puppet 5.4.0 → 5.5.0

data/lib/puppet/util/backups.rb

@@ -82,5 +82,5 @@ module Puppet::Util::Backups
     sum = self.bucket.backup(f)
     self.info _("Filebucketed %{f} to %{filebucket} with sum %{sum}") % { f: f, filebucket: self.bucket.name, sum: sum }
     return sum
-    end
+  end
 end

data/lib/puppet/util/inifile.rb

@@ -148,7 +148,7 @@ module Puppet::Util::IniConfig
     )
     INI_CONTINUATION = /^[ \t\r\n\f]/
     INI_SECTION_NAME = /^\[([^\]]+)\]/
-    INI_PROPERTY     = /^\s*([^\s=]+)\s*\=(.*)$/
+    INI_PROPERTY     = /^\s*([^\s=]+)\s*\=\s*(.*)$/
 
     # @api private
     def parse(text)
@@ -177,10 +177,9 @@ module Puppet::Util::IniConfig
           section = add_section(section_name)
           optname = nil
         elsif (match = l.match(INI_PROPERTY))
-          # We allow space around the keys, but not the values
-          # For the values, we don't know if space is significant
+          # the regex strips leading white space from the value, and here we strip the trailing white space as well
           key = match[1]
-          val = match[2]
+          val = match[2].rstrip
 
           if section.nil?
             raise IniParseError.new(_("Property with key %{key} outside of a section") % { key: key.inspect })

data/lib/puppet/util/json.rb

@@ -0,0 +1,68 @@
+module Puppet::Util
+  module Json
+    class ParseError < StandardError
+      attr_reader :cause, :data
+
+      def self.build(original_exception, data)
+        new(original_exception.message).tap do |exception|
+          exception.instance_eval do
+            @cause = original_exception
+            set_backtrace original_exception.backtrace
+            @data = data
+          end
+        end
+      end
+    end
+
+    begin
+      require 'multi_json'
+      # Force backend detection before attempting to use the library
+      # or load any other JSON libraries
+      MultiJson.default_adapter
+
+      # Preserve core type monkey-patching done by the built-in JSON gem
+      require 'json'
+    rescue LoadError
+      require 'json'
+    end
+
+    # These methods do similar processing to the fallback implemented by MultiJson
+    # when using the built-in JSON backend, to ensure consistent behavior
+    # whether or not MultiJson can be loaded.
+    def self.load(string, options = {})
+      if defined? MultiJson
+        begin
+          MultiJson.load(string, options)
+        rescue MultiJson::ParseError => e
+          raise Puppet::Util::Json::ParseError.build(e, string)
+        end
+      else
+        begin
+          string = string.read if string.respond_to?(:read)
+
+          options[:symbolize_names] = true if options.delete(:symbolize_keys)
+          ::JSON.parse(string, options)
+        rescue JSON::ParserError => e
+          raise Puppet::Util::Json::ParseError.build(e, string)
+        end
+      end
+    end
+
+    def self.dump(object, options = {})
+      if defined? MultiJson
+        # MultiJson calls `merge` on the options it is passed, which relies
+        # on the options' defining a `to_hash` method. In Ruby 1.9.3,
+        # JSON::Ext::Generator::State only defines `to_h`, not `to_hash`, so we
+        # need to convert it first, similar to what is done in the `else` block
+        # below. Later versions of the JSON gem alias `to_h` to `to_hash`, so this
+        # can be removed once we drop Ruby 1.9.3 support.
+        options = options.to_h if options.class.name == "JSON::Ext::Generator::State"
+
+        MultiJson.dump(object, options)
+      else
+        options.merge!(::JSON::PRETTY_STATE_PROTOTYPE.to_h) if options.delete(:pretty)
+        object.to_json(options)
+      end
+    end
+  end
+end

data/lib/puppet/util/json_lockfile.rb

@@ -23,7 +23,7 @@ class Puppet::Util::JsonLockfile < Puppet::Util::Lockfile
   def lock(lock_data = nil)
     return false if locked?
 
-    super(lock_data.to_json)
+    super(Puppet::Util::Json.dump(lock_data))
   end
 
   # Retrieve the (optional) lock data that was specified at the time the file
@@ -35,8 +35,8 @@ class Puppet::Util::JsonLockfile < Puppet::Util::Lockfile
     return nil unless file_locked?
     file_contents = super
     return nil if file_contents.nil? or file_contents.empty?
-    JSON.parse(file_contents)
-  rescue JSON::ParserError
+    Puppet::Util::Json.load(file_contents)
+  rescue Puppet::Util::Json::ParseError
     Puppet.warning _("Unable to read lockfile data from %{path}: not in JSON") % { path: @file_path }
     nil
   end

data/lib/puppet/util/log.rb

@@ -164,8 +164,6 @@ class Puppet::Util::Log
     end
   end
 
-  private
-  # produces UTF-8 strings or dumps strings when they cannot be re-encoded
   def Log.coerce_string(str)
     return Puppet::Util::CharacterEncoding.convert_to_utf_8(str) if str.valid_encoding?
 
@@ -175,8 +173,7 @@ class Puppet::Util::Log
     message += '\n' + _("Backtrace:\n%{backtrace}") % { backtrace: caller[0..10].join("\n") }
     message
   end
-
-  public
+  private_class_method :coerce_string
 
   # Route the actual message. FIXME There are lots of things this method
   # should do, like caching and a bit more.  It's worth noting that there's
@@ -381,7 +378,7 @@ class Puppet::Util::Log
   def source=(source)
     if defined?(Puppet::Type) && source.is_a?(Puppet::Type)
       @source = source.path
-      source.tags.each { |t| tag(t) }
+      merge_tags_from(source)
       self.file = source.file
       self.line = source.line
     else

data/lib/puppet/util/log/destinations.rb

@@ -109,7 +109,7 @@ Puppet::Util::Log.newdesttype :file do
   def handle(msg)
     if @json > 0
       @json > 1 ? @file.puts(',') : @json = 2
-      JSON.dump(msg.to_structured_hash, @file)
+      Puppet::Util::Json.dump(msg.to_structured_hash, @file)
     else
       @file.puts("#{msg.time} #{msg.source} (#{msg.level}): #{msg}")
     end
@@ -135,7 +135,7 @@ Puppet::Util::Log.newdesttype :logstash_event do
 
   def handle(msg)
     message = format(msg)
-    $stdout.puts message.to_json
+    $stdout.puts Puppet::Util::Json.dump(message)
   end
 end
 

data/lib/puppet/util/network_device/cisco/facts.rb

@@ -63,7 +63,7 @@ class Puppet::Util::NetworkDevice::Cisco::Facts
   end
 
   def uptime_to_seconds(uptime)
-    captures = (uptime.match /^(?:(\d+) years?,)?\s*(?:(\d+) weeks?,)?\s*(?:(\d+) days?,)?\s*(?:(\d+) hours?,)?\s*(\d+) minutes?$/).captures
+    captures = (uptime.match(/^(?:(\d+) years?,)?\s*(?:(\d+) weeks?,)?\s*(?:(\d+) days?,)?\s*(?:(\d+) hours?,)?\s*(\d+) minutes?$/)).captures
     captures.zip([31536000, 604800, 86400, 3600, 60]).inject(0) do |total, (x,y)|
       total + (x.nil? ? 0 : x.to_i * y)
     end

data/lib/puppet/util/plist.rb

@@ -41,7 +41,7 @@ module Puppet::Util::Plist
 
         Puppet.debug "Plist #{file_path} ill-formatted, converting with plutil"
         begin
-          plist = Puppet::Util::Execution.execute(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', file_path],
+          plist = Puppet::Util::Execution.execute(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', file_path],
                                                   {:failonfail => true, :combine => true})
           return parse_plist(plist)
         rescue Puppet::ExecutionFailure => detail

data/lib/puppet/util/reference.rb

@@ -12,10 +12,6 @@ class Puppet::Util::Reference
 
   instance_load(:reference, 'puppet/reference')
 
-  def self.footer
-    "\n\n----------------\n\n" + _("*This page autogenerated on %{current_time}*\n") % { current_time: Time.now.to_s }
-  end
-
   def self.modes
     %w{pdf text}
   end
@@ -111,15 +107,12 @@ class Puppet::Util::Reference
   def to_markdown(withcontents = true)
     # First the header
     text = markdown_header(@title, 1)
-    #TRANSLATORS message accompanied by date of generation
-    text << _("\n\n**This page is autogenerated; any changes will get overwritten** *(last generated on %{current_time})*\n\n") % { current_time: Time.now.to_s }
+    text << _("\n\n**This page is autogenerated; any changes will get overwritten**\n\n")
 
     text << @header
 
     text << generate
 
-    text << self.class.footer if withcontents
-
     text
   end
 end

data/lib/puppet/util/tagging.rb

@@ -87,7 +87,7 @@ module Puppet::Util::Tagging
 
   # Merge tags from a tagged instance with no attempts to split, downcase
   # or verify the tags
-  def merge_tags(tag_source)
+  def merge_tags_from(tag_source)
     @tags ||= new_tags
     tag_source.merge_into(@tags)
   end

data/lib/puppet/util/warnings.rb

@@ -20,8 +20,6 @@ module Puppet::Util::Warnings
     nil
   end
 
-  protected
-
   def self.maybe_log(message, klass)
     @stampwarnings ||= {}
     @stampwarnings[klass] ||= []

data/lib/puppet/util/windows/adsi.rb

@@ -66,7 +66,7 @@ module Puppet::Util::Windows::ADSI
       return sid_uri(sid) if sid.kind_of?(Puppet::Util::Windows::SID::Principal)
 
       begin
-        sid = Puppet::Util::Windows::SID.name_to_sid_object(sid)
+        sid = Puppet::Util::Windows::SID.name_to_principal(sid)
         sid_uri(sid)
       rescue Puppet::Util::Windows::Error, Puppet::Error
         nil
@@ -114,7 +114,7 @@ module Puppet::Util::Windows::ADSI
         Puppet::Util::Windows::SID.sid_to_name('S-1-5-32').upcase,
         # localized version of NT AUTHORITY (can't use S-1-5)
         # for instance AUTORITE NT on French Windows
-        Puppet::Util::Windows::SID.name_to_sid_object('SYSTEM').domain.upcase
+        Puppet::Util::Windows::SID.name_to_principal('SYSTEM').domain.upcase
       ]
     end
 
@@ -139,10 +139,12 @@ module Puppet::Util::Windows::ADSI
       return account, domain
     end
 
+    # returns Puppet::Util::Windows::SID::Principal[]
+    # may contain objects that represent unresolvable SIDs
     def get_sids(adsi_child_collection)
       sids = []
       adsi_child_collection.each do |m|
-        sids << Puppet::Util::Windows::SID.octet_string_to_sid_object(m.objectSID)
+        sids << Puppet::Util::Windows::SID.ads_to_principal(m)
       end
 
       sids
@@ -152,7 +154,7 @@ module Puppet::Util::Windows::ADSI
       return {} if names.nil? || names.empty?
 
       sids = names.map do |name|
-        sid = Puppet::Util::Windows::SID.name_to_sid_object(name)
+        sid = Puppet::Util::Windows::SID.name_to_principal(name)
         raise Puppet::Error.new( _("Could not resolve name: %{name}") % { name: name } ) if !sid
         [sid.sid, sid]
       end
@@ -183,7 +185,7 @@ module Puppet::Util::Windows::ADSI
     end
 
     def sid
-      @sid ||= Puppet::Util::Windows::SID.octet_string_to_sid_object(native_user.objectSID)
+      @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_user.objectSID)
     end
 
     def uri
@@ -336,12 +338,12 @@ module Puppet::Util::Windows::ADSI
     end
 
     def self.current_user_sid
-      Puppet::Util::Windows::SID.name_to_sid_object(current_user_name)
+      Puppet::Util::Windows::SID.name_to_principal(current_user_name)
     end
 
     def self.exists?(name_or_sid)
       well_known = false
-      if (sid = Puppet::Util::Windows::SID.name_to_sid_object(name_or_sid))
+      if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
         return true if sid.account_type == :SidTypeUser
 
         # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
@@ -431,7 +433,7 @@ module Puppet::Util::Windows::ADSI
     end
 
     def sid
-      @sid ||= Puppet::Util::Windows::SID.octet_string_to_sid_object(native_group.objectSID)
+      @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_group.objectSID)
     end
 
     def commit
@@ -463,18 +465,13 @@ module Puppet::Util::Windows::ADSI
       end
     end
 
+    # returns Puppet::Util::Windows::SID::Principal[]
+    # may contain objects that represent unresolvable SIDs
+    # qualified account names are returned by calling #domain_account
     def members
-      # WIN32OLE objects aren't enumerable, so no map
-      members = []
-      # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
-      # values are returned as UTF-8
-      native_group.Members.each {|m| members << m.Name}
-      members
-    end
-
-    def member_sids
       self.class.get_sids(native_group.Members)
     end
+    alias member_sids members
 
     def set_members(desired_members, inclusive = true)
       return if desired_members.nil?
@@ -508,7 +505,7 @@ module Puppet::Util::Windows::ADSI
 
     def self.exists?(name_or_sid)
       well_known = false
-      if (sid = Puppet::Util::Windows::SID.name_to_sid_object(name_or_sid))
+      if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
         return true if sid.account_type == :SidTypeGroup
 
         # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM

data/lib/puppet/util/windows/com.rb

@@ -76,8 +76,9 @@ module Puppet::Util::Windows::COM
           vtable_hash = Hash[(ifaces.map { |iface| iface::VTBL::SPEC.to_a } << spec.to_a).flatten(1)]
           const_set(:SPEC, vtable_hash)
 
-          layout \
+          layout(
             *self::SPEC.map { |name, signature| [name, callback(*signature)] }.flatten
+          )
         end
 
         const_set(:VTBL, vtable)

data/lib/puppet/util/windows/file.rb

@@ -393,8 +393,6 @@ module Puppet::Util::Windows::File
   end
   module_function :lstat
 
-  private
-
   # https://msdn.microsoft.com/en-us/library/windows/desktop/aa364571(v=vs.85).aspx
   FSCTL_GET_REPARSE_POINT = 0x900a8
 
@@ -410,6 +408,7 @@ module Puppet::Util::Windows::File
 
     path
   end
+  private_class_method :resolve_symlink
 
   # these reparse point types are the only ones Puppet currently understands
   # so rather than raising an exception in readlink, prefer to not consider
@@ -426,6 +425,7 @@ module Puppet::Util::Windows::File
 
     symlink
   end
+  private_class_method :symlink_reparse_point?
 
   ffi_convention :stdcall
 

data/lib/puppet/util/windows/principal.rb

@@ -32,9 +32,10 @@ module Puppet::Util::Windows::SID
         @sid_bytes == compare.sid_bytes
     end
 
-    # added for backward compatibility
+    # returns authority qualified account name
+    # prefer to compare Principal instances with == operator or by #sid
     def to_s
-      @sid
+      @domain_account
     end
 
     # = 8 + max sub identifiers (15) * 4
@@ -64,14 +65,14 @@ module Puppet::Util::Windows::SID
                 last_error = FFI.errno
 
                 if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
-                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW'), last_error)
+                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: account_name}, last_error)
                 end
 
                 FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
                   if LookupAccountNameW(system_name_ptr, account_name_ptr,
                       sid_ptr, sid_length_ptr,
                       domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
-                   raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW'))
+                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: account_name} )
                   end
 
                   # with a SID returned, loop back through lookup_account_sid to retrieve official name
@@ -116,14 +117,14 @@ module Puppet::Util::Windows::SID
                 last_error = FFI.errno
 
                 if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
-                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW'), last_error)
+                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes}, last_error)
                 end
 
                 FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr|
                   FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
                     if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr,
                         domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
-                     raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW'))
+                     raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes} )
                     end
 
                     return new(

data/lib/puppet/util/windows/sid.rb

@@ -52,18 +52,18 @@ module Puppet::Util::Windows
     # 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
     # SID. Returns nil if the account doesn't exist.
     def name_to_sid(name)
-      sid = name_to_sid_object(name)
+      sid = name_to_principal(name)
 
       sid ? sid.sid : nil
     end
     module_function :name_to_sid
 
-    # Convert an account name, e.g. 'Administrators' into a SID object,
+    # Convert an account name, e.g. 'Administrators' into a Principal::SID object,
     # e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',
     # 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
     # SID object. Returns nil if the account doesn't exist.
     # This method returns a SID::Principal with the account, domain, SID, etc
-    def name_to_sid_object(name)
+    def name_to_principal(name)
       # Apparently, we accept a symbol..
       name = name.to_s.strip if name
 
@@ -80,21 +80,50 @@ module Puppet::Util::Windows
     rescue
       nil
     end
-    module_function :name_to_sid_object
+    module_function :name_to_principal
+    class << self; alias name_to_sid_object name_to_principal; end
 
-    # Converts an octet string array of bytes to a SID object,
+    # Converts an octet string array of bytes to a SID::Principal object,
     # e.g. [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] is the representation for
     # S-1-5-18, the local 'SYSTEM' account.
     # Raises an Error for nil or non-array input.
     # This method returns a SID::Principal with the account, domain, SID, etc
-    def octet_string_to_sid_object(bytes)
+    def octet_string_to_principal(bytes)
       if !bytes || !bytes.respond_to?('pack') || bytes.empty?
         raise Puppet::Util::Windows::Error.new(_("Octet string must be an array of bytes"))
       end
 
       Principal.lookup_account_sid(bytes)
     end
-    module_function :octet_string_to_sid_object
+    module_function :octet_string_to_principal
+    class << self; alias octet_string_to_sid_object octet_string_to_principal; end
+
+    # Converts a COM instance of IAdsUser or IAdsGroup to a SID::Principal object,
+    # Raises an Error for nil or an object without an objectSID / Name property.
+    # This method returns a SID::Principal with the account, domain, SID, etc
+    # This method will return instances even when the SID is unresolvable, as
+    # may be the case when domain users have been added to local groups, but
+    # removed from the domain
+    def ads_to_principal(ads_object)
+      if !ads_object || !ads_object.respond_to?(:ole_respond_to?) ||
+        !ads_object.ole_respond_to?(:objectSID) || !ads_object.ole_respond_to?(:Name)
+        raise Puppet::Error.new("ads_object must be an IAdsUser or IAdsGroup instance")
+      end
+      octet_string_to_principal(ads_object.objectSID)
+    rescue Puppet::Util::Windows::Error => e
+      # if the error is not a lookup / mapping problem, immediately re-raise
+      raise if e.code != ERROR_NONE_MAPPED
+
+      # if the Name property isn't formatted like a SID, OR
+      if !valid_sid?(ads_object.Name) ||
+        # if the objectSID doesn't match the Name property, also raise
+        ((converted = octet_string_to_sid_string(ads_object.objectSID)) != ads_object.Name)
+        raise Puppet::Error.new("ads_object Name: #{ads_object.Name} invalid or does not match objectSID: #{ads_object.objectSID} (#{converted})", e)
+      end
+
+      unresolved_principal(ads_object.Name, ads_object.objectSID)
+    end
+    module_function :ads_to_principal
 
     # Convert a SID string, e.g. "S-1-5-32-544" to a name,
     # e.g. 'BUILTIN\Administrators'. Returns nil if an account
@@ -191,6 +220,30 @@ module Puppet::Util::Windows
     end
     module_function :get_length_sid
 
+    def octet_string_to_sid_string(sid_bytes)
+      sid_string = nil
+
+      FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
+        sid_ptr.write_array_of_uchar(sid_bytes)
+        sid_string = Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr)
+      end
+
+      sid_string
+    end
+    module_function :octet_string_to_sid_string
+
+    # @api private
+    def self.unresolved_principal(name, sid_bytes)
+      Principal.new(
+        name + " (unresolvable)", # account
+        sid_bytes, # sid_bytes
+        name, # sid string
+        nil, #domain
+        # https://msdn.microsoft.com/en-us/library/cc245534.aspx?f=255&MSPPError=-2147217396
+        # Indicates that the type of object could not be determined. For example, no object with that SID exists.
+        :SidTypeUnknown)
+    end
+
     ffi_convention :stdcall
 
     # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379151(v=vs.85).aspx