puppet 6.12.0-x64-mingw32 → 6.17.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -7
- data/CONTRIBUTING.md +7 -13
- data/Gemfile +4 -2
- data/Gemfile.lock +39 -36
- data/README.md +18 -25
- data/ext/project_data.yaml +1 -1
- data/ext/windows/service/daemon.rb +3 -3
- data/lib/puppet.rb +52 -13
- data/lib/puppet/agent.rb +20 -14
- data/lib/puppet/application/agent.rb +26 -17
- data/lib/puppet/application/describe.rb +7 -5
- data/lib/puppet/application/device.rb +2 -2
- data/lib/puppet/application/filebucket.rb +19 -15
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/resource.rb +1 -1
- data/lib/puppet/application/ssl.rb +4 -4
- data/lib/puppet/configurer.rb +65 -69
- data/lib/puppet/configurer/plugin_handler.rb +10 -1
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +154 -58
- data/lib/puppet/environments.rb +27 -20
- data/lib/puppet/face/facts.rb +8 -5
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/plugin.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +14 -2
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +14 -10
- data/lib/puppet/file_system/memory_file.rb +6 -0
- data/lib/puppet/file_system/memory_impl.rb +13 -0
- data/lib/puppet/file_system/uniquefile.rb +12 -16
- data/lib/puppet/file_system/windows.rb +7 -10
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +4 -7
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/http.rb +5 -0
- data/lib/puppet/http/client.rb +293 -73
- data/lib/puppet/http/errors.rb +2 -0
- data/lib/puppet/http/external_client.rb +90 -0
- data/lib/puppet/http/redirector.rb +43 -7
- data/lib/puppet/http/resolver.rb +46 -3
- data/lib/puppet/http/resolver/server_list.rb +76 -16
- data/lib/puppet/http/resolver/settings.rb +23 -3
- data/lib/puppet/http/resolver/srv.rb +29 -3
- data/lib/puppet/http/response.rb +87 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +151 -7
- data/lib/puppet/http/service/ca.rb +76 -14
- data/lib/puppet/http/service/compiler.rb +319 -0
- data/lib/puppet/http/service/file_server.rb +206 -0
- data/lib/puppet/http/service/report.rb +49 -23
- data/lib/puppet/http/session.rb +103 -7
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +10 -0
- data/lib/puppet/indirector/catalog/rest.rb +34 -0
- data/lib/puppet/indirector/facts/rest.rb +42 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_content/rest.rb +30 -0
- data/lib/puppet/indirector/file_metadata/http.rb +27 -8
- data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +24 -0
- data/lib/puppet/indirector/report/rest.rb +19 -0
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/request.rb +1 -1
- data/lib/puppet/indirector/rest.rb +12 -0
- data/lib/puppet/indirector/status/rest.rb +18 -0
- data/lib/puppet/loaders.rb +6 -0
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/base_pool.rb +7 -2
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +6 -0
- data/lib/puppet/network/http/connection_adapter.rb +184 -0
- data/lib/puppet/network/http/nocache_pool.rb +2 -0
- data/lib/puppet/network/http/pool.rb +13 -6
- data/lib/puppet/network/http_pool.rb +2 -1
- data/lib/puppet/node/environment.rb +11 -1
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +4 -29
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +6 -15
- data/lib/puppet/parser/compiler.rb +43 -33
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/functions.rb +18 -13
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +6 -6
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
- data/lib/puppet/pops/loaders.rb +7 -5
- data/lib/puppet/pops/parser/evaluating_parser.rb +5 -7
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
- data/lib/puppet/pops/types/type_calculator.rb +24 -0
- data/lib/puppet/pops/validation/checker4_0.rb +11 -1
- data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/aix_object.rb +4 -2
- data/lib/puppet/provider/group/aix.rb +1 -0
- data/lib/puppet/provider/group/groupadd.rb +57 -24
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +78 -4
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dnfmodule.rb +69 -15
- data/lib/puppet/provider/package/dpkg.rb +14 -7
- data/lib/puppet/provider/package/fink.rb +20 -3
- data/lib/puppet/provider/package/gem.rb +41 -7
- data/lib/puppet/provider/package/openbsd.rb +13 -1
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +143 -48
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkg.rb +18 -5
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/puppet_gem.rb +6 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +109 -25
- data/lib/puppet/provider/package/zypper.rb +59 -1
- data/lib/puppet/provider/service/systemd.rb +22 -4
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -0
- data/lib/puppet/provider/user/directoryservice.rb +30 -5
- data/lib/puppet/provider/user/useradd.rb +22 -12
- data/lib/puppet/reports/http.rb +15 -9
- data/lib/puppet/reports/store.rb +1 -1
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +8 -0
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/runtime.rb +31 -1
- data/lib/puppet/settings.rb +4 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/certificate.rb +2 -1
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/ssl/state_machine.rb +81 -35
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +15 -11
- data/lib/puppet/transaction/report.rb +2 -2
- data/lib/puppet/transaction/resource_harness.rb +1 -1
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +18 -6
- data/lib/puppet/type/file.rb +51 -13
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +51 -60
- data/lib/puppet/type/group.rb +2 -2
- data/lib/puppet/type/package.rb +102 -10
- data/lib/puppet/type/service.rb +55 -8
- data/lib/puppet/type/user.rb +3 -28
- data/lib/puppet/util.rb +39 -15
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +4 -18
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/log/destinations.rb +2 -11
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +36 -10
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/plist.rb +6 -0
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/storage.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +2 -2
- data/lib/puppet/util/windows/api_types.rb +45 -32
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +1 -0
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/util/windows/user.rb +23 -8
- data/lib/puppet/util/yaml.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +707 -574
- data/man/man5/puppet.conf.5 +74 -14
- data/man/man8/puppet-agent.8 +7 -7
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +17 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +2 -2
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
- data/spec/integration/application/agent_spec.rb +483 -0
- data/spec/integration/application/apply_spec.rb +132 -3
- data/spec/integration/application/filebucket_spec.rb +190 -0
- data/spec/integration/application/plugin_spec.rb +73 -0
- data/spec/integration/configurer_spec.rb +26 -7
- data/spec/integration/defaults_spec.rb +1 -2
- data/spec/integration/http/client_spec.rb +47 -37
- data/spec/integration/indirector/facts/facter_spec.rb +4 -0
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/module_tool/forge_spec.rb +2 -15
- data/spec/integration/network/http_pool_spec.rb +93 -20
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +6 -1
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/user_spec.rb +40 -5
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +16 -7
- data/spec/lib/puppet_spec/puppetserver.rb +119 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/unit/agent_spec.rb +80 -26
- data/spec/unit/application/agent_spec.rb +9 -5
- data/spec/unit/application/apply_spec.rb +2 -12
- data/spec/unit/application/describe_spec.rb +88 -50
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/application/resource_spec.rb +2 -2
- data/spec/unit/configurer/fact_handler_spec.rb +4 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
- data/spec/unit/configurer_spec.rb +17 -18
- data/spec/unit/context/trusted_information_spec.rb +25 -2
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/defaults_spec.rb +25 -2
- data/spec/unit/environments_spec.rb +65 -28
- data/spec/unit/face/facts_spec.rb +24 -20
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/face/plugin_spec.rb +12 -10
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +11 -0
- data/spec/unit/file_system_spec.rb +26 -2
- data/spec/unit/functions/lookup_spec.rb +13 -0
- data/spec/unit/http/client_spec.rb +327 -35
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +34 -2
- data/spec/unit/http/response_spec.rb +75 -0
- data/spec/unit/http/service/ca_spec.rb +53 -11
- data/spec/unit/http/service/compiler_spec.rb +627 -0
- data/spec/unit/http/service/file_server_spec.rb +308 -0
- data/spec/unit/http/service/report_spec.rb +27 -9
- data/spec/unit/http/service_spec.rb +98 -5
- data/spec/unit/http/session_spec.rb +190 -7
- data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
- data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
- data/spec/unit/indirector/facts/rest_spec.rb +79 -24
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
- data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
- data/spec/unit/indirector/node/rest_spec.rb +57 -2
- data/spec/unit/indirector/report/rest_spec.rb +58 -51
- data/spec/unit/indirector/request_spec.rb +1 -1
- data/spec/unit/indirector/resource/ral_spec.rb +7 -8
- data/spec/unit/indirector/rest_spec.rb +13 -0
- data/spec/unit/indirector/status/rest_spec.rb +43 -2
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
- data/spec/unit/network/http/connection_spec.rb +559 -175
- data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
- data/spec/unit/network/http/pool_spec.rb +89 -11
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/node/environment_spec.rb +16 -0
- data/spec/unit/node/facts_spec.rb +2 -1
- data/spec/unit/node_spec.rb +7 -4
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/pops/validator/validator_spec.rb +7 -2
- data/spec/unit/provider/aix_object_spec.rb +16 -2
- data/spec/unit/provider/group/groupadd_spec.rb +181 -56
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/apt_spec.rb +43 -2
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
- data/spec/unit/provider/package/dpkg_spec.rb +28 -6
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/openbsd_spec.rb +17 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +68 -19
- data/spec/unit/provider/package/pkg_spec.rb +15 -1
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/portage_spec.rb +5 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +292 -0
- data/spec/unit/provider/package/zypper_spec.rb +84 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +9 -0
- data/spec/unit/provider/service/systemd_spec.rb +92 -12
- data/spec/unit/provider/service/windows_spec.rb +22 -14
- data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +43 -24
- data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
- data/spec/unit/puppet_pal_2pec.rb +0 -26
- data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
- data/spec/unit/puppet_spec.rb +47 -0
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/resource_spec.rb +3 -3
- data/spec/unit/settings/autosign_setting_spec.rb +1 -1
- data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
- data/spec/unit/ssl/certificate_spec.rb +7 -0
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
- data/spec/unit/ssl/state_machine_spec.rb +99 -13
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +1 -10
- data/spec/unit/transaction/report_spec.rb +5 -1
- data/spec/unit/transaction_spec.rb +0 -2
- data/spec/unit/type/file/ensure_spec.rb +1 -2
- data/spec/unit/type/file/source_spec.rb +89 -38
- data/spec/unit/type/file_spec.rb +122 -96
- data/spec/unit/type/package_spec.rb +8 -0
- data/spec/unit/type/service_spec.rb +185 -8
- data/spec/unit/type/user_spec.rb +1 -2
- data/spec/unit/type_spec.rb +50 -0
- data/spec/unit/util/at_fork_spec.rb +3 -2
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +175 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +112 -42
- data/spec/unit/util/plist_spec.rb +20 -0
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/storage_spec.rb +1 -8
- data/spec/unit/util/windows/adsi_spec.rb +4 -4
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/spec/unit/util_spec.rb +3 -3
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- data/tasks/generate_cert_fixtures.rake +15 -1
- data/tasks/manpages.rake +5 -35
- metadata +73 -12
- data/COMMITTERS.md +0 -244
- data/spec/integration/faces/plugin_spec.rb +0 -61
- data/spec/integration/test/test_helper_spec.rb +0 -31
data/lib/puppet/util/storage.rb
CHANGED
@@ -180,11 +180,11 @@ module Puppet::Util::Windows::ADSI
|
|
180
180
|
sids
|
181
181
|
end
|
182
182
|
|
183
|
-
def name_sid_hash(names)
|
183
|
+
def name_sid_hash(names, allow_unresolved = false)
|
184
184
|
return {} if names.nil? || names.empty?
|
185
185
|
|
186
186
|
sids = names.map do |name|
|
187
|
-
sid = Puppet::Util::Windows::SID.name_to_principal(name)
|
187
|
+
sid = Puppet::Util::Windows::SID.name_to_principal(name, allow_unresolved)
|
188
188
|
raise Puppet::Error.new( _("Could not resolve name: %{name}") % { name: name } ) if !sid
|
189
189
|
[sid.sid, sid]
|
190
190
|
end
|
@@ -19,15 +19,11 @@ module Puppet::Util::Windows::APITypes
|
|
19
19
|
|
20
20
|
class ::FFI::Pointer
|
21
21
|
NULL_HANDLE = 0
|
22
|
+
WCHAR_NULL = "\0\0".encode('UTF-16LE').freeze
|
22
23
|
|
23
24
|
def self.from_string_to_wide_string(str, &block)
|
24
25
|
str = Puppet::Util::Windows::String.wide_string(str)
|
25
|
-
FFI::MemoryPointer.
|
26
|
-
# uchar here is synonymous with byte
|
27
|
-
ptr.put_array_of_uchar(0, str.bytes.to_a)
|
28
|
-
|
29
|
-
yield ptr
|
30
|
-
end
|
26
|
+
FFI::MemoryPointer.from_wide_string(str, &block)
|
31
27
|
|
32
28
|
# ptr has already had free called, so nothing to return
|
33
29
|
nil
|
@@ -53,11 +49,17 @@ module Puppet::Util::Windows::APITypes
|
|
53
49
|
alias_method :read_word, :read_uint16
|
54
50
|
alias_method :read_array_of_wchar, :read_array_of_uint16
|
55
51
|
|
56
|
-
def read_wide_string(char_length, dst_encoding = Encoding::UTF_8, encode_options = {})
|
52
|
+
def read_wide_string(char_length, dst_encoding = Encoding::UTF_8, strip = false, encode_options = {})
|
57
53
|
# char_length is number of wide chars (typically excluding NULLs), *not* bytes
|
58
54
|
str = get_bytes(0, char_length * 2).force_encoding('UTF-16LE')
|
55
|
+
|
56
|
+
if strip
|
57
|
+
i = str.index(WCHAR_NULL)
|
58
|
+
str = str[0, i] if i
|
59
|
+
end
|
60
|
+
|
59
61
|
str.encode(dst_encoding, str.encoding, encode_options)
|
60
|
-
rescue
|
62
|
+
rescue EncodingError => e
|
61
63
|
Puppet.debug "Unable to convert value #{str.nil? ? 'nil' : str.dump} to encoding #{dst_encoding} due to #{e.inspect}"
|
62
64
|
raise
|
63
65
|
end
|
@@ -68,32 +70,31 @@ module Puppet::Util::Windows::APITypes
|
|
68
70
|
# null_terminator = :double_null, then the terminating sequence is four bytes of zero. This is UNIT32 = 0
|
69
71
|
# @param encode_options [Hash] Accepts the same option hash that may be passed to String#encode in Ruby
|
70
72
|
def read_arbitrary_wide_string_up_to(max_char_length = 512, null_terminator = :single_null, encode_options = {})
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
73
|
+
idx = case null_terminator
|
74
|
+
when :single_null
|
75
|
+
# find index of wide null between 0 and max (exclusive)
|
76
|
+
(0...max_char_length).find do |i|
|
77
|
+
get_uint16(i * 2) == 0
|
78
|
+
end
|
79
|
+
when :double_null
|
80
|
+
# find index of double-wide null between 0 and max - 1 (exclusive)
|
81
|
+
(0...max_char_length - 1).find do |i|
|
82
|
+
get_uint32(i * 2) == 0
|
83
|
+
end
|
84
|
+
else
|
85
|
+
raise _("Unable to read wide strings with %{null_terminator} terminal nulls") % { null_terminator: null_terminator }
|
86
|
+
end
|
87
|
+
|
88
|
+
read_wide_string(idx || max_char_length, Encoding::UTF_8, false, encode_options)
|
85
89
|
end
|
86
90
|
|
87
91
|
def read_win32_local_pointer(&block)
|
88
|
-
ptr =
|
92
|
+
ptr = read_pointer
|
89
93
|
begin
|
90
|
-
ptr = read_pointer
|
91
94
|
yield ptr
|
92
95
|
ensure
|
93
|
-
if ptr &&
|
94
|
-
|
95
|
-
Puppet.debug "LocalFree memory leak"
|
96
|
-
end
|
96
|
+
if !ptr.null? && FFI::WIN32::LocalFree(ptr.address) != FFI::Pointer::NULL_HANDLE
|
97
|
+
Puppet.debug "LocalFree memory leak"
|
97
98
|
end
|
98
99
|
end
|
99
100
|
|
@@ -102,23 +103,35 @@ module Puppet::Util::Windows::APITypes
|
|
102
103
|
end
|
103
104
|
|
104
105
|
def read_com_memory_pointer(&block)
|
105
|
-
ptr =
|
106
|
+
ptr = read_pointer
|
106
107
|
begin
|
107
|
-
ptr = read_pointer
|
108
108
|
yield ptr
|
109
109
|
ensure
|
110
|
-
FFI::WIN32::CoTaskMemFree(ptr)
|
110
|
+
FFI::WIN32::CoTaskMemFree(ptr) unless ptr.null?
|
111
111
|
end
|
112
112
|
|
113
113
|
# ptr has already had CoTaskMemFree called, so nothing to return
|
114
114
|
nil
|
115
115
|
end
|
116
116
|
|
117
|
-
|
118
117
|
alias_method :write_dword, :write_uint32
|
119
118
|
alias_method :write_word, :write_uint16
|
120
119
|
end
|
121
120
|
|
121
|
+
class FFI::MemoryPointer
|
122
|
+
# Return a MemoryPointer that points to wide string. This is analogous to the
|
123
|
+
# FFI::MemoryPointer.from_string method.
|
124
|
+
def self.from_wide_string(wstr)
|
125
|
+
ptr = FFI::MemoryPointer.new(:uchar, wstr.bytesize + 2)
|
126
|
+
ptr.put_array_of_uchar(0, wstr.bytes.to_a)
|
127
|
+
ptr.put_uint16(wstr.bytesize, 0)
|
128
|
+
|
129
|
+
yield ptr if block_given?
|
130
|
+
|
131
|
+
ptr
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
122
135
|
# FFI Types
|
123
136
|
# https://github.com/ffi/ffi/wiki/Types
|
124
137
|
|
@@ -140,12 +140,7 @@ class Puppet::Util::Windows::EventLog
|
|
140
140
|
# @api private
|
141
141
|
def from_string_to_wide_string(str, &block)
|
142
142
|
str = wide_string(str)
|
143
|
-
FFI::MemoryPointer.
|
144
|
-
# uchar here is synonymous with byte
|
145
|
-
ptr.put_array_of_uchar(0, str.bytes.to_a)
|
146
|
-
|
147
|
-
yield ptr
|
148
|
-
end
|
143
|
+
FFI::MemoryPointer.from_wide_string(str) { |ptr| yield ptr }
|
149
144
|
|
150
145
|
# ptr has already had free called, so nothing to return
|
151
146
|
nil
|
@@ -41,6 +41,7 @@ module Puppet::Util::Windows::SID
|
|
41
41
|
# = 8 + max sub identifiers (15) * 4
|
42
42
|
MAXIMUM_SID_BYTE_LENGTH = 68
|
43
43
|
|
44
|
+
ERROR_INVALID_PARAMETER = 87
|
44
45
|
ERROR_INSUFFICIENT_BUFFER = 122
|
45
46
|
|
46
47
|
def self.lookup_account_name(system_name = nil, account_name)
|
@@ -48,9 +49,7 @@ module Puppet::Util::Windows::SID
|
|
48
49
|
begin
|
49
50
|
if system_name
|
50
51
|
system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
|
51
|
-
|
52
|
-
system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
|
53
|
-
system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
|
52
|
+
system_name_ptr = FFI::MemoryPointer.from_wide_string(system_name_wide)
|
54
53
|
end
|
55
54
|
|
56
55
|
FFI::MemoryPointer.from_string_to_wide_string(account_name) do |account_name_ptr|
|
@@ -101,9 +100,7 @@ module Puppet::Util::Windows::SID
|
|
101
100
|
begin
|
102
101
|
if system_name
|
103
102
|
system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
|
104
|
-
|
105
|
-
system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
|
106
|
-
system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
|
103
|
+
system_name_ptr = FFI::MemoryPointer.from_wide_string(system_name_wide)
|
107
104
|
end
|
108
105
|
|
109
106
|
FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
|
@@ -112,6 +109,11 @@ module Puppet::Util::Windows::SID
|
|
112
109
|
FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|
|
113
110
|
|
114
111
|
sid_ptr.write_array_of_uchar(sid_bytes)
|
112
|
+
|
113
|
+
if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
|
114
|
+
raise Puppet::Util::Windows::Error.new(_('Byte array for lookup_account_sid is invalid: %{sid_bytes}') % { sid_bytes: sid_bytes }, ERROR_INVALID_PARAMETER)
|
115
|
+
end
|
116
|
+
|
115
117
|
success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr,
|
116
118
|
FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
|
117
119
|
last_error = FFI.errno
|
@@ -122,21 +122,22 @@ module Puppet::Util::Windows::Process
|
|
122
122
|
def get_process_image_name_by_pid(pid)
|
123
123
|
image_name = ""
|
124
124
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
125
|
+
Puppet::Util::Windows::Security.with_privilege(Puppet::Util::Windows::Security::SE_DEBUG_NAME) do
|
126
|
+
open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
|
127
|
+
FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
|
128
|
+
# UTF is 2 bytes/char:
|
129
|
+
max_chars = MAX_PATH_LENGTH + 1
|
130
|
+
exe_name_length_ptr.write_dword(max_chars)
|
131
|
+
FFI::MemoryPointer.new(:wchar, max_chars) do |exe_name_ptr|
|
132
|
+
use_win32_path_format = 0
|
133
|
+
result = QueryFullProcessImageNameW(phandle, use_win32_path_format, exe_name_ptr, exe_name_length_ptr)
|
134
|
+
if result == FFI::WIN32_FALSE
|
135
|
+
raise Puppet::Util::Windows::Error.new(
|
136
|
+
"QueryFullProcessImageNameW(phandle, #{use_win32_path_format}, " +
|
137
|
+
"exe_name_ptr, #{max_chars}")
|
138
|
+
end
|
139
|
+
image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
|
138
140
|
end
|
139
|
-
image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
|
140
141
|
end
|
141
142
|
end
|
142
143
|
end
|
@@ -110,13 +110,16 @@ module Puppet::Util::Windows
|
|
110
110
|
|
111
111
|
private
|
112
112
|
|
113
|
-
|
113
|
+
# max number of wide characters including NULL terminator
|
114
|
+
MAX_KEY_CHAR_LENGTH = 255 + 1
|
115
|
+
|
116
|
+
def reg_enum_key(key, index, max_key_char_length = MAX_KEY_CHAR_LENGTH)
|
114
117
|
subkey, filetime = nil, nil
|
115
118
|
|
116
119
|
FFI::MemoryPointer.new(:dword) do |subkey_length_ptr|
|
117
120
|
FFI::MemoryPointer.new(FFI::WIN32::FILETIME.size) do |filetime_ptr|
|
118
|
-
FFI::MemoryPointer.new(:wchar,
|
119
|
-
subkey_length_ptr.write_dword(
|
121
|
+
FFI::MemoryPointer.new(:wchar, max_key_char_length) do |subkey_ptr|
|
122
|
+
subkey_length_ptr.write_dword(max_key_char_length)
|
120
123
|
|
121
124
|
# RegEnumKeyEx cannot be called twice to properly size the buffer
|
122
125
|
result = RegEnumKeyExW(key.hkey, index,
|
@@ -141,7 +144,10 @@ module Puppet::Util::Windows
|
|
141
144
|
[subkey, filetime]
|
142
145
|
end
|
143
146
|
|
144
|
-
|
147
|
+
# max number of wide characters including NULL terminator
|
148
|
+
MAX_VALUE_CHAR_LENGTH = 16383 + 1
|
149
|
+
|
150
|
+
def reg_enum_value(key, index, max_value_length = MAX_VALUE_CHAR_LENGTH)
|
145
151
|
subkey, type, data = nil, nil, nil
|
146
152
|
|
147
153
|
FFI::MemoryPointer.new(:dword) do |subkey_length_ptr|
|
@@ -234,7 +240,7 @@ module Puppet::Util::Windows
|
|
234
240
|
begin
|
235
241
|
case type
|
236
242
|
when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
|
237
|
-
result = [ type,
|
243
|
+
result = [ type, data_ptr.read_wide_string(string_length, Encoding::UTF_8, true) ]
|
238
244
|
when Win32::Registry::REG_MULTI_SZ
|
239
245
|
result = [ type, data_ptr.read_wide_string(string_length).split(/\0/) ]
|
240
246
|
when Win32::Registry::REG_BINARY
|
@@ -314,12 +320,6 @@ module Puppet::Util::Windows
|
|
314
320
|
result
|
315
321
|
end
|
316
322
|
|
317
|
-
def sanitize(value)
|
318
|
-
# Replace null bytes with a space
|
319
|
-
value.tr!("\x00", ' ')
|
320
|
-
value
|
321
|
-
end
|
322
|
-
|
323
323
|
ffi_convention :stdcall
|
324
324
|
|
325
325
|
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms724862(v=vs.85).aspx
|
@@ -440,43 +440,60 @@ module Puppet::Util::Windows
|
|
440
440
|
end
|
441
441
|
module_function :service_start_type
|
442
442
|
|
443
|
-
#
|
443
|
+
# Query the configuration of a service using QueryServiceConfigW
|
444
|
+
# to find its current logon account
|
444
445
|
#
|
445
|
-
# @
|
446
|
-
#
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
if startup_code.nil?
|
453
|
-
raise Puppet::Error.new(_("Unknown start type %{start_type}") % {startup_type: startup_type.to_s})
|
446
|
+
# @return [String] logon_account account currently set for the service's logon
|
447
|
+
# in the format "DOMAIN\Account" or ".\Account" if it's a local account
|
448
|
+
def logon_account(service_name)
|
449
|
+
open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG) do |service|
|
450
|
+
query_config(service) do |config|
|
451
|
+
return config[:lpServiceStartName].read_arbitrary_wide_string_up_to(Puppet::Util::Windows::ADSI::User::MAX_USERNAME_LENGTH)
|
452
|
+
end
|
454
453
|
end
|
454
|
+
end
|
455
|
+
module_function :logon_account
|
456
|
+
|
457
|
+
# Set the startup configuration of a windows service
|
458
|
+
#
|
459
|
+
# @param [String] service_name the name of the service to modify
|
460
|
+
# @param [Hash] options the configuration to be applied. Expected option keys:
|
461
|
+
# - [Integer] startup_type a code corresponding to a start type for
|
462
|
+
# windows service, see the "Service start type codes" section in the
|
463
|
+
# Puppet::Util::Windows::Service file for the list of available codes
|
464
|
+
# - [String] logon_account the account to be used by the service for logon
|
465
|
+
# - [String] logon_password the provided logon_account's password to be used by the service for logon
|
466
|
+
# - [Bool] delayed whether the service should be started with a delay
|
467
|
+
def set_startup_configuration(service_name, options: {})
|
468
|
+
options[:startup_type] = SERVICE_START_TYPES.key(options[:startup_type]) || SERVICE_NO_CHANGE
|
469
|
+
options[:logon_account] = wide_string(options[:logon_account]) || FFI::Pointer::NULL
|
470
|
+
options[:logon_password] = wide_string(options[:logon_password]) || FFI::Pointer::NULL
|
471
|
+
|
455
472
|
open_service(service_name, SC_MANAGER_CONNECT, SERVICE_CHANGE_CONFIG) do |service|
|
456
|
-
# Currently the only thing puppet's API can really manage
|
457
|
-
# in this list is dwStartType (the third param). Thus no
|
458
|
-
# generic function was written to make use of all the params
|
459
|
-
# since the API as-is couldn't use them anyway
|
460
473
|
success = ChangeServiceConfigW(
|
461
474
|
service,
|
462
|
-
SERVICE_NO_CHANGE,
|
463
|
-
|
464
|
-
SERVICE_NO_CHANGE,
|
465
|
-
FFI::Pointer::NULL,
|
466
|
-
FFI::Pointer::NULL,
|
467
|
-
FFI::Pointer::NULL,
|
468
|
-
FFI::Pointer::NULL,
|
469
|
-
|
470
|
-
|
471
|
-
FFI::Pointer::NULL
|
475
|
+
SERVICE_NO_CHANGE, # dwServiceType
|
476
|
+
options[:startup_type], # dwStartType
|
477
|
+
SERVICE_NO_CHANGE, # dwErrorControl
|
478
|
+
FFI::Pointer::NULL, # lpBinaryPathName
|
479
|
+
FFI::Pointer::NULL, # lpLoadOrderGroup
|
480
|
+
FFI::Pointer::NULL, # lpdwTagId
|
481
|
+
FFI::Pointer::NULL, # lpDependencies
|
482
|
+
options[:logon_account], # lpServiceStartName
|
483
|
+
options[:logon_password], # lpPassword
|
484
|
+
FFI::Pointer::NULL # lpDisplayName
|
472
485
|
)
|
473
486
|
if success == FFI::WIN32_FALSE
|
474
487
|
raise Puppet::Util::Windows::Error.new(_("Failed to update service configuration"))
|
475
488
|
end
|
476
489
|
end
|
477
|
-
|
490
|
+
|
491
|
+
if options[:startup_type]
|
492
|
+
options[:delayed] ||= false
|
493
|
+
set_startup_mode_delayed(service_name, options[:delayed])
|
494
|
+
end
|
478
495
|
end
|
479
|
-
module_function :
|
496
|
+
module_function :set_startup_configuration
|
480
497
|
|
481
498
|
# enumerate over all services in all states and return them as a hash
|
482
499
|
#
|
@@ -64,7 +64,7 @@ module Puppet::Util::Windows
|
|
64
64
|
# 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
|
65
65
|
# SID object. Returns nil if the account doesn't exist.
|
66
66
|
# This method returns a SID::Principal with the account, domain, SID, etc
|
67
|
-
def name_to_principal(name)
|
67
|
+
def name_to_principal(name, allow_unresolved = false)
|
68
68
|
# Apparently, we accept a symbol..
|
69
69
|
name = name.to_s.strip if name
|
70
70
|
|
@@ -79,7 +79,7 @@ module Puppet::Util::Windows
|
|
79
79
|
|
80
80
|
raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
|
81
81
|
rescue
|
82
|
-
nil
|
82
|
+
(allow_unresolved && raw_sid_bytes) ? unresolved_principal(name, raw_sid_bytes) : nil
|
83
83
|
end
|
84
84
|
module_function :name_to_principal
|
85
85
|
class << self; alias name_to_sid_object name_to_principal; end
|
@@ -236,7 +236,7 @@ module Puppet::Util::Windows
|
|
236
236
|
# @api private
|
237
237
|
def self.unresolved_principal(name, sid_bytes)
|
238
238
|
Principal.new(
|
239
|
-
name
|
239
|
+
name, # account
|
240
240
|
sid_bytes, # sid_bytes
|
241
241
|
name, # sid string
|
242
242
|
nil, #domain
|
@@ -16,6 +16,22 @@ module Puppet::Util::Windows::User
|
|
16
16
|
end
|
17
17
|
module_function :admin?
|
18
18
|
|
19
|
+
# The name of the account in all locales is `LocalSystem`. `.\LocalSystem` or `ComputerName\LocalSystem' can also be used.
|
20
|
+
# This account is not recognized by the security subsystem, so you cannot specify its name in a call to the `LookupAccountName` function.
|
21
|
+
# https://docs.microsoft.com/en-us/windows/win32/services/localsystem-account
|
22
|
+
def localsystem?(name)
|
23
|
+
["LocalSystem", ".\\LocalSystem", "#{Puppet::Util::Windows::ADSI.computer_name}\\LocalSystem"].any?{ |s| s.casecmp(name) == 0 }
|
24
|
+
end
|
25
|
+
module_function :localsystem?
|
26
|
+
|
27
|
+
# Check if a given user is one of the default system accounts
|
28
|
+
# These accounts do not have a password and all checks done through logon attempt will fail
|
29
|
+
# https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts#default-local-system-accounts
|
30
|
+
def default_system_account?(name)
|
31
|
+
user_sid = Puppet::Util::Windows::SID.name_to_sid(name)
|
32
|
+
[Puppet::Util::Windows::SID::LocalSystem, Puppet::Util::Windows::SID::NtLocal, Puppet::Util::Windows::SID::NtNetwork].include?(user_sid)
|
33
|
+
end
|
34
|
+
module_function :default_system_account?
|
19
35
|
|
20
36
|
# https://msdn.microsoft.com/en-us/library/windows/desktop/ee207397(v=vs.85).aspx
|
21
37
|
SECURITY_MAX_SID_SIZE = 68
|
@@ -57,9 +73,9 @@ module Puppet::Util::Windows::User
|
|
57
73
|
end
|
58
74
|
module_function :check_token_membership
|
59
75
|
|
60
|
-
def password_is?(name, password)
|
76
|
+
def password_is?(name, password, domain = '.')
|
61
77
|
begin
|
62
|
-
logon_user(name, password) { |token| }
|
78
|
+
logon_user(name, password, domain) { |token| }
|
63
79
|
rescue Puppet::Util::Windows::Error => detail
|
64
80
|
|
65
81
|
authenticated_error_codes = Set[
|
@@ -74,7 +90,7 @@ module Puppet::Util::Windows::User
|
|
74
90
|
end
|
75
91
|
module_function :password_is?
|
76
92
|
|
77
|
-
def logon_user(name, password, &block)
|
93
|
+
def logon_user(name, password, domain = '.', &block)
|
78
94
|
fLOGON32_PROVIDER_DEFAULT = 0
|
79
95
|
fLOGON32_LOGON_INTERACTIVE = 2
|
80
96
|
fLOGON32_LOGON_NETWORK = 3
|
@@ -83,8 +99,8 @@ module Puppet::Util::Windows::User
|
|
83
99
|
begin
|
84
100
|
FFI::MemoryPointer.new(:handle, 1) do |token_pointer|
|
85
101
|
#try logon using network else try logon using interactive mode
|
86
|
-
if logon_user_by_logon_type(name, password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
|
87
|
-
if logon_user_by_logon_type(name, password, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
|
102
|
+
if logon_user_by_logon_type(name, domain, password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
|
103
|
+
if logon_user_by_logon_type(name, domain, password, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
|
88
104
|
raise Puppet::Util::Windows::Error.new(_("Failed to logon user %{name}") % {name: name.inspect})
|
89
105
|
end
|
90
106
|
end
|
@@ -98,11 +114,10 @@ module Puppet::Util::Windows::User
|
|
98
114
|
# token has been closed by this point
|
99
115
|
true
|
100
116
|
end
|
101
|
-
|
102
117
|
module_function :logon_user
|
103
118
|
|
104
|
-
def self.logon_user_by_logon_type(name, password, logon_type, logon_provider, token)
|
105
|
-
LogonUserW(wide_string(name), wide_string(
|
119
|
+
def self.logon_user_by_logon_type(name, domain, password, logon_type, logon_provider, token)
|
120
|
+
LogonUserW(wide_string(name), wide_string(domain), password.nil? ? FFI::Pointer::NULL : wide_string(password), logon_type, logon_provider, token)
|
106
121
|
end
|
107
122
|
|
108
123
|
private_class_method :logon_user_by_logon_type
|