puppet 6.4.5-x64-mingw32 → 6.5.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (329) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +10 -10
  3. data/Gemfile +6 -6
  4. data/Gemfile.lock +46 -52
  5. data/ext/build_defaults.yaml +0 -1
  6. data/ext/project_data.yaml +3 -3
  7. data/ext/regexp_nodes/regexp_nodes.rb +4 -4
  8. data/ext/solaris/smf/puppet.xml +0 -2
  9. data/ext/windows/eventlog/Rakefile +32 -0
  10. data/ext/windows/eventlog/puppetres.dll +0 -0
  11. data/ext/windows/eventlog/puppetres.mc +18 -0
  12. data/ext/windows/service/daemon.rb +8 -38
  13. data/install.rb +24 -6
  14. data/lib/puppet.rb +3 -1
  15. data/lib/puppet/application.rb +1 -1
  16. data/lib/puppet/application/agent.rb +11 -34
  17. data/lib/puppet/application/apply.rb +6 -6
  18. data/lib/puppet/application/describe.rb +9 -3
  19. data/lib/puppet/application/device.rb +4 -14
  20. data/lib/puppet/application/doc.rb +1 -1
  21. data/lib/puppet/application/lookup.rb +2 -2
  22. data/lib/puppet/application/resource.rb +4 -4
  23. data/lib/puppet/application/script.rb +2 -2
  24. data/lib/puppet/application/ssl.rb +10 -9
  25. data/lib/puppet/configurer.rb +30 -86
  26. data/lib/puppet/configurer/downloader.rb +6 -2
  27. data/lib/puppet/defaults.rb +50 -44
  28. data/lib/puppet/error.rb +14 -9
  29. data/lib/puppet/face/catalog.rb +20 -1
  30. data/lib/puppet/face/config.rb +48 -10
  31. data/lib/puppet/face/facts.rb +1 -1
  32. data/lib/puppet/face/help.rb +1 -1
  33. data/lib/puppet/face/module/list.rb +5 -5
  34. data/lib/puppet/face/module/search.rb +1 -1
  35. data/lib/puppet/face/module/uninstall.rb +1 -1
  36. data/lib/puppet/face/module/upgrade.rb +1 -1
  37. data/lib/puppet/face/parser.rb +48 -9
  38. data/lib/puppet/face/plugin.rb +2 -9
  39. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  40. data/lib/puppet/file_system.rb +12 -2
  41. data/lib/puppet/file_system/file_impl.rb +6 -3
  42. data/lib/puppet/file_system/memory_file.rb +1 -1
  43. data/lib/puppet/file_system/posix.rb +2 -3
  44. data/lib/puppet/forge.rb +3 -3
  45. data/lib/puppet/functions.rb +2 -1
  46. data/lib/puppet/functions/camelcase.rb +2 -2
  47. data/lib/puppet/functions/epp.rb +4 -4
  48. data/lib/puppet/functions/find_file.rb +9 -9
  49. data/lib/puppet/functions/inline_epp.rb +5 -5
  50. data/lib/puppet/functions/regsubst.rb +6 -8
  51. data/lib/puppet/gettext/module_translations.rb +1 -1
  52. data/lib/puppet/graph/rb_tree_map.rb +2 -2
  53. data/lib/puppet/graph/simple_graph.rb +3 -4
  54. data/lib/puppet/indirector/catalog/compiler.rb +5 -11
  55. data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
  56. data/lib/puppet/indirector/hiera.rb +0 -2
  57. data/lib/puppet/indirector/resource/ral.rb +3 -1
  58. data/lib/puppet/indirector/resource/validator.rb +1 -1
  59. data/lib/puppet/interface.rb +1 -2
  60. data/lib/puppet/loaders.rb +1 -0
  61. data/lib/puppet/metatype/manager.rb +1 -1
  62. data/lib/puppet/module.rb +1 -1
  63. data/lib/puppet/module/task.rb +4 -20
  64. data/lib/puppet/module_tool/applications/installer.rb +1 -1
  65. data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
  66. data/lib/puppet/module_tool/metadata.rb +1 -1
  67. data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
  68. data/lib/puppet/module_tool/tar/mini.rb +2 -12
  69. data/lib/puppet/network/http/api/indirected_routes.rb +11 -12
  70. data/lib/puppet/network/http/connection.rb +12 -10
  71. data/lib/puppet/network/http/factory.rb +11 -1
  72. data/lib/puppet/network/http/pool.rb +0 -2
  73. data/lib/puppet/network/http/site.rb +1 -1
  74. data/lib/puppet/network/resolver.rb +2 -2
  75. data/lib/puppet/node/environment.rb +2 -4
  76. data/lib/puppet/pal/pal_impl.rb +2 -2
  77. data/lib/puppet/parser/ast.rb +1 -1
  78. data/lib/puppet/parser/ast/resourceparam.rb +1 -1
  79. data/lib/puppet/parser/functions.rb +1 -1
  80. data/lib/puppet/parser/functions/epp.rb +3 -3
  81. data/lib/puppet/parser/functions/fail.rb +8 -1
  82. data/lib/puppet/parser/functions/inline_epp.rb +5 -5
  83. data/lib/puppet/parser/scope.rb +7 -8
  84. data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
  85. data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
  86. data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
  87. data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -4
  88. data/lib/puppet/pops/loader/null_loader.rb +60 -0
  89. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -4
  90. data/lib/puppet/pops/loader/task_instantiator.rb +0 -4
  91. data/lib/puppet/pops/loaders.rb +1 -1
  92. data/lib/puppet/pops/lookup/hiera_config.rb +0 -1
  93. data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
  94. data/lib/puppet/pops/merge_strategy.rb +18 -22
  95. data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
  96. data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
  97. data/lib/puppet/pops/parser/locator.rb +1 -1
  98. data/lib/puppet/pops/parser/pn_parser.rb +16 -17
  99. data/lib/puppet/pops/puppet_stack.rb +49 -51
  100. data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
  101. data/lib/puppet/pops/types/string_converter.rb +10 -10
  102. data/lib/puppet/pops/types/types.rb +6 -5
  103. data/lib/puppet/property.rb +1 -1
  104. data/lib/puppet/property/ensure.rb +1 -1
  105. data/lib/puppet/provider/exec.rb +2 -6
  106. data/lib/puppet/provider/file/posix.rb +0 -5
  107. data/lib/puppet/provider/nameservice.rb +3 -10
  108. data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
  109. data/lib/puppet/provider/nameservice/pw.rb +2 -2
  110. data/lib/puppet/provider/package.rb +0 -2
  111. data/lib/puppet/provider/package/apt.rb +1 -5
  112. data/lib/puppet/provider/package/dnf.rb +1 -1
  113. data/lib/puppet/provider/package/dpkg.rb +18 -34
  114. data/lib/puppet/provider/package/openbsd.rb +1 -1
  115. data/lib/puppet/provider/package/pip.rb +13 -37
  116. data/lib/puppet/provider/package/portage.rb +4 -4
  117. data/lib/puppet/provider/package/puppet_gem.rb +1 -1
  118. data/lib/puppet/provider/package/rpm.rb +18 -56
  119. data/lib/puppet/provider/package/windows/package.rb +1 -1
  120. data/lib/puppet/provider/package/yum.rb +5 -9
  121. data/lib/puppet/provider/package_targetable.rb +4 -7
  122. data/lib/puppet/provider/parsedfile.rb +1 -1
  123. data/lib/puppet/provider/service/daemontools.rb +9 -9
  124. data/lib/puppet/provider/service/launchd.rb +5 -20
  125. data/lib/puppet/provider/service/openbsd.rb +1 -1
  126. data/lib/puppet/provider/service/rcng.rb +2 -2
  127. data/lib/puppet/provider/service/runit.rb +8 -2
  128. data/lib/puppet/provider/service/systemd.rb +19 -14
  129. data/lib/puppet/provider/service/windows.rb +0 -8
  130. data/lib/puppet/provider/user/directoryservice.rb +1 -1
  131. data/lib/puppet/provider/user/hpux.rb +1 -1
  132. data/lib/puppet/provider/user/pw.rb +3 -12
  133. data/lib/puppet/provider/user/user_role_add.rb +1 -5
  134. data/lib/puppet/provider/user/useradd.rb +20 -45
  135. data/lib/puppet/provider/user/windows_adsi.rb +5 -4
  136. data/lib/puppet/reference/configuration.rb +3 -3
  137. data/lib/puppet/reference/indirection.rb +2 -2
  138. data/lib/puppet/reference/metaparameter.rb +3 -1
  139. data/lib/puppet/reference/providers.rb +3 -1
  140. data/lib/puppet/reference/type.rb +9 -3
  141. data/lib/puppet/reports.rb +1 -1
  142. data/lib/puppet/resource.rb +1 -18
  143. data/lib/puppet/resource/catalog.rb +1 -1
  144. data/lib/puppet/rest/routes.rb +30 -17
  145. data/lib/puppet/settings.rb +3 -43
  146. data/lib/puppet/settings/environment_conf.rb +0 -1
  147. data/lib/puppet/ssl/certificate_request.rb +12 -2
  148. data/lib/puppet/ssl/host.rb +2 -2
  149. data/lib/puppet/ssl/oids.rb +1 -1
  150. data/lib/puppet/ssl/ssl_provider.rb +11 -5
  151. data/lib/puppet/ssl/state_machine.rb +102 -98
  152. data/lib/puppet/test/test_helper.rb +1 -0
  153. data/lib/puppet/transaction.rb +11 -33
  154. data/lib/puppet/transaction/report.rb +1 -1
  155. data/lib/puppet/type.rb +4 -2
  156. data/lib/puppet/type/exec.rb +17 -23
  157. data/lib/puppet/type/file.rb +39 -11
  158. data/lib/puppet/type/file/data_sync.rb +1 -5
  159. data/lib/puppet/type/group.rb +2 -4
  160. data/lib/puppet/type/notify.rb +3 -4
  161. data/lib/puppet/type/package.rb +3 -20
  162. data/lib/puppet/type/schedule.rb +1 -1
  163. data/lib/puppet/type/service.rb +3 -8
  164. data/lib/puppet/type/user.rb +2 -4
  165. data/lib/puppet/util.rb +29 -39
  166. data/lib/puppet/util/command_line/trollop.rb +1 -1
  167. data/lib/puppet/util/execution.rb +3 -4
  168. data/lib/puppet/util/http_proxy.rb +19 -27
  169. data/lib/puppet/util/log.rb +2 -2
  170. data/lib/puppet/util/log/destinations.rb +2 -2
  171. data/lib/puppet/util/logging.rb +20 -32
  172. data/lib/puppet/util/metric.rb +2 -2
  173. data/lib/puppet/util/monkey_patches.rb +33 -0
  174. data/lib/puppet/util/pidlock.rb +2 -3
  175. data/lib/puppet/util/provider_features.rb +4 -2
  176. data/lib/puppet/util/rdoc.rb +1 -1
  177. data/lib/puppet/util/reference.rb +1 -1
  178. data/lib/puppet/util/resource_template.rb +1 -1
  179. data/lib/puppet/util/selinux.rb +2 -8
  180. data/lib/puppet/util/skip_tags.rb +4 -0
  181. data/lib/puppet/util/windows/adsi.rb +18 -48
  182. data/lib/puppet/util/windows/process.rb +8 -8
  183. data/lib/puppet/util/windows/registry.rb +5 -7
  184. data/lib/puppet/util/windows/security.rb +0 -2
  185. data/lib/puppet/util/windows/service.rb +4 -149
  186. data/lib/puppet/util/windows/sid.rb +0 -1
  187. data/lib/puppet/vendor.rb +1 -1
  188. data/lib/puppet/version.rb +1 -1
  189. data/lib/puppet/x509/cert_provider.rb +81 -24
  190. data/locales/puppet.pot +462 -482
  191. data/man/man5/puppet.conf.5 +43 -44
  192. data/man/man8/puppet-agent.8 +1 -1
  193. data/man/man8/puppet-apply.8 +3 -3
  194. data/man/man8/puppet-catalog.8 +31 -3
  195. data/man/man8/puppet-config.8 +1 -1
  196. data/man/man8/puppet-describe.8 +1 -1
  197. data/man/man8/puppet-device.8 +1 -1
  198. data/man/man8/puppet-doc.8 +1 -1
  199. data/man/man8/puppet-epp.8 +1 -1
  200. data/man/man8/puppet-facts.8 +1 -1
  201. data/man/man8/puppet-filebucket.8 +1 -1
  202. data/man/man8/puppet-generate.8 +1 -1
  203. data/man/man8/puppet-help.8 +1 -1
  204. data/man/man8/puppet-key.8 +1 -1
  205. data/man/man8/puppet-lookup.8 +1 -1
  206. data/man/man8/puppet-man.8 +1 -1
  207. data/man/man8/puppet-module.8 +1 -1
  208. data/man/man8/puppet-node.8 +1 -1
  209. data/man/man8/puppet-parser.8 +1 -1
  210. data/man/man8/puppet-plugin.8 +1 -1
  211. data/man/man8/puppet-report.8 +1 -1
  212. data/man/man8/puppet-resource.8 +1 -1
  213. data/man/man8/puppet-script.8 +1 -1
  214. data/man/man8/puppet-ssl.8 +1 -1
  215. data/man/man8/puppet-status.8 +1 -1
  216. data/man/man8/puppet.8 +3 -3
  217. data/spec/fixtures/ssl/127.0.0.1-key.pem +56 -56
  218. data/spec/fixtures/ssl/127.0.0.1.pem +27 -27
  219. data/spec/fixtures/ssl/bad-basic-constraints.pem +32 -32
  220. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +30 -30
  221. data/spec/fixtures/ssl/ca.pem +30 -30
  222. data/spec/fixtures/ssl/crl.pem +15 -15
  223. data/spec/fixtures/ssl/ec-key.pem +18 -0
  224. data/spec/fixtures/ssl/ec.pem +40 -0
  225. data/spec/fixtures/ssl/encrypted-ec-key.pem +21 -0
  226. data/spec/fixtures/ssl/encrypted-key.pem +57 -57
  227. data/spec/fixtures/ssl/intermediate-agent-crl.pem +16 -16
  228. data/spec/fixtures/ssl/intermediate-agent.pem +33 -33
  229. data/spec/fixtures/ssl/intermediate-crl.pem +17 -17
  230. data/spec/fixtures/ssl/intermediate.pem +31 -31
  231. data/spec/fixtures/ssl/pluto-key.pem +56 -56
  232. data/spec/fixtures/ssl/pluto.pem +28 -28
  233. data/spec/fixtures/ssl/request-key.pem +56 -56
  234. data/spec/fixtures/ssl/request.pem +24 -24
  235. data/spec/fixtures/ssl/revoked-key.pem +56 -56
  236. data/spec/fixtures/ssl/revoked.pem +25 -25
  237. data/spec/fixtures/ssl/signed-key.pem +56 -56
  238. data/spec/fixtures/ssl/signed.pem +25 -25
  239. data/spec/fixtures/ssl/tampered-cert.pem +27 -27
  240. data/spec/fixtures/ssl/tampered-csr.pem +24 -24
  241. data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/usee/lib/puppet/parser/functions/func_with_syntax_error.rb +9 -0
  242. data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +24 -0
  243. data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +24 -0
  244. data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +24 -0
  245. data/spec/integration/configurer_spec.rb +0 -52
  246. data/spec/integration/provider/service/init_spec.rb +1 -0
  247. data/spec/integration/provider/service/systemd_spec.rb +5 -8
  248. data/spec/integration/type/file_spec.rb +38 -28
  249. data/spec/integration/util/execution_spec.rb +0 -27
  250. data/spec/lib/puppet/certificate_factory.rb +2 -2
  251. data/spec/lib/puppet/test_ca.rb +17 -4
  252. data/spec/lib/puppet_spec/fixtures.rb +4 -0
  253. data/spec/spec_helper.rb +0 -28
  254. data/spec/unit/application/agent_spec.rb +34 -67
  255. data/spec/unit/application/device_spec.rb +1 -27
  256. data/spec/unit/application/ssl_spec.rb +60 -35
  257. data/spec/unit/configurer_spec.rb +399 -395
  258. data/spec/unit/defaults_spec.rb +4 -4
  259. data/spec/unit/face/facts_spec.rb +0 -9
  260. data/spec/unit/face/parser_spec.rb +69 -22
  261. data/spec/unit/face/plugin_spec.rb +0 -8
  262. data/spec/unit/file_system_spec.rb +30 -1
  263. data/spec/unit/forge/forge_spec.rb +3 -1
  264. data/spec/unit/forge/repository_spec.rb +3 -1
  265. data/spec/unit/indirector/catalog/compiler_spec.rb +5 -62
  266. data/spec/unit/indirector/resource/ral_spec.rb +4 -4
  267. data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
  268. data/spec/unit/network/http/api/indirected_routes_spec.rb +10 -25
  269. data/spec/unit/network/http/connection_spec.rb +145 -119
  270. data/spec/unit/network/http/factory_spec.rb +5 -27
  271. data/spec/unit/parser/scope_spec.rb +0 -10
  272. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +3 -8
  273. data/spec/unit/pops/loaders/loaders_spec.rb +4 -0
  274. data/spec/unit/pops/loaders/module_loaders_spec.rb +0 -37
  275. data/spec/unit/pops/types/types_spec.rb +27 -0
  276. data/spec/unit/provider/exec_spec.rb +0 -209
  277. data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
  278. data/spec/unit/provider/package/dnf_spec.rb +0 -7
  279. data/spec/unit/provider/package/dpkg_spec.rb +80 -240
  280. data/spec/unit/provider/package/pip_spec.rb +8 -61
  281. data/spec/unit/provider/package/portage_spec.rb +4 -4
  282. data/spec/unit/provider/package/rpm_spec.rb +16 -150
  283. data/spec/unit/provider/package/yum_spec.rb +0 -7
  284. data/spec/unit/provider/service/daemontools_spec.rb +0 -24
  285. data/spec/unit/provider/service/launchd_spec.rb +0 -28
  286. data/spec/unit/provider/service/runit_spec.rb +0 -24
  287. data/spec/unit/provider/service/systemd_spec.rb +25 -39
  288. data/spec/unit/provider/service/windows_spec.rb +0 -20
  289. data/spec/unit/provider/user/hpux_spec.rb +2 -2
  290. data/spec/unit/provider/user/pw_spec.rb +0 -37
  291. data/spec/unit/provider/user/useradd_spec.rb +0 -88
  292. data/spec/unit/resource_spec.rb +1 -26
  293. data/spec/unit/ssl/host_spec.rb +5 -0
  294. data/spec/unit/ssl/ssl_provider_spec.rb +36 -11
  295. data/spec/unit/ssl/state_machine_spec.rb +233 -158
  296. data/spec/unit/transaction_spec.rb +0 -64
  297. data/spec/unit/type/exec_spec.rb +12 -15
  298. data/spec/unit/type/file/content_spec.rb +3 -9
  299. data/spec/unit/type/file/source_spec.rb +4 -4
  300. data/spec/unit/type/file_spec.rb +15 -11
  301. data/spec/unit/type/package_spec.rb +0 -5
  302. data/spec/unit/type/schedule_spec.rb +1 -3
  303. data/spec/unit/type/service_spec.rb +0 -16
  304. data/spec/unit/util/execution_spec.rb +0 -16
  305. data/spec/unit/util/http_proxy_spec.rb +21 -151
  306. data/spec/unit/util/ldap/manager_spec.rb +0 -15
  307. data/spec/unit/util/log/destinations_spec.rb +3 -7
  308. data/spec/unit/util/log_spec.rb +138 -0
  309. data/spec/unit/util/logging_spec.rb +0 -200
  310. data/spec/unit/util/pidlock_spec.rb +0 -26
  311. data/spec/unit/util/skip_tags_spec.rb +14 -0
  312. data/spec/unit/util/windows/adsi_spec.rb +0 -51
  313. data/spec/unit/util/windows/service_spec.rb +0 -9
  314. data/spec/unit/util_spec.rb +10 -0
  315. data/spec/unit/x509/cert_provider_spec.rb +82 -43
  316. data/tasks/generate_cert_fixtures.rake +13 -1
  317. data/tasks/manpages.rake +0 -1
  318. metadata +28 -22
  319. data/ext/cert_inspector +0 -140
  320. data/ext/envpuppet +0 -139
  321. data/ext/envpuppet.bat +0 -14
  322. data/ext/puppet-test +0 -476
  323. data/ext/pure_ruby_dsl/dsl_test.rb +0 -7
  324. data/ext/upload_facts.rb +0 -119
  325. data/lib/puppet/provider/package/dnfmodule.rb +0 -87
  326. data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +0 -11
  327. data/spec/integration/type/notify_spec.rb +0 -46
  328. data/spec/unit/provider/package/dnfmodule_spec.rb +0 -186
  329. data/spec/unit/provider/package_targetable_spec.rb +0 -60
@@ -122,21 +122,21 @@ module Puppet::Util::Windows::Process
122
122
  def get_process_image_name_by_pid(pid)
123
123
  image_name = ""
124
124
 
125
- open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
125
+ open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
126
126
 
127
- FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
128
- # UTF is 2 bytes/char:
129
- max_chars = MAX_PATH_LENGTH + 1
130
- exe_name_length_ptr.write_dword(max_chars)
131
- FFI::MemoryPointer.new(:wchar, max_chars) do |exe_name_ptr|
127
+ FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
128
+ # Add 1 for the null terminator, and UTF is 2 bytes/char:
129
+ max_path_length = (MAX_PATH_LENGTH + 1) * 2
130
+ exe_name_length_ptr.write_dword(max_path_length)
131
+ FFI::MemoryPointer.new(max_path_length) do |exe_name_ptr|
132
132
  use_win32_path_format = 0
133
133
  result = QueryFullProcessImageNameW(phandle, use_win32_path_format, exe_name_ptr, exe_name_length_ptr)
134
134
  if result == FFI::WIN32_FALSE
135
135
  raise Puppet::Util::Windows::Error.new(
136
136
  "QueryFullProcessImageNameW(phandle, #{use_win32_path_format}, " +
137
- "exe_name_ptr, #{max_chars}")
137
+ "exe_name_ptr, #{max_path_length}")
138
138
  end
139
- image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
139
+ image_name = exe_name_ptr.read_wide_string(MAX_PATH_LENGTH + 1)
140
140
  end
141
141
  end
142
142
  end
@@ -46,12 +46,11 @@ module Puppet::Util::Windows
46
46
 
47
47
  subkey_max_len, _ = reg_query_info_key_max_lengths(key)
48
48
 
49
- loop do
49
+ begin
50
50
  subkey, filetime = reg_enum_key(key, index, subkey_max_len)
51
51
  yield subkey, filetime if !subkey.nil?
52
52
  index += 1
53
- break if subkey.nil?
54
- end
53
+ end while !subkey.nil?
55
54
 
56
55
  index
57
56
  end
@@ -94,12 +93,11 @@ module Puppet::Util::Windows
94
93
 
95
94
  _, value_max_len = reg_query_info_key_max_lengths(key)
96
95
 
97
- loop do
96
+ begin
98
97
  subkey, type, data = reg_enum_value(key, index, value_max_len)
99
98
  yield subkey, type, data if !subkey.nil?
100
99
  index += 1
101
- break if subkey.nil?
102
- end
100
+ end while !subkey.nil?
103
101
 
104
102
  index
105
103
  end
@@ -316,7 +314,7 @@ module Puppet::Util::Windows
316
314
 
317
315
  def sanitize(value)
318
316
  # Replace null bytes with a space
319
- value.tr!("\x00", ' ')
317
+ value.gsub!("\x00", ' ')
320
318
  value
321
319
  end
322
320
 
@@ -200,7 +200,6 @@ module Puppet::Util::Windows::Security
200
200
  well_known_world_sid = Puppet::Util::Windows::SID::Everyone
201
201
  well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
202
202
  well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
203
- well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
204
203
 
205
204
  mode = S_ISYSTEM_MISSING
206
205
 
@@ -235,7 +234,6 @@ module Puppet::Util::Windows::Security
235
234
  if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
236
235
  mode |= S_ISVTX
237
236
  end
238
- when well_known_app_packages_sid
239
237
  when well_known_system_sid
240
238
  else
241
239
  #puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"
@@ -1,4 +1,3 @@
1
- # coding: utf-8
2
1
  require 'puppet/util/windows'
3
2
  require 'ffi'
4
3
 
@@ -181,30 +180,7 @@ module Puppet::Util::Windows
181
180
  # // Value to indicate no change to an optional parameter
182
181
  # //
183
182
  # #define SERVICE_NO_CHANGE 0xffffffff
184
- # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
185
- SERVICE_CONFIG_DESCRIPTION = 0x00000001
186
- SERVICE_CONFIG_FAILURE_ACTIONS = 0x00000002
187
- SERVICE_CONFIG_DELAYED_AUTO_START_INFO = 0x00000003
188
- SERVICE_CONFIG_FAILURE_ACTIONS_FLAG = 0x00000004
189
- SERVICE_CONFIG_SERVICE_SID_INFO = 0x00000005
190
- SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 0x00000006
191
- SERVICE_CONFIG_PRESHUTDOWN_INFO = 0x00000007
192
- SERVICE_CONFIG_TRIGGER_INFO = 0x00000008
193
- SERVICE_CONFIG_PREFERRED_NODE = 0x00000009
194
- SERVICE_CONFIG_LAUNCH_PROTECTED = 0x00000012
195
- SERVICE_NO_CHANGE = 0xffffffff
196
- SERVICE_CONFIG_TYPES = {
197
- SERVICE_CONFIG_DESCRIPTION => :SERVICE_CONFIG_DESCRIPTION,
198
- SERVICE_CONFIG_FAILURE_ACTIONS => :SERVICE_CONFIG_FAILURE_ACTIONS,
199
- SERVICE_CONFIG_DELAYED_AUTO_START_INFO => :SERVICE_CONFIG_DELAYED_AUTO_START_INFO,
200
- SERVICE_CONFIG_FAILURE_ACTIONS_FLAG => :SERVICE_CONFIG_FAILURE_ACTIONS_FLAG,
201
- SERVICE_CONFIG_SERVICE_SID_INFO => :SERVICE_CONFIG_SERVICE_SID_INFO,
202
- SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO => :SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO,
203
- SERVICE_CONFIG_PRESHUTDOWN_INFO => :SERVICE_CONFIG_PRESHUTDOWN_INFO,
204
- SERVICE_CONFIG_TRIGGER_INFO => :SERVICE_CONFIG_TRIGGER_INFO,
205
- SERVICE_CONFIG_PREFERRED_NODE => :SERVICE_CONFIG_PREFERRED_NODE,
206
- SERVICE_CONFIG_LAUNCH_PROTECTED => :SERVICE_CONFIG_LAUNCH_PROTECTED,
207
- }
183
+ SERVICE_NO_CHANGE = 0xffffffff
208
184
 
209
185
  # Service enum codes
210
186
  # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexa
@@ -243,19 +219,6 @@ module Puppet::Util::Windows
243
219
  )
244
220
  end
245
221
 
246
- # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_delayed_auto_start_info
247
- # typedef struct _SERVICE_DELAYED_AUTO_START_INFO {
248
- # BOOL fDelayedAutostart;
249
- # } SERVICE_DELAYED_AUTO_START_INFO, *LPSERVICE_DELAYED_AUTO_START_INFO;
250
- class SERVICE_DELAYED_AUTO_START_INFO < FFI::Struct
251
- layout(:fDelayedAutostart, :int)
252
- alias aset []=
253
- # Intercept the accessor so that we can handle either true/false or 1/0.
254
- # Since there is only one member, there’s no need to check the key name.
255
- def []=(key, value)
256
- [0, false].include?(value) ? aset(key, 0) : aset(key, 1)
257
- end
258
- end
259
222
 
260
223
  # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_enum_service_status_processw
261
224
  # typedef struct _ENUM_SERVICE_STATUS_PROCESSW {
@@ -414,7 +377,6 @@ module Puppet::Util::Windows
414
377
  module_function :service_state
415
378
 
416
379
  # Query the configuration of a service using QueryServiceConfigW
417
- # or QueryServiceConfig2W
418
380
  #
419
381
  # @param [String] service_name name of the service to query
420
382
  # @return [QUERY_SERVICE_CONFIGW.struct] the configuration of the service
@@ -425,14 +387,6 @@ module Puppet::Util::Windows
425
387
  start_type = SERVICE_START_TYPES[config[:dwStartType]]
426
388
  end
427
389
  end
428
- # if the service has type AUTO_START, check if it's a delayed service
429
- if start_type == :SERVICE_AUTO_START
430
- open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG) do |service|
431
- query_config2(service, SERVICE_CONFIG_DELAYED_AUTO_START_INFO) do |config|
432
- return :SERVICE_DELAYED_AUTO_START if config[:fDelayedAutostart] == 1
433
- end
434
- end
435
- end
436
390
  if start_type.nil?
437
391
  raise Puppet::Error.new(_("Unknown start type '%{start_type}' for '%{service_name}'") % { start_type: start_type.to_s, service_name: service_name})
438
392
  end
@@ -442,12 +396,11 @@ module Puppet::Util::Windows
442
396
 
443
397
  # Change the startup mode of a windows service
444
398
  #
445
- # @param [String] service_name the name of the service to modify
446
- # @param [Integer] startup_type a code corresponding to a start type for
399
+ # @param [string] service_name the name of the service to modify
400
+ # @param [Int] startup_type a code corresponding to a start type for
447
401
  # windows service, see the "Service start type codes" section in the
448
402
  # Puppet::Util::Windows::Service file for the list of available codes
449
- # @param [Bool] delayed whether the service should be started with a delay
450
- def set_startup_mode(service_name, startup_type, delayed=false)
403
+ def set_startup_mode(service_name, startup_type)
451
404
  startup_code = SERVICE_START_TYPES.key(startup_type)
452
405
  if startup_code.nil?
453
406
  raise Puppet::Error.new(_("Unknown start type %{start_type}") % {startup_type: startup_type.to_s})
@@ -474,7 +427,6 @@ module Puppet::Util::Windows
474
427
  raise Puppet::Util::Windows::Error.new(_("Failed to update service configuration"))
475
428
  end
476
429
  end
477
- set_startup_mode_delayed(service_name, delayed)
478
430
  end
479
431
  module_function :set_startup_mode
480
432
 
@@ -757,82 +709,6 @@ module Puppet::Util::Windows
757
709
  end
758
710
  private :query_config
759
711
 
760
- # @api private
761
- # perform QueryServiceConfig2W on a windows service and return the
762
- # result
763
- #
764
- # @param [:handle] service handle of the service to query
765
- # @param [Integer] info_level the configuration information to be queried
766
- # @return [QUERY_SERVICE_CONFIG2W struct] the result of the query
767
- def query_config2(service, info_level, &block)
768
- config = nil
769
- size_required = nil
770
- # Fetch the bytes of memory required to be allocated
771
- # for QueryServiceConfig2W to return succesfully. This
772
- # is done by sending NULL and 0 for the pointer and size
773
- # respectively, letting the command fail, then reading the
774
- # value of pcbBytesNeeded
775
- FFI::MemoryPointer.new(:lpword) do |bytes_pointer|
776
- # return value will be false from this call, since it's designed
777
- # to fail. Just ignore it
778
- QueryServiceConfig2W(service, info_level, FFI::Pointer::NULL, 0, bytes_pointer)
779
- size_required = bytes_pointer.read_dword
780
- FFI::MemoryPointer.new(size_required) do |ssp_ptr|
781
- # We need to supply the appropriate struct to be created based on
782
- # the info_level
783
- case info_level
784
- when SERVICE_CONFIG_DELAYED_AUTO_START_INFO
785
- config = SERVICE_DELAYED_AUTO_START_INFO.new(ssp_ptr)
786
- end
787
- success = QueryServiceConfig2W(
788
- service,
789
- info_level,
790
- ssp_ptr,
791
- size_required,
792
- bytes_pointer
793
- )
794
- if success == FFI::WIN32_FALSE
795
- raise Puppet::Util::Windows::Error.new(_("Service query for %{parameter_name} failed") % { parameter_name: SERVICE_CONFIG_TYPES[info_level] } )
796
- end
797
- yield config
798
- end
799
- end
800
- end
801
- private :query_config2
802
-
803
- # @api private
804
- # Sets an optional parameter on a service by calling
805
- # ChangeServiceConfig2W
806
- #
807
- # @param [String] service_name name of service
808
- # @param [Integer] change parameter to change
809
- # @param [struct] value appropriate struct based on the parameter to change
810
- def set_optional_parameter(service_name, change, value)
811
- open_service(service_name, SC_MANAGER_CONNECT, SERVICE_CHANGE_CONFIG) do |service|
812
- success = ChangeServiceConfig2W(
813
- service,
814
- change, # dwInfoLevel
815
- value, # lpInfo
816
- )
817
- if success == FFI::WIN32_FALSE
818
- raise Puppet::Util::windows::Error.new(_("Failed to update service %{change} configuration") % { change: change } )
819
- end
820
- end
821
- end
822
- private :set_optional_parameter
823
-
824
- # @api private
825
- # Controls the delayed auto-start setting of a service
826
- #
827
- # @param [String] service_name name of service
828
- # @param [Bool] delayed whether the service should be started with a delay or not
829
- def set_startup_mode_delayed(service_name, delayed)
830
- delayed_start = SERVICE_DELAYED_AUTO_START_INFO.new
831
- delayed_start[:fDelayedAutostart] = delayed
832
- set_optional_parameter(service_name, SERVICE_CONFIG_DELAYED_AUTO_START_INFO, delayed_start)
833
- end
834
- private :set_startup_mode_delayed
835
-
836
712
  # @api private
837
713
  # Sends a service control signal to a service
838
714
  #
@@ -1029,18 +905,6 @@ module Puppet::Util::Windows
1029
905
  attach_function_private :QueryServiceConfigW,
1030
906
  [:handle, :lpbyte, :dword, :lpdword], :win32_bool
1031
907
 
1032
- # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryserviceconfig2w
1033
- # BOOL QueryServiceConfig2W(
1034
- # SC_HANDLE hService,
1035
- # DWORD dwInfoLevel,
1036
- # LPBYTE lpBuffer,
1037
- # DWORD cbBufSize,
1038
- # LPDWORD pcbBytesNeeded
1039
- # );
1040
- ffi_lib :advapi32
1041
- attach_function_private :QueryServiceConfig2W,
1042
- [:handle, :dword, :lpbyte, :dword, :lpdword], :win32_bool
1043
-
1044
908
  # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-startservicew
1045
909
  # BOOL StartServiceW(
1046
910
  # SC_HANDLE hService,
@@ -1091,15 +955,6 @@ module Puppet::Util::Windows
1091
955
  :lpcwstr
1092
956
  ], :win32_bool
1093
957
 
1094
- # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
1095
- # BOOL ChangeServiceConfig2W(
1096
- # SC_HANDLE hService,
1097
- # DWORD dwInfoLevel,
1098
- # LPVOID lpInfo
1099
- # );
1100
- ffi_lib :advapi32
1101
- attach_function_private :ChangeServiceConfig2W,
1102
- [:handle, :dword, :lpvoid], :win32_bool
1103
958
 
1104
959
  # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexw
1105
960
  # BOOL EnumServicesStatusExW(
@@ -46,7 +46,6 @@ module Puppet::Util::Windows
46
46
  PrintOperators = 'S-1-5-32-550'
47
47
  BackupOperators = 'S-1-5-32-551'
48
48
  Replicators = 'S-1-5-32-552'
49
- AllAppPackages = 'S-1-15-2-1'
50
49
 
51
50
  # Convert an account name, e.g. 'Administrators' into a SID string,
52
51
  # e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',
@@ -45,7 +45,7 @@ module Puppet
45
45
  #
46
46
  def load_vendored
47
47
  Dir.entries(vendor_dir).each do |entry|
48
- if entry =~ /load_(\w+?)\.rb$/
48
+ if entry.match(/load_(\w+?)\.rb$/)
49
49
  load_entry entry
50
50
  end
51
51
  end
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '6.4.5'
9
+ PUPPETVERSION = '6.5.0'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and
@@ -10,21 +10,18 @@ class Puppet::X509::CertProvider
10
10
  VALID_CERTNAME = /\A[ -.0-~]+\Z/
11
11
  CERT_DELIMITERS = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
12
12
  CRL_DELIMITERS = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
13
+ EC_HEADER = /-----BEGIN EC PRIVATE KEY-----/
13
14
 
14
15
  def initialize(capath: Puppet[:localcacert],
15
16
  crlpath: Puppet[:hostcrl],
16
17
  privatekeydir: Puppet[:privatekeydir],
17
18
  certdir: Puppet[:certdir],
18
- requestdir: Puppet[:requestdir],
19
- hostprivkey: Puppet.settings.set_by_config?(:hostprivkey) ? Puppet[:hostprivkey] : nil,
20
- hostcert: Puppet.settings.set_by_config?(:hostcert) ? Puppet[:hostcert] : nil)
19
+ requestdir: Puppet[:requestdir])
21
20
  @capath = capath
22
21
  @crlpath = crlpath
23
22
  @privatekeydir = privatekeydir
24
23
  @certdir = certdir
25
24
  @requestdir = requestdir
26
- @hostprivkey = hostprivkey
27
- @hostcert = hostcert
28
25
  end
29
26
 
30
27
  # Save `certs` to the configured `capath`.
@@ -113,16 +110,44 @@ class Puppet::X509::CertProvider
113
110
  end
114
111
  end
115
112
 
113
+ # Return the time when the CRL was last updated.
114
+ #
115
+ # @return [Time, nil] Time when the CRL was last updated, or nil if we don't
116
+ # have a CRL
117
+ def crl_last_update
118
+ stat = Puppet::FileSystem.stat(@crlpath)
119
+ Time.at(stat.mtime)
120
+ rescue Errno::ENOENT
121
+ nil
122
+ end
123
+
124
+ # Set the CRL last updated time.
125
+ #
126
+ # @param time [Time] The last updated time
127
+ #
128
+ def crl_last_update=(time)
129
+ Puppet::FileSystem.touch(@crlpath, mtime: time)
130
+ end
131
+
116
132
  # Save named private key in the configured `privatekeydir`. For
117
133
  # historical reasons, names are case insensitive.
118
134
  #
119
135
  # @param name [String] The private key identity
120
136
  # @param key [OpenSSL::PKey::RSA] private key
137
+ # @param password [String, nil] If non-nil, derive an encryption key
138
+ # from the password, and use that to encrypt the private key. If nil,
139
+ # save the private key unencrypted.
121
140
  # @raise [Puppet::Error] if the private key cannot be saved
122
141
  # @api private
123
- def save_private_key(name, key)
124
- path = @hostprivkey || to_path(@privatekeydir, name)
125
- save_pem(key.to_pem, path, **permissions_for_setting(:hostprivkey))
142
+ def save_private_key(name, key, password: nil)
143
+ pem = if password
144
+ cipher = OpenSSL::Cipher::AES.new(128, :CBC)
145
+ key.export(cipher, password)
146
+ else
147
+ key.to_pem
148
+ end
149
+ path = to_path(@privatekeydir, name)
150
+ save_pem(pem, path, **permissions_for_setting(:hostprivkey))
126
151
  rescue SystemCallError => e
127
152
  raise Puppet::Error.new(_("Failed to save private key for '%{name}'") % {name: name}, e)
128
153
  end
@@ -132,17 +157,20 @@ class Puppet::X509::CertProvider
132
157
  #
133
158
  # @param name [String] The private key identity
134
159
  # @param required [Boolean] If true, raise if it is missing
160
+ # @param password [String, nil] If the private key is encrypted, decrypt
161
+ # it using the password. If the key is encrypted, but a password is
162
+ # not specified, then the key cannot be loaded.
135
163
  # @return (see #load_private_key_from_pem)
136
164
  # @raise (see #load_private_key_from_pem)
137
165
  # @raise [Puppet::Error] if the private key cannot be loaded
138
166
  # @api private
139
- def load_private_key(name, required: false)
140
- path = @hostprivkey || to_path(@privatekeydir, name)
167
+ def load_private_key(name, required: false, password: nil)
168
+ path = to_path(@privatekeydir, name)
141
169
  pem = load_pem(path)
142
170
  if !pem && required
143
171
  raise Puppet::Error, _("The private key is missing from '%{path}'") % { path: path }
144
172
  end
145
- pem ? load_private_key_from_pem(pem) : nil
173
+ pem ? load_private_key_from_pem(pem, password: password) : nil
146
174
  rescue SystemCallError => e
147
175
  raise Puppet::Error.new(_("Failed to load private key for '%{name}'") % {name: name}, e)
148
176
  end
@@ -150,14 +178,46 @@ class Puppet::X509::CertProvider
150
178
  # Load a PEM encoded private key.
151
179
  #
152
180
  # @param pem [String] PEM encoded private key
153
- # @return [OpenSSL::PKey::RSA] The private key
154
- # @raise [OpenSSL::PKey::RSAError] The `pem` text does not contain a valid key
181
+ # @param password [String, nil] If the private key is encrypted, decrypt
182
+ # it using the password. If the key is encrypted, but a password is
183
+ # not specified, then the key cannot be loaded.
184
+ # @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key
185
+ # @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key
155
186
  # @api private
156
- def load_private_key_from_pem(pem)
157
- # set a non-nil passphrase to ensure openssl doesn't prompt
158
- # but ruby 2.4.0 & 2.4.1 require at least 4 bytes, see
159
- # https://github.com/ruby/ruby/commit/f012932218fd609f75f9268812df61fb26e2d0f1#diff-40e4270ec386990ac60d7ab5ff8045a4
160
- OpenSSL::PKey::RSA.new(pem, ' ')
187
+ def load_private_key_from_pem(pem, password: nil)
188
+ # set a non-nil password to ensure openssl doesn't prompt
189
+ # but ruby 2.4.0 & 2.4.1 require at least 4 bytes due to
190
+ # https://github.com/ruby/openssl/commit/f38501249f33bff7ca9d208670b8cde695ea8b7b
191
+ # and corrected in https://github.com/ruby/openssl/commit/a896c3d1dfa090e92dec1abf8ac12843af6af721
192
+ password ||= ' '
193
+
194
+ if Puppet::Util::Platform.jruby?
195
+ begin
196
+ if pem =~ EC_HEADER
197
+ OpenSSL::PKey::EC.new(pem, password)
198
+ else
199
+ OpenSSL::PKey::RSA.new(pem, password)
200
+ end
201
+ rescue OpenSSL::PKey::PKeyError => e
202
+ if e.message =~ /Neither PUB key nor PRIV key/
203
+ raise OpenSSL::PKey::PKeyError, "Could not parse PKey: no start line"
204
+ else
205
+ raise e
206
+ end
207
+ end
208
+ else
209
+ OpenSSL::PKey.read(pem, password)
210
+ end
211
+ end
212
+
213
+ # Load the private key password.
214
+ #
215
+ # @return [String, nil] The private key password as a binary string or nil
216
+ # if there is none.
217
+ def load_private_key_password
218
+ Puppet::FileSystem.read(Puppet[:passfile], :encoding => Encoding::BINARY)
219
+ rescue Errno::ENOENT
220
+ nil
161
221
  end
162
222
 
163
223
  # Save a named client cert to the configured `certdir`.
@@ -167,7 +227,7 @@ class Puppet::X509::CertProvider
167
227
  # @raise [Puppet::Error] if the client cert cannot be saved
168
228
  # @api private
169
229
  def save_client_cert(name, cert)
170
- path = @hostcert || to_path(@certdir, name)
230
+ path = to_path(@certdir, name)
171
231
  save_pem(cert.to_pem, path, **permissions_for_setting(:hostcert))
172
232
  rescue SystemCallError => e
173
233
  raise Puppet::Error.new(_("Failed to save client certificate for '%{name}'") % {name: name}, e)
@@ -182,7 +242,7 @@ class Puppet::X509::CertProvider
182
242
  # @raise [Puppet::Error] if the client cert cannot be loaded
183
243
  # @api private
184
244
  def load_client_cert(name, required: false)
185
- path = @hostcert || to_path(@certdir, name)
245
+ path = to_path(@certdir, name)
186
246
  pem = load_pem(path)
187
247
  if !pem && required
188
248
  raise Puppet::Error, _("The client certificate is missing from '%{path}'") % { path: path }
@@ -284,10 +344,7 @@ class Puppet::X509::CertProvider
284
344
  def permissions_for_setting(name)
285
345
  setting = Puppet.settings.setting(name)
286
346
  perm = { mode: setting.mode.to_i(8) }
287
- if Puppet.features.root? && !Puppet::Util::Platform.windows?
288
- perm[:owner] = setting.owner
289
- perm[:group] = setting.group
290
- end
347
+ perm.merge!(owner: setting.owner, group: setting.group) if Puppet.features.root? && !Puppet::Util::Platform.windows?
291
348
  perm
292
349
  end
293
350
  end