diff options
Diffstat (limited to 'lib/puppet')
-rw-r--r-- | lib/puppet/feature/base.rb | 54 | ||||
-rw-r--r-- | lib/puppet/util/settings.rb | 1 | ||||
-rw-r--r-- | lib/puppet/util/settings/file_setting.rb | 3 | ||||
-rw-r--r-- | lib/puppet/util/suidmanager.rb | 15 |
4 files changed, 45 insertions, 28 deletions
diff --git a/lib/puppet/feature/base.rb b/lib/puppet/feature/base.rb index 2eddadb7a..cecc1b9ad 100644 --- a/lib/puppet/feature/base.rb +++ b/lib/puppet/feature/base.rb @@ -2,6 +2,34 @@ require 'puppet/util/feature' # Add the simple features, all in one file. +# Order is important as some features depend on others + +# We have a syslog implementation +Puppet.features.add(:syslog, :libs => ["syslog"]) + +# We can use POSIX user functions +Puppet.features.add(:posix) do + require 'etc' + Etc.getpwuid(0) != nil && Puppet.features.syslog? +end + +# We can use Microsoft Windows functions +Puppet.features.add(:microsoft_windows) do + begin + require 'sys/admin' + require 'win32/process' + require 'win32/dir' + require 'win32/service' + require 'win32ole' + require 'win32/api' + true + rescue LoadError => err + warn "Cannot run on Microsoft Windows without the sys-admin, win32-process, win32-dir & win32-service gems: #{err}" unless Puppet.features.posix? + end +end + +raise Puppet::Error,"Cannot determine basic system flavour" unless Puppet.features.posix? or Puppet.features.microsoft_windows? + # We've got LDAP available. Puppet.features.add(:ldap, :libs => ["ldap"]) @@ -30,32 +58,6 @@ Puppet.features.add(:rrd, :libs => ["RRD"]) # We have OpenSSL Puppet.features.add(:openssl, :libs => ["openssl"]) -# We have a syslog implementation -Puppet.features.add(:syslog, :libs => ["syslog"]) - -# We can use POSIX user functions -Puppet.features.add(:posix) do - require 'etc' - Etc.getpwuid(0) != nil && Puppet.features.syslog? -end - -# We can use Microsoft Windows functions -Puppet.features.add(:microsoft_windows) do - begin - require 'sys/admin' - require 'win32/process' - require 'win32/dir' - require 'win32/service' - require 'win32ole' - require 'win32/api' - true - rescue LoadError => err - warn "Cannot run on Microsoft Windows without the sys-admin, win32-process, win32-dir & win32-service gems: #{err}" unless Puppet.features.posix? - end -end - -raise Puppet::Error,"Cannot determine basic system flavour" unless Puppet.features.posix? or Puppet.features.microsoft_windows? - # We have CouchDB Puppet.features.add(:couchdb, :libs => ["couchrest"]) diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index caaf61b7b..3039a7b0a 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -780,6 +780,7 @@ if @config.include?(:run_mode) # Create the transportable objects for users and groups. def add_user_resources(catalog, sections) return unless Puppet.features.root? + return if Puppet.features.microsoft_windows? return unless self[:mkusers] @config.each do |name, setting| diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/util/settings/file_setting.rb index 0fa65d846..f02a0c547 100644 --- a/lib/puppet/util/settings/file_setting.rb +++ b/lib/puppet/util/settings/file_setting.rb @@ -93,7 +93,8 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting if Puppet[:manage_internal_file_permissions] resource[:mode] = self.mode if self.mode - if Puppet.features.root? + # REMIND fails on Windows because chown/chgrp functionality not supported yet + if Puppet.features.root? and !Puppet.features.microsoft_windows? resource[:owner] = self.owner if self.owner resource[:group] = self.group if self.group end diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb index 697bce111..d2772002e 100644 --- a/lib/puppet/util/suidmanager.rb +++ b/lib/puppet/util/suidmanager.rb @@ -37,7 +37,20 @@ module Puppet::Util::SUIDManager module_function :groups= def self.root? - Process.uid == 0 + return Process.uid == 0 unless Puppet.features.microsoft_windows? + + require 'sys/admin' + require 'win32/security' + + # if Vista or later, check for unrestricted process token + begin + return Win32::Security.elevated_security? + rescue Win32::Security::Error => e + raise e unless e.to_s =~ /Incorrect function/i + end + + group = Sys::Admin.get_group("Administrators", :sid => Win32::Security::SID::BuiltinAdministrators) + group and group.members.index(Sys::Admin.get_login) != nil end # Runs block setting uid and gid if provided then restoring original ids |