| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously, the windows security_spec could fail if the same test was
executed in parallel, since the test assumed the account didn't exist.
This commit makes the names unique. The maximum length for local
user and groups accounts in 2003 is 20 and 256 characters[1],
respectively, and we remain below that limit in both cases.
[1] http://technet.microsoft.com/en-us/library/cc783323.aspx
|
|
|
|
Because of the order Travis runs specs, some environment caching issues
were found that caused some specs to fail because they made the
assumption that the production environment wasn't already in the cache.
Thus, they relied on changing Puppet[:modulepath] to have an effect.
The fix is to override the environments for these two
specs and return an environment we know has the expected module path.
|
|
Previously, the test was expecting a failed logon to raise an error
whose message contained:
unknown user name or bad password.
This is correct in 2008r2 and earlier, but it appears Windows 2012
changed the error message to be:
The user name or password is incorrect.
This commit updates the test to not be sensitive to the message
text. Instead we verify that the exception contains the correct Win32
error code (ERROR_LOGON_FAILURE).
|
|
- File.open now raises EISDIR when a path is a directory, prior to
verifying permissions in Ruby 2. Files continue to return EACCESS.
|
|
- Some existing tests were using Sys::Admin.get_login to get the
current username. Implement this same functionality in
Puppet::Util::Windows::ADSI::User.current_user_name by making
Win32 API call directly instead of relying on sys/admin. Note that
unlike GetComputerNameW, GetUserNameW returns a length
including the trailing NULL.
- Further, replace calls to Sys::Admin::get_user(name).sid and
Sys::Admin::get_group(name).sid with their respective equivalents in
the ADSI classes, namely ADSI::User.new(name).sid and
ADSI::Group.new(name).sid. Note that Sys::Admin returned a string
while ADSI returns a SID object which must be converted to a string.
- To support retrieving the ADSI Group sid, add a new class member
and method identical to the one on ADSI User.
|
|
Previously, when executing specs on Windows the following warning would be
displayed:
warning: already initialized constant FILE
This commit updates the spec test so it doesn't define a top level constant
|
|
- SID methods can really standalone on their own, and
should for the sake of sanity / code maintenance. Adjust all
callsites (including specs) accordingly.
- Make SID methods into static module_functions since they're
already stateless
|
|
- Don't rely on the mixin constants from Windows::Security, share
Puppet::Util::Windows::AccessControlEntry constants
|
|
- Remove windows-pr file class mixin for Windows::File and implement
CreateFileW in Security.
- Note that open_file overlaps with create_file in file.rb
- Add FFI GetFileAttributes and SetFileAttributes to File module
- Move all file attribute related calls out of the Security module and
into the File module, including get_attributes, add_attributes,
remove_attributes and set_attributes. Add corresponding deprecation
notices.
- Add a top level FILE alias for Puppet::Util::Windows::File and
use that to make calls to the APIs / constants in File.
- File must be included prior to Security to use these constants.
|
|
This ensures that a block is given by password_is? when calling
logon_user even though it doesn't need to do anything with it. We went this
route because it made more sense to require a block for this call versus
checking if a block was given in the logon_user method. If you call
logon_user without passing a block you cannot take the next step to later do
something as that user. So it would be a misleading if we allowed it without
requiring a block.
|
|
- Existing uses of FFI::MemoryPointer rely on Ruby GC to perform
non-deterministic memory cleanup. In an effort to reduce memory
consumption, use the block form of FFI::MemoryPointer to call free
on pointers as soon as they're no longer needed.
- Ensure that we don't use non-local return's anywhere, due to their
potential dangerous / unexpected behavior. When inside blocks,
store off return values in a separate variable to be returned
outside the block. When values are only used inside yields, and the
corresponding unmanaged memory has been freed, return nil outside
the block.
|
|
- Switch from LookupPrivilegeValueA to LookupPrivilegeValueW
- In reality, this doesn't absolutely need to be done, but for the sake
of consistency with other API calls, we use W suffixed functions
- Add 2 tests that confirm that our usage of the Win32 API call is
correct
|
|
- Previously check_token_membership was failing in 2003 spec tests
due to 2 issues
- FFI::Pointer::NULL cannot be used in place of our :handle typedef,
and therefore we must add a new constant of 0 to be used for NULL
handles
- FFI defines a :bool as variable width "(?? 1 byte in C++)", while
Win32 defines a BOOL as int, and is fixed to 4 bytes on x86 and x64
- Fortunately the bool issue really only bit us in the one spot where
we were using a pointer to a bool, but by adding a new typedef for
:win32_bool, all call sites comparing the return value needed to be
updated for correctness to compare against FFI::WIN32_FALSE
- A test was added to ensure these APIs are called during spec tests
on all Windows platforms, and not just 2003
|
|
- Move Windows ADSI code out of puppet/util and into
puppet/util/windows
- Update namespace from Puppet::Util::ADSI to
Puppet::Util::Windows::ADSI
- Add module / class definitions for ADSI to util/windows.rb
to prevent tests from blowing up on non-Windows
- Moving Puppet.features.microsoft_windows? checks to top of
user and group provider tests for ADSI
- Update all dependent code, remove unnecessary references
|
|
- Refactor Puppet::Util::Windows::Process to implement new method
elevated_security? that was in win32-security gem
- Refactor get_token_information to return an FFI::MemoryPointer buffer
instead of a parsed structure, since GetTokenInformation is a generic
call that can return many structure types, including TOKEN_ELEVATION.
- Remove any reliance on win32-security gem from user.rb
- Adjust tests accordingly
|
|
- LogonUserW, LoadUserProfile, UnloadUserProfile and PROFILEINFO
have been converted from manually packing params with Win32API.new to
automatically managed with FFI definitions.
- Use MemoryPointer where appropriate.
- Note that wide character LogonUserW is used rather than platform
varying LogonUser as FFI is unable to use that. The pointer
widths of PROFILEINFO vary depending on platform, which is handled
by using :pointer. With LogonUserW the string pointed to is always
wide character, which is properly handled by using wide_string.
- Add FFI::MemoryPointer helper read_handle
- Add FFI::MemoryPointer.from_wide_string and corresponding tests that
ensure that a properly terminated UTF-16LE string is passed in
- Add FFI::MemoryPointer#read_wide_string that reads a wide string buffer
into a Ruby string with Encoding.default_external and corresponding tests
- Add additional tests around User methods that make native Win32 API calls
that will intentionally fail
- Fix wide_string helper to return nil when given nil so that can be passed
directly to Win32 as a null pointer
|
|
|
|
With Access Control Entries (ACEs) on Windows, we currently use AddAccessDeniedAce
which does not include inheritance and propagation, but AddAccessDeniedAceEx does.
We are already using AddAccessAllowedAceEx when setting access allowed ACEs and
we should use the same behavior for denied ACEs. This commit provides that ability.
Without this commit we will not be able to properly manage access denied
ACEs with inheritance to child objects.
|
|
- An issue was discovered where the values returned from
Puppet::FileSystem.stat and Puppet::Util::Windows::Security.get_mode
were not aligning as they should. The call to get_mode returns
a mode value that should more correctly express a simulated POSIX
mode on Windows
- The stat instance returned from Ruby has been further monkey-patched
on Windows to add an appropriate mode value using the existing
lower-level code that reads a files security descriptor.
- Some tests that were performing special handling of mode values were
updated now that mode should be more consistent across platforms.
- In some cases, an existing call to File.chmod was changed to call
set_mode under Windows. In the future, our FileSystem abstraction
should be modified to create an OS-agnostic single point of entry
for setting mode on files.
|
|
|
|
|
|
|
|
|
|
|
|
hlindberg/pup-716_short-lived-objects-in-filesystem
(PUP-716) short lived objects in filesystem
|
|
|
|
This changes the API in a new implementation in a file called file_.rb
The intent is that it should replace the implemntation in File,
or perhaps directly in a Puppet::FileSystem class.
|
|
|
|
- Previously some security tests manipulated file permissions in
a way that made it impossible for the top-level spec temp file
cleanup to be performed. This patch resets the files after runs.
|
|
Previously, the tests were failing when running as SYSTEM, because
many of the preconditions were no longer true, as a result of
puppet no longer breaking inheritance when only the owner and mode
are changed, and ensuring the SYSTEM ace grants full control,
unless explicitly specified otherwise.
This commit updates the tests to account for the new behavior.
|
|
Cleanup spec test. Use the Everyone sid constants, remove unused
reference to INHERITED_ACE constant, and more robustly assert the
desired outcomes when "preserving aces for other users" and when
"changing the sid for all aces that were assigned to the old
owner".
|
|
Previously, when reading a DACL, puppet excluded `INHERIT_ONLY_ACE`s which are
ACEs set on a directory that only serve to apply permissions to child
containers (dir) and objects (file). In other words, the ACE didn't affect the
permissions of the directory, and wasn't needed to determine the file mode.
However, now we need to be able to roundtrip a security descriptor, e.g. to
only change the owner, but leave other ACEs intact.
This commit modifies puppet to include inherit only aces when reading the
DACL, but continue to exclude them when determining the file mode.
|
|
Previously, puppet would warn if it encountered a deny ACE, and ignore it.
This is a problem now, because we need to be able to accurately round-trip
an ACL when modifying the owner/group.
This commit modifies the DACL parsing code to return the deny ACE in the
returned ACE.
|
|
Previously, the owner, group, mode getter and setter methods each managed their
part of the security descriptor. This lead to similar, but slightly different
methods, such as GetSecurityInfo being invoked once to get the owner, and
another time to get the dacl.
This commits adds methods for getting and setting the security descriptor,
and updates the owner/group/mode methods to call it. This eliminated duplicate
logic many places, e.g. change_sid, get_sid, set_acl, get_dacl, get_dacl_ptr,
get_security_info, and set_security_info.
This commit also means that if you change the owner and/or group, but not mode,
then the security descriptor will not be marked as protected, and the DACL
will not be rewritten. In other words, puppet won't mess up your file
permissions.
Only if you choose to manage the mode will puppet mark the SD as protected and
rewrite the DACL based on the security descriptors owner/group and specified
mode.
|
|
- Previously get_mode spuriously included the S_ISYSTEM_MISSING bit when
the group or mode was SYSTEM
- Behavior has been adjusted in integration/type/file_spec.rb so that
when the current user is SYSTEM (like in a build server environment),
it's verified that there is at least one SYSTEM ACE that has FULL
access. When running under SYSTEM there may be many SYSTEM ACEs,
including inherited ones.
- In some cases, owner group or mode has been set to something that
can more legitimately setup our initial desired pre-test state. When
verifying that SYSTEM is granted FULL access, it's important that
SYSTEM not be assigned to the group or owner.
- Some tests have been marked pending where it's trickier to setup the
appropriate initial state when running the tests as SYSTEM. These
will be resolved when new security descriptor code is introduced.
|
|
- When a file is managed, and the group and owner are not explicitly
set, SYSTEM should always be granted full access
- When the group or owner is set to SYSTEM, apply the specified mode
|
|
Previously, the process_privilege_symlink? would raise on 2003 instead
of returning FALSE.
Now we rescue the ERROR_NO_SUCH_PRIVILEGE when trying to lookup
SeCreateSymbolicLinkPrivilege.
|
|
- Windows symlink support is enabled not only by the existence
of the CreateSymbolicLink API call, but also by checking the
current process token for the SeCreateSymbolicLinkPrivilege
- Inspired by http://stackoverflow.com/a/2129589
|
|
- All previous File and FileTest calls to exist? or exists? go through
the new FileSystem::File abstraction so that the implementation can
later be swapped for a Windows specific one to support symlinks
|
|
- All calls to File class stat / lstat go through the new
FileSystem::File abstraction so that the implementation can later
be swapped for a Windows specific one to support symlinks
|
|
RDoc 2+ has an RDoc::ClassModule.add_comment(comment,location) method
which is the preferred method of setting comments for a class. RDoc
shipping with Ruby 1.9 seems to fall back to using the @comment, which
is how rdoc1 handled this, but Ruby 2.0's rdoc seems to be stricter and
requires use of add_comment.
This patch overrides the add_comment method in our PuppetModule,
PuppetClass, PuppetNode code objects with a version compatible with
either rdoc1 or 2. It also tests for module level README comments being
incorporated.
|
|
There were a number of rdoc1 features (tracking of included, required
modules, realized virtual resources, all resources when :document_all
setting is true, and global variables) which had not been functioning
due to the parser wrapping statements in
Puppet::Parser::AST::BlockExpression instances now rather than
Puppet::Parser::AST::Array instances.
This is now fixed so that these areas are documented when using rdoc1.
Only included classes is documented in rdoc2, however. Documenting the
remaining elements would require writing a new renderer.
|
|
We were lacking any comprehensive testing of the interaction between
puppet doc and rdoc. This integration test checks either the rdoc1 or
rdoc2 output (depending on which version of rdoc is present on the
system) for all of the basic module constructs we are documenting:
modules, classes, defined types, nodes, and plugin facts, types and
functions. It tests both site manifests and modules.
|
|
File.ctime provides creation time on Windows, and shows no change in
WatchedFile. But we have no long running processes in Windows, so we
would not be reloading configs, and this test can be skipped.
|
|
WatchedFile was introduced after 3.2.0 as a new method of checking for
changes to file. Puppet::Settings was calling a non-existent method on
the new WatchedFile, and would cause a daemonized Puppet to abort if one
of its watched configuration files was changed.
This is a minor change to call #to_str instead.
|
|
* upstream/2.7.x:
(#16581) Refactor code for sid validation
(#16581) Deprecate sid_for_account
(#16581) Use native Win32 APIs to resolve SIDs in file provider
(#16581) Use native Win32 APIs to resolve SIDs in providers
(#16581) Documentation changes
(#16581) Use win32-security gem to resolve SIDs
(#16581) Refactor code for converting string and binary sids
Conflicts:
Gemfile.lock
lib/puppet/util/windows.rb
|
|
Previously, the windows file provider knew too much about how to validate
a sid, e.g. catching a specific windows-specific exception.
This commit moves that logic into a `valid_sid?` method and updates the
file provider to call it. In doing so, the logic for `string_to_sid_ptr`
is simplier, in that it always expects a block.
It also removes tests that were refactored into sid_spec.rb in an earlier
commit.
|
|
This commit eliminates the code for using WMI to resolve SIDs, since it is
very slow in domain environments. It also adds a deprecation warning if
any provider calls this method, as they should be using
`Puppet::Util::Security::SID.name_to_sid` instead.
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
