puppet 6.17.0-x64-mingw32 → 7.1.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -16
- data/Gemfile +3 -4
- data/Gemfile.lock +32 -30
- data/README.md +2 -3
- data/Rakefile +4 -12
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +2 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/agent.rb +8 -3
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/application_support.rb +7 -0
- data/lib/puppet/configurer.rb +46 -19
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +116 -162
- data/lib/puppet/environments.rb +72 -62
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +56 -16
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +10 -2
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/ffi/posix.rb +10 -0
- data/lib/puppet/ffi/posix/constants.rb +14 -0
- data/lib/puppet/ffi/posix/functions.rb +24 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +3 -3
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +23 -13
- data/lib/puppet/http/client.rb +165 -115
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +10 -23
- data/lib/puppet/http/resolver/server_list.rb +23 -45
- data/lib/puppet/http/resolver/settings.rb +7 -10
- data/lib/puppet/http/resolver/srv.rb +11 -15
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +15 -27
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -70
- data/lib/puppet/http/service/file_server.rb +19 -28
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +16 -24
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +27 -6
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +4 -59
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/http.rb +1 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +1 -102
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +93 -14
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +28 -52
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +34 -0
- data/lib/puppet/provider/package/dpkg.rb +1 -11
- data/lib/puppet/provider/package/gem.rb +27 -5
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +6 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +1 -0
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/aix.rb +3 -3
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +5 -120
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +84 -35
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +11 -6
- data/lib/puppet/transaction.rb +3 -9
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +10 -8
- data/lib/puppet/trusted_external.rb +2 -2
- data/lib/puppet/type.rb +4 -79
- data/lib/puppet/type/file.rb +7 -9
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +29 -9
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/type/service.rb +4 -0
- data/lib/puppet/type/user.rb +19 -4
- data/lib/puppet/util.rb +26 -12
- data/lib/puppet/util/autoload.rb +9 -7
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/execution.rb +2 -13
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/posix.rb +53 -4
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +14 -2
- data/lib/puppet/util/windows.rb +3 -7
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +219 -0
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +656 -1351
- data/man/man5/puppet.conf.5 +72 -97
- data/man/man8/puppet-agent.8 +6 -3
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +7 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
- data/spec/integration/application/agent_spec.rb +70 -61
- data/spec/integration/application/apply_spec.rb +150 -150
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +78 -29
- data/spec/integration/application/help_spec.rb +44 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +76 -4
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +32 -3
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +2 -2
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/integration/util/windows/user_spec.rb +7 -0
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +9 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/agent_spec.rb +3 -4
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +74 -8
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +17 -4
- data/spec/unit/application_spec.rb +43 -4
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +14 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +96 -44
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +26 -32
- data/spec/unit/environments_spec.rb +173 -32
- data/spec/unit/face/config_spec.rb +65 -12
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +16 -4
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -9
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +34 -15
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +51 -65
- data/spec/unit/http/service/file_server_spec.rb +5 -6
- data/spec/unit/http/service/puppetserver_spec.rb +112 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +1 -3
- data/spec/unit/http/session_spec.rb +24 -35
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +2 -266
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +51 -22
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/templatewrapper_spec.rb +4 -3
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +76 -21
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dpkg_spec.rb +22 -55
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +31 -0
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +45 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +402 -166
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +3 -6
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +28 -1
- data/spec/unit/provider/user/aix_spec.rb +5 -0
- data/spec/unit/provider/user/pw_spec.rb +2 -0
- data/spec/unit/provider/user/useradd_spec.rb +1 -0
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +0 -56
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +586 -239
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +2 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +1 -2
- data/spec/unit/type/file_spec.rb +12 -6
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/service_spec.rb +35 -2
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +357 -15
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +27 -127
- data/spec/unit/util/storage_spec.rb +3 -1
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +0 -18
- metadata +84 -261
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -295
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/man_spec.rb +0 -31
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,16 +1,15 @@
|
|
1
|
-
|
1
|
+
module Puppet
|
2
|
+
module Util
|
3
|
+
module Windows
|
4
|
+
module String
|
5
|
+
def wide_string(str)
|
6
|
+
# if given a nil string, assume caller wants to pass a nil pointer to win32
|
7
|
+
return nil if str.nil?
|
2
8
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
# for a string to contain a single trailing null byte, followed by garbage
|
9
|
-
# causing buffer overruns.
|
10
|
-
#
|
11
|
-
# See http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=41920&view=revision
|
12
|
-
newstr = str + "\0".encode(str.encoding)
|
13
|
-
newstr.encode!('UTF-16LE')
|
9
|
+
str.encode('UTF-16LE')
|
10
|
+
end
|
11
|
+
module_function :wide_string
|
12
|
+
end
|
13
|
+
end
|
14
14
|
end
|
15
|
-
module_function :wide_string
|
16
15
|
end
|
@@ -145,6 +145,125 @@ module Puppet::Util::Windows::User
|
|
145
145
|
end
|
146
146
|
module_function :load_profile
|
147
147
|
|
148
|
+
def get_rights(name)
|
149
|
+
user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
|
150
|
+
return "" unless user_info
|
151
|
+
|
152
|
+
rights = []
|
153
|
+
rights_pointer = FFI::MemoryPointer.new(:pointer)
|
154
|
+
number_of_rights = FFI::MemoryPointer.new(:ulong)
|
155
|
+
sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
|
156
|
+
|
157
|
+
new_lsa_policy_handle do |policy_handle|
|
158
|
+
result = LsaEnumerateAccountRights(policy_handle.read_pointer, sid_pointer, rights_pointer, number_of_rights)
|
159
|
+
check_lsa_nt_status_and_raise_failures(result, "LsaEnumerateAccountRights")
|
160
|
+
end
|
161
|
+
|
162
|
+
number_of_rights.read_ulong.times do |index|
|
163
|
+
right = LSA_UNICODE_STRING.new(rights_pointer.read_pointer + index * LSA_UNICODE_STRING.size)
|
164
|
+
rights << right[:Buffer].read_arbitrary_wide_string_up_to
|
165
|
+
end
|
166
|
+
|
167
|
+
result = LsaFreeMemory(rights_pointer.read_pointer)
|
168
|
+
check_lsa_nt_status_and_raise_failures(result, "LsaFreeMemory")
|
169
|
+
|
170
|
+
rights.join(",")
|
171
|
+
end
|
172
|
+
module_function :get_rights
|
173
|
+
|
174
|
+
def set_rights(name, rights)
|
175
|
+
rights_pointer = new_lsa_unicode_strings_pointer(rights)
|
176
|
+
user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
|
177
|
+
sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
|
178
|
+
|
179
|
+
new_lsa_policy_handle do |policy_handle|
|
180
|
+
result = LsaAddAccountRights(policy_handle.read_pointer, sid_pointer, rights_pointer, rights.size)
|
181
|
+
check_lsa_nt_status_and_raise_failures(result, "LsaAddAccountRights")
|
182
|
+
end
|
183
|
+
end
|
184
|
+
module_function :set_rights
|
185
|
+
|
186
|
+
def remove_rights(name, rights)
|
187
|
+
rights_pointer = new_lsa_unicode_strings_pointer(rights)
|
188
|
+
user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
|
189
|
+
sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
|
190
|
+
|
191
|
+
new_lsa_policy_handle do |policy_handle|
|
192
|
+
result = LsaRemoveAccountRights(policy_handle.read_pointer, sid_pointer, false, rights_pointer, rights.size)
|
193
|
+
check_lsa_nt_status_and_raise_failures(result, "LsaRemoveAccountRights")
|
194
|
+
end
|
195
|
+
end
|
196
|
+
module_function :remove_rights
|
197
|
+
|
198
|
+
# ACCESS_MASK flags for Policy Objects
|
199
|
+
# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/b61b7268-987a-420b-84f9-6c75f8dc8558
|
200
|
+
POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
|
201
|
+
POLICY_VIEW_AUDIT_INFORMATION = 0x00000002
|
202
|
+
POLICY_GET_PRIVATE_INFORMATION = 0x00000004
|
203
|
+
POLICY_TRUST_ADMIN = 0x00000008
|
204
|
+
POLICY_CREATE_ACCOUNT = 0x00000010
|
205
|
+
POLICY_CREATE_SECRET = 0x00000020
|
206
|
+
POLICY_CREATE_PRIVILEGE = 0x00000040
|
207
|
+
POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
|
208
|
+
POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100
|
209
|
+
POLICY_AUDIT_LOG_ADMIN = 0x00000200
|
210
|
+
POLICY_SERVER_ADMIN = 0x00000400
|
211
|
+
POLICY_LOOKUP_NAMES = 0x00000800
|
212
|
+
POLICY_NOTIFICATION = 0x00001000
|
213
|
+
|
214
|
+
def self.new_lsa_policy_handle
|
215
|
+
access = 0
|
216
|
+
access |= POLICY_LOOKUP_NAMES
|
217
|
+
access |= POLICY_CREATE_ACCOUNT
|
218
|
+
policy_handle = FFI::MemoryPointer.new(:pointer)
|
219
|
+
|
220
|
+
result = LsaOpenPolicy(nil, LSA_OBJECT_ATTRIBUTES.new, access, policy_handle)
|
221
|
+
check_lsa_nt_status_and_raise_failures(result, "LsaOpenPolicy")
|
222
|
+
|
223
|
+
begin
|
224
|
+
yield policy_handle
|
225
|
+
ensure
|
226
|
+
result = LsaClose(policy_handle.read_pointer)
|
227
|
+
check_lsa_nt_status_and_raise_failures(result, "LsaClose")
|
228
|
+
end
|
229
|
+
end
|
230
|
+
private_class_method :new_lsa_policy_handle
|
231
|
+
|
232
|
+
def self.new_lsa_unicode_strings_pointer(strings)
|
233
|
+
lsa_unicode_strings_pointer = FFI::MemoryPointer.new(LSA_UNICODE_STRING, strings.size)
|
234
|
+
|
235
|
+
strings.each_with_index do |string, index|
|
236
|
+
lsa_string = LSA_UNICODE_STRING.new(lsa_unicode_strings_pointer + index * LSA_UNICODE_STRING.size)
|
237
|
+
lsa_string[:Buffer] = FFI::MemoryPointer.from_string(wide_string(string))
|
238
|
+
lsa_string[:Length] = string.length * 2
|
239
|
+
lsa_string[:MaximumLength] = lsa_string[:Length] + 2
|
240
|
+
end
|
241
|
+
|
242
|
+
lsa_unicode_strings_pointer
|
243
|
+
end
|
244
|
+
private_class_method :new_lsa_unicode_strings_pointer
|
245
|
+
|
246
|
+
# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
|
247
|
+
def self.check_lsa_nt_status_and_raise_failures(status, method_name)
|
248
|
+
error_code = LsaNtStatusToWinError(status)
|
249
|
+
|
250
|
+
error_reason = case error_code.to_s(16)
|
251
|
+
when '0' # ERROR_SUCCESS
|
252
|
+
return # Method call succeded
|
253
|
+
when '2' # ERROR_FILE_NOT_FOUND
|
254
|
+
return # No rights/privilleges assigned to given user
|
255
|
+
when '5' # ERROR_ACCESS_DENIED
|
256
|
+
"Access is denied. Please make sure that puppet is running as administrator."
|
257
|
+
when '521' # ERROR_NO_SUCH_PRIVILEGE
|
258
|
+
"One or more of the given rights/privilleges are incorrect."
|
259
|
+
when '6ba' # RPC_S_SERVER_UNAVAILABLE
|
260
|
+
"The RPC server is unavailable or given domain name is invalid."
|
261
|
+
end
|
262
|
+
|
263
|
+
raise Puppet::Error.new("Calling `#{method_name}` returned 'Win32 Error Code 0x%08X'. #{error_reason}" % error_code)
|
264
|
+
end
|
265
|
+
private_class_method :check_lsa_nt_status_and_raise_failures
|
266
|
+
|
148
267
|
ffi_convention :stdcall
|
149
268
|
|
150
269
|
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
|
@@ -329,4 +448,104 @@ module Puppet::Util::Windows::User
|
|
329
448
|
ffi_lib :advapi32
|
330
449
|
attach_function_private :IsValidSid,
|
331
450
|
[:pointer], :win32_bool
|
451
|
+
|
452
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-lsa_object_attributes
|
453
|
+
# typedef struct _LSA_OBJECT_ATTRIBUTES {
|
454
|
+
# ULONG Length;
|
455
|
+
# HANDLE RootDirectory;
|
456
|
+
# PLSA_UNICODE_STRING ObjectName;
|
457
|
+
# ULONG Attributes;
|
458
|
+
# PVOID SecurityDescriptor;
|
459
|
+
# PVOID SecurityQualityOfService;
|
460
|
+
# } LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
|
461
|
+
class LSA_OBJECT_ATTRIBUTES < FFI::Struct
|
462
|
+
layout :Length, :ulong,
|
463
|
+
:RootDirectory, :handle,
|
464
|
+
:ObjectName, :plsa_unicode_string,
|
465
|
+
:Attributes, :ulong,
|
466
|
+
:SecurityDescriptor, :pvoid,
|
467
|
+
:SecurityQualityOfService, :pvoid
|
468
|
+
end
|
469
|
+
|
470
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-lsa_unicode_string
|
471
|
+
# typedef struct _LSA_UNICODE_STRING {
|
472
|
+
# USHORT Length;
|
473
|
+
# USHORT MaximumLength;
|
474
|
+
# PWSTR Buffer;
|
475
|
+
# } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
|
476
|
+
class LSA_UNICODE_STRING < FFI::Struct
|
477
|
+
layout :Length, :ushort,
|
478
|
+
:MaximumLength, :ushort,
|
479
|
+
:Buffer, :pwstr
|
480
|
+
end
|
481
|
+
|
482
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaenumerateaccountrights
|
483
|
+
# https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
|
484
|
+
# NTSTATUS LsaEnumerateAccountRights(
|
485
|
+
# LSA_HANDLE PolicyHandle,
|
486
|
+
# PSID AccountSid,
|
487
|
+
# PLSA_UNICODE_STRING *UserRights,
|
488
|
+
# PULONG CountOfRights
|
489
|
+
# );
|
490
|
+
ffi_lib :advapi32
|
491
|
+
attach_function_private :LsaEnumerateAccountRights,
|
492
|
+
[:lsa_handle, :psid, :plsa_unicode_string, :pulong], :ntstatus
|
493
|
+
|
494
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaaddaccountrights
|
495
|
+
# NTSTATUS LsaAddAccountRights(
|
496
|
+
# LSA_HANDLE PolicyHandle,
|
497
|
+
# PSID AccountSid,
|
498
|
+
# PLSA_UNICODE_STRING UserRights,
|
499
|
+
# ULONG CountOfRights
|
500
|
+
# );
|
501
|
+
ffi_lib :advapi32
|
502
|
+
attach_function_private :LsaAddAccountRights,
|
503
|
+
[:lsa_handle, :psid, :plsa_unicode_string, :ulong], :ntstatus
|
504
|
+
|
505
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaremoveaccountrights
|
506
|
+
# NTSTATUS LsaRemoveAccountRights(
|
507
|
+
# LSA_HANDLE PolicyHandle,
|
508
|
+
# PSID AccountSid,
|
509
|
+
# BOOLEAN AllRights,
|
510
|
+
# PLSA_UNICODE_STRING UserRights,
|
511
|
+
# ULONG CountOfRights
|
512
|
+
# );
|
513
|
+
ffi_lib :advapi32
|
514
|
+
attach_function_private :LsaRemoveAccountRights,
|
515
|
+
[:lsa_handle, :psid, :bool, :plsa_unicode_string, :ulong], :ntstatus
|
516
|
+
|
517
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaopenpolicy
|
518
|
+
# NTSTATUS LsaOpenPolicy(
|
519
|
+
# PLSA_UNICODE_STRING SystemName,
|
520
|
+
# PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
|
521
|
+
# ACCESS_MASK DesiredAccess,
|
522
|
+
# PLSA_HANDLE PolicyHandle
|
523
|
+
# );
|
524
|
+
ffi_lib :advapi32
|
525
|
+
attach_function_private :LsaOpenPolicy,
|
526
|
+
[:plsa_unicode_string, :plsa_object_attributes, :access_mask, :plsa_handle], :ntstatus
|
527
|
+
|
528
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaclose
|
529
|
+
# NTSTATUS LsaClose(
|
530
|
+
# LSA_HANDLE ObjectHandle
|
531
|
+
# );
|
532
|
+
ffi_lib :advapi32
|
533
|
+
attach_function_private :LsaClose,
|
534
|
+
[:lsa_handle], :ntstatus
|
535
|
+
|
536
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsafreememory
|
537
|
+
# NTSTATUS LsaFreeMemory(
|
538
|
+
# PVOID Buffer
|
539
|
+
# );
|
540
|
+
ffi_lib :advapi32
|
541
|
+
attach_function_private :LsaFreeMemory,
|
542
|
+
[:pvoid], :ntstatus
|
543
|
+
|
544
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsantstatustowinerror
|
545
|
+
# ULONG LsaNtStatusToWinError(
|
546
|
+
# NTSTATUS Status
|
547
|
+
# );
|
548
|
+
ffi_lib :advapi32
|
549
|
+
attach_function_private :LsaNtStatusToWinError,
|
550
|
+
[:ntstatus], :ulong
|
332
551
|
end
|
data/lib/puppet/util/yaml.rb
CHANGED
@@ -42,28 +42,6 @@ module Puppet::Util::Yaml
|
|
42
42
|
safe_load(yaml, allowed_classes, filename)
|
43
43
|
end
|
44
44
|
|
45
|
-
# @deprecated Use {#safe_load_file} instead.
|
46
|
-
def self.load_file(filename, default_value = false, strip_classes = false)
|
47
|
-
Puppet.deprecation_warning(_("Puppet::Util::Yaml.load_file is deprecated. Use safe_load_file instead."))
|
48
|
-
|
49
|
-
if(strip_classes) then
|
50
|
-
data = YAML::parse_file(filename)
|
51
|
-
data.root.each do |o|
|
52
|
-
if o.respond_to?(:tag=) and
|
53
|
-
o.tag != nil and
|
54
|
-
o.tag.start_with?("!ruby")
|
55
|
-
o.tag = nil
|
56
|
-
end
|
57
|
-
end
|
58
|
-
data.to_ruby || default_value
|
59
|
-
else
|
60
|
-
yaml = YAML.load_file(filename)
|
61
|
-
yaml || default_value
|
62
|
-
end
|
63
|
-
rescue *YamlLoadExceptions => detail
|
64
|
-
raise YamlLoadError.new(detail.message, detail)
|
65
|
-
end
|
66
|
-
|
67
45
|
def self.dump(structure, filename)
|
68
46
|
Puppet::FileSystem.replace_file(filename, 0660) do |fh|
|
69
47
|
YAML.dump(structure, fh)
|
data/lib/puppet/version.rb
CHANGED
data/lib/puppet/x509.rb
CHANGED
@@ -1,7 +1,11 @@
|
|
1
1
|
require 'puppet'
|
2
2
|
require 'puppet/ssl/openssl_loader'
|
3
3
|
|
4
|
-
|
4
|
+
# Responsible for loading and saving certificates and private keys.
|
5
|
+
#
|
6
|
+
# @see Puppet::X509::CertProvider
|
7
|
+
# @api private
|
8
|
+
module Puppet::X509
|
5
9
|
require 'puppet/x509/pem_store'
|
6
10
|
require 'puppet/x509/cert_provider'
|
7
11
|
end
|
@@ -1,6 +1,11 @@
|
|
1
1
|
require 'puppet/x509'
|
2
2
|
|
3
|
-
# Class for loading and saving cert related objects.
|
3
|
+
# Class for loading and saving cert related objects. By default the provider
|
4
|
+
# loads and saves based on puppet's default settings, such as `Puppet[:localcacert]`.
|
5
|
+
# The providers sets the permissions on files it saves, such as the private key.
|
6
|
+
# All of the `load_*` methods take an optional `required` parameter. If an object
|
7
|
+
# doesn't exist, then by default the provider returns `nil`. However, if the
|
8
|
+
# `required` parameter is true, then an exception will be raised instead.
|
4
9
|
#
|
5
10
|
# @api private
|
6
11
|
class Puppet::X509::CertProvider
|
@@ -32,6 +37,7 @@ class Puppet::X509::CertProvider
|
|
32
37
|
#
|
33
38
|
# @param certs [Array<OpenSSL::X509::Certificate>] Array of CA certs to save
|
34
39
|
# @raise [Puppet::Error] if the certs cannot be saved
|
40
|
+
#
|
35
41
|
# @api private
|
36
42
|
def save_cacerts(certs)
|
37
43
|
save_pem(certs.map(&:to_pem).join, @capath, **permissions_for_setting(:localcacert))
|
@@ -45,6 +51,7 @@ class Puppet::X509::CertProvider
|
|
45
51
|
# @return (see #load_cacerts_from_pem)
|
46
52
|
# @raise (see #load_cacerts_from_pem)
|
47
53
|
# @raise [Puppet::Error] if the certs cannot be loaded
|
54
|
+
#
|
48
55
|
# @api private
|
49
56
|
def load_cacerts(required: false)
|
50
57
|
pem = load_pem(@capath)
|
@@ -61,6 +68,7 @@ class Puppet::X509::CertProvider
|
|
61
68
|
# @param pem [String] PEM encoded certificate(s)
|
62
69
|
# @return [Array<OpenSSL::X509::Certificate>] Array of CA certs
|
63
70
|
# @raise [OpenSSL::X509::CertificateError] The `pem` text does not contain a valid cert
|
71
|
+
#
|
64
72
|
# @api private
|
65
73
|
def load_cacerts_from_pem(pem)
|
66
74
|
# TRANSLATORS 'PEM' is an acronym and shouldn't be translated
|
@@ -75,6 +83,7 @@ class Puppet::X509::CertProvider
|
|
75
83
|
#
|
76
84
|
# @param crls [Array<OpenSSL::X509::CRL>] Array of CRLs to save
|
77
85
|
# @raise [Puppet::Error] if the CRLs cannot be saved
|
86
|
+
#
|
78
87
|
# @api private
|
79
88
|
def save_crls(crls)
|
80
89
|
save_pem(crls.map(&:to_pem).join, @crlpath, **permissions_for_setting(:hostcrl))
|
@@ -88,6 +97,7 @@ class Puppet::X509::CertProvider
|
|
88
97
|
# @return (see #load_crls_from_pem)
|
89
98
|
# @raise (see #load_crls_from_pem)
|
90
99
|
# @raise [Puppet::Error] if the CRLs cannot be loaded
|
100
|
+
#
|
91
101
|
# @api private
|
92
102
|
def load_crls(required: false)
|
93
103
|
pem = load_pem(@crlpath)
|
@@ -104,6 +114,7 @@ class Puppet::X509::CertProvider
|
|
104
114
|
# @param pem [String] PEM encoded CRL(s)
|
105
115
|
# @return [Array<OpenSSL::X509::CRL>] Array of CRLs
|
106
116
|
# @raise [OpenSSL::X509::CRLError] The `pem` text does not contain a valid CRL
|
117
|
+
#
|
107
118
|
# @api private
|
108
119
|
def load_crls_from_pem(pem)
|
109
120
|
# TRANSLATORS 'PEM' is an acronym and shouldn't be translated
|
@@ -118,6 +129,8 @@ class Puppet::X509::CertProvider
|
|
118
129
|
#
|
119
130
|
# @return [Time, nil] Time when the CRL was last updated, or nil if we don't
|
120
131
|
# have a CRL
|
132
|
+
#
|
133
|
+
# @api private
|
121
134
|
def crl_last_update
|
122
135
|
stat = Puppet::FileSystem.stat(@crlpath)
|
123
136
|
Time.at(stat.mtime)
|
@@ -129,6 +142,7 @@ class Puppet::X509::CertProvider
|
|
129
142
|
#
|
130
143
|
# @param time [Time] The last updated time
|
131
144
|
#
|
145
|
+
# @api private
|
132
146
|
def crl_last_update=(time)
|
133
147
|
Puppet::FileSystem.touch(@crlpath, mtime: time)
|
134
148
|
end
|
@@ -142,6 +156,7 @@ class Puppet::X509::CertProvider
|
|
142
156
|
# from the password, and use that to encrypt the private key. If nil,
|
143
157
|
# save the private key unencrypted.
|
144
158
|
# @raise [Puppet::Error] if the private key cannot be saved
|
159
|
+
#
|
145
160
|
# @api private
|
146
161
|
def save_private_key(name, key, password: nil)
|
147
162
|
pem = if password
|
@@ -167,6 +182,7 @@ class Puppet::X509::CertProvider
|
|
167
182
|
# @return (see #load_private_key_from_pem)
|
168
183
|
# @raise (see #load_private_key_from_pem)
|
169
184
|
# @raise [Puppet::Error] if the private key cannot be loaded
|
185
|
+
#
|
170
186
|
# @api private
|
171
187
|
def load_private_key(name, required: false, password: nil)
|
172
188
|
path = @hostprivkey || to_path(@privatekeydir, name)
|
@@ -187,6 +203,7 @@ class Puppet::X509::CertProvider
|
|
187
203
|
# not specified, then the key cannot be loaded.
|
188
204
|
# @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key
|
189
205
|
# @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key
|
206
|
+
#
|
190
207
|
# @api private
|
191
208
|
def load_private_key_from_pem(pem, password: nil)
|
192
209
|
# set a non-nil password to ensure openssl doesn't prompt
|
@@ -216,6 +233,8 @@ class Puppet::X509::CertProvider
|
|
216
233
|
#
|
217
234
|
# @return [String, nil] The private key password as a binary string or nil
|
218
235
|
# if there is none.
|
236
|
+
#
|
237
|
+
# @api private
|
219
238
|
def load_private_key_password
|
220
239
|
Puppet::FileSystem.read(Puppet[:passfile], :encoding => Encoding::BINARY)
|
221
240
|
rescue Errno::ENOENT
|
@@ -227,6 +246,7 @@ class Puppet::X509::CertProvider
|
|
227
246
|
# @param name [String] The client cert identity
|
228
247
|
# @param cert [OpenSSL::X509::Certificate] The cert to save
|
229
248
|
# @raise [Puppet::Error] if the client cert cannot be saved
|
249
|
+
#
|
230
250
|
# @api private
|
231
251
|
def save_client_cert(name, cert)
|
232
252
|
path = @hostcert || to_path(@certdir, name)
|
@@ -242,6 +262,7 @@ class Puppet::X509::CertProvider
|
|
242
262
|
# @return (see #load_request_from_pem)
|
243
263
|
# @raise (see #load_client_cert_from_pem)
|
244
264
|
# @raise [Puppet::Error] if the client cert cannot be loaded
|
265
|
+
#
|
245
266
|
# @api private
|
246
267
|
def load_client_cert(name, required: false)
|
247
268
|
path = @hostcert || to_path(@certdir, name)
|
@@ -259,6 +280,7 @@ class Puppet::X509::CertProvider
|
|
259
280
|
# @param pem [String] PEM encoded cert
|
260
281
|
# @return [OpenSSL::X509::Certificate] the certificate
|
261
282
|
# @raise [OpenSSL::X509::CertificateError] The `pem` text does not contain a valid cert
|
283
|
+
#
|
262
284
|
# @api private
|
263
285
|
def load_client_cert_from_pem(pem)
|
264
286
|
OpenSSL::X509::Certificate.new(pem)
|
@@ -270,6 +292,7 @@ class Puppet::X509::CertProvider
|
|
270
292
|
# @param private_key [OpenSSL::PKey::RSA] private key
|
271
293
|
# @return [Puppet::X509::Request] The request
|
272
294
|
#
|
295
|
+
# @api private
|
273
296
|
def create_request(name, private_key)
|
274
297
|
options = {}
|
275
298
|
|
@@ -292,6 +315,7 @@ class Puppet::X509::CertProvider
|
|
292
315
|
# @param name [String] the request identity
|
293
316
|
# @param csr [OpenSSL::X509::Request] the request
|
294
317
|
# @raise [Puppet::Error] if the cert request cannot be saved
|
318
|
+
#
|
295
319
|
# @api private
|
296
320
|
def save_request(name, csr)
|
297
321
|
path = to_path(@requestdir, name)
|
@@ -306,6 +330,7 @@ class Puppet::X509::CertProvider
|
|
306
330
|
# @return (see #load_request_from_pem)
|
307
331
|
# @raise (see #load_request_from_pem)
|
308
332
|
# @raise [Puppet::Error] if the cert request cannot be saved
|
333
|
+
#
|
309
334
|
# @api private
|
310
335
|
def load_request(name)
|
311
336
|
path = to_path(@requestdir, name)
|
@@ -319,6 +344,8 @@ class Puppet::X509::CertProvider
|
|
319
344
|
#
|
320
345
|
# @param name [String] The request identity
|
321
346
|
# @return [Boolean] true if the CSR was deleted
|
347
|
+
#
|
348
|
+
# @api private
|
322
349
|
def delete_request(name)
|
323
350
|
path = to_path(@requestdir, name)
|
324
351
|
delete_pem(path)
|
@@ -331,6 +358,7 @@ class Puppet::X509::CertProvider
|
|
331
358
|
# @param pem [String] PEM encoded request
|
332
359
|
# @return [OpenSSL::X509::Request] the request
|
333
360
|
# @raise [OpenSSL::X509::RequestError] The `pem` text does not contain a valid request
|
361
|
+
#
|
334
362
|
# @api private
|
335
363
|
def load_request_from_pem(pem)
|
336
364
|
OpenSSL::X509::Request.new(pem)
|