puppet 6.4.5-x64-mingw32 → 6.5.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +10 -10
- data/Gemfile +6 -6
- data/Gemfile.lock +46 -52
- data/ext/build_defaults.yaml +0 -1
- data/ext/project_data.yaml +3 -3
- data/ext/regexp_nodes/regexp_nodes.rb +4 -4
- data/ext/solaris/smf/puppet.xml +0 -2
- data/ext/windows/eventlog/Rakefile +32 -0
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +18 -0
- data/ext/windows/service/daemon.rb +8 -38
- data/install.rb +24 -6
- data/lib/puppet.rb +3 -1
- data/lib/puppet/application.rb +1 -1
- data/lib/puppet/application/agent.rb +11 -34
- data/lib/puppet/application/apply.rb +6 -6
- data/lib/puppet/application/describe.rb +9 -3
- data/lib/puppet/application/device.rb +4 -14
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/lookup.rb +2 -2
- data/lib/puppet/application/resource.rb +4 -4
- data/lib/puppet/application/script.rb +2 -2
- data/lib/puppet/application/ssl.rb +10 -9
- data/lib/puppet/configurer.rb +30 -86
- data/lib/puppet/configurer/downloader.rb +6 -2
- data/lib/puppet/defaults.rb +50 -44
- data/lib/puppet/error.rb +14 -9
- data/lib/puppet/face/catalog.rb +20 -1
- data/lib/puppet/face/config.rb +48 -10
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/module/list.rb +5 -5
- data/lib/puppet/face/module/search.rb +1 -1
- data/lib/puppet/face/module/uninstall.rb +1 -1
- data/lib/puppet/face/module/upgrade.rb +1 -1
- data/lib/puppet/face/parser.rb +48 -9
- data/lib/puppet/face/plugin.rb +2 -9
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_system.rb +12 -2
- data/lib/puppet/file_system/file_impl.rb +6 -3
- data/lib/puppet/file_system/memory_file.rb +1 -1
- data/lib/puppet/file_system/posix.rb +2 -3
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/functions.rb +2 -1
- data/lib/puppet/functions/camelcase.rb +2 -2
- data/lib/puppet/functions/epp.rb +4 -4
- data/lib/puppet/functions/find_file.rb +9 -9
- data/lib/puppet/functions/inline_epp.rb +5 -5
- data/lib/puppet/functions/regsubst.rb +6 -8
- data/lib/puppet/gettext/module_translations.rb +1 -1
- data/lib/puppet/graph/rb_tree_map.rb +2 -2
- data/lib/puppet/graph/simple_graph.rb +3 -4
- data/lib/puppet/indirector/catalog/compiler.rb +5 -11
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/hiera.rb +0 -2
- data/lib/puppet/indirector/resource/ral.rb +3 -1
- data/lib/puppet/indirector/resource/validator.rb +1 -1
- data/lib/puppet/interface.rb +1 -2
- data/lib/puppet/loaders.rb +1 -0
- data/lib/puppet/metatype/manager.rb +1 -1
- data/lib/puppet/module.rb +1 -1
- data/lib/puppet/module/task.rb +4 -20
- data/lib/puppet/module_tool/applications/installer.rb +1 -1
- data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
- data/lib/puppet/module_tool/metadata.rb +1 -1
- data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
- data/lib/puppet/module_tool/tar/mini.rb +2 -12
- data/lib/puppet/network/http/api/indirected_routes.rb +11 -12
- data/lib/puppet/network/http/connection.rb +12 -10
- data/lib/puppet/network/http/factory.rb +11 -1
- data/lib/puppet/network/http/pool.rb +0 -2
- data/lib/puppet/network/http/site.rb +1 -1
- data/lib/puppet/network/resolver.rb +2 -2
- data/lib/puppet/node/environment.rb +2 -4
- data/lib/puppet/pal/pal_impl.rb +2 -2
- data/lib/puppet/parser/ast.rb +1 -1
- data/lib/puppet/parser/ast/resourceparam.rb +1 -1
- data/lib/puppet/parser/functions.rb +1 -1
- data/lib/puppet/parser/functions/epp.rb +3 -3
- data/lib/puppet/parser/functions/fail.rb +8 -1
- data/lib/puppet/parser/functions/inline_epp.rb +5 -5
- data/lib/puppet/parser/scope.rb +7 -8
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -4
- data/lib/puppet/pops/loader/null_loader.rb +60 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -4
- data/lib/puppet/pops/loader/task_instantiator.rb +0 -4
- data/lib/puppet/pops/loaders.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +0 -1
- data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
- data/lib/puppet/pops/merge_strategy.rb +18 -22
- data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
- data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
- data/lib/puppet/pops/parser/locator.rb +1 -1
- data/lib/puppet/pops/parser/pn_parser.rb +16 -17
- data/lib/puppet/pops/puppet_stack.rb +49 -51
- data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
- data/lib/puppet/pops/types/string_converter.rb +10 -10
- data/lib/puppet/pops/types/types.rb +6 -5
- data/lib/puppet/property.rb +1 -1
- data/lib/puppet/property/ensure.rb +1 -1
- data/lib/puppet/provider/exec.rb +2 -6
- data/lib/puppet/provider/file/posix.rb +0 -5
- data/lib/puppet/provider/nameservice.rb +3 -10
- data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
- data/lib/puppet/provider/nameservice/pw.rb +2 -2
- data/lib/puppet/provider/package.rb +0 -2
- data/lib/puppet/provider/package/apt.rb +1 -5
- data/lib/puppet/provider/package/dnf.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +18 -34
- data/lib/puppet/provider/package/openbsd.rb +1 -1
- data/lib/puppet/provider/package/pip.rb +13 -37
- data/lib/puppet/provider/package/portage.rb +4 -4
- data/lib/puppet/provider/package/puppet_gem.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +18 -56
- data/lib/puppet/provider/package/windows/package.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +5 -9
- data/lib/puppet/provider/package_targetable.rb +4 -7
- data/lib/puppet/provider/parsedfile.rb +1 -1
- data/lib/puppet/provider/service/daemontools.rb +9 -9
- data/lib/puppet/provider/service/launchd.rb +5 -20
- data/lib/puppet/provider/service/openbsd.rb +1 -1
- data/lib/puppet/provider/service/rcng.rb +2 -2
- data/lib/puppet/provider/service/runit.rb +8 -2
- data/lib/puppet/provider/service/systemd.rb +19 -14
- data/lib/puppet/provider/service/windows.rb +0 -8
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/hpux.rb +1 -1
- data/lib/puppet/provider/user/pw.rb +3 -12
- data/lib/puppet/provider/user/user_role_add.rb +1 -5
- data/lib/puppet/provider/user/useradd.rb +20 -45
- data/lib/puppet/provider/user/windows_adsi.rb +5 -4
- data/lib/puppet/reference/configuration.rb +3 -3
- data/lib/puppet/reference/indirection.rb +2 -2
- data/lib/puppet/reference/metaparameter.rb +3 -1
- data/lib/puppet/reference/providers.rb +3 -1
- data/lib/puppet/reference/type.rb +9 -3
- data/lib/puppet/reports.rb +1 -1
- data/lib/puppet/resource.rb +1 -18
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/rest/routes.rb +30 -17
- data/lib/puppet/settings.rb +3 -43
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/ssl/certificate_request.rb +12 -2
- data/lib/puppet/ssl/host.rb +2 -2
- data/lib/puppet/ssl/oids.rb +1 -1
- data/lib/puppet/ssl/ssl_provider.rb +11 -5
- data/lib/puppet/ssl/state_machine.rb +102 -98
- data/lib/puppet/test/test_helper.rb +1 -0
- data/lib/puppet/transaction.rb +11 -33
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/type.rb +4 -2
- data/lib/puppet/type/exec.rb +17 -23
- data/lib/puppet/type/file.rb +39 -11
- data/lib/puppet/type/file/data_sync.rb +1 -5
- data/lib/puppet/type/group.rb +2 -4
- data/lib/puppet/type/notify.rb +3 -4
- data/lib/puppet/type/package.rb +3 -20
- data/lib/puppet/type/schedule.rb +1 -1
- data/lib/puppet/type/service.rb +3 -8
- data/lib/puppet/type/user.rb +2 -4
- data/lib/puppet/util.rb +29 -39
- data/lib/puppet/util/command_line/trollop.rb +1 -1
- data/lib/puppet/util/execution.rb +3 -4
- data/lib/puppet/util/http_proxy.rb +19 -27
- data/lib/puppet/util/log.rb +2 -2
- data/lib/puppet/util/log/destinations.rb +2 -2
- data/lib/puppet/util/logging.rb +20 -32
- data/lib/puppet/util/metric.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +33 -0
- data/lib/puppet/util/pidlock.rb +2 -3
- data/lib/puppet/util/provider_features.rb +4 -2
- data/lib/puppet/util/rdoc.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +2 -8
- data/lib/puppet/util/skip_tags.rb +4 -0
- data/lib/puppet/util/windows/adsi.rb +18 -48
- data/lib/puppet/util/windows/process.rb +8 -8
- data/lib/puppet/util/windows/registry.rb +5 -7
- data/lib/puppet/util/windows/security.rb +0 -2
- data/lib/puppet/util/windows/service.rb +4 -149
- data/lib/puppet/util/windows/sid.rb +0 -1
- data/lib/puppet/vendor.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +81 -24
- data/locales/puppet.pot +462 -482
- data/man/man5/puppet.conf.5 +43 -44
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +3 -3
- data/man/man8/puppet-catalog.8 +31 -3
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +3 -3
- data/spec/fixtures/ssl/127.0.0.1-key.pem +56 -56
- data/spec/fixtures/ssl/127.0.0.1.pem +27 -27
- data/spec/fixtures/ssl/bad-basic-constraints.pem +32 -32
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +30 -30
- data/spec/fixtures/ssl/ca.pem +30 -30
- data/spec/fixtures/ssl/crl.pem +15 -15
- data/spec/fixtures/ssl/ec-key.pem +18 -0
- data/spec/fixtures/ssl/ec.pem +40 -0
- data/spec/fixtures/ssl/encrypted-ec-key.pem +21 -0
- data/spec/fixtures/ssl/encrypted-key.pem +57 -57
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +16 -16
- data/spec/fixtures/ssl/intermediate-agent.pem +33 -33
- data/spec/fixtures/ssl/intermediate-crl.pem +17 -17
- data/spec/fixtures/ssl/intermediate.pem +31 -31
- data/spec/fixtures/ssl/pluto-key.pem +56 -56
- data/spec/fixtures/ssl/pluto.pem +28 -28
- data/spec/fixtures/ssl/request-key.pem +56 -56
- data/spec/fixtures/ssl/request.pem +24 -24
- data/spec/fixtures/ssl/revoked-key.pem +56 -56
- data/spec/fixtures/ssl/revoked.pem +25 -25
- data/spec/fixtures/ssl/signed-key.pem +56 -56
- data/spec/fixtures/ssl/signed.pem +25 -25
- data/spec/fixtures/ssl/tampered-cert.pem +27 -27
- data/spec/fixtures/ssl/tampered-csr.pem +24 -24
- data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/usee/lib/puppet/parser/functions/func_with_syntax_error.rb +9 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +24 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +24 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +24 -0
- data/spec/integration/configurer_spec.rb +0 -52
- data/spec/integration/provider/service/init_spec.rb +1 -0
- data/spec/integration/provider/service/systemd_spec.rb +5 -8
- data/spec/integration/type/file_spec.rb +38 -28
- data/spec/integration/util/execution_spec.rb +0 -27
- data/spec/lib/puppet/certificate_factory.rb +2 -2
- data/spec/lib/puppet/test_ca.rb +17 -4
- data/spec/lib/puppet_spec/fixtures.rb +4 -0
- data/spec/spec_helper.rb +0 -28
- data/spec/unit/application/agent_spec.rb +34 -67
- data/spec/unit/application/device_spec.rb +1 -27
- data/spec/unit/application/ssl_spec.rb +60 -35
- data/spec/unit/configurer_spec.rb +399 -395
- data/spec/unit/defaults_spec.rb +4 -4
- data/spec/unit/face/facts_spec.rb +0 -9
- data/spec/unit/face/parser_spec.rb +69 -22
- data/spec/unit/face/plugin_spec.rb +0 -8
- data/spec/unit/file_system_spec.rb +30 -1
- data/spec/unit/forge/forge_spec.rb +3 -1
- data/spec/unit/forge/repository_spec.rb +3 -1
- data/spec/unit/indirector/catalog/compiler_spec.rb +5 -62
- data/spec/unit/indirector/resource/ral_spec.rb +4 -4
- data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
- data/spec/unit/network/http/api/indirected_routes_spec.rb +10 -25
- data/spec/unit/network/http/connection_spec.rb +145 -119
- data/spec/unit/network/http/factory_spec.rb +5 -27
- data/spec/unit/parser/scope_spec.rb +0 -10
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +3 -8
- data/spec/unit/pops/loaders/loaders_spec.rb +4 -0
- data/spec/unit/pops/loaders/module_loaders_spec.rb +0 -37
- data/spec/unit/pops/types/types_spec.rb +27 -0
- data/spec/unit/provider/exec_spec.rb +0 -209
- data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
- data/spec/unit/provider/package/dnf_spec.rb +0 -7
- data/spec/unit/provider/package/dpkg_spec.rb +80 -240
- data/spec/unit/provider/package/pip_spec.rb +8 -61
- data/spec/unit/provider/package/portage_spec.rb +4 -4
- data/spec/unit/provider/package/rpm_spec.rb +16 -150
- data/spec/unit/provider/package/yum_spec.rb +0 -7
- data/spec/unit/provider/service/daemontools_spec.rb +0 -24
- data/spec/unit/provider/service/launchd_spec.rb +0 -28
- data/spec/unit/provider/service/runit_spec.rb +0 -24
- data/spec/unit/provider/service/systemd_spec.rb +25 -39
- data/spec/unit/provider/service/windows_spec.rb +0 -20
- data/spec/unit/provider/user/hpux_spec.rb +2 -2
- data/spec/unit/provider/user/pw_spec.rb +0 -37
- data/spec/unit/provider/user/useradd_spec.rb +0 -88
- data/spec/unit/resource_spec.rb +1 -26
- data/spec/unit/ssl/host_spec.rb +5 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +36 -11
- data/spec/unit/ssl/state_machine_spec.rb +233 -158
- data/spec/unit/transaction_spec.rb +0 -64
- data/spec/unit/type/exec_spec.rb +12 -15
- data/spec/unit/type/file/content_spec.rb +3 -9
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/file_spec.rb +15 -11
- data/spec/unit/type/package_spec.rb +0 -5
- data/spec/unit/type/schedule_spec.rb +1 -3
- data/spec/unit/type/service_spec.rb +0 -16
- data/spec/unit/util/execution_spec.rb +0 -16
- data/spec/unit/util/http_proxy_spec.rb +21 -151
- data/spec/unit/util/ldap/manager_spec.rb +0 -15
- data/spec/unit/util/log/destinations_spec.rb +3 -7
- data/spec/unit/util/log_spec.rb +138 -0
- data/spec/unit/util/logging_spec.rb +0 -200
- data/spec/unit/util/pidlock_spec.rb +0 -26
- data/spec/unit/util/skip_tags_spec.rb +14 -0
- data/spec/unit/util/windows/adsi_spec.rb +0 -51
- data/spec/unit/util/windows/service_spec.rb +0 -9
- data/spec/unit/util_spec.rb +10 -0
- data/spec/unit/x509/cert_provider_spec.rb +82 -43
- data/tasks/generate_cert_fixtures.rake +13 -1
- data/tasks/manpages.rake +0 -1
- metadata +28 -22
- data/ext/cert_inspector +0 -140
- data/ext/envpuppet +0 -139
- data/ext/envpuppet.bat +0 -14
- data/ext/puppet-test +0 -476
- data/ext/pure_ruby_dsl/dsl_test.rb +0 -7
- data/ext/upload_facts.rb +0 -119
- data/lib/puppet/provider/package/dnfmodule.rb +0 -87
- data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +0 -11
- data/spec/integration/type/notify_spec.rb +0 -46
- data/spec/unit/provider/package/dnfmodule_spec.rb +0 -186
- data/spec/unit/provider/package_targetable_spec.rb +0 -60
@@ -122,21 +122,21 @@ module Puppet::Util::Windows::Process
|
|
122
122
|
def get_process_image_name_by_pid(pid)
|
123
123
|
image_name = ""
|
124
124
|
|
125
|
-
|
125
|
+
open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
|
126
126
|
|
127
|
-
|
128
|
-
# UTF is 2 bytes/char:
|
129
|
-
|
130
|
-
exe_name_length_ptr.write_dword(
|
131
|
-
FFI::MemoryPointer.new(
|
127
|
+
FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
|
128
|
+
# Add 1 for the null terminator, and UTF is 2 bytes/char:
|
129
|
+
max_path_length = (MAX_PATH_LENGTH + 1) * 2
|
130
|
+
exe_name_length_ptr.write_dword(max_path_length)
|
131
|
+
FFI::MemoryPointer.new(max_path_length) do |exe_name_ptr|
|
132
132
|
use_win32_path_format = 0
|
133
133
|
result = QueryFullProcessImageNameW(phandle, use_win32_path_format, exe_name_ptr, exe_name_length_ptr)
|
134
134
|
if result == FFI::WIN32_FALSE
|
135
135
|
raise Puppet::Util::Windows::Error.new(
|
136
136
|
"QueryFullProcessImageNameW(phandle, #{use_win32_path_format}, " +
|
137
|
-
"exe_name_ptr, #{
|
137
|
+
"exe_name_ptr, #{max_path_length}")
|
138
138
|
end
|
139
|
-
image_name = exe_name_ptr.read_wide_string(
|
139
|
+
image_name = exe_name_ptr.read_wide_string(MAX_PATH_LENGTH + 1)
|
140
140
|
end
|
141
141
|
end
|
142
142
|
end
|
@@ -46,12 +46,11 @@ module Puppet::Util::Windows
|
|
46
46
|
|
47
47
|
subkey_max_len, _ = reg_query_info_key_max_lengths(key)
|
48
48
|
|
49
|
-
|
49
|
+
begin
|
50
50
|
subkey, filetime = reg_enum_key(key, index, subkey_max_len)
|
51
51
|
yield subkey, filetime if !subkey.nil?
|
52
52
|
index += 1
|
53
|
-
|
54
|
-
end
|
53
|
+
end while !subkey.nil?
|
55
54
|
|
56
55
|
index
|
57
56
|
end
|
@@ -94,12 +93,11 @@ module Puppet::Util::Windows
|
|
94
93
|
|
95
94
|
_, value_max_len = reg_query_info_key_max_lengths(key)
|
96
95
|
|
97
|
-
|
96
|
+
begin
|
98
97
|
subkey, type, data = reg_enum_value(key, index, value_max_len)
|
99
98
|
yield subkey, type, data if !subkey.nil?
|
100
99
|
index += 1
|
101
|
-
|
102
|
-
end
|
100
|
+
end while !subkey.nil?
|
103
101
|
|
104
102
|
index
|
105
103
|
end
|
@@ -316,7 +314,7 @@ module Puppet::Util::Windows
|
|
316
314
|
|
317
315
|
def sanitize(value)
|
318
316
|
# Replace null bytes with a space
|
319
|
-
value.
|
317
|
+
value.gsub!("\x00", ' ')
|
320
318
|
value
|
321
319
|
end
|
322
320
|
|
@@ -200,7 +200,6 @@ module Puppet::Util::Windows::Security
|
|
200
200
|
well_known_world_sid = Puppet::Util::Windows::SID::Everyone
|
201
201
|
well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
|
202
202
|
well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
|
203
|
-
well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
|
204
203
|
|
205
204
|
mode = S_ISYSTEM_MISSING
|
206
205
|
|
@@ -235,7 +234,6 @@ module Puppet::Util::Windows::Security
|
|
235
234
|
if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
|
236
235
|
mode |= S_ISVTX
|
237
236
|
end
|
238
|
-
when well_known_app_packages_sid
|
239
237
|
when well_known_system_sid
|
240
238
|
else
|
241
239
|
#puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"
|
@@ -1,4 +1,3 @@
|
|
1
|
-
# coding: utf-8
|
2
1
|
require 'puppet/util/windows'
|
3
2
|
require 'ffi'
|
4
3
|
|
@@ -181,30 +180,7 @@ module Puppet::Util::Windows
|
|
181
180
|
# // Value to indicate no change to an optional parameter
|
182
181
|
# //
|
183
182
|
# #define SERVICE_NO_CHANGE 0xffffffff
|
184
|
-
|
185
|
-
SERVICE_CONFIG_DESCRIPTION = 0x00000001
|
186
|
-
SERVICE_CONFIG_FAILURE_ACTIONS = 0x00000002
|
187
|
-
SERVICE_CONFIG_DELAYED_AUTO_START_INFO = 0x00000003
|
188
|
-
SERVICE_CONFIG_FAILURE_ACTIONS_FLAG = 0x00000004
|
189
|
-
SERVICE_CONFIG_SERVICE_SID_INFO = 0x00000005
|
190
|
-
SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 0x00000006
|
191
|
-
SERVICE_CONFIG_PRESHUTDOWN_INFO = 0x00000007
|
192
|
-
SERVICE_CONFIG_TRIGGER_INFO = 0x00000008
|
193
|
-
SERVICE_CONFIG_PREFERRED_NODE = 0x00000009
|
194
|
-
SERVICE_CONFIG_LAUNCH_PROTECTED = 0x00000012
|
195
|
-
SERVICE_NO_CHANGE = 0xffffffff
|
196
|
-
SERVICE_CONFIG_TYPES = {
|
197
|
-
SERVICE_CONFIG_DESCRIPTION => :SERVICE_CONFIG_DESCRIPTION,
|
198
|
-
SERVICE_CONFIG_FAILURE_ACTIONS => :SERVICE_CONFIG_FAILURE_ACTIONS,
|
199
|
-
SERVICE_CONFIG_DELAYED_AUTO_START_INFO => :SERVICE_CONFIG_DELAYED_AUTO_START_INFO,
|
200
|
-
SERVICE_CONFIG_FAILURE_ACTIONS_FLAG => :SERVICE_CONFIG_FAILURE_ACTIONS_FLAG,
|
201
|
-
SERVICE_CONFIG_SERVICE_SID_INFO => :SERVICE_CONFIG_SERVICE_SID_INFO,
|
202
|
-
SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO => :SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO,
|
203
|
-
SERVICE_CONFIG_PRESHUTDOWN_INFO => :SERVICE_CONFIG_PRESHUTDOWN_INFO,
|
204
|
-
SERVICE_CONFIG_TRIGGER_INFO => :SERVICE_CONFIG_TRIGGER_INFO,
|
205
|
-
SERVICE_CONFIG_PREFERRED_NODE => :SERVICE_CONFIG_PREFERRED_NODE,
|
206
|
-
SERVICE_CONFIG_LAUNCH_PROTECTED => :SERVICE_CONFIG_LAUNCH_PROTECTED,
|
207
|
-
}
|
183
|
+
SERVICE_NO_CHANGE = 0xffffffff
|
208
184
|
|
209
185
|
# Service enum codes
|
210
186
|
# https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexa
|
@@ -243,19 +219,6 @@ module Puppet::Util::Windows
|
|
243
219
|
)
|
244
220
|
end
|
245
221
|
|
246
|
-
# https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_delayed_auto_start_info
|
247
|
-
# typedef struct _SERVICE_DELAYED_AUTO_START_INFO {
|
248
|
-
# BOOL fDelayedAutostart;
|
249
|
-
# } SERVICE_DELAYED_AUTO_START_INFO, *LPSERVICE_DELAYED_AUTO_START_INFO;
|
250
|
-
class SERVICE_DELAYED_AUTO_START_INFO < FFI::Struct
|
251
|
-
layout(:fDelayedAutostart, :int)
|
252
|
-
alias aset []=
|
253
|
-
# Intercept the accessor so that we can handle either true/false or 1/0.
|
254
|
-
# Since there is only one member, there’s no need to check the key name.
|
255
|
-
def []=(key, value)
|
256
|
-
[0, false].include?(value) ? aset(key, 0) : aset(key, 1)
|
257
|
-
end
|
258
|
-
end
|
259
222
|
|
260
223
|
# https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_enum_service_status_processw
|
261
224
|
# typedef struct _ENUM_SERVICE_STATUS_PROCESSW {
|
@@ -414,7 +377,6 @@ module Puppet::Util::Windows
|
|
414
377
|
module_function :service_state
|
415
378
|
|
416
379
|
# Query the configuration of a service using QueryServiceConfigW
|
417
|
-
# or QueryServiceConfig2W
|
418
380
|
#
|
419
381
|
# @param [String] service_name name of the service to query
|
420
382
|
# @return [QUERY_SERVICE_CONFIGW.struct] the configuration of the service
|
@@ -425,14 +387,6 @@ module Puppet::Util::Windows
|
|
425
387
|
start_type = SERVICE_START_TYPES[config[:dwStartType]]
|
426
388
|
end
|
427
389
|
end
|
428
|
-
# if the service has type AUTO_START, check if it's a delayed service
|
429
|
-
if start_type == :SERVICE_AUTO_START
|
430
|
-
open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG) do |service|
|
431
|
-
query_config2(service, SERVICE_CONFIG_DELAYED_AUTO_START_INFO) do |config|
|
432
|
-
return :SERVICE_DELAYED_AUTO_START if config[:fDelayedAutostart] == 1
|
433
|
-
end
|
434
|
-
end
|
435
|
-
end
|
436
390
|
if start_type.nil?
|
437
391
|
raise Puppet::Error.new(_("Unknown start type '%{start_type}' for '%{service_name}'") % { start_type: start_type.to_s, service_name: service_name})
|
438
392
|
end
|
@@ -442,12 +396,11 @@ module Puppet::Util::Windows
|
|
442
396
|
|
443
397
|
# Change the startup mode of a windows service
|
444
398
|
#
|
445
|
-
# @param [
|
446
|
-
# @param [
|
399
|
+
# @param [string] service_name the name of the service to modify
|
400
|
+
# @param [Int] startup_type a code corresponding to a start type for
|
447
401
|
# windows service, see the "Service start type codes" section in the
|
448
402
|
# Puppet::Util::Windows::Service file for the list of available codes
|
449
|
-
|
450
|
-
def set_startup_mode(service_name, startup_type, delayed=false)
|
403
|
+
def set_startup_mode(service_name, startup_type)
|
451
404
|
startup_code = SERVICE_START_TYPES.key(startup_type)
|
452
405
|
if startup_code.nil?
|
453
406
|
raise Puppet::Error.new(_("Unknown start type %{start_type}") % {startup_type: startup_type.to_s})
|
@@ -474,7 +427,6 @@ module Puppet::Util::Windows
|
|
474
427
|
raise Puppet::Util::Windows::Error.new(_("Failed to update service configuration"))
|
475
428
|
end
|
476
429
|
end
|
477
|
-
set_startup_mode_delayed(service_name, delayed)
|
478
430
|
end
|
479
431
|
module_function :set_startup_mode
|
480
432
|
|
@@ -757,82 +709,6 @@ module Puppet::Util::Windows
|
|
757
709
|
end
|
758
710
|
private :query_config
|
759
711
|
|
760
|
-
# @api private
|
761
|
-
# perform QueryServiceConfig2W on a windows service and return the
|
762
|
-
# result
|
763
|
-
#
|
764
|
-
# @param [:handle] service handle of the service to query
|
765
|
-
# @param [Integer] info_level the configuration information to be queried
|
766
|
-
# @return [QUERY_SERVICE_CONFIG2W struct] the result of the query
|
767
|
-
def query_config2(service, info_level, &block)
|
768
|
-
config = nil
|
769
|
-
size_required = nil
|
770
|
-
# Fetch the bytes of memory required to be allocated
|
771
|
-
# for QueryServiceConfig2W to return succesfully. This
|
772
|
-
# is done by sending NULL and 0 for the pointer and size
|
773
|
-
# respectively, letting the command fail, then reading the
|
774
|
-
# value of pcbBytesNeeded
|
775
|
-
FFI::MemoryPointer.new(:lpword) do |bytes_pointer|
|
776
|
-
# return value will be false from this call, since it's designed
|
777
|
-
# to fail. Just ignore it
|
778
|
-
QueryServiceConfig2W(service, info_level, FFI::Pointer::NULL, 0, bytes_pointer)
|
779
|
-
size_required = bytes_pointer.read_dword
|
780
|
-
FFI::MemoryPointer.new(size_required) do |ssp_ptr|
|
781
|
-
# We need to supply the appropriate struct to be created based on
|
782
|
-
# the info_level
|
783
|
-
case info_level
|
784
|
-
when SERVICE_CONFIG_DELAYED_AUTO_START_INFO
|
785
|
-
config = SERVICE_DELAYED_AUTO_START_INFO.new(ssp_ptr)
|
786
|
-
end
|
787
|
-
success = QueryServiceConfig2W(
|
788
|
-
service,
|
789
|
-
info_level,
|
790
|
-
ssp_ptr,
|
791
|
-
size_required,
|
792
|
-
bytes_pointer
|
793
|
-
)
|
794
|
-
if success == FFI::WIN32_FALSE
|
795
|
-
raise Puppet::Util::Windows::Error.new(_("Service query for %{parameter_name} failed") % { parameter_name: SERVICE_CONFIG_TYPES[info_level] } )
|
796
|
-
end
|
797
|
-
yield config
|
798
|
-
end
|
799
|
-
end
|
800
|
-
end
|
801
|
-
private :query_config2
|
802
|
-
|
803
|
-
# @api private
|
804
|
-
# Sets an optional parameter on a service by calling
|
805
|
-
# ChangeServiceConfig2W
|
806
|
-
#
|
807
|
-
# @param [String] service_name name of service
|
808
|
-
# @param [Integer] change parameter to change
|
809
|
-
# @param [struct] value appropriate struct based on the parameter to change
|
810
|
-
def set_optional_parameter(service_name, change, value)
|
811
|
-
open_service(service_name, SC_MANAGER_CONNECT, SERVICE_CHANGE_CONFIG) do |service|
|
812
|
-
success = ChangeServiceConfig2W(
|
813
|
-
service,
|
814
|
-
change, # dwInfoLevel
|
815
|
-
value, # lpInfo
|
816
|
-
)
|
817
|
-
if success == FFI::WIN32_FALSE
|
818
|
-
raise Puppet::Util::windows::Error.new(_("Failed to update service %{change} configuration") % { change: change } )
|
819
|
-
end
|
820
|
-
end
|
821
|
-
end
|
822
|
-
private :set_optional_parameter
|
823
|
-
|
824
|
-
# @api private
|
825
|
-
# Controls the delayed auto-start setting of a service
|
826
|
-
#
|
827
|
-
# @param [String] service_name name of service
|
828
|
-
# @param [Bool] delayed whether the service should be started with a delay or not
|
829
|
-
def set_startup_mode_delayed(service_name, delayed)
|
830
|
-
delayed_start = SERVICE_DELAYED_AUTO_START_INFO.new
|
831
|
-
delayed_start[:fDelayedAutostart] = delayed
|
832
|
-
set_optional_parameter(service_name, SERVICE_CONFIG_DELAYED_AUTO_START_INFO, delayed_start)
|
833
|
-
end
|
834
|
-
private :set_startup_mode_delayed
|
835
|
-
|
836
712
|
# @api private
|
837
713
|
# Sends a service control signal to a service
|
838
714
|
#
|
@@ -1029,18 +905,6 @@ module Puppet::Util::Windows
|
|
1029
905
|
attach_function_private :QueryServiceConfigW,
|
1030
906
|
[:handle, :lpbyte, :dword, :lpdword], :win32_bool
|
1031
907
|
|
1032
|
-
# https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryserviceconfig2w
|
1033
|
-
# BOOL QueryServiceConfig2W(
|
1034
|
-
# SC_HANDLE hService,
|
1035
|
-
# DWORD dwInfoLevel,
|
1036
|
-
# LPBYTE lpBuffer,
|
1037
|
-
# DWORD cbBufSize,
|
1038
|
-
# LPDWORD pcbBytesNeeded
|
1039
|
-
# );
|
1040
|
-
ffi_lib :advapi32
|
1041
|
-
attach_function_private :QueryServiceConfig2W,
|
1042
|
-
[:handle, :dword, :lpbyte, :dword, :lpdword], :win32_bool
|
1043
|
-
|
1044
908
|
# https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-startservicew
|
1045
909
|
# BOOL StartServiceW(
|
1046
910
|
# SC_HANDLE hService,
|
@@ -1091,15 +955,6 @@ module Puppet::Util::Windows
|
|
1091
955
|
:lpcwstr
|
1092
956
|
], :win32_bool
|
1093
957
|
|
1094
|
-
# https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
|
1095
|
-
# BOOL ChangeServiceConfig2W(
|
1096
|
-
# SC_HANDLE hService,
|
1097
|
-
# DWORD dwInfoLevel,
|
1098
|
-
# LPVOID lpInfo
|
1099
|
-
# );
|
1100
|
-
ffi_lib :advapi32
|
1101
|
-
attach_function_private :ChangeServiceConfig2W,
|
1102
|
-
[:handle, :dword, :lpvoid], :win32_bool
|
1103
958
|
|
1104
959
|
# https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexw
|
1105
960
|
# BOOL EnumServicesStatusExW(
|
@@ -46,7 +46,6 @@ module Puppet::Util::Windows
|
|
46
46
|
PrintOperators = 'S-1-5-32-550'
|
47
47
|
BackupOperators = 'S-1-5-32-551'
|
48
48
|
Replicators = 'S-1-5-32-552'
|
49
|
-
AllAppPackages = 'S-1-15-2-1'
|
50
49
|
|
51
50
|
# Convert an account name, e.g. 'Administrators' into a SID string,
|
52
51
|
# e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',
|
data/lib/puppet/vendor.rb
CHANGED
data/lib/puppet/version.rb
CHANGED
@@ -10,21 +10,18 @@ class Puppet::X509::CertProvider
|
|
10
10
|
VALID_CERTNAME = /\A[ -.0-~]+\Z/
|
11
11
|
CERT_DELIMITERS = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
|
12
12
|
CRL_DELIMITERS = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
|
13
|
+
EC_HEADER = /-----BEGIN EC PRIVATE KEY-----/
|
13
14
|
|
14
15
|
def initialize(capath: Puppet[:localcacert],
|
15
16
|
crlpath: Puppet[:hostcrl],
|
16
17
|
privatekeydir: Puppet[:privatekeydir],
|
17
18
|
certdir: Puppet[:certdir],
|
18
|
-
requestdir: Puppet[:requestdir]
|
19
|
-
hostprivkey: Puppet.settings.set_by_config?(:hostprivkey) ? Puppet[:hostprivkey] : nil,
|
20
|
-
hostcert: Puppet.settings.set_by_config?(:hostcert) ? Puppet[:hostcert] : nil)
|
19
|
+
requestdir: Puppet[:requestdir])
|
21
20
|
@capath = capath
|
22
21
|
@crlpath = crlpath
|
23
22
|
@privatekeydir = privatekeydir
|
24
23
|
@certdir = certdir
|
25
24
|
@requestdir = requestdir
|
26
|
-
@hostprivkey = hostprivkey
|
27
|
-
@hostcert = hostcert
|
28
25
|
end
|
29
26
|
|
30
27
|
# Save `certs` to the configured `capath`.
|
@@ -113,16 +110,44 @@ class Puppet::X509::CertProvider
|
|
113
110
|
end
|
114
111
|
end
|
115
112
|
|
113
|
+
# Return the time when the CRL was last updated.
|
114
|
+
#
|
115
|
+
# @return [Time, nil] Time when the CRL was last updated, or nil if we don't
|
116
|
+
# have a CRL
|
117
|
+
def crl_last_update
|
118
|
+
stat = Puppet::FileSystem.stat(@crlpath)
|
119
|
+
Time.at(stat.mtime)
|
120
|
+
rescue Errno::ENOENT
|
121
|
+
nil
|
122
|
+
end
|
123
|
+
|
124
|
+
# Set the CRL last updated time.
|
125
|
+
#
|
126
|
+
# @param time [Time] The last updated time
|
127
|
+
#
|
128
|
+
def crl_last_update=(time)
|
129
|
+
Puppet::FileSystem.touch(@crlpath, mtime: time)
|
130
|
+
end
|
131
|
+
|
116
132
|
# Save named private key in the configured `privatekeydir`. For
|
117
133
|
# historical reasons, names are case insensitive.
|
118
134
|
#
|
119
135
|
# @param name [String] The private key identity
|
120
136
|
# @param key [OpenSSL::PKey::RSA] private key
|
137
|
+
# @param password [String, nil] If non-nil, derive an encryption key
|
138
|
+
# from the password, and use that to encrypt the private key. If nil,
|
139
|
+
# save the private key unencrypted.
|
121
140
|
# @raise [Puppet::Error] if the private key cannot be saved
|
122
141
|
# @api private
|
123
|
-
def save_private_key(name, key)
|
124
|
-
|
125
|
-
|
142
|
+
def save_private_key(name, key, password: nil)
|
143
|
+
pem = if password
|
144
|
+
cipher = OpenSSL::Cipher::AES.new(128, :CBC)
|
145
|
+
key.export(cipher, password)
|
146
|
+
else
|
147
|
+
key.to_pem
|
148
|
+
end
|
149
|
+
path = to_path(@privatekeydir, name)
|
150
|
+
save_pem(pem, path, **permissions_for_setting(:hostprivkey))
|
126
151
|
rescue SystemCallError => e
|
127
152
|
raise Puppet::Error.new(_("Failed to save private key for '%{name}'") % {name: name}, e)
|
128
153
|
end
|
@@ -132,17 +157,20 @@ class Puppet::X509::CertProvider
|
|
132
157
|
#
|
133
158
|
# @param name [String] The private key identity
|
134
159
|
# @param required [Boolean] If true, raise if it is missing
|
160
|
+
# @param password [String, nil] If the private key is encrypted, decrypt
|
161
|
+
# it using the password. If the key is encrypted, but a password is
|
162
|
+
# not specified, then the key cannot be loaded.
|
135
163
|
# @return (see #load_private_key_from_pem)
|
136
164
|
# @raise (see #load_private_key_from_pem)
|
137
165
|
# @raise [Puppet::Error] if the private key cannot be loaded
|
138
166
|
# @api private
|
139
|
-
def load_private_key(name, required: false)
|
140
|
-
path =
|
167
|
+
def load_private_key(name, required: false, password: nil)
|
168
|
+
path = to_path(@privatekeydir, name)
|
141
169
|
pem = load_pem(path)
|
142
170
|
if !pem && required
|
143
171
|
raise Puppet::Error, _("The private key is missing from '%{path}'") % { path: path }
|
144
172
|
end
|
145
|
-
pem ? load_private_key_from_pem(pem) : nil
|
173
|
+
pem ? load_private_key_from_pem(pem, password: password) : nil
|
146
174
|
rescue SystemCallError => e
|
147
175
|
raise Puppet::Error.new(_("Failed to load private key for '%{name}'") % {name: name}, e)
|
148
176
|
end
|
@@ -150,14 +178,46 @@ class Puppet::X509::CertProvider
|
|
150
178
|
# Load a PEM encoded private key.
|
151
179
|
#
|
152
180
|
# @param pem [String] PEM encoded private key
|
153
|
-
# @
|
154
|
-
#
|
181
|
+
# @param password [String, nil] If the private key is encrypted, decrypt
|
182
|
+
# it using the password. If the key is encrypted, but a password is
|
183
|
+
# not specified, then the key cannot be loaded.
|
184
|
+
# @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key
|
185
|
+
# @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key
|
155
186
|
# @api private
|
156
|
-
def load_private_key_from_pem(pem)
|
157
|
-
# set a non-nil
|
158
|
-
# but ruby 2.4.0 & 2.4.1 require at least 4 bytes
|
159
|
-
# https://github.com/ruby/
|
160
|
-
|
187
|
+
def load_private_key_from_pem(pem, password: nil)
|
188
|
+
# set a non-nil password to ensure openssl doesn't prompt
|
189
|
+
# but ruby 2.4.0 & 2.4.1 require at least 4 bytes due to
|
190
|
+
# https://github.com/ruby/openssl/commit/f38501249f33bff7ca9d208670b8cde695ea8b7b
|
191
|
+
# and corrected in https://github.com/ruby/openssl/commit/a896c3d1dfa090e92dec1abf8ac12843af6af721
|
192
|
+
password ||= ' '
|
193
|
+
|
194
|
+
if Puppet::Util::Platform.jruby?
|
195
|
+
begin
|
196
|
+
if pem =~ EC_HEADER
|
197
|
+
OpenSSL::PKey::EC.new(pem, password)
|
198
|
+
else
|
199
|
+
OpenSSL::PKey::RSA.new(pem, password)
|
200
|
+
end
|
201
|
+
rescue OpenSSL::PKey::PKeyError => e
|
202
|
+
if e.message =~ /Neither PUB key nor PRIV key/
|
203
|
+
raise OpenSSL::PKey::PKeyError, "Could not parse PKey: no start line"
|
204
|
+
else
|
205
|
+
raise e
|
206
|
+
end
|
207
|
+
end
|
208
|
+
else
|
209
|
+
OpenSSL::PKey.read(pem, password)
|
210
|
+
end
|
211
|
+
end
|
212
|
+
|
213
|
+
# Load the private key password.
|
214
|
+
#
|
215
|
+
# @return [String, nil] The private key password as a binary string or nil
|
216
|
+
# if there is none.
|
217
|
+
def load_private_key_password
|
218
|
+
Puppet::FileSystem.read(Puppet[:passfile], :encoding => Encoding::BINARY)
|
219
|
+
rescue Errno::ENOENT
|
220
|
+
nil
|
161
221
|
end
|
162
222
|
|
163
223
|
# Save a named client cert to the configured `certdir`.
|
@@ -167,7 +227,7 @@ class Puppet::X509::CertProvider
|
|
167
227
|
# @raise [Puppet::Error] if the client cert cannot be saved
|
168
228
|
# @api private
|
169
229
|
def save_client_cert(name, cert)
|
170
|
-
path =
|
230
|
+
path = to_path(@certdir, name)
|
171
231
|
save_pem(cert.to_pem, path, **permissions_for_setting(:hostcert))
|
172
232
|
rescue SystemCallError => e
|
173
233
|
raise Puppet::Error.new(_("Failed to save client certificate for '%{name}'") % {name: name}, e)
|
@@ -182,7 +242,7 @@ class Puppet::X509::CertProvider
|
|
182
242
|
# @raise [Puppet::Error] if the client cert cannot be loaded
|
183
243
|
# @api private
|
184
244
|
def load_client_cert(name, required: false)
|
185
|
-
path =
|
245
|
+
path = to_path(@certdir, name)
|
186
246
|
pem = load_pem(path)
|
187
247
|
if !pem && required
|
188
248
|
raise Puppet::Error, _("The client certificate is missing from '%{path}'") % { path: path }
|
@@ -284,10 +344,7 @@ class Puppet::X509::CertProvider
|
|
284
344
|
def permissions_for_setting(name)
|
285
345
|
setting = Puppet.settings.setting(name)
|
286
346
|
perm = { mode: setting.mode.to_i(8) }
|
287
|
-
if Puppet.features.root? && !Puppet::Util::Platform.windows?
|
288
|
-
perm[:owner] = setting.owner
|
289
|
-
perm[:group] = setting.group
|
290
|
-
end
|
347
|
+
perm.merge!(owner: setting.owner, group: setting.group) if Puppet.features.root? && !Puppet::Util::Platform.windows?
|
291
348
|
perm
|
292
349
|
end
|
293
350
|
end
|