
|
616
|
-
end
|
|
617
646
|
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
647
|
+
# protected means the object does not inherit aces from its parent
|
|
648
|
+
flags = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION
|
|
649
|
+
flags |= sd.protect ? PROTECTED_DACL_SECURITY_INFORMATION : UNPROTECTED_DACL_SECURITY_INFORMATION
|
|
650
|
+
|
|
651
|
+
rv = SetSecurityInfo(handle,
|
|
652
|
+
:SE_FILE_OBJECT,
|
|
653
|
+
flags,
|
|
654
|
+
owner_sid_ptr,
|
|
655
|
+
group_sid_ptr,
|
|
656
|
+
acl_ptr,
|
|
657
|
+
FFI::MemoryPointer::NULL)
|
|
658
|
+
|
|
659
|
+
if rv != FFI::ERROR_SUCCESS
|
|
660
|
+
raise Puppet::Util::Windows::Error.new("Failed to set security information")
|
|
661
|
+
end
|
|
662
|
+
end
|
|
630
663
|
end
|
|
631
664
|
end
|
|
632
665
|
end
|
|
633
666
|
end
|
|
634
667
|
end
|
|
668
|
+
|
|
669
|
+
def name_to_sid(name)
|
|
670
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.name_to_sid is deprecated; please use Puppet::Util::Windows::SID.name_to_sid')
|
|
671
|
+
Puppet::Util::Windows::SID.name_to_sid(name)
|
|
672
|
+
end
|
|
673
|
+
|
|
674
|
+
def name_to_sid_object(name)
|
|
675
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.name_to_sid_object is deprecated; please use Puppet::Util::Windows::SID.name_to_sid_object')
|
|
676
|
+
Puppet::Util::Windows::SID.name_to_sid_object(name)
|
|
677
|
+
end
|
|
678
|
+
|
|
679
|
+
def octet_string_to_sid_object(bytes)
|
|
680
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.octet_string_to_sid_object is deprecated; please use Puppet::Util::Windows::SID.octet_string_to_sid_object')
|
|
681
|
+
Puppet::Util::Windows::SID.octet_string_to_sid_object(bytes)
|
|
682
|
+
end
|
|
683
|
+
|
|
684
|
+
def sid_to_name(value)
|
|
685
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.sid_to_name is deprecated; please use Puppet::Util::Windows::SID.sid_to_name')
|
|
686
|
+
Puppet::Util::Windows::SID.sid_to_name(value)
|
|
687
|
+
end
|
|
688
|
+
|
|
689
|
+
def sid_ptr_to_string(psid)
|
|
690
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.sid_ptr_to_string is deprecated; please use Puppet::Util::Windows::SID.sid_ptr_to_string')
|
|
691
|
+
Puppet::Util::Windows::SID.sid_ptr_to_string(psid)
|
|
692
|
+
end
|
|
693
|
+
|
|
694
|
+
def string_to_sid_ptr(string_sid, &block)
|
|
695
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.string_to_sid_ptr is deprecated; please use Puppet::Util::Windows::SID.string_to_sid_ptr')
|
|
696
|
+
Puppet::Util::Windows::SID.string_to_sid_ptr(string_sid, &block)
|
|
697
|
+
end
|
|
698
|
+
|
|
699
|
+
def valid_sid?(string_sid)
|
|
700
|
+
Puppet.deprecation_warning('Puppet::Util::Windows::Security.valid_sid? is deprecated; please use Puppet::Util::Windows::SID.valid_sid?')
|
|
701
|
+
Puppet::Util::Windows::SID.valid_sid?(string_sid)
|
|
702
|
+
end
|
|
635
703
|
end
|
|
636
704
|
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
705
|
+
ffi_convention :stdcall
|
|
706
|
+
|
|
707
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
|
|
708
|
+
# HANDLE WINAPI CreateFile(
|
|
709
|
+
# _In_ LPCTSTR lpFileName,
|
|
710
|
+
# _In_ DWORD dwDesiredAccess,
|
|
711
|
+
# _In_ DWORD dwShareMode,
|
|
712
|
+
# _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
|
|
713
|
+
# _In_ DWORD dwCreationDisposition,
|
|
714
|
+
# _In_ DWORD dwFlagsAndAttributes,
|
|
715
|
+
# _In_opt_ HANDLE hTemplateFile
|
|
716
|
+
# );
|
|
717
|
+
ffi_lib :kernel32
|
|
718
|
+
attach_function_private :CreateFileW,
|
|
719
|
+
[:lpcwstr, :dword, :dword, :pointer, :dword, :dword, :handle], :handle
|
|
720
|
+
|
|
721
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa364993(v=vs.85).aspx
|
|
722
|
+
# BOOL WINAPI GetVolumeInformation(
|
|
723
|
+
# _In_opt_ LPCTSTR lpRootPathName,
|
|
724
|
+
# _Out_opt_ LPTSTR lpVolumeNameBuffer,
|
|
725
|
+
# _In_ DWORD nVolumeNameSize,
|
|
726
|
+
# _Out_opt_ LPDWORD lpVolumeSerialNumber,
|
|
727
|
+
# _Out_opt_ LPDWORD lpMaximumComponentLength,
|
|
728
|
+
# _Out_opt_ LPDWORD lpFileSystemFlags,
|
|
729
|
+
# _Out_opt_ LPTSTR lpFileSystemNameBuffer,
|
|
730
|
+
# _In_ DWORD nFileSystemNameSize
|
|
731
|
+
# );
|
|
732
|
+
ffi_lib :kernel32
|
|
733
|
+
attach_function_private :GetVolumeInformationW,
|
|
734
|
+
[:lpcwstr, :lpwstr, :dword, :lpdword, :lpdword, :lpdword, :lpwstr, :dword], :win32_bool
|
|
735
|
+
|
|
736
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374951(v=vs.85).aspx
|
|
737
|
+
# BOOL WINAPI AddAccessAllowedAceEx(
|
|
738
|
+
# _Inout_ PACL pAcl,
|
|
739
|
+
# _In_ DWORD dwAceRevision,
|
|
740
|
+
# _In_ DWORD AceFlags,
|
|
741
|
+
# _In_ DWORD AccessMask,
|
|
742
|
+
# _In_ PSID pSid
|
|
743
|
+
# );
|
|
744
|
+
ffi_lib :advapi32
|
|
745
|
+
attach_function_private :AddAccessAllowedAceEx,
|
|
746
|
+
[:pointer, :dword, :dword, :dword, :pointer], :win32_bool
|
|
747
|
+
|
|
748
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374964(v=vs.85).aspx
|
|
749
|
+
# BOOL WINAPI AddAccessDeniedAceEx(
|
|
750
|
+
# _Inout_ PACL pAcl,
|
|
751
|
+
# _In_ DWORD dwAceRevision,
|
|
752
|
+
# _In_ DWORD AceFlags,
|
|
753
|
+
# _In_ DWORD AccessMask,
|
|
754
|
+
# _In_ PSID pSid
|
|
755
|
+
# );
|
|
756
|
+
ffi_lib :advapi32
|
|
757
|
+
attach_function_private :AddAccessDeniedAceEx,
|
|
758
|
+
[:pointer, :dword, :dword, :dword, :pointer], :win32_bool
|
|
759
|
+
|
|
760
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374931(v=vs.85).aspx
|
|
761
|
+
# typedef struct _ACL {
|
|
762
|
+
# BYTE AclRevision;
|
|
763
|
+
# BYTE Sbz1;
|
|
764
|
+
# WORD AclSize;
|
|
765
|
+
# WORD AceCount;
|
|
766
|
+
# WORD Sbz2;
|
|
767
|
+
# } ACL, *PACL;
|
|
768
|
+
class ACL < FFI::Struct
|
|
769
|
+
layout :AclRevision, :byte,
|
|
770
|
+
:Sbz1, :byte,
|
|
771
|
+
:AclSize, :word,
|
|
772
|
+
:AceCount, :word,
|
|
773
|
+
:Sbz2, :word
|
|
650
774
|
end
|
|
775
|
+
|
|
776
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374912(v=vs.85).aspx
|
|
777
|
+
# ACE types
|
|
778
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374919(v=vs.85).aspx
|
|
779
|
+
# typedef struct _ACE_HEADER {
|
|
780
|
+
# BYTE AceType;
|
|
781
|
+
# BYTE AceFlags;
|
|
782
|
+
# WORD AceSize;
|
|
783
|
+
# } ACE_HEADER, *PACE_HEADER;
|
|
784
|
+
class ACE_HEADER < FFI::Struct
|
|
785
|
+
layout :AceType, :byte,
|
|
786
|
+
:AceFlags, :byte,
|
|
787
|
+
:AceSize, :word
|
|
788
|
+
end
|
|
789
|
+
|
|
790
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374892(v=vs.85).aspx
|
|
791
|
+
# ACCESS_MASK
|
|
792
|
+
|
|
793
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374847(v=vs.85).aspx
|
|
794
|
+
# typedef struct _ACCESS_ALLOWED_ACE {
|
|
795
|
+
# ACE_HEADER Header;
|
|
796
|
+
# ACCESS_MASK Mask;
|
|
797
|
+
# DWORD SidStart;
|
|
798
|
+
# } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
|
|
799
|
+
#
|
|
800
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa374879(v=vs.85).aspx
|
|
801
|
+
# typedef struct _ACCESS_DENIED_ACE {
|
|
802
|
+
# ACE_HEADER Header;
|
|
803
|
+
# ACCESS_MASK Mask;
|
|
804
|
+
# DWORD SidStart;
|
|
805
|
+
# } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
|
|
806
|
+
class GENERIC_ACCESS_ACE < FFI::Struct
|
|
807
|
+
# ACE structures must be aligned on DWORD boundaries. All Windows
|
|
808
|
+
# memory-management functions return DWORD-aligned handles to memory
|
|
809
|
+
pack 4
|
|
810
|
+
layout :Header, ACE_HEADER,
|
|
811
|
+
:Mask, :dword,
|
|
812
|
+
:SidStart, :dword
|
|
813
|
+
end
|
|
814
|
+
|
|
815
|
+
# http://stackoverflow.com/a/1792930
|
|
816
|
+
MAXIMUM_SID_BYTES_LENGTH = 68
|
|
817
|
+
MAXIMUM_GENERIC_ACE_SIZE = GENERIC_ACCESS_ACE.offset_of(:SidStart) +
|
|
818
|
+
MAXIMUM_SID_BYTES_LENGTH
|
|
819
|
+
|
|
820
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa446634(v=vs.85).aspx
|
|
821
|
+
# BOOL WINAPI GetAce(
|
|
822
|
+
# _In_ PACL pAcl,
|
|
823
|
+
# _In_ DWORD dwAceIndex,
|
|
824
|
+
# _Out_ LPVOID *pAce
|
|
825
|
+
# );
|
|
826
|
+
ffi_lib :advapi32
|
|
827
|
+
attach_function_private :GetAce,
|
|
828
|
+
[:pointer, :dword, :pointer], :win32_bool
|
|
829
|
+
|
|
830
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa375202(v=vs.85).aspx
|
|
831
|
+
# BOOL WINAPI AdjustTokenPrivileges(
|
|
832
|
+
# _In_ HANDLE TokenHandle,
|
|
833
|
+
# _In_ BOOL DisableAllPrivileges,
|
|
834
|
+
# _In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
835
|
+
# _In_ DWORD BufferLength,
|
|
836
|
+
# _Out_opt_ PTOKEN_PRIVILEGES PreviousState,
|
|
837
|
+
# _Out_opt_ PDWORD ReturnLength
|
|
838
|
+
# );
|
|
839
|
+
ffi_lib :advapi32
|
|
840
|
+
attach_function_private :AdjustTokenPrivileges,
|
|
841
|
+
[:handle, :win32_bool, :pointer, :dword, :pointer, :pdword], :win32_bool
|
|
842
|
+
|
|
843
|
+
# http://msdn.microsoft.com/en-us/library/windows/hardware/ff556610(v=vs.85).aspx
|
|
844
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
|
|
845
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa446647(v=vs.85).aspx
|
|
846
|
+
# typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
|
|
847
|
+
# BOOL WINAPI GetSecurityDescriptorControl(
|
|
848
|
+
# _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
849
|
+
# _Out_ PSECURITY_DESCRIPTOR_CONTROL pControl,
|
|
850
|
+
# _Out_ LPDWORD lpdwRevision
|
|
851
|
+
# );
|
|
852
|
+
ffi_lib :advapi32
|
|
853
|
+
attach_function_private :GetSecurityDescriptorControl,
|
|
854
|
+
[:pointer, :lpword, :lpdword], :win32_bool
|
|
855
|
+
|
|
856
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa378853(v=vs.85).aspx
|
|
857
|
+
# BOOL WINAPI InitializeAcl(
|
|
858
|
+
# _Out_ PACL pAcl,
|
|
859
|
+
# _In_ DWORD nAclLength,
|
|
860
|
+
# _In_ DWORD dwAclRevision
|
|
861
|
+
# );
|
|
862
|
+
ffi_lib :advapi32
|
|
863
|
+
attach_function_private :InitializeAcl,
|
|
864
|
+
[:pointer, :dword, :dword], :win32_bool
|
|
865
|
+
|
|
866
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa379142(v=vs.85).aspx
|
|
867
|
+
# BOOL WINAPI IsValidAcl(
|
|
868
|
+
# _In_ PACL pAcl
|
|
869
|
+
# );
|
|
870
|
+
ffi_lib :advapi32
|
|
871
|
+
attach_function_private :IsValidAcl,
|
|
872
|
+
[:pointer], :win32_bool
|
|
873
|
+
|
|
874
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx
|
|
875
|
+
SE_OBJECT_TYPE = enum(
|
|
876
|
+
:SE_UNKNOWN_OBJECT_TYPE, 0,
|
|
877
|
+
:SE_FILE_OBJECT,
|
|
878
|
+
:SE_SERVICE,
|
|
879
|
+
:SE_PRINTER,
|
|
880
|
+
:SE_REGISTRY_KEY,
|
|
881
|
+
:SE_LMSHARE,
|
|
882
|
+
:SE_KERNEL_OBJECT,
|
|
883
|
+
:SE_WINDOW_OBJECT,
|
|
884
|
+
:SE_DS_OBJECT,
|
|
885
|
+
:SE_DS_OBJECT_ALL,
|
|
886
|
+
:SE_PROVIDER_DEFINED_OBJECT,
|
|
887
|
+
:SE_WMIGUID_OBJECT,
|
|
888
|
+
:SE_REGISTRY_WOW64_32KEY
|
|
889
|
+
)
|
|
890
|
+
|
|
891
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa446654(v=vs.85).aspx
|
|
892
|
+
# DWORD WINAPI GetSecurityInfo(
|
|
893
|
+
# _In_ HANDLE handle,
|
|
894
|
+
# _In_ SE_OBJECT_TYPE ObjectType,
|
|
895
|
+
# _In_ SECURITY_INFORMATION SecurityInfo,
|
|
896
|
+
# _Out_opt_ PSID *ppsidOwner,
|
|
897
|
+
# _Out_opt_ PSID *ppsidGroup,
|
|
898
|
+
# _Out_opt_ PACL *ppDacl,
|
|
899
|
+
# _Out_opt_ PACL *ppSacl,
|
|
900
|
+
# _Out_opt_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor
|
|
901
|
+
# );
|
|
902
|
+
ffi_lib :advapi32
|
|
903
|
+
attach_function_private :GetSecurityInfo,
|
|
904
|
+
[:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer, :pointer], :dword
|
|
905
|
+
|
|
906
|
+
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa379588(v=vs.85).aspx
|
|
907
|
+
# DWORD WINAPI SetSecurityInfo(
|
|
908
|
+
# _In_ HANDLE handle,
|
|
909
|
+
# _In_ SE_OBJECT_TYPE ObjectType,
|
|
910
|
+
# _In_ SECURITY_INFORMATION SecurityInfo,
|
|
911
|
+
# _In_opt_ PSID psidOwner,
|
|
912
|
+
# _In_opt_ PSID psidGroup,
|
|
913
|
+
# _In_opt_ PACL pDacl,
|
|
914
|
+
# _In_opt_ PACL pSacl
|
|
915
|
+
# );
|
|
916
|
+
ffi_lib :advapi32
|
|
917
|
+
# TODO: SECURITY_INFORMATION is actually a bitmask the size of a DWORD
|
|
918
|
+
attach_function_private :SetSecurityInfo,
|
|
919
|
+
[:handle, SE_OBJECT_TYPE, :dword, :pointer, :pointer, :pointer, :pointer], :dword
|
|
651
920
|
end
|