puppet 6.23.0 → 7.0.0

data/lib/puppet/environments.rb

@@ -225,9 +225,6 @@ module Puppet::Environments
     private
 
     def create_environment(name)
-      # interpolated modulepaths may be cached from prior environment instances
-      Puppet.settings.clear_environment_settings(name)
-
       env_symbol = name.intern
       setting_values = Puppet.settings.values(env_symbol, Puppet.settings.preferred_run_mode)
       env = Puppet::Node::Environment.create(
@@ -349,23 +346,17 @@ module Puppet::Environments
       @loader = loader
       @cache_expiration_service = Puppet::Environments::Cached.cache_expiration_service
       @cache = {}
+
+      # Holds expiration times in sorted order - next to expire is first
+      @expirations = SortedSet.new
+
+      # Infinity since it there are no entries, this is a cache of the first to expire time
+      @next_expiration = END_OF_TIME
     end
 
     # @!macro loader_list
     def list
-      # Evict all that have expired, in the same way as `get`
-      clear_all_expired
-
-      @loader.list.map do |env|
-        name = env.name
-        old_entry = @cache[name]
-        if old_entry
-          old_entry.value
-        else
-          add_entry(name, entry(env))
-          env
-        end
-      end
+      @loader.list
     end
 
     # @!macro loader_search_paths
@@ -388,6 +379,7 @@ module Puppet::Environments
       elsif (result = @loader.get(name))
         # environment loaded, cache it
         cache_entry = entry(result)
+        @cache_expiration_service.created(result)
         add_entry(name, cache_entry)
         result
       end
@@ -397,36 +389,28 @@ module Puppet::Environments
     def add_entry(name, cache_entry)
       Puppet.debug {"Caching environment '#{name}' #{cache_entry.label}"}
       @cache[name] = cache_entry
-      @cache_expiration_service.created(cache_entry.value)
+      expires = cache_entry.expires
+      @expirations.add(expires)
+      if @next_expiration > expires
+        @next_expiration = expires
+      end
     end
     private :add_entry
 
-    def clear_entry(name, entry)
-      @cache.delete(name)
-      Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-      @cache_expiration_service.evicted(name.to_sym)
-      Puppet::GettextConfig.delete_text_domain(name)
-      Puppet.settings.clear_environment_settings(name)
-    end
-    private :clear_entry
-
     # Clears the cache of the environment with the given name.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
     def clear(name)
-      entry = @cache[name]
-      clear_entry(name, entry) if entry
+      @cache.delete(name)
+      Puppet::GettextConfig.delete_text_domain(name)
     end
 
     # Clears all cached environments.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
-    def clear_all
+    def clear_all()
       super
-
-      @cache.each_pair do |name, entry|
-        clear_entry(name, entry)
-      end
-
       @cache = {}
+      @expirations.clear
+      @next_expiration = END_OF_TIME
       Puppet::GettextConfig.delete_environment_text_domains
     end
 
@@ -435,23 +419,17 @@ module Puppet::Environments
     #
     def clear_all_expired()
       t = Time.now
-
-      @cache.each_pair do |name, entry|
-        clear_if_expired(name, entry, t)
-      end
-    end
-
-    # Clear an environment if it is expired, either by exceeding its time to live, or
-    # through an explicit eviction determined by the cache expiration service.
-    #
-    def clear_if_expired(name, entry, t = Time.now)
-      return unless entry
-
-      if entry.expired?(t) || @cache_expiration_service.expired?(name.to_sym)
-        clear_entry(name, entry)
+      return if t < @next_expiration && ! @cache.any? {|name, _| @cache_expiration_service.expired?(name.to_sym) }
+      to_expire = @cache.select { |name, entry| entry.expires < t || @cache_expiration_service.expired?(name.to_sym) }
+      to_expire.each do |name, entry|
+        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
+        @cache_expiration_service.evicted(name.to_sym)
+        clear(name)
+        @expirations.delete(entry.expires)
+        Puppet.settings.clear_environment_settings(name)
       end
+      @next_expiration = @expirations.first || END_OF_TIME
     end
-    private :clear_if_expired
 
     # This implementation evicts the cache, and always gets the current
     # configuration of the environment
@@ -462,7 +440,7 @@ module Puppet::Environments
     #
     # @!macro loader_get_conf
     def get_conf(name)
-      clear_if_expired(name, @cache[name])
+      evict_if_expired(name)
       @loader.get_conf(name)
     end
 
@@ -481,11 +459,18 @@ module Puppet::Environments
       when Float::INFINITY
         Entry.new(env)              # Entry that never expires (avoids syscall to get time)
       else
-        if Puppet[:environment_timeout_mode] == :from_last_used
-          MRUEntry.new(env, ttl)    # Entry that expires in ttl from when it was last touched
-        else
-          TTLEntry.new(env, ttl)    # Entry that expires in ttl from when it was created
-        end
+        MRUEntry.new(env, ttl)      # Entry that expires in ttl from when it was last touched
+      end
+    end
+
+    # Evicts the entry if it has expired
+    # Also clears caches in Settings that may prevent the entry from being updated
+    def evict_if_expired(name)
+      if (result = @cache[name]) && (result.expired? || @cache_expiration_service.expired?(name.to_sym))
+        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
+        @cache_expiration_service.evicted(name.to_sym)
+        clear(name)
+        Puppet.settings.clear_environment_settings(name)
       end
     end
 
@@ -500,57 +485,58 @@ module Puppet::Environments
       def touch
       end
 
-      def expired?(now)
+      def expired?
         false
       end
 
       def label
         ""
       end
+
+      def expires
+        END_OF_TIME
+      end
     end
 
     # Always evicting entry
     class NotCachedEntry < Entry
-      def expired?(now)
+      def expired?
         true
       end
 
       def label
         "(ttl = 0 sec)"
       end
+
+      def expires
+        START_OF_TIME
+      end
     end
 
-    # Policy that expires in ttl_seconds from when it was created
-    class TTLEntry < Entry
+    # Policy that expires if it hasn't been touched within ttl_seconds
+    class MRUEntry < Entry
       def initialize(value, ttl_seconds)
         super(value)
         @ttl = Time.now + ttl_seconds
         @ttl_seconds = ttl_seconds
-      end
 
-      def expired?(now)
-        now > @ttl
+        touch
       end
 
-      def label
-        "(ttl = #{@ttl_seconds} sec)"
+      def touch
+        @ttl = Time.now + @ttl_seconds
       end
-    end
-
-    # Policy that expires if it hasn't been touched within ttl_seconds
-    class MRUEntry < TTLEntry
-      def initialize(value, ttl_seconds)
-        super(value, ttl_seconds)
 
-        touch
+      def expired?
+        Time.now > @ttl
       end
 
-      def touch
-        @ttl = Time.now + @ttl_seconds
+      def expires
+        @ttl
       end
 
       def label
-        "(mru = #{@ttl_seconds} sec)"
+        "(ttl = #{@ttl_seconds} sec)"
       end
     end
   end

data/lib/puppet/face/facts.rb

@@ -1,21 +1,5 @@
 require 'puppet/indirector/face'
 require 'puppet/node/facts'
-require 'puppet/util/fact_dif'
-
-EXCLUDE_LIST = %w[ ^facterversion$
-  ^load_averages\..*$
-  ^processors\.speed$
-  ^swapfree$ ^swapfree_mb$
-  ^memoryfree$ ^memoryfree_mb$
-  ^memory\.swap\.available_bytes$ ^memory\.swap\.used_bytes$
-  ^memory\.swap\.available$ ^memory\.swap\.capacity$ ^memory\.swap\.used$
-  ^memory\.system\.available_bytes$ ^memory\.system\.used_bytes$
-  ^memory\.system\.available$ ^memory\.system\.capacity$ ^memory\.system\.used$
-  ^mountpoints\..*\.available.*$ ^mountpoints\..*\.capacity$ ^mountpoints\..*\.used.*$
-  ^sp_uptime$ ^system_profiler\.uptime$
-  ^uptime$ ^uptime_days$ ^uptime_hours$ ^uptime_seconds$
-  ^system_uptime\.uptime$ ^system_uptime\.days$ ^system_uptime\.hours$ ^system_uptime\.seconds$
-]
 
 Puppet::Indirector::Face.define(:facts, '0.0.1') do
   copyright "Puppet Inc.", 2011
@@ -47,7 +31,6 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
 
     $ puppet facts find
   EOT
-  find.default = true
 
   deactivate_action(:destroy)
   deactivate_action(:search)
@@ -60,16 +43,12 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
     EOT
     returns "Nothing."
     notes <<-'EOT'
-      This action requires that the puppet master's `auth.conf` file
+      This action requires that the Puppet Server's `auth.conf` file
       allow `PUT` or `save` access to the `/puppet/v3/facts` API endpoint.
 
       For details on configuring Puppet Server's `auth.conf`, see:
 
       <https://puppet.com/docs/puppetserver/latest/config_file_auth.html>
-
-      For legacy Rack-based Puppet Masters, see:
-
-      <https://puppet.com/docs/puppet/latest/config_file_auth.html>
     EOT
     examples <<-'EOT'
       Upload facts:
@@ -104,65 +83,6 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
     end
   end
 
-  action(:diff) do
-    summary _("Compare Facter 3 output with Facter 4 output")
-    description <<-'EOT'
-    Compares output from facter 3 with Facter 4 and prints the differences
-    EOT
-    returns "Differences between Facter 3 and Facter 4 output as an array."
-    notes <<-'EOT'
-    EOT
-    examples <<-'EOT'
-    get differences between facter versions:
-    $ puppet facts diff
-    EOT
-
-    option("--structured") do
-      default_to { false }
-      summary _("Render the different facts as structured.")
-    end
-
-    option("--exclude " + _("<regex>")) do
-      summary _("Regex used to exclude specific facts from diff.")
-    end
-
-    when_invoked do |*args|
-      options = args.pop
-
-      Puppet.settings.preferred_run_mode = :agent
-      Puppet::Node::Facts.indirection.terminus_class = :facter
-
-      if Puppet::Util::Package.versioncmp(Facter.value('facterversion'), '4.0.0') < 0
-        cmd_flags = '--render-as json --show-legacy'
-
-        # puppet/ruby are in PATH since it was updated in the wrapper script
-        puppet_show_cmd  = "puppet facts show"
-        if Puppet::Util::Platform.windows?
-          puppet_show_cmd = "ruby -S -- #{puppet_show_cmd}"
-        end
-
-        facter_3_result = Puppet::Util::Execution.execute("#{puppet_show_cmd} --no-facterng #{cmd_flags}", combine: false)
-        facter_ng_result = Puppet::Util::Execution.execute("#{puppet_show_cmd} --facterng #{cmd_flags}", combine: false)
-
-        exclude_list = options[:exclude].nil? ? EXCLUDE_LIST : EXCLUDE_LIST + [ options[:exclude] ]
-        fact_diff = FactDif.new(facter_3_result, facter_ng_result, exclude_list, options[:structured])
-        fact_diff.difs
-      else
-        Puppet.warning _("Already using Facter 4. To use `puppet facts diff` remove facterng from the .conf file or run `puppet config set facterng false`.")
-        exit 0
-      end
-    end
-
-    when_rendering :console do |result|
-      case result
-      when Array, Hash
-        Puppet::Util::Json.dump(result, :pretty => true)
-      else
-        result
-      end
-    end
-  end
-
   action(:show) do
     summary _("Retrieve current node's facts.")
     arguments _("[<facts>]")
@@ -179,6 +99,7 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
 
     $ puppet facts show os
     EOT
+    default true
 
     option("--config-file " + _("<path>")) do
       default_to { nil }
@@ -207,42 +128,23 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
       summary _("Show legacy facts when querying all facts.")
     end
 
-    option("--value-only") do
-      summary _("Show only the value when the action is called with a single query")
-    end
-
     when_invoked do |*args|
       options = args.pop
 
       Puppet.settings.preferred_run_mode = :agent
       Puppet::Node::Facts.indirection.terminus_class = :facter
 
-      if options[:value_only] && !args.count.eql?(1)
-        options[:value_only] = nil
-        Puppet.warning("Incorrect use of --value-only argument; it can only be used when querying for a single fact!")
-      end
 
       options[:user_query] = args
       options[:resolve_options] = true
       result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname], options)
 
-      if options[:value_only]
-        result.values.values.first
-      else
-        result.values
-      end
+      result.values
     end
 
     when_rendering :console do |result|
-      # VALID_TYPES = [Integer, Float, TrueClass, FalseClass, NilClass, Symbol, String, Array, Hash].freeze
-      # from https://github.com/puppetlabs/facter/blob/4.0.49/lib/facter/custom_facts/util/normalization.rb#L8
-
-      case result
-      when Array, Hash
-        Puppet::Util::Json.dump(result, :pretty => true)
-      else # one of VALID_TYPES above
-        result
-      end
+      Puppet::Util::Json.dump(result, :pretty => true)
     end
   end
 end
+

data/lib/puppet/face/help.rb

@@ -222,7 +222,7 @@ Puppet::Face.define(:help, '0.0.1') do
   #private :horribly_extract_summary_from
 
   def exclude_from_docs?(appname)
-    %w{face_base indirection_base cert key man report status}.include? appname
+    %w{face_base indirection_base report status}.include? appname
   end
   # This should absolutely be a private method, but for some reason it appears
   #  that you can't use the 'private' keyword inside of a Face definition.

data/lib/puppet/face/plugin.rb

@@ -41,14 +41,11 @@ Puppet::Face.define(:plugin, '0.0.1') do
     when_invoked do |options|
       remote_environment_for_plugins = Puppet::Node::Environment.remote(Puppet[:environment])
 
-      pool = Puppet.runtime[:http].pool
-      Puppet.override(:http_pool => pool) do
-        begin
-          handler = Puppet::Configurer::PluginHandler.new
-          handler.download_plugins(remote_environment_for_plugins)
-        ensure
-          pool.close
-        end
+      begin
+        handler = Puppet::Configurer::PluginHandler.new
+        handler.download_plugins(remote_environment_for_plugins)
+      ensure
+        Puppet.runtime[:http].close
       end
     end
 

data/lib/puppet/ffi/windows.rb

@@ -0,0 +1,12 @@
+require 'ffi'
+
+module Puppet
+  module FFI
+    module Windows
+      require 'puppet/ffi/windows/api_types'
+      require 'puppet/ffi/windows/constants'
+      require 'puppet/ffi/windows/structs'
+      require 'puppet/ffi/windows/functions'
+    end
+  end
+end

data/lib/puppet/ffi/windows/api_types.rb

@@ -0,0 +1,311 @@
+require 'puppet/ffi/windows'
+require 'puppet/util/windows/string'
+
+module Puppet::FFI::Windows
+  module APITypes
+    module ::FFI
+      WIN32_FALSE = 0
+
+      # standard Win32 error codes
+      ERROR_SUCCESS = 0
+    end
+
+    module ::FFI::Library
+      # Wrapper method for attach_function + private
+      def attach_function_private(*args)
+        attach_function(*args)
+        private args[0]
+      end
+    end
+
+    class ::FFI::Pointer
+      NULL_HANDLE = 0
+      WCHAR_NULL = "\0\0".encode('UTF-16LE').freeze
+
+      def self.from_string_to_wide_string(str, &block)
+        str = Puppet::Util::Windows::String.wide_string(str)
+        FFI::MemoryPointer.from_wide_string(str, &block)
+
+        # ptr has already had free called, so nothing to return
+        nil
+      end
+
+      def read_win32_bool
+        # BOOL is always a 32-bit integer in Win32
+        # some Win32 APIs return 1 for true, while others are non-0
+        read_int32 != FFI::WIN32_FALSE
+      end
+
+      alias_method :read_dword, :read_uint32
+      alias_method :read_win32_ulong, :read_uint32
+      alias_method :read_qword, :read_uint64
+
+      alias_method :read_hresult, :read_int32
+
+      def read_handle
+        type_size == 4 ? read_uint32 : read_uint64
+      end
+
+      alias_method :read_wchar, :read_uint16
+      alias_method :read_word,  :read_uint16
+      alias_method :read_array_of_wchar, :read_array_of_uint16
+
+      def read_wide_string(char_length, dst_encoding = Encoding::UTF_8, strip = false, encode_options = {})
+        # char_length is number of wide chars (typically excluding NULLs), *not* bytes
+        str = get_bytes(0, char_length * 2).force_encoding('UTF-16LE')
+
+        if strip
+          i = str.index(WCHAR_NULL)
+          str = str[0, i] if i
+        end
+
+        str.encode(dst_encoding, str.encoding, **encode_options)
+      rescue EncodingError => e
+        Puppet.debug { "Unable to convert value #{str.nil? ? 'nil' : str.dump} to encoding #{dst_encoding} due to #{e.inspect}" }
+        raise
+      end
+
+      # @param max_char_length [Integer] Maximum number of wide chars to return (typically excluding NULLs), *not* bytes
+      # @param null_terminator [Symbol] Number of number of null wchar characters, *not* bytes, that determine the end of the string
+      #   null_terminator = :single_null, then the terminating sequence is two bytes of zero.   This is UNIT16 = 0
+      #   null_terminator = :double_null, then the terminating sequence is four bytes of zero.  This is UNIT32 = 0
+      # @param encode_options [Hash] Accepts the same option hash that may be passed to String#encode in Ruby
+      def read_arbitrary_wide_string_up_to(max_char_length = 512, null_terminator = :single_null, encode_options = {})
+        idx = case null_terminator
+              when :single_null
+                # find index of wide null between 0 and max (exclusive)
+                (0...max_char_length).find do |i|
+                  get_uint16(i * 2) == 0
+                end
+              when :double_null
+                # find index of double-wide null between 0 and max - 1 (exclusive)
+                (0...max_char_length - 1).find do |i|
+                  get_uint32(i * 2) == 0
+                end
+              else
+                raise _("Unable to read wide strings with %{null_terminator} terminal nulls") % { null_terminator: null_terminator }
+              end
+
+        read_wide_string(idx || max_char_length, Encoding::UTF_8, false, encode_options)
+      end
+
+      def read_win32_local_pointer(&block)
+        ptr = read_pointer
+        begin
+          yield ptr
+        ensure
+          if !ptr.null? && FFI::WIN32::LocalFree(ptr.address) != FFI::Pointer::NULL_HANDLE
+            Puppet.debug "LocalFree memory leak"
+          end
+        end
+
+        # ptr has already had LocalFree called, so nothing to return
+        nil
+      end
+
+      def read_com_memory_pointer(&block)
+        ptr = read_pointer
+        begin
+          yield ptr
+        ensure
+          FFI::WIN32::CoTaskMemFree(ptr) unless ptr.null?
+        end
+
+        # ptr has already had CoTaskMemFree called, so nothing to return
+        nil
+      end
+
+      alias_method :write_dword, :write_uint32
+      alias_method :write_word, :write_uint16
+    end
+
+    class FFI::MemoryPointer
+      # Return a MemoryPointer that points to wide string. This is analogous to the
+      # FFI::MemoryPointer.from_string method.
+      def self.from_wide_string(wstr)
+        ptr = FFI::MemoryPointer.new(:uchar, wstr.bytesize + 2)
+        ptr.put_array_of_uchar(0, wstr.bytes.to_a)
+        ptr.put_uint16(wstr.bytesize, 0)
+
+        yield ptr if block_given?
+
+        ptr
+      end
+    end
+
+    # FFI Types
+    # https://github.com/ffi/ffi/wiki/Types
+
+    # Windows - Common Data Types
+    # https://msdn.microsoft.com/en-us/library/cc230309.aspx
+
+    # Windows Data Types
+    # https://msdn.microsoft.com/en-us/library/windows/desktop/aa383751(v=vs.85).aspx
+
+    FFI.typedef :uint16, :word
+    FFI.typedef :uint32, :dword
+    # uintptr_t is defined in an FFI conf as platform specific, either
+    # ulong_long on x64 or just ulong on x86
+    FFI.typedef :uintptr_t, :handle
+    FFI.typedef :uintptr_t, :hwnd
+
+    # buffer_inout is similar to pointer (platform specific), but optimized for buffers
+    FFI.typedef :buffer_inout, :lpwstr
+    # buffer_in is similar to pointer (platform specific), but optimized for CONST read only buffers
+    FFI.typedef :buffer_in, :lpcwstr
+    FFI.typedef :buffer_in, :lpcolestr
+
+    # string is also similar to pointer, but should be used for const char *
+    # NOTE that this is not wide, useful only for A suffixed functions
+    FFI.typedef :string, :lpcstr
+
+    # pointer in FFI is platform specific
+    # NOTE: for API calls with reserved lpvoid parameters, pass a FFI::Pointer::NULL
+    FFI.typedef :pointer, :lpcvoid
+    FFI.typedef :pointer, :lpvoid
+    FFI.typedef :pointer, :lpword
+    FFI.typedef :pointer, :lpbyte
+    FFI.typedef :pointer, :lpdword
+    FFI.typedef :pointer, :pdword
+    FFI.typedef :pointer, :phandle
+    FFI.typedef :pointer, :ulong_ptr
+    FFI.typedef :pointer, :pbool
+    FFI.typedef :pointer, :lpunknown
+
+    # any time LONG / ULONG is in a win32 API definition DO NOT USE platform specific width
+    # which is what FFI uses by default
+    # instead create new aliases for these very special cases
+    # NOTE: not a good idea to redefine FFI :ulong since other typedefs may rely on it
+    FFI.typedef :uint32, :win32_ulong
+    FFI.typedef :int32, :win32_long
+    # FFI bool can be only 1 byte at times,
+    # Win32 BOOL is a signed int, and is always 4 bytes, even on x64
+    # https://blogs.msdn.com/b/oldnewthing/archive/2011/03/28/10146459.aspx
+    FFI.typedef :int32, :win32_bool
+
+    # BOOLEAN (unlike BOOL) is a BYTE - typedef unsigned char BYTE;
+    FFI.typedef :uchar, :boolean
+
+    # Same as a LONG, a 32-bit signed integer
+    FFI.typedef :int32, :hresult
+
+    # NOTE: FFI already defines (u)short as a 16-bit (un)signed like this:
+    # FFI.typedef :uint16, :ushort
+    # FFI.typedef :int16, :short
+
+    # 8 bits per byte
+    FFI.typedef :uchar, :byte
+    FFI.typedef :uint16, :wchar
+
+    # Definitions for data types used in LSA structures and functions
+    # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/
+    # https://docs.microsoft.com/sr-latn-rs/windows/win32/secmgmt/management-data-types
+    FFI.typedef :pointer, :pwstr
+    FFI.typedef :pointer, :pulong
+    FFI.typedef :pointer, :lsa_handle
+    FFI.typedef :pointer, :plsa_handle
+    FFI.typedef :pointer, :psid
+    FFI.typedef :pointer, :pvoid
+    FFI.typedef :pointer, :plsa_unicode_string
+    FFI.typedef :pointer, :plsa_object_attributes
+    FFI.typedef :uint32,  :ntstatus
+    FFI.typedef :dword,   :access_mask
+
+    module ::FFI::WIN32
+      extend ::FFI::Library
+
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/aa373931(v=vs.85).aspx
+      # typedef struct _GUID {
+      #   DWORD Data1;
+      #   WORD  Data2;
+      #   WORD  Data3;
+      #   BYTE  Data4[8];
+      # } GUID;
+      class GUID < FFI::Struct
+        layout :Data1, :dword,
+               :Data2, :word,
+               :Data3, :word,
+               :Data4, [:byte, 8]
+
+        def self.[](s)
+          raise _('Bad GUID format.') unless s =~ /^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/i
+
+          new.tap do |guid|
+            guid[:Data1] = s[0, 8].to_i(16)
+            guid[:Data2] = s[9, 4].to_i(16)
+            guid[:Data3] = s[14, 4].to_i(16)
+            guid[:Data4][0] = s[19, 2].to_i(16)
+            guid[:Data4][1] = s[21, 2].to_i(16)
+            s[24, 12].split('').each_slice(2).with_index do |a, i|
+              guid[:Data4][i + 2] = a.join('').to_i(16)
+            end
+          end
+        end
+
+        def ==(other) Windows.memcmp(other, self, size) == 0 end
+      end
+
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724950(v=vs.85).aspx
+      # typedef struct _SYSTEMTIME {
+      #   WORD wYear;
+      #   WORD wMonth;
+      #   WORD wDayOfWeek;
+      #   WORD wDay;
+      #   WORD wHour;
+      #   WORD wMinute;
+      #   WORD wSecond;
+      #   WORD wMilliseconds;
+      # } SYSTEMTIME, *PSYSTEMTIME;
+      class SYSTEMTIME < FFI::Struct
+        layout :wYear, :word,
+               :wMonth, :word,
+               :wDayOfWeek, :word,
+               :wDay, :word,
+               :wHour, :word,
+               :wMinute, :word,
+               :wSecond, :word,
+               :wMilliseconds, :word
+
+        def to_local_time
+          Time.local(self[:wYear], self[:wMonth], self[:wDay],
+                     self[:wHour], self[:wMinute], self[:wSecond], self[:wMilliseconds] * 1000)
+        end
+      end
+
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx
+      # Contains a 64-bit value representing the number of 100-nanosecond
+      # intervals since January 1, 1601 (UTC).
+      # typedef struct _FILETIME {
+      #   DWORD dwLowDateTime;
+      #   DWORD dwHighDateTime;
+      # } FILETIME, *PFILETIME;
+      class FILETIME < FFI::Struct
+        layout :dwLowDateTime, :dword,
+               :dwHighDateTime, :dword
+      end
+
+      ffi_convention :stdcall
+
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/aa366730(v=vs.85).aspx
+      # HLOCAL WINAPI LocalFree(
+      #   _In_  HLOCAL hMem
+      # );
+      ffi_lib :kernel32
+      attach_function :LocalFree, [:handle], :handle
+
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724211(v=vs.85).aspx
+      # BOOL WINAPI CloseHandle(
+      #   _In_  HANDLE hObject
+      # );
+      ffi_lib :kernel32
+      attach_function_private :CloseHandle, [:handle], :win32_bool
+
+      # https://msdn.microsoft.com/en-us/library/windows/desktop/ms680722(v=vs.85).aspx
+      # void CoTaskMemFree(
+      #   _In_opt_  LPVOID pv
+      # );
+      ffi_lib :ole32
+      attach_function :CoTaskMemFree, [:lpvoid], :void
+    end
+  end
+end