puppet 4.3.1 → 4.3.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (128) hide show
  1. checksums.yaml +4 -4
  2. data/ext/build_defaults.yaml +1 -1
  3. data/lib/hiera/scope.rb +1 -1
  4. data/lib/puppet/application/lookup.rb +41 -43
  5. data/lib/puppet/data_providers/lookup_adapter.rb +73 -26
  6. data/lib/puppet/functions/lookup.rb +126 -150
  7. data/lib/puppet/functions/match.rb +1 -0
  8. data/lib/puppet/indirector/hiera.rb +3 -1
  9. data/lib/puppet/indirector/indirection.rb +6 -2
  10. data/lib/puppet/indirector/json.rb +2 -2
  11. data/lib/puppet/module.rb +3 -2
  12. data/lib/puppet/node.rb +11 -2
  13. data/lib/puppet/parser/compiler.rb +1 -8
  14. data/lib/puppet/parser/functions/lookup.rb +128 -149
  15. data/lib/puppet/parser/functions/match.rb +1 -0
  16. data/lib/puppet/plugins/data_providers/data_provider.rb +3 -2
  17. data/lib/puppet/pops/adapters.rb +43 -0
  18. data/lib/puppet/pops/evaluator/access_operator.rb +3 -3
  19. data/lib/puppet/pops/evaluator/closure.rb +51 -51
  20. data/lib/puppet/pops/evaluator/collector_transformer.rb +16 -0
  21. data/lib/puppet/pops/evaluator/runtime3_support.rb +11 -2
  22. data/lib/puppet/pops/functions/function.rb +6 -2
  23. data/lib/puppet/pops/issues.rb +16 -0
  24. data/lib/puppet/pops/loader/puppet_function_instantiator.rb +3 -2
  25. data/lib/puppet/pops/lookup.rb +3 -0
  26. data/lib/puppet/pops/lookup/explainer.rb +73 -3
  27. data/lib/puppet/pops/lookup/invocation.rb +21 -19
  28. data/lib/puppet/pops/model/factory.rb +153 -155
  29. data/lib/puppet/pops/model/model.rb +9 -0
  30. data/lib/puppet/pops/model/model_label_provider.rb +1 -0
  31. data/lib/puppet/pops/parser/evaluating_parser.rb +3 -3
  32. data/lib/puppet/pops/parser/lexer2.rb +411 -393
  33. data/lib/puppet/pops/parser/slurp_support.rb +5 -1
  34. data/lib/puppet/pops/types/type_calculator.rb +2 -6
  35. data/lib/puppet/pops/types/types.rb +3 -9
  36. data/lib/puppet/pops/validation/checker4_0.rb +36 -12
  37. data/lib/puppet/provider/group/windows_adsi.rb +2 -2
  38. data/lib/puppet/provider/package/pip.rb +11 -1
  39. data/lib/puppet/provider/package/rpm.rb +0 -1
  40. data/lib/puppet/provider/package/yum.rb +1 -1
  41. data/lib/puppet/provider/service/debian.rb +5 -18
  42. data/lib/puppet/provider/service/init.rb +7 -0
  43. data/lib/puppet/provider/service/launchd.rb +6 -0
  44. data/lib/puppet/provider/service/systemd.rb +1 -1
  45. data/lib/puppet/provider/user/windows_adsi.rb +2 -2
  46. data/lib/puppet/provider/yumrepo/inifile.rb +6 -3
  47. data/lib/puppet/resource/type.rb +2 -1
  48. data/lib/puppet/transaction/additional_resource_generator.rb +17 -3
  49. data/lib/puppet/type/group.rb +6 -2
  50. data/lib/puppet/util/windows.rb +4 -0
  51. data/lib/puppet/util/windows/adsi.rb +61 -24
  52. data/lib/puppet/util/windows/principal.rb +181 -0
  53. data/lib/puppet/util/windows/registry.rb +21 -15
  54. data/lib/puppet/util/windows/sid.rb +42 -11
  55. data/lib/puppet/version.rb +1 -1
  56. data/spec/fixtures/unit/application/environments/production/data/common.yaml +4 -0
  57. data/spec/fixtures/unit/application/environments/production/manifests/site.pp +1 -0
  58. data/spec/fixtures/unit/application/environments/puppet_func_provider/environment.conf +1 -0
  59. data/spec/fixtures/unit/application/environments/puppet_func_provider/functions/data.pp +10 -0
  60. data/spec/fixtures/unit/application/environments/puppet_func_provider/manifests/site.pp +1 -0
  61. data/spec/fixtures/unit/data_providers/environments/hiera_module_config/data/common.yaml +4 -0
  62. data/spec/fixtures/unit/data_providers/environments/hiera_module_config/data/specific.yaml +4 -0
  63. data/spec/fixtures/unit/data_providers/environments/hiera_module_config/hiera.yaml +7 -0
  64. data/spec/fixtures/unit/data_providers/environments/hiera_modules/data/common.yaml +4 -0
  65. data/spec/fixtures/unit/data_providers/environments/hiera_modules/data/specific.yaml +4 -0
  66. data/spec/fixtures/unit/data_providers/environments/hiera_modules/environment.conf +2 -0
  67. data/spec/fixtures/unit/data_providers/environments/hiera_modules/hiera.yaml +7 -0
  68. data/spec/fixtures/unit/data_providers/environments/hiera_modules/manifests/site.pp +1 -0
  69. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/data/common.yaml +6 -0
  70. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/hiera.yaml +5 -0
  71. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/manifests/init.pp +2 -0
  72. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/one/metadata.json +9 -0
  73. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/data/common.yaml +4 -0
  74. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/hiera.yaml +5 -0
  75. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/manifests/init.pp +3 -0
  76. data/spec/fixtures/unit/data_providers/environments/hiera_modules/modules/two/metadata.json +9 -0
  77. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee/functions/usee_puppet.pp +3 -0
  78. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/{usee → modules/usee}/lib/puppet/functions/usee/callee.rb +0 -0
  79. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee/lib/puppet/functions/usee/usee_ruby.rb +6 -0
  80. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee/manifests/init.pp +6 -0
  81. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/usee2/lib/puppet/functions/usee2/callee.rb +5 -0
  82. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/functions/puppet_calling_puppet.pp +5 -0
  83. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/functions/puppet_calling_puppet_init.pp +5 -0
  84. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/functions/puppet_calling_ruby.pp +5 -0
  85. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/{user → modules/user}/lib/puppet/functions/user/caller.rb +0 -0
  86. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/caller2.rb +5 -0
  87. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/ruby_calling_puppet.rb +5 -0
  88. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/ruby_calling_puppet_init.rb +5 -0
  89. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/lib/puppet/functions/user/ruby_calling_ruby.rb +5 -0
  90. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/manifests/init.pp +81 -0
  91. data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/{user → modules/user}/metadata.json +2 -1
  92. data/spec/integration/parser/collection_spec.rb +8 -0
  93. data/spec/integration/util/windows/principal_spec.rb +115 -0
  94. data/spec/{unit → integration}/util/windows/registry_spec.rb +91 -1
  95. data/spec/integration/util/windows/security_spec.rb +2 -2
  96. data/spec/unit/application/lookup_spec.rb +138 -28
  97. data/spec/unit/data_providers/hiera_data_provider_spec.rb +182 -5
  98. data/spec/unit/face/epp_face_spec.rb +2 -2
  99. data/spec/unit/functions/epp_spec.rb +6 -6
  100. data/spec/unit/functions/inline_epp_spec.rb +4 -4
  101. data/spec/unit/functions/lookup_spec.rb +30 -3
  102. data/spec/unit/functions4_spec.rb +1 -1
  103. data/spec/unit/hiera/scope_spec.rb +5 -2
  104. data/spec/unit/indirector/json_spec.rb +1 -1
  105. data/spec/unit/node_spec.rb +8 -0
  106. data/spec/unit/parser/compiler_spec.rb +0 -18
  107. data/spec/unit/pops/evaluator/access_ops_spec.rb +4 -4
  108. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +1 -1
  109. data/spec/unit/pops/loaders/loaders_spec.rb +84 -2
  110. data/spec/unit/pops/parser/lexer2_spec.rb +6 -0
  111. data/spec/unit/pops/parser/parser_rspec_helper.rb +5 -0
  112. data/spec/unit/pops/types/type_calculator_spec.rb +0 -17
  113. data/spec/unit/pops/validator/validator_spec.rb +87 -0
  114. data/spec/unit/provider/group/windows_adsi_spec.rb +8 -8
  115. data/spec/unit/provider/package/pip_spec.rb +41 -13
  116. data/spec/unit/provider/package/rpm_spec.rb +2 -25
  117. data/spec/unit/provider/package/yum_spec.rb +1 -1
  118. data/spec/unit/provider/service/debian_spec.rb +6 -24
  119. data/spec/unit/provider/service/init_spec.rb +11 -1
  120. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  121. data/spec/unit/provider/service/systemd_spec.rb +18 -12
  122. data/spec/unit/provider/service/upstart_spec.rb +57 -0
  123. data/spec/unit/provider/user/windows_adsi_spec.rb +5 -5
  124. data/spec/unit/provider/yumrepo/inifile_spec.rb +16 -0
  125. data/spec/unit/resource_spec.rb +12 -2
  126. data/spec/unit/util/windows/adsi_spec.rb +44 -36
  127. data/spec/unit/util/windows/sid_spec.rb +47 -10
  128. metadata +77 -10
@@ -0,0 +1,181 @@
1
+ require 'puppet/util/windows'
2
+
3
+ module Puppet::Util::Windows::SID
4
+ class Principal
5
+ extend FFI::Library
6
+ attr_reader :account, :sid_bytes, :sid, :domain, :domain_account, :account_type
7
+
8
+ def initialize(account, sid_bytes, sid, domain, account_type)
9
+ # Calling lookup_account_name like host\user is valid and therefore this
10
+ # value may include two components, but favor the domain value passed in
11
+ @account = account =~ /(.+)\\(.+)/ ? $2 : account
12
+ @sid_bytes = sid_bytes
13
+ @sid = sid
14
+ @domain = domain
15
+ # when domain is available, combine it with parsed account
16
+ # otherwise use the account value directly
17
+ @domain_account = domain && !domain.empty? ?
18
+ "#{domain}\\#{@account}" : account
19
+
20
+ @account_type = account_type
21
+ end
22
+
23
+ # added for backward compatibility
24
+ def ==(compare)
25
+ compare.is_a?(Puppet::Util::Windows::SID::Principal) &&
26
+ @sid_bytes == compare.sid_bytes
27
+ end
28
+
29
+ # added for backward compatibility
30
+ def to_s
31
+ @sid
32
+ end
33
+
34
+ # = 8 + max sub identifiers (15) * 4
35
+ MAXIMUM_SID_BYTE_LENGTH = 68
36
+
37
+ ERROR_INSUFFICIENT_BUFFER = 122
38
+
39
+ def self.lookup_account_name(system_name = nil, account_name)
40
+ system_name_ptr = FFI::Pointer::NULL
41
+ begin
42
+ if system_name
43
+ system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
44
+ # uchar here is synonymous with byte
45
+ system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
46
+ system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
47
+ end
48
+
49
+ FFI::MemoryPointer.from_string_to_wide_string(account_name) do |account_name_ptr|
50
+ FFI::MemoryPointer.new(:byte, MAXIMUM_SID_BYTE_LENGTH) do |sid_ptr|
51
+ FFI::MemoryPointer.new(:dword, 1) do |sid_length_ptr|
52
+ FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
53
+ FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|
54
+
55
+ sid_length_ptr.write_dword(MAXIMUM_SID_BYTE_LENGTH)
56
+ success = LookupAccountNameW(system_name_ptr, account_name_ptr, sid_ptr, sid_length_ptr,
57
+ FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
58
+ last_error = FFI.errno
59
+
60
+ if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
61
+ raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountNameW', last_error)
62
+ end
63
+
64
+ FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
65
+ if LookupAccountNameW(system_name_ptr, account_name_ptr,
66
+ sid_ptr, sid_length_ptr,
67
+ domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
68
+ raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountNameW')
69
+ end
70
+
71
+ return new(
72
+ account_name,
73
+ sid_ptr.read_bytes(sid_length_ptr.read_dword).unpack('C*'),
74
+ Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr),
75
+ domain_ptr.read_wide_string(domain_length_ptr.read_dword),
76
+ SID_NAME_USE[name_use_enum_ptr.read_uint32])
77
+ end
78
+ end
79
+ end
80
+ end
81
+ end
82
+ end
83
+ ensure
84
+ system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
85
+ end
86
+ end
87
+
88
+ def self.lookup_account_sid(system_name = nil, sid_bytes)
89
+ system_name_ptr = FFI::Pointer::NULL
90
+ begin
91
+ if system_name
92
+ system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
93
+ # uchar here is synonymous with byte
94
+ system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
95
+ system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
96
+ end
97
+
98
+ FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
99
+ FFI::MemoryPointer.new(:dword, 1) do |name_length_ptr|
100
+ FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
101
+ FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|
102
+
103
+ sid_ptr.write_array_of_uchar(sid_bytes)
104
+ success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr,
105
+ FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
106
+ last_error = FFI.errno
107
+
108
+ if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
109
+ raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountSidW', last_error)
110
+ end
111
+
112
+ FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr|
113
+ FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
114
+ if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr,
115
+ domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
116
+ raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountSidW')
117
+ end
118
+
119
+ return new(
120
+ name_ptr.read_wide_string(name_length_ptr.read_dword),
121
+ sid_bytes,
122
+ Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr),
123
+ domain_ptr.read_wide_string(domain_length_ptr.read_dword),
124
+ SID_NAME_USE[name_use_enum_ptr.read_uint32])
125
+ end
126
+ end
127
+ end
128
+ end
129
+ end
130
+ end
131
+ ensure
132
+ system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
133
+ end
134
+ end
135
+
136
+ ffi_convention :stdcall
137
+
138
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx
139
+ SID_NAME_USE = enum(
140
+ :SidTypeUser, 1,
141
+ :SidTypeGroup, 2,
142
+ :SidTypeDomain, 3,
143
+ :SidTypeAlias, 4,
144
+ :SidTypeWellKnownGroup, 5,
145
+ :SidTypeDeletedAccount, 6,
146
+ :SidTypeInvalid, 7,
147
+ :SidTypeUnknown, 8,
148
+ :SidTypeComputer, 9,
149
+ :SidTypeLabel, 10
150
+ )
151
+
152
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379159(v=vs.85).aspx
153
+ # BOOL WINAPI LookupAccountName(
154
+ # _In_opt_ LPCTSTR lpSystemName,
155
+ # _In_ LPCTSTR lpAccountName,
156
+ # _Out_opt_ PSID Sid,
157
+ # _Inout_ LPDWORD cbSid,
158
+ # _Out_opt_ LPTSTR ReferencedDomainName,
159
+ # _Inout_ LPDWORD cchReferencedDomainName,
160
+ # _Out_ PSID_NAME_USE peUse
161
+ # );
162
+ ffi_lib :advapi32
163
+ attach_function_private :LookupAccountNameW,
164
+ [:lpcwstr, :lpcwstr, :pointer, :lpdword, :lpwstr, :lpdword, :pointer], :win32_bool
165
+
166
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379166(v=vs.85).aspx
167
+ # BOOL WINAPI LookupAccountSid(
168
+ # _In_opt_ LPCTSTR lpSystemName,
169
+ # _In_ PSID lpSid,
170
+ # _Out_opt_ LPTSTR lpName,
171
+ # _Inout_ LPDWORD cchName,
172
+ # _Out_opt_ LPTSTR lpReferencedDomainName,
173
+ # _Inout_ LPDWORD cchReferencedDomainName,
174
+ # _Out_ PSID_NAME_USE peUse
175
+ # );
176
+ ffi_lib :advapi32
177
+ attach_function_private :LookupAccountSidW,
178
+ [:lpcwstr, :pointer, :lpwstr, :lpdword, :lpwstr, :lpdword, :pointer], :win32_bool
179
+ end
180
+ end
181
+
@@ -207,21 +207,27 @@ module Puppet::Util::Windows
207
207
  # buffer is raw bytes, *not* chars - less a NULL terminator
208
208
  string_length = (byte_length / FFI.type_size(:wchar)) - 1 if byte_length > 0
209
209
 
210
- case type
211
- when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
212
- result = [ type, data_ptr.read_wide_string(string_length) ]
213
- when Win32::Registry::REG_MULTI_SZ
214
- result = [ type, data_ptr.read_wide_string(string_length).split(/\0/) ]
215
- when Win32::Registry::REG_BINARY
216
- result = [ type, data.read_bytes(0, byte_length) ]
217
- when Win32::Registry::REG_DWORD
218
- result = [ type, data_ptr.read_dword ]
219
- when Win32::Registry::REG_DWORD_BIG_ENDIAN
220
- result = [ type, data_ptr.order(:big).read_dword ]
221
- when Win32::Registry::REG_QWORD
222
- result = [ type, data_ptr.read_qword ]
223
- else
224
- raise TypeError, "Type #{type} is not supported."
210
+ begin
211
+ case type
212
+ when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
213
+ result = [ type, data_ptr.read_wide_string(string_length) ]
214
+ when Win32::Registry::REG_MULTI_SZ
215
+ result = [ type, data_ptr.read_wide_string(string_length).split(/\0/) ]
216
+ when Win32::Registry::REG_BINARY
217
+ result = [ type, data_ptr.read_bytes(byte_length) ]
218
+ when Win32::Registry::REG_DWORD
219
+ result = [ type, data_ptr.read_dword ]
220
+ when Win32::Registry::REG_DWORD_BIG_ENDIAN
221
+ result = [ type, data_ptr.order(:big).read_dword ]
222
+ when Win32::Registry::REG_QWORD
223
+ result = [ type, data_ptr.read_qword ]
224
+ else
225
+ raise TypeError, "Type #{type} is not supported."
226
+ end
227
+ rescue IndexError => ex
228
+ raise if (ex.message !~ /^Memory access .* is out of bounds$/i)
229
+ parent_key_name = key.parent ? "#{key.parent.keyname}\\" : ""
230
+ Puppet.warning "A value in the registry key #{parent_key_name}#{key.keyname} is corrupt or invalid"
225
231
  end
226
232
  end
227
233
 
@@ -16,7 +16,7 @@ module Puppet::Util::Windows
16
16
  def name_to_sid(name)
17
17
  sid = name_to_sid_object(name)
18
18
 
19
- sid ? sid.to_s : nil
19
+ sid ? sid.sid : nil
20
20
  end
21
21
  module_function :name_to_sid
22
22
 
@@ -24,14 +24,22 @@ module Puppet::Util::Windows
24
24
  # e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',
25
25
  # 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
26
26
  # SID object. Returns nil if the account doesn't exist.
27
+ # This method returns a SID::Principal with the account, domain, SID, etc
27
28
  def name_to_sid_object(name)
28
29
  # Apparently, we accept a symbol..
29
30
  name = name.to_s.strip if name
30
31
 
31
- # if it's in SID string form, convert to user
32
- parsed_sid = Win32::Security::SID.string_to_sid(name) rescue nil
32
+ # if name is a SID string, convert it to raw bytes for use with lookup_account_sid
33
+ raw_sid_bytes = nil
34
+ begin
35
+ string_to_sid_ptr(name) do |sid_ptr|
36
+ valid = ! sid_ptr.nil? && ! sid_ptr.null?
37
+ raw_sid_bytes = sid_ptr.read_array_of_uchar(get_length_sid(sid_ptr))
38
+ end
39
+ rescue
40
+ end
33
41
 
34
- parsed_sid ? Win32::Security::SID.new(parsed_sid) : Win32::Security::SID.new(name)
42
+ raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
35
43
  rescue
36
44
  nil
37
45
  end
@@ -41,12 +49,13 @@ module Puppet::Util::Windows
41
49
  # e.g. [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] is the representation for
42
50
  # S-1-5-18, the local 'SYSTEM' account.
43
51
  # Raises an Error for nil or non-array input.
52
+ # This method returns a SID::Principal with the account, domain, SID, etc
44
53
  def octet_string_to_sid_object(bytes)
45
54
  if !bytes || !bytes.respond_to?('pack') || bytes.empty?
46
55
  raise Puppet::Util::Windows::Error.new("Octet string must be an array of bytes")
47
56
  end
48
57
 
49
- Win32::Security::SID.new(bytes.pack('C*'))
58
+ Principal.lookup_account_sid(bytes)
50
59
  end
51
60
  module_function :octet_string_to_sid_object
52
61
 
@@ -54,13 +63,18 @@ module Puppet::Util::Windows
54
63
  # e.g. 'BUILTIN\Administrators'. Returns nil if an account
55
64
  # for that SID does not exist.
56
65
  def sid_to_name(value)
57
- sid = Win32::Security::SID.new(Win32::Security::SID.string_to_sid(value))
58
66
 
59
- if sid.domain and sid.domain.length > 0
60
- "#{sid.domain}\\#{sid.account}"
61
- else
62
- sid.account
67
+ sid_bytes = []
68
+ begin
69
+ string_to_sid_ptr(value) do |ptr|
70
+ valid = ! ptr.nil? && ! ptr.null?
71
+ sid_bytes = ptr.read_array_of_uchar(get_length_sid(ptr))
72
+ end
73
+ rescue Puppet::Util::Windows::Error => e
74
+ raise if e.code != ERROR_INVALID_SID_STRUCTURE
63
75
  end
76
+
77
+ Principal.lookup_account_sid(sid_bytes).domain_account
64
78
  rescue
65
79
  nil
66
80
  end
@@ -71,7 +85,7 @@ module Puppet::Util::Windows
71
85
 
72
86
  # Convert a SID pointer to a SID string, e.g. "S-1-5-32-544".
73
87
  def sid_ptr_to_string(psid)
74
- if ! psid.instance_of?(FFI::Pointer) || IsValidSid(psid) == FFI::WIN32_FALSE
88
+ if ! psid.kind_of?(FFI::Pointer) || IsValidSid(psid) == FFI::WIN32_FALSE
75
89
  raise Puppet::Util::Windows::Error.new("Invalid SID")
76
90
  end
77
91
 
@@ -131,6 +145,16 @@ module Puppet::Util::Windows
131
145
  end
132
146
  module_function :valid_sid?
133
147
 
148
+ def get_length_sid(sid_ptr)
149
+ # MSDN states IsValidSid should be called on pointer first
150
+ if ! sid_ptr.kind_of?(FFI::Pointer) || IsValidSid(sid_ptr) == FFI::WIN32_FALSE
151
+ raise Puppet::Util::Windows::Error.new("Invalid SID")
152
+ end
153
+
154
+ GetLengthSid(sid_ptr)
155
+ end
156
+ module_function :get_length_sid
157
+
134
158
  ffi_convention :stdcall
135
159
 
136
160
  # http://msdn.microsoft.com/en-us/library/windows/desktop/aa379151(v=vs.85).aspx
@@ -158,5 +182,12 @@ module Puppet::Util::Windows
158
182
  ffi_lib :advapi32
159
183
  attach_function_private :ConvertStringSidToSidW,
160
184
  [:lpcwstr, :pointer], :win32_bool
185
+
186
+ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446642(v=vs.85).aspx
187
+ # DWORD WINAPI GetLengthSid(
188
+ # _In_ PSID pSid
189
+ # );
190
+ ffi_lib :advapi32
191
+ attach_function_private :GetLengthSid, [:pointer], :dword
161
192
  end
162
193
  end
@@ -7,7 +7,7 @@
7
7
 
8
8
 
9
9
  module Puppet
10
- PUPPETVERSION = '4.3.1'
10
+ PUPPETVERSION = '4.3.2'
11
11
 
12
12
  ##
13
13
  # version is a public API method intended to always provide a fast and
@@ -1,3 +1,7 @@
1
1
  ---
2
2
  a: This is A
3
3
  b: This is B
4
+ c: "This is%{cx}"
5
+
6
+ lookup_options:
7
+ a: first
@@ -0,0 +1 @@
1
+ environment_data_provider = 'function'
@@ -0,0 +1,10 @@
1
+ function environment::data() {
2
+ {
3
+ a => 'This is A',
4
+ b => 'This is B',
5
+ c => "This is ${if $cx == undef { 'C from data.pp' } else { $cx }}",
6
+ lookup_options => {
7
+ a => 'first'
8
+ }
9
+ }
10
+ }
@@ -0,0 +1,7 @@
1
+ ---
2
+ :version: 4
3
+ :hierarchy:
4
+ - :name: "common"
5
+ :backend: yaml
6
+ - :name: "specific"
7
+ :backend: yaml
@@ -0,0 +1,4 @@
1
+ ---
2
+ one::local:
3
+ bob:
4
+ shell: /bin/zsh
@@ -0,0 +1,2 @@
1
+ # Use the 'sample' env data provider (in this fixture)
2
+ environment_data_provider=hiera
@@ -0,0 +1,7 @@
1
+ ---
2
+ :version: 4
3
+ :hierarchy:
4
+ - :name: "common"
5
+ :backend: yaml
6
+ - :name: "specific"
7
+ :backend: yaml
@@ -0,0 +1,6 @@
1
+ ---
2
+ lookup_options:
3
+ one::local:
4
+ merge:
5
+ strategy: "deep"
6
+ merge_hash_arrays: true
@@ -0,0 +1,5 @@
1
+ ---
2
+ :version: 4
3
+ :hierarchy:
4
+ - :name: "common"
5
+ :backend: yaml
@@ -0,0 +1,9 @@
1
+ {
2
+ "name": "example/one",
3
+ "version": "0.0.2",
4
+ "source": "git@github.com/example/example-one.git",
5
+ "dependencies": [],
6
+ "author": "Bob the Builder",
7
+ "license": "Apache-2.0",
8
+ "data_provider": "hiera"
9
+ }