puppet 6.16.0-universal-darwin → 7.0.0-universal-darwin

data/lib/puppet/util/windows/principal.rb

@@ -41,6 +41,7 @@ module Puppet::Util::Windows::SID
     # = 8 + max sub identifiers (15) * 4
     MAXIMUM_SID_BYTE_LENGTH = 68
 
+    ERROR_INVALID_PARAMETER   = 87
     ERROR_INSUFFICIENT_BUFFER = 122
 
     def self.lookup_account_name(system_name = nil, account_name)
@@ -48,9 +49,7 @@ module Puppet::Util::Windows::SID
       begin
         if system_name
           system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
-          # uchar here is synonymous with byte
-          system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
-          system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
+          system_name_ptr = FFI::MemoryPointer.from_wide_string(system_name_wide)
         end
 
         FFI::MemoryPointer.from_string_to_wide_string(account_name) do |account_name_ptr|
@@ -101,9 +100,7 @@ module Puppet::Util::Windows::SID
       begin
         if system_name
           system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
-          # uchar here is synonymous with byte
-          system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
-          system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
+          system_name_ptr = FFI::MemoryPointer.from_wide_string(system_name_wide)
         end
 
         FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
@@ -112,6 +109,11 @@ module Puppet::Util::Windows::SID
               FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|
 
                 sid_ptr.write_array_of_uchar(sid_bytes)
+
+                if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
+                  raise Puppet::Util::Windows::Error.new(_('Byte array for lookup_account_sid is invalid: %{sid_bytes}') % { sid_bytes: sid_bytes }, ERROR_INVALID_PARAMETER)
+                end
+
                 success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr,
                   FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
                 last_error = FFI.errno

data/lib/puppet/util/windows/process.rb

@@ -1,10 +1,10 @@
-require 'puppet/util/windows'
-require 'win32/process'
-require 'ffi'
+require 'puppet/util/windows/monkey_patches/process'
+require 'puppet/ffi/windows'
 
 module Puppet::Util::Windows::Process
+  extend Puppet::FFI::Windows::Functions
+  include Puppet::FFI::Windows::Structs
   extend Puppet::Util::Windows::String
-  extend FFI::Library
 
   WAIT_TIMEOUT = 0x102
   WAIT_INTERVAL = 200
@@ -361,226 +361,4 @@ module Puppet::Util::Windows::Process
   end
   module_function :supports_elevated_security?
 
-  ABOVE_NORMAL_PRIORITY_CLASS = 0x0008000
-  BELOW_NORMAL_PRIORITY_CLASS = 0x0004000
-  HIGH_PRIORITY_CLASS         = 0x0000080
-  IDLE_PRIORITY_CLASS         = 0x0000040
-  NORMAL_PRIORITY_CLASS       = 0x0000020
-  REALTIME_PRIORITY_CLASS     = 0x0000010
-
-  ffi_convention :stdcall
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms687032(v=vs.85).aspx
-  # DWORD WINAPI WaitForSingleObject(
-  #   _In_  HANDLE hHandle,
-  #   _In_  DWORD dwMilliseconds
-  # );
-  ffi_lib :kernel32
-  attach_function_private :WaitForSingleObject,
-    [:handle, :dword], :dword
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms683189(v=vs.85).aspx
-  # BOOL WINAPI GetExitCodeProcess(
-  #   _In_   HANDLE hProcess,
-  #   _Out_  LPDWORD lpExitCode
-  # );
-  ffi_lib :kernel32
-  attach_function_private :GetExitCodeProcess,
-    [:handle, :lpdword], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms683179(v=vs.85).aspx
-  # HANDLE WINAPI GetCurrentProcess(void);
-  ffi_lib :kernel32
-  attach_function_private :GetCurrentProcess, [], :handle
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms683187(v=vs.85).aspx
-  # LPTCH GetEnvironmentStrings(void);
-  ffi_lib :kernel32
-  attach_function_private :GetEnvironmentStringsW, [], :pointer
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms683151(v=vs.85).aspx
-  # BOOL FreeEnvironmentStrings(
-  #   _In_ LPTCH lpszEnvironmentBlock
-  # );
-  ffi_lib :kernel32
-  attach_function_private :FreeEnvironmentStringsW,
-    [:pointer], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms686206(v=vs.85).aspx
-  # BOOL WINAPI SetEnvironmentVariableW(
-  #     _In_     LPCTSTR lpName,
-  #     _In_opt_ LPCTSTR lpValue
-  #   );
-  ffi_lib :kernel32
-  attach_function_private :SetEnvironmentVariableW,
-    [:lpcwstr, :lpcwstr], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx
-  # HANDLE WINAPI OpenProcess(
-  #   _In_   DWORD DesiredAccess,
-  #   _In_   BOOL InheritHandle,
-  #   _In_   DWORD ProcessId
-  # );
-  ffi_lib :kernel32
-  attach_function_private :OpenProcess,
-    [:dword, :win32_bool, :dword], :handle
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295(v=vs.85).aspx
-  # BOOL WINAPI OpenProcessToken(
-  #   _In_   HANDLE ProcessHandle,
-  #   _In_   DWORD DesiredAccess,
-  #   _Out_  PHANDLE TokenHandle
-  # );
-  ffi_lib :advapi32
-  attach_function_private :OpenProcessToken,
-    [:handle, :dword, :phandle], :win32_bool
-
-  # https://docs.microsoft.com/en-us/windows/desktop/api/winbase/nf-winbase-queryfullprocessimagenamew
-  # BOOL WINAPI QueryFullProcessImageName(
-  #   _In_   HANDLE hProcess,
-  #   _In_   DWORD dwFlags,
-  #   _Out_  LPWSTR lpExeName,
-  #   _In_   PDWORD lpdwSize,
-  # );
-  ffi_lib :kernel32
-  attach_function_private :QueryFullProcessImageNameW,
-    [:handle, :dword, :lpwstr, :pdword], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379261(v=vs.85).aspx
-  # typedef struct _LUID {
-  #   DWORD LowPart;
-  #   LONG  HighPart;
-  # } LUID, *PLUID;
-  class LUID < FFI::Struct
-    layout :LowPart, :dword,
-           :HighPart, :win32_long
-  end
-
-  # https://msdn.microsoft.com/en-us/library/Windows/desktop/aa379180(v=vs.85).aspx
-  # BOOL WINAPI LookupPrivilegeValue(
-  #   _In_opt_  LPCTSTR lpSystemName,
-  #   _In_      LPCTSTR lpName,
-  #   _Out_     PLUID lpLuid
-  # );
-  ffi_lib :advapi32
-  attach_function_private :LookupPrivilegeValueW,
-    [:lpcwstr, :lpcwstr, :pointer], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379626(v=vs.85).aspx
-  TOKEN_INFORMATION_CLASS = enum(
-      :TokenUser, 1,
-      :TokenGroups,
-      :TokenPrivileges,
-      :TokenOwner,
-      :TokenPrimaryGroup,
-      :TokenDefaultDacl,
-      :TokenSource,
-      :TokenType,
-      :TokenImpersonationLevel,
-      :TokenStatistics,
-      :TokenRestrictedSids,
-      :TokenSessionId,
-      :TokenGroupsAndPrivileges,
-      :TokenSessionReference,
-      :TokenSandBoxInert,
-      :TokenAuditPolicy,
-      :TokenOrigin,
-      :TokenElevationType,
-      :TokenLinkedToken,
-      :TokenElevation,
-      :TokenHasRestrictions,
-      :TokenAccessInformation,
-      :TokenVirtualizationAllowed,
-      :TokenVirtualizationEnabled,
-      :TokenIntegrityLevel,
-      :TokenUIAccess,
-      :TokenMandatoryPolicy,
-      :TokenLogonSid,
-      :TokenIsAppContainer,
-      :TokenCapabilities,
-      :TokenAppContainerSid,
-      :TokenAppContainerNumber,
-      :TokenUserClaimAttributes,
-      :TokenDeviceClaimAttributes,
-      :TokenRestrictedUserClaimAttributes,
-      :TokenRestrictedDeviceClaimAttributes,
-      :TokenDeviceGroups,
-      :TokenRestrictedDeviceGroups,
-      :TokenSecurityAttributes,
-      :TokenIsRestricted,
-      :MaxTokenInfoClass
-  )
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379263(v=vs.85).aspx
-  # typedef struct _LUID_AND_ATTRIBUTES {
-  #   LUID  Luid;
-  #   DWORD Attributes;
-  # } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
-  class LUID_AND_ATTRIBUTES < FFI::Struct
-    layout :Luid, LUID,
-           :Attributes, :dword
-  end
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx
-  # typedef struct _TOKEN_PRIVILEGES {
-  #   DWORD               PrivilegeCount;
-  #   LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
-  # } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
-  class TOKEN_PRIVILEGES < FFI::Struct
-    layout :PrivilegeCount, :dword,
-           :Privileges, [LUID_AND_ATTRIBUTES, 1]    # placeholder for offset
-  end
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/bb530717(v=vs.85).aspx
-  # typedef struct _TOKEN_ELEVATION {
-  #   DWORD TokenIsElevated;
-  # } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
-  class TOKEN_ELEVATION < FFI::Struct
-    layout :TokenIsElevated, :dword
-  end
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446671(v=vs.85).aspx
-  # BOOL WINAPI GetTokenInformation(
-  #   _In_       HANDLE TokenHandle,
-  #   _In_       TOKEN_INFORMATION_CLASS TokenInformationClass,
-  #   _Out_opt_  LPVOID TokenInformation,
-  #   _In_       DWORD TokenInformationLength,
-  #   _Out_      PDWORD ReturnLength
-  # );
-  ffi_lib :advapi32
-  attach_function_private :GetTokenInformation,
-    [:handle, TOKEN_INFORMATION_CLASS, :lpvoid, :dword, :pdword ], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724834%28v=vs.85%29.aspx
-  # typedef struct _OSVERSIONINFO {
-  #   DWORD dwOSVersionInfoSize;
-  #   DWORD dwMajorVersion;
-  #   DWORD dwMinorVersion;
-  #   DWORD dwBuildNumber;
-  #   DWORD dwPlatformId;
-  #   TCHAR szCSDVersion[128];
-  # } OSVERSIONINFO;
-  class OSVERSIONINFO < FFI::Struct
-    layout(
-      :dwOSVersionInfoSize, :dword,
-      :dwMajorVersion, :dword,
-      :dwMinorVersion, :dword,
-      :dwBuildNumber, :dword,
-      :dwPlatformId, :dword,
-      :szCSDVersion, [:wchar, 128]
-    )
-  end
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724451(v=vs.85).aspx
-  # BOOL WINAPI GetVersionEx(
-  #   _Inout_  LPOSVERSIONINFO lpVersionInfo
-  # );
-  ffi_lib :kernel32
-  attach_function_private :GetVersionExW,
-    [:pointer], :win32_bool
-
-  # https://msdn.microsoft.com/en-us/library/windows/desktop/dd318123(v=vs.85).aspx
-  # LANGID GetSystemDefaultUILanguage(void);
-  ffi_lib :kernel32
-  attach_function_private :GetSystemDefaultUILanguage, [], :word
 end

data/lib/puppet/util/windows/registry.rb

@@ -110,13 +110,16 @@ module Puppet::Util::Windows
 
     private
 
-    def reg_enum_key(key, index, max_key_length = Win32::Registry::Constants::MAX_KEY_LENGTH)
+    # max number of wide characters including NULL terminator
+    MAX_KEY_CHAR_LENGTH = 255 + 1
+
+    def reg_enum_key(key, index, max_key_char_length = MAX_KEY_CHAR_LENGTH)
       subkey, filetime = nil, nil
 
       FFI::MemoryPointer.new(:dword) do |subkey_length_ptr|
         FFI::MemoryPointer.new(FFI::WIN32::FILETIME.size) do |filetime_ptr|
-          FFI::MemoryPointer.new(:wchar, max_key_length) do |subkey_ptr|
-            subkey_length_ptr.write_dword(max_key_length)
+          FFI::MemoryPointer.new(:wchar, max_key_char_length) do |subkey_ptr|
+            subkey_length_ptr.write_dword(max_key_char_length)
 
             # RegEnumKeyEx cannot be called twice to properly size the buffer
             result = RegEnumKeyExW(key.hkey, index,
@@ -141,7 +144,10 @@ module Puppet::Util::Windows
       [subkey, filetime]
     end
 
-    def reg_enum_value(key, index, max_value_length = Win32::Registry::Constants::MAX_VALUE_LENGTH)
+    # max number of wide characters including NULL terminator
+    MAX_VALUE_CHAR_LENGTH = 16383 + 1
+
+    def reg_enum_value(key, index, max_value_length = MAX_VALUE_CHAR_LENGTH)
       subkey, type, data = nil, nil, nil
 
       FFI::MemoryPointer.new(:dword) do |subkey_length_ptr|
@@ -234,7 +240,7 @@ module Puppet::Util::Windows
         begin
           case type
             when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
-              result = [ type, sanitize(data_ptr.read_wide_string(string_length)) ]
+              result = [ type, data_ptr.read_wide_string(string_length, Encoding::UTF_8, true) ]
             when Win32::Registry::REG_MULTI_SZ
               result = [ type, data_ptr.read_wide_string(string_length).split(/\0/) ]
             when Win32::Registry::REG_BINARY
@@ -314,12 +320,6 @@ module Puppet::Util::Windows
       result
     end
 
-    def sanitize(value)
-      # Replace null bytes with a space
-      value.tr!("\x00", ' ')
-      value
-    end
-
     ffi_convention :stdcall
 
     # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724862(v=vs.85).aspx

data/lib/puppet/util/windows/security.rb

@@ -340,10 +340,10 @@ module Puppet::Util::Windows::Security
           Puppet.warning _("Setting control rights for %{path} owner SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
         elsif managing_owner && isownergroup
           #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
-          Puppet.debug _("%{path} owner and group both set to user SYSTEM, but group is not managed directly: SYSTEM user rights will be set to FullControl by group") % { path: path }
+          Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but group is not managed directly: SYSTEM user rights will be set to FullControl by group") % { path: path } }
         else
           #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
-          Puppet.debug _("An attempt to set mode %{mode} on item %{path} would result in the owner, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path }
+          Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the owner, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
           owner_allow = FILE::FILE_ALL_ACCESS
         end
       end
@@ -356,10 +356,10 @@ module Puppet::Util::Windows::Security
           Puppet.warning _("Setting control rights for %{path} group SYSTEM to less than Full Control rights. Setting SYSTEM rights to less than Full Control may have unintented consequences for operations on this file") % { path: path }
         elsif managing_group && isownergroup
           #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
-          Puppet.debug _("%{path} owner and group both set to user SYSTEM, but owner is not managed directly: SYSTEM user rights will be set to FullControl by owner") % { path: path }
+          Puppet.debug { _("%{path} owner and group both set to user SYSTEM, but owner is not managed directly: SYSTEM user rights will be set to FullControl by owner") % { path: path } }
         else
           #TRANSLATORS 'SYSTEM' is a Windows name and should not be translated
-          Puppet.debug _("An attempt to set mode %{mode} on item %{path} would result in the group, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path }
+          Puppet.debug { _("An attempt to set mode %{mode} on item %{path} would result in the group, SYSTEM, to have less than Full Control rights. This attempt has been corrected to Full Control") % { mode: mode.to_s(8), path: path } }
           group_allow = FILE::FILE_ALL_ACCESS
         end
       end

data/lib/puppet/util/windows/service.rb

@@ -1,6 +1,5 @@
 # coding: utf-8
-require 'puppet/util/windows'
-require 'ffi'
+require 'puppet/ffi/windows'
 
 module Puppet::Util::Windows
   # This module is designed to provide an API between the windows system and puppet for
@@ -8,315 +7,22 @@ module Puppet::Util::Windows
   #
   # for an overview of the service state transitions see: https://docs.microsoft.com/en-us/windows/desktop/Services/service-status-transitions
   module Service
-    extend FFI::Library
     extend Puppet::Util::Windows::String
 
-    FILE = Puppet::Util::Windows::File
+    include Puppet::FFI::Windows::Constants
+    extend Puppet::FFI::Windows::Constants
+
+    include Puppet::FFI::Windows::Structs
+    extend Puppet::FFI::Windows::Structs
+
+    include Puppet::FFI::Windows::Functions
+    extend Puppet::FFI::Windows::Functions
 
     # integer value of the floor for timeouts when waiting for service pending states.
     # puppet will wait the length of dwWaitHint if it is longer than this value, but
     # no shorter
     DEFAULT_TIMEOUT = 30
 
-    # Service error codes
-    # https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1000-1299-
-    ERROR_SERVICE_DOES_NOT_EXIST = 0x00000424
-
-    # Service control codes
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-controlserviceexw
-    SERVICE_CONTROL_STOP                  = 0x00000001
-    SERVICE_CONTROL_PAUSE                 = 0x00000002
-    SERVICE_CONTROL_CONTINUE              = 0x00000003
-    SERVICE_CONTROL_INTERROGATE           = 0x00000004
-    SERVICE_CONTROL_SHUTDOWN              = 0x00000005
-    SERVICE_CONTROL_PARAMCHANGE           = 0x00000006
-    SERVICE_CONTROL_NETBINDADD            = 0x00000007
-    SERVICE_CONTROL_NETBINDREMOVE         = 0x00000008
-    SERVICE_CONTROL_NETBINDENABLE         = 0x00000009
-    SERVICE_CONTROL_NETBINDDISABLE        = 0x0000000A
-    SERVICE_CONTROL_DEVICEEVENT           = 0x0000000B
-    SERVICE_CONTROL_HARDWAREPROFILECHANGE = 0x0000000C
-    SERVICE_CONTROL_POWEREVENT            = 0x0000000D
-    SERVICE_CONTROL_SESSIONCHANGE         = 0x0000000E
-    SERVICE_CONTROL_PRESHUTDOWN           = 0x0000000F
-    SERVICE_CONTROL_TIMECHANGE            = 0x00000010
-    SERVICE_CONTROL_TRIGGEREVENT          = 0x00000020
-    SERVICE_CONTROL_SIGNALS               = {
-      SERVICE_CONTROL_STOP                  => :SERVICE_CONTROL_STOP,
-      SERVICE_CONTROL_PAUSE                 => :SERVICE_CONTROL_PAUSE,
-      SERVICE_CONTROL_CONTINUE              => :SERVICE_CONTROL_CONTINUE,
-      SERVICE_CONTROL_INTERROGATE           => :SERVICE_CONTROL_INTERROGATE,
-      SERVICE_CONTROL_SHUTDOWN              => :SERVICE_CONTROL_SHUTDOWN,
-      SERVICE_CONTROL_PARAMCHANGE           => :SERVICE_CONTROL_PARAMCHANGE,
-      SERVICE_CONTROL_NETBINDADD            => :SERVICE_CONTROL_NETBINDADD,
-      SERVICE_CONTROL_NETBINDREMOVE         => :SERVICE_CONTROL_NETBINDREMOVE,
-      SERVICE_CONTROL_NETBINDENABLE         => :SERVICE_CONTROL_NETBINDENABLE,
-      SERVICE_CONTROL_NETBINDDISABLE        => :SERVICE_CONTROL_NETBINDDISABLE,
-      SERVICE_CONTROL_DEVICEEVENT           => :SERVICE_CONTROL_DEVICEEVENT,
-      SERVICE_CONTROL_HARDWAREPROFILECHANGE => :SERVICE_CONTROL_HARDWAREPROFILECHANGE,
-      SERVICE_CONTROL_POWEREVENT            => :SERVICE_CONTROL_POWEREVENT,
-      SERVICE_CONTROL_SESSIONCHANGE         => :SERVICE_CONTROL_SESSIONCHANGE,
-      SERVICE_CONTROL_PRESHUTDOWN           => :SERVICE_CONTROL_PRESHUTDOWN,
-      SERVICE_CONTROL_TIMECHANGE            => :SERVICE_CONTROL_TIMECHANGE,
-      SERVICE_CONTROL_TRIGGEREVENT          => :SERVICE_CONTROL_TRIGGEREVENT
-    }
-
-
-    # Service start type codes
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-changeserviceconfigw
-    SERVICE_AUTO_START = 0x00000002
-    SERVICE_BOOT_START = 0x00000000
-    SERVICE_DEMAND_START = 0x00000003
-    SERVICE_DISABLED = 0x00000004
-    SERVICE_SYSTEM_START = 0x00000001
-    SERVICE_START_TYPES = {
-      SERVICE_AUTO_START => :SERVICE_AUTO_START,
-      SERVICE_BOOT_START => :SERVICE_BOOT_START,
-      SERVICE_DEMAND_START => :SERVICE_DEMAND_START,
-      SERVICE_DISABLED => :SERVICE_DISABLED,
-      SERVICE_SYSTEM_START => :SERVICE_SYSTEM_START,
-    }
-
-    # Service type codes
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-changeserviceconfigw
-    SERVICE_FILE_SYSTEM_DRIVER  = 0x00000002
-    SERVICE_KERNEL_DRIVER       = 0x00000001
-    SERVICE_WIN32_OWN_PROCESS   = 0x00000010
-    SERVICE_WIN32_SHARE_PROCESS = 0x00000020
-    SERVICE_USER_OWN_PROCESS    = 0x00000050
-    SERVICE_USER_SHARE_PROCESS  = 0x00000060
-    # Available only if service is also SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS
-    SERVICE_INTERACTIVE_PROCESS = 0x00000100
-    ALL_SERVICE_TYPES =
-      SERVICE_FILE_SYSTEM_DRIVER |
-      SERVICE_KERNEL_DRIVER |
-      SERVICE_WIN32_OWN_PROCESS |
-      SERVICE_WIN32_SHARE_PROCESS
-
-    # Current state codes
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_service_status_process
-    SERVICE_CONTINUE_PENDING = 0x00000005
-    SERVICE_PAUSE_PENDING    = 0x00000006
-    SERVICE_PAUSED           = 0x00000007
-    SERVICE_RUNNING          = 0x00000004
-    SERVICE_START_PENDING    = 0x00000002
-    SERVICE_STOP_PENDING     = 0x00000003
-    SERVICE_STOPPED          = 0x00000001
-    UNSAFE_PENDING_STATES    = [SERVICE_START_PENDING, SERVICE_STOP_PENDING]
-    FINAL_STATES             = {
-      SERVICE_CONTINUE_PENDING => SERVICE_RUNNING,
-      SERVICE_PAUSE_PENDING    => SERVICE_PAUSED,
-      SERVICE_START_PENDING    => SERVICE_RUNNING,
-      SERVICE_STOP_PENDING     => SERVICE_STOPPED
-    }
-    SERVICE_STATES           = {
-      SERVICE_CONTINUE_PENDING => :SERVICE_CONTINUE_PENDING,
-      SERVICE_PAUSE_PENDING => :SERVICE_PAUSE_PENDING,
-      SERVICE_PAUSED => :SERVICE_PAUSED,
-      SERVICE_RUNNING => :SERVICE_RUNNING,
-      SERVICE_START_PENDING => :SERVICE_START_PENDING,
-      SERVICE_STOP_PENDING => :SERVICE_STOP_PENDING,
-      SERVICE_STOPPED => :SERVICE_STOPPED,
-    }
-
-    # Service accepts control codes
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_service_status_process
-    SERVICE_ACCEPT_STOP                  = 0x00000001
-    SERVICE_ACCEPT_PAUSE_CONTINUE        = 0x00000002
-    SERVICE_ACCEPT_SHUTDOWN              = 0x00000004
-    SERVICE_ACCEPT_PARAMCHANGE           = 0x00000008
-    SERVICE_ACCEPT_NETBINDCHANGE         = 0x00000010
-    SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 0x00000020
-    SERVICE_ACCEPT_POWEREVENT            = 0x00000040
-    SERVICE_ACCEPT_SESSIONCHANGE         = 0x00000080
-    SERVICE_ACCEPT_PRESHUTDOWN           = 0x00000100
-    SERVICE_ACCEPT_TIMECHANGE            = 0x00000200
-    SERVICE_ACCEPT_TRIGGEREVENT          = 0x00000400
-    SERVICE_ACCEPT_USER_LOGOFF           = 0x00000800
-
-    # Service manager access codes
-    # https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights
-    SC_MANAGER_CREATE_SERVICE     = 0x00000002
-    SC_MANAGER_CONNECT            = 0x00000001
-    SC_MANAGER_ENUMERATE_SERVICE  = 0x00000004
-    SC_MANAGER_LOCK               = 0x00000008
-    SC_MANAGER_MODIFY_BOOT_CONFIG = 0x00000020
-    SC_MANAGER_QUERY_LOCK_STATUS  = 0x00000010
-    SC_MANAGER_ALL_ACCESS         =
-      FILE::STANDARD_RIGHTS_REQUIRED |
-      SC_MANAGER_CREATE_SERVICE      |
-      SC_MANAGER_CONNECT             |
-      SC_MANAGER_ENUMERATE_SERVICE   |
-      SC_MANAGER_LOCK                |
-      SC_MANAGER_MODIFY_BOOT_CONFIG  |
-      SC_MANAGER_QUERY_LOCK_STATUS
-
-
-    # Service access codes
-    # https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights
-    SERVICE_CHANGE_CONFIG        = 0x0002
-    SERVICE_ENUMERATE_DEPENDENTS = 0x0008
-    SERVICE_INTERROGATE          = 0x0080
-    SERVICE_PAUSE_CONTINUE       = 0x0040
-    SERVICE_QUERY_STATUS         = 0x0004
-    SERVICE_QUERY_CONFIG         = 0x0001
-    SERVICE_START                = 0x0010
-    SERVICE_STOP                 = 0x0020
-    SERVICE_USER_DEFINED_CONTROL = 0x0100
-    SERVICE_ALL_ACCESS           =
-      FILE::STANDARD_RIGHTS_REQUIRED |
-      SERVICE_CHANGE_CONFIG          |
-      SERVICE_ENUMERATE_DEPENDENTS   |
-      SERVICE_INTERROGATE            |
-      SERVICE_PAUSE_CONTINUE         |
-      SERVICE_QUERY_STATUS           |
-      SERVICE_QUERY_CONFIG           |
-      SERVICE_START                  |
-      SERVICE_STOP                   |
-      SERVICE_USER_DEFINED_CONTROL
-
-    # Service config codes
-    # From the windows 10 SDK:
-    # //
-    # // Value to indicate no change to an optional parameter
-    # //
-    # #define SERVICE_NO_CHANGE              0xffffffff
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
-    SERVICE_CONFIG_DESCRIPTION              = 0x00000001
-    SERVICE_CONFIG_FAILURE_ACTIONS          = 0x00000002
-    SERVICE_CONFIG_DELAYED_AUTO_START_INFO  = 0x00000003
-    SERVICE_CONFIG_FAILURE_ACTIONS_FLAG     = 0x00000004
-    SERVICE_CONFIG_SERVICE_SID_INFO         = 0x00000005
-    SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 0x00000006
-    SERVICE_CONFIG_PRESHUTDOWN_INFO         = 0x00000007
-    SERVICE_CONFIG_TRIGGER_INFO             = 0x00000008
-    SERVICE_CONFIG_PREFERRED_NODE           = 0x00000009
-    SERVICE_CONFIG_LAUNCH_PROTECTED         = 0x00000012
-    SERVICE_NO_CHANGE                       = 0xffffffff
-    SERVICE_CONFIG_TYPES = {
-      SERVICE_CONFIG_DESCRIPTION => :SERVICE_CONFIG_DESCRIPTION,
-      SERVICE_CONFIG_FAILURE_ACTIONS => :SERVICE_CONFIG_FAILURE_ACTIONS,
-      SERVICE_CONFIG_DELAYED_AUTO_START_INFO => :SERVICE_CONFIG_DELAYED_AUTO_START_INFO,
-      SERVICE_CONFIG_FAILURE_ACTIONS_FLAG => :SERVICE_CONFIG_FAILURE_ACTIONS_FLAG,
-      SERVICE_CONFIG_SERVICE_SID_INFO => :SERVICE_CONFIG_SERVICE_SID_INFO,
-      SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO => :SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO,
-      SERVICE_CONFIG_PRESHUTDOWN_INFO => :SERVICE_CONFIG_PRESHUTDOWN_INFO,
-      SERVICE_CONFIG_TRIGGER_INFO => :SERVICE_CONFIG_TRIGGER_INFO,
-      SERVICE_CONFIG_PREFERRED_NODE => :SERVICE_CONFIG_PREFERRED_NODE,
-      SERVICE_CONFIG_LAUNCH_PROTECTED => :SERVICE_CONFIG_LAUNCH_PROTECTED,
-    }
-
-    # Service enum codes
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexa
-    SERVICE_ACTIVE = 0x00000001
-    SERVICE_INACTIVE = 0x00000002
-    SERVICE_STATE_ALL =
-      SERVICE_ACTIVE |
-      SERVICE_INACTIVE
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_enum_service_status_processw
-    SERVICENAME_MAX = 256
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_service_status_process
-    # typedef struct _SERVICE_STATUS_PROCESS {
-    #   DWORD dwServiceType;
-    #   DWORD dwCurrentState;
-    #   DWORD dwControlsAccepted;
-    #   DWORD dwWin32ExitCode;
-    #   DWORD dwServiceSpecificExitCode;
-    #   DWORD dwCheckPoint;
-    #   DWORD dwWaitHint;
-    #   DWORD dwProcessId;
-    #   DWORD dwServiceFlags;
-    # } SERVICE_STATUS_PROCESS, *LPSERVICE_STATUS_PROCESS;
-    class SERVICE_STATUS_PROCESS < FFI::Struct
-      layout(
-        :dwServiceType, :dword,
-        :dwCurrentState, :dword,
-        :dwControlsAccepted, :dword,
-        :dwWin32ExitCode, :dword,
-        :dwServiceSpecificExitCode, :dword,
-        :dwCheckPoint, :dword,
-        :dwWaitHint, :dword,
-        :dwProcessId, :dword,
-        :dwServiceFlags, :dword
-      )
-    end
-
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_delayed_auto_start_info
-    # typedef struct _SERVICE_DELAYED_AUTO_START_INFO {
-    #   BOOL fDelayedAutostart;
-    # } SERVICE_DELAYED_AUTO_START_INFO, *LPSERVICE_DELAYED_AUTO_START_INFO;
-    class SERVICE_DELAYED_AUTO_START_INFO < FFI::Struct
-      layout(:fDelayedAutostart, :int)
-      alias aset []=
-      # Intercept the accessor so that we can handle either true/false or 1/0.
-      # Since there is only one member, there’s no need to check the key name.
-      def []=(key, value)
-        [0, false].include?(value) ? aset(key, 0) : aset(key, 1)
-      end
-    end
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_enum_service_status_processw
-    # typedef struct _ENUM_SERVICE_STATUS_PROCESSW {
-    #   LPWSTR                 lpServiceName;
-    #   LPWSTR                 lpDisplayName;
-    #   SERVICE_STATUS_PROCESS ServiceStatusProcess;
-    # } ENUM_SERVICE_STATUS_PROCESSW, *LPENUM_SERVICE_STATUS_PROCESSW;
-    class ENUM_SERVICE_STATUS_PROCESSW < FFI::Struct
-      layout(
-        :lpServiceName, :pointer,
-        :lpDisplayName, :pointer,
-        :ServiceStatusProcess, SERVICE_STATUS_PROCESS
-      )
-    end
-
-    # typedef struct _SERVICE_STATUS {
-    #   DWORD dwServiceType;
-    #   DWORD dwCurrentState;
-    #   DWORD dwControlsAccepted;
-    #   DWORD dwWin32ExitCode;
-    #   DWORD dwServiceSpecificExitCode;
-    #   DWORD dwCheckPoint;
-    #   DWORD dwWaitHint;
-    # } SERVICE_STATUS, *LPSERVICE_STATUS;
-    class SERVICE_STATUS < FFI::Struct
-      layout(
-        :dwServiceType, :dword,
-        :dwCurrentState, :dword,
-        :dwControlsAccepted, :dword,
-        :dwWin32ExitCode, :dword,
-        :dwServiceSpecificExitCode, :dword,
-        :dwCheckPoint, :dword,
-        :dwWaitHint, :dword,
-      )
-    end
-
-    # typedef struct _QUERY_SERVICE_CONFIGW {
-    #   DWORD  dwServiceType;
-    #   DWORD  dwStartType;
-    #   DWORD  dwErrorControl;
-    #   LPWSTR lpBinaryPathName;
-    #   LPWSTR lpLoadOrderGroup;
-    #   DWORD  dwTagId;
-    #   LPWSTR lpDependencies;
-    #   LPWSTR lpServiceStartName;
-    #   LPWSTR lpDisplayName;
-    # } QUERY_SERVICE_CONFIGW, *LPQUERY_SERVICE_CONFIGW;
-    class QUERY_SERVICE_CONFIGW < FFI::Struct
-      layout(
-        :dwServiceType, :dword,
-        :dwStartType, :dword,
-        :dwErrorControl, :dword,
-        :lpBinaryPathName, :pointer,
-        :lpLoadOrderGroup, :pointer,
-        :dwTagId, :dword,
-        :lpDependencies, :pointer,
-        :lpServiceStartName, :pointer,
-        :lpDisplayName, :pointer,
-      )
-    end
-
     # Returns true if the service exists, false otherwise.
     #
     # @param [String] service_name name of the service
@@ -440,43 +146,60 @@ module Puppet::Util::Windows
     end
     module_function :service_start_type
 
-    # Change the startup mode of a windows service
+    # Query the configuration of a service using QueryServiceConfigW
+    # to find its current logon account
     #
-    # @param [String] service_name the name of the service to modify
-    # @param [Integer] startup_type a code corresponding to a start type for
-    #  windows service, see the "Service start type codes" section in the
-    #  Puppet::Util::Windows::Service file for the list of available codes
-    # @param [Bool] delayed whether the service should be started with a delay
-    def set_startup_mode(service_name, startup_type, delayed=false)
-      startup_code = SERVICE_START_TYPES.key(startup_type)
-      if startup_code.nil?
-        raise Puppet::Error.new(_("Unknown start type %{start_type}") % {startup_type: startup_type.to_s})
+    # @return [String] logon_account account currently set for the service's logon
+    #  in the format "DOMAIN\Account" or ".\Account" if it's a local account
+    def logon_account(service_name)
+      open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG) do |service|
+        query_config(service) do |config|
+          return config[:lpServiceStartName].read_arbitrary_wide_string_up_to(Puppet::Util::Windows::ADSI::User::MAX_USERNAME_LENGTH)
+        end
       end
+    end
+    module_function :logon_account
+
+    # Set the startup configuration of a windows service
+    #
+    # @param [String] service_name the name of the service to modify
+    # @param [Hash] options the configuration to be applied. Expected option keys:
+    #   - [Integer] startup_type a code corresponding to a start type for
+    #       windows service, see the "Service start type codes" section in the
+    #       Puppet::Util::Windows::Service file for the list of available codes
+    #   - [String] logon_account the account to be used by the service for logon
+    #   - [String] logon_password the provided logon_account's password to be used by the service for logon
+    #   - [Bool] delayed whether the service should be started with a delay
+    def set_startup_configuration(service_name, options: {})
+      options[:startup_type] = SERVICE_START_TYPES.key(options[:startup_type]) || SERVICE_NO_CHANGE
+      options[:logon_account] = wide_string(options[:logon_account]) || FFI::Pointer::NULL
+      options[:logon_password] = wide_string(options[:logon_password]) || FFI::Pointer::NULL
+
       open_service(service_name, SC_MANAGER_CONNECT, SERVICE_CHANGE_CONFIG) do |service|
-        # Currently the only thing puppet's API can really manage
-        # in this list is dwStartType (the third param). Thus no
-        # generic function was written to make use of all the params
-        # since the API as-is couldn't use them anyway
         success = ChangeServiceConfigW(
           service,
-          SERVICE_NO_CHANGE,  # dwServiceType
-          startup_code,       # dwStartType
-          SERVICE_NO_CHANGE,  # dwErrorControl
-          FFI::Pointer::NULL, # lpBinaryPathName
-          FFI::Pointer::NULL, # lpLoadOrderGroup
-          FFI::Pointer::NULL, # lpdwTagId
-          FFI::Pointer::NULL, # lpDependencies
-          FFI::Pointer::NULL, # lpServiceStartName
-          FFI::Pointer::NULL, # lpPassword
-          FFI::Pointer::NULL  # lpDisplayName
+          SERVICE_NO_CHANGE,        # dwServiceType
+          options[:startup_type],   # dwStartType
+          SERVICE_NO_CHANGE,        # dwErrorControl
+          FFI::Pointer::NULL,       # lpBinaryPathName
+          FFI::Pointer::NULL,       # lpLoadOrderGroup
+          FFI::Pointer::NULL,       # lpdwTagId
+          FFI::Pointer::NULL,       # lpDependencies
+          options[:logon_account],  # lpServiceStartName
+          options[:logon_password], # lpPassword
+          FFI::Pointer::NULL        # lpDisplayName
         )
         if success == FFI::WIN32_FALSE
           raise Puppet::Util::Windows::Error.new(_("Failed to update service configuration"))
         end
       end
-      set_startup_mode_delayed(service_name, delayed)
+
+      if options[:startup_type]
+        options[:delayed] ||= false
+        set_startup_mode_delayed(service_name, options[:delayed])
+      end
     end
-    module_function :set_startup_mode
+    module_function :set_startup_configuration
 
     # enumerate over all services in all states and return them as a hash
     #
@@ -974,162 +697,5 @@ module Puppet::Util::Windows
       end
       private :milliseconds_to_seconds
     end
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-openscmanagerw
-    # SC_HANDLE OpenSCManagerW(
-    #   LPCWSTR lpMachineName,
-    #   LPCWSTR lpDatabaseName,
-    #   DWORD   dwDesiredAccess
-    # );
-    ffi_lib :advapi32
-    attach_function_private :OpenSCManagerW,
-      [:lpcwstr, :lpcwstr, :dword], :handle
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-openservicew
-    # SC_HANDLE OpenServiceW(
-    #   SC_HANDLE hSCManager,
-    #   LPCWSTR   lpServiceName,
-    #   DWORD     dwDesiredAccess
-    # );
-    ffi_lib :advapi32
-    attach_function_private :OpenServiceW,
-      [:handle, :lpcwstr, :dword], :handle
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-closeservicehandle
-    # BOOL CloseServiceHandle(
-    #   SC_HANDLE hSCObject
-    # );
-    ffi_lib :advapi32
-    attach_function_private :CloseServiceHandle,
-      [:handle], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-queryservicestatusex
-    # BOOL QueryServiceStatusEx(
-    #   SC_HANDLE      hService,
-    #   SC_STATUS_TYPE InfoLevel,
-    #   LPBYTE         lpBuffer,
-    #   DWORD          cbBufSize,
-    #   LPDWORD        pcbBytesNeeded
-    # );
-    SC_STATUS_TYPE = enum(
-      :SC_STATUS_PROCESS_INFO, 0,
-    )
-    ffi_lib :advapi32
-    attach_function_private :QueryServiceStatusEx,
-      [:handle, SC_STATUS_TYPE, :lpbyte, :dword, :lpdword], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-queryserviceconfigw
-    # BOOL QueryServiceConfigW(
-    #   SC_HANDLE               hService,
-    #   LPQUERY_SERVICE_CONFIGW lpServiceConfig,
-    #   DWORD                   cbBufSize,
-    #   LPDWORD                 pcbBytesNeeded
-    # );
-    ffi_lib :advapi32
-    attach_function_private :QueryServiceConfigW,
-      [:handle, :lpbyte, :dword, :lpdword], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryserviceconfig2w
-    # BOOL QueryServiceConfig2W(
-    #   SC_HANDLE hService,
-    #   DWORD     dwInfoLevel,
-    #   LPBYTE    lpBuffer,
-    #   DWORD     cbBufSize,
-    #   LPDWORD   pcbBytesNeeded
-    # );
-    ffi_lib :advapi32
-    attach_function_private :QueryServiceConfig2W,
-      [:handle, :dword, :lpbyte, :dword, :lpdword], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-startservicew
-    # BOOL StartServiceW(
-    #   SC_HANDLE hService,
-    #   DWORD     dwNumServiceArgs,
-    #   LPCWSTR   *lpServiceArgVectors
-    # );
-    ffi_lib :advapi32
-    attach_function_private :StartServiceW,
-      [:handle, :dword, :pointer], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-controlservice
-    # BOOL ControlService(
-    #   SC_HANDLE        hService,
-    #   DWORD            dwControl,
-    #   LPSERVICE_STATUS lpServiceStatus
-    # );
-    ffi_lib :advapi32
-    attach_function_private :ControlService,
-      [:handle, :dword, :pointer], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-changeserviceconfigw
-    # BOOL ChangeServiceConfigW(
-    #   SC_HANDLE hService,
-    #   DWORD     dwServiceType,
-    #   DWORD     dwStartType,
-    #   DWORD     dwErrorControl,
-    #   LPCWSTR   lpBinaryPathName,
-    #   LPCWSTR   lpLoadOrderGroup,
-    #   LPDWORD   lpdwTagId,
-    #   LPCWSTR   lpDependencies,
-    #   LPCWSTR   lpServiceStartName,
-    #   LPCWSTR   lpPassword,
-    #   LPCWSTR   lpDisplayName
-    # );
-    ffi_lib :advapi32
-    attach_function_private :ChangeServiceConfigW,
-      [
-        :handle,
-        :dword,
-        :dword,
-        :dword,
-        :lpcwstr,
-        :lpcwstr,
-        :lpdword,
-        :lpcwstr,
-        :lpcwstr,
-        :lpcwstr,
-        :lpcwstr
-      ], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
-    # BOOL ChangeServiceConfig2W(
-    #   SC_HANDLE hService,
-    #   DWORD     dwInfoLevel,
-    #   LPVOID    lpInfo
-    # );
-    ffi_lib :advapi32
-    attach_function_private :ChangeServiceConfig2W,
-      [:handle, :dword, :lpvoid], :win32_bool
-
-    # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexw
-    # BOOL EnumServicesStatusExW(
-    #   SC_HANDLE    hSCManager,
-    #   SC_ENUM_TYPE InfoLevel,
-    #   DWORD        dwServiceType,
-    #   DWORD        dwServiceState,
-    #   LPBYTE       lpServices,
-    #   DWORD        cbBufSize,
-    #   LPDWORD      pcbBytesNeeded,
-    #   LPDWORD      lpServicesReturned,
-    #   LPDWORD      lpResumeHandle,
-    #   LPCWSTR      pszGroupName
-    # );
-    SC_ENUM_TYPE = enum(
-      :SC_ENUM_PROCESS_INFO, 0,
-    )
-    ffi_lib :advapi32
-    attach_function_private :EnumServicesStatusExW,
-      [
-        :handle,
-        SC_ENUM_TYPE,
-        :dword,
-        :dword,
-        :lpbyte,
-        :dword,
-        :lpdword,
-        :lpdword,
-        :lpdword,
-        :lpcwstr
-      ], :win32_bool
   end
 end