puppet 6.21.1-universal-darwin → 6.22.1-universal-darwin

data/lib/puppet/util/fact_dif.rb

@@ -1,15 +1,24 @@
 require 'json'
 
 class FactDif
-  def initialize(old_output, new_output, exclude_list = [])
-    @c_facter = JSON.parse(old_output)['values']
-    @next_facter = JSON.parse(new_output)['values']
+  def initialize(old_output, new_output, exclude_list, save_structured)
+    @c_facter = JSON.parse(old_output)
+    @next_facter = JSON.parse(new_output)
     @exclude_list = exclude_list
+    @save_structured = save_structured
+    @flat_diff = []
     @diff = {}
   end
 
   def difs
-    search_hash(@c_facter, [])
+    search_hash(((@c_facter.to_a - @next_facter.to_a) | (@next_facter.to_a - @c_facter.to_a)).to_h)
+
+    @flat_diff.sort_by { |a| a[0] }.each do |pair|
+      fact_path = pair[0]
+      value = pair[1]
+      compare(fact_path, value, @c_facter)
+      compare(fact_path, value, @next_facter)
+    end
 
     @diff
   end
@@ -28,29 +37,39 @@ class FactDif
         path.pop
       end
     else
-      compare(path, sh)
+      @flat_diff.push([path.dup, sh])
     end
   end
 
-  def compare(fact_path, old_value)
-    new_value = @next_facter.dig(*fact_path)
-    if different?(new_value, old_value) && !excluded?(fact_path.join('.'))
-      @diff[fact_path.join('.')] = { new_value: new_value, old_value: old_value }
+  def compare(fact_path, given_value, compared_hash)
+    compared_value = compared_hash.dig(*fact_path)
+    if different?(compared_value, given_value) && !excluded?(fact_path.join('.'))
+      fact_path = fact_path.map{|f| f.to_s.include?('.') ? "\"#{f}\"" : f}.join('.') unless @save_structured
+      if compared_hash == @c_facter
+        bury(*fact_path, { :new_value => given_value, :old_value => compared_value }, @diff)
+      else
+        bury(*fact_path, { :new_value => compared_value, :old_value => given_value }, @diff)
+      end
+    end
+  end
+
+  def bury(*paths, value, hash)
+    if paths.count > 1
+      path = paths.shift
+      hash[path] = Hash.new unless hash.key?(path)
+      bury(*paths, value, hash[path])
+    else
+      hash[*paths] = value
     end
   end
 
   def different?(new, old)
-    if old.is_a?(String) && new.is_a?(String)
+    if old.is_a?(String) && new.is_a?(String) && (old.include?(',') || new.include?(','))
       old_values = old.split(',')
       new_values = new.split(',')
 
-      diff = old_values - new_values
-      # also add new entries only available in Facter 4
-      diff.concat(new_values - old_values)
-
-      return true if diff.any?
-
-      return false
+      diff = (old_values - new_values) | (new_values - old_values)
+      return diff.size.positive?
     end
 
     old != new

data/lib/puppet/util/monkey_patches.rb

@@ -32,6 +32,13 @@ end
 # (#19151) Reject all SSLv2 ciphers and handshakes
 require 'puppet/ssl/openssl_loader'
 unless Puppet::Util::Platform.jruby_fips?
+  unless defined?(OpenSSL::SSL::TLS1_VERSION)
+    module OpenSSL::SSL
+      # see https://github.com/ruby/ruby/commit/609103dbb5fb182eec12f052226c43e39b907682#diff-09f822c26289f5347111795ca22ed7ed1cfadd6ebd28f987991d1d414eef565aR2755-R2759
+      OpenSSL::SSL::TLS1_VERSION = 0x301
+    end
+  end
+
   class OpenSSL::SSL::SSLContext
     if DEFAULT_PARAMS[:options]
       DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3

data/lib/puppet/util/windows/adsi.rb

@@ -504,6 +504,43 @@ module Puppet::Util::Windows::ADSI
       user_name
     end
 
+    # https://docs.microsoft.com/en-us/windows/win32/api/secext/ne-secext-extended_name_format
+    NameUnknown           = 0
+    NameFullyQualifiedDN  = 1
+    NameSamCompatible     = 2
+    NameDisplay           = 3
+    NameUniqueId          = 6
+    NameCanonical         = 7
+    NameUserPrincipal     = 8
+    NameCanonicalEx       = 9
+    NameServicePrincipal  = 10
+    NameDnsDomain         = 12
+    NameGivenName         = 13
+    NameSurname           = 14
+
+    def self.current_user_name_with_format(format)
+      user_name = ''
+      max_length = 1024
+
+      FFI::MemoryPointer.new(:lpwstr, max_length * 2 + 1) do |buffer|
+        FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
+          buffer_size.write_dword(max_length + 1)
+
+          if GetUserNameExW(format.to_i, buffer, buffer_size) == FFI::WIN32_FALSE
+            raise Puppet::Util::Windows::Error.new(_("Failed to get user name"), FFI.errno)
+          end
+
+          user_name = buffer.read_wide_string(buffer_size.read_dword).chomp
+        end
+      end
+
+      user_name
+    end
+
+    def self.current_sam_compatible_user_name
+      current_user_name_with_format(NameSamCompatible)
+    end
+
     def self.current_user_sid
       Puppet::Util::Windows::SID.name_to_principal(current_user_name)
     end
@@ -518,6 +555,15 @@ module Puppet::Util::Windows::ADSI
     ffi_lib :advapi32
     attach_function_private :GetUserNameW,
       [:lpwstr, :lpdword], :win32_bool
+
+    # https://docs.microsoft.com/en-us/windows/win32/api/secext/nf-secext-getusernameexa
+    # BOOLEAN SEC_ENTRY GetUserNameExA(
+    #   EXTENDED_NAME_FORMAT NameFormat,
+    #   LPSTR                lpNameBuffer,
+    #   PULONG               nSize
+    # );type
+    ffi_lib :secur32
+    attach_function_private :GetUserNameExW, [:uint16, :lpwstr, :pointer], :win32_bool
   end
 
   class UserProfile

data/lib/puppet/util/windows/api_types.rb

@@ -19,7 +19,7 @@ module Puppet::Util::Windows::APITypes
 
   class ::FFI::Pointer
     NULL_HANDLE = 0
-    WCHAR_NULL = "\0\0".encode('UTF-16LE').freeze
+    WCHAR_NULL = "\0\0".force_encoding('UTF-16LE').freeze
 
     def self.from_string_to_wide_string(str, &block)
       str = Puppet::Util::Windows::String.wide_string(str)

data/lib/puppet/util/windows/principal.rb

@@ -44,7 +44,8 @@ module Puppet::Util::Windows::SID
     ERROR_INVALID_PARAMETER   = 87
     ERROR_INSUFFICIENT_BUFFER = 122
 
-    def self.lookup_account_name(system_name = nil, account_name)
+    def self.lookup_account_name(system_name = nil, sanitize = true, account_name)
+      account_name = sanitize_account_name(account_name) if sanitize
       system_name_ptr = FFI::Pointer::NULL
       begin
         if system_name
@@ -146,6 +147,13 @@ module Puppet::Util::Windows::SID
       end
     end
 
+    # Sanitize the given account name for lookup to avoid known issues
+    def self.sanitize_account_name(account_name)
+      return account_name unless account_name.start_with?('APPLICATION PACKAGE AUTHORITY\\')
+      account_name.split('\\').last
+    end
+    private_class_method :sanitize_account_name
+
     ffi_convention :stdcall
 
     # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx
@@ -191,4 +199,3 @@ module Puppet::Util::Windows::SID
       [:lpcwstr, :pointer, :lpwstr, :lpdword, :lpwstr, :lpdword, :pointer], :win32_bool
   end
 end
-

data/lib/puppet/util/windows/sid.rb

@@ -74,11 +74,13 @@ module Puppet::Util::Windows
         string_to_sid_ptr(name) do |sid_ptr|
           raw_sid_bytes = sid_ptr.read_array_of_uchar(get_length_sid(sid_ptr))
         end
-      rescue
+      rescue => e
+        Puppet.debug("Could not retrieve raw SID bytes from '#{name}': #{e.message}")
       end
 
       raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
-    rescue
+    rescue => e
+      Puppet.debug("#{e.message}")
       (allow_unresolved && raw_sid_bytes) ? unresolved_principal(name, raw_sid_bytes) : nil
     end
     module_function :name_to_principal

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '6.21.1'
+  PUPPETVERSION = '6.22.1'
 
   ##
   # version is a public API method intended to always provide a fast and