puppet 4.3.1-x86-mingw32 → 4.3.2-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ext/build_defaults.yaml +1 -1
- data/lib/hiera/scope.rb +1 -1
- data/lib/puppet/application/lookup.rb +41 -43
- data/lib/puppet/data_providers/lookup_adapter.rb +73 -26
- data/lib/puppet/functions/lookup.rb +126 -150
- data/lib/puppet/functions/match.rb +1 -0
- data/lib/puppet/indirector/hiera.rb +3 -1
- data/lib/puppet/indirector/indirection.rb +6 -2
- data/lib/puppet/indirector/json.rb +2 -2
- data/lib/puppet/module.rb +3 -2
- data/lib/puppet/node.rb +11 -2
- data/lib/puppet/parser/compiler.rb +1 -8
- data/lib/puppet/parser/functions/lookup.rb +128 -149
- data/lib/puppet/parser/functions/match.rb +1 -0
- data/lib/puppet/plugins/data_providers/data_provider.rb +3 -2
- data/lib/puppet/pops/adapters.rb +43 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +3 -3
- data/lib/puppet/pops/evaluator/closure.rb +51 -51
- data/lib/puppet/pops/evaluator/collector_transformer.rb +16 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +11 -2
- data/lib/puppet/pops/functions/function.rb +6 -2
- data/lib/puppet/pops/issues.rb +16 -0
- data/lib/puppet/pops/loader/puppet_function_instantiator.rb +3 -2
- data/lib/puppet/pops/lookup.rb +3 -0
- data/lib/puppet/pops/lookup/explainer.rb +73 -3
- data/lib/puppet/pops/lookup/invocation.rb +21 -19
- data/lib/puppet/pops/model/factory.rb +153 -155
- data/lib/puppet/pops/model/model.rb +9 -0
- data/lib/puppet/pops/model/model_label_provider.rb +1 -0
- data/lib/puppet/pops/parser/evaluating_parser.rb +3 -3
- data/lib/puppet/pops/parser/lexer2.rb +411 -393
- data/lib/puppet/pops/parser/slurp_support.rb +5 -1
- data/lib/puppet/pops/types/type_calculator.rb +2 -6
- data/lib/puppet/pops/types/types.rb +3 -9
- data/lib/puppet/pops/validation/checker4_0.rb +36 -12
- data/lib/puppet/provider/group/windows_adsi.rb +2 -2
- data/lib/puppet/provider/package/pip.rb +11 -1
- data/lib/puppet/provider/package/rpm.rb +0 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/service/debian.rb +5 -18
- data/lib/puppet/provider/service/init.rb +7 -0
- data/lib/puppet/provider/service/launchd.rb +6 -0
- data/lib/puppet/provider/service/systemd.rb +1 -1
- data/lib/puppet/provider/user/windows_adsi.rb +2 -2
- data/lib/puppet/provider/yumrepo/inifile.rb +6 -3
- data/lib/puppet/resource/type.rb +2 -1
- data/lib/puppet/transaction/additional_resource_generator.rb +17 -3
- data/lib/puppet/type/group.rb +6 -2
- data/lib/puppet/util/windows.rb +4 -0
- data/lib/puppet/util/windows/adsi.rb +61 -24
- data/lib/puppet/util/windows/principal.rb +181 -0
- data/lib/puppet/util/windows/registry.rb +21 -15
- data/lib/puppet/util/windows/sid.rb +42 -11
- data/lib/puppet/version.rb +1 -1
- data/spec/fixtures/unit/application/environments/production/data/common.yaml +4 -0
- data/spec/fixtures/unit/application/environments/production/manifests/site.pp +1 -0
- data/spec/fixtures/unit/application/environments/puppet_func_provider/environment.conf +1 -0
- data/spec/fixtures/unit/application/environments/puppet_func_provider/functions/data.pp +10 -0
- data/spec/fixtures/unit/application/environments/puppet_func_provider/manifests/site.pp +1 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_module_config/data/common.yaml +4 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_module_config/data/specific.yaml +4 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_module_config/hiera.yaml +7 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/data/common.yaml +4 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/data/specific.yaml +4 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/environment.conf +2 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/hiera.yaml +7 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/manifests/site.pp +1 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/data/common.yaml +6 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/hiera.yaml +5 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/manifests/init.pp +2 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/metadata.json +9 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/data/common.yaml +4 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/hiera.yaml +5 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/manifests/init.pp +3 -0
- data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/metadata.json +9 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee/functions/usee_puppet.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/{usee → modules/usee}/lib/puppet/functions/usee/callee.rb +0 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee/lib/puppet/functions/usee/usee_ruby.rb +6 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee/manifests/init.pp +6 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee2/lib/puppet/functions/usee2/callee.rb +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/functions/puppet_calling_puppet.pp +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/functions/puppet_calling_puppet_init.pp +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/functions/puppet_calling_ruby.pp +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/{user → modules/user}/lib/puppet/functions/user/caller.rb +0 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/caller2.rb +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/ruby_calling_puppet.rb +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/ruby_calling_puppet_init.rb +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/ruby_calling_ruby.rb +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/manifests/init.pp +81 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/{user → modules/user}/metadata.json +2 -1
- data/spec/integration/parser/collection_spec.rb +8 -0
- data/spec/integration/util/windows/principal_spec.rb +115 -0
- data/spec/{unit → integration}/util/windows/registry_spec.rb +91 -1
- data/spec/integration/util/windows/security_spec.rb +2 -2
- data/spec/unit/application/lookup_spec.rb +138 -28
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +182 -5
- data/spec/unit/face/epp_face_spec.rb +2 -2
- data/spec/unit/functions/epp_spec.rb +6 -6
- data/spec/unit/functions/inline_epp_spec.rb +4 -4
- data/spec/unit/functions/lookup_spec.rb +30 -3
- data/spec/unit/functions4_spec.rb +1 -1
- data/spec/unit/hiera/scope_spec.rb +5 -2
- data/spec/unit/indirector/json_spec.rb +1 -1
- data/spec/unit/node_spec.rb +8 -0
- data/spec/unit/parser/compiler_spec.rb +0 -18
- data/spec/unit/pops/evaluator/access_ops_spec.rb +4 -4
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +1 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +84 -2
- data/spec/unit/pops/parser/lexer2_spec.rb +6 -0
- data/spec/unit/pops/parser/parser_rspec_helper.rb +5 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +0 -17
- data/spec/unit/pops/validator/validator_spec.rb +87 -0
- data/spec/unit/provider/group/windows_adsi_spec.rb +8 -8
- data/spec/unit/provider/package/pip_spec.rb +41 -13
- data/spec/unit/provider/package/rpm_spec.rb +2 -25
- data/spec/unit/provider/package/yum_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +6 -24
- data/spec/unit/provider/service/init_spec.rb +11 -1
- data/spec/unit/provider/service/launchd_spec.rb +11 -0
- data/spec/unit/provider/service/systemd_spec.rb +18 -12
- data/spec/unit/provider/service/upstart_spec.rb +57 -0
- data/spec/unit/provider/user/windows_adsi_spec.rb +5 -5
- data/spec/unit/provider/yumrepo/inifile_spec.rb +16 -0
- data/spec/unit/resource_spec.rb +12 -2
- data/spec/unit/util/windows/adsi_spec.rb +44 -36
- data/spec/unit/util/windows/sid_spec.rb +47 -10
- metadata +77 -10
@@ -0,0 +1,181 @@
|
|
1
|
+
require 'puppet/util/windows'
|
2
|
+
|
3
|
+
module Puppet::Util::Windows::SID
|
4
|
+
class Principal
|
5
|
+
extend FFI::Library
|
6
|
+
attr_reader :account, :sid_bytes, :sid, :domain, :domain_account, :account_type
|
7
|
+
|
8
|
+
def initialize(account, sid_bytes, sid, domain, account_type)
|
9
|
+
# Calling lookup_account_name like host\user is valid and therefore this
|
10
|
+
# value may include two components, but favor the domain value passed in
|
11
|
+
@account = account =~ /(.+)\\(.+)/ ? $2 : account
|
12
|
+
@sid_bytes = sid_bytes
|
13
|
+
@sid = sid
|
14
|
+
@domain = domain
|
15
|
+
# when domain is available, combine it with parsed account
|
16
|
+
# otherwise use the account value directly
|
17
|
+
@domain_account = domain && !domain.empty? ?
|
18
|
+
"#{domain}\\#{@account}" : account
|
19
|
+
|
20
|
+
@account_type = account_type
|
21
|
+
end
|
22
|
+
|
23
|
+
# added for backward compatibility
|
24
|
+
def ==(compare)
|
25
|
+
compare.is_a?(Puppet::Util::Windows::SID::Principal) &&
|
26
|
+
@sid_bytes == compare.sid_bytes
|
27
|
+
end
|
28
|
+
|
29
|
+
# added for backward compatibility
|
30
|
+
def to_s
|
31
|
+
@sid
|
32
|
+
end
|
33
|
+
|
34
|
+
# = 8 + max sub identifiers (15) * 4
|
35
|
+
MAXIMUM_SID_BYTE_LENGTH = 68
|
36
|
+
|
37
|
+
ERROR_INSUFFICIENT_BUFFER = 122
|
38
|
+
|
39
|
+
def self.lookup_account_name(system_name = nil, account_name)
|
40
|
+
system_name_ptr = FFI::Pointer::NULL
|
41
|
+
begin
|
42
|
+
if system_name
|
43
|
+
system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
|
44
|
+
# uchar here is synonymous with byte
|
45
|
+
system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
|
46
|
+
system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
|
47
|
+
end
|
48
|
+
|
49
|
+
FFI::MemoryPointer.from_string_to_wide_string(account_name) do |account_name_ptr|
|
50
|
+
FFI::MemoryPointer.new(:byte, MAXIMUM_SID_BYTE_LENGTH) do |sid_ptr|
|
51
|
+
FFI::MemoryPointer.new(:dword, 1) do |sid_length_ptr|
|
52
|
+
FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
|
53
|
+
FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|
|
54
|
+
|
55
|
+
sid_length_ptr.write_dword(MAXIMUM_SID_BYTE_LENGTH)
|
56
|
+
success = LookupAccountNameW(system_name_ptr, account_name_ptr, sid_ptr, sid_length_ptr,
|
57
|
+
FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
|
58
|
+
last_error = FFI.errno
|
59
|
+
|
60
|
+
if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
|
61
|
+
raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountNameW', last_error)
|
62
|
+
end
|
63
|
+
|
64
|
+
FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
|
65
|
+
if LookupAccountNameW(system_name_ptr, account_name_ptr,
|
66
|
+
sid_ptr, sid_length_ptr,
|
67
|
+
domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
|
68
|
+
raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountNameW')
|
69
|
+
end
|
70
|
+
|
71
|
+
return new(
|
72
|
+
account_name,
|
73
|
+
sid_ptr.read_bytes(sid_length_ptr.read_dword).unpack('C*'),
|
74
|
+
Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr),
|
75
|
+
domain_ptr.read_wide_string(domain_length_ptr.read_dword),
|
76
|
+
SID_NAME_USE[name_use_enum_ptr.read_uint32])
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
ensure
|
84
|
+
system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
def self.lookup_account_sid(system_name = nil, sid_bytes)
|
89
|
+
system_name_ptr = FFI::Pointer::NULL
|
90
|
+
begin
|
91
|
+
if system_name
|
92
|
+
system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
|
93
|
+
# uchar here is synonymous with byte
|
94
|
+
system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
|
95
|
+
system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
|
96
|
+
end
|
97
|
+
|
98
|
+
FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
|
99
|
+
FFI::MemoryPointer.new(:dword, 1) do |name_length_ptr|
|
100
|
+
FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
|
101
|
+
FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|
|
102
|
+
|
103
|
+
sid_ptr.write_array_of_uchar(sid_bytes)
|
104
|
+
success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr,
|
105
|
+
FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
|
106
|
+
last_error = FFI.errno
|
107
|
+
|
108
|
+
if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
|
109
|
+
raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountSidW', last_error)
|
110
|
+
end
|
111
|
+
|
112
|
+
FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr|
|
113
|
+
FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
|
114
|
+
if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr,
|
115
|
+
domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
|
116
|
+
raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountSidW')
|
117
|
+
end
|
118
|
+
|
119
|
+
return new(
|
120
|
+
name_ptr.read_wide_string(name_length_ptr.read_dword),
|
121
|
+
sid_bytes,
|
122
|
+
Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr),
|
123
|
+
domain_ptr.read_wide_string(domain_length_ptr.read_dword),
|
124
|
+
SID_NAME_USE[name_use_enum_ptr.read_uint32])
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
ensure
|
132
|
+
system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
136
|
+
ffi_convention :stdcall
|
137
|
+
|
138
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx
|
139
|
+
SID_NAME_USE = enum(
|
140
|
+
:SidTypeUser, 1,
|
141
|
+
:SidTypeGroup, 2,
|
142
|
+
:SidTypeDomain, 3,
|
143
|
+
:SidTypeAlias, 4,
|
144
|
+
:SidTypeWellKnownGroup, 5,
|
145
|
+
:SidTypeDeletedAccount, 6,
|
146
|
+
:SidTypeInvalid, 7,
|
147
|
+
:SidTypeUnknown, 8,
|
148
|
+
:SidTypeComputer, 9,
|
149
|
+
:SidTypeLabel, 10
|
150
|
+
)
|
151
|
+
|
152
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379159(v=vs.85).aspx
|
153
|
+
# BOOL WINAPI LookupAccountName(
|
154
|
+
# _In_opt_ LPCTSTR lpSystemName,
|
155
|
+
# _In_ LPCTSTR lpAccountName,
|
156
|
+
# _Out_opt_ PSID Sid,
|
157
|
+
# _Inout_ LPDWORD cbSid,
|
158
|
+
# _Out_opt_ LPTSTR ReferencedDomainName,
|
159
|
+
# _Inout_ LPDWORD cchReferencedDomainName,
|
160
|
+
# _Out_ PSID_NAME_USE peUse
|
161
|
+
# );
|
162
|
+
ffi_lib :advapi32
|
163
|
+
attach_function_private :LookupAccountNameW,
|
164
|
+
[:lpcwstr, :lpcwstr, :pointer, :lpdword, :lpwstr, :lpdword, :pointer], :win32_bool
|
165
|
+
|
166
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379166(v=vs.85).aspx
|
167
|
+
# BOOL WINAPI LookupAccountSid(
|
168
|
+
# _In_opt_ LPCTSTR lpSystemName,
|
169
|
+
# _In_ PSID lpSid,
|
170
|
+
# _Out_opt_ LPTSTR lpName,
|
171
|
+
# _Inout_ LPDWORD cchName,
|
172
|
+
# _Out_opt_ LPTSTR lpReferencedDomainName,
|
173
|
+
# _Inout_ LPDWORD cchReferencedDomainName,
|
174
|
+
# _Out_ PSID_NAME_USE peUse
|
175
|
+
# );
|
176
|
+
ffi_lib :advapi32
|
177
|
+
attach_function_private :LookupAccountSidW,
|
178
|
+
[:lpcwstr, :pointer, :lpwstr, :lpdword, :lpwstr, :lpdword, :pointer], :win32_bool
|
179
|
+
end
|
180
|
+
end
|
181
|
+
|
@@ -207,21 +207,27 @@ module Puppet::Util::Windows
|
|
207
207
|
# buffer is raw bytes, *not* chars - less a NULL terminator
|
208
208
|
string_length = (byte_length / FFI.type_size(:wchar)) - 1 if byte_length > 0
|
209
209
|
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
210
|
+
begin
|
211
|
+
case type
|
212
|
+
when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
|
213
|
+
result = [ type, data_ptr.read_wide_string(string_length) ]
|
214
|
+
when Win32::Registry::REG_MULTI_SZ
|
215
|
+
result = [ type, data_ptr.read_wide_string(string_length).split(/\0/) ]
|
216
|
+
when Win32::Registry::REG_BINARY
|
217
|
+
result = [ type, data_ptr.read_bytes(byte_length) ]
|
218
|
+
when Win32::Registry::REG_DWORD
|
219
|
+
result = [ type, data_ptr.read_dword ]
|
220
|
+
when Win32::Registry::REG_DWORD_BIG_ENDIAN
|
221
|
+
result = [ type, data_ptr.order(:big).read_dword ]
|
222
|
+
when Win32::Registry::REG_QWORD
|
223
|
+
result = [ type, data_ptr.read_qword ]
|
224
|
+
else
|
225
|
+
raise TypeError, "Type #{type} is not supported."
|
226
|
+
end
|
227
|
+
rescue IndexError => ex
|
228
|
+
raise if (ex.message !~ /^Memory access .* is out of bounds$/i)
|
229
|
+
parent_key_name = key.parent ? "#{key.parent.keyname}\\" : ""
|
230
|
+
Puppet.warning "A value in the registry key #{parent_key_name}#{key.keyname} is corrupt or invalid"
|
225
231
|
end
|
226
232
|
end
|
227
233
|
|
@@ -16,7 +16,7 @@ module Puppet::Util::Windows
|
|
16
16
|
def name_to_sid(name)
|
17
17
|
sid = name_to_sid_object(name)
|
18
18
|
|
19
|
-
sid ? sid.
|
19
|
+
sid ? sid.sid : nil
|
20
20
|
end
|
21
21
|
module_function :name_to_sid
|
22
22
|
|
@@ -24,14 +24,22 @@ module Puppet::Util::Windows
|
|
24
24
|
# e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',
|
25
25
|
# 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
|
26
26
|
# SID object. Returns nil if the account doesn't exist.
|
27
|
+
# This method returns a SID::Principal with the account, domain, SID, etc
|
27
28
|
def name_to_sid_object(name)
|
28
29
|
# Apparently, we accept a symbol..
|
29
30
|
name = name.to_s.strip if name
|
30
31
|
|
31
|
-
# if
|
32
|
-
|
32
|
+
# if name is a SID string, convert it to raw bytes for use with lookup_account_sid
|
33
|
+
raw_sid_bytes = nil
|
34
|
+
begin
|
35
|
+
string_to_sid_ptr(name) do |sid_ptr|
|
36
|
+
valid = ! sid_ptr.nil? && ! sid_ptr.null?
|
37
|
+
raw_sid_bytes = sid_ptr.read_array_of_uchar(get_length_sid(sid_ptr))
|
38
|
+
end
|
39
|
+
rescue
|
40
|
+
end
|
33
41
|
|
34
|
-
|
42
|
+
raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
|
35
43
|
rescue
|
36
44
|
nil
|
37
45
|
end
|
@@ -41,12 +49,13 @@ module Puppet::Util::Windows
|
|
41
49
|
# e.g. [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] is the representation for
|
42
50
|
# S-1-5-18, the local 'SYSTEM' account.
|
43
51
|
# Raises an Error for nil or non-array input.
|
52
|
+
# This method returns a SID::Principal with the account, domain, SID, etc
|
44
53
|
def octet_string_to_sid_object(bytes)
|
45
54
|
if !bytes || !bytes.respond_to?('pack') || bytes.empty?
|
46
55
|
raise Puppet::Util::Windows::Error.new("Octet string must be an array of bytes")
|
47
56
|
end
|
48
57
|
|
49
|
-
|
58
|
+
Principal.lookup_account_sid(bytes)
|
50
59
|
end
|
51
60
|
module_function :octet_string_to_sid_object
|
52
61
|
|
@@ -54,13 +63,18 @@ module Puppet::Util::Windows
|
|
54
63
|
# e.g. 'BUILTIN\Administrators'. Returns nil if an account
|
55
64
|
# for that SID does not exist.
|
56
65
|
def sid_to_name(value)
|
57
|
-
sid = Win32::Security::SID.new(Win32::Security::SID.string_to_sid(value))
|
58
66
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
67
|
+
sid_bytes = []
|
68
|
+
begin
|
69
|
+
string_to_sid_ptr(value) do |ptr|
|
70
|
+
valid = ! ptr.nil? && ! ptr.null?
|
71
|
+
sid_bytes = ptr.read_array_of_uchar(get_length_sid(ptr))
|
72
|
+
end
|
73
|
+
rescue Puppet::Util::Windows::Error => e
|
74
|
+
raise if e.code != ERROR_INVALID_SID_STRUCTURE
|
63
75
|
end
|
76
|
+
|
77
|
+
Principal.lookup_account_sid(sid_bytes).domain_account
|
64
78
|
rescue
|
65
79
|
nil
|
66
80
|
end
|
@@ -71,7 +85,7 @@ module Puppet::Util::Windows
|
|
71
85
|
|
72
86
|
# Convert a SID pointer to a SID string, e.g. "S-1-5-32-544".
|
73
87
|
def sid_ptr_to_string(psid)
|
74
|
-
if ! psid.
|
88
|
+
if ! psid.kind_of?(FFI::Pointer) || IsValidSid(psid) == FFI::WIN32_FALSE
|
75
89
|
raise Puppet::Util::Windows::Error.new("Invalid SID")
|
76
90
|
end
|
77
91
|
|
@@ -131,6 +145,16 @@ module Puppet::Util::Windows
|
|
131
145
|
end
|
132
146
|
module_function :valid_sid?
|
133
147
|
|
148
|
+
def get_length_sid(sid_ptr)
|
149
|
+
# MSDN states IsValidSid should be called on pointer first
|
150
|
+
if ! sid_ptr.kind_of?(FFI::Pointer) || IsValidSid(sid_ptr) == FFI::WIN32_FALSE
|
151
|
+
raise Puppet::Util::Windows::Error.new("Invalid SID")
|
152
|
+
end
|
153
|
+
|
154
|
+
GetLengthSid(sid_ptr)
|
155
|
+
end
|
156
|
+
module_function :get_length_sid
|
157
|
+
|
134
158
|
ffi_convention :stdcall
|
135
159
|
|
136
160
|
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa379151(v=vs.85).aspx
|
@@ -158,5 +182,12 @@ module Puppet::Util::Windows
|
|
158
182
|
ffi_lib :advapi32
|
159
183
|
attach_function_private :ConvertStringSidToSidW,
|
160
184
|
[:lpcwstr, :pointer], :win32_bool
|
185
|
+
|
186
|
+
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa446642(v=vs.85).aspx
|
187
|
+
# DWORD WINAPI GetLengthSid(
|
188
|
+
# _In_ PSID pSid
|
189
|
+
# );
|
190
|
+
ffi_lib :advapi32
|
191
|
+
attach_function_private :GetLengthSid, [:pointer], :dword
|
161
192
|
end
|
162
193
|
end
|
data/lib/puppet/version.rb
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
$cx = ' C from site.pp'
|
@@ -0,0 +1 @@
|
|
1
|
+
environment_data_provider = 'function'
|
@@ -0,0 +1 @@
|
|
1
|
+
$cx = 'C from site.pp'
|
@@ -0,0 +1 @@
|
|
1
|
+
include one::test
|