vagrant-clone 0.0.1 → 0.0.3

data/cookbooks/windows/libraries/windows_helper.rb

@@ -0,0 +1,174 @@
+#
+# Author:: Seth Chisamore (<schisamo@chef.io>)
+# Cookbook:: windows
+# Library:: helper
+#
+# Copyright:: 2011-2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'uri'
+require 'Win32API' if Chef::Platform.windows?
+require 'chef/exceptions'
+
+module Windows
+  module Helper
+    AUTO_RUN_KEY = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.freeze unless defined?(AUTO_RUN_KEY)
+    ENV_KEY = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment'.freeze unless defined?(ENV_KEY)
+    ExpandEnvironmentStrings = Win32API.new('kernel32', 'ExpandEnvironmentStrings', %w(P P L), 'L') if Chef::Platform.windows? && !defined?(ExpandEnvironmentStrings)
+
+    # returns windows friendly version of the provided path,
+    # ensures backslashes are used everywhere
+    def win_friendly_path(path)
+      path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR || '\\') if path
+    end
+
+    # account for Window's wacky File System Redirector
+    # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx
+    # especially important for 32-bit processes (like Ruby) on a
+    # 64-bit instance of Windows.
+    def locate_sysnative_cmd(cmd)
+      if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\#{cmd}")
+        "#{ENV['WINDIR']}\\sysnative\\#{cmd}"
+      elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\#{cmd}")
+        "#{ENV['WINDIR']}\\system32\\#{cmd}"
+      else
+        cmd
+      end
+    end
+
+    # Create a feature provider dependent value object.
+    # mainly created becasue Windows Feature names are
+    # different based on whether dism.exe or servicemanagercmd.exe
+    # is used for installation
+    def value_for_feature_provider(provider_hash)
+      p = Chef::Platform.find_provider_for_node(node, :windows_feature)
+      key = p.to_s.downcase.split('::').last
+      provider_hash[key] || provider_hash[key.to_sym]
+    end
+
+    # singleton instance of the Windows Version checker
+    def win_version
+      @win_version ||= Windows::Version.new
+    end
+
+    # Helper function to properly parse a URI
+    def as_uri(source)
+      URI.parse(source)
+    rescue URI::InvalidURIError
+      Chef::Log.warn("#{source} was an invalid URI. Trying to escape invalid characters")
+      URI.parse(URI.escape(source))
+    end
+
+    # if a file is local it returns a windows friendly path version
+    # if a file is remote it caches it locally
+    def cached_file(source, checksum = nil, windows_path = true)
+      @installer_file_path ||= begin
+
+        if source =~ %r{^(file|ftp|http|https):\/\/}
+          uri = as_uri(source)
+          cache_file_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}"
+          Chef::Log.debug("Caching a copy of file #{source} at #{cache_file_path}")
+          remote_file cache_file_path do
+            source source
+            backup false
+            checksum checksum unless checksum.nil?
+          end.run_action(:create)
+        else
+          cache_file_path = source
+        end
+
+        windows_path ? win_friendly_path(cache_file_path) : cache_file_path
+      end
+    end
+
+    # Expands the environment variables
+    def expand_env_vars(path)
+      # We pick 32k because that is the largest it could be:
+      # http://msdn.microsoft.com/en-us/library/windows/desktop/ms724265%28v=vs.85%29.aspx
+      buf = 0.chr * 32 * 1024 # 32k
+      if ExpandEnvironmentStrings.call(path.dup, buf, buf.length) == 0
+        raise Chef::Exceptions::Win32APIError, 'Failed calling ExpandEnvironmentStrings (received 0)'
+      end
+      buf.strip
+    end
+
+    def is_package_installed?(package_name) # rubocop:disable Style/PredicateName
+      installed_packages.include?(package_name)
+    end
+
+    def installed_packages
+      @installed_packages || begin
+        installed_packages = {}
+        # Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
+        installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE)) # rescue nil
+        # 64-bit registry view
+        # Computer\HKEY_LOCAL_MACHINE\Software\Wow6464Node\Microsoft\Windows\CurrentVersion\Uninstall
+        installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0100))) # rescue nil
+        # 32-bit registry view
+        # Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
+        installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0200))) # rescue nil
+        # Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
+        installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_CURRENT_USER)) # rescue nil
+        installed_packages
+      end
+    end
+
+    # Returns an array
+    def to_array(var)
+      var = var.is_a?(Array) ? var : [var]
+      var.reject(&:nil?)
+    end
+
+    private
+
+    def extract_installed_packages_from_key(hkey = ::Win32::Registry::HKEY_LOCAL_MACHINE, desired = ::Win32::Registry::Constants::KEY_READ)
+      uninstall_subkey = 'Software\Microsoft\Windows\CurrentVersion\Uninstall'
+      packages = {}
+      begin
+        ::Win32::Registry.open(hkey, uninstall_subkey, desired) do |reg|
+          reg.each_key do |key, _wtime|
+            begin
+              k = reg.open(key, desired)
+              display_name = begin
+                               k['DisplayName']
+                             rescue
+                               nil
+                             end
+              version = begin
+                          k['DisplayVersion']
+                        rescue
+                          'NO VERSION'
+                        end
+              uninstall_string = begin
+                                   k['UninstallString']
+                                 rescue
+                                   nil
+                                 end
+              if display_name
+                packages[display_name] = { name: display_name,
+                                           version: version,
+                                           uninstall_string: uninstall_string }
+              end
+            rescue ::Win32::Registry::Error
+            end
+          end
+        end
+      rescue ::Win32::Registry::Error
+      end
+      packages
+    end
+  end
+end
+
+Chef::Recipe.send(:include, Windows::Helper)

data/cookbooks/windows/libraries/windows_privileged.rb

@@ -0,0 +1,103 @@
+#
+# Author:: Doug MacEachern <dougm@vmware.com>
+# Author:: Paul Morton (<pmorton@biaprotect.com>)
+# Cookbook:: windows
+# Library:: windows_privileged
+#
+# Copyright:: 2010-2017, VMware, Inc.
+# Copyright:: 2011-2017, Business Intelligence Associates, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# helpers for Windows API calls that require privilege adjustments
+class Chef
+  class WindowsPrivileged
+    # File -> Load Hive... in regedit.exe
+    def reg_load_key(name, file)
+      load_deps
+
+      run(SE_BACKUP_NAME, SE_RESTORE_NAME) do
+        rc = RegLoadKey(HKEY_USERS, name.to_s, file)
+        if rc == ERROR_SUCCESS
+          return true
+        elsif rc == ERROR_SHARING_VIOLATION
+          return false
+        else
+          raise get_last_error(rc)
+        end
+      end
+    end
+
+    # File -> Unload Hive... in regedit.exe
+    def reg_unload_key(name)
+      load_deps
+
+      run(SE_BACKUP_NAME, SE_RESTORE_NAME) do
+        rc = RegUnLoadKey(HKEY_USERS, name.to_s)
+        raise get_last_error(rc) if rc != ERROR_SUCCESS
+      end
+    end
+
+    def run(*privileges)
+      load_deps
+
+      token = [0].pack('L')
+
+      unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, token)
+        raise get_last_error
+      end
+      token = token.unpack('L')[0]
+
+      privileges.each do |name|
+        unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED)
+          raise get_last_error
+        end
+      end
+
+      begin
+        yield
+      ensure # disable privs
+        privileges.each do |name|
+          adjust_privilege(token, name, 0)
+        end
+      end
+    end
+
+    def adjust_privilege(token, priv, attr = 0)
+      load_deps
+
+      luid = [0, 0].pack('Ll')
+      if LookupPrivilegeValue(nil, priv, luid)
+        new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL')
+        AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0)
+      end
+    end
+
+    private
+
+    def load_deps
+      if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+        require 'windows/error'
+        require 'windows/registry'
+        require 'windows/process'
+        require 'windows/security'
+
+        include Windows::Error
+        include Windows::Registry
+        include Windows::Process
+        include Windows::Security
+      end
+    end
+  end
+end

data/cookbooks/windows/libraries/wmi_helper.rb

@@ -0,0 +1,32 @@
+#
+# Author:: Adam Edwards (<adamed@chef.io>)
+#
+# Copyright:: 2014-2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+  require 'win32ole'
+
+  def execute_wmi_query(wmi_query)
+    wmi = ::WIN32OLE.connect('winmgmts://')
+    result = wmi.ExecQuery(wmi_query)
+    return nil unless result.each.count > 0
+    result
+  end
+
+  def wmi_object_property(wmi_object, wmi_property)
+    wmi_object.send(wmi_property)
+  end
+end

data/cookbooks/windows/metadata.json

@@ -0,0 +1 @@
+{"name":"windows","version":"3.1.0","description":"Provides a set of useful Windows-specific primitives.","long_description":"# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## Requirements\n\n### Platforms\n\n- Windows 7\n- Windows Server 2008 R2\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n\n### Chef\n\n- Chef 12.6+\n\n## Resources\n\n### windows_auto_run\n\n#### Actions\n\n- `:create` - Create an item to be run at login\n- `:remove` - Remove an item that was previously setup to run at login\n\n#### Properties\n\n- `name` - Name attribute. The name of the value to be stored in the registry\n- `program` - The program to be run at login\n- `args` - The arguments for the program\n\n#### Examples\n\nRun BGInfo at login\n\n```ruby\nwindows_auto_run 'BGINFO' do\n  program 'C:/Sysinternals/bginfo.exe'\n  args    '\\'C:/Sysinternals/Config.bgi\\' /NOLICPROMPT /TIMER:0'\n  action  :create\nend\n```\n\n### windows_certificate\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n\n- `:create` - creates or updates a certificate.\n- `:delete` - deletes a certificate.\n- `:acl_add` - adds read-only entries to a certificate's private key ACL.\n\n#### Properties\n\n- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).\n- `pfx_password` - the password to access the source if it is a pfx file.\n- `private_key_acl` - array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- `store_name` - the certificate store to manipulate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).\n- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n    pfx_password    \"password\"\n    private_key_acl    [\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n    store_name    \"CA\"\nend\n```\n\n```ruby\n# Remove all certificates matching the subject\nwindows_certificate \"me.acme.com\" do\n    action :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses).\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n    cert_name    \"d234567890a23f567c901e345bc8901d34567890\"\n    name_kind    :hash\n    store_name    \"CA\"\n    port        4334\nend\n```\n\n### windows_feature\n\n**BREAKING CHANGE - Version 3.0.0**\n\nThis resource has been moved from using LWRPs and multiple providers to using Custom Resources. To maintain functionality, you'll need to change `provider` to `install_method`.\n\nWindows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'.\n\nThis resource allows you to manage these 'features' in an unattended, idempotent way.\n\nThere are three methods for the `windows_feature` which map into Microsoft's three major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx), [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834%28WS.10%29.aspx) (The CLI for Server Manager), and [PowerShell](https://technet.microsoft.com/en-us/library/cc731774(v=ws.11).aspx). As Servermanagercmd is deprecated, Chef will set the default method to `:windows_feature_dism` if `dism.exe` is present on the system being configured. The default method will fall back to `:windows_feature_servermanagercmd`, and then `:windows_feature_powershell`.\n\nFor more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt:\n\nFor Dism:\n\n```text\ndism /online /Get-Features\n```\n\nFor ServerManagerCmd:\n\n```text\nservermanagercmd -query\n```\n\nFor PowerShell:\n\n```text\nget-windowsfeature\n```\n\n#### Actions\n\n- `:install` - install a Windows role/feature\n- `:remove` - remove a Windows role/feature\n- `:delete` - remove a Windows role/feature from the image (not supported by ServerManagerCmd)\n\n#### Properties\n\n- `feature_name` - name of the feature/role(s) to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).\n- `all` - Boolean. Optional. Default: false. DISM and Powershell providers only. Forces all dependencies to be installed.\n- `source` - String. Optional. DISM provider only. Uses local repository for feature install.\n- `install_method` - Symbol. Optional. **REPLACEMENT FOR THE PREVIOUS PROVIDER OPTION** If not supplied, Chef will determine which method to use (in the order of `:windows_feature_dism`, `:windows_feature_servercmd`, `:windows_feature_powershell`)\n\n#### Examples\n\nInstall the DHCP Server feature\n\n```ruby\nwindows_feature 'DHCPServer' do\n  action :install\nend\n```\n\nInstall the .Net 3.5.1 feature on Server 2012 using repository files on DVD and install all dependencies\n\n```ruby\nwindows_feature \"NetFx3\" do\n  action :install\n  all true\n  source \"d:\\sources\\sxs\"\nend\n```\n\nRemove Telnet Server and Client features\n\n```ruby\nwindows_feature ['TelnetServer', 'TelnetClient'] do\n  action :remove\nend\n```\n\nAdd the SMTP Server feature using the PowerShell provider\n\n```ruby\nwindows_feature \"smtp-server\" do\n  action :install\n  all true\n  install_method :windows_feature_powershell\nend\n```\n\nInstall multiple features using one resource with the PowerShell provider\n\n```ruby\nwindows_feature ['Web-Asp-Net45', 'Web-Net-Ext45'] do\n  action :install\n  install_method :windows_feature_powershell\nend\n```\n\n### windows_font\n\nInstalls a font.\n\nFont files should be included in the cookbooks\n\n#### Actions\n\n- `:install` - install a font to the system fonts directory.\n\n#### Properties\n\n- `name` - The file name of the font file name to install. The path defaults to the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name.\n- `source` - Set an alternate path to the font file.\n\n#### Examples\n\n```ruby\nwindows_font 'Code New Roman.otf'\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n    user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n  sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n    action :delete\nend\n```\n\n### windows_pagefile\n\nConfigures the file that provides virtual memory for applications requiring more memory than available RAM or that are paged out to free up memory in use.\n\n\n#### Actions\n\n- `:set` - configures the default pagefile, creating if it doesn't exist.\n- `:delete` - deletes the specified pagefile.\n\n#### Properties\n\n- `name` - the path to the pagefile,  String, name_property: true\n- `system_managed` - configures whether the system manages the pagefile size. [true, false]\n- `automatic_managed` - all of the settings are managed by the system. If this is set to true, other settings will be ignored. [true, false], default: false\n- `initial_size` - initial size of the pagefile in bytes. Integer\n- `maximum_size` - maximum size of the pagefile in bytes. Integer\n\n### windows_printer_port\n\nCreate and delete TCP/IPv4 printer ports.\n\n#### Actions\n\n- `:create` - Create a TCIP/IPv4 printer port. This is the default action.\n- `:delete` - Delete a TCIP/IPv4 printer port\n\n#### Properties\n\n- `ipv4_address` - Name attribute. Required. IPv4 address, e.g. '10.0.24.34'\n- `port_name` - Port name. Optional. Defaults to 'IP_' + `ipv4_address`\n- `port_number` - Port number. Optional. Defaults to 9100.\n- `port_description` - Port description. Optional.\n- `snmp_enabled` - Boolean. Optional. Defaults to false.\n- `port_protocol` - Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1.\n\n#### Examples\n\nCreate a TCP/IP printer port named 'IP_10.4.64.37' with all defaults\n\n```ruby\nwindows_printer_port '10.4.64.37' do\n  action :create\nend\n```\n\nDelete a printer port\n\n```ruby\nwindows_printer_port '10.4.64.37' do\n  action :delete\nend\n```\n\nDelete a port with a custom port_name\n\n```ruby\nwindows_printer_port '10.4.64.38' do\n  port_name 'My awesome port'\n  action :delete\nend\n```\n\nCreate a port with more options\n\n```ruby\nwindows_printer_port '10.4.64.39' do\n  port_name 'My awesome port'\n  snmp_enabled true\n  port_protocol 2\nend\n```\n\n### windows_printer\n\nCreate Windows printer. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system.\n\nThe Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer.\n\n#### Actions\n\n- `:create` - Create a new printer\n- `:delete` - Delete a new printer\n\n#### Properties\n\n- `device_id` - Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'\n- `comment` - Optional string describing the printer queue.\n- `default` - Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting.\n- `driver_name` - String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node.\n- `location` - Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207'\n- `shared` - Boolean. Defaults to false.\n- `share_name` - Printer share name.\n- `ipv4_address` - Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP address to set it. Required.\n\nAn error of \"Set-WmiInstance : Generic failure\" is most likely due to the printer driver name not matching or not being installed.\n\n#### Examples\n\nCreate a printer\n\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n  driver_name 'HP LaserJet 4100 Series PCL6'\n  ipv4_address '10.4.64.38'\nend\n```\n\nDelete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port.\n\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n  action :delete\nend\n```\n\n### windows_share\n\nCreates, modifies and removes Windows shares. All properties are idempotent.\n\n#### Actions\n\n- :create: creates/modifies a share\n- :delete: deletes a share\n\n#### Properties\n\n- share_name: name attribute, the share name.\n- path: path to the directory to be shared. Required when creating. If the share already exists on a different path then it is deleted and re-created.\n- description: description to be applied to the share\n- full_users: array of users which should have \"Full control\" permissions\n- change_users: array of users which should have \"Change\" permissions\n- read_users: array of users which should have \"Read\" permissions\n\n#### Examples\n\n```ruby\nwindows_share \"foo\" do\n  action :create\n  path \"C:\\\\foo\"\n  full_users [\"DOMAIN_A\\\\some_user\", \"DOMAIN_B\\\\some_other_user\"]\n  read_users [\"DOMAIN_C\\\\Domain users\"]\nend\n```\n\n```ruby\nwindows_share \"foo\" do\n  action :delete\nend\n```\n\n### windows_shortcut\n\nCreates and modifies Windows shortcuts.\n\n#### Actions\n\n- `:create` - create or modify a windows shortcut\n\n#### Properties\n\n- `name` - name attribute. The shortcut to create/modify.\n- `target` - what the shortcut links to\n- `arguments` - arguments to pass to the target when the shortcut is executed\n- `description` - description of the shortcut\n- `cwd` - Working directory to use when the target is executed\n- `iconlocation` - Icon to use, in the format of `\"path, index\"` where index is which icon in that file to use (See [WshShortcut.IconLocation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx))\n\n#### Examples\n\nAdd a shortcut all users desktop:\n\n```ruby\nrequire 'win32ole'\nall_users_desktop = WIN32OLE.new(\"WScript.Shell\").SpecialFolders(\"AllUsersDesktop\")\n\nwindows_shortcut \"#{all_users_desktop}/Notepad.lnk\" do\n  target \"C:\\\\WINDOWS\\\\notepad.exe\"\n  description \"Launch Notepad\"\n  iconlocation \"C:\\\\windows\\\\notepad.exe, 0\"\nend\n```\n\n#### Library Methods\n\n```ruby\nRegistry.value_exists?('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\nRegistry.key_exists?('HKLM\\SOFTWARE\\Microsoft')\nBgInfo = Registry.get_value('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\n```\n\n### windows_path\n\n#### Actions\n\n- `:add` - Add an item to the system path\n- `:remove` - Remove an item from the system path\n\n#### Properties\n\n- `path` - Name attribute. The name of the value to add to the system path\n\n#### Examples\n\nAdd Sysinternals to the system path\n\n```ruby\nwindows_path 'C:\\Sysinternals' do\n  action :add\nend\n```\n\nRemove 7-Zip from the system path\n\n```ruby\nwindows_path 'C:\\7-Zip' do\n  action :remove\nend\n```\n\n### windows_task\n\nCreates, deletes or runs a Windows scheduled task. Requires Windows Server 2008 due to API usage.\n\n#### Actions\n\n- `:create` - creates a task (or updates existing if user or command has changed)\n- `:delete` - deletes a task\n- `:run` - runs a task\n- `:end` - ends a task\n- `:change` - changes the un/pw or command of a task\n- `:enable` - enable a task\n- `:disable` - disable a task\n\n#### Properties\n\n- `task_name` - name attribute, The task name. (\"Task Name\" or \"/Task Name\")\n- `force` - When used with create, will update the task.\n- `command` - The command the task will run.\n- `cwd` - The directory the task will be run from.\n- `user` - The user to run the task as. (defaults to 'SYSTEM')\n- `password` - The user's password. (requires user)\n- `run_level` - Run with `:limited` or `:highest` privileges.\n- `frequency` - Frequency with which to run the task. (default is :hourly. Other valid values include :minute, :hourly, :daily, :weekly, :monthly, :once, :on_logon, :onstart, :on_idle) :once requires start_time\n- `frequency_modifier` - Multiple for frequency. (15 minutes, 2 days). Monthly tasks may also use these values\": ('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY')\n- `start_day` - Specifies the first date on which the task runs. Optional string (MM/DD/YYYY)\n- `start_time` - Specifies the start time to run the task. Optional string (HH:mm)\n- `interactive_enabled` - (Allow task to run interactively or non-interactively. Requires user and password.)\n- `day` - For monthly or weekly tasks, the day(s) on which the task runs. (MON - SUN, *, 1 - 31)\n- `months` - The Months of the year on which the task runs. (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC, *). Multiple months should be comma delimited.\n- `idle_time` - For :on_idle frequency, the time (in minutes) without user activity that must pass to trigger the task. (1 - 999)\n\n#### Examples\n\nCreate a `chef-client` task with TaskPath `\\` running every 15 minutes\n\n```ruby\nwindows_task 'chef-client' do\n  user 'Administrator'\n  password '$ecR3t'\n  cwd 'C:\\\\chef\\\\bin'\n  command 'chef-client -L C:\\\\tmp\\\\'\n  run_level :highest\n  frequency :minute\n  frequency_modifier 15\nend\n```\n\nUpdate `chef-client` task with new password and log location\n\n```ruby\nwindows_task 'chef-client' do\n  user 'Administrator'\n  password 'N3wPassW0Rd'\n  cwd 'C:\\\\chef\\\\bin'\n  command 'chef-client -L C:\\\\chef\\\\logs\\\\'\n  action :change\nend\n```\n\nDelete a task named `old task`\n\n```ruby\nwindows_task 'old task' do\n  action :delete\nend\n```\n\nEnable a task named `chef-client`\n\n```ruby\nwindows_task 'chef-client' do\n  action :enable\nend\n```\n\nDisable a task named `ProgramDataUpdater` with TaskPath `\\Microsoft\\Windows\\Application Experience\\`\n\n```ruby\nwindows_task '\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater' do\n  action :disable\nend\n```\n\n### windows_zipfile\n\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n  source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n  action :unzip\n  not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n  source 'c:/foo/baz/the_codez.zip'\n  action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n  source 'c:/the_codez'\n  action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n  source 'http://url_to_download/windows_sdk.zip'\n  action :create_if_missing\n  not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n  # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.\n\n#### core_version?\n\nDetermines whether given node is running on a windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n  fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n  fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n  puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n  when '6.0' then 'Windows vista or Server 2008'\n  when '6.1' then 'Windows 7 or Server 2008R2'\n  when '6.2' then 'Windows 8 or Server 2012'\n  when '6.3' then 'Windows 8.1 or Server 2012R2'\n  when '10.0' then 'Windows 10'\nend\n```\n\n## Windows ChefSpec Matchers\n\nThe Windows cookbook includes custom [ChefSpec](https://github.com/sethvargo/chefspec) matchers you can use to test your own cookbooks that consume Windows cookbook LWRPs.\n\n### Example Matcher Usage\n\n```ruby\nexpect(chef_run).to install_windows_package('Node.js').with(\n  source: 'http://nodejs.org/dist/v0.10.26/x64/node-v0.10.26-x64.msi')\n```\n\n### Windows Cookbook Matchers\n\n- create_windows_auto_run\n- remove_windows_auto_run\n- create_windows_certificate\n- delete_windows_certificate\n- add_acl_to_windows_certificate\n- create_windows_certificate_binding\n- delete_windows_certificate_binding\n- install_windows_feature\n- install_windows_feature_dism\n- install_windows_feature_servermanagercmd\n- install_windows_feature_powershell\n- remove_windows_feature\n- remove_windows_feature_dism\n- remove_windows_feature_servermanagercmd\n- remove_windows_feature_powershell\n- delete_windows_feature\n- delete_windows_feature_dism\n- delete_windows_feature_powershell\n- install_windows_font\n- create_windows_http_acl\n- delete_windows_http_acl\n- install_windows_package\n- remove_windows_package\n- set_windows_pagefile\n- add_windows_path\n- remove_windows_path\n- create_windows_printer\n- delete_windows_printer\n- create_windows_printer_port\n- delete_windows_printer_port\n- create_windows_shortcut\n- create_windows_shortcut\n- create_windows_task\n- disable_windows_task\n- enable_windows_task\n- delete_windows_task\n- run_windows_task\n- change_windows_task\n- unzip_windows_zipfile_to\n- zip_windows_zipfile_to\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2016, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"ohai":">= 4.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 12.7"]],"ohai_version":[]}

data/cookbooks/windows/recipes/default.rb

@@ -0,0 +1,21 @@
+#
+# Author:: Seth Chisamore (<schisamo@chef.io>)
+# Cookbook:: windows
+# Recipe:: default
+#
+# Copyright:: 2011-2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+Chef::Log.warn('The windows::default recipe has been deprecated. The gems previously installed in this recipe ship in the Chef MSI.')

data/cookbooks/windows/resources/auto_run.rb

@@ -0,0 +1,46 @@
+#
+# Author:: Paul Morton (<pmorton@biaprotect.com>)
+# Cookbook:: windows
+# Resource:: auto_run
+#
+# Copyright:: 2011-2017, Business Intelligence Associates, Inc.
+# Copyright:: 2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+property :program, String
+property :name, String, name_property: true
+property :args, String
+
+action :create do
+  registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do
+    values [{
+      name: new_resource.name,
+      type: :string,
+      data: "\"#{new_resource.program}\" #{new_resource.args}",
+    }]
+    action :create
+  end
+end
+
+action :remove do
+  registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do
+    values [{
+      name: new_resource.name,
+      type: :string,
+      data: '',
+    }]
+    action :delete
+  end
+end

data/cookbooks/windows/resources/certificate.rb

@@ -0,0 +1,166 @@
+#
+# Author:: Richard Lavey (richard.lavey@calastone.com)
+# Cookbook:: windows
+# Resource:: certificate
+#
+# Copyright:: 2015-2017, Calastone Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include Windows::Helper
+
+property :source, String, name_property: true, required: true
+property :pfx_password, String
+property :private_key_acl, Array
+property :store_name, String, default: 'MY', regex: /^(?:MY|CA|ROOT|TrustedPublisher|TRUSTEDPEOPLE)$/
+property :user_store, [true, false], default: false
+
+action :create do
+  hash = '$cert.GetCertHashString()'
+  code_script = cert_script(true) <<
+                within_store_script { |store| store + '.Add($cert)' } <<
+                acl_script(hash)
+
+  guard_script = cert_script(false) <<
+                 cert_exists_script(hash)
+
+  converge_by("adding certificate #{new_resource.source} into #{new_resource.store_name} to #{cert_location}\\#{new_resource.store_name}") do
+    powershell_script new_resource.name do
+      guard_interpreter :powershell_script
+      convert_boolean_return true
+      code code_script
+      not_if guard_script
+    end
+  end
+end
+
+# acl_add is a modify-if-exists operation : not idempotent
+action :acl_add do
+  if ::File.exist?(new_resource.source)
+    hash = '$cert.GetCertHashString()'
+    code_script = cert_script(false)
+    guard_script = cert_script(false)
+  else
+    # make sure we have no spaces in the hash string
+    hash = "\"#{new_resource.source.gsub(/\s/, '')}\""
+    code_script = ''
+    guard_script = ''
+  end
+  code_script << acl_script(hash)
+  guard_script << cert_exists_script(hash)
+
+  converge_by("setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}") do
+    powershell_script new_resource.name do
+      guard_interpreter :powershell_script
+      convert_boolean_return true
+      code code_script
+      only_if guard_script
+    end
+  end
+end
+
+action :delete do
+  # do we have a hash or a subject?
+  # TODO: It's a bit annoying to know the thumbprint of a cert you want to remove when you already
+  # have the file.  Support reading the hash directly from the file if provided.
+  search = if new_resource.source =~ /^[a-fA-F0-9]{40}$/
+             "Thumbprint -eq '#{new_resource.source}'"
+           else
+             "Subject -like '*#{new_resource.source.sub(/\*/, '`*')}*'" # escape any * in the source
+           end
+  cert_command = "Get-ChildItem Cert:\\#{cert_location}\\#{new_resource.store_name} | where { $_.#{search} }"
+
+  code_script = within_store_script do |store|
+    <<-EOH
+foreach ($c in #{cert_command})
+{
+  #{store}.Remove($c)
+}
+EOH
+  end
+  guard_script = "@(#{cert_command}).Count -gt 0\n"
+  converge_by("Removing certificate #{new_resource.source} from #{cert_location}\\#{new_resource.store_name}") do
+    powershell_script new_resource.name do
+      guard_interpreter :powershell_script
+      convert_boolean_return true
+      code code_script
+      only_if guard_script
+    end
+  end
+end
+
+action_class do
+  def cert_location
+    @location ||= new_resource.user_store ? 'CurrentUser' : 'LocalMachine'
+  end
+
+  def cert_script(persist)
+    cert_script = '$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2'
+    file = win_friendly_path(new_resource.source)
+    cert_script << " \"#{file}\""
+    if ::File.extname(file.downcase) == '.pfx'
+      cert_script << ", \"#{new_resource.pfx_password}\""
+      if persist && new_resource.user_store
+        cert_script << ', [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet'
+      elsif persist
+        cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeyset)'
+      end
+    end
+    cert_script << "\n"
+  end
+
+  def cert_exists_script(hash)
+    <<-EOH
+  $hash = #{hash}
+  Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash"
+  EOH
+  end
+
+  def within_store_script
+    inner_script = yield '$store'
+    <<-EOH
+  $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location})
+  $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
+  #{inner_script}
+  $store.Close()
+  EOH
+  end
+
+  def acl_script(hash)
+    return '' if new_resource.private_key_acl.nil? || new_resource.private_key_acl.empty?
+    # this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx
+    # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx
+    set_acl_script = <<-EOH
+  $hash = #{hash}
+  $storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash"
+  if ($storeCert -eq $null) { throw 'no key exists.' }
+  $keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
+  if ($keyname -eq $null) { throw 'no private key exists.' }
+  if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore)
+  {
+    $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname"
+  }
+  else
+  {
+    $currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName)
+    $userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value
+    $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname"
+  }
+  EOH
+    new_resource.private_key_acl.each do |name|
+      set_acl_script << "$uname='#{name}'; icacls $fullpath /grant $uname`:RX\n"
+    end
+    set_acl_script
+  end
+end