puppet 5.5.16-x86-mingw32 → 5.5.17-x86-mingw32

data/lib/puppet/type.rb

@@ -2443,6 +2443,13 @@ end
         err(_("Unable to mark '%{name}' as sensitive: the property itself is not defined on %{type}.") % { name: name, type: type })
       end
     end
+
+    parameters.each do |name, param|
+      next if param.sensitive
+      if param.is_a?(Puppet::Parameter)
+        param.sensitive = param.is_sensitive if param.respond_to?(:is_sensitive)
+      end
+    end
   end
 
   private

data/lib/puppet/type/exec.rb

@@ -455,9 +455,13 @@ module Puppet
           return false
         end
 
-        output.split(/\n/).each { |line|
-          self.debug(line)
-        }
+        if sensitive
+          self.debug("[output redacted]")
+        else
+          output.split(/\n/).each { |line|
+            self.debug(line)
+          }
+        end
 
         status.exitstatus != 0
       end
@@ -507,9 +511,13 @@ module Puppet
           return false
         end
 
-        output.split(/\n/).each { |line|
-          self.debug(line)
-        }
+        if sensitive
+          self.debug("[output redacted]")
+        else
+          output.split(/\n/).each { |line|
+            self.debug(line)
+          }
+        end
 
         status.exitstatus == 0
       end

data/lib/puppet/type/package.rb

@@ -1,3 +1,4 @@
+# coding: utf-8
 # Define the different packaging systems.  Each package system is implemented
 # in a module, which then gets used to individually extend each package object.
 # This allows packages to exist on the same machine using different packaging
@@ -56,6 +57,7 @@ module Puppet
         a user or another package. Held is considered a superset of
         installed.",
       :methods => [:hold]
+    feature :install_only, "The provider accepts options to only install packages never update (kernels, etc.)"
     feature :install_options, "The provider accepts options to be
       passed to the installer command."
     feature :uninstall_options, "The provider accepts options to be
@@ -483,6 +485,14 @@ module Puppet
         which type of package you want."
     end
 
+    newparam(:install_only, :boolean => false, :parent => Puppet::Parameter::Boolean, :required_features => :install_only) do
+      desc <<-EOT
+        It should be set for packages that should only ever be installed,
+        never updated. Kernels in particular fall into this category.
+      EOT
+      defaultto false
+    end
+
     newparam(:install_options, :parent => Puppet::Parameter::PackageOptions, :required_features => :install_options) do
       desc <<-EOT
         An array of additional options to pass when installing a package. These

data/lib/puppet/type/service.rb

@@ -73,6 +73,11 @@ module Puppet
         provider.enabled?
       end
 
+      # This only works on Windows systems.
+      newvalue(:delayed, :event => :service_delayed_start) do
+        provider.delayed_start
+      end
+
       # This only makes sense on systemd systems. Static services cannot be enabled
       # or disabled manually.
       def insync?(current)
@@ -85,8 +90,8 @@ module Puppet
       end
 
       validate do |value|
-        if value == :manual and !Puppet.features.microsoft_windows?
-          raise Puppet::Error.new(_("Setting enable to manual is only supported on Microsoft Windows."))
+        if (value == :manual || value == :delayed) && !Puppet.features.microsoft_windows?
+          raise Puppet::Error.new(_("Setting enable to %{value} is only supported on Microsoft Windows.") % { value: value.to_s} )
         end
       end
     end

data/lib/puppet/type/user.rb

@@ -255,21 +255,7 @@ module Puppet
         raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) and value.include?(":")
       end
 
-      def change_to_s(currentvalue, newvalue)
-        if currentvalue == :absent
-          return _("created password")
-        else
-          return _("changed password")
-        end
-      end
-
-      def is_to_s( currentvalue )
-        return _('[old password hash redacted]')
-      end
-      def should_to_s( newvalue )
-        return _('[new password hash redacted]')
-      end
-
+      sensitive true
     end
 
     newproperty(:password_min_age, :required_features => :manages_password_age) do

data/lib/puppet/type/yumrepo.rb

@@ -321,6 +321,8 @@ Puppet::Type.newtype(:yumrepo) do
     desc "Password for this proxy. #{ABSENT_DOC}"
 
     newvalues(/.*/, :absent)
+
+    sensitive true
   end
 
   newproperty(:s3_enabled) do
@@ -423,12 +425,6 @@ Puppet::Type.newtype(:yumrepo) do
     desc "Password to use with the username for basic authentication.
       #{ABSENT_DOC}"
     newvalues(/.*/, :absent)
-  end
-
-  private
-
-  def set_sensitive_parameters(sensitive_parameters)
-    parameter(:password).sensitive = true if parameter(:password)
-    super(sensitive_parameters)
+    sensitive true
   end
 end

data/lib/puppet/util/execution.rb

@@ -162,15 +162,16 @@ module Puppet::Util::Execution
 
     options = default_options.merge(options)
 
-    if options[:sensitive]
-      command_str = '[redacted]'
-    elsif command.is_a?(Array)
+    if command.is_a?(Array)
       command = command.flatten.map(&:to_s)
       command_str = command.join(" ")
     elsif command.is_a?(String)
       command_str = command
     end
 
+    # do this after processing 'command' array or string
+    command_str = '[redacted]' if options[:sensitive]
+
     user_log_s = ''
     if options[:uid]
       user_log_s << " uid=#{options[:uid]}"

data/lib/puppet/util/http_proxy.rb

@@ -33,7 +33,7 @@ module Puppet::Util::HttpProxy
   #   .example.com
   # We'll accommodate both here.
   def self.no_proxy?(dest)
-    unless no_proxy_env = ENV["no_proxy"] || ENV["NO_PROXY"]
+    unless no_proxy = self.no_proxy
       return false
     end
 
@@ -45,7 +45,7 @@ module Puppet::Util::HttpProxy
       end
     end
 
-    no_proxy_env.split(/\s*,\s*/).each do |d|
+    no_proxy.split(/\s*,\s*/).each do |d|
       host, port = d.split(':')
       host = Regexp.escape(host).gsub('\*', '.*')
 
@@ -127,6 +127,20 @@ module Puppet::Util::HttpProxy
     return Puppet.settings[:http_proxy_password]
   end
 
+  def self.no_proxy
+    no_proxy_env = ENV["no_proxy"] || ENV["NO_PROXY"]
+
+    if no_proxy_env
+      return no_proxy_env
+    end
+
+    if Puppet.settings[:no_proxy] == 'none'
+      return nil
+    end
+
+    return Puppet.settings[:no_proxy]
+  end
+
   # Return a Net::HTTP::Proxy object.
   #
   # This method optionally configures SSL correctly if the URI scheme is

data/lib/puppet/util/selinux.rb

@@ -13,7 +13,7 @@ require 'pathname'
 
 module Puppet::Util::SELinux
 
-  def selinux_support?
+  def self.selinux_support?
     return false unless defined?(Selinux)
     if Selinux.is_selinux_enabled == 1
       return true
@@ -21,6 +21,10 @@ module Puppet::Util::SELinux
     false
   end
 
+  def selinux_support?
+    Puppet::Util::SELinux.selinux_support?
+  end
+
   # Retrieve and return the full context of the file.  If we don't have
   # SELinux support or if the SELinux call fails then return nil.
   def get_selinux_current_context(file)

data/lib/puppet/util/windows/security.rb

@@ -200,6 +200,7 @@ module Puppet::Util::Windows::Security
     well_known_world_sid = Puppet::Util::Windows::SID::Everyone
     well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
     well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
+    well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
 
     mode = S_ISYSTEM_MISSING
 
@@ -234,6 +235,7 @@ module Puppet::Util::Windows::Security
         if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
           mode |= S_ISVTX
         end
+      when well_known_app_packages_sid
       when well_known_system_sid
       else
         #puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"

data/lib/puppet/util/windows/service.rb

@@ -1,3 +1,4 @@
+# coding: utf-8
 require 'puppet/util/windows'
 require 'ffi'
 
@@ -180,7 +181,30 @@ module Puppet::Util::Windows
     # // Value to indicate no change to an optional parameter
     # //
     # #define SERVICE_NO_CHANGE              0xffffffff
-    SERVICE_NO_CHANGE = 0xffffffff
+    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
+    SERVICE_CONFIG_DESCRIPTION              = 0x00000001
+    SERVICE_CONFIG_FAILURE_ACTIONS          = 0x00000002
+    SERVICE_CONFIG_DELAYED_AUTO_START_INFO  = 0x00000003
+    SERVICE_CONFIG_FAILURE_ACTIONS_FLAG     = 0x00000004
+    SERVICE_CONFIG_SERVICE_SID_INFO         = 0x00000005
+    SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 0x00000006
+    SERVICE_CONFIG_PRESHUTDOWN_INFO         = 0x00000007
+    SERVICE_CONFIG_TRIGGER_INFO             = 0x00000008
+    SERVICE_CONFIG_PREFERRED_NODE           = 0x00000009
+    SERVICE_CONFIG_LAUNCH_PROTECTED         = 0x00000012
+    SERVICE_NO_CHANGE                       = 0xffffffff
+    SERVICE_CONFIG_TYPES = {
+      SERVICE_CONFIG_DESCRIPTION => :SERVICE_CONFIG_DESCRIPTION,
+      SERVICE_CONFIG_FAILURE_ACTIONS => :SERVICE_CONFIG_FAILURE_ACTIONS,
+      SERVICE_CONFIG_DELAYED_AUTO_START_INFO => :SERVICE_CONFIG_DELAYED_AUTO_START_INFO,
+      SERVICE_CONFIG_FAILURE_ACTIONS_FLAG => :SERVICE_CONFIG_FAILURE_ACTIONS_FLAG,
+      SERVICE_CONFIG_SERVICE_SID_INFO => :SERVICE_CONFIG_SERVICE_SID_INFO,
+      SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO => :SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO,
+      SERVICE_CONFIG_PRESHUTDOWN_INFO => :SERVICE_CONFIG_PRESHUTDOWN_INFO,
+      SERVICE_CONFIG_TRIGGER_INFO => :SERVICE_CONFIG_TRIGGER_INFO,
+      SERVICE_CONFIG_PREFERRED_NODE => :SERVICE_CONFIG_PREFERRED_NODE,
+      SERVICE_CONFIG_LAUNCH_PROTECTED => :SERVICE_CONFIG_LAUNCH_PROTECTED,
+    }
 
     # Service enum codes
     # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexa
@@ -219,6 +243,19 @@ module Puppet::Util::Windows
       )
     end
 
+    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_delayed_auto_start_info
+    # typedef struct _SERVICE_DELAYED_AUTO_START_INFO {
+    #   BOOL fDelayedAutostart;
+    # } SERVICE_DELAYED_AUTO_START_INFO, *LPSERVICE_DELAYED_AUTO_START_INFO;
+    class SERVICE_DELAYED_AUTO_START_INFO < FFI::Struct
+      layout(:fDelayedAutostart, :int)
+      alias aset []=
+      # Intercept the accessor so that we can handle either true/false or 1/0.
+      # Since there is only one member, there’s no need to check the key name.
+      def []=(key, value)
+        [0, false].include?(value) ? aset(key, 0) : aset(key, 1)
+      end
+    end
 
     # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_enum_service_status_processw
     # typedef struct _ENUM_SERVICE_STATUS_PROCESSW {
@@ -374,6 +411,7 @@ module Puppet::Util::Windows
     module_function :service_state
 
     # Query the configuration of a service using QueryServiceConfigW
+    # or QueryServiceConfig2W
     #
     # @param [:string] service_name name of the service to query
     # @return [QUERY_SERVICE_CONFIGW.struct] the configuration of the service
@@ -384,6 +422,14 @@ module Puppet::Util::Windows
           start_type = SERVICE_START_TYPES[config[:dwStartType]]
         end
       end
+      # if the service has type AUTO_START, check if it's a delayed service
+      if start_type == :SERVICE_AUTO_START
+        open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG) do |service|
+          query_config2(service, SERVICE_CONFIG_DELAYED_AUTO_START_INFO) do |config|
+            return :SERVICE_DELAYED_AUTO_START if config[:fDelayedAutostart] == 1
+          end
+        end
+      end
       if start_type.nil?
         raise Puppet::Error.new(_("Unknown start type '%{start_type}' for '%{service_name}'") % { start_type: start_type.to_s, service_name: service_name})
       end
@@ -393,11 +439,12 @@ module Puppet::Util::Windows
 
     # Change the startup mode of a windows service
     #
-    # @param [string] service_name the name of the service to modify
-    # @param [Int] startup_type a code corresponding to a start type for
+    # @param [String] service_name the name of the service to modify
+    # @param [Integer] startup_type a code corresponding to a start type for
     #  windows service, see the "Service start type codes" section in the
     #  Puppet::Util::Windows::Service file for the list of available codes
-    def set_startup_mode(service_name, startup_type)
+    # @param [Bool] delayed whether the service should be started with a delay
+    def set_startup_mode(service_name, startup_type, delayed=false)
       startup_code = SERVICE_START_TYPES.key(startup_type)
       if startup_code.nil?
         raise Puppet::Error.new(_("Unknown start type %{start_type}") % {startup_type: startup_type.to_s})
@@ -424,6 +471,7 @@ module Puppet::Util::Windows
           raise Puppet::Util::Windows::Error.new(_("Failed to update service configuration"))
         end
       end
+      set_startup_mode_delayed(service_name, delayed)
     end
     module_function :set_startup_mode
 
@@ -705,6 +753,82 @@ module Puppet::Util::Windows
       end
       private :query_config
 
+      # @api private
+      # perform QueryServiceConfig2W on a windows service and return the
+      # result
+      #
+      # @param [:handle] service handle of the service to query
+      # @param [Integer] info_level the configuration information to be queried
+      # @return [QUERY_SERVICE_CONFIG2W struct] the result of the query
+      def query_config2(service, info_level, &block)
+        config = nil
+        size_required = nil
+        # Fetch the bytes of memory required to be allocated
+        # for QueryServiceConfig2W to return succesfully. This
+        # is done by sending NULL and 0 for the pointer and size
+        # respectively, letting the command fail, then reading the
+        # value of pcbBytesNeeded
+        FFI::MemoryPointer.new(:lpword) do |bytes_pointer|
+          # return value will be false from this call, since it's designed
+          # to fail. Just ignore it
+          QueryServiceConfig2W(service, info_level, FFI::Pointer::NULL, 0, bytes_pointer)
+          size_required = bytes_pointer.read_dword
+          FFI::MemoryPointer.new(size_required) do |ssp_ptr|
+            # We need to supply the appropriate struct to be created based on
+            # the info_level
+            case info_level
+            when SERVICE_CONFIG_DELAYED_AUTO_START_INFO
+              config = SERVICE_DELAYED_AUTO_START_INFO.new(ssp_ptr)
+            end
+            success = QueryServiceConfig2W(
+              service,
+              info_level,
+              ssp_ptr,
+              size_required,
+              bytes_pointer
+            )
+            if success == FFI::WIN32_FALSE
+              raise Puppet::Util::Windows::Error.new(_("Service query for %{parameter_name} failed") % { parameter_name: SERVICE_CONFIG_TYPES[info_level] } )
+            end
+            yield config
+          end
+        end
+      end
+      private :query_config2
+
+      # @api private
+      # Sets an optional parameter on a service by calling
+      # ChangeServiceConfig2W
+      #
+      # @param [String] service_name name of service
+      # @param [Integer] change parameter to change
+      # @param [struct] value appropriate struct based on the parameter to change
+      def set_optional_parameter(service_name, change, value)
+        open_service(service_name, SC_MANAGER_CONNECT, SERVICE_CHANGE_CONFIG) do |service|
+          success = ChangeServiceConfig2W(
+            service,
+            change, # dwInfoLevel
+            value,  # lpInfo
+          )
+          if success == FFI::WIN32_FALSE
+            raise Puppet::Util::windows::Error.new(_("Failed to update service %{change} configuration") % { change: change } )
+          end
+        end
+      end
+      private :set_optional_parameter
+
+      # @api private
+      # Controls the delayed auto-start setting of a service
+      #
+      # @param [String] service_name name of service
+      # @param [Bool] delayed whether the service should be started with a delay or not
+      def set_startup_mode_delayed(service_name, delayed)
+        delayed_start = SERVICE_DELAYED_AUTO_START_INFO.new
+        delayed_start[:fDelayedAutostart] = delayed
+        set_optional_parameter(service_name, SERVICE_CONFIG_DELAYED_AUTO_START_INFO, delayed_start)
+      end
+      private :set_startup_mode_delayed
+
       # @api private
       # Sends a service control signal to a service
       #
@@ -899,6 +1023,18 @@ module Puppet::Util::Windows
     attach_function_private :QueryServiceConfigW,
       [:handle, :lpbyte, :dword, :lpdword], :win32_bool
 
+    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryserviceconfig2w
+    # BOOL QueryServiceConfig2W(
+    #   SC_HANDLE hService,
+    #   DWORD     dwInfoLevel,
+    #   LPBYTE    lpBuffer,
+    #   DWORD     cbBufSize,
+    #   LPDWORD   pcbBytesNeeded
+    # );
+    ffi_lib :advapi32
+    attach_function_private :QueryServiceConfig2W,
+      [:handle, :dword, :lpbyte, :dword, :lpdword], :win32_bool
+
     # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-startservicew
     # BOOL StartServiceW(
     #   SC_HANDLE hService,
@@ -949,6 +1085,15 @@ module Puppet::Util::Windows
         :lpcwstr
       ], :win32_bool
 
+    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
+    # BOOL ChangeServiceConfig2W(
+    #   SC_HANDLE hService,
+    #   DWORD     dwInfoLevel,
+    #   LPVOID    lpInfo
+    # );
+    ffi_lib :advapi32
+    attach_function_private :ChangeServiceConfig2W,
+      [:handle, :dword, :lpvoid], :win32_bool
 
     # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexw
     # BOOL EnumServicesStatusExW(